Professional Documents
Culture Documents
03 2008-09-22 00399153
Huawei Technologies Co., Ltd. provides customers with comprehensive technical support and service. For any assistance, please contact our local office or company headquarters.
Website: Email:
Copyright Huawei Technologies Co., Ltd. 2008. All rights reserved. No part of this document may be reproduced or transmitted in any form or by any means without prior written consent of Huawei Technologies Co., Ltd.
Notice
The information in this document is subject to change without notice. Every effort has been made in the preparation of this document to ensure accuracy of the contents, but the statements, information, and recommendations in this document do not constitute a warranty of any kind, express or implied.
Contents
Contents
About This Document.....................................................................................................................1 1 VPN Tunnel Management Configuration.............................................................................1-1
1.1 Overview.........................................................................................................................................................1-2 1.1.1 Introduction to VPN Tunnels.................................................................................................................1-2 1.1.2 VPN Tunnel Features Supported by theNE80E/40E.............................................................................1-3 1.2 Configuring Tunnel Interfaces........................................................................................................................1-4 1.2.1 Establishing the Configuration Task......................................................................................................1-4 1.2.2 Creating Tunnel Interfaces.....................................................................................................................1-5 1.2.3 Configuring a Tunnel Interface..............................................................................................................1-6 1.2.4 Checking the Configuration...................................................................................................................1-7 1.3 Configuring Tunnel Policies in Select-Sequence Mode for L3VPN..............................................................1-8 1.3.1 Establishing the Configuration Task......................................................................................................1-8 1.3.2 Configuring a Tunnel Policy..................................................................................................................1-9 1.3.3 Applying a Tunnel Policy to L3VPN...................................................................................................1-10 1.3.4 Checking the Configuration.................................................................................................................1-10 1.4 Configuring Tunnel Policies in Select-Sequence Mode for L2VPN............................................................1-11 1.4.1 Establishing the Configuration Task....................................................................................................1-12 1.4.2 Configuring a Tunnel Policy................................................................................................................1-12 1.4.3 Applying the Tunnel Policy to L2VPN................................................................................................1-13 1.4.4 Checking the Configuration.................................................................................................................1-15 1.5 Configuring L3VPN Primary Tunnel Binding..............................................................................................1-16 1.5.1 Establishing the Configuration Task....................................................................................................1-16 1.5.2 Enabling the VPN Binding for a Tunnel..............................................................................................1-17 1.5.3 Configuring the Tunnel Binding in the Tunnel Policy.........................................................................1-18 1.5.4 Applying the Tunnel Policy to L3VPN................................................................................................1-18 1.5.5 Checking the Configuration.................................................................................................................1-19 1.6 Configuring L2VPN Primary Tunnel Binding..............................................................................................1-20 1.6.1 Establishing the Configuration Task....................................................................................................1-20 1.6.2 Enabling the VPN Binding for a Tunnel..............................................................................................1-21 1.6.3 Configuring the Tunnel Binding in the Tunnel Policy.........................................................................1-22 1.6.4 Applying the Tunnel Policy to the Martini L2VPN.............................................................................1-23 1.6.5 Checking the Configuration.................................................................................................................1-23 1.7 Maintaining a Tunnel....................................................................................................................................1-24 Issue 03 (2008-09-22) Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd. i
Contents
Quidway NetEngine80E/40E Core Router Configuration Guide - VPN 1.7.1 Monitoring the Running Status of a Tunnel.........................................................................................1-24 1.7.2 Debugging a Tunnel.............................................................................................................................1-25
1.8 Configuration Examples................................................................................................................................1-26 1.8.1 Example for Configuring a Tunnel Policy for L3VPN........................................................................1-26 1.8.2 Example for Configuring Martini VLL by Using MPLS TE Tunnels.................................................1-36 1.8.3 Example for Configuring the Martini L2VPN Primary Tunnel Binding.............................................1-45
2 GRE Configuration....................................................................................................................2-1
2.1 Introduction.....................................................................................................................................................2-2 2.1.1 GRE........................................................................................................................................................2-2 2.1.2 GRE Features Supported by the NE80E/40E.........................................................................................2-2 2.2 Configuring a GRE Tunnel.............................................................................................................................2-5 2.2.1 Establishing the Configuration Task......................................................................................................2-5 2.2.2 Configuring the Loopback Interface Bound to GRE..............................................................................2-6 2.2.3 Configuring a Tunnel Interface..............................................................................................................2-7 2.2.4 Configuring Routes for the Tunnel........................................................................................................2-8 2.2.5 Configuring GRE Security Options.......................................................................................................2-8 2.2.6 Checking the Configuration...................................................................................................................2-9 2.3 Configuring a GRE Tunnel Between CE and PE..........................................................................................2-10 2.3.1 Establishing the Configuration Task....................................................................................................2-10 2.3.2 Configuring the GRE Tunnel Interface on CE.....................................................................................2-11 2.3.3 Configuring the GRE Tunnel Interface on PE.....................................................................................2-12 2.3.4 Binding the Tunnel with VPN to Which CE belongs on PE................................................................2-13 2.3.5 Checking the Configuration.................................................................................................................2-14 2.4 Configuring the Keepalive Function.............................................................................................................2-15 2.4.1 Establishing the Configuration Task....................................................................................................2-15 2.4.2 Enabling the Keep-alive Function........................................................................................................2-16 2.4.3 Checking the Configuration.................................................................................................................2-16 2.5 Configuration Examples................................................................................................................................2-17 2.5.1 Example for Configuring Static Routes for GRE.................................................................................2-18 2.5.2 Example for Configuring a Dynamic Routing Protocol for GRE........................................................2-22 2.5.3 Example for Configuring CE Users to Access a MPLS VPN Through a GRE Tunnel Traversing the Public Network.........................................................................................................................................................2-25 2.5.4 Example for Configuring CE Users to Access an MPLS VPN Through a GRE Tunnel Traversing Another VPN...............................................................................................................................................................2-35 2.5.5 Example for Configuring the Keepalive Function for GRE.................................................................2-45
Contents
3.2.3 Configuring Route Attributes of a VPN Instance..................................................................................3-7 3.2.4 (Optional) Applying a Tunnel Policy to the VPN Instance...................................................................3-8 3.2.5 Configuring MPLS Label Allocation Based on the VPN Instance........................................................3-9 3.2.6 Checking the Configuration...................................................................................................................3-9 3.3 Configuring Basic BGP/MPLS IP VPN........................................................................................................3-10 3.3.1 Establishing the Configuration Task....................................................................................................3-10 3.3.2 Configuring a VPN Instance................................................................................................................3-11 3.3.3 Binding an Interface with a VPN Instance...........................................................................................3-11 3.3.4 Configuring MP-IBGP Between PEs...................................................................................................3-12 3.3.5 Configuring a Routing Protocol Between PE and CE..........................................................................3-12 3.3.6 Checking the Configuration.................................................................................................................3-20 3.4 Configuring Hub&Spoke..............................................................................................................................3-20 3.4.1 Establishing the Configuration Task....................................................................................................3-21 3.4.2 Creating a VPN Instance......................................................................................................................3-22 3.4.3 Configuring Route Attributes of the VPN Instance.............................................................................3-23 3.4.4 Binding an Interface with the VPN Instance........................................................................................3-24 3.4.5 Configuring MP-IBGP Between Hub-PE and Spoke-PE....................................................................3-25 3.4.6 Configuring a Routing Protocol or Static Routes Between PE and CE...............................................3-25 3.4.7 Checking the Configuration.................................................................................................................3-26 3.5 Configuring Inter-AS VPN Option A...........................................................................................................3-27 3.5.1 Establishing the Configuration Task....................................................................................................3-27 3.5.2 Configuring Inter-AS VPN Option A..................................................................................................3-28 3.5.3 Checking the Configuration.................................................................................................................3-28 3.6 Configuring Inter-AS VPN Option B............................................................................................................3-29 3.6.1 Establishing the Configuration Task....................................................................................................3-29 3.6.2 Configuring MP-IBGP Between PE-ASBRs.......................................................................................3-30 3.6.3 Configuring MP-EBGP Between ASBRs............................................................................................3-31 3.6.4 Controlling the Receiving and Sending of VPN Routes......................................................................3-32 3.6.5 Storing Information About the VPN Instance on the ASBR PE..........................................................3-33 3.6.6 Configuring the Routing Protocol Between CE and PE......................................................................3-34 3.6.7 Checking the Configuration.................................................................................................................3-34 3.7 Configuring Inter-AS VPN Option C............................................................................................................3-35 3.7.1 Establishing the Configuration Task....................................................................................................3-35 3.7.2 Enabling the Labeled IPv4 Route Exchange........................................................................................3-36 3.7.3 Configuring a Routing Policy to Control Label Distribution...............................................................3-38 3.7.4 Establishing the MP-EBGP Peer Between PEs....................................................................................3-39 3.7.5 Configuring the Routing Protocol Between CE and PE......................................................................3-40 3.7.6 Checking the Configuration.................................................................................................................3-40 3.8 Configuring Carrier's Carrier........................................................................................................................3-41 3.8.1 Establishing the Configuration Task....................................................................................................3-41 3.8.2 Configuring Level 2 Carrier CE to Access Level 1 Carrier PE (Intra-AS)..........................................3-42 3.8.3 Configuring Level 2 Carrier CE to Access Level 1 Carrier PE (Inter-AS)..........................................3-44 Issue 03 (2008-09-22) Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd. iii
Contents
Quidway NetEngine80E/40E Core Router Configuration Guide - VPN 3.8.4 Configuring Level 2 Carrier's Customer to Access Level 2 Carrier PE...............................................3-48 3.8.5 Configuring External Route Exchanges Between Level 2 Carrier PEs...............................................3-48 3.8.6 Checking the Configuration.................................................................................................................3-50
3.9 Configuring HoVPN.....................................................................................................................................3-50 3.9.1 Establishing the Configuration Task....................................................................................................3-51 3.9.2 Specifying UPE....................................................................................................................................3-51 3.9.3 Advertising Default Routes of a VPN Instance...................................................................................3-52 3.9.4 Checking the Configuration.................................................................................................................3-52 3.10 Configuring OSPF Sham Link....................................................................................................................3-53 3.10.1 Establishing the Configuration Task..................................................................................................3-53 3.10.2 Configuring the Loopback Address of the Sham Link......................................................................3-54 3.10.3 Advertising Routes of End Address of the Sham Link......................................................................3-54 3.10.4 Creating a Sham Link.........................................................................................................................3-55 3.10.5 Checking the Configuration...............................................................................................................3-56 3.11 Configuring Multi-VPN-Instance CE.........................................................................................................3-56 3.11.1 Establishing the Configuration Task..................................................................................................3-57 3.11.2 Configuring the OSPF Multi-Instance on the PE...............................................................................3-57 3.11.3 Configuring the OSPF Multi-Instance on the Multi-Instance CE......................................................3-58 3.11.4 Canceling the Loop Detection on the Multi-Instance CE..................................................................3-59 3.11.5 Checking the Configuration...............................................................................................................3-59 3.12 Configuring PBR to VPN............................................................................................................................3-60 3.12.1 Establishing the Configuration Task..................................................................................................3-60 3.12.2 Creating a VPN Group.......................................................................................................................3-61 3.12.3 Setting a Traffic Behavior for the Unicast Policy-based Route.........................................................3-62 3.12.4 Applying the Policy-based Route.......................................................................................................3-62 3.12.5 Configuring the Route for Returned IP Packets.................................................................................3-63 3.12.6 Checking the Configuration...............................................................................................................3-64 3.13 Connecting VPN and the Internet...............................................................................................................3-65 3.13.1 Establishing the Configuration Task..................................................................................................3-65 3.13.2 Configuring the Static Route on the CE.............................................................................................3-65 3.13.3 Configuring the Static Route on the PE and Import the Static Route to VPN...................................3-66 3.13.4 Configuring the Static Route to VPN on the Device of the Public Network.....................................3-66 3.13.5 Checking the Configuration...............................................................................................................3-67 3.14 Configuring IP FRR of a Private Network..................................................................................................3-67 3.14.1 Establishing the Configuration Task..................................................................................................3-67 3.14.2 Configuring a Routing Policy............................................................................................................3-68 3.14.3 Enabling IP FRR in a Private Network..............................................................................................3-68 3.14.4 Checking the Configuration...............................................................................................................3-69 3.15 Configuring VPN FRR................................................................................................................................3-69 3.15.1 Establishing the Configuration Task..................................................................................................3-69 3.15.2 Configuring a Routing Policy............................................................................................................3-70 3.15.3 Enabling VPN FRR............................................................................................................................3-70 iv Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd. Issue 03 (2008-09-22)
Contents
3.15.4 Checking the Configuration...............................................................................................................3-71 3.16 Configuring VPN GR..................................................................................................................................3-72 3.16.1 Establishing the Configuration Task..................................................................................................3-72 3.16.2 Configuring the IGP GR on the Backbone Network..........................................................................3-73 3.16.3 Configuring the MPLS GR on the Backbone Network......................................................................3-74 3.16.4 Configuring the GR of the Routing Protocol Between PEs and CEs.................................................3-76 3.16.5 Configuring BGP GR for MP-BGP...................................................................................................3-78 3.16.6 Checking the Configuration...............................................................................................................3-78 3.17 Configuring Route Reflection to Optimize the VPN Backbone Layer.......................................................3-79 3.17.1 Establishing the Configuration Task..................................................................................................3-79 3.17.2 Configuring the Client PEs to Establish MP IBGP Connections with the RR..................................3-80 3.17.3 Configuring the RR to Establish MP IBGP Connections with the Client PEs..................................3-80 3.17.4 Configuring Route Reflection for BGP IPv4 VPN routes.................................................................3-82 3.17.5 Checking the Configuration...............................................................................................................3-83 3.18 Configuring Route Reflection to Optimize the VPN Access Layer............................................................3-83 3.18.1 Establishing the Configuration Task..................................................................................................3-84 3.18.2 Configuring All Client CEs to Establish IBGP Connections with the RR.........................................3-84 3.18.3 Configuring the RR to Establish MP IBGP Connections with All Client CEs..................................3-85 3.18.4 Configuring Route Reflection for the Routes of the BGP VPN Instance..........................................3-86 3.18.5 Checking the Configuration...............................................................................................................3-87 3.19 Configuring Convergence Priorities for VPN Routes.................................................................................3-88 3.19.1 Establishing the Configuration Task..................................................................................................3-89 3.19.2 Configuring a Routing Policy Differentiating Convergence Priorities..............................................3-89 3.19.3 Applying the Routing Policy..............................................................................................................3-90 3.19.4 Checking the Configuration...............................................................................................................3-91 3.20 Maintaining BGP/MPLS IP VPN...............................................................................................................3-91 3.20.1 Taking Statistics of L3VPN Traffic...................................................................................................3-91 3.20.2 Checking L3VPN Traffic...................................................................................................................3-92 3.20.3 Clearing L3VPN Traffic.....................................................................................................................3-92 3.20.4 Displaying BGP/MPLS IP VPN Information....................................................................................3-92 3.20.5 Checking the Network Connectivity and Reachability......................................................................3-93 3.20.6 Resetting BGP Statistics of VPN instance.........................................................................................3-94 3.20.7 Resetting BGP Connections...............................................................................................................3-94 3.20.8 Debugging the BGP/MPLS IP VPN Information..............................................................................3-95 3.21 Configuration Examples..............................................................................................................................3-96 3.21.1 Example for Configuring BGP/MPLS IP VPN..................................................................................3-96 3.21.2 Example for Configuring BGP/MPLS IP VPN with a GRE Tunnel...............................................3-106 3.21.3 Example for Configuring the BGP AS Number Substitution..........................................................3-114 3.21.4 Example for Configuring Hub&Spoke............................................................................................3-120 3.21.5 Example for Configuring Inter-AS VPN Option A.........................................................................3-128 3.21.6 Example for Configuring Inter-AS VPN Option B..........................................................................3-136 3.21.7 Example for Configuring Inter-AS VPN Option C..........................................................................3-142 Issue 03 (2008-09-22) Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd. v
Contents
Quidway NetEngine80E/40E Core Router Configuration Guide - VPN 3.21.8 Example for Configuring Carrier's Carrier in the Same AS.............................................................3-148 3.21.9 Example for Configuring the Carrier's Carrier (Inter-AS)...............................................................3-159 3.21.10 Example for Configuring HoVPN..................................................................................................3-170 3.21.11 Example for Configuring OSPF Sham Link..................................................................................3-176 3.21.12 Example for Configuring Multi-VPN-Instance CE.......................................................................3-186 3.21.13 Example for Configuring PBR to VPN..........................................................................................3-195 3.21.14 Example for Connecting VPN and Internet...................................................................................3-204 3.21.15 Example for Configuring a Dual-Homed CE.................................................................................3-209 3.21.16 Example for Configuring Load Balancing Among EBGP and IBGP Routes When CEs Are Dual-Homed .....................................................................................................................................................................3-227 3.21.17 Example for Configuring the IP FRR of the Private Network.......................................................3-234 3.21.18 Example for Configuring VPN FRR..............................................................................................3-238 3.21.19 Example for Configuring VPN GR................................................................................................3-246 3.21.20 Example for Configuring the VPN with Double Reflectors..........................................................3-255 3.21.21 Example for Configuring VPN-Route Convergence Priorities......................................................3-263
Contents
4.5.2 Configuring Inter-AS IPv6 VPN Option A..........................................................................................4-24 4.5.3 Checking the Configuration.................................................................................................................4-24 4.6 Configuring Inter-AS IPv6 VPN-Option B...................................................................................................4-25 4.6.1 Establishing the Configuration Task....................................................................................................4-25 4.6.2 Configuring MP-IBGP Between PE and ASBR PE.............................................................................4-26 4.6.3 Configuring MP-EBGP Between ASBR PEs......................................................................................4-27 4.6.4 Controlling the Receiving and Sending of VPN Routes......................................................................4-28 4.6.5 Storing Information About the IPv6 VPN Instance on the ASBR PEs................................................4-29 4.6.6 Configuring Routing Between PE and CE...........................................................................................4-30 4.6.7 Checking the Configuration.................................................................................................................4-30 4.7 Configuring Inter-AS IPv6 VPN-Option C...................................................................................................4-30 4.7.1 Establishing the Configuration Task....................................................................................................4-31 4.7.2 Enabling the Exchange of Labeled IPv4 Routes..................................................................................4-32 4.7.3 Configuring a Routing Policy to Control Label Distribution...............................................................4-33 4.7.4 Establishing the MP-EBGP Peer Between PEs....................................................................................4-34 4.7.5 Configuring Routing Between PE and CE...........................................................................................4-35 4.7.6 Checking the Configuration.................................................................................................................4-35 4.8 Configuring Carrier's Carrier........................................................................................................................4-36 4.8.1 Establishing the Configuration Task....................................................................................................4-36 4.8.2 Configuring Level 2 Carrier CE to Access Level 1 Carrier PE (Intra-AS)..........................................4-37 4.8.3 Configuring Level 2 Carrier CE to Access Level 1 Carrier PE (Inter-AS)..........................................4-40 4.8.4 Configuring Level 2 Carrier's Customer to Access Level 2 Carrier PE...............................................4-44 4.8.5 Configuring External Route Exchanges Between Level 2 Carrier PEs...............................................4-44 4.8.6 Checking the Configuration.................................................................................................................4-45 4.9 Configuring Route Reflection for BGP IPv6 VPN Routes...........................................................................4-46 4.9.1 Establishing the Configuration Task....................................................................................................4-46 4.9.2 Configuring the Client PEs to Establish MP IBGP Connections with the RR....................................4-47 4.9.3 Configuring the RR to Establish MP IBGP Connections with All Client PEs....................................4-48 4.9.4 Configuring Route Reflection for BGP IPv6 VPN Routes..................................................................4-49 4.9.5 Checking the Configuration.................................................................................................................4-50 4.10 Maintaining BGP/MPLS IPv6 VPN...........................................................................................................4-51 4.10.1 Displaying BGP/MPLS IPv6 VPN Information................................................................................4-51 4.10.2 Checking the Network Connectivity and Reachability......................................................................4-52 4.10.3 Resetting BGP Statistics of IPv6 VPN Instance................................................................................4-53 4.10.4 Resetting BGP Connections...............................................................................................................4-53 4.10.5 Debugging BGP/MPLS IPv6 VPN....................................................................................................4-54 4.11 Configuration Examples..............................................................................................................................4-54 4.11.1 Example for Configuring BGP/MPLS IPv6 VPN..............................................................................4-55 4.11.2 Example for Configuring Hub and Spoke (BGP4+ Between the PE and the CE).............................4-66 4.11.3 Example for Configuring Hub and Spoke (Default Route Between the Hub-PE and the Hub-CE) .......................................................................................................................................................................4-76 4.11.4 Example for Configuring Inter-AS VPN Option A...........................................................................4-87 4.11.5 Example for Configuring Inter-AS VPN Option B............................................................................4-96 Issue 03 (2008-09-22) Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd. vii
Contents
Quidway NetEngine80E/40E Core Router Configuration Guide - VPN 4.11.6 Example for Configuring Inter-AS VPN Option C..........................................................................4-103 4.11.7 Example for Configuring Carrier's Carrier in a Same AS................................................................4-111 4.11.8 Example for Configuring the Carrier's Carrier (Inter-AS)...............................................................4-122 4.11.9 Example for Configuring Route Reflector in an IPv6 VPN.............................................................4-133
5 VLL Configuration.....................................................................................................................5-1
5.1 Overview.........................................................................................................................................................5-2 5.1.1 Introduction to VLL...............................................................................................................................5-2 5.1.2 VLL Features Supported by the NE80E/40E.........................................................................................5-4 5.2 Configuring CCC VLL....................................................................................................................................5-9 5.2.1 Establishing the Configuration Task......................................................................................................5-9 5.2.2 Enabling the MPLS L2VPN.................................................................................................................5-10 5.2.3 Creating a Local CCC Connection.......................................................................................................5-10 5.2.4 Creating a Remote CCC Connection...................................................................................................5-11 5.2.5 Checking the Configuration.................................................................................................................5-12 5.3 Configuring the SVC VLL............................................................................................................................5-12 5.3.1 Establishing the Configuration Task....................................................................................................5-13 5.3.2 Enabling MPLS L2VPN.......................................................................................................................5-14 5.3.3 Creating an SVC VLL Connection......................................................................................................5-14 5.3.4 Checking the Configuration.................................................................................................................5-14 5.4 Configuring Martini VLL..............................................................................................................................5-15 5.4.1 Establishing the Configuration Task....................................................................................................5-15 5.4.2 Enabling MPLS L2VPN.......................................................................................................................5-16 5.4.3 Creating a Martini VLL Connection....................................................................................................5-17 5.4.4 Checking the Configuration.................................................................................................................5-18 5.5 Configuring Kompella VLL..........................................................................................................................5-19 5.5.1 Establishing the Configuration Task....................................................................................................5-19 5.5.2 Enabling MPLS L2VPN.......................................................................................................................5-20 5.5.3 Configuring BGP/MPLS L2VPN.........................................................................................................5-20 5.5.4 Configuring a VPN...............................................................................................................................5-21 5.5.5 Creating a CE Connection....................................................................................................................5-22 5.5.6 (Optional) Configuring BGP L2VPN Features....................................................................................5-24 5.5.7 Checking the Configuration.................................................................................................................5-25 5.6 Configuring VLL IP Interworking................................................................................................................5-27 5.6.1 Establishing the Configuration Task....................................................................................................5-27 5.6.2 Configuring Local CCC Connection IP-Interworking.........................................................................5-28 5.6.3 Configuring Remote CCC Connection IP-Interworking......................................................................5-28 5.6.4 Configuring Martini L2VPN IP-Interworking.....................................................................................5-29 5.6.5 Configuring Kompella L2VPN IP-Interworking.................................................................................5-30 5.6.6 Configuring the PE to Access the CE Through Ethernet or VLAN.....................................................5-30 5.6.7 Checking the Configuration.................................................................................................................5-32 5.7 Configuring Inter-AS Martini VLL...............................................................................................................5-34 5.7.1 Establishing the Configuration Task....................................................................................................5-34 viii Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd. Issue 03 (2008-09-22)
Contents
5.7.2 Configuring Inter-AS Option A...........................................................................................................5-35 5.7.3 Configuring Inter-AS Option C............................................................................................................5-35 5.7.4 Checking the Configuration.................................................................................................................5-38 5.8 Configuring the Inter-AS Kompella VLL.....................................................................................................5-39 5.8.1 Establishing the Configuration Task....................................................................................................5-39 5.8.2 Configuring the Inter-AS Kompella VLL Option A............................................................................5-40 5.8.3 Configuring the Inter-AS Kompella VLL Option C............................................................................5-41 5.8.4 Checking the Configuration.................................................................................................................5-44 5.9 Configuring VLL FRR..................................................................................................................................5-46 5.9.1 Establishing the Configuration Task....................................................................................................5-46 5.9.2 Configuring BFD for PW.....................................................................................................................5-47 5.9.3 Configuring OAM Mapping.................................................................................................................5-49 5.9.4 (Optional) Configuring the Revertive Switchover Policy....................................................................5-50 5.9.5 Checking the Configuration.................................................................................................................5-51 5.10 Maintaining VLL.........................................................................................................................................5-55 5.10.1 Resetting BGP L2VPN TCP Connections.........................................................................................5-55 5.10.2 Monitoring the Running Status of L2VPN........................................................................................5-56 5.10.3 Debugging VLL.................................................................................................................................5-56 5.11 Configuration Examples..............................................................................................................................5-57 5.11.1 Example for Configuring a Local CCC Connection..........................................................................5-58 5.11.2 Example for Configuring a Remote CCC Connection.......................................................................5-60 5.11.3 Example for Configuring SVC VLL..................................................................................................5-66 5.11.4 Example for Configuring Martini VLL..............................................................................................5-71 5.11.5 Example for Configuring a Local Kompella VLL Connection..........................................................5-77 5.11.6 Example for Configuring a Remote Kompella VLL Connection......................................................5-79 5.11.7 Example for Configuring VLL Internetworking (Interconnecting Ethernet with PPP by Using the Remote CCC Connection)..........................................................................................................................................5-85 5.11.8 Example for Configuring VLL Internetworking (Interconnecting Ethernet with HDLC in Martini Mode) .......................................................................................................................................................................5-91 5.11.9 Example for Configuring VLL Internetworking (Interconnecting VLAN with ATM by Using the Local Kompella Connection)..................................................................................................................................5-97 5.11.10 Example for Configuring VLL Internetworking (Interconnecting VLAN with PPP by Using the Remote Kompella Connection)................................................................................................................................5-101 5.11.11 Examples for Configuring ACs of L2VPN IP-interworking.........................................................5-109 5.11.12 Example for Configuring the Inter-AS Martini VLL Option A.....................................................5-112 5.11.13 Example for Configuring the Inter-AS Martini VLL Option C.....................................................5-119 5.11.14 Example for Configuring the Inter-AS Kompella VLL Option A.................................................5-127 5.11.15 Example for Configuring the Inter-AS Kompella VLL Option C.................................................5-136 5.11.16 Example for Configuring Martini VLL FRR (Symmetrically Dual-homed CEs).........................5-145 5.11.17 Example for Configuring Martini VLL FRR (Asymmetrically Connected CEs)..........................5-160 5.11.18 Example for Configuring Kompella VLL with Two Reflectors....................................................5-178
6 PWE3 Configuration..................................................................................................................6-1
6.1 Introduction.....................................................................................................................................................6-3 Issue 03 (2008-09-22) Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd. ix
Contents
Quidway NetEngine80E/40E Core Router Configuration Guide - VPN 6.1.1 PWE3.....................................................................................................................................................6-3 6.1.2 PWE3 Features Supported by the NE80E/40E......................................................................................6-4
6.2 Configuring Attributes of a PW Template....................................................................................................6-16 6.2.1 Establishing the Configuration Task....................................................................................................6-16 6.2.2 Creating PW Template.........................................................................................................................6-17 6.2.3 Setting Attributes for the PW Template...............................................................................................6-17 6.2.4 Checking the Configuration.................................................................................................................6-18 6.3 Configuring Static PWs.................................................................................................................................6-18 6.3.1 Establishing the Configuration Task....................................................................................................6-19 6.3.2 Enabling MPLS L2VPN.......................................................................................................................6-19 6.3.3 Creating Static PW Connection............................................................................................................6-20 6.3.4 Checking the Configuration.................................................................................................................6-20 6.4 Configuring Dynamic PWs...........................................................................................................................6-21 6.4.1 Establishing the Configuration Task....................................................................................................6-21 6.4.2 Enabling MPLS L2VPN.......................................................................................................................6-22 6.4.3 Creating Dynamic PW.........................................................................................................................6-22 6.4.4 Checking the Configuration.................................................................................................................6-23 6.5 Configuring PW Switching...........................................................................................................................6-24 6.5.1 Establishing the Configuration Task....................................................................................................6-24 6.5.2 Configuring PW Switching..................................................................................................................6-25 6.5.3 Checking the Configuration.................................................................................................................6-27 6.6 Configuring a Backup PW............................................................................................................................6-28 6.6.1 Establishing the Configuration Task....................................................................................................6-28 6.6.2 Configuring Backup PWs.....................................................................................................................6-29 6.6.3 Checking the Configuration.................................................................................................................6-30 6.7 Configuring Static BFD for PW....................................................................................................................6-32 6.7.1 Establishing the Configuration Task....................................................................................................6-32 6.7.2 Enabling Global BFD...........................................................................................................................6-33 6.7.3 Configuring BFD for PW.....................................................................................................................6-33 6.7.4 Checking the Configuration.................................................................................................................6-34 6.8 Configuring Dynamic BFD for PW..............................................................................................................6-35 6.8.1 Establishing the Configuration Task....................................................................................................6-35 6.8.2 Enabling Glocal BFD...........................................................................................................................6-36 6.8.3 Configuring Attributes of the PW Template........................................................................................6-36 6.8.4 (Optional) Adjusting BFD Parameters.................................................................................................6-36 6.8.5 Configuring PWs..................................................................................................................................6-37 6.8.6 Tiggering Dynamic BFD for PW.........................................................................................................6-37 6.8.7 Checking the Configuration.................................................................................................................6-38 6.9 Configuring PW FRR....................................................................................................................................6-39 6.9.1 Establishing the Configuration Task....................................................................................................6-39 6.9.2 Configuring BFD for PW.....................................................................................................................6-41 6.9.3 Configuring OAM Mapping.................................................................................................................6-41 x Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd. Issue 03 (2008-09-22)
Contents
6.9.4 (Optional) Configuring the Revertive Switchover...............................................................................6-42 6.9.5 Checking the Configuration.................................................................................................................6-43 6.10 Configuring Heterogeneous Transport in PWE3........................................................................................6-47 6.10.1 Establishing the Configuration Task..................................................................................................6-47 6.10.2 Configuring PWE3 to Support IP-Interworking................................................................................6-47 6.10.3 Checking the Configuration...............................................................................................................6-49 6.11 Configuring Inter-AS PWE3.......................................................................................................................6-51 6.11.1 Establishing the Configuration Task..................................................................................................6-51 6.11.2 Configuring Inter-AS PWE3-Option A..............................................................................................6-52 6.11.3 Configuring Inter-AS PWE3-Option C..............................................................................................6-52 6.11.4 Checking the Configuration...............................................................................................................6-55 6.12 Configuing ATM Cell Transport.................................................................................................................6-56 6.12.1 Establishing the Configuration Task..................................................................................................6-56 6.12.2 Configuring the ATM Interface Connecting a CE to a PE.................................................................6-57 6.12.3 Configuring ATM Cell Transport......................................................................................................6-58 6.12.4 Configuring PWE3.............................................................................................................................6-62 6.12.5 (Optional) Deleting ATM Cell Transport..........................................................................................6-62 6.12.6 Checking the Configuration...............................................................................................................6-66 6.13 Maintaining a PW........................................................................................................................................6-66 6.13.1 Verifying the Connectivity of a PW...................................................................................................6-67 6.13.2 Debugging a PW................................................................................................................................6-67 6.13.3 Debugging a PWE3............................................................................................................................6-69 6.14 Configuration Examples..............................................................................................................................6-70 6.14.1 Example for Configuring Dynamic SH-PW (Using the LSP Tunnel)...............................................6-71 6.14.2 Example for Configuring Dynamic SH-PW (Using the GRE Tunnel)..............................................6-76 6.14.3 Example for Configuring Static PWs Switching................................................................................6-82 6.14.4 Example for Configuring Dynamic PWs Switching..........................................................................6-89 6.14.5 Example for Configuring Mixed PWs Switching............................................................................6-101 6.14.6 Example for Configuring the PWE3 Convergence..........................................................................6-108 6.14.7 Example for Configuring a Static BFD That Checks PWs..............................................................6-116 6.14.8 Example for Configuring a Dynamic BFD That Checks SH-PW....................................................6-132 6.14.9 Example for Configuring a Dynamic BFD That Checks MH-PW..................................................6-140 6.14.10 Example for Configuring PW FRR CEs Are Symmetrically Connected to PEs Through POS Links .....................................................................................................................................................................6-152 6.14.11 Example for Configuring PW FRR CEs Are Asymmetrically Connected to PEs Through POS Links .....................................................................................................................................................................6-167 6.14.12 Example for Configuring PW FRR - CEs Are Symmetrically Connected to PEs Through Ethernet Links, Dynamic BFD Is Used to Detect PWs, EFM Is Used to Detect ACs..............................................6-189 6.14.13 Example for Configuring PW FRR - CEs Are Unsymmetrically Connected to PEs Through Ethernet Links, Dynamic BFD Is Used to Detect PWs, EFM Is Used to Detect ACs..............................................6-205 6.14.14 Example for Configuring PW FRR - CEs Are Unsymmetrically Connected to PEs Through Ethernet Links, Dynamic BFD Is Used to Detect PWs, CFM Is Used to Detect ACs..............................................6-225 6.14.15 Example for Configuring PW FRR - CEs Are Unsymmetrically Connected to PEs Through Ethernet Links, Static BFD Is Used to Detect PWs, CFM Is Used to Detect ACs...................................................6-246 Issue 03 (2008-09-22) Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd. xi
Contents
Quidway NetEngine80E/40E Core Router Configuration Guide - VPN 6.14.16 Example for Configuring the PWE3 Internetworking...................................................................6-267 6.14.17 Example for Configuring Inter-AS PWE3-Option A.....................................................................6-273 6.14.18 Example for Configuring Inter-AS PWE3-OptionC......................................................................6-279 6.14.19 Example for Configuring Interface-based Remote ATM Cell Transport......................................6-288 6.14.20 Example for Configuring 1-to1 VCC ATM Cell Transport...........................................................6-296 6.14.21 Example for Configuring N-to-1 VCC ATM Cell Transport........................................................6-301 6.14.22 Example for Configuring N-to-1 VCC ATM Cell Transport with VPI/VCI Mapping.................6-307 6.14.23 Example for Configuring 1-to-1 VPC ATM Cell Transport..........................................................6-313 6.14.24 Example for Configuring N-to-1 VPC ATM Cell Transport.........................................................6-318 6.14.25 Example for Configuring N-to-1 VPC ATM Cell Transport with VPI Mapping..........................6-324 6.14.26 Example for Configuring ATM AAL5 SDU Transport.................................................................6-330
7 VPLS Configuration..................................................................................................................7-1
7.1 Introduction.....................................................................................................................................................7-3 7.1.1 VPLS......................................................................................................................................................7-3 7.1.2 VPLS Features Supported by the NE80E/40E.......................................................................................7-4 7.2 Configuring Kompella VPLS........................................................................................................................7-10 7.2.1 Establishing the Configuration Task....................................................................................................7-11 7.2.2 Enabling the BGP Peer to Exchange VPLS Information.....................................................................7-11 7.2.3 Creating a VSI and Configuring BGP Signaling.................................................................................7-12 7.2.4 (Optional) Configuring Huawei Devices to Communicate with Non-Huawei Devices......................7-14 7.2.5 Binding the VSI to the Interface Connected with CE..........................................................................7-15 7.2.6 (Optional) Configuring Route Reflection for BGP VPLS...................................................................7-19 7.2.7 Checking the Configuration.................................................................................................................7-20 7.3 Configuring Martini VPLS............................................................................................................................7-21 7.3.1 Establishing the Configuration Task....................................................................................................7-21 7.3.2 Creating a VSI and Configuring LDP Signaling..................................................................................7-22 7.3.3 Binding the VSI to the Interface Connected with CE..........................................................................7-23 7.3.4 Checking the Configuration.................................................................................................................7-27 7.4 Configuring LDP HVPLS.............................................................................................................................7-28 7.4.1 Establishing the Configuration Task....................................................................................................7-28 7.4.2 Configuring SPE..................................................................................................................................7-29 7.4.3 Configuring UPE..................................................................................................................................7-30 7.4.4 Checking the Configuration.................................................................................................................7-30 7.5 Configuring Loop Detection of ACs in a VPLS Network............................................................................7-31 7.5.1 Establishing the Configuration Task....................................................................................................7-31 7.5.2 Enabling Loop Detection Globally......................................................................................................7-32 7.5.3 Configuring Loop Detection................................................................................................................7-32 7.5.4 Checking the Configuration.................................................................................................................7-33 7.6 Configuring a VLL to Access the VPLS.......................................................................................................7-34 7.6.1 Establishing the Configuration Task....................................................................................................7-34 7.6.2 Configuring a Dynamic VLL to Access the VPLS..............................................................................7-35 7.6.3 Configuring a Static VLL to Access the VPLS....................................................................................7-36 xii Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd. Issue 03 (2008-09-22)
Contents
7.6.4 Checking the Configuration.................................................................................................................7-37 7.7 Configuring the Static VLL to Access the VPLS Network in Dual-homed Mode.......................................7-40 7.7.1 Establishing the Configuration Task....................................................................................................7-40 7.7.2 Configuring L2VPN and OAM to Detect PSN Tunnels......................................................................7-41 7.7.3 Configuring Static LSPs Between the UPE and the SPE.....................................................................7-42 7.7.4 Configuring the Primary Tunnel, Protection Tunnel, and Reverse LSP of MPLS TE........................7-42 7.7.5 Configuring the Tunnel Policy.............................................................................................................7-43 7.7.6 Configuring UPEs to Access SPEs Through Static VLLs...................................................................7-44 7.7.7 Configuring MPLS OAM.....................................................................................................................7-44 7.7.8 Configuring HVPLS for the SPE.........................................................................................................7-45 7.7.9 Checking the Configuration.................................................................................................................7-46 7.8 Configuring Inter-AS Kompella VPLS.........................................................................................................7-49 7.8.1 Establishing the Configuration Task....................................................................................................7-49 7.8.2 Configuring Inter-AS Kompella VPLS Option A................................................................................7-50 7.8.3 Configuring Inter-AS Kompella VPLS Option C................................................................................7-51 7.8.4 Checking the Configuration.................................................................................................................7-54 7.9 Configuring Inter-AS Martini VPLS.............................................................................................................7-55 7.9.1 Establishing the Configuration Task....................................................................................................7-56 7.9.2 Configuring Inter-AS Martini VPLS Option A....................................................................................7-56 7.9.3 Configuring Inter-AS Martini VPLS Option C....................................................................................7-57 7.9.4 Checking the Configuration.................................................................................................................7-59 7.10 Configuring Dual-homed Kompella VPLS.................................................................................................7-61 7.10.1 Establishing the Configuration Task..................................................................................................7-61 7.10.2 Creating VSIs and Configuring BGP Signaling.................................................................................7-61 7.10.3 Configuring the Multi-homed Preference for a VSI..........................................................................7-63 7.10.4 Binding a VSI to an AC Interface......................................................................................................7-64 7.10.5 Checking the Configuration...............................................................................................................7-64 7.11 Configuring Related Parameters of a VSI...................................................................................................7-65 7.11.1 Establishing the Configuration Task..................................................................................................7-65 7.11.2 Configuring General Parameters of the VSI......................................................................................7-65 7.11.3 Configuring MAC Address Learning.................................................................................................7-66 7.11.4 Configuring Delay Processing on VPLS............................................................................................7-67 7.12 Maintaining VPLS.......................................................................................................................................7-68 7.12.1 Collecting the Statistics of the Traffic on a VPLS PW......................................................................7-68 7.12.2 Checking the Traffic on a VPLS PW.................................................................................................7-69 7.12.3 Clearing the Traffic Statistics.............................................................................................................7-69 7.12.4 Debugging VPLS...............................................................................................................................7-69 7.12.5 Enabling or Disabling VSI.................................................................................................................7-70 7.12.6 Clearing MAC Address Entries..........................................................................................................7-70 7.13 Configuration Examples..............................................................................................................................7-71 7.13.1 Example for Configuring Kompella VPLS........................................................................................7-71 7.13.2 Example for Configuring Martini VPLS............................................................................................7-77 Issue 03 (2008-09-22) Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd. xiii
Contents
Quidway NetEngine80E/40E Core Router Configuration Guide - VPN 7.13.3 Example for Configuring VPLS over TE in Martini Mode...............................................................7-82 7.13.4 Example for Configuring LDP HVPLS.............................................................................................7-91 7.13.5 Example for Configuring Loop Detection of ACs in a VPLS Network............................................ 7-96 7.13.6 Example for Configuring a dynamic VLL to Access the VPLS......................................................7-104 7.13.7 Example for Configuring the Static VLL to Access the VPLS Network.........................................7-112 7.13.8 Example for Configuring the Static VLL to Access the VPLS Network in Dual-homed Mode.....7-121 7.13.9 Example for Configuring Inter-AS Kompella VPLS Option A.......................................................7-142 7.13.10 Example for Configuring Inter-AS Kompella VPLS Option C.....................................................7-151 7.13.11 Example for Configuring the Inter-AS Martini VPLS Option A...................................................7-160 7.13.12 Example for Configuring Inter-AS Martini VPLS Option C.........................................................7-167 7.13.13 Example for Configuring Dual-homed Kompella VPLS...............................................................7-176 7.13.14 Example for Configuring Kompella VPLS with Two Reflectors..................................................7-185
Contents
8.5.2 Example for Configuring the Access of Martini VLL to the Public Network.....................................8-29 8.5.3 Example for Configuring the Access of Martini VPLS to L3VPN......................................................8-35 8.5.4 Example for Configuring the Dual-homing Access of Dynamic Master/Backup VPLS to an L3VPN .......................................................................................................................................................................8-47 8.5.5 Example for Configuring an L2VPN to Access Multiple L3VPNs Through Sub-interfaces for QinQ VLAN Tag Termination................................................................................................................................8-78
Contents
Quidway NetEngine80E/40E Core Router Configuration Guide - VPN 10.3.1 Establishing the Configuration Task..................................................................................................10-8 10.3.2 Enabling IWF on an ATM Board.......................................................................................................10-8 10.3.3 Configuring an ATM Sub-Interface and Configuring IWF Mapping................................................10-9 10.3.4 Creating the Remote MPLS L2VPN Connection............................................................................10-10 10.3.5 Checking the Configuration.............................................................................................................10-10
10.4 Configuration Examples............................................................................................................................10-10 10.4.1 Example for Configuring the CCC Local Connection ATM IWF...................................................10-10 10.4.2 Example for Configuring Remote ATM IWF..................................................................................10-13
xvi
Issue 03 (2008-09-22)
Figures
Figures
Figure 1-1 Networking example using VPN primary tunnel binding..................................................................1-4 Figure 1-2 Networking diagram of tunnel policy configuration in L3VPN.......................................................1-26 Figure 1-3 Networking diagram of configuring Martini L2VPN using MPLS TE tunnels...............................1-37 Figure 1-4 Networking diagram of configuring the Martini L2VPN primary tunnel binding...........................1-46 Figure 2-1 GRE in CPE-based VPN....................................................................................................................2-2 Figure 2-2 GRE in Network-based VPN..............................................................................................................2-3 Figure 2-3 Format of GRE packet that contains the MPLS label.........................................................................2-3 Figure 2-4 Diagram of a CE accessing the MPLS VPN backbone network through the IP-based backbone network ...............................................................................................................................................................................2-3 Figure 2-5 GRE tunnel supporting Keep-alive...................................................................................................2-15 Figure 2-6 Networking diagram of GRE static routes configuration.................................................................2-18 Figure 2-7 Networking diagram of GRE dynamic routing protocol configuration............................................2-22 Figure 2-8 Diagram of a CE accessing MPLS VPN through the GRE tunnel...................................................2-26 Figure 2-9 Diagram of a GRE tunnel traversing another VPN between CEs and PEs......................................2-36 Figure 2-10 Networking diagram of configuring the Keepalive function..........................................................2-46 Figure 3-1 BGP/MPLS IP VPN model................................................................................................................3-3 Figure 3-2 Schematic diagram of sham link........................................................................................................3-4 Figure 3-3 Networking diagram of applying PBR to VPN................................................................................3-60 Figure 3-4 BGP/MPLS IP VPN networking diagram........................................................................................3-97 Figure 3-5 Networking diagram of BGP/MPLS IP VPN with GRE tunnel.....................................................3-107 Figure 3-6 Networking diagram of BGP AS number substitution...................................................................3-114 Figure 3-7 Hub and Spoke networking diagram..............................................................................................3-120 Figure 3-8 Networking diagram of inter-AS VPN...........................................................................................3-128 Figure 3-9 Networking diagram of carrier's carrier configuration...................................................................3-149 Figure 3-10 Networking diagram of the carrier's carrier configuration (inter-AS)..........................................3-160 Figure 3-11 Networking diagram of HoVPN...................................................................................................3-170 Figure 3-12 Networking diagram for OSPF sham link configuration..............................................................3-177 Figure 3-13 Networking diagram of example for Multi-VPN-Instance CE.....................................................3-186 Figure 3-14 Networking diagram of configuring PBR to VPN.......................................................................3-196 Figure 3-15 Example of enabling VPN users to access the public network....................................................3-204 Figure 3-16 Networking diagram for the dual-homed CE...............................................................................3-210 Figure 3-17 Networking diagram of configuring load balancing among EBGP and IBGP routes when CEs are dual-homed........................................................................................................................................................3-227 Figure 3-18 Configure IP FRR on the private network....................................................................................3-235 Issue 03 (2008-09-22) Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd. xvii
Figures
Quidway NetEngine80E/40E Core Router Configuration Guide - VPN Figure 3-19 Configuring the VPN FRR...........................................................................................................3-239 Figure 3-20 Networking diagram of the VPN GR...........................................................................................3-246
Figure 3-21 Networking diagram of the VPN with double reflectors..............................................................3-256 Figure 3-22 Networking diagram for inter-AS VPN Option B........................................................................3-264 Figure 4-1 Schematic diagram of the IPv6 VPN over the IPv4 public network..................................................4-2 Figure 4-2 BGP/MPLS IPv6 VPN networking diagram....................................................................................4-55 Figure 4-3 Hub and Spoke networking diagram................................................................................................4-67 Figure 4-4 Hub&Spoke networking diagram.....................................................................................................4-77 Figure 4-5 Networking diagram 1 of inter-AS VPN..........................................................................................4-87 Figure 4-6 Networking diagram 2 of inter-AS VPN..........................................................................................4-97 Figure 4-7 Networking diagram 3 of inter-AS VPN........................................................................................4-103 Figure 4-8 Networking diagram of carrier's carrier configuration...................................................................4-111 Figure 4-9 Networking diagram of the carrier's carrier configuration (inter-AS)............................................4-123 Figure 4-10 Networking diagram of RR VPN.................................................................................................4-134 Figure 5-1 Networking diagram of the access of CE adopting ATM..................................................................5-3 Figure 5-2 VLL model.........................................................................................................................................5-3 Figure 5-3 VLL label processing..........................................................................................................................5-4 Figure 5-4 Symmetrically dual-homed CEs.........................................................................................................5-8 Figure 5-5 Asymmetrically connected CEs..........................................................................................................5-8 Figure 5-6 Networking diagram of the local CCC connection...........................................................................5-58 Figure 5-7 Networking diagram of remote CCC connection.............................................................................5-61 Figure 5-8 Networking diagram of SVC VLL...................................................................................................5-66 Figure 5-9 Networking diagram of Martini VLL...............................................................................................5-71 Figure 5-10 Networking diagram of a local Kompella VLL connection...........................................................5-77 Figure 5-11 Networking diagram of a remote Kompella VLL connection........................................................5-79 Figure 5-12 Networking diagram of L2VPN internetworking (Ethernet interconnecting with PPP by using the remote CCC connection).....................................................................................................................................5-86 Figure 5-13 Networking diagram of IP-interworking Ethernet to HDLC.......................................................5-91 Figure 5-14 Networking diagram of IP-interworking VLAN to ATM in Kompella mode............................5-97 Figure 5-15 Networking diagram of VLL interworking - VLAN interworking with PPP by using the remote Kompella connection.........................................................................................................................................5-101 Figure 5-16 Networking diagram of PPP between CE and PE........................................................................5-109 Figure 5-17 Networking diagram of ATM primary interface between CE and PE.........................................5-111 Figure 5-18 Networking diagram of ATM sub interface between CE and PE................................................5-111 Figure 5-19 Networking diagram of configuring the inter-AS Martini VLL Option A...................................5-113 Figure 5-20 Networking diagram of configuring the inter-AS Martini VLL Option C...................................5-119 Figure 5-21 Networking diagram of configuring the inter-AS Kompella VLL Option A...............................5-128 Figure 5-22 Networking diagram of configuring the inter-AS Kompella VLL Option C...............................5-137 Figure 5-23 Networking diagram of configuring Martini VLL FRR (symmetrically dual-homed CEs)........5-146 Figure 5-24 Networking diagram of configuring Martini VLL FRR (asymmetrically connected CEs)..........5-161 Figure 5-25 Networking diagram of configuring Kompella VLL with two reflectors....................................5-178 Figure 6-1 PWE3 framework...............................................................................................................................6-3 Figure 6-2 Interactive process of the LDP-PW packet.........................................................................................6-5 xviii Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd. Issue 03 (2008-09-22)
Figures
Figure 6-3 Process of tearing down single-hop PWE3........................................................................................6-5 Figure 6-4 Networking diagram of SH-PWE3.....................................................................................................6-6 Figure 6-5 Networking diagram of MH-PWE3...................................................................................................6-6 Figure 6-6 Structure of an LSP ping packet.........................................................................................................6-7 Figure 6-7 Symmetrically dual-homed CEs.........................................................................................................6-8 Figure 6-8 Asymmetrically connected CEs..........................................................................................................6-8 Figure 6-9 PWE3 internetworking.......................................................................................................................6-9 Figure 6-10 Networking diagram of inter-AS PWE3-Option A........................................................................6-11 Figure 6-11 Networking diagram of inter-AS PWE3-Option C........................................................................ 6-12 Figure 6-12 Networking diagram of ATM cell transport...................................................................................6-12 Figure 6-13 Networking diagram of PWE3 SH tracert......................................................................................6-13 Figure 6-14 Networking diagram of PWE3 MH tracert.....................................................................................6-14 Figure 6-15 Asymmetrically connected CEs......................................................................................................6-28 Figure 6-16 Networking diagram of dynamic SH-PW using the LSP tunnel....................................................6-71 Figure 6-17 Networking diagram of dynamic SH-PW using the GRE tunnel...................................................6-77 Figure 6-18 Networking diagram of static MH-PW.......................................................................................... 6-83 Figure 6-19 Networking diagram of dynamic MH-PW.....................................................................................6-89 Figure 6-20 Networking of mixed MH-PW.....................................................................................................6-102 Figure 6-21 Networking diagram of the PWE3 convergence..........................................................................6-109 Figure 6-22 Networking diagram of configuring a static BFD that checks PWs.............................................6-117 Figure 6-23 Networking diagram of configuring a dynamic BFD that checks SH-PW..................................6-132 Figure 6-24 Networking diagram of configuring dynamic BFDs that check MH-PW....................................6-141 Figure 6-25 Networking diagram of PW FRR CEs are symmetrically connected to PEs through POS links ...........................................................................................................................................................................6-153 Figure 6-26 Networking diagram of PW FRR CEs are asymmetrically connected to PEs through POS links ...........................................................................................................................................................................6-168 Figure 6-27 Networking diagram of PW FRR CEs are symmetrically connected to PEs through Ethernet links, dynamic BFD is used to detect PWs, EFM is used to detect ACs....................................................................6-190 Figure 6-28 Networking diagram of PW FRR CEs are unsymmetrically connected to PEs through Ethernet links, dynamic BFD is used to detect PWs, EFM is used to detect ACs..........................................................6-206 Figure 6-29 Networking diagram of PW FRR CEs are unsymmetrically connected to PEs through Ethernet links, dynamic BFD is used to detect PWs, CFM is used to detect ACs..........................................................6-226 Figure 6-30 Networking diagram of PW FRR CEs are unsymmetrically connected to PEs through Ethernet links, static BFD is used to detect PWs, CFM is used to detect ACs...............................................................6-247 Figure 6-31 PWE3 internetworking.................................................................................................................6-268 Figure 6-32 Networking diagram for inter-AS PWE3-Option A.....................................................................6-273 Figure 6-33 Networking diagram of inter-AS PWE3-OptionC.......................................................................6-280 Figure 6-34 Networking diagram for interface-based remote ATM transparent cell transport.......................6-289 Figure 6-35 Networking diagram for 1-to-1 VCC ATM cell transport............................................................6-296 Figure 6-36 Networking diagram for N-to-1 VCC ATM cell transport...........................................................6-301 Figure 6-37 Networking diagram for N-to-1 VCC ATM cell transport with VPI/VCI mapping....................6-307 Figure 6-38 Networking diagram for 1-to-1 VPC ATM cell transport............................................................6-313 Figure 6-39 Networking diagram for N-to-1 VPC ATM cell transport...........................................................6-318 Figure 6-40 Networking diagram of N-to-1 VPC ATM cell transport with the VPI mapping........................6-324 Issue 03 (2008-09-22) Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd. xix
Figures
Quidway NetEngine80E/40E Core Router Configuration Guide - VPN Figure 6-41 Networking diagram for ATM AAL5 SDU transport..................................................................6-330
Figure 7-1 VPLS architecture...............................................................................................................................7-3 Figure 7-2 VPLS forwarding model.....................................................................................................................7-4 Figure 7-3 HVPLS model.....................................................................................................................................7-7 Figure 7-4 Networking diagram of user network accessing to a single PE through redundant links..................7-8 Figure 7-5 The user network accesses the VPLS network through dual-homing links.......................................7-8 Figure 7-6 Networking diagram of the VLL accessing the VPLS.......................................................................7-9 Figure 7-7 Networking diagram of the static VLL accessing the VPLS network in dual-homed mode...........7-10 Figure 7-8 Kompella VPLS................................................................................................................................7-72 Figure 7-9 Martini VPLS...................................................................................................................................7-77 Figure 7-10 VPLS over TE in Martini mode.....................................................................................................7-82 Figure 7-11 Networking diagram of configuring LDP HVPLS.........................................................................7-91 Figure 7-12 Networking diagram of configuring loop detection of ACs in a VPLS network...........................7-96 Figure 7-13 Diagram of configuring dynamic VLLs to access the VPLS network.........................................7-104 Figure 7-14 Networking diagram of configuring static VLL to access the VPLS network.............................7-112 Figure 7-15 Networking diagram of configuring the static VLL to access the VPLS network in dual-homed mode ...........................................................................................................................................................................7-122 Figure 7-16 Networking diagram of configuring Kompella VPLS Option A..................................................7-143 Figure 7-17 Networking diagram of configuring inter-AS Kompella VPLS Option C...................................7-151 Figure 7-18 Networking diagram of configuring the inter-AS Martini VPLS Option A.................................7-160 Figure 7-19 Networking diagram of configuring the inter-AS Martini VPLS Option C.................................7-167 Figure 7-20 Networking diagram of configuring dual-homed Kompella VPLS.............................................7-176 Figure 7-21 Networking diagram of configuring Kompella VPLS with two reflectors..................................7-185 Figure 8-1 Networking diagram of traditional access of L2VPN to L3VPN.......................................................8-2 Figure 8-2 Networking diagram of connection from L2VPN to L3VPN supported by the ................................8-3 Figure 8-3 Networking diagram of connecting a VLL to an L3VPN..................................................................8-5 Figure 8-4 Networking diagram of VPLS accessing L3VPN............................................................................8-10 Figure 8-5 Networking diagram of configuring an L2VPN to access multiple L3VPNs through sub-interfaces for QinQ VLAN tag termination...............................................................................................................................8-15 Figure 8-6 Networking diagram of the access of Martini VLL to MPLS L3VPN.............................................8-21 Figure 8-7 Networking diagram of configuring the Martini VLL to public network........................................8-30 Figure 8-8 Networking diagram of configuring the access of Martini VPLS to L3VPN..................................8-36 Figure 8-9 Networking diagram of configuring the dual-homing access of dynamic master/backup VPLS to an L3VPN................................................................................................................................................................8-48 Figure 8-10 Networking diagram of configuring an L2VPN to access multiple L3VPNs through sub-interfaces for QinQ VLAN tag termination...............................................................................................................................8-79 Figure 9-1 Networking diagram of determining the master and the backup through the mVRRP virtual router in dual homing...........................................................................................................................................................9-3 Figure 9-2 UPE dual-homed to the NPEs............................................................................................................9-5 Figure 9-3 Binding of the mVSI and the service VSI..........................................................................................9-6 Figure 9-4 Peer BFD and Link BFD....................................................................................................................9-7 Figure 9-5 Networking diagram of the access of the traditional L2VPN to the L3VPN.....................................9-8 Figure 9-6 Networking diagram of the access of the L2VPN supported by the VE interface to the L3VPN ...............................................................................................................................................................................9-8 xx Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd. Issue 03 (2008-09-22)
Figures
Figure 9-7 Networking diagram of configuring mVSIs.......................................................................................9-9 Figure 9-8 Networking diagram of configuring VPLS convergence (UPE directly accesses the NPE)............9-13 Figure 9-9 Networking diagram of configuring VPLS convergence (UPE directly accesses the NPE though the VE interface).......................................................................................................................................................9-23 Figure 9-10 Networking diagram of configuring VPLS convergence (UPE accesses the NPE without using the VE interface)..............................................................................................................................................................9-45 Figure 10-1 ATM IWF diagram in the CCC local connection...........................................................................10-3 Figure 10-2 Diagram of ATM IWF in PW.........................................................................................................10-3 Figure 10-3 Networking diagram of the CCC local connection ATM IWF....................................................10-11 Figure 10-4 Networking diagram of PW ATM IWF.......................................................................................10-13
Issue 03 (2008-09-22)
xxi
Tables
Tables
Table 6-1 Data types capable of transparent transmission through PWE3..........................................................6-9
Issue 03 (2008-09-22)
xxiii
Related Versions
The following table lists the product versions related to this document. Product Name Quidway NetEngine80E/40E Version V300R003
Intended Audience
This document is intended for:
l l l l
Commissioning Engineer Data Configuration Engineer Network Monitoring Engineer System Maintenance Engineer
Organization
This document is organized as follows. Chapter 1 VPN Tunnel Management Configuration Description This chapter describes the VPN tunnel management, and configuration steps for tunnel and tunnel policy, along with examples.
1
Issue 03 (2008-09-22)
Description This chapter describes the basic GRE concepts, applications and configuration steps for GRE tunnel, GRE tunnel between CE and PE, and GRE keepalive function, along with examples This chapter describes the BGP/MPLS IP VPN concepts, principle, and configuration steps for VPN-instance, basic BGP/MPLS IP VPN, multi-AS BGP/MPLS IP VPN, carrier's carrier, HoVPN, OSPF shamlink, multi-VPN-instance CE, BGP and VPN Users Accessing the Public Network, along with examples. This chapter describes the BGP/MPLS IPv6 VPN concepts, principle, and configuration steps for VPN-instance, basic BGP/MPLS IPv6 VPN, multi-AS BGP/MPLS IPv6 VPN and VPN Users Accessing the Public Network, along with examples. This chapter describes the VLL concepts, principles and configuration steps for CCC, SVC, Martini and Kompella VLL, and VLL IP-interworking, along with examples. This chapter describes the PWE3 concepts, features, terms, principles and configuration steps for dynamic PW, static PW, SH-PW, MH-PW, and PW switching, along with examples. This chapter describes the VPLS concepts, principles, implementation and configuration steps for Martini and Kompella VPLS, and related parameters of the VSI, along with examples. This chapter describes the basic concept of Access of L2VPN to L3VPN, and configuration steps, along with examples This chapter describes the basic concept of VPLS Convergence, and configuration steps, along with examples This chapter describes the basic concept of ATM IWF, and configuration steps, along with examples This appendix collates frequently used glossaries in this document. This appendix collates frequently used acronyms and abbreviations in this document.
5 VLL Configuration
6 PWE3 Configuration
7 VPLS Configuration
8 Access of L2VPN to L3VPN Configuration 9 VPLS Convergence Configuration 10 ATM IWF Configuration A Glossary B Acronyms and Abbreviations
Issue 03 (2008-09-22)
Conventions
Symbol Conventions
The symbols that may be found in this document are defined as follows. Symbol Description Indicates a hazard with a high level of risk, which if not avoided, will result in death or serious injury.
Indicates a hazard with a medium or low level of risk, which if not avoided, could result in minor or moderate injury.
Indicates a potentially hazardous situation, which if not avoided, could result in equipment damage, data loss, performance degradation, or unexpected results. Indicates a tip that may help you solve a problem or save time. Provides additional information to emphasize or supplement important points of the main text.
General Conventions
The general conventions that may be found in this document are defined as follows. Convention Times New Roman Boldface Italic Courier New Description Normal paragraphs are in Times New Roman. Names of files, directories, folders, and users are in boldface. For example, log in as user root. Book titles are in italics. Examples of information displayed on the screen are in Courier New.
Command Conventions
The command conventions that may be found in this document are defined as follows. Convention Boldface
Issue 03 (2008-09-22)
Description Command arguments are in italics. Items (keywords or arguments) in brackets [ ] are optional. Optional items are grouped in braces and separated by vertical bars. One item is selected. Optional items are grouped in brackets and separated by vertical bars. One item is selected or no item is selected. Optional items are grouped in braces and separated by vertical bars. A minimum of one item or a maximum of all items can be selected. Optional items are grouped in brackets and separated by vertical bars. Several items or no item can be selected. The parameter before the & sign can be repeated 1 to n times. A line starting with the # sign is comments.
[ x | y | ... ]* &<1-n> #
GUI Conventions
The GUI conventions that may be found in this document are defined as follows. Convention Boldface > Description Buttons, menus, parameters, tabs, window, and dialog titles are in boldface. For example, click OK. Multi-level menus are in boldface and separated by the ">" signs. For example, choose File > Create > Folder.
Keyboard Operations
The keyboard operations that may be found in this document are defined as follows. Format Key Key 1+Key 2 Key 1, Key 2 Description Press the key. For example, press Enter and press Tab. Press the keys concurrently. For example, pressing Ctrl+Alt +A means the three keys should be pressed concurrently. Press the keys in turn. For example, pressing Alt, A means the two keys should be pressed in turn.
Issue 03 (2008-09-22)
Mouse Operations
The mouse operations that may be found in this document are defined as follows. Action Click Double-click Drag Description Select and release the primary mouse button without moving the pointer. Press the primary mouse button twice continuously and quickly without moving the pointer. Press and hold the primary mouse button and move the pointer to a certain position.
Update History
Updates between document issues are cumulative. Therefore, the latest document issue contains all updates made in previous issues.
Issue 03 (2008-09-22)
Issue 03 (2008-09-22)
1-1
1.1 Overview
This section describes basic concepts of tunnel management, types and application mechanism of tunnel policies. 1.1.1 Introduction to VPN Tunnels 1.1.2 VPN Tunnel Features Supported by theNE80E/40E
LSP A Label Switched Path (LSP) is similar to an Asynchronous Transfer Mode (ATM) Virtual Circuit (VC) or a Frame Relay (FR) VC in function and security. When LSPs are adopted as tunnels on the public network of Multi-Protocol Label Switching (MPLS) VPN, IP packet headers are analyzed only on Provider Edges (PEs), rather than on each device along which VPN packets are transmitted. In this manner, the time to process VPN packets shortens and the delay of packet transmission decreases. In addition, MPLS labels are supported by all link layer protocols.
MPLS TE Generally, carriers are required to provide VPN users with Quality of Service (QoS) guarantee for various end-to-end services, such as the voice service, video service, key data service, and Internet access service. To meet users' requirements, carriers offer the MPLS Traffic Engineering (MPLS TE) tunnels, which can optimize network resources and offer users with QoS guaranteed services.
GRE The major applicable environments of Generic Routing Encapsulation (GRE) are as follows:
P devices do not support MPLS. If PE devices support MPLS while Provider (P) devices of the VPN backbone network does not support MPLS, use GRE tunnels in the VPN backbone network, instead of LSPs.
A CE and a PE are indirectly connected. In an MPLS Layer 3 VPN (MPLS L3VPN), a CE and a PE must have a direct connection. If they are not directly connected, a GRE tunnel is generally set up between the CE and the PE to ensure the CE can access MPLS VPN.
L2TP The Layer 2 Tunneling Protocol (L2TP) is applied for the Virtual Private Data Network (VPDN). The VPDN functions can be implemented if only L2TP is supported.
1-2
Issue 03 (2008-09-22)
By means of L2TP, mobile users can access the MPLS VPN, namely, Layer 3 VPN, and VPN users can access other VPNs.
Tunnel management: informs the current application about the tunnel status and queries the tunnel and tunnel policy based on the destination IP address. Tunnel policy: selects a tunnel based on the destination IP address.
An application selects tunnels according to the tunnel policy. If no tunnel policy is configured, the default tunnel policy is selected. By default, no load balancing can be performed among tunnels, and only the LSP tunnel can be selected.
Select-sequence Mode
With the tunnel policy of the select-sequence mode, you can specify the sequence to select the tunnel types, and the number of tunnels participating in load balancing.
VPN primary tunnel binding: The primary tunnel can transmit the service data only for a specified VPN. As shown in Figure 1-1, two MPLS TEs, namely Tunnel1 and Tunnel2, are set up between PE1 and PE3.
Issue 03 (2008-09-22)
1-3
Site1
CE1
VPN Backbone
TE Tunnel1, for VPNA TE Tunnel2 ,for VPNB
CE3
Site3
PE3 CE4
Site4
VPNB
VPNB
The QoS of both VPN A and VPN B is guaranteed if you configure the VPN primary tunnel binding, that is, binding VPN A with Tunnel 1 and binding VPN B with Tunnel 2. After the configuration, both VPN A and VPN B use separate TE tunnels. The VPN primary tunnel binding has the following features:
The VPN data to a specific peer PE is always transmitted through the bound TE tunnel. The bound TE tunnel cannot be used in select-sequence mode or in load balancing. VPN primary tunnel binding can only use the bound primary tunnel for the specific peer PE. Other peer PEs, however, adopt the default tunnel policy.
You can arrange network resources by creating MPLS TE tunnels of different QoS features. Then you can manually configure each TE tunnel to carry the corresponding VPN service. Therefore, network resources can be optimally used.
l
Resource Reserved VPN (RRVPN): Each sub-tunnel of a primary tunnel can transmit the data of a specified VPN.
The source address and destination address of a tunnel uniquely identify the tunnel. The destination address is the address of the interface receiving packets.
Pre-configuration Tasks
Before configuring a tunnel interface, complete the following tasks:
l
Connecting the interfaces, and configuring physical parameters for the interfaces to ensure that the physical status of the interfaces is Up Configuring parameters of the link layer protocol and IP addresses for the interfaces to ensure that the status of the link layer protocol on the interfaces is Up
Data Preparation
To configure a tunnel interface, you need the following data. No. 1 2 Data Serial number of the tunnel interface Encapsulation type of the tunnel, source address, source interface, and destination address of the tunnel interface
Procedure
Step 1 Run:
system-view
When creating the tunnel interfaces on distributed devices, you are recommended to set the slot numbers of the tunnel interfaces the same as the slot number of the interface sending the packets, that is, the interface at the source end. In this manner, the packet forwarding efficiency can be improved.
Issue 03 (2008-09-22)
1-5
When you create a tunnel interface for a GRE or IPv4 over IPv6 tunnel, the slot number of the tunnel interface must be the same as that of the TSU, which is bound to the loopback interface that serves as the source interface. When creating a tunnel interface for other types of tunnels, you are recommended to set the slot number of the tunnel interface same as that of the source end, that is, the number of the slot that sends the packet. This improves the forwarding efficiency.
----End
Procedure
Step 1 Run:
system-view
The encapsulation type of the tunnel is configured. By default, the encapsulation protocol of a tunnel interface is none. For a tunnel, the tunnel interfaces at two ends must have the same encapsulation protocol. The related commands of an encapsulation protocol can be run only after the protocol is encapsulated on the tunnel interface. For example, you can run MPLS TE commands in a tunnel interface view after the tunnel-protocol mpls te command is configured on the tunnel interface. Step 4 Run:
destination [ vpn-instance vpn-instance-name ] dest-ip-address
The destination address is configured for the tunnel. The parameter vpn-instance vpn-instance-name is valid only for GRE. Step 5 (Optional) Run:
source { source-ip-address | loopback interface-number }
The source address or source interface of the tunnel is configured. Different tunnel interfaces encapsulated with one protocol cannot be configured with the same source address and destination address. You can use loopback interface-number or source-ip-address to specify a source address for a GRE or IPv4 over IPv6 tunnel. The source address must be the address of the loopback interface
1-6 Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd. Issue 03 (2008-09-22)
bound to the TSU by using the target-board command. The source address of an IPv6 over IPv4 tunnel, however, is not restricted. Whether a source address or a destination address is necessary for a tunnel interface depends on the tunnel type. For example, an MPLS TE tunnel interface requires only a destination address. If you use interface-type interface-number to specify the source address of a tunnel, the specified interface cannot be the local tunnel interface. Step 6 (Optional) Run:
mtu mtu-value
The MTU of the interface is configured. This step is necessary if you want to change the MTU. The newly configured MTU is validated only after you run the shutdown command and the undo shutdown command on the interface in sequence. Step 7 Choose one of the following methods to configure the IP address of a tunnel interface.
l
Run the ip address ip-address { mask | mask-length } [ sub ] command to configure the IP address of a tunnel interface. Run the ip address unnumbered interface interface-type interface-number command to configure IP unnumbered on the tunnel interface.
----End
Run the display interface tunnel command to see that "Line protocol current state" of the tunnel interface is "UP". For example:
<Quidway> display interface Tunnel 4/0/0 Tunnel4/0/0 current state : UP Line protocol current state : UP Description : HUAWEI, Quidway Series, Tunnel4/0/0 Interface The Maximum Transmit Unit is 1500 bytes Internet Address is 40.1.1.1/24 Encapsulation is TUNNEL, loopback not set Tunnel source 20.1.1.1 (GigabitEthernet4/0/0), destination 30.1.1.2 Tunnel protocol/transport GRE/IP, key disabled keepalive disabled Checksumming of packets disabled QoS max-bandwidth : 64 Kbps Output queue : (Urgent queue : Size/Length/Discards) 0/50/0 Output queue : (Protocol queue : Size/Length/Discards) 0/1000/0
Issue 03 (2008-09-22)
1-7
Output queue : (FIFO queue : Size/Length/Discards) 0/256/0 300 seconds input rate 31776024 bytes/sec, 31776152 packets/sec 300 seconds output rate 31776024 bytes/sec, 31776152 packets/sec 185 packets input, 19714 bytes 0 input error 184 packets output, 19738 bytes 0 output error
Run the display tunnel-info command to check the information about the tunnel, such as the tunnel ID. For example:
<Quidway> display tunnel-info all * -> Allocated VC Token Tunnel ID Type Destination Token ---------------------------------------------------------------------0x1100200a cr lsp 100.1.1.2 115712 0x1800800 lsp 3.3.3.3 0 0x1800801 lsp 2.2.2.2 1 0x41804bb8 lsp 192.168.2.0 3000
Run the display tunnel-info tunnel-id command to further check the information about the tunnel. For example:
<Quidway> display tunnel-info 1100200a Tunnel ID: 0x1100200a Tunnel Token: 115712 Type: cr lsp Destination: 3.3.3.3 Mask: 0.0.0.0 Out Slot: 1 Instance ID: 0 Interface: Tunnel1/0/1 Sub Tunnel ID: 0x0
Pre-configuration Tasks
Before configuring a tunnel policy, complete the following tasks:
l
Connecting the interfaces, and configuring physical parameters for the interfaces to ensure that the physical status of the interfaces is Up Configuring parameters of the link layer protocol and IP addresses for the interfaces to ensure that the status of the link layer protocol on the interfaces is Up Creating the tunnel (LSP, GRE, or MPLS TE) for the VPN instance Configuring the VPN instance on the PE (refer to the chapter "BGP/MPLS IP VPN Configuration" in this manual)
l l
Data Preparation
To configure the tunnel policy, you need the following data. No. 1 2 3 4 Data Name of the tunnel policy Priority of the tunnels Number of tunnels for load balancing Name of the VPN instance configured with a tunnel policy
Procedure
Step 1 Run:
system-view
A tunnel policy is created and the tunnel policy view is displayed. A tunnel policy indicates only one tunnel selection mode. If more tunnel selection modes are required, you need create multiple tunnel policies. A VPN instance can only use one tunnel policy; multiple VPN instances can use the same VPN tunnel policy. Step 3 Run:
tunnel select-seq { gre | cr-lsp | lsp }* load-balance-number load-balance-number
The priority of the tunnels and the number of tunnels for load balancing are configured.
Issue 03 (2008-09-22) Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd. 1-9
If no tunnel policy is configured for L3VPN, LSP is used as the VPN tunnel, and no load balancing is carried out. The license offered to you defines the number of tunnels in load balancing. ----End
Procedure
Step 1 Run:
system-view
Run the display tunnel-policy command. If the configuration of the tunnel policy is displayed, it means the configuration succeeds. For example:
[Quidway] display tunnel-policy policy1 Tunnel Policy Name Select-Seq Load balance No ---------------------------------------------------------------------
1-10
Issue 03 (2008-09-22)
Run the display tunnel-policy command. If the tunnel policy of the VPN instance is displayed, it means the configuration succeeds. In the following example, you can view the tunnel policy of the VPN named vpna is policy1.
[Quidway] display ip vpn-instance verbose Total VPN-Instances configured : 1 VPN-Instance Name and ID : vpna, 1 Create date : 2004/10/11 16:12:02 Up time : 0 days, 00 hours, 03 minutes and 07 seconds Route Distinguisher : 100:1 Export VPN Targets : 100:1 Import VPN Targets : 100:1 Label policy: label per route Tunnel Policy : policy1 The diffserv-mode Information is : uniform The ttl-mode Information is : uniform Interfaces : GigabitEthernet1/0/0
Run the display ip routing-table vpn-instance verbose command, and you can view the tunnel that transmits the VPN routes. For example:
[Quidway] display ip routing-table vpn-instance vpnb 10.4.1.0 verbose Routing Table : vpnb Summary Count : 2 Destination: 10.4.1.0/30 Protocol: BGP Process ID: 0 Preference: 255 Cost: 0 NextHop: 2.2.2.2 Neighbour: 2.2.2.2 State: Active Adv GotQ Age: 01h02m27s Tag: 0 Priority: 0 Label: 107520 QoSInfo:0x0 RelayNextHop: 0.0.0.0 Interface: Tunnel1/0/1 Tunnel ID: 0xc1010003 RelayNextHop: 0.0.0.0 Interface: Pos1/0/0 Tunnel ID: 0x84010000
Run the display tunnel-info tunnel-id command, and you can view detailed information about a specified tunnel. For example:
[Quidway] display tunnel-info c1010003 Tunnel ID: 0xc1010003 Tunnel Token: 115712 Type: cr lsp Destination: 3.3.3.3 Mask: 0.0.0.0 Out Slot: 1 Instance ID: 0 Interface: Tunnel1/0/1 Sub Tunnel ID: 0x0
Pre-configuration Tasks
Before configuring a tunnel policy, complete the following tasks:
l
Connecting the interfaces, and configuring physical parameters for the interfaces to ensure that the physical status of the interfaces is Up Configuring parameters of the link layer protocol and IP addresses for the interfaces to ensure that the status of the link layer protocol on the interfaces is Up Creating the tunnel (LSP, GRE, or MPLS TE) for a VC Creating the VC of the corresponding type on the PE (refer to the chapter "MPLS L2VPN Configuration" in this manual)
l l
Data Preparation
Before configuring a tunnel policy, you need the following data. No. 1 2 3 4 Data Name of the tunnel policy Priority of tunnels Number of tunnels participating in load balancing Type and serial number of the VC interface on which the tunnel policy needs to be applied
Procedure
Step 1 Run:
system-view
The tunnel policy is created, and the tunnel policy view is displayed. A VC can apply only one tunnel policy. Multiple VCs can share the same tunnel policy. Step 3 Run:
tunnel select-seq { gre | lsp | cr-lsp } * load-balance-number load-balance-number
The priority of tunnels and number of tunnels participating in load balancing are configured. ----End
Postrequisite
For L2VPN, if no tunnel policy is configured, LSP is selected as the VPN tunnel, and no load balancing is carried out. In a tunnel policy, tunnels are selected in sequential order. If the preceding tunnel is Up, it will be selected irrespective of whether or not another service has selected it. The subsequent tunnel is not selected in most cases, except that load balancing is performed or the preceding tunnels are in the Down state. For example, if the tunnel select-seq lsp cr-lsp load-balance-number 1 command is configured, a VPN selects the CR-LSP tunnel if no LSP exists. After an LSP is set up, the VPN selects the LSP and does not use the CR-LSP tunnel anymore. The license offered to you defines the number of tunnels in load balancing.
MPLS L2VPN in SVC mode MPLS L2VPN in Martini mode MPLS L2VPN in Kompella mode PWE3
Procedure
l MPLS L2VPN in SVC mode Do as follows on PEs configured with VCs. 1. Run:
system-view
Issue 03 (2008-09-22)
1-13
The tunnel policy is applied to the VC of the L2VPN in SVC mode. l MPLS L2VPN in Martini mode Do as follows on PEs configured with VCs. 1. Run:
system-view
The tunnel policy is applied to the VC of the L2VPN in Martini mode. l MPLS L2VPN in Kompella mode Do as follows on PEs configured with VCs. 1. Run:
system-view
Before configuring Kompella L2VPN on a PE, create a connection with a CE by running thece ce-name id ce-id [ range range-value ] [ default-offset offset-value ] command.
1-14
Issue 03 (2008-09-22)
The view of the interface connected with the CE device is displayed. 3. Choose one of the following options to apply tunnel policy to PW.
For dynamic PW, run: mpls l2vc { pw-template pw-template-name | ipaddress } * vc-id tunnel-policy policy-name For static PW, run: mpls static-l2vc { destination ip-address | pw-template pwtemplate-name vc-id } * transmit-vpn-label transmit-label-value receive-vpnlabel receive-label-value tunnel-policy policy-name
----End
Run the display tunnel-policy command. If the bound tunnel interface is displayed, it means the configuration succeeds. For example:
<Quidway> display tunnel-policy policy1 Tunnel Policy Name Destination Tunnel Intf --------------------------------------------------------------------policy1 2.2.2.9 Tunnel1/0/0 3.3.3.9 Tunnel2/0/0
Run the display interface tunnel command, and you can view the bound tunnel is Up. For example:
<Quidway> display interface tunnel 1/0/0 Tunnel1/0/0 current state : UP Line protocol current state : UP Description : HUAWEI, Quidway Series, Tunnel1/0/0 Interface, Route Port The Maximum Transmit Unit is 1500 bytes Internet Address is unnumbered, using address of LoopBack1(1.1.1.9/32) Encapsulation is TUNNEL, loopback not set Tunnel destination 2.2.2.9 Tunnel protocol/transport MPLS/MPLS, ILM is available, primary tunnel id is 0xc1010002, secondary tunnel id is 0x0 The tunnelIfIndex is 0x4000385 QoS max-bandwidth : 64 Kbps Output queue : (Urgent queue : Size/Length/Discards) 0/50/0 Output queue : (Protocol queue : Size/Length/Discards) 0/1000/0
Issue 03 (2008-09-22)
1-15
Run the display ip vpn-instance verbose command. If the tunnel policy name of the VPN instance is displayed, it means the configuration succeeds. In the following example, you can view the tunnel policy of the VPN named vpna is policy1.
<Quidway> display ip vpn-instance verbose Total VPN-Instances configured : 1 VPN-Instance Name and ID : vpna, 1 Create date : 2004/10/11 16:12:02 Up time : 0 days, 00 hours, 03 minutes and 07 seconds Route Distinguisher : 100:1 Export VPN Targets : 100:1 Import VPN Targets : 100:1 Label policy: label per route Tunnel Policy : policy1 Interfaces : GigabitEthernet1/0/0
Run the display ip routing-table vpn-instance verbose command and you can view the used tunnels by the VPN route. For example:
<Quidway> display ip routing-table vpn-instance vpna 10.3.1.0 verbose Routing Table : vpna Summary Count : 1 Destination: 10.3.1.0/30 Protocol: BGP Process ID: 0 Preference: 255 Cost: 0 NextHop: 2.2.2.2 Neighbour: 2.2.2.2 State: Active Adv GotQ Age: 00h00m08s Tag: 0 Priority: 0 Label: 109568 QoSInfo: 0x0 RelayNextHop: 0.0.0.0 Interface: Tunnel1/0/2 Tunnel ID: 0xc1010002
Pre-configuration Tasks
Before configuring VPN primary tunnel binding, complete the following tasks:
l
Connecting the interfaces, configuring physical parameters for the interfaces to ensure that the physical status of the interfaces is Up Configuring parameters of the link layer protocol and IP addresses for the interfaces to ensure the status of the link layer protocol on the interfaces is Up Configuring the static route or the Interior Gateway Protocol (IGP) to ensure routes are reachable to all nodes Configuring basic MPLS functions and enabling MPLS TE Configuring the MPLS TE tunnels between PEs (refer to the Quidway NetEngine80E/ 40E Router Configuration Guide - MPLS). Configuring the VPN instance on the PE (refer to the chapter "BGP/MPLS IP VPN Configuration" in this manual)
l l
Data Preparation
To configure VPN primary tunnel binding, you need the following data. No. 1 2 3 Data Name of the tunnel policy QoS parameters for the MPLS TE tunnel such as bandwidth Name of the VPN instance
Procedure
Step 1 Run:
system-view
Only the tunnel enabled with the VPN binding can be bound with the VPN. The tunnel policy in select-sequence mode cannot use the tunnel enabled with the VPN binding. Step 4 Run:
mpls te commit
Procedure
Step 1 Run:
system-view
The peer address is bound with the tunnel policy. The VPN data from the local end are transmitted to the destination address through the bound tunnel. If a TE tunnel is bound with the destination address, the VPN data is only transmitted to the destination address through the bound tunnel. Note the following:
l
Tunnel policy can be either in select-sequence mode or tunnel binding mode. Therefore, the tunnel policy configured with the tunnel binding command cannot be then configured with the tunnel select-seq command. One dest-ip-address of a PE device can only be bound with one tunnel. If multiple tunnels are bound, the last binding overwrites the previous one. If the PE has multiple peers, a tunnel policy can be configured with multiple tunnel binding commands with different dest-ip-address.
----End
Procedure
Step 1 Run:
system-view
The tunnel policy is applied to the VPN instance. Different VPN services to the same destination on a PE must apply different tunnel policies, and be bound with different TE tunnels. ----End
Run the display tunnel-policy command. If the bound tunnel interface is displayed, and the destination address is configured the same as that in real situation, it means the configuration succeeds. For example:
<Quidway> display tunnel-policy policy1 Tunnel Policy Name Destination Tunnel Intf Down Switch --------------------------------------------------------------------policy1 2.2.2.9 Tunnel1/0/0 Disable 3.3.3.9 Tunnel2/0/0 Disable
Run the display interface tunnel, and you can view the bound tunnel is Up. For example:
<Quidway> display interface tunnel 1/0/0 Tunnel1/0/0 current state : UP Line protocol current state : UP Description : HUAWEI, Quidway Series, Tunnel1/0/0 Interface, Route Port The Maximum Transmit Unit is 1500 bytes Internet Address is unnumbered, using address of LoopBack1(1.1.1.9/32)
Issue 03 (2008-09-22)
1-19
Encapsulation is TUNNEL, loopback not set Tunnel destination 2.2.2.9 Tunnel protocol/transport MPLS/MPLS, ILM is available, primary tunnel id is 0xc1010002, secondary tunnel id is 0x0 The tunnelIfIndex is 0x4000385 QoS max-bandwidth : 64 Kbps Output queue : (Urgent queue : Size/Length/Discards) 0/50/0 Output queue : (Protocol queue : Size/Length/Discards) 0/1000/0 Output queue : (FIFO queuing : Size/Length/Discards) 0/75/0 5 minutes output rate 2952 bits/sec, 2 packets/sec 22894187 packets output, 2958834536 bytes 0 packets output dropped
Run the display ip vpn-instance verbose command. If the tunnel policy name of the VPN instance is displayed, it means the configuration succeeds. In the following example, you can view the tunnel policy of the VPN instance named vpna is policy1.
<Quidway> display ip vpn-instance verbose Total VPN-Instances configured : 1 VPN-Instance Name and ID : vpna, 1 Create date : 2004/10/11 16:12:02 Up time : 0 days, 00 hours, 03 minutes and 07 seconds Route Distinguisher : 100:1 Export VPN Targets : 100:1 Import VPN Targets : 100:1 Label policy: label per route Tunnel Policy : policy1 The diffserv-mode Information is : uniform The ttl-mode Information is : uniform Interfaces : GigabitEthernet1/0/0
Run the display ip routing-table vpn-instance verbose command and you can view the tunnels used by the VPN routes. For example:
<Quidway> display ip routing-table vpn-instance vpna 10.3.1.0 verbose Routing Table : vpna Summary Count : 1 Destination: 10.3.1.0/30 Protocol: BGP Process ID: 0 Preference: 255 Cost: 0 NextHop: 2.2.2.2 Neighbour: 2.2.2.2 State: Active Adv GotQ Age: 00h00m08s Tag: 0 Priority: 0 Label: 109568 QoSInfo: 0x0 RelayNextHop: 0.0.0.0 Interface: Tunnel1/0/2 Tunnel ID: 0xc1010002
Applicable Environment
When deploying the MPLS L2VPN service, you need consider not only the transparent transmission of user data, but also the following points:
l
MPLS TE tunnels are used to transmit data, which can optimize the usage of network resource, and avoid the congestion caused by unbalanced load. The L2VPN service should be separated from other services. Therefore, the QoS of the L2VPN service is guaranteed.
The MPLS TE tunnel and the MPLS L2VPN primary tunnel binding need to be configured on the PEs of the backbone network.
Pre-configuration Tasks
Before configuring MPLS L2VPN primary tunnel binding, complete the following tasks:
l
Connecting the interfaces, and configuring physical parameters for the interfaces to ensure that the physical status of the interfaces is Up Configuring parameters of the link layer protocol and IP addresses for the interfaces to ensure that the status of the link layer protocol on the interfaces is Up Configuring the static route or IGP to ensure that routes are reachable to all nodes Configuring basic MPLS functions and enabling MPLS TE Configuring the MPLS TE tunnels between PEs (refer to the Quidway NetEngine80E/ 40E Router Configuration Guide - MPLS . Creating the VC on the PE (refer to the chapter "MPLS L2VPN Configuration" in this manual)
l l l
Data Preparation
To configure L2VPN primary tunnel binding, you need the following data. No. 1 2 3 Data Name of the tunnel policy QoS parameters for the MPLS TE tunnel such as bandwidth Type and serial number of the VC interface , destination address, and VC ID
Procedure
Step 1 Run:
system-view
Issue 03 (2008-09-22)
1-21
The VPN binding for the tunnel is enabled. Only the tunnel enabled with the VPN binding can be bound with the VPN. The tunnel policy in select-sequence mode cannot use the tunnel enabled with the VPN binding. Step 4 Run:
mpls te commit
Procedure
Step 1 Run:
system-view
The peer address is bound with the tunnel policy. The VPN data from the local end are transmitted through the bound tunnel to the destination address. If a TE tunnel is bound with the destination address, the VPN data is only transmitted to the destination address through the bound tunnel. Note the following:
l
Tunnel policy can be either in select-sequence mode or tunnel binding mode. Therefore, the tunnel policy configured with the tunnel binding command cannot be then configured with the tunnel select-seq command. One dest-ip-address of a PE device can only be bound with one tunnel. If multiple tunnels are bound, the last binding overwrites the previous one. If the PE has multiple peers, a tunnel policy can be configured with multiple tunnel binding commands with different dest-ip-address.
----End
1-22 Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd. Issue 03 (2008-09-22)
Procedure
Step 1 Run:
system-view
The tunnel policy is applied to the VC. Different VPN services to the same destination on a PE must apply different tunnel policies, and be bound with different TE tunnels. ----End
Run the display tunnel-policy command. If the bound tunnel interface is displayed, and the destination address is configured the same as that in real situation, it means the configuration succeeds. For example:
<Quidway> display tunnel-policy policy1 Tunnel Policy Name Destination Tunnel Intf Down Switch --------------------------------------------------------------------policy1 2.2.2.9 Tunnel1/0/0 Disable 3.3.3.9 Tunnel2/0/0 Disable
Run the display interface tunnel command. If the bound tunnel is Up, it means the configuration succeeds. For example:
Issue 03 (2008-09-22) Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd. 1-23
<Quidway> display interface Tunnel 1/0/0 Tunnel1/0/0 current state : UP Line protocol current state : UP Description : HUAWEI, Quidway Series, Tunnel1/0/0 Interface, Route Port The Maximum Transmit Unit is 1500 bytes Internet Address is unnumbered, using address of LoopBack1(1.1.1.9/32) Encapsulation is TUNNEL, loopback not set Tunnel destination 2.2.2.9 Tunnel protocol/transport MPLS/MPLS, ILM is available, primary tunnel id is 0x1002043, secondary tunnel id is 0x0 The tunnelIfIndex is 0x4000385
Run the display mpls l2vc interface interface-type interface-number command. If the tunnel policy name of the VC is displayed, it means the configuration succeeds. In the following example, you can view the tunnel policy of the VC is policy1.
<Quidway> display mpls l2vc Total ldp vc : 2 2 up 0 down *Client Interface : gigabitethernet 1/0/0.1 Session State : up AC Status : up VC State : up VC ID : 100 VC Type : ppp Destination : 2.2.2.9 Local VC Label : 17408 Remote VC Label : 17409 Control Word : Disable Tunnel Policy Name : policy1
1-24
Issue 03 (2008-09-22)
Action View information about the tunnel policy oused by a specified VPN instance. View information about the tunnel for IP routing. View information about the tunnel used by the VC in the SVC, PWE3 VC, or Martini L2VPN. View information about the tunnel used by the VC in the Kompella L2VPN. View information about the tunnel used by the VC in the Martini L2VPN.
display ip routing-table vpn-instance [ destinationaddress ] verbose display mpls l2vc [ interface interface-type interfacenumber ] display mpls l2vpn connection interface interface-type interface-number display mpls l2vc [ interface interface-type interfacenumber ]
CAUTION
Debugging affects the performance of the system. Therefore, after debugging, run the undo debugging all command to disable the debugging immediately. When a fault occurs in a tunnel, run the following debugging commands in the user view to debug the tunnel and locate the fault. For the procedure of outputting the debugging information, refer to the chapter "Maintenance and Debugging" in the Quidway NetEngine80E/40E Router Configuration Guide - System Management. For the description about the debugging commands, refer to the Quidway NetEngine80E/40E Router Command Reference. Action Enable tunnel debugging. Enable the debugging related to tunnel management. Command debugging tunnel all [ interface interfacenumber ] debugging tnlm { all | error | event }
Issue 03 (2008-09-22)
1-25
vpna
Loopback1 2.2.2.2/32
CE3
POS1/0/0 10.3.1.1/30
POS2/0/0 10.3.1.2/30
PE1
PE2
POS2/0/1 10.4.1.2/30
POS1/0/0 10.2.1.1/30
POS1/0/0 10.4.1.1/30
CE2 vpnb
CE4 vpnb
Configuration Roadmap
The configuration roadmap is as follows: 1. 2. 3. 4. 5.
1-26
Configure a routing protocol to achieve intercommunication between PEs. Enable the basic MPLS capability on the devices in the backbone network, and set up an LSP and two MPLS TE tunnels between the PEs. Configure VPN instances on PEs and connect CEs with PEs. Configure tunnel policies, and apply them to VPN instances. Configure Multihop-IBGP (MP-IBGP) on PEs to advertise and receive VPNv4 routes.
Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd. Issue 03 (2008-09-22)
Data Preparation
To complete the configuration, you need the following data:
l l l
MPLS LSR ID of PEs Name, RD, and VPN target of both VPN instances Name of both tunnel policies
Configuration Procedure
1. Run IGP on the MPLS backbone network to realize IP connectivity between PEs. # Configure PE1.
[Quidway] system-view [Quidway] sysname PE1 [PE1] interface loopback 1 [PE1-LoopBack1] ip address 1.1.1.1 32 [PE1-LoopBack1] quit [PE1] interface pos1/0/0 [PE1-Pos1/0/0] ip address 100.1.1.1 30 [PE1-Pos1/0/0] undo shutdown [PE1-Pos1/0/0] quit [PE1] ospf 1 [PE1-ospf-1] area 0 [PE1-ospf-1-area-0.0.0.0] network 100.1.1.0 0.0.0.3 [PE1-ospf-1-area-0.0.0.0] network 1.1.1.1 0.0.0.0 [PE1-ospf-1-area-0.0.0.0] quit [PE1-ospf-1] quit
# Configure PE2.
[Quidway] system-view [Quidway] sysname PE2 [PE2] interface loopback 1 [PE2-LoopBack1] ip address 2.2.2.2 32 [PE2-LoopBack1] quit [PE2] interface pos 1/0/0 [PE2-Pos1/0/0] ip address 100.1.1.2 30 [PE2-Pos1/0/0] undo shutdown [PE2-Pos1/0/0] quit [PE2] ospf 1 [PE2-ospf-1] area 0 [PE2-ospf-1-area-0.0.0.0] network 100.1.1.0 0.0.0.3 [PE2-ospf-1-area-0.0.0.0] network 2.2.2.2 0.0.0.0 [PE2-ospf-1-area-0.0.0.0] quit [PE2-ospf-1] quit
After the configuration, run the display ip routing-table command on PEs. You find that PEs learn the Lookback1 routes of each other. Take PE1 as an example.
[PE1] display ip routing-table Route Flags: R - relied, D - download to fib -----------------------------------------------------------------------------Routing Tables: Public Destinations : 7 Routes : 7 Destination/Mask Proto Pre Cost Flags NextHop Interface 1.1.1.2/32 Direct 0 0 D 127.0.0.1 InLoopBack0 2.2.2.2/32 OSPF 10 2 D 100.1.1.2 Pos1/0/0 100.1.1.0/30 Direct 0 0 D 172.1.1.1 Pos1/0/0 100.1.1.1/32 Direct 0 0 D 127.0.0.1 InLoopBack0 100.1.1.2/32 Direct 0 0 D 172.1.1.2 Pos1/0/0 127.0.0.0/8 Direct 0 0 D 127.0.0.1 InLoopBack0 127.0.0.1/32 Direct 0 0 D 127.0.0.1 InLoopBack0
2.
Configure basic MPLS capability on the MPLS backbone network and setup the Label Distribution Protocol (LDP) LSP between PEs.
Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd. 1-27
Issue 03 (2008-09-22)
# Configure PE1.
[PE1] mpls lsr-id 1.1.1.1 [PE1] mpls [PE1-mpls] quit [PE1] mpls ldp [PE1-mpls-ldp] quit [PE1] interface pos 1/0/0 [PE1-Pos1/0/0] mpls [PE1-Pos1/0/0] mpls ldp [PE1-Pos1/0/0] quit
# Configure PE2.
[PE2] mpls lsr-id 2.2.2.2 [PE2] mpls [PE2-mpls] quit [PE2] mpls ldp [PE2-mpls-ldp] quit [PE2] interface pos 1/0/0 [PE2-Pos1/0/0] mpls [PE2-Pos1/0/0] mpls ldp [PE2-Pos1/0/0] quit
After the configuration, run the display tunnel-info all command, you can find that the LSPs between PE1 and PE2 are set up. Run the display mpls ldp lsp command, you can view the information about the LSPs. Take PE1 as an example.
[PE1] display tunnel-info all * -> Allocated VC Token Tunnel ID Type Destination Token ---------------------------------------------------------------------0x84010000 lsp 2.2.2.2 0 <PE1> display mpls ldp lsp LDP LSP Information -----------------------------------------------------------------SN DestAddress/Mask In/OutLabel Next-Hop In/Out-Interface -----------------------------------------------------------------1 1.1.1.1/32 3/NULL 127.0.0.1 Pos1/0/0/InLoop0 2 2.2.2.2/32 NULL/3 172.1.1.2 -------/Pos1/0/0 -----------------------------------------------------------------TOTAL: 2 Normal LSP(s) Found. TOTAL: 0 Liberal LSP(s) Found. A '*' before an LSP means the LSP is not established A '*' before a Label means the USCB or DSCB is stale
3.
Set up MPLS TE tunnels between PEs. # Configure MPLS TE tunnel attributes, such as the maximum link bandwidth, and the maximum reserved bandwidth. # Configure PE1.
[PE1] mpls [PE1-mpls] mpls te [PE1-mpls] mpls rsvp-te [PE1-mpls] mpls te cspf [PE1-mpls] quit [PE1] interface pos1/0/0 [PE1-Pos1/0/0] mpls te [PE1-Pos1/0/0] mpls rsvp-te [PE1-Pos1/0/0] mpls te max-link-bandwidth 20000 [PE1-Pos1/0/0] mpls te max-reservable-bandwidth 15000 [PE1-Pos1/0/0] quit
# Configure PE2.
[PE2] mpls [PE2-mpls] [PE2-mpls] [PE2-mpls] [PE2-mpls] mpls te mpls rsvp-te mpls te cspf quit
1-28
Issue 03 (2008-09-22)
[PE2] interface pos1/0/0 [PE2-Pos1/0/0] mpls te [PE2-Pos1/0/0] mpls rsvp-te [PE2-Pos1/0/0] mpls te max-link-bandwidth 20000 [PE2-Pos1/0/0] mpls te max-reservable-bandwidth 15000 [PE2-Pos1/0/0] quit
# Enable OSPF to transmit TE attributes on the routers along the TE tunnels. # Configure PE1.
[PE1] ospf 1 [PE1-ospf-1] opaque-capability enable [PE1-ospf-1] area 0 [PE1-ospf-1-area-0.0.0.0] mpls-te enable [PE1-ospf-1-area-0.0.0.0] quit [PE1-ospf-1] quit
# Configure PE2.
[PE2] ospf 1 [PE2-ospf-1] opaque-capability enable [PE2-ospf-1] area 0 [PE2-ospf-1-area-0.0.0.0] mpls-te enable [PE2-ospf-1-area-0.0.0.0] quit [PE2-ospf-1] quit
# Configure PE2.
[PE2] interface tunnel 1/0/1 [PE2-Tunnel1/0/1] ip address unnumbered interface loopback1 [PE2-Tunnel1/0/1] tunnel-protocol mpls te [PE2-Tunnel1/0/1] destination 1.1.1.1 [PE2-Tunnel1/0/1] mpls te tunnel-id 11 [PE2-Tunnel1/0/1] mpls te bandwidth 5000 [PE2-Tunnel1/0/1] mpls te commit [PE2-Tunnel1/0/1] quit
# Configure the MPLS TE tunnel of 10Mbit/s, and enable tunnel binding. # Configure PE1.
[PE1] interface tunnel 1/0/2 [PE1-Tunnel1/0/2] ip address unnumbered interface loopback1 [PE1-Tunnel1/0/2] tunnel-protocol mpls te [PE1-Tunnel1/0/2] destination 2.2.2.2 [PE1-Tunnel1/0/2] mpls te tunnel-id 22 [PE1-Tunnel1/0/2] mpls te bandwidth 10000 [PE1-Tunnel1/0/2] mpls te reserved-for-binding [PE1-Tunnel1/0/2] mpls te commit [PE1-Tunnel1/0/2] quit
# Configure PE2.
[PE2] interface tunnel 1/0/2 [PE2-Tunnel1/0/2] ip address unnumbered interface loopback1 [PE2-Tunnel1/0/2] tunnel-protocol mpls te [PE2-Tunnel1/0/2] destination 1.1.1.1 [PE2-Tunnel1/0/2] mpls te tunnel-id 22 [PE2-Tunnel1/0/2] mpls te bandwidth 10000 [PE2-Tunnel1/0/2] mpls te reserved-for-binding [PE2-Tunnel1/0/2] mpls te commit [PE2-Tunnel1/0/2] quit
Issue 03 (2008-09-22)
1-29
After the configuration, run the display interface tunnel interface-number command on PEs. You can find that Tunnel1/0/1 and Tunnel1/0/2 are both in the Up state. Take Tunnel1/0/2 on PE1 as an example.
[PE1] display interface tunnel 1/0/2 Tunnel1/0/2 current state : UP Line protocol current state : UP Description : HUAWEI, Quidway Series, Tunnel1/0/2 Interface, Route Port The Maximum Transmit Unit is 1500 bytes Internet Address is unnumbered, using address of LoopBack1(1.1.1.1/32) Encapsulation is TUNNEL, loopback not set Tunnel destination 2.2.2.2 Tunnel protocol/transport MPLS/MPLS, ILM is available, primary tunnel id is 0xc1010003, secondary tunnel id is 0x0 The tunnelIfIndex is 0x4000385 QoS max-bandwidth : 64 Kbps Output queue : (Urgent queue : Size/Length/Discards) 0/50/0 Output queue : (Protocol queue : Size/Length/Discards) 0/1000/0 Output queue : (FIFO queuing : Size/Length/Discards) 0/75/0 5 minutes output rate 0 bits/sec, 0 packets/sec 22894187 packets output, 2958834536 bytes 0 packets output dropped
Run the display tunnel-info all command on PEs. You can find both Tunnel1/0/1 and Tunnel1/0/2 are in the Up state. Take PE1 as an example.
[PE1] display tunnel-info all * -> Allocated VC Token Tunnel ID Type Destination Token ---------------------------------------------------------------------0xc1010002 cr lsp 2.2.2.2 2 0xc1010003 cr lsp 2.2.2.2 3 0x84010000 lsp 2.2.2.2 0 0x84010001 lsp -1
4.
Configure VPN instances on PEs and connect CEs with PEs. # Configure PE1.
[PE1] ip vpn-instance vpna [PE1-vpn-instance-vpna] route-distinguisher 100:1 [PE1-vpn-instance-vpna] vpn-target 111:1 both [PE1-vpn-instance-vpna] quit [PE1] ip vpn-instance vpnb [PE1-vpn-instance-vpnb] route-distinguisher 100:2 [PE1-vpn-instance-vpnb] vpn-target 222:2 both [PE1-vpn-instance-vpnb] quit [PE1] interface pos2/0/0 [PE1-Pos2/0/0] ip binding vpn-instance vpna [PE1-Pos2/0/0] ip address 10.1.1.2 30 [PE1-Pos2/0/0] undo shutdown [PE1-Pos2/0/0] quit [PE1] interface pos 2/0/1 [PE1-Pos2/0/1] ip binding vpn-instance vpnb [PE1-Pos2/0/1] ip address 10.2.1.2 30 [PE1-Pos2/0/1] undo shutdown [PE1-Pos2/0/1] quit
# Configure PE2.
[PE2] ip vpn-instance vpna [PE2-vpn-instance-vpna] route-distinguisher 100:3 [PE2-vpn-instance-vpna] vpn-target 111:1 both [PE2-vpn-instance-vpna] quit [PE2] ip vpn-instance vpnb [PE2-vpn-instance-vpnb] route-distinguisher 100:4 [PE2-vpn-instance-vpnb] vpn-target 222:2 both [PE2-vpn-instance-vpnb] quit [PE2] interface pos 2/0/0 [PE2-Pos2/0/0] ip binding vpn-instance vpna
1-30
Issue 03 (2008-09-22)
[PE2-Pos2/0/0] ip address 10.3.1.2 30 [PE2-Pos2/0/0] undo shutdown [PE2-Pos2/0/0] quit [PE2] interface pos 2/0/1 [PE2-Pos2/0/1] ip binding vpn-instance vpnb [PE2-Pos2/0/1] ip address 10.4.1.2 30 [PE2-Pos2/0/1] undo shutdown [PE2-Pos2/0/1] quit
# Assign IP addresses to the interfaces of CEs as shown in Figure 1-2. The configuration details are not mentioned here. After the configuration, run the display ip vpn-instance verbose command on each PE and you can view the configuration of the VPN instance. Each PE can ping through the connected CE.
NOTE
When the interfaces on a PE are bound to the same VPN, you need to specify the source IP address when you use the ping-vpn-instance command to ping the CE connected with the peer PE. That is, you need to specify -a source-ip-address in the ping -vpn-instance vpn-instance-name -a sourceip-address dest-ip-address command; otherwise, the ping fails.
5.
Configure tunnel policies on PEs and apply the tunnel policies to VPN instances. # Configure tunnel policies in tunnel binding mode and apply them to vpna. # Configure PE1.
[PE1]tunnel-policy policy1 [PE1-tunnel-policy-policy1]tunnel binding destination 2.2.2.2 te tunnel1/0/2 [PE1-tunnel-policy-policy1] quit [PE1] ip vpn-instance vpna [PE1-vpn-instance-vpna] tnl-policy policy1 [PE1-vpn-instance-vpna] quit
# Configure PE2.
[PE2] tunnel-policy policy1 [PE2-tunnel-policy-policy1] tunnel binding destination 1.1.1.1 te tunnel1/0/2 [PE2-tunnel-policy-policy1] quit [PE2] ip vpn-instance vpna [PE2-vpn-instance-vpna] tnl-policy policy1 [PE2-vpn-instance-vpna] quit
# Configure tunnel policies in select-sequence mode and apply them to vpnb. # Configure PE1.
[PE1] tunnel-policy policy2 [PE1-tunnel-policy-policy2] tunnel select-seq cr-lsp lsp load-balance-number 2 [PE1-tunnel-policy-policy2] quit [PE1] ip vpn-instance vpnb [PE1-vpn-instance-vpnb] tnl-policy policy2 [PE1-vpn-instance-vpnb] quit
# Configure PE2.
[PE2] tunnel-policy policy2 [PE2-tunnel-policy-policy2] tunnel select-seq cr-lsp lsp load-balance-number 2 [PE2-tunnel-policy-policy2] quit [PE2] ip vpn-instance vpnb [PE2-vpn-instance-vpnb] tnl-policy policy2 [PE2-vpn-instance-vpnb] quit
6.
Issue 03 (2008-09-22)
1-31
# Configure PE2.
[PE2] bgp 100 [PE2-bgp] peer 1.1.1.1 as-number 100 [PE2-bgp] peer 1.1.1.1 connect-interface loopback 1 [PE2-bgp] ipv4-family vpnv4 [PE2-bgp-af-vpnv4] peer 1.1.1.1 enable [PE2-bgp-af-vpnv4] quit [PE2-bgp] ipv4-family vpn-instance vpna [PE2-bgp-af-vpna] import-route direct [PE2-bgp-af-vpna] quit [PE2-bgp] ipv4-family vpn-instance vpnb [PE2-bgp-af-vpnb] import-route direct [PE2-bgp-af-vpnb] quit [PE2-bgp] quit
After the configuration, run the display bgp peer or display bgp vpnv4 all peer command on a PE and you can view that the BGP peer relationships between PEs is set up and reaches the Established state. 7. Verify the configuration. Run the display ip routing-table vpn-instance command on a PE and you can view the route to the peer CE. Take PE1 as an example.
[PE1] display ip routing-table vpn-instance vpna Route Flags: R - relied, D - download to fib -----------------------------------------------------------------------------Routing Tables: vpna Destinations : 3 Routes : 3 Destination/Mask Proto Pre Cost Flags NextHop Interface 10.1.1.0/30 Direct 0 0 D 10.1.1.2 Pos2/0/0 10.1.1.2/32 Direct 0 0 D 127.0.0.1 InLoopBack0 10.3.1.0/30 BGP 255 0 RD 2.2.2.2 Tunnel1/0/2 [PE1] display ip routing-table vpn-instance vpnb Route Flags: R - relied, D - download to fib -----------------------------------------------------------------------------Routing Tables: vpnb Destinations : 3 Routes : 4 Destination/Mask Proto Pre Cost Flags NextHop Interface 10.2.1.0/30 Direct 0 0 D 10.2.1.2 Pos2/0/0 10.2.1.2/32 Direct 0 0 D 127.0.0.1 InLoopBack0 10.4.1.0/30 BGP 255 0 RD 2.2.2.2 Tunnel1/0/1 BGP 255 0 RD 2.2.2.2 Pos1/0/0
# Run the display ip routing-table vpn-instance verbose command on a PE and you can view the tunnel to transmit the VPN route. Take PE1 as an example:
[PE1] display ip routing-table vpn-instance vpna 10.3.1.0 verbose Routing Table : vpna Summary Count : 1 Destination: 10.3.1.0/30 Protocol: BGP Process ID: 0 Preference: 255 Cost: 0 NextHop: 2.2.2.2 Neighbour: 2.2.2.2 State: Active Adv GotQ Age: 00h00m08s Tag: 0 Priority: 0 Label: 109568 QoSInfo: 0x0 RelayNextHop: 0.0.0.0 Interface: Tunnel1/0/2 Tunnel ID: 0xc1010002
1-32
Issue 03 (2008-09-22)
[PE1] display ip routing-table vpn-instance vpnb 10.4.1.0 verbose Routing Table : vpnb Summary Count : 2 Destination: 10.4.1.0/30 Protocol: BGP Process ID: 0 Preference: 255 Cost: 0 NextHop: 2.2.2.2 Neighbour: 2.2.2.2 State: Active Adv GotQ Age: 01h02m27s Tag: 0 Priority: 0 Label: 107520 QoSInfo:0x0 RelayNextHop: 0.0.0.0 Interface: Tunnel1/0/1 Tunnel ID: 0xc1010003
The CEs in the same VPN can ping through each other while two CEs in different VPNs cannot ping through each other.
NOTE
The configurations of routing protocols between PE and CE are not mentioned here.
Configuration files
l
Issue 03 (2008-09-22)
1-33
interface Tunnel1/0/1 ip address unnumbered interface LoopBack1 tunnel-protocol mpls te destination 2.2.2.2 mpls te tunnel-id 11 mpls te bandwidth bc0 5000 mpls te commit # interface Tunnel1/0/2 ip address unnumbered interface LoopBack1 tunnel-protocol mpls te destination 2.2.2.2 mpls te tunnel-id 22 mpls te bandwidth bc0 10000 mpls te reserved-for-binding mpls te commit # bgp 100 peer 2.2.2.2 as-number 100 peer 2.2.2.2 connect-interface LoopBack1 # ipv4-family unicast undo synchronization peer 2.2.2.2 enable # ipv4-family vpnv4 policy vpn-target peer 2.2.2.2 enable # ipv4-family vpn-instance vpna import-route direct # ipv4-family vpn-instance vpnb import-route direct # ospf 1 opaque-capability enable area 0.0.0.0 network 100.1.1.0 0.0.0.3 network 1.1.1.1 0.0.0.0 mpls-te enable # tunnel-policy policy1 tunnel binding destination 2.2.2.2 te Tunnel1/0/2 # tunnel-policy policy2 tunnel select-seq cr-lsp lsp load-balance-number 2 # return l
1-34
Issue 03 (2008-09-22)
Issue 03 (2008-09-22)
1-35
tunnel-policy policy1 tunnel binding destination 1.1.1.1 te Tunnel1/0/2 # tunnel-policy policy2 tunnel select-seq cr-lsp lsp load-balance-number 2 # return l
Figure 1-3 Networking diagram of configuring Martini L2VPN using MPLS TE tunnels
Loopback1 1.1.1.9/32 POS1/0/0 POS1/0/0 100.1.1.1/24 100.1.1.2/24 Loopback1 2.2.2.9/32 Loopback1 3.3.3.9/32
P POS2/0/0
PE1
POS2/0/0
PE2
POS2/0/0
MPLS TE Tunnel
POS1/0/0 10.1.1.1/24
POS1/0/0 10.1.1.2/24
CE1
CE2
Configuration Roadmap
The configuration roadmap is as follows: 1. 2. Configure a routing protocol and enable MPLS on related devices (PEs and P) in the backbone network to implement interworking. Establish the MPLS TE tunnel and configure the tunnel policy. For the details of establishing an MPLS TE tunnel, refer to the chapter "MPLS TE Configuration" in the Quidway NetEngine80E/40E Router Configuration Guide - MPLS. Enable VLL on the PEs and establish VCs.
3.
Data Preparation
To complete the configuration, you need the following data:
l l l
OSPF area enabled with TE Name of the tunnel policy Number of tunnels involved in load balancing (if load balancing is not performed, the number of tunnels is 1)
Configuration Procedure
1. 2. Configure an IP address for each interface and configure OSPF in the backbone network. The configuration details are not mentioned here. Enable MPLS, MPLS TE, MPLS RSVP-TE, and MPLS CSPF. Enable MPLS, MPLS TE, and MPLS RSVP-TE in the system view and the interface view of each node along the tunnel, and enable MPLS CSPF in the system view of the ingress of the tunnel. # Configure PE1.
[PE1] mpls [PE1] mpls [PE1-mpls] [PE1-mpls] [PE1-mpls] [PE1-mpls] lsr-id 1.1.1.9 mpls te mpls rsvp-te mpls te cspf quit
Issue 03 (2008-09-22)
1-37
# Configure P.
[P] mpls lsr-id 2.2.2.9 [P] mpls [P-mpls] mpls te [P-mpls] mpls rsvp-te [P-mpls] quit [P] interface pos1/0/0 [P-Pos1/0/0] mpls [P-Pos1/0/0] mpls te [P-Pos1/0/0] mpls rsvp-te [P-Pos1/0/0] quit [P] interface pos2/0/0 [P-Pos2/0/0] mpls [P-Pos2/0/0] mpls te [P-Pos2/0/0] mpls rsvp-te [P-Pos2/0/0] quit
# Configure PE2.
[PE2] mpls lsr-id 3.3.3.9 [PE2] mpls [PE2-mpls] mpls te [PE2-mpls] mpls rsvp-te [PE2-mpls] mpls te cspf [PE2-mpls] quit [PE2] interface pos1/0/0 [PE2-Pos1/0/0] mpls [PE2-Pos1/0/0] mpls te [PE2-Pos1/0/0] mpls rsvp-te [PE2-Pos1/0/0] quit
3.
# Configure P.
[P] ospf [P-ospf-1] opaque-capability enable [P-ospf-1] area 0.0.0.0 [P-ospf-1-area-0.0.0.0] network 2.2.2.9 0.0.0.0 [P-ospf-1-area-0.0.0.0] network 100.1.1.0 0.0.0.255 [P-ospf-1-area-0.0.0.0] network 100.2.1.0 0.0.0.255 [P-ospf-1-area-0.0.0.0] mpls-te enable
# Configure PE2.
[PE2] ospf [PE2-ospf-1] opaque-capability enable [PE2-ospf-1] area 0.0.0.0 [PE2-ospf-1-area-0.0.0.0] network 3.3.3.9 0.0.0.0 [PE2-ospf-1-area-0.0.0.0] network 100.2.1.0 0.0.0.255 [PE2-ospf-1-area-0.0.0.0] mpls-te enable
4.
Configure the MPLS TE attributes of the links. Configure the maximum bandwidth and the maximum reservable bandwidth of the link on the interface of each router along the tunnel. # Configure PE1.
[PE1] interface pos 1/0/0
1-38
Issue 03 (2008-09-22)
[PE1-Pos1/0/0] mpls te max-link-bandwidth 100000 [PE1-Pos1/0/0] mpls te max-reservable-bandwidth 50000 [PE1-Pos1/0/0] quit
# Configure P.
[P] interface pos [P-Pos1/0/0] mpls [P-Pos1/0/0] mpls [P-Pos1/0/0] quit [P] interface pos [P-Pos2/0/0] mpls [P-Pos2/0/0] mpls [P-Pos2/0/0] quit 1/0/0 te max-link-bandwidth 100000 te max-reservable-bandwidth 50000 2/0/0 te max-link-bandwidth 100000 te max-reservable-bandwidth 50000
# Configure PE2.
[PE2] interface pos 1/0/0 [PE2-Pos1/0/0] mpls te max-link-bandwidth 100000 [PE2-Pos1/0/0] mpls te max-reservable-bandwidth 50000 [PE2-Pos1/0/0] quit
5.
Configure a tunnel interface. # Create the tunnel interface on the PEs, specify the tunnel protocol as MPLS TE and the signaling protocol as RSVP-TE, and specify the bandwidth. # Configure PE1.
<PE1> system-view [PE1] interface tunnel 1/0/0 [PE1-Tunnel1/0/0] ip address unnumbered interface loopback1 [PE1-Tunnel1/0/0] tunnel-protocol mpls te [PE1-Tunnel1/0/0] mpls te signal-protocol rsvp-te [PE1-Tunnel1/0/0] destination 3.3.3.9 [PE1-Tunnel1/0/0] mpls te tunnel-id 100 [PE1-Tunnel1/0/0] mpls te bandwidth 20000 [PE1-Tunnel1/0/0] mpls te commit
# Configure PE2.
<PE2> system-view [PE2] interface tunnel 1/0/0 [PE2-Tunnel1/0/0] ip address unnumbered interface loopback1 [PE2-Tunnel1/0/0] tunnel-protocol mpls te [PE2-Tunnel1/0/0] mpls te signal-protocol rsvp-te [PE2-Tunnel1/0/0] destination 1.1.1.9 [PE2-Tunnel1/0/0] mpls te tunnel-id 101 [PE2-Tunnel1/0/0] mpls te bandwidth 20000 [PE2-Tunnel1/0/0] mpls te commit
After the configuration, run the display this interface command in the tunnel interface view. You can view that the MPLS TE tunnel is established successfully. That is, Line protocol current state displays UP.
[PE1-Tunnel1/0/0] display this interface Tunnel1/0/0 current state : UP Line protocol current state : UP Description:HUAWEI, Quidway Series, Tunnel1/0/0 Interface Route Port,The Maximum Transmit Unit is 1500 Internet Address is unnumbered, using address of LoopBack1(1.1.1.9/32) Encapsulation is TUNNEL, loopback not set Tunnel destination 3.3.3.9 Tunnel up/down statistics 1 Tunnel protocol/transport MPLS/MPLS, ILM is available, primary tunnel id is 0x1002002, secondary tunnel id is 0x0 QoS max-bandwidth : 64 Kbps Output queue : (Urgent queue : Size/Length/Discards) 0/50/0 Output queue : (Protocol queue : Size/Length/Discards) 0/1000/0 Output queue : (FIFO queue : Size/Length/Discards) 0/256/0 300 seconds output rate 0 bytes/sec, 0 packets/sec 26 packets output, 396 bytes 0 output error
Issue 03 (2008-09-22)
1-39
6.
Establish LDP sessions. Establish a remote peer session between PE1 and PE2. # Configure PE1.
[PE1] mpls ldp [PE1-mpls-ldp] quit [PE1] mpls ldp remote-peer 3.3.3.9 [PE1-mpls-ldp-remote-3.3.3.9] remote-ip 3.3.3.9 [PE1-mpls-ldp-remote-3.3.3.9] quit
# Configure PE2.
[PE2] mpls ldp [PE2-mpls-ldp] quit [PE2] mpls ldp remote-peer 1.1.1.9 [PE2-mpls-ldp-remote-1.1.1.9] remote-ip 3.3.3.9 [PE2-mpls-ldp-remote-1.1.1.9] quit
After the configuration, LDP sessions are established between the PEs. Take the display on PE1 as an example:
[PE1] display mpls ldp session LDP Session(s) in Public Network -----------------------------------------------------------------------------Peer-ID Status LAM SsnRole SsnAge KA-Sent/Rcv -----------------------------------------------------------------------------3.3.3.9:0 Operational DU Passive 000:00:07 31/31 -----------------------------------------------------------------------------TOTAL: 1 session(s) Found. LAM : Label Advertisement Mode SsnAge Unit : DDD:HH:MM
7.
# Configure PE2.
[PE2] tunnel-policy policy1 [PE2-tunnel-policy-policy1] tunnel select-seq cr-lsp load-balance-number 1 [PE2-tunnel-policy-policy1] quit [PE2] mpls l2vpn [PE2-l2vpn] mpls l2vpn default martini [PE2-l2vpn] quit [PE2] interface pos2/0/0 [PE2-Pos2/0/0] mpls l2vc 1.1.1.9 100 tunnel-policy policy1 [PE2-Pos2/0/0] undo shutdown [PE2-Pos2/0/0] quit
# Configure CE1.
<CE1> interface pos1/0/0 [CE1-Pos1/0/0] ip address 10.1.1.1 24 [CE1-Pos1/0/0] undo shutdown [CE1-Pos1/0/0] quit
# Configure CE2.
<CE2> interface pos1/0/0 [CE2-Pos1/0/0] ip address 10.1.1.2 24
1-40
Issue 03 (2008-09-22)
l l
VC IDs on the two ends of the L2VC must be the same; otherwise, VC connections cannot be Up. The PE interface through which the CE accesses the PE need not be configured with an IP address.
8.
Verify the configuration. Run the display mpls forwarding-table command on PE1. You can view that the item Fec to 3.3.3.9/32 is in the MPLS forwarding table.
<PE1> display mpls forwarding-table Fec Outlabel Out-IF 3.3.3.9/32 13312 Pos1/0/0 Nexthop 100.1.1.2 LspIndex 4096
Run the display mpls lsp verbose command on PE1. You can view that an MPLS RSVPTE tunnel is established between 1.1.1.9 and 3.3.3.9. The LSP index of this tunnel is the same as the value in the MPLS forwarding table, which indicates that the local packets to 3.3.3.9 are forwarded through the MPLS TE tunnel.
<PE1> display mpls lsp verbose ---------------------------------------------------------------------LSP Information: RSVP LSP ---------------------------------------------------------------------No : 1 SessionID : 100 IngressLsrID : 1.1.1.9 LocalLspID : 1 Tunnel-Interface : Tunnel1/0/0 Fec : 3.3.3.9/32 Nexthop : 100.1.1.2 In-Label : NULL Out-Label : 13312 In-Interface : ---------Out-Interface : Pos1/0/0 LspIndex : 4096 Token : 0x1002002 LsrType : Ingress Bypass In Use : Not Exists Bypass Tunnel Id : 0x0 BypassTunnel : Tunnel Index[---] Mpls-Mtu : 1500 TimeStamp : 396sec Bfd-State : --No : 2 SessionID : 101 IngressLsrID : 3.3.3.9 LocalLspID : 1 Tunnel-Interface : Tunnel1/0/0 Fec : 1.1.1.9/32 Nexthop : ------In-Label : 3 Out-Label : NULL In-Interface : Pos1/0/0 Out-Interface : ---------LspIndex : 4097 Token : 0x0 LsrType : Egress Bypass In Use : Not Exists Bypass Tunnel Id : 0x0 BypassTunnel : Tunnel Index[---] Mpls-Mtu : -----TimeStamp : 394sec Bfd-State : -----------------------------------------------------------------------LSP Information: LDP LSP ----------------------------------------------------------------------
Issue 03 (2008-09-22)
1-41
Run the display mpls te tunnel-interface command on the PEs. You can view detailed information about the tunnel. Take the display on PE1 as an example:
<PE1> display mpls te tunnel-interface Tunnel Name : Tunnel1/0/0 Tunnel Desc : HUAWEI, Quidway Series, Tunnel1/0/0 Interface Tunnel State Desc : CR-LSP is Up Tunnel Attributes : LSP ID : 1.1.1.9:1 Session ID : 100 Admin State : UP Oper State : UP Ingress LSR ID : 1.1.1.9 Egress LSR ID: 3.3.3.9 Signaling Protocol : RSVP Resv Style : SE Class Type : CLASS 0 Tunnel BW : 20000 kbps Reserved BW : 20000 kbps Setup Priority : 7 Hold Priority: 7 Hop Limit : Secondary Hop Limit : BestEffort Hop Limit: Affinity Prop/Mask : 0x0/0x0 Explicit Path Name : Secondary Affinity Prop/Mask: 0x0/0x0 Secondary Explicit Path Name: BestEffort Affinity Prop/Mask: 0x0/0x0 Tie-Breaking Policy : None Metric Type : None Record Route : Disabled Record Label : Disabled FRR Flag : Disabled BackUpBW Flag: Not Supported BackUpBW Type : BackUpBW : Route Pinning : Disabled Retry Limit : 5 Retry Interval: 10 sec Reopt : Disabled Reopt Freq : Back Up Type : None Back Up LSPID : Auto BW : Disabled Auto BW Freq : Min BW : Max BW : Current Collected BW: Interfaces Protected: ACL Bind Value : VRF Bind Value : L2VPN Bind Value : Car Policy : Disabled Tunnel Group : Primary Primary Tunnel Sum : Primary Tunnel : Backup Tunnel : IPTN InLabel : Group Status : Up Oam Status : Up Bfd Capability : None BestEffort : Disabled IsBestEffortPath: Non-existent
<CE1> ping 10.1.1.2 PING 10.1.1.2: 56 data bytes, press CTRL_C to break Reply from 10.1.1.2: bytes=56 Sequence=1 ttl=255 time=125 ms Reply from 10.1.1.2: bytes=56 Sequence=2 ttl=255 time=125 ms Reply from 10.1.1.2: bytes=56 Sequence=3 ttl=255 time=94 ms Reply from 10.1.1.2: bytes=56 Sequence=4 ttl=255 time=125 ms Reply from 10.1.1.2: bytes=56 Sequence=5 ttl=255 time=125 ms --- 10.1.1.2 ping statistics --5 packet(s) transmitted 5 packet(s) received 0.00% packet loss round-trip min/avg/max = 94/118/125 ms
Configuration Files
l
Issue 03 (2008-09-22)
1-43
# ospf 1 opaque-capability enable area 0.0.0.0 network 1.1.1.9 0.0.0.0 network 100.1.1.0 0.0.0.255 mpls-te enable # tunnel-policy policy1 tunnel select-seq cr-lsp load-balance-number 1 # return l
Configuration file of P
# sysname P # mpls lsr-id 2.2.2.9 mpls mpls te mpls rsvp-te # interface Pos1/0/0 link-protocol ppp undo shutdown ip address 100.1.1.2 255.255.255.0 mpls mpls te mpls te max-link-bandwidth 100000 mpls te max-reservable-bandwidth 50000 mpls rsvp-te # interface Pos2/0/0 link-protocol ppp undo shutdown ip address 100.2.1.1 255.255.255.0 mpls mpls te mpls te max-link-bandwidth 100000 mpls te max-reservable-bandwidth 50000 mpls rsvp-te # interface LoopBack1 ip address 2.2.2.9 255.255.255.255 # ospf 1 opaque-capability enable area 0.0.0.0 network 2.2.2.9 0.0.0.0 network 100.1.1.0 0.0.0.255 network 100.2.1.0 0.0.0.255 mpls-te enable # return
1-44
Issue 03 (2008-09-22)
mpls ldp remote-peer 1.1.1.9 remote-ip 1.1.1.9 # interface Pos1/0/0 link-protocol ppp undo shutdown ip address 100.2.1.2 255.255.255.0 mpls mpls te mpls te max-link-bandwidth 100000 mpls te max-reservable-bandwidth 50000 mpls rsvp-te # interface Pos2/0/0 link-protocol ppp undo shutdown mpls l2vc 1.1.1.9 100 tunnel-policy policy1 # interface LoopBack1 ip address 3.3.3.9 255.255.255.255 # interface Tunnel1/0/0 ip address unnumbered interface LoopBack1 tunnel-protocol mpls te destination 1.1.1.9 mpls te tunnel-id 101 mpls te bandwidth bc0 20000 mpls te commit # ospf 1 opaque-capability enable area 0.0.0.0 network 3.3.3.9 0.0.0.0 network 100.2.1.0 0.0.0.255 mpls-te enable # tunnel-policy policy1 tunnel select-seq cr-lsp load-balance-number 1 # return l
1.8.3 Example for Configuring the Martini L2VPN Primary Tunnel Binding
Issue 03 (2008-09-22)
1-45
Networking Requirements
Figure 1-4 Networking diagram of configuring the Martini L2VPN primary tunnel binding
Backbone
Loopback1 2.2.2.9/32 POS1/0/0 100.2.1.2/24 Loopback1 1.1.1.9/32 POS3/0/0 100.1.1.1/24 GE1/0/0.1 Loopback1 4.4.4.9/32 GE1/0/0.1 10.1.1.2/24 GE2/0/0.1
VPNA
PE2
POS2/0/0 100.2.1.1/24 POS3/0/0 100.3.1.1/24
VLAN2
CE2
Site2
PE1 100.1.1.2/24 P
GE2/0/0.1
POS1/0/0
VLAN1
GE1/0/0.1 10.1.1.1/24
VLAN4
GE2/0/0.1 20.1.1.1/24
POS1/0/0 100.3.1.2/24
PE3
VPNA
GE1/0/0.1 20.1.1.2/24 GE2/0/0.1
VLAN3
Loopback1 3.3.3.9/32
CE3 Site3
Site1 CE1
VPNA
In Figure 1-4:
l l
Site 1, Site 2 and Site 3 belong to VPNA. Site 1, Site 2 and Site 3 access the backbone network as Virtual LANs (VLANs).
Configuring the Martini L2VPN Ensuring the bandwidth between Site1 and Site2 is 10 Mbit/s and that between Site1 and Site3 is 20 Mbit/s all along. Ensuring that the communication between Site1 and Site2 and that between Site1 and Site3 cannot interfere with each other.
Configuration Roadmap
The configuration roadmap is as follows: 1. 2. 3. 4. 5. Configure the TE tunnel. Configure the tunnel policy and binding the IP address of the peer with the tunnel. Adopt the tunnel policy when configuring the L2VC connection. Configure the sub-interfaces on CE and PE. Connect CE with the backbone network.
Data Preparation
To configure the Martini L2VPN tunnel binding, you need the following data:
1-46 Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd. Issue 03 (2008-09-22)
On a PE, specify different tunnel policies and TE tunnels for L2VPN services to the same destination.
Configuration Procedure
1. Realize the interworking between PEs. Configure the unicast routing protocol on the backbone network to realize the interworking between PEs. In this example, IS-IS is adopted. The process number is 1. Consider PE1 as an example. The configurations on PE2 and PE3 are similar to that on PE1 and are omitted. # Configure PE1.
<Quidway> system-view [Quidway] sysname PE1 [PE1] isis 1 [PE1-isis-1] network-entity 10.0000.0000.0000.0001.00 [PE1-isis-1] is-level level-2 [PE1-isis-1] quit [PE1] interface pos 3/0/0 [PE1-Pos3/0/0] isis enable 1 [PE1-Pos3/0/0] quit [PE1] interface loopback 1 [PE1-LoopBack1] isis enable 1 [PE1-LoopBack1] quit
# Configure P.
[Quidway] system-view [Quidway] sysname P [P] isis 1 [P-isis-1] network-entity 10.0000.0000.0000.0002.00 [P-isis-1] is-level level-2 [P-isis-1] quit [P] interface pos 1/0/0 [P-Pos1/0/0] isis enable 1 [P-Pos1/0/0] quit [P] interface pos 2/0/0 [P-Pos2/0/0] isis enable 1 [P-Pos2/0/0] quit [P] interface pos 3/0/0 [P-Pos3/0/0] isis enable 1 [P-Pos3/0/0] quit [P] interface loopback 1 [P-LoopBack1] isis enable 1 [P-LoopBack1] quit
After the configuration, running the display ip routing-table command in any view on PE, you can see that PEs learn the loopback address of their peers. Consider PE1as an example.
[PE1] display ip routing-table Route Flags: R - relied, D - download to fib -----------------------------------------------------------------------------Routing Tables: Public Destinations : 11 Routes : 11 Destination/Mask Proto Pre Cost Flags NextHop Interface 1.1.1.9/32 Direct 0 0 D 127.0.0.1 InLoopBack0 2.2.2.9/32 ISIS 15 20 D 100.1.1.2 Pos3/0/0 3.3.3.9/32 ISIS 15 20 D 100.1.1.2 Pos3/0/0 4.4.4.9/32 ISIS 15 10 D 100.1.1.2 Pos3/0/0 100.1.1.0/24 Direct 0 0 D 100.1.1.1 Pos3/0/0
Issue 03 (2008-09-22)
1-47
2.
Configure the basic MPLS capability. Establish the LDP remote peer and enable MPLS TE, RSVP-TE and CSPF. In this example, RSVP-TE is adopted as the signaling protocol. Enable MPLS TE and RSVP-TE globally on each PE and P along the TE tunnel. Configure CSPF on the ingress of the tunnel. The configurations on PE2 and PE3 are similar, and are not mentioned here. # Configure PE1.
[PE1] mpls lsr-id 1.1.1.9 [PE1] mpls [PE1-mpls] mpls te [PE1-mpls] mpls rsvp-te [PE1-mpls] mpls te cspf [PE1-mpls] quit [PE1] interface pos 3/0/0 [PE1-Pos3/0/0] mpls [PE1-Pos3/0/0] mpls te [PE1-Pos3/0/0] mpls rsvp-te [PE1-Pos3/0/0] quit [PE1] mpls ldp [PE1-mpls-ldp] quit [PE1] mpls ldp remote-peer 2.2.2.9 [PE1-mpls-ldp-remote-2.2.2.9] remote-ip 2.2.2.9 [PE1-mpls-ldp-remote-2.2.2.9] quit [PE1] mpls ldp remote-peer 3.3.3.9 [PE1-mpls-ldp-remote-3.3.3.9] remote-ip 3.3.3.9 [PE1-mpls-ldp-remote-3.3.3.9] quit
# Configure P.
[P] mpls lsr-id 4.4.4.9 [P] mpls [P-mpls] mpls te [P-mpls] mpls rsvp-te [P-mpls] quit [P] interface pos 1/0/0 [P-Pos1/0/0] mpls [P-Pos1/0/0] mpls te [P-Pos1/0/0] mpls rsvp-te [P-Pos1/0/0] quit [P] interface pos 2/0/0 [P-Pos2/0/0] mpls [P-Pos2/0/0] mpls te [P-Pos2/0/0] mpls rsvp-te [P-Pos2/0/0] quit [P] interface pos 3/0/0 [P-Pos3/0/0] mpls [P-Pos3/0/0] mpls te [P-Pos3/0/0] mpls rsvp-te [P-Pos3/0/0] quit
After the configuration, running the display mpls ldp session command on PE, you can see that the LDP remote peer is set up between PE1 and PE2. The LDP remote peer is also set up between PE1 and PE3. Consider PE1 as an example.
[PE1] display mpls ldp session LDP Session(s) in Public Network ------------------------------------------------------------------------Peer-ID Status LAM SsnRole SsnAge KA-Sent/Rcv -------------------------------------------------------------------------
1-48
Issue 03 (2008-09-22)
2.2.2.9:0 Operational DU Passive 000:00:00 4/4 3.3.3.9:0 Operational DU Passive 000:00:00 4/4 ------------------------------------------------------------------------LAM : Label Advertisement Mode SsnAge Unit : DDD:HH:MM
3.
Configure the IS-IS TE. Consider the configuration on PE1 as an example. The configurations on P, PE2 and PE3 are similar to that on PE1 and are not mentioned here. # Configure PE1.
[PE1] isis 1 [PE1-isis-1] cost-style wide [PE1-isis-1] traffic-eng level-2 [PE1-isis-1] quit
NOTE
l l
If this step is configured only on one end, the status of the remote session configured on the local end turns to Down. After the opposite end is configured with the IS-IS TE, the LDP session of the remote end will restore the Up state.
4.
Configure the MPLS TE attribute of the link. The maximum reservation bandwidth of the links that the TE tunnel passes by must be no smaller than the sum of all the TE tunnel bandwidth. The maximum link bandwidth must be no smaller than the maximum reservation bandwidth. Consider PE1 and P as examples. The configurations on PE2 and PE3 are similar to that on PE1 and are not mentioned here. # Configure PE1.
[PE1] interface pos 1/0/0 [PE1-Pos1/0/0] mpls te max-link-bandwidth 100000 [PE1-Pos1/0/0] mpls te max-reservable-bandwidth 80000 [PE1-Pos1/0/0] quit
# Configure P.
[P] interface pos [P-Pos1/0/0] mpls [P-Pos1/0/0] mpls [P-Pos1/0/0] quit [P] interface pos [P-Pos2/0/0] mpls [P-Pos2/0/0] mpls [P] interface pos [P-Pos3/0/0] mpls [P-Pos3/0/0] mpls 1/0/0 te max-link-bandwidth 100000 te max-reservable-bandwidth 80000 2/0/0 te max-link-bandwidth 100000 te max-reservable-bandwidth 80000 3/0/0 te max-link-bandwidth 100000 te max-reservable-bandwidth 80000
5.
Configure the MPLS TE explicit path. You can configure the MPLS TE path manually; that is, configure the MPLS TE explicit path. Consider the configuration of the explicit path on the MPLS TE tunnel on PE1 as an example. # Configure PE1.
[PE1] explicit-path PE1toPE2 [PE1-explicit-path-PE1toPE2] [PE1-explicit-path-PE1toPE2] [PE1-explicit-path-PE1toPE2] [PE1-explicit-path-PE1toPE2] [PE1] explicit-path PE1toPE3 [PE1-explicit-path-PE1toPE3] [PE1-explicit-path-PE1toPE3] [PE1-explicit-path-PE1toPE3] [PE1-explicit-path-PE1toPE3] next hop 100.1.1.2 next hop 100.2.1.2 next hop 2.2.2.9 quit next hop 100.1.1.2 next hop 100.3.1.2 next hop 3.3.3.9 quit
6.
Issue 03 (2008-09-22)
l l
The MPLS TE tunnel is unidirectional. If the two-way QoS of the TE tunnel is needed, configure MPLS TE tunnel on the PEs of the two ends of the tunnel.
Create two tunnel interfaces on PE1 and create one tunnel interface on PE2 and PE3 respectively. # Configure PE1.
[PE1] interface tunnel 1/0/0 [PE1-Tunnel1/0/0] ip address unnumbered interface loopback 1 [PE1-Tunnel1/0/0] tunnel-protocol mpls te [PE1-Tunnel1/0/0] destination 2.2.2.9 [PE1-Tunnel1/0/0] mpls te tunnel-id 100 [PE1-Tunnel1/0/0] mpls te signal-protocol rsvp-te [PE1-Tunnel1/0/0] mpls te path explicit-path PE1toPE2 [PE1-Tunnel1/0/0] mpls te bandwidth 10000 [PE1-Tunnel1/0/0] mpls te commit [PE1-Tunnel1/0/0] quit [PE1] interface tunnel 2/0/0 [PE1-Tunnel2/0/0] ip address unnumbered interface loopback 1 [PE1-Tunnel2/0/0] tunnel-protocol mpls te [PE1-Tunnel2/0/0] destination 3.3.3.9 [PE1-Tunnel2/0/0] mpls te tunnel-id 200 [PE1-Tunnel2/0/0] mpls te signal-protocol rsvp-te [PE1-Tunnel2/0/0] mpls te path explicit-path PE1toPE3 [PE1-Tunnel2/0/0] mpls te bandwidth 20000 [PE1-Tunnel2/0/0] mpls te commit [PE1-Tunnel2/0/0] quit
# Configure PE2.
[PE2] interface tunnel 1/0/0 [PE2-Tunnel1/0/0] ip address unnumbered interface loopback 1 [PE2-Tunnel1/0/0] tunnel-protocol mpls te [PE2-Tunnel1/0/0] destination 1.1.1.9 [PE2-Tunnel1/0/0] mpls te tunnel-id 100 [PE2-Tunnel1/0/0] mpls te signal-protocol rsvp-te [PE2-Tunnel1/0/0] mpls te bandwidth 10000 [PE2-Tunnel1/0/0] mpls te commit [PE2-Tunnel1/0/0] quit
# Configure PE3.
[PE3] interface tunnel 1/0/0 [PE3-Tunnel1/0/0] ip address unnumbered interface loopback 1 [PE3-Tunnel1/0/0] tunnel-protocol mpls te [PE3-Tunnel1/0/0] destination 1.1.1.9 [PE3-Tunnel1/0/0] mpls te tunnel-id 100 [PE3-Tunnel1/0/0] mpls te signal-protocol rsvp-te [PE3-Tunnel1/0/0] mpls te bandwidth 20000 [PE3-Tunnel1/0/0] mpls te commit [PE3-Tunnel1/0/0] quit
After the configuration mentioned above, run the display this interface command in tunnel interface view to check the TE tunnel. The state of the tunnel should be Up. Consider Tunnel 1/0/0 of PE1 as an example.
[PE1-Tunnel1/0/0] display this interface Tunnel1/0/0 current state : UP Line protocol current state : UP Description : HUAWEI, Quidway Series, Tunnel1/0/0 Interface, Route Port The Maximum Transmit Unit is 1500 bytes Internet Address is unnumbered, using address of LoopBack1(1.1.1.9/32) Encapsulation is TUNNEL, loopback not set Tunnel destination 2.2.2.9 Tunnel protocol/transport MPLS/MPLS, ILM is available, primary tunnel id is 0x1002001, secondary tunnel id is 0x0 The tunnelIfIndex is 0x4000205
1-50
Issue 03 (2008-09-22)
QoS max-bandwidth : 64 Kbps Output queue : (Urgent queue : Size/Length/Discards) 0/50/0 Output queue : (Protocol queue : Size/Length/Discards) 0/1000/0 Output queue : (FIFO queuing : Size/Length/Discards) 0/75/0 5 minutes output rate 0 bytes/sec, 0 packets/sec 0 packets output, 0 bytes 0 output error
7.
Configure the VPN tunnel binding. # Configure PE1 (to bind Tunnel1).
[PE1] mpls l2vpn [PE1-l2vpn] mpls l2vpn default martini [PE1-l2vpn] quit [PE1] interface tunnel 1/0/0 [PE1-Tunnel1/0/0] mpls te reserved-for-binding [PE1-Tunnel1/0/0] mpls te commit [PE1-Tunnel1/0/0] quit [PE1] tunnel-policy policy1 [PE1-tunnel-policy-policy1] tunnel binding destination 2.2.2.9 te tunnel1/0/0 [PE1-tunnel-policy-policy1] quit [PE1] interface gigabitethernet 1/0/0.1 [PE1-GigabitEthernet1/0/0.1] shutdown [PE1-GigabitEthernet1/0/0.1] vlan-type dot1q 1 [PE1-GigabitEthernet1/0/0.1] mpls l2vc 2.2.2.9 100 tunnel-policy policy1 [PE1-GigabitEthernet1/0/0.1] undo shutdown [PE1-GigabitEthernet1/0/0.1] quit
# Configure PE2.
[PE2] mpls l2vpn [PE2-l2vpn] mpls l2vpn default martini [PE2-l2vpn] quit [PE2] interface tunnel 1/0/0 [PE2-Tunnel1/0/0] mpls te reserved-for-binding [PE2-Tunnel1/0/0] mpls te commit [PE2-Tunnel1/0/0] quit [PE2] tunnel-policy policy1 [PE2-tunnel-policy-policy1] tunnel binding destination 1.1.1.9 te tunnel1/0/0 [PE2-tunnel-policy-policy1] quit [PE2] interface gigabitethernet 2/0/0.1 [PE2-GigabitEthernet2/0/0.1] shutdown [PE2-GigabitEthernet2/0/0.1] vlan-type dot1q 2 [PE2-GigabitEthernet2/0/0.1] mpls l2vc 1.1.1.9 100 tunnel-policy policy1 [PE2-GigabitEthernet2/0/0.1] undo shutdown [PE2-GigabitEthernet2/0/0.1] quit
# Configure PE3.
[PE3] mpls l2vpn [PE3-l2vpn] mpls l2vpn default martini [PE3-l2vpn] quit [PE3] interface tunnel 1/0/0 [PE3-Tunnel1/0/0] mpls te reserved-for-binding [PE3-Tunnel1/0/0] mpls te commit [PE3-Tunnel1/0/0] quit [PE3] tunnel-policy policy1
Issue 03 (2008-09-22)
1-51
[PE3-tunnel-policy-policy1] tunnel binding destination 1.1.1.9 te tunnel1/0/0 [PE3-tunnel-policy-policy1] quit [PE3] interface gigabitethernet 2/0/0.1 [PE3-GigabitEthernet2/0/0.1] shutdown [PE3-GigabitEthernet2/0/0.1] vlan-type dot1q 3 [PE3-GigabitEthernet2/0/0.1] mpls l2vc 1.1.1.9 200 tunnel-policy policy1 [PE3-GigabitEthernet2/0/0.1] undo shutdown [PE3-GigabitEthernet2/0/0.1] quit
8.
Connect CE with the backbone network. Consider CE1 as an example. The configurations on CE2 and CE3 are similar to that on CE1 and are omitted.
[CE1] interface gigabitethernet 1/0/0.1 [CE1-GigabitEthernet1/0/0.1] shutdown [CE1-GigabitEthernet1/0/0.1] vlan-type dot1q 1 [CE1-GigabitEthernet1/0/0.1] ip address 10.1.1.1 24 [CE1-GigabitEthernet1/0/0.1] undo shutdown [CE1-GigabitEthernet1/0/0.1] quit [CE1] interface gigabitethernet 2/0/0.1 [CE1-GigabitEthernet2/0/0.1] vlan-type dot1q 4 [CE1-GigabitEthernet2/0/0.1] ip address 20.1.1.1 24 [CE1-GigabitEthernet2/0/0.1] undo shutdown [CE1-GigabitEthernet2/0/0.1] quit
9.
Verify the configuration. Check the VC state on PE1. The state of each VC is Up.
[PE1] display mpls l2vc Total ldp vc : 2 2 up 0 down *Client Interface : gigabitethernet 1/0/0.1 Session State : up AC Status : up VC State : up VC ID : 100 VC Type : ppp Destination : 2.2.2.9 Local VC Label : 17408 Remote VC Label : 17409 Control Word : Disable Local VC MTU : 1500 Remote VC MTU : 1500 Tunnel Policy Name : policy1 Traffic Behavior Name: -PW Template Name : -Create time : 0 days, 0 hours, 7 minutes, UP time : 0 days, 0 hours, 7 minutes, Last change time : 0 days, 0 hours, 7 minutes, *Client Interface : gigabitethernet 2/0/0.1 Session State : up AC Status : up VC State : up VC ID : 200 VC Type : ppp Destination : 3.3.3.9 Local VC Label : 17409 Remote VC Label : 17408 Control Word : Disable Local VC MTU : 1500 Remote VC MTU : 1500 Tunnel Policy Name : policy1 Traffic Behavior Name: -PW Template Name : -Create time : 0 days, 0 hours, 2 minutes, UP time : 0 days, 0 hours, 0 minutes, Last change time : 0 days, 0 hours, 0 minutes,
Check information about the tunnel interface. Consider Tunnel 1/0/0 as an example.
1-52 Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd. Issue 03 (2008-09-22)
[PE1] display interface Tunnel 1/0/0 Tunnel1/0/0 current state : UP Line protocol current state : UP Description : HUAWEI, Quidway Series, Tunnel1/0/0 Interface, Route Port The Maximum Transmit Unit is 1500 bytes Internet Address is unnumbered, using address of LoopBack1(1.1.1.9/32) Encapsulation is TUNNEL, loopback not set Tunnel destination 2.2.2.9 Tunnel protocol/transport MPLS/MPLS, ILM is available, primary tunnel id is 0x1002043, secondary tunnel id is 0x0 The tunnelIfIndex is 0x4000385 QoS max-bandwidth : 64 Kbps Output queue : (Urgent queue : Size/Length/Discards) 0/50/0 Output queue : (Protocol queue : Size/Length/Discards) 0/1000/0 Output queue : (FIFO queuing : Size/Length/Discards) 0/75/0 5 minutes output rate 0 bits/sec, 0 packets/sec 0 packets output, 0 bytes 0 packets output dropped
CE1 can ping CE2 and CE3. Check information about Tunnel 1/0/0 again.
[PE1] display interface Tunnel 1/0/0 Tunnel1/0/0 current state : UP Line protocol current state : UP Description : HUAWEI, Quidway Series, Tunnel1/0/0 Interface, Route Port The Maximum Transmit Unit is 1500 bytes Internet Address is unnumbered, using address of LoopBack1(1.1.1.9/32) Encapsulation is TUNNEL, loopback not set Tunnel destination 2.2.2.9 Tunnel protocol/transport MPLS/MPLS, ILM is available, primary tunnel id is 0x1002043, secondary tunnel id is 0x0 The tunnelIfIndex is 0x4000385 QoS max-bandwidth : 64 Kbps Output queue : (Urgent queue : Size/Length/Discards) 0/50/0 Output queue : (Protocol queue : Size/Length/Discards) 0/1000/0 Output queue : (FIFO queuing : Size/Length/Discards) 0/75/0 5 minutes output rate 2952 bits/sec, 2 packets/sec 48739720 packets output, 361150 bytes 0 packets output dropped
The output shows that the packets pass through Tunnel 1/0/0 increases. Run the ping 20.1.1.2 command on CE1 to check the interface information about Tunnel 1/0/0. The statistics of packets remain unchanged, because Tunnel 1/0/0 is only used to transmit the data of PE1 and PE2.
Configuration files
l
Issue 03 (2008-09-22)
1-53
next hop 3.3.3.9 # mpls ldp # mpls ldp remote-peer 2.2.2.9 remote-ip 2.2.2.9 # mpls ldp remote-peer 3.3.3.9 remote-ip 3.3.3.9 # isis 1 is-level level-2 cost-style wide network-entity 10.0000.0000.0000.0001.00 traffic-eng level-2 # interface Pos1/0/0 link-protocol ppp ip address 100.1.1.1 255.255.255.0 isis enable 1 mpls mpls te mpls te max-link-bandwidth 100000 mpls te max-reservable-bandwidth 80000 mpls rsvp-te # interface GigabitEthernet1/0/0.1 undo shutdown mpls l2vc 2.2.2.9 100 tunnel-policy policy1 # interface GigabitEthernet2/0/0.1 undo shutdown vlan-type dot1q 4 mpls l2vc 3.3.3.9 200 tunnel-policy policy2 # interface LoopBack1 ip address 1.1.1.9 255.255.255.255 isis enable 1 # interface Tunnel1/0/0 ip address unnumbered interface LoopBack1 tunnel-protocol mpls te destination 2.2.2.9 mpls te tunnel-id 100 mpls te bandwidth bc0 10000 mpls te path explicit-path pe1tope2 mpls te reserved-for-binding mpls te commit # interface Tunnel2/0/0 ip address unnumbered interface LoopBack1 tunnel-protocol mpls te destination 3.3.3.9 mpls te tunnel-id 200 mpls te bandwidth bc0 20000 mpls te path explicit-path pe1tope3 mpls te reserved-for-binding mpls te commit # tunnel-policy policy1 tunnel binding destination 2.2.2.9 te tunnel1/0/0 # tunnel-policy policy2 tunnel binding destination 3.3.3.9 te tunnel2/0/0 # return l
Configuration file of P
# sysname P
1-54
Issue 03 (2008-09-22)
Issue 03 (2008-09-22)
1-55
# interface Pos1/0/0 link-protocol ppp ip address 100.2.1.2 255.255.255.0 isis enable 1 mpls mpls te mpls te max-link-bandwidth 100000 mpls te max-reservable-bandwidth 80000 mpls rsvp-te # interface GigabitEthernet2/0/0.1 undo shutdown vlan-type dot1q 2 mpls l2vc 1.1.1.9 100 tunnel-policy policy1 # interface LoopBack1 ip address 2.2.2.9 255.255.255.255 isis enable 1 # interface Tunnel1/0/0 ip address unnumbered interface LoopBack1 tunnel-protocol mpls te destination 1.1.1.9 mpls te tunnel-id 100 mpls te bandwidth bc0 10000 mpls te reserved-for-binding mpls te commit # tunnel-policy policy1 tunnel binding destination 1.1.1.9 te tunnel1/0/0 # return l
1-56
Issue 03 (2008-09-22)
mpls l2vc 1.1.1.9 200 tunnel-policy policy1 # interface LoopBack1 ip address 3.3.3.9 255.255.255.255 isis enable 1 # interface Tunnel1/0/0 ip address unnumbered interface LoopBack1 tunnel-protocol mpls te destination 1.1.1.9 mpls te tunnel-id 100 mpls te bandwidth bc0 20000 mpls te reserved-for-binding mpls te commit # tunnel-policy policy1 tunnel binding destination 1.1.1.9 te tunnel1/0/0 # return l
Issue 03 (2008-09-22)
1-57
2 GRE Configuration
2
About This Chapter
GRE Configuration
This chapter describes the principle, application, and configuration of the GRE protocol. 2.1 Introduction This section describes the principle and concepts of the Generic Routing Encapsulation (GRE). 2.2 Configuring a GRE Tunnel This section describes how to configure a GRE tunnel. 2.3 Configuring a GRE Tunnel Between CE and PE This section describes how to configure a GRE tunnel between a CE and a PE. 2.4 Configuring the Keepalive Function This section describes how to configure the Keepalive function. 2.5 Configuration Examples This section provides several configuration examples for the GRE protocol.
Issue 03 (2008-09-22)
2-1
2 GRE Configuration
2.1 Introduction
This section describes the principle and concepts of the Generic Routing Encapsulation (GRE). 2.1.1 GRE 2.1.2 GRE Features Supported by the NE80E/40E
2.1.1 GRE
GRE indicates the encapsulation of the packets of certain network layer protocols, such as IP and Internetwork Packet Exchange (IPX). After the encapsulation, these packets can be transmitted according to another network layer protocol, such as IP. GRE can serve as a Layer 3 tunneling protocol for VPNs. A tunnel is a virtual point-to-point connection. In addition, a tunnel can also be considered as a virtual interface that only supports point-to-point connection, which provides a path to transmit the encapsulated datagram. GRE encapsulates and decapsulates the datagram at both ends of the tunnel.
NOTE
The implementation of GRE in the NE80E/40E depends on the Tunnel Service Unit(TSU). For details, refer to the Quidway NetEngine80E/40E Router Hardware Description - Boards.
CPE-based VPN: Both ends of a GRE tunnel are on the customer edge (CE) devices, as shown in Figure 2-1. Figure 2-1 GRE in CPE-based VPN
Network-based VPN: Both ends of a GRE tunnel are on the provider edge (PE) devices, as shown in Figure 2-2.
Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd. Issue 03 (2008-09-22)
2-2
2 GRE Configuration
VPN site1
In general, an MPLS VPN backbone network uses the label switch path (LSP) as the public tunnel. When the core device on the backbone network (the P device) only provides IP functions and does not have MPLS functions, the PE devices have the MPLS functions. In this situation, the LSP cannot be used as the public tunnel, and is replaced with the GRE tunnel. The GRE tunnel provides Layer 3 or Layer 2 VPN solutions on the backbone network. Figure 2-3 shows the format of a private packet that is transmitted on the VPN backbone network. Figure 2-3 Format of GRE packet that contains the MPLS label
Public network IP header GRE header MPLS label Private network IP header Payload
VPN Site
MPLS network PE CE
VPN Site
When the CE is not directly connected to the PE, create a logically direct connection to enable the CE to access the VPN. Create a GRE tunnel between the CE and the PE. In such a networking, on the PE, bind the VPN with the GRE tunnel between the PE and the CE. The GRE tunnel acts as a physical interface. When the GRE tunnel is used to access an MPLS VPN, the configuration of PEs involves the following three cases:
Issue 03 (2008-09-22) Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd. 2-3
2 GRE Configuration
l
The source interface of the GRE tunnel is bound to the VPN instance. The destination address of the GRE tunnel belongs to this VPN instance. The GRE tunnel is bound to the VPN instance. However, the source and destination addresses of the GRE tunnel do not belong to the VPN instance. The GRE tunnel is bound to a VPN instance (such as VPN1). The source interface of the GRE tunnel is bound to another VPN instance (such as VPN2). The GRE tunnel needs to traverse VPN2.
In the first case, the source and the destination addresses of the GRE tunnel are private network addresses. In applications, it is of no use creating a tunnel to a PE in a private network. Therefore, the first case does not exist in actual networks. The following sections cover the configuration procedures and examples in the second and third cases.
Keepalive Function
GRE cannot detect the link status. If the remote interface is unreachable, the tunnel cannot disconnect the tunnel link in time. Therefore, the source interface keeps on sending data to the remote interface, but the remote keeps on discarding all packets. Then, the "black hole" appears. The GRE keepalive function allows GRE tunnel to detect the tunnel status. Once the remote end is unreachable, the tunnel is disconnected to avoid the "black hole". After the Keepalive function is enabled on the source end of the GRE tunnel, a timer is created to periodically send Keepalive probe packets. At the same time, the retry times counting is started. Each time a probe packet is sent, the retry time is increased by one. After receiving a probe packet, the remote end sends a response packet to the source end. If the source end receives a response packet before the counter reaches the preset value, the remote end is reachable. If the counter on the source end reaches the preset value, the retry times, but the source end does not receive the response packet, the remote end is unreachable. If so, the tunnel connection is disabled on the source end.
Other Features
GRE provides two types of simple security mechanisms:
l
Checksum authentication that implements end-to-end authentication for encapsulated packets Key authentication that authenticates packets on the tunnel interface
The Generic Routing Encapsulation (GRE) of RFC 1701 stipulates that: If the checksum bit exists in the GRE header, the checksum is valid. The sender calculates the checksum based on the GRE header and the payload and sends the checksum packet to the remote side. The receiver,
2-4 Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd. Issue 03 (2008-09-22)
2 GRE Configuration
on the other hand, calculates the checksum of the received packet and compares the checksum with that in the packet. If the two checksums are the same, the packet is forwarded. Otherwise, the packet is discarded. Based on the requirements, you can decide whether the checksum should be configured and triggered on both ends of a tunnel. If the checksum is configured on the local end but not on the remote end, the local end does not check the checksum of the received packets. If the checksum is configured on the remote end but not on the local end, the local end checks the checksum of the packets from the remote end. The RFC 1701 also stipulates that: If the key bit exists in the GRE header, the sender and the receiver implements key authentication on the tunnel. Only when the key is configured the same on both ends of a tunnel, the authentication succeeds. Otherwise, the packet is discarded.
NOTE
Pre-configuration Tasks
Before setting up a GRE tunnel, you need ensure the IP connectivity between the source interface and the destination interface.
Data Preparation
To set up a GRE tunnel, you need the following data. No. 1
Issue 03 (2008-09-22)
2 GRE Configuration
No. 2 3 4
Data Source address and destination address of the tunnel IP address of the tunnel interface Key of the tunnel interface
Procedure
Step 1 Run:
system-view
A loopback interface is created and the loopback interface view is displayed. Step 3 Run:
ip address ip-address { mask | mask-length }
The IP address is set for the loopback interface. For the loopback interface that acts as the source interface of the GRE tunnel, the IP address must be a 32-bit IP address of the host. Otherwise, the GRE tunnel cannot be set up. Step 4 Run:
target-board slot-number
The mapping from the interface to the tunnel service unit is set. Step 5 Run:
binding tunnel gre
Postrequisite
After a loopback interface is created, you need to configure IP address for the interface, configure the mapping from the interface to the tunnel service unit and bind the GRE protocol on the interface. In this manner, when a packet to the loopback interface is received, the packet is directly sent to the tunnel service unit.
2-6 Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd. Issue 03 (2008-09-22)
2 GRE Configuration
Procedure
Step 1 Run:
system-view
When creating a tunnel interface for a GRE tunnel, you need ensure that the slot number of the tunnel interface is the same as that of the TSU, which is bound to the loopback interface that serves as the source interface of the tunnel.
Step 3 Run:
tunnel-protocol gre
The source address or source interface of the tunnel is configured. You can use the loopback interface-number command or the loopback source-ip-address command to specify the source address of a GRE tunnel. The source address, however, must be the address of the loopback interface bound to the TSU. You can run the target-board command to bind the loopback interface with the TSU. Step 5 Run:
destination [ vpn-instance vpn-instance-name ] ip-address
The destination address of the tunnel is configured. After a tunnel interface is created, you need to specify the source and destination addresses of the tunnel. The source address is the address of the loopback interface that sends the GRE packets, while the destination address is the IP address of the loopback interface that receives the GRE packets. Step 6 (Optional) Run:
mtu mtu-value
The Maximum Transmission Unit (MTU) of the tunnel interface can be modified. The new MTU takes effect only after you run the shutdown and the undo shutdown commands in succession on the interface. Step 7 Choose one of the following commands to configure the IP address of the tunnel interface.
Issue 03 (2008-09-22) Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd. 2-7
2 GRE Configuration
l
Run the ip address ip-address { mask | mask-length } [ sub ] command to configure the IP address of the tunnel interface. Run the ip address unnumbered interface interface-type interface-number command to configure IP unnumbered for the tunnel interface.
To support dynamic routing protocols on a tunnel, you must configure a network address for the tunnel interface. The network address of the tunnel interface may not be a public address, but should be in the same network segment on both ends of the tunnel. By default, the network address of the tunnel interface is not set. ----End
The packets encapsulated with GRE are forwarded correctly only if the routes passing through the tunnel are available on both the source and destination routers.
Procedure
Step 1 Run:
system-view
The system view is displayed. Step 2 Choose one of the following methods to configure routes passing through the tunnel interface.
l
Run the ip route-static dest-ip-address { mask | mask-length } tunnel interface-number [ description text ] command to configure a static route. Configure the static route on both ends of the tunnel. In this command, the destination address is neither the destination address of the tunnel nor the address of the opposite tunnel interface, but the destination address of the packet that is not encapsulated with GRE. The outgoing interface must be the local tunnel interface.
Configure dynamic routes using IGP or BGP. The detailed procedure is not mentioned here. When configuring a dynamic routing protocol, enable the dynamic routing protocol on both the tunnel interface and the interface connected to the private network. To ensure proper routing, do not choose the tunnel interface as the next hop when configuring the route to the physical or logical interface of the destination tunnel. In practical configurations, different routing protocols or different processes of the same routing protocol should be used for tunnel interfaces and physical interfaces connected to the public network. In this manner, you can avoid selecting a tunnel interface as an outbound interface for packets destined for the destination of the tunnel. In addition, you can avoid a physical interface from forwarding user packets that should be forwarded by the tunnel.
----End
2 GRE Configuration
Context
Do as follows on routers on two ends of a tunnel.
Procedure
Step 1 Run:
system-view
The system view is displayed. Step 2 Run: interface tunnel interface-number The tunnel interface view is displayed. Step 3 Run:
gre key key-number
The key is set for the tunnel interface. If keys are set for tunnel interfaces on two ends of the tunnel, ensure they have the same key number. Alternatively, you may not set the keys for tunnel interfaces on two ends of the tunnel. By default, the key is not configured. ----End
Run the display interface tunnel command. If the tunnel interface is Up, it means the configuration succeeds. For example:
<Quidway> display interface Tunnel 1/0/0 Tunnel1/0/0 current state : UP Line protocol current state : UP Description : HUAWEI, Quidway Series, Tunnel1/0/0 Interface The Maximum Transmit Unit is 1500 bytes Internet Address is 40.1.1.1/24 Encapsulation is TUNNEL, loopback not set Tunnel source 20.1.1.1 (LoopBack1), destination 30.1.1.2 Tunnel protocol/transport GRE/IP, key disabled keepalive disabled Checksumming of packets disabled QoS max-bandwidth : 64 Kbps
Issue 03 (2008-09-22)
2-9
2 GRE Configuration
Run the display ip routing-table command. If the route transmitted through the tunnel interface exists in the routing table, it means the configuration succeeds. For example:
[Quidway] display ip routing-table Route Flags: R - relied, D - download to fib -----------------------------------------------------------------------------Routing Tables: Public Destinations : 11 Routes : 11 Destination/Mask Proto Pre Cost Flags NextHop Interface 10.1.1.0/24 Direct 0 0 D 10.1.1.2 GigabitEthernet2/0/0 10.1.1.2/32 Direct 0 0 D 127.0.0.1 InLoopBack0 10.2.1.0/24 Static 60 0 D 40.1.1.1 Tunnel1/0/1 20.1.1.0/24 Direct 0 0 D 20.1.1.1 Pos1/0/0 20.1.1.1/32 Direct 0 0 D 127.0.0.1 InLoopBack0 20.1.1.2/32 Direct 0 0 D 20.1.1.2 Pos1/0/0 30.1.1.0/24 OSPF 10 2 D 20.1.1.2 Pos1/0/0 40.1.1.0/24 Direct 0 0 D 40.1.1.1 Tunnel1/0/1 40.1.1.1/32 Direct 0 0 D 127.0.0.1 InLoopBack0 127.0.0.0/8 Direct 0 0 D 127.0.0.1 InLoopBack0 127.0.0.1/32 Direct 0 0 D 127.0.0.1 InLoopBack0
Run the ping -a source-ip-address dest-ip-address command, and you can find that the ping from the local tunnel interface to the destination tunnel succeeds.
A CE interconnects with a PE through the public network. A CE interconnects with a PE through the VPN of a second carrier.
Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd. Issue 03 (2008-09-22)
2-10
2 GRE Configuration
Pre-configuration Tasks
Before configuring a GRE tunnel between a CE and a PE, complete the following tasks:
l l l
Assigning IP addresses for interfaces on the CE and PE Configuring the routes between the CE and PE Configuring the VPN that the GRE tunnel needs to pass through
Data Preparation
To configure a GRE tunnel between a CE and a PE, you need the following data. No. 1 2 3 4 5 Data Number of the GRE tunnel interface specified on the CE Source address and destination address of the GRE tunnel interface specified on the CE Number of the GRE tunnel interface specified on the PE Source address and destination address of the GRE tunnel interface specified on the PE Name of the VPN that the GRE tunnel needs to pass through
Procedure
Step 1 Run:
system-view
A loopback interface is created and the loopback interface view is displayed. Step 3 Run:
ip address ip-address { mask | mask-length }
2 GRE Configuration
Step 5 Run:
binding tunnel gre
The tunnel interface is created and the tunnel interface view is displayed. Step 7 Run:
tunnel-protocol gre
The source address or source interface of the tunnel interface is configured. The source address of the tunnel is the address of the specified loopback interface. In addition, the source address of the tunnel specified on the CE and the destination address of the tunnel specified on the PE should be the same. The destination address of the tunnel specified on the CE and the source address of the tunnel specified on the PE should be the same. Step 9 Run:
destination ip-address
The destination address of the tunnel interface is configured. Step 10 (Optional) Run:
mtu mtu-value
The MTU of the interface can be modified. The new MTU takes effect only after you run the shutdown and the undo shutdown commands in succession on the interface. Step 11 Choose one of the following commands to configure the IP address of the tunnel interface.
l
Run the ip address ip-address { mask | mask-length } [ sub ] command to configure the IP address of the tunnel interface. Run the ip address unnumbered interface interface-type interface-number command to configure IP unnumbered for the tunnel interface.
----End
Procedure
Step 1 Run:
system-view
2 GRE Configuration
Step 2 Run:
interface loopback number
A loopback interface is created and the loopback interface view is displayed. Step 3 Run:
ip address ip-address { mask | mask-length }
The mapping between the interface and the TSU is set. Step 5 Run:
binding tunnel gre
The tunnel interface is created and the tunnel interface view is displayed. Step 7 Run:
tunnel-protocol gre
The source address or source interface of the tunnel interface is configured. The source address of the tunnel is the address of the specified loopback interface. In addition, the source address of the tunnel specified on the CE and the destination address of the tunnel specified on the PE should be the same. The destination address of the tunnel specified on the CE and the source address of the tunnel specified on the PE should be the same. Step 9 Run:
destination [ vpn-instance vpn-instance-name ] ip-address
The destination address of the tunnel interface is configured. If the tunnel passes through another VPN, specify the parameter vpn-instance vpn-instancename. If the tunnel passes through the public network, the parameter is not required. Step 10 (Optional) Run:
mtu mtu-value
The MTU of the interface can be modified. The new MTU takes effect only after you run the shutdown and the undo shutdown commands in succession on the interface. ----End
2 GRE Configuration
Context
Do as follows on the router.
Procedure
Step 1 Run:
system-view
The tunnel interface is created and the tunnel interface view is displayed. Step 3 Run:
ip binding vpn-instance vpn-instance-name
Bind the tunnel with the VPN instance. Step 4 Choose one of the following commands to configure the IP address of the tunnel interface.
l
Run the ip address ip-address { mask | mask-length } [ sub ] command to configure the IP address of the tunnel interface. Run the ip address unnumbered interface interface-type interface-number command to configure the IP unnumbered address of the tunnel interface.
----End
Run the display interface tunnel command. If the tunnel interface is Up, it means the configuration succeeds. Take the PE as an example:
<Quidway> display interface Tunnel 1/0/0 Tunnel1/0/0 current state : UP Line protocol current state : UP Description : HUAWEI, Quidway Series, Tunnel1/0/0 Interface The Maximum Transmit Unit is 1500 bytes Internet Address is 40.1.1.1/24 Encapsulation is TUNNEL, loopback not set
2-14
Issue 03 (2008-09-22)
2 GRE Configuration
Tunnel source 20.1.1.1 (loopback1), destination 30.1.1.2 Tunnel protocol/transport GRE/IP, key disabled keepalive disabled Checksumming of packets disabled QoS max-bandwidth : 64 Kbps 300 seconds input rate 31776024 bytes/sec, 31776152 packets/sec 300 seconds output rate 31776024 bytes/sec, 31776152 packets/sec 511 packets input, 46339 bytes 0 input error 508 packets output, 46015 bytes 0 output error
Source Router A
Destination Router B
Pre-configuration Tasks
Before configuring the Keep-alive function, complete the following tasks:
l l l
Configuring the link layer attributes of the interfaces Assigning the IP addresses for the interfaces Establishing the GRE tunnel and keeping the tunnel up
Data Preparation
To configure the Keep-alive function, you need the following data. No. 1
Issue 03 (2008-09-22)
2 GRE Configuration
No. 2
Procedure
Step 1 Run:
system-view
The Keep-alive function is enabled. The Keep-alive function of a GRE tunnel is unidirectional. To provide the Keep-alive function on both ends, you must enable the Keep-alive function on both ends of a GRE tunnel. One end can be configured with the Keep-alive function regardless of whether the peer supports the Keepalive function or not. It is recommended to enable the Keep-alive function on both ends of a tunnel.
TIP
Before configuring the tunnel policy and the GRE tunnel for the VPN, enable the Keep-alive function for the GRE tunnel. In this manner, the VPN does not select the unreachable GRE tunnel at the remote end, and the data loss can be avoided. The reasons for enabling the Keep-alive function are as below:
l l
If the Keep-alive function is not enabled, the local tunnel interface may still be Up regardless of whether data reaches the remote end. If the Keep-alive function is enabled on the local end, the local tunnel interface is set Down when the remote end is unreachable. Therefore, in cast that the remote end is not reachable, the VPN does not select the unreachable GRE tunnel and the data is not lost.
----End
2-16
Issue 03 (2008-09-22)
2 GRE Configuration
CAUTION
Debugging affects the performance of the system. Therefore, after the debugging, execute the undo debugging all command to disable it immediately. For the procedure of displaying the debugging information, refer to the chapter "Maintenance and Debugging" in the Quidway NetEngine80E/40E Router Configuration Guide - System Management. Run the following command to check the previous configuration. Action Check the Keep-alive packets and keep-alive response packets sent and received by the GRE tunnel interface. Check the Keep-alive function of GRE tunnel. Command display keepalive packets count
Run the display keepalive packets count command on the tunnel interface that is enabled with the Keep-alive function, and you can find the number of sent Keep-alive packets and received Keep-alive response packets on both the local end and the remote end. If the Keep-alive function is successfully configured on the local tunnel interface, the number of Keep-alive packets or Keep-alive response packets sent and received by the local end is not 0.
[Quidway-Tunnel1/0/0] display keepalive packets count Send 34 keepalive packets to peers, Receive 34 keepalive response packets from peers Receive 0 keepalive packets from peers, Send 0 keepalive response packets to peers
Run the debugging tunnel keepalivecommand. If the configuration succeeds, you can view information similar to the following example:
<Quidway> debugging tunnel keepalive *0.21628063 RouterA TUNNEL/7/debug:GRE_KEEP:Judge keepalive finished. Keepalive packet from peer router. *0.21628064 RouterA TUNNEL/7/debug:GRE_FWD: Receive peer keepalive on mainboard successfully. Put into decapsulation. *0.21628064 RouterA TUNNEL/7/debug:Slot=1;GRE_KEEP:Judge keepalive finished. Ke epalive packet from peer router. *0.21628064 RouterA TUNNEL/7/debug:Slot=1;GRE_FWD: IO board received keepalive packet, resend to mainboard.
2 GRE Configuration
RouterA
GE2/0/0 10.1.1.2/24
Tunnel
Tunnel5/0/1 40.1.1.1/24 Tunnel5/0/1 40.1.1.2/24
RouterC
GE2/0/0 10.2.1.2/24
PC1
10.1.1.1/24
PC2
10.2.1.1/24
Configuration Roadmap
The configuration roadmap is as follows: 1. 2. Configure dynamic routing protocols on the routers to implement interconnection between routers. Configure the loopback interfaces of the tunnel on Router A and Router C. Specify the source and destination addresses of a tunnel when the tunnel interface is created. Note that the source address of the tunnel is the IP address of the loopback interface that sends the packets; the destination address of the tunnel is the IP address of the loopback interface that receives the packets. Configure static routes from Router A and Router C to PC1 and PC2 respectively to transmit the traffic between PC1 and PC2 through the GRE tunnel. The outbound interface is the tunnel interface of the local end.
3.
Data Preparation
To complete the configuration, you need the following data:
2-18 Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd. Issue 03 (2008-09-22)
2 GRE Configuration
Data for running OSPF Loopback interfaces on both ends of the tunnel Source and destination addresses of the GRE tunnel IP addresses of the tunnel interfaces on both ends
Configuration Procedure
1. Assign an IP address to each interface. Configure the IP address to each physical and loopback interface as shown in Figure 2-6. Run the undo shutdown command to change each physical interface to Up. The details of the configuration are not mentioned here. 2. Configure an IGP on the VPN backbone network. # Configure Router A.
[RouterA] ospf 1 [RouterA-ospf-1] area 0 [RouterA-ospf-1-area-0.0.0.0] network 20.1.1.0 0.0.0.255 [RouterA-ospf-1-area-0.0.0.0] network 1.1.1.9 0.0.0.0 [RouterA-ospf-1-area-0.0.0.0] quit [RouterA-ospf-1] quit
# Configure Router B.
[RouterB] ospf 1 [RouterB-ospf-1] area 0 [RouterB-ospf-1-area-0.0.0.0] network 20.1.1.0 0.0.0.255 [RouterB-ospf-1-area-0.0.0.0] network 30.1.1.0 0.0.0.255 [RouterB-ospf-1-area-0.0.0.0] quit [RouterB-ospf-1] quit
# Configure Router C.
[RouterC] ospf 1 [RouterC-ospf-1] area 0 [RouterC-ospf-1-area-0.0.0.0] network 30.1.1.0 0.0.0.255 [RouterC-ospf-1-area-0.0.0.0] network 2.2.2.9 0.0.0.0 [RouterC-ospf-1-area-0.0.0.0] quit [RouterC-ospf-1] quit
After the configuration, run the display ip routing-table command on Router A and Router C. You can find that they learn the OSPF route to the network segment address of the remote loopback interface. Take Router A as an example.
[RouterA] display ip routing-table Route Flags: R - relied, D - download to fib -----------------------------------------------------------------------------Routing Tables: Public Destinations : 10 Routes : 10 Destination/Mask Proto Pre Cost Flags NextHop Interface 1.1.1.9/32 Direct 0 0 D 127.0.0.1 InLoopBack0 2.2.2.9/24 OSPF 10 2 D 20.1.1.2 Pos1/0/0 10.1.1.0/24 Direct 0 0 D 10.1.1.2 GigabitEthernet2/0/0 10.1.1.2/32 Direct 0 0 D 127.0.0.1 InLoopBack0 20.1.1.0/24 Direct 0 0 D 20.1.1.1 Pos1/0/0 20.1.1.1/32 Direct 0 0 D 127.0.0.1 InLoopBack0 20.1.1.2/32 Direct 0 0 D 20.1.1.2 Pos1/0/0 30.1.1.0/24 OSPF 10 2 D 20.1.1.2 Pos1/0/0 127.0.0.0/8 Direct 0 0 D 127.0.0.1 InLoopBack0 127.0.0.1/32 Direct 0 0 D 127.0.0.1 InLoopBack0
3.
Issue 03 (2008-09-22)
2-19
2 GRE Configuration
# Configure Router C.
[RouterC] interface loopback1 [RouterC-LoopBack1] target-board 5 [RouterC-LoopBack1] binding tunnel gre [RouterC-LoopBack1] quit [RouterC] interface tunnel 5/0/1 [RouterC-Tunnel5/0/1] tunnel-protocol gre [RouterC-Tunnel5/0/1] ip address 40.1.1.2 255.255.255.0 [RouterC-Tunnel5/0/1] source loopback 1 [RouterC-Tunnel5/0/1] destination 1.1.1.9 [RouterC-Tunnel5/0/1] quit
After the configuration, the tunnel interfaces is in the Up state, and the ping between the tunnel interfaces succeeds. Take Router A as an example:
[RouterA] ping -a 40.1.1.1 40.1.1.2 PING 40.1.1.2: 56 data bytes, press CTRL_C to break Reply from 40.1.1.2: bytes=56 Sequence=1 ttl=255 time=24 Reply from 40.1.1.2: bytes=56 Sequence=2 ttl=255 time=33 Reply from 40.1.1.2: bytes=56 Sequence=3 ttl=255 time=48 Reply from 40.1.1.2: bytes=56 Sequence=4 ttl=255 time=33 Reply from 40.1.1.2: bytes=56 Sequence=5 ttl=255 time=36 --- 40.1.1.2 ping statistics --5 packet(s) transmitted 5 packet(s) received 0.00% packet loss round-trip min/avg/max = 24/34/48 ms ms ms ms ms ms
4.
# Configure Router C.
[RouterC] ip route-static 10.1.1.0 255.255.255.0 Tunnel 5/0/1
After the configuration, run the display ip routing-table command on Router A and Router C. You can find the static route to the network segment of the remote user end through the tunnel interface. Take Router A as an example:
[RouterA] display ip routing-table Route Flags: R - relied, D - download to fib -----------------------------------------------------------------------------Routing Tables: Public Destinations : 13 Routes : 13 Destination/Mask Proto Pre Cost Flags NextHop Interface 1.1.1.9/32 Direct 0 0 D 127.0.0.1 InLoopBack0 2.2.2.9/24 OSPF 10 3 D 20.1.1.2 Pos1/0/0 10.1.1.0/24 Direct 0 0 D 10.1.1.2 GigabitEthernet2/0/0 10.1.1.2/32 Direct 0 0 D 127.0.0.1 InLoopBack0 10.2.1.0/24 Static 60 0 D 40.1.1.1 Tunnel5/0/1 20.1.1.0/24 Direct 0 0 D 20.1.1.1 Pos1/0/0 20.1.1.1/32 Direct 0 0 D 127.0.0.1 InLoopBack0 20.1.1.2/32 Direct 0 0 D 20.1.1.2 Pos1/0/0 30.1.1.0/24 OSPF 10 2 D 20.1.1.2 Pos1/0/0 40.1.1.0/24 Direct 0 0 D 40.1.1.1 Tunnel5/0/1
2-20
Issue 03 (2008-09-22)
2 GRE Configuration
InLoopBack0 InLoopBack0 InLoopBack0
The ping from PC1 to PC2 and from PC2 to PC1 succeeds.
Configuration Files
l
Issue 03 (2008-09-22)
2-21
2 GRE Configuration
OSPF 1
POS1/0/0 20.1.1.1/24 Tunnel5/0/1 40.1.1.1/24 POS1/0/0 30.1.1.2/24 Tunnel5/0/1 40.1.1.2/24
Loopback1 2.2.2.9/32
RouterA
RouterC
Tunnel
GE2/0/0 10.1.1.2/24
GE2/0/0 10.2.1.2/24
OSPF 2
10.1.1.1/24
OSPF 2
10.2.1.1/24
PC1
PC2
2-22
Issue 03 (2008-09-22)
2 GRE Configuration
Configuration Roadmap
The configuration roadmap is as follows: 1. 2. 3. Configure IGP on routers in the backbone network and using the OSPF process 1. Create a GRE tunnel between Router A and Router B. Configure OSPF on the network segment between PC and the backbone network and using the OSPF process 2.
Data Preparation
To complete the configuration, you need the following data:
l l l
Source address and destination address on both ends of the GRE tunnel Loopback interface addresses on both ends of the tunnel IP addresses of tunnel interfaces on both ends
Configuration Procedure
1. Configure an IP address for each interface. Configure the IP address for each interface as shown in Figure 2-7. Run the undo shutdown command to change each physical interface to Up. The details of the configuration are not mentioned here. 2. Configure an IGP of the VPN backbone network. The configuration is the same as that of "2.5.1 Example for Configuring Static Routes for GRE" and is not mentioned here. 3. 4. Configure the tunnel interface. For details, see the section "2.5.1 Example for Configuring Static Routes for GRE." Enable OSPF on the tunnel interface. # Configure Router A.
[RouterA] ospf 2 [RouterA-ospf-2] area 0 [RouterA-ospf-2-area-0.0.0.0] network 40.1.1.0 0.0.0.255 [RouterA-ospf-2-area-0.0.0.0] network 10.1.1.0 0.0.0.255 [RouterA-ospf-2-area-0.0.0.0] quit [RouterA-ospf-2] quit
# Configure Router C.
[RouterC] ospf 2 [RouterC-ospf-2] area 0 [RouterC-ospf-2-area-0.0.0.0] network 40.1.1.0 0.0.0.255 [RouterC-ospf-2-area-0.0.0.0] network 10.2.1.0 0.0.0.255 [RouterC-ospf-2-area-0.0.0.0] quit [RouterC-ospf-2] quit
After the configuration, run the display ip routing-table command on Router A and Router C. You can find the OSPF route to the network segment of the remote user end through the tunnel interface. Moreover, the next hop to the destination IP address of the physical interface (30.1.1.0/24) of the tunnel is not the tunnel interface. Take Router A as an example:
[RouterA] display ip routing-table Route Flags: R - relied, D - download to fib -----------------------------------------------------------------------------Routing Tables: Public Destinations : 13 Routes : 13
Issue 03 (2008-09-22)
2-23
2 GRE Configuration
Destination/Mask Proto Pre 1.1.1.9/32 Direct 0 2.2.2.9/24 OSPF 10 10.1.1.0/24 Direct 0 0 10.1.1.2/32 Direct 0 10.2.1.0/24 OSPF 10 20.1.1.0/24 Direct 0 20.1.1.1/32 Direct 0 20.1.1.2/32 Direct 0 30.1.1.0/24 OSPF 10 40.1.1.0/24 Direct 0 40.1.1.1/32 Direct 0 127.0.0.0/8 Direct 0 127.0.0.1/32 Direct 0 Cost 0 3 0 2 0 0 0 2 0 0 0 0
Configuration Files
l
2-24
Issue 03 (2008-09-22)
2 GRE Configuration
2.5.3 Example for Configuring CE Users to Access a MPLS VPN Through a GRE Tunnel Traversing the Public Network
Networking Requirements
As shown in Figure 2-8, PE1 and PE2 are located in the MPLS backbone network. The network between CE1 and PE1 is public network. The CE1 and PE1 are connected with each other through the device R1, but CE2 and PE2 are directly connected with each other. It is required to deploy an MPLS-based VPN, which consists of both users directly connected to CE1 and users directly connected to CE2.
Issue 03 (2008-09-22)
2-25
2 GRE Configuration
Figure 2-8 Diagram of a CE accessing MPLS VPN through the GRE tunnel
Loopback1 R1 GE2/0/0 GE1/0/0 Loopback1 GE2/0/0
Tunn el
GE1/0/0
GE2/0/0
PC1
PC2
device CE1 CE1 CE1 CE1 R1 R1 PE1 PE1 PE1 PE1 PE1 PE2 PE2 PE2 CE2 CE2
Interface Loopback1 GE 1/0/0 GE 2/0/0 Tunnel 5/0/1 GE 1/0/0 GE 2/0/0 Loopback0 Loopback1 GE 1/0/0 GE 2/0/0 Tunnel 5/0/1 Loopback0 GE 1/0/0 GE 2/0/0 GE 1/0/0 GE 2/0/0
IP Address 6.6.6.6/32 21.1.1.2/24 30.1.1.1/24 2.2.2.1/24 30.1.1.2/24 50.1.1.1/24 1.1.1.9/32 5.5.5.5/32 50.1.1.2/24 110.1.1.1/24 2.2.2.2/24 3.3.3.9/32 110.1.1.2/24 11.1.1.2/24 11.1.1.1/24 31.1.1.2/24
Configuration Roadmap
The configuration roadmap is as follows: 1. 2. 3. 4. Run IGP to implement interconnection of routers on the backbone network by using OSPF here and enable MPLS on the backbone network. Create a GRE tunnel between PE1 and CE1. Create a VPN instance VPN1 on PE1 and PE2, on PE1, bind the VPN instance to the GRE tunnel, and on PE2, bind the VPN instance to the interface of CE2. Configure reachable private routing between CE1 and CE2 by using IS-IS.
Data Preparation
To complete the configuration, you need the following data:
2-26 Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd. Issue 03 (2008-09-22)
2 GRE Configuration
Data for the routing protocol running on the routers in backbone network Loopback interfaces on both ends of the tunnel Source and destination addresses of the GRE tunnel IP addresses of the tunnel interfaces on both ends Name of the VPN instance , Route-Distinguisher and VPN-Target Data for IBGP running between PE1 and PE2
Configuration Procedure
1. Assign an IP address to each interface. Configure the IP address for each interface as shown in Figure 2-8. Run the undo shutdown command to change each physical interface to Up. The details of the configuration are not mentioned here. 2. Configure an IGP on the MPLS backbone network to interconnect PEs on the backbone network. # Configure PE1. # Enable OSPF to advertise the routes of each interface.
[PE1] ospf [PE1-ospf-1] area 0 [PE1-ospf-1-area-0.0.0.0] network 110.1.1.0 0.0.0.255 [PE1-ospf-1-area-0.0.0.0] network 1.1.1.9 0.0.0.0 [PE1-ospf-1-area-0.0.0.0] quit [PE1-ospf-1] quit
After the configuration, the OSPF neighbor relationship should be established between PE1 and PE2. Run the display ospf peer command, and you can find that the neighbor status is Full. Run the display ip routing-table command, and you can find that PE1 and PE2 can learn the loopback0 route of each other. Take PE1 as an example:
[PE1] display ip routing-table Route Flags: R - relied, D - download to fib -----------------------------------------------------------------------------Routing Tables: Public Destinations : 9 Routes : 9 Destination/Mask Proto Pre Cost Flags NextHop Interface 1.1.1.9/32 Direct 0 0 D 127.0.0.1 InLoopBack0 3.3.3.9/32 OSPF 10 2 D 110.1.1.2 GigabitEthernet2/0/0 127.0.0.0/8 Direct 0 0 D 127.0.0.1 InLoopBack0 127.0.0.1/32 Direct 0 0 D 127.0.0.1 InLoopBack0 110.1.1.0/24 Direct 0 0 D 110.1.1.2 GigabitEthernet2/0/0 110.1.1.1/32 Direct 0 0 D 127.0.0.1 InLoopBack0
3.
Configure basic MPLS functions and MPLS LDP on the MPLS backbone network. Set up the LDP LSP. # Configure PE1.
Issue 03 (2008-09-22)
2-27
2 GRE Configuration
# Enable MPLS and LDP on PE1, specify the LSR-ID to be IP address of the Loopback interface and trigger the establishment of LSP.
[PE1] mpls lsr-id 1.1.1.9 [PE1] mpls [PE1-mpls] quit [PE1] mpls ldp [PE1-mpls-ldp] quit
# Enable the MPLS and LDP on the interface of the backbone network.
[PE1] interface GigabitEthernet 2/0/0 [PE1-GigabitEthernet 2/0/0] mpls [PE1-GigabitEthernet 2/0/0] mpls ldp [PE1-GigabitEthernet 2/0/0] quit
# Configure PE2. # Enable MPLS and LDP on PE1, specify the LSR-ID to be IP address of the Loopback interface and trigger the establishment of LSP.
[PE2] mpls lsr-id 3.3.3.9 [PE2] mpls [PE2-mpls] quit [PE2] mpls ldp [PE2-mpls-ldp] quit
# Enable the MPLS and LDP on the interface of the backbone network.
[PE2] interface GigabitEthernet 1/0/0 [PE2-GigabitEthernet1/0/0] mpls [PE2-GigabitEthernet1/0/0] mpls ldp [PE2-GigabitEthernet1/0/0] quit
After the configuration, the LDP session should be established. Run the display mpls ldp session command, and you can find that the status in the output is "Operational". Run the display mpls ldp lsp command, and you can find the establishment of the LDP LSP. Take PE1 as an example:
[PE1] display mpls ldp session LDP Session(s) in Public Network -------------------------------------------------------------------------Peer-ID Status LAM SsnRole SsnAge KA-Sent/Rcv -------------------------------------------------------------------------3.3.3.9:0 Operational DU Passive 000:00:01 5/5 -------------------------------------------------------------------------TOTAL: 1 session(s) Found. LAM : Label Advertisement Mode SsnAge Unit : DDD:HH:MM [PE1] display mpls ldp lsp LDP LSP Information -----------------------------------------------------------------SN DestAddress/Mask In/OutLabel Next-Hop In/Out-Interface -----------------------------------------------------------------1 1.1.1.9/32 3/NULL 127.0.0.1 GE2/0/0/InLoop0 2 3.3.3.9/32 NULL/3 110.1.1.2 -------/GE2/0/0 *3 11.1.1.0/24 Liberal 4 50.1.1.0/24 3/NULL 50.1.1.2 GE2/0/0/GE1/0/0 -----------------------------------------------------------------TOTAL: 3 Normal LSP(s) Found. TOTAL: 1 Liberal LSP(s) Found. A '*' before an LSP means the LSP is not established A '*' before a Label means the USCB or DSCB is stale
4.
Configure the IGP routing between CE1, R1 and PE1. Enable intercommunication of the loopback1 interfaces on CE1 and PE1. # Configure CE1.
[CE1] ospf 10 [CE1-ospf-10] area 0 [CE1-ospf-10-area-0.0.0.0] network 30.1.1.0 0.0.0.255 [CE1-ospf-10-area-0.0.0.0] network 6.6.6.6 0.0.0.0 [CE1-ospf-10-area-0.0.0.0] quit
2-28
Issue 03 (2008-09-22)
2 GRE Configuration
# Configure R1.
[R1] ospf 10 [R1-ospf-10] area 0 [R1-ospf-10-area-0.0.0.0] network 30.1.1.0 0.0.0.255 [R1-ospf-10-area-0.0.0.0] network 50.1.1.0 0.0.0.255 [R1-ospf-10-area-0.0.0.0] quit [R1-ospf-10] quit
# Configure PE1.
[PE1] ospf 10 [PE1-ospf-10] area 0 [PE1-ospf-10-area-0.0.0.0] network 50.1.1.0 0.0.0.255 [PE1-ospf-10-area-0.0.0.0] network 5.5.5.5 0.0.0.0 [PE1-ospf-10-area-0.0.0.0] quit [PE1-ospf-10] quit
The ping between the IP address of loopback1 interfaces on CE1 and PE1 succeeds in both directions. For example:
[PE1] ping 6.6.6.6 PING 6.6.6.6: 56 data bytes, press CTRL_C to break Reply from 6.6.6.6: bytes=56 Sequence=1 ttl=253 time=72 Reply from 6.6.6.6: bytes=56 Sequence=2 ttl=253 time=34 Reply from 6.6.6.6: bytes=56 Sequence=3 ttl=253 time=50 Reply from 6.6.6.6: bytes=56 Sequence=4 ttl=253 time=50 Reply from 6.6.6.6: bytes=56 Sequence=5 ttl=253 time=34 --- 6.6.6.6 ping statistics --5 packet(s) transmitted 5 packet(s) received 0.00% packet loss round-trip min/avg/max = 34/48/72 ms ms ms ms ms ms
5.
Configure the GRE tunnel between CE1 and PE1. # Configure CE1.
[CE1] interface loopback1 [CE1-LoopBack1] target-board 5 [CE1-LoopBack1] binding tunnel gre [CE1-LoopBack1] quit [CE1] interface tunnel5/0/1 [CE1-Tunnel5/0/1] tunnel-protocol gre [CE1-Tunnel5/0/1] ip address 2.2.2.1 255.255.255.0 [CE1-Tunnel5/0/1] source loopback 1 [CE1-Tunnel5/0/1] destination 5.5.5.5 [CE1-Tunnel5/0/1] quit
# Configure PE1.
[PE1] interface loopback1 [PE1-LoopBack1] target-board 5 [PE1-LoopBack1] binding tunnel gre [PE1-LoopBack1] quit [PE1] interface tunnel5/0/1 [PE1-Tunnel5/0/1] tunnel-protocol gre [PE1-Tunnel5/0/1] ip address 2.2.2.2 255.255.255.0 [PE1-Tunnel5/0/1] source loopback 1 [PE1-Tunnel5/0/1] destination 6.6.6.6 [PE1-Tunnel5/0/1] quit
After the configuration, the GRE tunnel between CE1 and PE1 is established. On CE1, the ping to the 2.2.2.2 of the Tunnel 5/0/1 of PE1 succeeds. Run the display interface tunnel command on both ends of the tunnel, and you can find that the status of the tunnel interface becomes Up. Take PE1 as an example:
[PE1] display interface Tunnel 5/0/1 Tunnel5/0/1 current state : UP
Issue 03 (2008-09-22)
2-29
2 GRE Configuration
6.
Create a VPN instance VPN1 on PE1 and bind VPN1 with the GRE tunnel. # Configure VPN1, specify the RD and VPN-Target. The VPN-Target configured on the local PE should be the same as that configured on the peer. In this manner, each site can access others in the same VPN.
[PE1] ip vpn-instance vpn1 [PE1-vpn-instance-vpn1] route-distinguisher 100:1 [PE1-vpn-instance-vpn1] vpn-target 111:1 export-extcommunity [PE1-vpn-instance-vpn1] vpn-target 111:1 import-extcommunity [PE1-vpn-instance-vpn1] quit [PE1] interface tunnel5/0/1 [PE1-Tunnel5/0/1] ip binding vpn-instance vpn1 [PE1-Tunnel5/0/1] ip address 2.2.2.2 255.255.255.0 [PE1-Tunnel5/0/1] quit
7.
Create the VPN instance VPN1 on PE2 and bind VPN1 with the interface connected to the CE. # Configure VPN1, specify the RD and VPN-Target. The VPN-Target configured on the local PE should be the same as that configured on the peer. In this manner, each site can access others in the same VPN.
[PE2] ip vpn-instance vpn1 [PE2-vpn-instance-vpn1] route-distinguisher 200:1 [PE2-vpn-instance-vpn1] vpn-target 111:1 export-extcommunity [PE2-vpn-instance-vpn1] vpn-target 111:1 import-extcommunity [PE2-vpn-instance-vpn1] quit [PE2] interface GigabitEthernet 2/0/0 [PE2-GigabitEthernet2/0/0] ip binding vpn-instance vpn1 [PE2-GigabitEthernet2/0/0] ip address 11.1.1.2 255.255.255.0 [PE2-GigabitEthernet2/0/0] quit
8.
Configure the IGP routing that traverses the GRE tunnel between CE1 and CE2. # Configure CE1.
[CE1] isis 10 [CE1-isis-10] network-entity 10.0000.0000.0001.00 [CE1-isis-10] quit [CE1] interface gigabitethernet1/0/0 [CE1-GigabitEthernet1/0/0] isis enable 10 [CE1-GigabitEthernet1/0/0] quit [CE1] interface tunnel5/0/1 [CE1-Tunnel5/0/1] isis enable 10 [CE1-Tunnel5/0/1] quit
# Configure PE1.
[PE1] isis 10 vpn-instance vpn1 [PE1-isis-10] network-entity 10.0000.0000.0002.00 [PE1-isis-10] quit [PE1] interface tunnel5/0/1 [PE1-Tunnel5/0/1] isis enable 10 [PE1-Tunnel5/0/1] quit
# Configure CE2.
2-30 Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd. Issue 03 (2008-09-22)
2 GRE Configuration
# Configure PE2.
[PE2] isis 10 vpn-instance vpn1 [PE2-isis-10] network-entity 10.0000.0000.0003.00 [PE2-isis-10] quit [PE2] interface gigabitethernet2/0/0 [PE2-GigabitEthernet2/0/0] isis enable 10 [PE2-GigabitEthernet2/0/0] quit
9.
Establish the MP-IBGP peer relationship between PEs. # Configure PE1. # Specify the remote PE as the IBGP peer and use the loopback interface to establish the IBGP connection.
[PE1] bgp 100 [PE1-bgp] peer 3.3.3.9 as-number 100 [PE1-bgp] peer 3.3.3.9 connect-interface loopback 0
# Enter the VPNv4 address family view and enable the switching of VPN-IPv4 routing information with the peer.
[PE1-bgp] ipv4-family vpnv4 [PE1-bgp-af-vpnv4] peer 3.3.3.9 enable [PE1-bgp-af-vpnv4] quit
# Enter the VPN1 instance of BGP and import the direct routes and the IS-IS routes.
[PE1-bgp] ipv4-family vpn-instance vpn1 [PE1-bgp-vpn1] import-route direct [PE1-bgp-vpn1] import-route isis 10 [PE1-bgp-vpn1] quit
# Configure PE2. # Specify the remote PE as the IBGP peer and use the loopback interface to establish the IBGP connection.
[PE2] bgp 100 [PE2-bgp] peer 1.1.1.9 as-number 100 [PE2-bgp] peer 1.1.1.9 connect-interface loopback 0
# Enter the VPNv4 address family view and enable the switching of VPN-IPv4 routing information with the peer.
[PE2-bgp] ipv4-family vpnv4 [PE2-bgp-af-vpnv4] peer 1.1.1.9 enable [PE2-bgp-af-vpnv4] quit
# Enter the VPN1 instance of BGP and import the direct and IS-IS routes.
[PE2-bgp] ipv4-family vpn-instance vpn1 [PE2-bgp-vpn1] import-route direct [PE2-bgp-vpn1] import-route isis 10 [PE2-bgp-vpn1] quit
After the configuration, run the display bgp peer or display bgp vpnv4 all peer commands on PEs. You can find that the BGP peer relationship is established between PEs and the status is "Established". Take PE1 as an example:
[PE1] display bgp peer BGP local router ID : 3.3.3.9 Local AS number : 100
Issue 03 (2008-09-22)
2-31
2 GRE Configuration
Total number of peers : 1 Peer V AS MsgRcvd 3.3.3.9 4 100 2
MsgSent 6
10. Import the BGP routing to the IS-IS routing in PE. # Configure PE1.
[PE1] isis 10 [PE1-isis-10] import-route bgp [PE1-isis-10] quit
# Configure PE2.
[PE2] isis 10 [PE2-isis-10] import-route bgp [PE2-isis-10] quit
11. Verify the configuration. If the configuration succeeds, the ping from CE1 to 31.1.1.2 on CE2 succeeds. Take CE1 as an example:
[CE1] ping 31.1.1.2 PING 31.1.1.2: 56 data bytes, press CTRL_C to break Reply from 31.1.1.2: bytes=56 Sequence=1 ttl=253 time=72 Reply from 31.1.1.2: bytes=56 Sequence=2 ttl=253 time=34 Reply from 31.1.1.2: bytes=56 Sequence=3 ttl=253 time=50 Reply from 31.1.1.2: bytes=56 Sequence=4 ttl=253 time=50 Reply from 31.1.1.2: bytes=56 Sequence=5 ttl=253 time=34 --- 31.1.1.2 ping statistics --5 packet(s) transmitted 5 packet(s) received 0.00% packet loss round-trip min/avg/max = 34/48/72 ms ms ms ms ms ms
Configuration Files
l
2-32
Issue 03 (2008-09-22)
2 GRE Configuration
Configuration File of R1
# sysname R1 # interface GigabitEthernet1/0/0 undo shutdown ip address 30.1.1.2 255.255.255.0 # interface GigabitEthernet2/0/0 undo shutdown ip address 50.1.1.1 255.255.255.0 # ospf 10 area 0.0.0.0 network 30.1.1.0 0.0.0.255 network 50.1.1.0 0.0.0.255 # return
Issue 03 (2008-09-22)
2-33
2 GRE Configuration
# ipv4-family unicast undo synchronization peer 3.3.3.9 enable # ipv4-family vpnv4 policy vpn-target peer 3.3.3.9 enable # ipv4-family vpn-instance vpn1 import-route direct import-route isis 10 # ospf 1 area 0.0.0.0 network 1.1.1.9 0.0.0.0 network 110.1.1.0 0.0.0.255 # ospf 10 area 0.0.0.0 network 50.1.1.0 0.0.0.255 network 5.5.5.5 0.0.0.0 # return l
2-34
Issue 03 (2008-09-22)
2 GRE Configuration
2.5.4 Example for Configuring CE Users to Access an MPLS VPN Through a GRE Tunnel Traversing Another VPN
Networking Requirements
As shown in Figure 2-9:
l l
PE1 and PE2 are located in the MPLS backbone network of the first-level carrier. VPN2 is a VPN that belongs to the second-level carrier, whose CE1 is directly connected with PE1. CE2 and CE3 are devices that belong to users. CE3 is directly connected with CE1 of the second-level carrier, and CE2 is directly connected with PE2.
l l
It is required to deploy an MPLS-based VPN named VPN1, which consists of users directly connected to CE3 and users directly connected to CE2.
Issue 03 (2008-09-22)
2-35
2 GRE Configuration
Figure 2-9 Diagram of a GRE tunnel traversing another VPN between CEs and PEs
VPN2 CE1 GE1/0/0 Loopback1 GE2/0/0 CE3 GE1/0/0 Tunnel5/0/1 VPN1 VPN1 PC1 PC2 GE1/0/0 GE2/0/0 GE1/0/0 PE1 Tunnel5/0/1 CE2 Loopback1 MPLS GE2/0/0 GE1/0/0 GE2/0/0 PE2
GE2/0/0
device CE3 CE3 CE3 CE3 CE1 CE1 PE1 PE1 PE1 PE1 PE1 PE2 PE2 PE2 CE2 CE2
Interface Loopback1 GE1/0/0 GE2/0/0 Tunnel5/0/1 GE1/0/0 GE2/0/0 Loopback0 Loopback1 GE1/0/0 GE2/0/0 Tunnel5/0/1 Loopback0 GE1/0/0 GE2/0/0 GE1/0/0 GE2/0/0
IP address 6.6.6.6/32 21.1.1.2/24 30.1.1.1/24 2.2.2.1/24 30.1.1.2/24 50.1.1.1/24 1.1.1.9/32 5.5.5.5/32 50.1.1.2/24 110.1.1.1/24 2.2.2.2/24 3.3.3.9/32 110.1.1.2/24 11.1.1.2/24 11.1.1.1/24 31.1.1.2/24
Configuration Roadmap
The configuration roadmap is as follows: 1. 2. 3. 4. 5.
2-36
Run IGP to implement interconnection of routers on the backbone network by using OSPF here and enable MPLS on the backbone network. Create a VPN instance VPN2 on PE1 and bind the VPN instance to an interface connected to CE1. Create a GRE tunnel between PE1 and CE3 and specify the destination address (or source address) of the tunnel to belong to VPN2. Create a VPN instance VPN1 on PE1 and PE2, on PE1, bind the VPN instance to the GRE tunnel, and on PE2, bind the VPN instance to the interface of CE2. Configure reachable private routing between CE3 and CE2 by using IS-IS.
Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd. Issue 03 (2008-09-22)
2 GRE Configuration
Data Preparation
To complete the configuration, you need the following data:
l l l
Data for the routing protocol in the backbone network Loopback interface addresses on both ends of the tunnel Source address and destination address of the GRE tunnel, and IP addresses of tunnel interfaces VPN-instance name, route distinguisher (RD) and VPN-target Data for IBGP running between PE1 and PE2
l l
Configuration Procedure
1. Configure the IP address for each interface. Configure the IP address for each interface as shown in Figure 2-9. Run the undo shutdown command to change each physical interface to Up. The details of the configuration are not mentioned here. 2. Configure IGP on the MPLS backbone network to interconnect PEs on the backbone network. # Configure PE1.
[PE1] ospf [PE1-ospf-1] area 0 [PE1-ospf-1-area-0.0.0.0] network 110.1.1.0 0.0.0.255 [PE1-ospf-1-area-0.0.0.0] network 1.1.1.9 0.0.0.0 [PE1-ospf-1-area-0.0.0.0] quit [PE1-ospf-1] quit
# Configure PE2.
[PE2] ospf [PE2-ospf-1] area 0 [PE2-ospf-1-area-0.0.0.0] network 110.1.1.0 0.0.0.255 [PE2-ospf-1-area-0.0.0.0] network 3.3.3.9 0.0.0.0 [PE2-ospf-1-area-0.0.0.0] quit [PE2-ospf-1] quit
After the configuration, the OSPF neighbor relationship should be established between PE1 and PE2. Run the display ospf peer command, and you can find that the neighbor status is in the Full state. Run the display ip routing-table command, and you can find that PE1 and PE2 can learn the loopback0 route of each other. Take PE1 as an example:
[PE1] display ip routing-table Route Flags: R - relied, D - download to fib -----------------------------------------------------------------------------Routing Tables: Public Destinations : 9 Routes : 9 Destination/Mask Proto Pre Cost Flags NextHop Interface 1.1.1.9/32 Direct 0 0 D 127.0.0.1 InLoopBack0 3.3.3.9/32 OSPF 10 2 D 110.1.1.2 GigabitEthernet2/0/0 127.0.0.0/8 Direct 0 0 D 127.0.0.1 InLoopBack0 127.0.0.1/32 Direct 0 0 D 127.0.0.1 InLoopBack0 110.1.1.0/24 Direct 0 0 D 172.1.1.1 GigabitEthernet2/0/0 110.1.1.1/32 Direct 0 0 D 127.0.0.1 InLoopBack0
3.
Configure basic MPLS functions and MPLS LDP on the MPLS backbone network. Set up an LDP LSP. # Configure PE1.
Issue 03 (2008-09-22)
2-37
2 GRE Configuration
# Enable MPLS and LDP on PE1, specify the LSR-ID to be the IP address of the Loopback interface and trigger the establishment of LSP.
[PE1] mpls lsr-id 1.1.1.9 [PE1] mpls [PE1-mpls] quit [PE1] mpls ldp [PE1-mpls-ldp] quit
# Enable MPLS and LDP on the interface connected to the backbone network.
[PE1] interface GigabitEthernet 2/0/0 [PE1-GigabitEthernet2/0/0] mpls [PE1-GigabitEthernet2/0/0] mpls ldp [PE1-GigabitEthernet2/0/0] quit
# Configure PE2. # Enable MPLS and LDP on PE2, specify the LSR-ID to be the IP address of the Loopback interface and trigger the establishment of LSP.
[PE2] mpls lsr-id 3.3.3.9 [PE2] mpls [PE2-mpls] quit [PE2] mpls ldp [PE2-mpls-ldp] quit
After the configuration, the LDP session should be established. Run the display mpls ldp session command, and you can find that the status in the output is "Operational". Run the display mpls ldp lsp command, and you can find that the LDP is established. Take PE1 as an example:
[PE1] display mpls ldp session LDP Session(s) in Public Network -------------------------------------------------------------------------Peer-ID Status LAM SsnRole SsnAge KA-Sent/Rcv -------------------------------------------------------------------------3.3.3.9:0 Operational DU Passive 000:00:01 5/5 -------------------------------------------------------------------------TOTAL: 1 session(s) Found. LAM : Label Advertisement Mode SsnAge Unit : DDD:HH:MM [PE1] display mpls ldp lsp LDP LSP Information -----------------------------------------------------------------SN DestAddress/Mask In/OutLabel Next-Hop In/Out-Interface -----------------------------------------------------------------1 1.1.1.9/32 3/NULL 127.0.0.1 GE2/0/0/InLoop0 2 3.3.3.9/32 NULL/3 110.1.1.2 -------/GE2/0/0 *3 11.1.1.0/24 Liberal 4 50.1.1.0/24 3/NULL 50.1.1.2 GE2/0/0/GE1/0/0 -----------------------------------------------------------------TOTAL: 3 Normal LSP(s) Found. TOTAL: 1 Liberal LSP(s) Found. A '*' before an LSP means the LSP is not established A '*' before a Label means the USCB or DSCB is stale
4.
Configure IGP routes between CE3, CE1 and PE1. Enable intercommunication between the loopback1 interfaces of CE3 and PE1. # Configure CE3.
[CE3] ospf 10 [CE3-ospf-10] area 0 [CE3-ospf-10-area-0.0.0.0] network 30.1.1.0 0.0.0.255 [CE3-ospf-10-area-0.0.0.0] network 6.6.6.6 0.0.0.0 [CE3-ospf-10-area-0.0.0.0] quit
2-38
Issue 03 (2008-09-22)
2 GRE Configuration
# Configure CE1.
[CE1] ospf 10 [CE1-ospf-10] area 0 [CE1-ospf-10-area-0.0.0.0] network 30.1.1.0 0.0.0.255 [CE1-ospf-10-area-0.0.0.0] network 50.1.1.0 0.0.0.255 [CE1-ospf-10-area-0.0.0.0] quit [CE1-ospf-10] quit
# Configure PE1.
[PE1] ip vpn-instance vpn2 [PE1-vpn-instance-vpn2] route-distinguisher 100:2 [PE1-vpn-instance-vpn2] vpn-target 222:2 export-extcommunity [PE1-vpn-instance-vpn2] vpn-target 222:2 import-extcommunity [PE1-vpn-instance-vpn2] quit [PE1] interface gigabitethernet1/0/0 [PE1-GigabitEthernet1/0/0] ip binding vpn-instance vpn2 [PE1-GigabitEthernet1/0/0] ip address 50.1.1.2 255.255.255.0 [PE1-GigabitEthernet1/0/0] quit [PE1] interface loopback 1 [PE1-LoopBack1] ip binding vpn-instance vpn2 [PE1-LoopBack1] ip address 5.5.5.5 32 [PE1] ospf 10 vpn-instance vpn2 [PE1-ospf-10] area 0 [PE1-ospf-10-area-0.0.0.0] network 50.1.1.0 0.0.0.255 [PE1-ospf-10-area-0.0.0.0] network 5.5.5.5 0.0.0.0 [PE1-ospf-10-area-0.0.0.0] quit [PE1-ospf-10] quit
The ping from CE3 to the 5.5.5.5 of PE1 succeeds. When you ping the loopback1 interface of CE3 from PE1, you need to specify the source address and the VPN instance by using the ping command. For example:
[PE1] ping -a 5.5.5.5 -vpn-instance vpn2 6.6.6.6 PING 6.6.6.6: 56 data bytes, press CTRL_C to break Reply from 6.6.6.6: bytes=56 Sequence=1 ttl=253 time=72 Reply from 6.6.6.6: bytes=56 Sequence=2 ttl=253 time=34 Reply from 6.6.6.6: bytes=56 Sequence=3 ttl=253 time=50 Reply from 6.6.6.6: bytes=56 Sequence=4 ttl=253 time=50 Reply from 6.6.6.6: bytes=56 Sequence=5 ttl=253 time=34 --- 6.6.6.6 ping statistics --5 packet(s) transmitted 5 packet(s) received 0.00% packet loss round-trip min/avg/max = 34/48/72 ms ms ms ms ms ms
5.
Configure the GRE tunnel between CE3 and PE1. # Configure CE3.
[CE3] interface loopback1 [CE3-LoopBack1] target-board 5 [CE3-LoopBack1] binding tunnel gre [CE3-LoopBack1] quit [CE3] interface tunnel5/0/1 [CE3-Tunnel5/0/1] tunnel-protocol gre [CE3-Tunnel5/0/1] ip address 2.2.2.1 255.255.255.0 [CE3-Tunnel5/0/1] source loopback 1 [CE3-Tunnel5/0/1] destination 5.5.5.5 [CE3-Tunnel5/0/1] quit
# Configure PE1.
[PE1] interface loopback1 [PE1-LoopBack1] target-board 5 [PE1-LoopBack1] binding tunnel gre [PE1-LoopBack1] quit [PE1] interface tunnel5/0/1 [PE1-Tunnel5/0/1] tunnel-protocol gre
Issue 03 (2008-09-22)
2-39
2 GRE Configuration
[PE1-Tunnel5/0/1] [PE1-Tunnel5/0/1] [PE1-Tunnel5/0/1] [PE1-Tunnel5/0/1]
NOTE
The GRE tunnel from PE1 to CE3 traverses VPN2. Therefore, you need to specify that the destination address belongs to VPN2 when configuring the destination address of the tunnel.
After the configuration, the GRE tunnel between CE3 and PE1 is established. On CE3, the ping to the 2.2.2.2 of the Tunnel 5/0/1 on PE1 succeeds. Run the display interface tunnel command on both ends of the tunnel, and you can find that the status of the tunnel interface is Up. Take PE1 as an example:
[PE1] display interface Tunnel 5/0/1 Tunnel5/0/1 current state : UP Line protocol current state : UP Description : HUAWEI, Quidway Series, Tunnel5/0/1 Interface, Route Port The Maximum Transmit Unit is 1500 bytes Internet Address is 2.2.2.2/24 Encapsulation is TUNNEL, loopback not set Tunnel source 5.5.5.5 (LoopBack1), destination vrf vpn2 6.6.6.6 Tunnel protocol/transport GRE/IP , key disabled keepalive disabled Checksumming of packets disabled 5 minutes input rate 0 bytes/sec, 0 packets/sec 5 minutes output rate 0 bytes/sec, 0 packets/sec 0 packets input, 0 bytes 0 input error 0 packets output, 0 bytes 0 output error
6.
Create a VPN instance VPN1 on PE1 and bind the instance with the GRE tunnel. # Configure VPN1, specify the RD and VPN-Target. The VPN-Target configured on the local PE should be the same as that configured on the peer. In this manner, the site can access each other in the same VPN.
[PE1]ip vpn-instance vpn1 [PE1-vpn-instance-vpn1] route-distinguisher 100:1 [PE1-vpn-instance-vpn1] vpn-target 111:1 export-extcommunity [PE1-vpn-instance-vpn1] vpn-target 111:1 import-extcommunity [PE1-vpn-instance-vpn1] quit [PE1] interface tunnel5/0/1 [PE1-Tunnel5/0/1] ip binding vpn-instance vpn1 [PE1-Tunnel5/0/1] ip address 2.2.2.2 255.255.255.0 [PE1-Tunnel5/0/1] quit
7.
Create a VPN instance VPN1 on PE2 and bind the instance with the interface connected to CE. # Configure VPN1, specify the RD and VPN-Target. The VPN-Target configured on the local PE should be the same as that configured on the peer. In this manner each site can access others in the same VPN.
[PE2]ip vpn-instance vpn1 [PE2-vpn-instance-vpn1] route-distinguisher 200:1 [PE2-vpn-instance-vpn1] vpn-target 111:1 export-extcommunity [PE2-vpn-instance-vpn1] vpn-target 111:1 import-extcommunity [PE2-vpn-instance-vpn1] quit [PE2] interface GigabitEthernet 2/0/0 [PE2-GigabitEthernet2/0/0] ip binding vpn-instance vpn1 [PE2-GigabitEthernet2/0/0] ip address 11.1.1.2 255.255.255.0 [PE2-GigabitEthernet2/0/0] quit
8.
Configure the IGP routing that traverses the GRE tunnel between CE3 and CE2. # Configure CE3.
[CE3] isis 10
2-40
Issue 03 (2008-09-22)
2 GRE Configuration
# Configure PE1.
[PE1] isis 10 vpn-instance vpn1 [PE1-isis-10] network-entity 10.0000.0000.0002.00 [PE1-isis-10] quit [PE1] interface Tunnel5/0/1 [PE1-Tunnel5/0/1] isis enable 10 [PE1-Tunnel5/0/1] quit
# Configure CE2.
[CE2] isis 10 [CE2-isis-10] network-entity 10.0000.0000.0004.00 [CE2-isis-10] quit [CE2] interface gigabitethernet1/0/0 [CE2-GigabitEthernet1/0/0] isis enable 10 [CE2-GigabitEthernet1/0/0] quit [CE2] interface gigabitethernet2/0/0 [CE2-GigabitEthernet2/0/0] isis enable 10 [CE2-GigabitEthernet2/0/0] quit
# Configure PE2.
[PE2] isis 10 vpn-instance vpn1 [PE2-isis-10] network-entity 10.0000.0000.0003.00 [PE2-isis-10] quit [PE2] interface gigabitethernet2/0/0 [PE2-GigabitEthernet2/0/0] isis enable 10 [PE2-GigabitEthernet2/0/0] quit
9.
Set up the MP-IBGP peer relationship between PEs. # Configure PE1. # Specify the remote PE as the IBGP peer and use the loopback interface to establish the IBGP connection.
[PE1] bgp 100 [PE1-bgp] peer 3.3.3.9 as-number 100 [PE1-bgp] peer 3.3.3.9 connect-interface loopback 0
# Enter the VPNv4 address family view and enable the exchanging of VPN-IPv4 routing information with the peer.
[PE1-bgp] ipv4-family vpnv4 [PE1-bgp-af-vpnv4] peer 3.3.3.9 enable [PE1-bgp-af-vpnv4] quit
# Enter the VPN1 instance of BGP and import the direct and IS-IS routes.
[PE1-bgp] ipv4-family vpn-instance vpn1 [PE1-bgp-vpn1] import-route direct [PE1-bgp-vpn1] import-route isis 10 [PE1-bgp-vpn1] quit
# Configure PE2. # Specify the remote PE as the IBGP peer and use the loopback interface to establish the IBGP connection.
[PE2] bgp 100 [PE2-bgp] peer 1.1.1.9 as-number 100 [PE2-bgp] peer 1.1.1.9 connect-interface loopback 0
# Enter the VPNv4 address family view and enable the switching of VPN-IPv4 routing information with the peer.
[PE2-bgp] ipv4-family vpnv4
Issue 03 (2008-09-22)
2-41
2 GRE Configuration
[PE2-bgp-af-vpnv4] peer 1.1.1.9 enable [PE2-bgp-af-vpnv4] quit
# Enter the VPN1 instance of BGP and import the direct and IS-IS routes.
[PE2-bgp] ipv4-family vpn-instance vpn1 [PE2-bgp-vpn1] import-route direct [PE2-bgp-vpn1] import-route isis 10 [PE2-bgp-vpn1] quit
After the configuration, run the display bgp peer or display bgp vpnv4 all peer commands on PEs. You can find that the BGP peer relationship is established between PEs and the status is "Established". Take PE1 as an example:
[PE1] display bgp peer BGP local router ID : 3.3.3.9 Local AS number : 100 Total number of peers : 1 Peers in established state : 1 Peer V AS MsgRcvd MsgSent OutQ Up/Down State PrefRcv 3.3.3.9 4 100 2 6 0 00:00:12 Established 0
10. Import BGP routes to the IS-IS routing table on PEs. # Configure PE1.
[PE1] isis 10 [PE1-isis-10] import-route bgp [PE1-isis-10] quit
# Configure PE2.
[PE2] isis 10 [PE2-isis-10] import-route bgp [PE2-isis-10] quit
11. Verify the configuration. If the configuration succeeds, the ping from CE3 to 31.1.1.2 on CE2 succeeds. Take CE3 as an example:
[CE3] ping 31.1.1.2 PING 31.1.1.2: 56 data bytes, press CTRL_C to break Reply from 31.1.1.2: bytes=56 Sequence=1 ttl=253 time=72 Reply from 31.1.1.2: bytes=56 Sequence=2 ttl=253 time=34 Reply from 31.1.1.2: bytes=56 Sequence=3 ttl=253 time=50 Reply from 31.1.1.2: bytes=56 Sequence=4 ttl=253 time=50 Reply from 31.1.1.2: bytes=56 Sequence=5 ttl=253 time=34 --- 31.1.1.2 ping statistics --5 packet(s) transmitted 5 packet(s) received 0.00% packet loss round-trip min/avg/max = 34/48/72 ms ms ms ms ms ms
Configuration Files
l
2-42
Issue 03 (2008-09-22)
2 GRE Configuration
Issue 03 (2008-09-22)
2-43
2 GRE Configuration
ip address 110.1.1.1 255.255.255.0 mpls mpls ldp # interface LoopBack0 ip address 1.1.1.9 255.255.255.255 # interface LoopBack1 ip binding vpn-instance vpn2 ip address 5.5.5.5 255.255.255.255 target-board 5 binding tunnel gre # interface Tunnel5/0/1 tunnel-protocol gre ip binding vpn-instance vpn1 ip address 2.2.2.2 255.255.255.0 source LoopBack1 destination vpn-instance vpn2 6.6.6.6 isis enable 10 # bgp 100 peer 3.3.3.9 as-number 100 peer 3.3.3.9 connect-interface LoopBack0 # ipv4-family unicast undo synchronization peer 3.3.3.9 enable # ipv4-family vpnv4 policy vpn-target peer 3.3.3.9 enable # ipv4-family vpn-instance vpn1 import-route direct import-route isis 10 # ospf 1 area 0.0.0.0 network 1.1.1.9 0.0.0.0 network 110.1.1.0 0.0.0.255 # ospf 10 vpn-instance vpn2 area 0.0.0.0 network 50.1.1.0 0.0.0.255 network 5.5.5.5 0.0.0.0 # return l
2-44
Issue 03 (2008-09-22)
2 GRE Configuration
Issue 03 (2008-09-22)
2-45
2 GRE Configuration
Router A
Router B
Tunnel5/01 12.12.12.2/24
Tunnel5/0/1 12.12.12.1/24
Configuration Roadmap
To enable the Keepalive function on the local GRE, run the keepalive command in the tunnel interface view on the local device.
TIP
If the Keepalive function is enabled on one end, it is not required for the peer to possess the same function. The peer can only possess the forwarding function.
Data Preparation
To complete the configuration, you need the following data:
l l l l l l
Data for the routing protocol running on the routers in the backbone network Loopback interfaces on both ends of the tunnel Source and destination addresses of the GRE tunnel IP addresses of the tunnel interfaces on both ends Period of sending a Keepalive message Retry times
Configuration Procedure
1. 2. Interconnect Router A and Router B. The details of the configuration are not mentioned here. Configure the tunnel interface on Router A, and enable Keepalive.
<RouterA> system-view [RouterA] interface loopback1 [RouterA-LoopBack1] ip address 1.1.1.9 255.255.255.255 [RouterA-LoopBack1] target-board 5 [RouterA-LoopBack1] binding tunnel gre [RouterA-LoopBack1] quit [RouterA] interface tunnel 5/0/1 [RouterA-Tunnel5/0/1] tunnel-protocol gre [RouterA-Tunnel5/0/1] ip address 12.12.12.1 255.255.255.0 [RouterA-Tunnel5/0/1] source loopback 1 [RouterA-Tunnel5/0/1] destination 2.2.2.9 [RouterA-Tunnel5/0/1] keepalive period 20 retry-times 3 [RouterA-Tunnel5/0/1] return
3.
2-46
Issue 03 (2008-09-22)
2 GRE Configuration
4.
Verify the configuration. Ping the tunnel interface of Router B from the tunnel interface of Router A.
<RouterA> ping -a 12.12.12.1 12.12.12.2 PING 12.12.12.2: 56 data bytes, press CTRL_C to break Reply from 12.12.12.2: bytes=56 Sequence=1 ttl=255 time=187 ms Reply from 12.12.12.2: bytes=56 Sequence=2 ttl=255 time=93 ms Reply from 12.12.12.2: bytes=56 Sequence=3 ttl=255 time=125 ms Reply from 12.12.12.2: bytes=56 Sequence=4 ttl=255 time=94 ms Reply from 12.12.12.2: bytes=56 Sequence=5 ttl=255 time=94 ms --- 12.12.12.2 ping statistics --5 packet(s) transmitted 5 packet(s) received 0.00% packet loss round-trip min/avg/max = 93/118/187 ms
# Enable the debugging of Router A to check information about the Keepalive packets.
<RouterA> terminal moniter <RouterA> terminal debugging <RouterA> debugging tunnel keepalive *0.64797312 RouterA TUNNEL/5/debug:GRE_FWD: Receive the keepalive response on mainboard successfully.Finish. *0.64802312 RouterA TUNNEL/5/debug:GRE_FWD: Receive the keepalive response on mainboard successfully.Finish. *0.64812313 RouterA TUNNEL/5/debug:GRE_FWD: Receive the keepalive response on mainboard successfully.Finish.
Configuration Files
l
Issue 03 (2008-09-22)
2-47
2 GRE Configuration
# interface Pos1/0/0 undo shutdown link-protocol ppp ip address 172.16.1.2 255.255.255.0 # interface LoopBack1 ip address 2.2.2.9 255.255.255.255 target-board 5 binding tunnel gre # interface Tunnel5/0/1 tunnel-protocol gre ip address 12.12.12.2 255.255.255.0 source LoopBack1 destination 1.1.1.9 # ospf 1 area 0.0.0.0 network 172.16.1.0 0.0.0.255 network 2.2.2.9 0.0.0.0 # return
2-48
Issue 03 (2008-09-22)
3.13 Connecting VPN and the Internet This section describes how to connect VPN and Internet. 3.14 Configuring IP FRR of a Private Network This section describes how to configure IP FRR of a private network. 3.15 Configuring VPN FRR This section describes how to configure VPN FRR. 3.16 Configuring VPN GR This section describes how to configure VPN GR. 3.17 Configuring Route Reflection to Optimize the VPN Backbone Layer This section describes how to configure route reflection to optimize the VPN backbone layer. 3.18 Configuring Route Reflection to Optimize the VPN Access Layer This section describes how to configure route reflection to optimize the VPN access layer. 3.19 Configuring Convergence Priorities for VPN Routes This section describes how to configure convergence priorities for VPN routes. 3.20 Maintaining BGP/MPLS IP VPN This section describes how to maintain BGP/MPLS VPN. 3.21 Configuration Examples This section describes how to configure BGP/MPLS IP VPN.
3-2
Issue 03 (2008-09-22)
3.1 Introduction
This section describes the principle and concepts of the BGP/MPLS IP VPN. 3.1.1 Overview of BGP/MPLS IP VPN 3.1.2 BGP/MPLS IP VPN Features Supported by the NE80E/40E
Customer Edge (CE): indicates an edge device in the customer network, which has one or more interfaces directly connected with the service provider network. A CE can be a router, a switch or a host. Mostly, the CE cannot "sense" the existence of the VPN, and does not need to support MPLS. Provider Edge (PE): indicates an edge device of the provider network, which is directly connected to the CE. In the MPLS network, the PE device disposes all the VPN processing. Provider (P): indicates a backbone device in the provider network, which is not directly connected to the CE. The P device should have MPLS basic forwarding capability. Site: indicates a group of IP systems. Sites have IP connectivity between each other and this connectivity need not be realized by the service provider network. A site is connected to the provider network through the CE. A site may contain many CEs, but a CE belongs only to a single site.
l l l
Figure 3-1 shows the networking diagram of BGP/MPLS IP VPN. Figure 3-1 BGP/MPLS IP VPN model
VPN1 Service provider's backbone P P
Site1
VPN2 CE PE PE
CE
Site1
VPN2 P CE
Site2
PE P VPN1 CE
Site2
Issue 03 (2008-09-22)
3-3
Typical Networking
The NE80E/40E supports the following typical VPN networking:
l
Inter-AS VPN If a VPN backbone network span multiple ASs, the inter-AS VPN must be configured. The inter-AS VPN is classified into Option A, Option B, and Option C.
Carrier's carrier If a carrier's network has multiple ASs and requires other carriers' networks to complete a backbone network, the networking of carrier's carrier can be deployed.
HoVPN To relieve the burden of PEs, HoVPN can be configured. The devices on the convergence layer or the access layer serve as UPEs, which work with SPEs (PEs) on the backbone layer to implement the functions of the PEs.
OSPF sham link If OSPF runs between PEs and CEs, OSPF sham links can be adopted to solve the problem that the private route passing through the MPLS backbone network is not selected because the intra-area route passing through the backdoor link takes precedence over the private route, as shown in Figure 3-2.
backdoor
VPN1 site3
3-4
Issue 03 (2008-09-22)
Multi-VPN-Instance CE Currently, different services of a LAN are isolated through the VLAN function of switches. However, the routing capability is not the strong point of switches. To ensure that the services of the LAN are safely isolated and improve the routing capability of the LAN, you can configure Multi-VPN-Instance CE to solve the security problem of the LAN at a low cost.
VPN and Internet interworking The NE80E/40E supports the interworking between VPNs and Internet. This chapter describes how to implement VPN and Internet interworking through configuring static routes and Policy-based Routing (PBC) on PEs.
Reliability
To improve the reliability of a VPN, generally, the following networking modes are adopted.
l
The backbone network is an MPLS network, in which the devices on the backbone layer are fully connected. The devices on the backbone layer are generally connected through high-speed interfaces. If the number of PEs is large, use the BGP route reflector to reflect IPv4 VPN routes to decrease the number of MP IBGP connections. The convergence layer is of either a mesh topology or a ring topology. The dual-homed CE or multi-homed CE is configured on the access layer.
l l
The NE80E/40E supports VPN FRR in a dual-homed CE VPN network. After a PE fails, VPN FRR ensures that the VPN service from CE to CE can fast switch to the remaining PEs. When a site accesses the PE through dual-homed CEs, and a link between the PE and the CE fails, to ensure that VPN traffic can rapidly switch to another link between the PE and the CE, you can configure the IP FRR feature. VPN Graceful Restart (GR) can also improve the reliability of a VPN. When the VPN GR is configured, the VPN traffic on the router (PE, P, or CE) is not interrupted during the master/ slave switchover. This reduces the impact of a single point failure on VPN services.
QoS
To ensure QoS of a VPN, the NE80E/40E introduces Resource Reserved VPN (RRVPN) and VPN tunnel binding.
l
RRVPN divides an MPLS TE tunnel into sub-tunnels, ensures sub-tunnels with differentiated QoS, and binds each sub-tunnel to a VPN instance. Thus, each VPN instance exclusively occupies the resources of each sub-tunnel. VPN primary tunnel binding refers to binding an MPLS TE primary tunnel to a VPN instance. The VPN instance exclusively occupies the resources of the TE tunnel.
Other Features
To provide guaranteed services for some VIP VPN customers, carriers must ensure that the VPN routes of these customers can fast converge preferentially. The technology of VPN route convergence based on priorities is thus introduced. Through this technology, VPN routes are configured with different priorities. After a network fault occurs, VPN routes converge in order of priorities. VPN routes of higher priority converge first.
Issue 03 (2008-09-22) Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd. 3-5
Pre-configuration Tasks
Before configuring a VPN instance, complete the following tasks:
l
Configuring routing policies if import or export routing policies need to be applied to the VPN instance Configuring tunnel policies if load balancing is required, or configuring MPLS TE tunnels or GRE tunnels (For configuration about tunnel policies, refer to the chapter "VPN Tunnel Management Configuration" in this manual.)
Data Preparation
To configure VPN instances, you need the following data. No. 1 2 3 4
3-6
Data Name and RD of the VPN instance Description of the VPN instance (optional) VPN target The maximum number of routes allowed by the VPN instance (optional)
Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd. Issue 03 (2008-09-22)
No. 5
Data Routing policy that controls the receiving and sending of VPN routes (optional)
Procedure
Step 1 Run:
system-view
A VPN instance is created and the VPN instance view is displayed. Step 3 Run:
route-distinguisher route-distinguisher
The RD of the VPN instance is configured. A VPN instance takes effect only after the RD is configured. The RDs of the VPN instances on the same PE must be different from each other. Before configuring the RD, you can configure only the description about the VPN instance. Step 4 Run:
description description-information
The description about the VPN instance is configured. This Step is optional. The description can be used to record the relationship between a VPN instance and a certain VPN. ----End
Procedure
Step 1 Run:
system-view
Issue 03 (2008-09-22)
3-7
The VPN target extended community for the VPN instance is created. You can configure a maximum of eight VPN targets with a command and a maximum of 16 VPN targets for a VPN instance. Step 4 (Optional) Run:
routing-table limit number { alert-percent | simply-alert }
The maximum number of routes of the VPN instance is configured. You can define the maximum number of routes for a VPN instance to avoid importing too many routes from the CE. The maximum number of routes supported by a PE device varies with the products. Step 5 Run:
import route-policy policy-name
The import routing policy of the VPN instance is configured. This Step is optional. Step 6 Run:
export route-policy policy-name
The export routing policy of the VPN instance is configured. This Step is optional. ----End
Procedure
Step 1 Run:
system-view
By default, a VPN instance uses an MPLS LSP as tunnel and no load balancing is carried out. ----End
Procedure
Step 1 Run:
system-view
The label is allocated based on VPN instance. That is, all the routes in a VPN instance use the same label. The MPLS labels are generally allocated on a one label per route basis. When the number of routes becomes more, the Incoming Label Map (ILM) of a router needs to maintain more insegment entries accordingly. This demands high capacity of a device. The NE80E/40E provides the feature of the MPLS label allocation based on the VPN instance, that is, one label per VPN instance. All the routes of a VPN instance share the same label. ----End
Run the display ip vpn-instance command. If brief information about the VPN instance is displayed, it means the configuration succeeds. For example:
Issue 03 (2008-09-22) Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd. 3-9
Run the display ip vpn-instance verbose command. If detailed information about the VPN instance is displayed, it means the configuration succeeds. For example:
<Quidway> display ip vpn-instance verbose vpn1 VPN-Instance Name and ID : vpn1, 1 Create date : 2006/06/06 16:30:22 Up time : 0 days, 00 hours, 01 minutes and 03 seconds Route Distinguisher : 100:1 Export VPN Targets : 1:2 Import VPN Targets : 1:2 Label policy : label per instance Import Route Policy : p1 Export Route Policy : p2 Description : This is a VPN for company1. Maximum Routes Limit : 100
Pre-configuration Tasks
Before configuring basic BGP/MPLS IP VPN, complete the following tasks:
3-10 Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd. Issue 03 (2008-09-22)
Configuring IGP for the MPLS backbone network (PE, P) to implement IP connectivity Configuring basic MPLS capabilities for the MPLS backbone network (PE, P) Configuring tunnels between PEs Configuring IP addresses for the CE interface attached to PE
Data Preparation
To configure basic BGP/MPLS IP VPN, you need the following data. No. 1 Data To configure a VPN instance, you need the following data:
l l l l l l
Name of the VPN instance Route distinguisher Description of the VPN instance VPN target Routing policy (optional) Maximum number of route permitted in a VPN instance (optional)
2 3 4 5
IP address of the PE interface attached to the CE Route exchange between the PE and the CE: static route, RIP, OSPF, IS-IS or BGP AS number of the PE IP address and interface of the PE to establish the BGP peers
Procedure
Step 1 Run:
system-view
Procedure
Step 1 Run:
system-view
The VPN IPv4 routing information is exchanged between the peers. ----End
Configuring EBGP between PE and CE Configuring IBGP between PE and CE Configuring the static route between PE and CE Configuring RIP between PE and CE Configuring OSPF between PE and CE Configuring IS-IS between PE and CE
Procedure
l Configuring EBGP Between PE and CE Configuring PE 1. Run:
system-view
The CE is specified as the peer of the VPN private network. 5. (Optional) Run:
peer { ipv4-address | group-name } ebgp-max-hop [ number ]
The maximum number of hops is configured for the EBGP connection. Generally, a or multiple directly-connected physical link exists between a pair of EBGP peers. If not, you must use the peer ebgp-max-hop command to ensure that the TCP connection can be set up between the EBGP peers through multi-hop. 6. Run:
import-route direct [ med value ] [ route-policy policy-name ]
The direct route is imported. The PE must import the routes of the local CEs into the VPN routing table and advertise them to the peer PE. The route types to be imported may be different. The BGP uses the AS number to detect a routing loop. In the case of Hub and Spoke networking, however, if EBGP runs between the PE and the CE at the Hub site, the Hub-PE carries the local AS number when advertising routes to the Hub-CE. Therefore, the PE denies the subsequent update from the Hub-CE, because it contains the local AS number. To ensure proper transmission of routes in the Hub and Spoke scenario, configure all the BGP peers along the path, used for the Hub-CE to advertise private network routes to the Spoke-CE, to accept the routes which have the AS number repeated once. 7.
Issue 03 (2008-09-22)
Run:
Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd. 3-13
The loop is allowed. This Step is optional and used in the Hub&Spoke networking. 8. Run:
peer ip-address substitute-as
The BGP AS number substitution is enabled. This Step is optional is used for the networking scenario where physically dispersed CEs use the same AS number. The configuration is executed on the PE.
NOTE
In the case of multi-homed CE, the BGP AS substitution function may lead to route loops.
Configuring CE 1. Run:
system-view
The maximum number of hops is configured for the EBGP connection. Generally, a or multiple directly-connected physical link exists between a pair of EBGP peers. If not, you must use the peer ebgp-max-hop command to ensure that the TCP connection can be set up between the EBGP peers through multi-hop. 5. Run:
import-route { direct | static | rip [ process-id ] | ospf process-id | isis process-id } [ med value | route-policy policy-name ]*
The direct route is imported. The CE must advertise the reachable VPN segment addresses to the attached PE. Through the PE, the addresses are advertised to the remote CEs. In applications, the types of routes to be imported may be different. l Configuring IBGP between PE and CE Do as follows on the PE: 1. Run:
system-view
3-14
Issue 03 (2008-09-22)
The CE is specified as the peer in the VPN private network. 5. (Optional) When the direct route of the local CE need be imported to the VPN routing table and then advertised to the remote PE, select one of the following configurations:
Run the import-route direct [ med value | route-policy policy-name ]* command, and you can find that the direct route to the local CE is imported. Run the network ip-address mask command, and you can find that the direct route to the local CE is advertised.
NOTE
The PE can automatically learn the direct route to the local CE. The route has a higher priority than the direct route that is advertised by IBGP. Therefore, if the Step 5 is not performed, the PE does not advertise the direct route to the remote PE by using MP-BGP.
NOTE
Compared with the BGP view, the BGP-VPN instance view does not support the following configuration commands:
l l l l l
BGP Confederation: confederation BGP Graceful Restartgraceful-restart Router ID of BGP: router-id Synchronization Between BGP and IGP: synchronization BGP Timer: timer
The route is imported to the local CE. The CE advertises its VPN network segment to the connected PE, and the PE then advertises the address to the remote CE. Note that the type of the imported route may vary with different networking modes.
Issue 03 (2008-09-22) Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd. 3-15
Configuring Static Routes Between PE and CE Do as follow on the PE. The CE is configured with the static route, and the configurations are common and not mentioned here.
NOTE
For details, refer to the chapter "IP Static Route Configuration" in the Quidway NetEngine80E/ 40E Router Configuration Guide - IP Routing.
1.
Run:
system-view
The static route is configured for the specified VPN instance. 3. Run:
bgp as-number
The configured static route is imported into the routing table of the BGP VPN instance. l Configuring RIP Between PE and CE Do as follow on the PE. The CE is configured with RIPv1 or RIPv2, and the configurations are common and not mentioned here.
NOTE
1.
Run:
system-view
The RIP instance is created between the PE and the CE and the RIP view is displayed. A RIP process belongs to only one VPN instance. If you run a RIP process without binding it to a VPN instance, this process is considered as a public network process. An RIP process that belongs to a public network cannot be bound with a VPN instance. 3. Run:
network network-address
The RIP is configured on the network segment of the interface bound with the VPN instance.
3-16 Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd. Issue 03 (2008-09-22)
4.
Run:
import-route bgp [ cost value ] [ route-policy policy-name ]
The BGP route is imported. After the execution of the import-route bgp command in the RIP view, the PE imports the VPN-IPv4 routes learnt from the remote PE into the RIP and further advertises them to its CE. 5. Run:
quit
The RIP route is imported into the routing table of the BGP VPN instance. After the configuration of the import-route rip command in the BGP VPN view, the PE imports the VPN routes learnt from its CE into BGP, forms them into VPN-IPv4 routes and advertise them to the peer PE.
NOTE
After an VPN instance is deleted, all the associated RIP processes are deleted.
Configuring OSPF Between PE and CE Do as follows on the PE. The CE is configured with OSPF. The configurations are common and not mentioned here.
NOTE
1.
Run:
system-view
The OSPF instance is created between the PE and the CE and the OSPF view is displayed. An OSPF process belongs to only one VPN instance. If you run an OSPF process without binding it to a VPN instance, it is considered as a public network process. An OSPF process that belongs to a public network cannot be bound with a VPN instance. The OSPF processes that are bound to the VPN instance do not use the public network Router ID configured in the system view. You must specify the router ID when starting a process or to configure the IP address for at least one interface of the VPN instance. 3.
Issue 03 (2008-09-22)
(Optional)Run:
Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd. 3-17
The domain ID is configured. You can configure two domain IDs for each OSPF process. The domain IDs of different processes are independent of each other. There is no limitation to configure the domain IDs of the OSPF processes in different VPNs. But, all the OSPF processes in a VPN should be configured with the same domain ID to ensure correct routing advertisement. The domain ID of an OSPF process is contained in the routes generated by this process. When the OSPF routes are imported into BGP, the domain ID is added into the BGP VPN route and is transmitted as the BGP extended community attribute. By default, the domain ID is 0. 4. (Optional)Run:
route-tag tag-value
OSPF is run on the network segment where the interface bound to the VPN instance resides. A network segment can belong to only one area. That is, you must specify to which area each OSPF interface belongs. OSPF can run on an interface if the following conditions are true:
The mask length of the IP address on the interface must be longer than wildcardmask specified in the network command. The primary IP address of the interface must be located in the network segment specified in the network command.
For a loopback interface, by default, OSPF advertises the IP address of the loopback interface as a 32-bit host route, which bears no relation to the mask length configured on the interface. 8. Run:
quit
10. Run:
bgp as-number
The OSPF route is imported into the routing table of the BGP BPN instance.
NOTE
After a VPN instance is deleted, all related OSPF processes are deleted.
Configuring IS-IS Between PE and CE Do as follows on the PE. The CE is configured with IS-IS. The configurations are common and not mentioned here.
NOTE
1.
Run:
system-view
The IS-IS instance between the CE and the PE is created and the IS-IS view is displayed. An IS-IS process belongs to only one VPN instance. If you run an IS-IS process without binding it to a VPN instance, it is considered as a public network process. An IS-IS process that belongs to a public network cannot be bound with a VPN instance. 3. Run:
network-entity net
The Network Entity Title (NET) is configured. An NET defines the address of the current IS-IS area and the system ID of the router. A maximum of three NETs can be configured for one process on a router. 4. (Optional) Run:
is-level { level-1 | level-1-2 | level-2 }
The level of the router is configured. By default, the level of a router is level-1-2. 5. Run:
import-route bgp [ cost value ] [ cost-type { external | internal } ] [ level-1 | level-1-2 | level-2 ] [ route-policy policy-name ] [ tag tagvalue ]
Issue 03 (2008-09-22)
3-19
The view of the interface bound to the VPN instance is displayed. 8. Run:
isis enable [ process-id ]
The IS-IS route is imported into the routing table of the BGP VPN instance.
NOTE
After the VPN instance is deleted, all IS-IS processes are deleted.
----End
Run the display ip routing-table vpn-instance vpn-instance-name command. If the VPN routes related to the CE are displayed, it means the configuration succeeds. Run the display ip routing-table command. If the routes to the peer CE are displayed on the CE, it means the configuration succeeds.
3-20
Issue 03 (2008-09-22)
3.4.1 Establishing the Configuration Task 3.4.2 Creating a VPN Instance 3.4.3 Configuring Route Attributes of the VPN Instance 3.4.4 Binding an Interface with the VPN Instance 3.4.5 Configuring MP-IBGP Between Hub-PE and Spoke-PE 3.4.6 Configuring a Routing Protocol or Static Routes Between PE and CE 3.4.7 Checking the Configuration
Pre-configuration Task
Before configuring Hub&Spoke, complete the following tasks:
l l
Configuring IGP on PE devices and P devices in the MPLS backbone network Configuring basic MPLS capability on PE devices and P devices in the MPLS backbone network Configuring the IP addresses, through which the CE devices access the PE devices, on the CE devices
Data Preparation
Before configuring Hub&Spoke, you need the following data. No. 1 Data To configure a VPN instance, you need the following data:
l l l l l l
Name of the VPN instance Route distinguisher Description of the VPN instance VPN target Routing policy (optional) Maximum number of route permitted in a VPN instance (optional)
2 3
IP addresses through which the CE devices access the PE devices Data for route configuration (static route, RIP, OSPF, IS-IS, or EBGP) between HubPE and Hub-CE, and Spoke-PE and Spoke-CE
Issue 03 (2008-09-22)
3-21
VPN-in: It receives and maintains all the VPN IPv4 routes. VPN-out: It maintains the routes of all the Hub stations and Spoke stations and advertises those routes to all the Spoke-PEs.
NOTE
Step 1 to 6 describes how to configure a VPN instance. Different VPN instances on a device have different names, RDs, and description.
Procedure
Step 1 Run:
system-view
The VPN instance is created and the VPN instance view is displayed. Step 3 Run:
route-distinguisher route-distinguisher
The RD of the VPN instance is configured. A VPN instance takes effect only after the RD is configured. Before configuring the RD, you can configure only the description about the VPN instance. Step 4 Run:
description description-information
The description about the VPN instance is configured. This Step is optional. The description can be used to record the relationship between a VPN instance and a certain VPN. Step 5 Run:
apply-label per-instance
The label is allocated based on VPN instance. That is, all the routes in a VPN instance use the same label. The MPLS labels are generally allocated on a one label per route basis. The NE80E/40E provides the feature of the MPLS label allocation based on the VPN instance, that is, one label per VPN instance. All the routes of a VPN instance share the same label. Step 6 Run:
routing-table limit number { alert-percent | simply-alert }
3-22
Issue 03 (2008-09-22)
The maximum number of routes of the VPN instance is configured. This step is optional. You can define the maximum number of routes for a VPN instance to avoid importing too many routes. ----End
The VPN target extended community for the VPN instance is created to import the IPv4 routes advertised by all the Spoke-PEs. vpn-target1 lists the export VPN targets advertised by all the Spoke-PEs. 4. Run:
import route-policy policy-name
The import routing policy of the VPN instance is configured. This step is optional. 5. Run:
export route-policy policy-name
The export routing policy of the VPN instance is configured. This step is optional. 6. Run:
quit
The VPN target extended community for the VPN instance is created to advertise the routes of all the Hubs and the Spokes. 9. Run:
import route-policy policy-name
The import routing policy of the VPN instance is configured. This step is optional. 10. Run:
export route-policy policy-name
Issue 03 (2008-09-22)
3-23
The export routing policy of the VPN instance is configured. This step is optional. l Configuring Spoke-PE 1. Run:
system-view
The VPN target extended community for the VPN instance is created to import the IPv4 routes advertised by all the Hub-PEs. vpn-target2 lists the export VPN targets of all the Hub-PEs. 4. Run:
vpn-target vpn-target1 &<1-8> export-extcommunity
The VPN target extended community for the VPN instance is created to advertise the IPv4 routes of stations the Spoke-PE accesses. 5. Run:
import route-policy policy-name
The import routing policy of the VPN instance is configured. This step is optional. 6. Run:
export route-policy policy-name
The export routing policy of the VPN instance is configured. This step is optional. 7. Run:
export route-policy policy-name
The export routing policy of the VPN instance is configured. This step is optional. ----End
Procedure
Step 1 Run:
system-view
Step 2 Run:
interface interface-type interface-number
Procedure
Step 1 Run:
system-view
The VPN IPv4 routing information is exchanged between the peers. ----End
Context
The Hub-PE and the Hub-CE can exchange routes in the following ways:
l
Configuring EBGP between the Hub-PE and the Hub-CE In this way, EBGP, IGP, or static routes can be adopted between the Spoke-PE and the Spoke-CE. To set up the EBGP peer between the Hub-PE and the Hub-CE, run the peer ip-address allow-as-loop [ number ] command in the BGP VPN instance view to allow the routing loop.
Configuring IGP between the Hub-PE and the Hub-CE In this way, instead of BGP, IGP or static routes are adopted between the Spoke-PE and the Spoke-CE.
Configuring static routes between the Hub-PE and the Hub-CE In this way, EBGP, IGP, or static routes can be adopted between the Spoke-PE and the Spoke-CE. If the Hub-CE uses the default route to access the Hub-PE, to advertise the default route to all the Spoke-PEs, do as follows on the Hub-PE:
Run the ip route-static vpn-instance vpn-instance-name 0.0.0.0 0.0.0.0 nexthopaddress [ preference preference ] [ description text ] command in the system view. vpn-instance-name refers to the VPN-out. nexthop-address is the IP address of the HubCE interface that is connected with the PE interface bound with the VPN-out.
Run the network 0.0.0.0 0 command in the BGP VPN instance view to advertise the default route to all the Spoke-PEs through MP-BGP. vpn-instance-name refers to the VPN-out.
Choose one of the preceding methods as required. For detailed configurations, see Configuring a Routing Protocol Between PE and CE.
Run the preceding commands. If the routing table of the VPN-in has routes to all the Spoke stations, and the routing table of the VPN-out has routes to the Hub and all the Spoke stations, it means the configuration succeeds. Additionally, Hub-CE and all the Spoke-CEs have routes to the Hub and all the Spoke stations.
3-26 Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd. Issue 03 (2008-09-22)
Pre-configuration Tasks
Before configuring inter-AS VPN Option A, complete the following tasks:
l
Configuring IGP for MPLS backbone networks in each AS to keep IP connectivity of the backbones in one AS Enabling MPLS on the PE and the ASBR PE Setting up the tunnel (LSP, GRE, or MPLS TE) between the PE and the ASBR PE in the same AS Configuring the IP address of the CE interface through which the CE accesses the PE
l l
Data Preparation
To configure inter-AS VPN Option A, you need the following data: No. 1 Data To configure the VPN instance on the PE and the ASBR PE, you need the following data:
l l l l l l l
Name of the VPN instance Route distinguisher Description of the VPN instance VPN target Routing policy (optional) Tunnel policy (optional) Maximum number of route permitted in a VPN instance (optional)
Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd. 3-27
Issue 03 (2008-09-22)
No. 2 3 4 5 6
Data IP address of the PE interface connected with the PE AS number of the PE IP addresses of the interfaces connected the ASBR PEs Routing protocol configured between the PE and the CE: static routes, RIP, OSPF, IS-IS and BGP IP addresses and interfaces setting up the IBGP peer between the PE and the ASBR PE
Procedure
Step 1 Configuring Basic BGP/MPLS IP VPN on each AS Step 2 Configuring ASBR-PE by considering the peer ASBR-PE as its CE Step 3 Configuring VPN instances for the PE and the ASBR-PE separately The VPN instance for PE is used to access CE; that for ASBR-PE is used to access its peer ASBR-PE.
NOTE
In inter-AS VPN Option A mode, for the same VPN, the VPN targets of ASBR-PE and the PE VPN instance must be matched in an AS. This is not required for the PEs in different ASs.
----End
Command display bgp vpnv4 all peer display bgp vpnv4 all routing-table
Issue 03 (2008-09-22)
Action Check the VPN routing table on the PE or the ASBR PE.
After the successful configuration, run the display bgp vpnv4 all peer command on the PE or the ASBR PE, and you can view that the BGP VPNv4 peer relationship between the ASBR-PE and the PE in the same AS is "Established". Run the display bgp vpnv4 all routing-table command on the PE or the ASBR PE, and you can view the VPNv4 routes on the ASBR-PE. Run the display ip routing-table vpn-instance command on the PE or the ASBR PE, and you can view all the relevant routes in the VPN routing table.
Pre-configuration Tasks
Before configuring inter-AS VPN Option B, complete the following tasks:
l
Configuring IGP for MPLS backbone networks in each AS to realize IP connectivity of the backbones in one AS Configuring basic MPLS capability for the MPLS backbone network Configuring MPLS LDP and establishing LDP LSP for the MPLS backbone network
Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd. 3-29
l l
Issue 03 (2008-09-22)
Configuring VPN Instances on the PE devices connected with the CE devices and Binding an Interface with a VPN Instance Configuring the IP addresses of the CE interfaces through which the CE accesses the PE
Data Preparation
To configure inter-AS VPN Option B, you need the following data. No. 1 Data To configure the VPN instance on the PE and the ASBR PE, you need the following data:
l l l l l l l
Name of the VPN instance Route distinguisher Description of the VPN instance VPN target Routing policy (optional) Tunnel policy (optional) Maximum number of route permitted in a VPN instance (optional)
2 3 4 5 6
IP address of the PE interface connected with the PE AS number of the PE IP addresses of the interfaces connected the ASBR PEs Routing policy configured between the PE and the CE: static routes, RIP, OSPF, ISIS and BGP IP addresses and interfaces setting up the IBGP peer between the PE and the ASBR PE
Procedure
Step 1 Run:
system-view
Step 3 Run:
peer peer-address as-number as-number
The loopback interface is specified as the outgoing interface of the BGP session. Step 5 Run:
ipv4-family vpnv4 [ unicast ]
The exchange of IPv4 VPN routes with the peer PE or the ASBR PE is enabled. ----End
Procedure
Step 1 Run:
system-view
The view of the interface connected with the ASBR PE interface is displayed. Step 3 Run:
ip address ip-address { mask | mask-length }
Step 7 Run:
peer peer-address as-number as-number
The exchange of IPv4 VPN routes with the peer ASBR PE is enabled. ----End
Without VPN Target Filtering In this way, the ASBR PE stores all the VPN IPv4 routes. VPN Target Filtering In this way, the ASBR stores partial VPN IPv4 routes through routing policies.
Procedure
l Without VPN Target Filtering 1. Run:
system-view
The VPN IPv4 routes are not filtered by the VPN target. By default, the PE performs VPN target filtering on the received IPv4 VPN routes. The routes passing the filter is added to the routing table, and the others are discarded. If the PE is not configured with VPN instance, or the VPN instance is not configured with the VPN target, the PE discards all the received VPN IPv4 routes.
3-32 Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd. Issue 03 (2008-09-22)
In the Inter-AS VPN Option B mode, if the ASBR-PE does not store information about the VPN instance, the ASBR-PE must save all the VPNv4 routing information and advertise it to the peer ASBR-PE. In this case, the ASBR-PE should receive all the VPNv4 routing information without the VPN target filtering. l VPN Target Filtering 1. Run:
system-view
The routing policy is applied to controlling the VPN IPv4 routing information. ----End
Procedure
Step 1 Run:
Issue 03 (2008-09-22) Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd. 3-33
A VPN instance is created and the VPN instance view is displayed. Step 3 Run:
route-distinguisher route-distinguisher
The VPN target extended community for the VPN instance is created. For the same VPN in the inter-AS VPN Option B mode, the VPN targets of the ASBR-PE and the PE in an AS should match with each other. The VPN targets of the PE in different ASs must match with each other too. Step 5 Run:
routing-table limit number { alert-percent | simply-alert }
The maximum number of routes of the VPN instance is configured. Step 6 Run:
import route-policy policy-name
The import routing policy of the VPN instance is configured. This step is optional. Step 7 Run:
export route-policy policy-name
The export routing policy of the VPN instance is configured. This step is optional. ----End
Issue 03 (2008-09-22)
Action Check information about all the BGP peer on the PE or the ASBR PE. Check the VPN routing table on the PE.
Command display bgp vpnv4 all peer display ip routing-table vpn-instance vpninstance-name
Run the display bgp vpnv4 all routing-table command on the ASBR PE. If the IPv4 routes of the VPN are displayed, it means the configuration succeeds. Run the display bgp vpnv4 all peer command on the PE or the ASBR PE. If the status of the IBGP peer is "Established", and the status of the EBGP peer is "Established", it means the configuration succeeds. Run the display ip routing-table vpn-instance command on the PE. If the VPN routes are displayed, it means the configuration succeeds.
Pre-configuration Tasks
Before configuring inter-AS VPN Option C, complete the following tasks:
l
Configuring IGP for MPLS backbone networks in each AS to realize IP connectivity of the backbones in one AS Configuring basic MPLS capability for the MPLS backbone network
Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd. 3-35
Issue 03 (2008-09-22)
Configuring MPLS LDP and establishing LDP LSP for the MPLS backbone network Configuring VPN Instances on the PE devices connected with the CE devices and Binding an Interface with a VPN Instance Configuring the IP addresses of the CE interfaces through which the CE accesses the PE
Data Preparation
To configure inter-AS VPN Option C, you need the following data: No. 1 Data To configure the VPN instance on the PE and the ASBR PE, you need the following data:
l l l l l l l
Name of the VPN instance Route distinguisher Description of the VPN instance VPN target Routing policy (optional) Tunnel policy (optional) Maximum number of route permitted in a VPN instance (optional)
2 3 4 5 6 7
IP address of the PE interface connected with the CE AS number of the PE IP addresses of the interfaces connected the ASBR PEs Routing policy configured on the ASBR PE Routing protocol configured between the PE and the CE: static routes, RIP, OSPF, IS-IS, or BGP IP addresses and interfaces setting up the IBGP peer between the PE and the ASBR PE
NOTE
In inter-AS VPNOption C, do not enable LDP between ASBR-PEs. If LDP is enabled on the interfaces between ASBR-PEs, LDP sessions are then established between the ASBR-PEs. In this case, the ASBR-PEs establish an egress LSP and send Mapping messages to the upstream ASBR-PE. After receiving Mapping messages, the upstream ASBR-PE establishes a transit LSP. When there are high-volume BGP routes, enabling LDP on the interfaces between ASBR-PEs leads to the occupation of a large number of LDP labels.
3-36
Issue 03 (2008-09-22)
Context
NOTE
In option C, do not enable LDP between ASBR PEs. If LDP is enabled on interfaces connected with ASBR PEs, the LDP session is set up between ASBR PEs. The ASBR PE creates the egress LSP and sends Mapping messages to the upstream ASBR PE. After receiving the Mapping messages, the upstream ASBR PE creates transit LSP. When a large amount of BGP routes exist, enabling LDP on interfaces connected with ASBR PEs leads to the consumption of a great number of LDP labels.
Procedure
l Configuring the PE 1. Run:
system-view
The exchange of the labeled IPv4 routes with the ASBR PE in the same AS is enabled. l Configuring the ASBR PE 1. Run:
system-view
The view of the interface connected with the peer ASBR PE is displayed. 3. Run:
ip address ip-address { mask | mask-length }
The exchange of the labeled IPv4 routes with the PE of the same AS is enabled.
Issue 03 (2008-09-22) Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd. 3-37
In the Option C solution, you must establish an inter-AS VPN LSP. The related PEs and the ASBRs exchange public network routes with the MPLS labels. The ASBR-PE establishes a common EBGP peer relationship with the remote ASBRPE to switch labeled IPv4 routes. The public network routes with the MPLS labels are advertised by the MP-BGP. According to RFC 3107 (Carrying Label Information in BGP-4), the label mapping information of a route is carried by advertising BGP updates. This feature is implemented through BGP extension attributes, which requires BGP peers to process the labeled IPv4 routes. By default, BGP peers cannot process labeled IPv4 routes. 8. Run:
peer peer-address as-number as-number
The exchange of the labeled IPv4 routes with the peer ASBR PE is enabled. ----End
Procedure
l Creating a Routing Policy 1. Run:
system-view
The routing policy applied to the local PE is created. For the labeled IPv4 routes received from ASBR PEs, and sent to the PEs in the same AS, this policy ensures that a new MPLS label is allocated. 3. Run:
if-match mpls-label
3-38
Issue 03 (2008-09-22)
The routing policy applied to the peer ASBR PE is created. For the labeled IPv4 routes received from PE in the local AS, and sent to the remote ASBR PE, this policy ensures that a new MPLS label is allocated. 7. Run:
apply mpls-label
The label is allocated to the IPv4 route. l Applying Routing Policies 1. Run:
system-view
The routing policy adopted when the route is advertised to the local PE. 4. Run:
peer peer-address route-policy policy-name2 export
The routing policy adopted when the route is advertised to the peer ASBR PE. ----End
Procedure
l Configuring ASBR PEs 1. Run:
system-view
Issue 03 (2008-09-22)
3-39
The address of the loopback interface that is used to set up the BGP session is advertised to the peer ASBR PE and then to the PEs of the other ASs. l Configuring PE 1. Run:
system-view
The maximum hop of the EBGP peer is configured. PEs of different ASs are generally not directly connected. To set up the EBGP peer between PEs of different ASs, configure the maximum hop between PEs and ensure PEs are reachable. 5. Run:
ipv4-family vpnv4 [ unicast ]
The exchange of VPN IPv4 routes with the peer PE is enabled. 7. (Optional) Run:
peer peer-address next-hop-invariable
The next hop is not changed when the route is advertised to the EBGP peer.
NOTE
Perform this step when using Route Reflector (RR) to advertise VPNv4 routes. If VPNv4 routes are advertised between RRs, the next hop cannot be changed. This step is not configured in most cases.
----End
Action Check the BGP peers on the PE. Check the VPN IPv4 routing table on the PE or the ASBR PE. Check information about the label of the IPv4 route on the ASBR PE. Check the VPN routing table on the PE.
Command display bgp vpnv4 all peer display bgp vpnv4 all routing-table display bgp routing-table label display ip routing-table vpn-instance vpn-instance-name
Run the display bgp vpnv4 all peer command on the PE. If the status of the EBGP peer between PEs is "Established", it means the configuration succeeds. Running the display bgp vpnv4 all routing-table command, you can view that the PE has the VPN IPv4 routes while the ASBR PE has no VPN IPv4 route. Run the display bgp routing-table label command on the ASBR PE. If information about the label of the IPv4 route is displayed, it means the configuration succeeds. Run the display ip routing-table vpn-instance command on the PE. If the VPN routes to related CEs are displayed, it means the configuration succeeds.
Pre-configuration Tasks
Before configuring the carrier's carrier, complete the following tasks:
Issue 03 (2008-09-22) Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd. 3-41
Configuring IGP for the Level 1 carrier's MPLS backbone network to implement the IP connectivity of the backbone network Configuring the MPLS basic capability and the LDP for the Level 1 carrier's MPLS backbone network Establishing the MP-IBGP connection between the Level 1 carrier PEs Configuring the IGP for the Level 2 carrier's IP network or MPLS network to the IP connectivity Configuring the MPLS basic capability and LDP for the Level 2 carrier network and establishing the LSP if the Level 2 carrier provides the BGP/MPLS IP VPN services
l l
Data Preparation
To configure the carrier's carrier, you need the following data. No. 1 2 3 4 5 Data Name, RD and VPN target of the VPN instance used by the Level 1 carrier CE to access the Level 1 carrier PE IP addresses of each interface on the Level 1 carrier PE, and the Level 2 carrier CE and PE AS number of the Level 1 carrier network and that of the Level 2 carrier network Name and number of the routing policy used when the Level 1 and Level 2 carrier have different AS numbers Maximum hops of the EBGP connection allowed for the Level 2 carrier network (inter-AS)
A VPN instance is created and the VPN instance view is displayed. 3. Run:
route-distinguisher route-distinguisher
Run:
Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd. Issue 03 (2008-09-22)
The view of the interface connected with the Level 2 carrier CE. 7. Run:
ip binding vpn-instance vpn-instance-name
The IP address of the interface is configured. l Configuring LDP and IGP on Level 1 Carrier PE 1. Run:
system-view
The view of the interface connected with the Level 2 carrier CE. 5. Run:
mpls
Return to the system view. 8. Configure IGP between the Level 1 carrier PE and the Level 2 carrier CE. The RIP multi-instance, the OSPF multi-instance or the IS-IS multi-instance can be used on PE as the IGP protocol. l
Issue 03 (2008-09-22)
1.
Run:
system-view
The view of the interface connected with the Level 1 carrier CE. 3. Run:
ip address ip-address { mask | mask-length }
Return to the system view. 8. Configure IGP between the Level 2 carrier CE and the Level 1 carrier PE. RIP, OSPF or IS-IS can be used as the IGP protocol. ----End
A VPN instance is created and the VPN instance view is displayed. 3. Run:
route-distinguisher route-distinguisher
4.
Run:
vpn-target vpn-target &<1-8> [ both | export-extcommunity | importextcommunity ]
The view of the interface connected with the Level 2 carrier CE. 7. Run:
ip binding vpn-instance vpn-instance-name
The MPLS capability is enabled on the interface. l Configuring Labeled BGP on the Level 1 Carrier PE 1. Run:
system-view
8.
Run:
peer peer-address label-route-capability
The label is allocated to the route advertised by the Level 2 carrier CE. 10. Run:
import-route direct
The direct route is imported. l On a Level 2 Carrier CE, Configuring Labeled BGP Between the Level 2 Carrier CE and the Level 1 Carrier PE 1. Run:
system-view
The view of the interface connected with the Level 1 carrier CE. 3. Run:
ip address ip-address { mask | mask-length }
3-46
Issue 03 (2008-09-22)
The label is allocated to the route advertised by the Level 1 carrier PE. l On a Level 2 Carrier CE, Configuring Labeled BGP Between the Level 2 Carrier CE and the Level 2 Carrier PE 1. Run:
system-view
The Level 2 carrier PE is specified as the IBGP peer of another Level 2 carrier PE. 8. Run:
peer peer-address connect-interface loopback interface-number
The label is allocated to the labeled IPv4 route advertised to the Level 2 carrier PE. 11. Run:
import-route direct
Issue 03 (2008-09-22)
3-47
The internal route of the Level 2 carrier network is imported. The imported route type depends on the type of IGP running on the Level 2 carrier MPLS network. l Configuring Labeled BGP on the Level 2 Carrier PE 1. Run:
system-view
The Level 2 carrier PE is specified as the IBGP peer of another Level 2 carrier PE. 4. Run:
peer peer-address connect-interface loopback interface-number
Context
When configuring route exchange of the Level 2 carrier PE, select one of the following configurations based on the service type provided by the Level 2 carrier for customers:
Procedure
l Level 2 Carrier Is Common ISP 1. Run:
system-view
The maximum hop of the EBGP connection is configured. This step is needed when the Level 2 carrier PEs are EBGP peers of each other. l Level 2 Carrier Provides BGP/MPLS IP VPN Services 1. Run:
system-view
The maximum hop of the EBGP connection is configured. This step is needed when the Level 2 carrier PEs are MP-EBGP peers of each other. 6.
Issue 03 (2008-09-22)
Run:
Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd. 3-49
The exchange of the IPv4 VPN routes with the peer is enabled. ----End
Run the display ip routing-table command on the PEs and CEs of the Level 1 carrier and the Level 2 carrier. You can view the following:
l
The public routing table of the Level 1 carrier PE contains only the routes of the Level 1 carrier network. The public routing table of the Level 1 carrier CE contains the internal routes instead of the external routes of the Level 2 carrier network. The public routing table of the Level 2 carrier PE contains the internal routes of the Level 2 carrier network. There are routes to the related remote CEs between the Level 2 carrier CEs.
Run the display ip routing-table vpn-instance command on the PEs of the Level 1 carrier and the Level 2 carrier. You can view the following in the private routing table:
l
The VPN routing table of the Level 1 carrier PE contains the internal routes instead of the external routes of the Level 2 carrier network. The VPN routing table of the Level 2 carrier PE contains the external routes of the Level 2 carrier.
Pre-configuration Tasks
Before configuring HoVPN, complete the task of Configuring Basic BGP/MPLS IP VPN.
Data Preparation
To configure HoVPN, you need the following data. No. 1 2 Data Relationship between UPE and SPE Name of the VPN instance sending default routes to UPE
Procedure
Step 1 Run:
system-view
The UPE is specified as the BGP peer of the SPE. Step 4 Run:
ipv4-family vpnv4 [ unicast ]
The capability of exchanging BGP VPNv4 routing information with the peer is enabled.
Issue 03 (2008-09-22) Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd. 3-51
Step 6 Run:
peer { peer-address | group-name } upe
Procedure
Step 1 Run:
system-view
The default routes of a specified VPN instance are advertised to the UPE. After running the peer default-originate vpn-instance command, the SPE advertises a default route to the UPE with its local address as the next hop, regardless of whether there is a default route in the local routing table or not. After the peer default-originate vpn-instance command is configured in the BGP-VPNv4 subaddress family view, the router does not advertise the default route to the BGP VPNv4 peer if the default-route imported command is configured in the BGP-VPN instance view, however, no IGP default route is imported. If the peer default-originate vpn-instance command is configured in the BGP-VPNv4 subaddress family view, and then the default-route imported command is configured in the BGPVPN instance view, the peer default-originate vpn-instance command can take effect, however, the default-route imported command cannot take effect. ----End
Run the display ip routing-table on the CE connected with the UPE. You can find that there is a default route whose next hop is UPE. And there is no route to the network segment where the peer CE resides.
Pre-configuration Tasks
Before configuring the OSPF sham link, you need to complete the following tasks:
l l
Configuring Basic BGP/MPLS IP VPN ( OSPF between the PE and the CE) Configuring OSPF in the LAN where the CEs reside
Data Preparation
To configure the OSPF sham link, you need the following data. No. 1 2
Issue 03 (2008-09-22)
Data Number and address of the loopback interfaces that serve as the ends of sham link Name of the VPN instance
Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd. 3-53
No. 3 4 5
Data Process number of OSPF instance on PE for CEs Local AS number Metric used in sham link and other link parameters
Procedure
Step 1 Run:
system-view
A loopback interface is created and the loopback interface view is displayed. A sham link of each VPN instance must have an end interface address that is an address of the loopback interface. The address has a 32-bit mask. Multiple sham links of a OSPF process can share the same address. The end addresses of two sham links of different OSPF processes must be different. Step 3 Run:
ip binding vpn-instance vpn-instance-name
Procedure
Step 1 Run:
3-54 Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd. Issue 03 (2008-09-22)
The direct route is imported. That is, the route of the end address is imported into BGP. BGP advertises the end address of the sham link as the VPN-IPv4 address. ----End
Procedure
Step 1 Run:
system-view
The interface cost of the sham link, namely, cost is 1. The invalid interval of the sham link, namely,dead-interval is 40 seconds.
Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd. 3-55
Issue 03 (2008-09-22)
Interval for sending Hello packets, namely, hello-interval, is 10 seconds. Interval for retransmitting LSA packets, namely, retransmit-interval, is 5 seconds. Delay for sending LSA packets, namely, trans-delay-interval, is 1 second.
The authentication mode on the two ends of the sham link must be the same. If the packet authentication is supported, only the OSPF packets that pass the authentication can be received. If the authentication fails, the neighbor relationship cannot be set up. If the plain text, namely, simple is used, the authenticator type is plain by default. If the MD5 algorithm or HMAC-MD5 algorithm, namely, md5 | hmac-md5 is used, the authenticator type is cipher by default. ----End
Run the display ip routing-table vpn-instance command. You can find the routes from the PE to the peer CE is the OSPF routes that pass through the user network rather than the BGP routes that pass through the backbone network. Run the display ip routing-table and the tracert commands on the CE. You can find the VPN traffic from the CE to the peer is forwarded through the backbone network. Run the display ospf process-id sham-link command on the PE. You can find the OSPF neighbor status between the PE and the peer CE is Full. Run the display ospf routing on the CE. You can find the routes from the CE to the peer CE is learned as the intra-area routes.
3.11.2 Configuring the OSPF Multi-Instance on the PE 3.11.3 Configuring the OSPF Multi-Instance on the Multi-Instance CE 3.11.4 Canceling the Loop Detection on the Multi-Instance CE 3.11.5 Checking the Configuration
Pre-configuration Tasks
Before configuring the multi-VPN-instance CE, complete the following tasks:
l
Configuring VPN Instances on the multi-instance CE and the PE that the CE accesses (each service with a VPN instance) Configuring the link layer protocol and network layer protocol for LAN interfaces and connecting LAN with the multi-instance CE (each service using an interface to access the multi-instance CE) Binding related VPN instances with the interfaces of the multi-instance CE and PE interfaces through which the PE accesses the multi-instance and configuring IP addresses for those interfaces
Data Preparation
To configure multi-VPN-instance CE, you need the following data. No. 1 2 3 Data Names of the VPN instances corresponding with the OSPF processes used by each service OSPF process number and Router ID used by each service Routes advertised by each OSPF process
Procedure
Step 1 Run:
system-view
The OSPF multi-instance is configured. Different services have different OSPF process IDs. However, router IDs of different services can be either the same or not. Step 3 Run:
area area-id
The IP address of the interface connected to the multi-instance CE is advertised. Step 5 Run:
quit
Context
Do as follows on the multi-instance CE.
Procedure
Step 1 Run:
system-view
The OSPF multi-instance is configured. The OSPF process ID corresponds to that of the PE. Step 3 Run:
area area-id
Procedure
Step 1 Run:
system-view
Run the following command to check the previous configuration. Action Check the VPN routing table on the multi-instance CE. Command display ip routing-table vpn-instance vpn-instancename [ verbose ]
Run the display ip routing-table vpn-instance command on the multi-instance CE to check the VPN routing table. If there are routes to the LAN and the remote nodes for each service, it means the configuration succeeds.
CE1
3-60
Issue 03 (2008-09-22)
Pre-configuration Tasks
Before configuring PBR to VPN, complete the following tasks:
l
Connecting the interfaces, configuring physical parameters for the interfaces, and ensuring that the physical status of the interfaces is Up Configuring basic BGP/MPLS IP VPN Defining the complex traffic classification based on information about Layer 2, Layer 3, and Layer 4
NOTE
l l
For details on the configuration of the complex traffic classification, refer to the Quidway NetEngine80E/ 40E Router Configuration Guide QoS.
Data Preparation
To configure PBR to VPN, you need the following data. No. 1 2 3 4 5 6 Data Name of the VPN instance corresponding with the private network routing table available to the packets Name of a traffic class, ACL number, DSCP value, 802.1p priority, and TCP flag value Name of a traffic behavior Name of a traffic policy VPN group number to which packets are redirected in the policy Number of the interface that the policy-based route is applied to
Procedure
Step 1 Run:
system-view
l l
The VPN instances added to a VPN group must exist.A VPN instance can be added to different VPN groups. The VPN instances in a VPN group are arranged in the configuration sequence. If vpn-instance is not used, a VPN group with no VPN instances is created.If a VPN group exists, when you use the vpn-group command to re-add the existing VPN instances to the VPN group, the VPN instances remain in the previous sequence.
----End
Procedure
Step 1 Run:
system-view
Procedure
Step 1 Run:
system-view
3-62
Issue 03 (2008-09-22)
The traffic behavior is associated with the traffic class. In the traffic policy view, each class can be associated with only one traffic behavior. To associate a traffic class with multiple traffic behaviors, you can add multiple actions to the traffic behavior. Step 4 Run:
quit
The command line interface (CLI) returns to the system view. Step 5 Run:
interface interface-type interface-number
Procedure
Step 1 Run:
system-view
The static route is configured. You can configure a private network static route on a PE, and specify the export of another private network or public network as the export of this static route. Thus, the packets from user accessing some VPN can return, based on the routing table, which does not belong to this VPN.
Issue 03 (2008-09-22) Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd. 3-63
If vpn-instance vpn-destination-name is specified, packets are returned from another VPN. As shown in 3.12.1 Establishing the Configuration Task, the route from PC to VPN 2 is exported from the routing table of VPN 1. In this case, VPN 2 is specified by vpn-instance-name and VPN 1 is specified by vpn-destination-name. If public is specified, route to a VPN is exported through the routing table of a public network. ----End
Run the display vpn-group all command. If all VPN groups of the device are displayed, it means that the configuration succeeds and the VPN groups are set up. Run the display vpn-group vpngroup-name command. You can view the basic information of a VPN group and the sequence of VPN instances in a VPN group.
<Quidway> display vpn-group all vpn-group-number: 2 vpn-group: vg1 vg2 <Quidway> display vpn-group vg1 vpn-group: vg1 vpn-instance: vpna vpnb behavior: b1
Run display traffic behavior command on the ingress PE. You can view the configuration of a traffic behavior and actions in the behavior. Run the display traffic classifier command on the ingress PE. You can view the configuration of the traffic classification rules.
3-64 Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd. Issue 03 (2008-09-22)
Run display traffic policy command on the ingress PE. You can view the association between the traffic class and traffic behavior in a traffic policy. Run the display ip routing-table vpn-instance command on the ingress PE. If the VPN routing table contains the routes to the user network, it means that the configuration succeeds.
Pre-configuration Tasks
Before configuring VPN users to access the Internet, complete the following tasks:
l l
Setting up the VPN network Translating the private network address to the public network address through Network Address Translation (NAT) if the VPN user uses a private network address
Data Preparation
None.
Procedure
Step 1 Run:
system-view
Step 2 Run:
ip route-static dest-ip-address { mask | mask-length } { interface-type interfacenumber [ nexthop-address ] | nexthop-address } [ preference value ] [ description text ]
The static route to the public network destination address. dest-ip-address can be the destination address of the public network or 0.0.0.0. If the dest-ipaddress is 0.0.0.0, the static route is also called default route, the mask of which must be 0.0.0.0 or the mask-length of which must be 0. Note that, the out-interface must be the interface connected directly with the PE, and the next-hop is the IP address of the peer PE interface connected directly with the CE. ----End
3.13.3 Configuring the Static Route on the PE and Import the Static Route to VPN
Context
Do as follows on the PE.
Procedure
Step 1 Run:
system-view
The static route from the VPN to Internet is configured and the next-hop address is a public network address. ----End
3.13.4 Configuring the Static Route to VPN on the Device of the Public Network
Context
Do as follows on the PE.
Procedure
Step 1 Run:
system-view
ip route-static dest-ip-address { mask | mask-length } { interface-type interfacenumber [ nexthop-address ] | vpn-instance vpn-destination-name nexthop-address | nexthop-address } [ preference value ] [ description text ]
The static route from the public network to the VPN is configured and the next-hop address is a private network address. ----End
Run the display ip routing-table vpn-instance command on the PE, and you can find that the route to the CE and the route to the destination device in the public network exist in the VPN routing table. Run the display ip routing-table command on the CE, and you can find that the CE has the route to the destination device in the public network and the destination device in the public network has the route to the CE. The CE and the destination device in the public network can successfully ping each other.
Pre-configuration Tasks
Before configuring IP FRR of private network, complete the following tasks:
Issue 03 (2008-09-22) Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd. 3-67
Setting up the VPN network Generating two unequal-cost routes by the routing protocols that binds the VPN instance Configuring the routing policy on the router to achieve internetworking
Data Preparation
To configure the IP FRR of private network, you need the following data. No. 1 2 3 Data Name of the routing policy Name of the VPN instance Backup out-interface and the backup next hop
Procedure
Step 1 Run:
system-view
The routing policy node is created and the routing policy view is displayed. Step 3 Run:
apply backup-interface interface-type interface-number
The backup next hop is configured. For P2P links, a backup next hop is not necessary. For non-P2P links, a backup next hop is necessary. ----End
Context
Do as follows on the router.
Procedure
Step 1 Run:
system-view
Pre-configuration Tasks
Before configuring VPN FRR, complete the following tasks:
l l l l
Configuring the routing protocol on the routers to achieve internetworking Generating two unequal-cost routes by configuring different costs or metrics Setting up the VPN network Creating the IP prefix that matches the Loopback interface of PE
Data Preparation
To configure the VPN FRR, you need the following data. No. 1 2 3 Data Name of the routing policy and the name of the IP prefix Name of the VPN instance Backup out-interface and the backup next hop
Procedure
Step 1 Run:
system-view
The routing policy node is created and the routing policy view is displayed. Step 3 (Optional) Run:
apply backup-nexthop { ip-address | auto }
The backup next hop is configured. For a P2P link, the backup next hop need not be configured; for a non-P2P link, the backup next hop must be specified. ----End
Context
Do as follows on the router.
Procedure
Step 1 Run:
system-view
Run the display ip routing-table vpn-instance verbose command on the PE configured with VPN FRR. If information about the backup next-hop PE, backup tunnel, and label value of the routes is displayed, it means the configuration succeeds. For example, configure the primary next hop and the backup next hop of 10.1.1.0 to be 2.2.2.2 and 3.3.3.3 respectively. The display about the backup next hop, backup tunnel, and backup label is as follows:
<Quidway> display ip routing-table vpn-instance vpn1 10.1.1.0 Routing Table : vpn1 Summary Count : 2 Destination: 10.1.1.0/30 Protocol: BGP Process ID: 0 Preference: 255 Cost: 0 NextHop: 3.3.3.3 Neighbour: 3.3.3.3 State: Inactive Adv GotQ Age: 01h02m04s Tag: 0 Priority: 0 Label: 15363 QoSInfo: 0x0 RelayNextHop: 0.0.0.0 Interface: Pos2/0/0 TunnelID: 0x6002000 Destination: 10.1.1.0/30 Protocol: BGP Process ID: 0 Preference: 255 Cost: 0 NextHop: 2.2.2.2 Neighbour: 2.2.2.2 State: Active Adv GotQ Age: 00h21m57s Tag: 0 Priority: 0 Label: 15362 QoSInfo: 0x0 RelayNextHop: 0.0.0.0 Interface: Pos1/0/0 verbose
Issue 03 (2008-09-22)
3-71
The GR capability cannot ensure that the traffic is not broken if the neighboring router performs the AMB/ SMB switchover at the same time.
When configuring VPN GR, you must configure the IGP GR, BGP GR and MPLS LDP GR on the PE, configure the IGP GR and the MPLS LDP GR on the P, and configure the IGP GR or the BGP GR on the CE. If more than one domain is traversed, you must configure the IGP GR, BGP GR and MPLS LDP GR on the ASBR PE.
Pre-configuration Tasks
Before configuring VPN GR, complete the following tasks:
l l
Establishing the VPN environment and configuring the VPN Configuring the common IGP GR (such as the IS-IS GR and the OSPF GR), BGP GR and MPLS LDP GR on PEs and Ps in all related backbone networks to ensure that the backbone network has the GR capability
NOTE
For details of the common IGP GR, BGP GR and MPLS LDP GR, refer to Chapter 3 "HA Configuration" in the NE80E/40E Router Configuration Guide - Reliability.
Data Preparation
To configure VPN GR, you need the following data.
3-72 Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd. Issue 03 (2008-09-22)
No. 1 2 3 4 5 6
Data Interval for re-establishing the GR session (by default, it is 300 seconds) if the IS-IS GR is enabled Interval for the GR time if the OSPF GR is enabled (optional) Reconnection time of the MPLS LDP session (by default, it is 300 seconds) Validity period of the MPLS LDP neighbors (by default, it is 600 seconds) Maximum time of restarting the GR Restarter (by default, it is 150 seconds) Time of waiting for the End-of-Rib messages (by default, it is 600 seconds)
The GR capability of IS-IS is enabled. By default, the GR capability of IS-IS is disabled. 4. Run:
graceful-restart interval timer
The interval for re-establishing the GR session of IS-IS is configured. This step is optional. The interval for re-establishing the GR session of IS-IS is set to the Hold time in the Hello PDU of IS-IS. In this way, the neighbor does not terminate the adjacency relationship with the router when the router performs the AMB/SMB switchover. By default, the interval for re-establishing the GR session of IS-IS is set to 300 seconds. 5. Run:
graceful-restart suppress-sa
The GR Restarter is configured to suppress the advertisement of the adjacency relationship when the GR Restarter is restarting. This step is optional.
Issue 03 (2008-09-22) Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd. 3-73
The suppress advertisement (SA) bit is used in the Hello PDUs by a restarting router to request its neighbors to suppress advertising the adjacency to the restarting router in their LSPs. The SA bit is removed once its database synchronization is over. Enabling this feature avoids the black hole effect caused by sending and receiving LSP during the restart process. If the administrator does not want the restarting router to set the SA bit in its Hello PDUs, the administrator can use the undo graceful-restart suppress-sa command to disable setting the SA bit in the Hello PDUs. By default, the SA bit does not take effect. l Configuring the OSPF GR on the Backbone Network If OSPF is run on the public network routing, do as follows on the related PEs and Ps on the backbone network: 1. Run:
system-view
The out-of-band synchronization capability of OSPF is enabled. 5. Perform the following as required:
To enable the GR Help capability of OSPF and configure the interval at which the Restarter performs the GR, run:
graceful-restart help { ip-prefix prefix-list | acl-number }
It is suggested to enable the GR capability of OSPF on all the related PEs and Ps on the backbone network. By default, the GR capability of OSPF and the GR Help capability of OSPF are disabled. ----End
Procedure
l Configure MPLS LDP GR. 1. Run:
system-view
The reconnection period of the MPLS LDP session is configured. By default, the reconnection period is set to 300 seconds. 5. (Optional) Run:
graceful-restart timer neighbor-liveness timer
The validity period of MPLS LDP neighbors is configured. By default, the validity period of MPLS LDP neighbors is 600 seconds. 6. Run:
graceful-restart timer recovery timer
The MPLS LDP recovery period is configured. By default, the MPLS LDP recovery period is 300 seconds.
NOTE
When the GR capability of MPLS LDP is enabled or the GR parameters are modified, the LDP session is reestablished.
Run:
Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd. 3-75
The GR capability of RSVP TE is enabled. In addition, the GR capability of the peer is also supported. By default, the GR capability of RSVP TE is disabled. 6. Run:
mpls rsvp-te hello support-peer-gr
The Hello session is established between nodes of RSVP TE enabled with GR capability. ----End
3.16.4 Configuring the GR of the Routing Protocol Between PEs and CEs
Procedure
l Configuring the GR of the IS-IS Multi-instance Between PEs and CEs Do as follows if IS-IS is run between the PE and the CE: 1. Run:
system-view
The GR capability of IS-IS is enabled. By default, the GR capability of IS-IS is disabled. 4. Run:
graceful-restart interval timer
The interval for re-establishing the GR session of IS-IS is configured. (Optional) The interval for re-establishing the GR session of IS-IS is set to the Hold time in the Hello PDU of IS-IS. In this way, the neighbor does not terminate the adjacency relationship with the router when the router performs the AMB/SMB switchover. By default, the interval for re-establishing the GR session of IS-IS is set to 300 seconds. 5. Run:
graceful-restart suppress-sa
The GR Restarter is configured to suppress the advertisement of the adjacency relationship when the GR Restarter is restarting. (Optional)
3-76 Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd. Issue 03 (2008-09-22)
The suppress advertisement (SA) bit is used in the Hello PDUs by a restarting router to request its neighbors to suppress advertising the adjacency to the restarting router in their LSPs. The SA bit is removed once its database synchronization is over. Enabling this feature avoids the black hole effect caused by sending and receiving LSP during the restart process. If the administrator does not want the restarting router to set the SA bit in its Hello PDUs, the administrator can use the undo graceful-restart suppress-sa command to disable setting the SA bit in the Hello PDUs. By default, the SA bit does not take effect. l Configuring the GR of the OSPF Multi-instance Between PEs and CES Do as follows if OSPF is run between the PE and the CE: 1. Run:
system-view
To enable the GR Help capability of OSPF and configure the interval at which the Restarter performs the GR, run:
graceful-restart help { ip-prefix prefix-list | acl-number }
It is suggested to enable the GR capability of OSPF on all the related PEs and Ps on the backbone network. By default, the local link signaling capability, the out-of-band capability, the GR Help capability and the GR capability of OSPF are all disabled. l Configuring BGP GR Between PEs and CEs Do as follows on the PE and CE if EBGP is run between the PE and the CE: 1. Run:
system-view
2.
Run:
bgp as-number
The maximum time for restarting the GR Restarter is configured. (Optional) After the Receiving Speaker detects that the GR session is interrupted, it waits for the configured reconnection time to re-establish the session. By default, the restart time is set to 150 seconds. 5. Run:
graceful-restart timer wait-for-rib timer
The time of waiting for the End-of-RIB message is configured. (Optional) By default, the GR capability of BGP is disabled and the default time of waiting for End-of-RIB is 600 seconds. ----End
3-78
Issue 03 (2008-09-22)
Pre-configuration Tasks
Before configuring route reflection to optimize the VPN backbone layer, complete the following tasks:
l
Configuring the routing protocol for the MPLS backbone network to implement IP interworking between routers in the backbone network Establishing tunnels (LSPs, GRE tunnels, or MPLS TE tunnels) between the RR and all Client PEs
Data Preparation
To configure the BGP VPNv4 route reflection, you need the following data. No. 1
Issue 03 (2008-09-22)
No. 2 3
Data Type and number of the interfaces used to set up the TCP connection IP address of the peer
3.17.2 Configuring the Client PEs to Establish MP IBGP Connections with the RR
Context
Do as follows on all Client PEs:
Procedure
Step 1 Run:
system-view
The interface is specified as an interface to establish the TCP connection. The IP address of the interface must be the same as the MPLS LSR ID. It is recommended to specify a loopback interface to establish the TCP connection. Step 5 Run:
ipv4-family vpnv4
The capability of exchanging VPNv4 routes between the PE and the RR is enabled. ----End
3.17.3 Configuring the RR to Establish MP IBGP Connections with the Client PEs
3-80 Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd. Issue 03 (2008-09-22)
Context
Do as follows on the RR:
Procedure
l Configuring the RR to Establish MP IBGP Connections with the Peer Group 1. Run:
system-view
The interface is specified as an interface to establish the TCP connection. The IP address of the interface must be the same as the MPLS LSR ID. It is recommended to specify a loopback interface to establish the TCP connection. 6. Run:
ipv4-family vpnv4
The capability of exchanging IPv4 VPN routes between the RR and the peer group is enabled. 8. Run:
peer ip-address group group-name
The peer is added to the peer group. l Configuring the RR to Establish an MP IBGP Connection with Each Client PE 1. Run:
system-view
Issue 03 (2008-09-22)
3-81
The interface is specified as an interface to establish the TCP connection. The IP address of the interface must be the same as the MPLS LSR ID. It is recommended to specify a loopback interface to establish the TCP connection. 5. Run:
ipv4-family vpnv4
The capability of exchanging VPNv4 routes between the RR and the Client PE is enabled. ----End
Procedure
Step 1 Run:
system-view
The BGP VPNv4 address family view is displayed. Step 4 Enable route reflection for BGP VPNv4 routes on the RR.
l
Run the peer { group-name | peer-ipv4-address } reflect-client command to enable route reflection if the RR establishes the MP IBGP connection with the peer group consisting of Client PEs. Run the peer peer-ipv4-address reflect-client command repeatedly to enable route reflection if the RR establishes the MP IBGP connection with each PE rather than peer group.
Step 5 Run:
undo policy vpn-target
You can find that the status of the MP IBGP connections between the RR and all Client PEs is "Established" after running the display bgp vpnv4 all peer command on the RR or Client PEs. You can find that the RR and each Client PE can receive and send VPNv4 routing information between each other after running the display bgp vpnv4 all routing-table peer command on the RR or the Client PEs. If the peer group is configured, you can view information about the group members and find that the status of the BGP connections between the RR and the group members is "Established" after running the display bgp vpnv4 all group command on the RR.
Pre-configuration Tasks
Before configuring route reflection to optimize the VPN access layer, configure a routing protocol for the MPLS backbone network to implement IP interworking between the routers in the backbone network.
Data Preparation
Before configuring route reflection to optimize the VPN access layer, you need the following data. No. 1 2 3 Data Local AS number and peer AS number Type and number of the interfaces used to set up the TCP connection IP address of the peer
3.18.2 Configuring All Client CEs to Establish IBGP Connections with the RR
Context
Do as follows on all Client CEs:
Procedure
Step 1 Run:
system-view
3-84
Issue 03 (2008-09-22)
The interface is specified as an interface to establish the TCP connection. The IP address of the interface must be the same as the MPLS LSR ID. It is recommended to specify a loopback interface to establish the TCP connection. Step 5 Run:
ipv4-family unicast
The capability of exchanging BGP IPv4 routes between the Client CE and the RR is enabled. ----End
3.18.3 Configuring the RR to Establish MP IBGP Connections with All Client CEs
Context
Do as follows on the RR:
Procedure
l Establishing the MP IBGP Connection with the Peer Group 1. Run:
system-view
The interface is specified as an interface to establish the TCP connection. The IP address of the interface must be the same as the MPLS LSR ID. It is recommended to specify a loopback interface to establish the TCP connection.
Issue 03 (2008-09-22) Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd. 3-85
6.
Run:
ipv4-family vpn-instance vpn-instance-name
The peer group of the BGP IPv4 VPN instance is configured. 8. Run:
peer ip-address group group-name
The peer is added to the peer group. l Establishing the MP IBGP Connection with Each Peer Perform Step 1 to Step 6 repeatedly on the RR to establish MP IBGP connections with all Client CEs. 1. Run:
system-view
The interface is specified as an interface to establish the TCP connection. The IP address of the interface must be the same as the MPLS LSR ID. It is recommended to specify a loopback interface to establish the TCP connection. 5. Run:
ipv4-family vpn-instance vpn-instance-name
3.18.4 Configuring Route Reflection for the Routes of the BGP VPN Instance
Context
Do as follows on the RR:
3-86 Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd. Issue 03 (2008-09-22)
Procedure
Step 1 Run:
system-view
The BGP VPN instance view is displayed. Step 4 Enable route reflection for the routes of the BGP VPNv4 instance on the RR.
l
Run the peer { group-name | peer-ipv4-address } reflect-client command to enable route reflection if the RR establishes the MP IBGP connection with the peer group consisting of all Client CEs. Run the peer peer-ipv4-address reflect-client command repeatedly to enable route reflection if the RR establishes the MP IBGP connection with each PE rather than the peer group.
The reflection policy is configured for the RR. This command is required only on the RR. Step 6 (Optional) Run:
reflect between-clients
Route reflection between the Client CEs is enabled. By default, route reflection between the Client CEs is enabled. If the Client CEs are fully connected, you can use the undo reflect between-clients command to disable route reflection between the clients to reduce the cost. Step 7 (Optional) Run:
reflector cluster-id cluster-id
The cluster ID of the RR is set. If a cluster has multiple RRs, you can use this command to set the same cluster ID for these RRs to prevent routing loops. By default, the cluster ID is the router ID. ----End
Action View information about the peer group of the BGP VPN instance on the RR. View information about the BGP peer on the Client CE. View information about the routes received from the peer or the routes advertised to the peer on the RR. View information about the routes received from the peer or the routes advertised to the peer on the Client CE. View information about the VPNv4 peer group on the RR. View information about the VPNv4 peer group on the CE.
Command display bgp [ vpnv4 vpn-instance vpn-instancename ] peer [ ipv4-address | group-name ] verbose display bgp peer [ ipv4-address| group-name ] verbose display bgp vpnv4 all routing-table peer peer-ipv4address { advertised-routes | received-routes } [ statistics ] display bgp peer peer-ipv4-address { advertisedroutes | received-routes } [ statistics ]
display bgp vpnv4 vpn-instance vpn-instance-name group [ group-name ] display bgp group [ group-name ]
You can find that the status of the MP IBGP connections between the RR and all Client CEs is "Established" after running the display bgp vpnv4 all peer command on the RR. You can find that the status of the IBGP connections between the RR and all Client CEs is "Established" after running the display bgp peer command on the Client CE. You can view the routing information advertised by the RR to the Client CE or the routing information advertised by the Client CE to the RR after running the display bgp vpnv4 all routing-table peer command on the RR. You can view the routing information advertised by the Client CE to the RR and the routing information advertised by the RR to the Client CE after running the display bgp peer peeripv4-address { advertised-routes | received-routes } [ statistics ] command on the Client CE. If the peer group is configured, you can view information about the group members and find that the status of the BGP connections between the RR and the group members is "Established" after running the display bgp vpnv4 all group command on the RR.
Pre-configuration Tasks
Before configuring convergence priorities for VPN routes, complete one of the following tasks:
l l l
Configuring Basic BGP/MPLS IP VPN Configuring Inter-AS VPN Option A Configuring Inter-AS VPN Option B
NOTE
The inter-AS VPN Option C does not support convergence priorities for VPN routes.
Data Preparation
To configure convergence priorities for VPN routes, you need the following data. No. 1 2 3 Data RD filter Convergence priorities for VPN routes Routing policy that defines convergence priorities for VPN routes
Procedure
Step 1 Run:
system-view
Issue 03 (2008-09-22)
3-89
The convergence priority is configured for the route that matches the if-match rd-filter command. ----End
The import routing policy is applied. l Applying the Routing Policy in the VPNv4 Address Family View on the ASBR PEs or the VPNv4 RRs 1. Run:
system-view
3-90
Issue 03 (2008-09-22)
Run the display bgp vpnv4 all routing-table ip-address command on the devices configured with convergence priorities for BGP VPNv4 routes and the BGP IPv4 VPN instance routes, and you can view the convergence priorities for the routes. For example:
<Quidway> display bgp vpnv4 all routing-table 10.1.1.0 Total routes of Route Distinguisher(100:1): 1 BGP routing table entry information of 10.1.1.0/24: Label information (Received/Applied): 15360/15362 From: 100.1.3.1 (100.1.3.1) Original nexthop: 1100.1.3.1 Ext-Community: <1 : 1> Convergence Priority: 2 AS-path Nil, origin incomplete, MED 0, localpref 100, pref-val 0, valid, internal, best, pre 255 Advertised to such 1 peers: 6.6.6.6
Command display ip routing-table vpn-instance vpn-instancename [ [ filter-option ] [ verbose ] | statistics ] display ip vpn-instance [ verbose ] [ vpn-instancename ] display bgp [ vpnv4 { all | vpn-instance vpninstance-name } ] routing-table label
Issue 03 (2008-09-22)
Command display bgp vpnv4 { all | route-distinguisher routedistinguisher | vpn-instance vpn-instance-name } routing-table destination-address [ mask | masklength ] display bgp vpnv4 {all |route-distinguisher routedistinguisher | vpn-instance vpn-instance-name } routing-table statistics [ match-options ] display bgp vpnv4 { all | vpn-instance vpn-instancename } group [ group-name ] display bgp vpnv4 { all | vpn-instance vpn-instancename } peer [ [ peer-ip-address ] verbose ] display bgp vpnv4 { all | vpn-instance vpn-instancename } network display bgp vpnv4 { all | vpn-instance vpn-instancename } paths [ as-regular-expression ] display bgp vpnv4 vpn-instance vpn-instancename peer { group-name | peer-ip-address } log-info
Check statistics of the BGP VPNv4 routing table. Check information about the BGP VPNv4 peer group. Check the BGP VPNv4 peer information. Check the routing information advertised by BGP VPNv4. Check the AS path information of BGP VPNv4. Check BGP peer's log information of specified VPN instance.
Check the gateway that the packet passes by from the source to the destination
After the VPN configuration, using the ping command with -vpn-instance vpn-instancename on PE, you can check whether the PE and the CEs that belongs to the same VPN can communicate with each other. If the ping fails, you can use the tracert command with -vpninstance vpn-instance-name to locate the fault. If multiple interfaces bound to the same VPN exist on the PE, specify the source IP address, that is -a source-ip-address when you ping or tracert the remote CE that accesses the peer PE. Otherwise, the ping or tracert may fail. Because if you do not specify a source IP address, the PE chooses the smallest IP address of the interface bound to the VPN on the PE as the source address of the ICMP packet randomly. If no
Issue 03 (2008-09-22) Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd. 3-93
route to the selected address exists on the CE, the ICMP packet sent back from the peer PE is discarded.
NOTE
By default, as for the MPLS TTL timeout packet with level 1 label, the router returns the ICMP packet according to the local IP route, which is the route of the public network. However, no VPN route exists in the public-network routing table of the ASBR PE. Therefore, the ICMP packet is discarded when it is sent from the ASBR PE or returns to the ASBR PE. In this situation, the ping can succeed. To tracert the correct path that the operator network forwards the packet of the private network on the operator network, it is recommended to configure the undo ttl expiration command on the following devices:
l l l
Level 1 carrier's PE devices in the carrier's carrier network SPE devices in the HoVPN ASBR PE devices of the inter-AS VPN
Command refresh bgp vpn-instance vpn-instance-name { all | peer-ip-address | group group-name | internal | external } import refresh bgp vpn-instance vpn-instance-name { all | peer-ip-address | group group-name | internal | external } export refresh bgp vpnv4 { all | peer-ip-address | group group-name | internal | external } import
Issue 03 (2008-09-22)
Action Trigger the outbound soft reset of BGP VPNv4 connection. Reset BGP connections of a VPN instance. Reset BGP VPNv4 connections.
Command refresh bgp vpnv4 { all | peer-ip-address | group group-name | internal | external } export reset bgp vpn-instance vpn-instance-name { asnumber | peer-ip-address | group group-name | all | internal | external } reset bgp vpnv4 { as-number | peer-ip-address | group group-name | all | internal | external }
CAUTION
Debugging affects the performance of the system. So, after the debugging, run the undo debugging all command to disable it immediately. Run the following debugging commands in the user view to debug BGP/MPLS IP VPN and locate the fault. For more information, see the chapter "Maintenance and Debugging" in the NE80E/40E Router Configuration Guide - System Management. Action Enable the debugging of BGP peers in a VPN instance. Enable the packet debugging of BGP peers in a VPN instance. Enable the BGP Update packets debugging of VPN instances. Enable the BGP Update packets debugging of BGP VPNv4 routes. Enable the BGP Update packets debugging of labeled routes. Command debugging bgp vpn-instance vpn-instance-name peeraddress { all | event | graceful-restart | timer } debugging bgp vpn-instance vpn-instance-name peeraddress { keepalive | open | packet | raw-packet | routerefresh } [ receive | send ] [ verbose ] debugging bgp update vpn-instance vpn-instancename peer ip-address [ acl acl-number | ip-prefix ipprefix-name ] [ receive | send ] [ verbose ] debugging bgp update vpnv4 [ peer ip-address ] [ receive | send ] [ verbose ] debugging bgp update label-route [ peer ip-address ] [ acl acl-number | ip-prefix ip-prefix-name ] [ receive | send ] [ verbose ]
Issue 03 (2008-09-22)
3-95
CE1 and CE3 are in VPN-A while CE2 and CE4 are in VPN-B. Users in different VPN cannot access each other. The VPN target attribute of VPN-A is 111:1, and that of VPN-B is 222:2. VPN routing information is exchanged between CE and PE through the EBGP.
Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd. Issue 03 (2008-09-22)
3-96
Intercommunication between PEs is implemented through the OSPF. The VPN routing information is exchanged between PEs through the MP-IBGP.
PE1
POS1/0/0 172.1.1.2/24
POS2/0/0 172.2.1.1/24
PE2
POS3/0/0 172.1.1.1/24
POS3/0/0 172.2.1.2/24
GE1/0/0 10.2.1.1/24
GE1/0/0 10.4.1.1/24
Configuration Roadmap
The configuration roadmap is as follows: 1. 2. 3. Configure OSPF between PEs to implement interworking. Configure the basic MPLS functions and MPLS LDP on the PEs and establish the MPLS LSPs between the PEs. Configure the VPN instance on the PE connected with the CE in the backbone network, bind the PE interface connected with the CE to the corresponding VPN instance, and then reconfigure the IP address for the PE interface connected with the CE. Configure MP IBGP to exchange the VPN routing information between the PEs. Configure EBGP between the CE and the PE to exchange the VPN routing information.
4. 5.
Data Preparation
To configure BGP/MPLS IP VPN, you need the following data:
l l l
MPLS LSR ID on the PEs and the Ps RD of VPN-A and VPN-B VPN-Target of VPN-A and VPN-B
Issue 03 (2008-09-22)
3-97
Configuration Procedure
1. Configure IGP on MPLS backbone to make the PEs and the Ps reach each other. # Configure PE1.
<Quidway> system-view [Quidway] sysname PE1 [PE1] interface loopback 1 [PE1-LoopBack1] ip address 1.1.1.9 32 [PE1-LoopBack1] quit [PE1] interface pos3/0/0 [PE1-Pos3/0/0] ip address 172.1.1.1 24 [PE1-Pos3/0/0] quit [PE1] ospf [PE1-ospf-1] area 0 [PE1-ospf-1-area-0.0.0.0] network 172.1.1.0 0.0.0.255 [PE1-ospf-1-area-0.0.0.0] network 1.1.1.9 0.0.0.0 [PE1-ospf-1-area-0.0.0.0] quit [PE1-ospf-1] quit
# Configure P.
<Quidway> system-view [Quidway] sysname P [P] interface loopback 1 [P-LoopBack1] ip address 2.2.2.9 32 [P-LoopBack1] quit [P] interface pos 1/0/0 [P-Pos1/0/0] ip address 172.1.1.2 24 [P-Pos1/0/0] quit [P] interface pos 2/0/0 [P-Pos2/0/0] ip address 172.2.1.1 24 [P-Pos2/0/0] quit [P] ospf [P-ospf-1] area 0 [P-ospf-1-area-0.0.0.0] network 172.1.1.0 0.0.0.255 [P-ospf-1-area-0.0.0.0] network 172.2.1.0 0.0.0.255 [P-ospf-1-area-0.0.0.0] network 2.2.2.9 0.0.0.0 [P-ospf-1-area-0.0.0.0] quit [P-ospf-1] quit
# Configure PE2.
<Quidway> system-view [Quidway] sysname PE2 [PE2] interface loopback 1 [PE2-LoopBack1] ip address 3.3.3.9 32 [PE2-LoopBack1] quit [PE2] interface pos 3/0/0 [PE2-Pos3/0/0] ip address 172.2.1.2 24 [PE2-Pos3/0/0] quit [PE2] ospf [PE2-ospf-1] area 0 [PE2-ospf-1-area-0.0.0.0] network 172.2.1.0 0.0.0.255 [PE2-ospf-1-area-0.0.0.0] network 3.3.3.9 0.0.0.0 [PE2-ospf-1-area-0.0.0.0] quit [PE2-ospf-1] quit
After the configuration, the OSPF neighbor relationship should be established between PE1, P and PE2. After running the display ospf peer command, you can find that the OSPF neighbor relationship is in Full state. Run the display ip routing-table command on the PE, and you can view the Loopback1 routes imported from the peer. Take PE1 as an example:
[PE1] display ip routing-table Route Flags: R - relied, D - download to fib -----------------------------------------------------------------------------Routing Tables: Public Destinations : 9 Routes : 9 Destination/Mask Proto Pre Cost Flags NextHop Interface
3-98
Issue 03 (2008-09-22)
1.1.1.9/32 Direct 0 0 D 127.0.0.1 InLoopBack0 2.2.2.9/32 OSPF 10 2 D 172.1.1.2 Pos3/0/0 3.3.3.9/32 OSPF 10 3 D 172.1.1.2 Pos3/0/0 127.0.0.0/8 Direct 0 0 D 127.0.0.1 InLoopBack0 127.0.0.1/32 Direct 0 0 D 127.0.0.1 InLoopBack0 172.1.1.0/24 Direct 0 0 D 172.1.1.1 Pos3/0/0 172.1.1.1/32 Direct 0 0 D 127.0.0.1 InLoopBack0 172.1.1.2/32 Direct 0 0 D 172.1.1.2 Pos3/0/0 172.2.1.0/24 OSPF 10 2 D 172.1.1.2 Pos3/0/0 [PE1] display ospf peer OSPF Process 1 with Router ID 1.1.1.9 Neighbors Area 0.0.0.0 interface 172.1.1.1(Pos3/0/0)'s neighbors Router ID: 172.1.1.2 Address: 172.1.1.2 GR State: Normal State: Full Mode:Nbr is Master Priority: 1 DR: None BDR: None MTU: 1500 Dead timer due in 38 sec Neighbor is up for 00:02:44 Authentication Sequence: [ 0 ]
2.
Configure basic MPLS capability and MPLS LDP on the MPLS backbone network to setup LDP LSP. # Configure PE1.
[PE1] mpls lsr-id 1.1.1.9 [PE1] mpls [PE1-mpls] lsp-trigger all [PE1-mpls] quit [PE1] mpls ldp [PE1-mpls-ldp] quit [PE1] interface pos 3/0/0 [PE1-Pos3/0/0] mpls [PE1-Pos3/0/0] mpls ldp [PE1-Pos3/0/0] quit
# Configure P.
[P] mpls lsr-id 2.2.2.9 [P] mpls [P-mpls] lsp-trigger all [P-mpls] quit [P] mpls ldp [P-mpls-ldp] quit [P] interface pos 1/0/0 [P-Pos1/0/0] mpls [P-Pos1/0/0] mpls ldp [P-Pos1/0/0] quit [P] interface pos 2/0/0 [P-Pos2/0/0] mpls [P-Pos2/0/0] mpls ldp [P-Pos2/0/0] quit
# Configure PE2.
[PE2] mpls lsr-id 3.3.3.9 [PE2] mpls [PE2-mpls] lsp-trigger all [PE2-mpls] quit [PE2] mpls ldp [PE2-mpls-ldp] quit [PE2] interface pos 3/0/0 [PE2-Pos3/0/0] mpls [PE2-Pos3/0/0] mpls ldp [PE2-Pos3/0/0] quit
After the configuration, LDP sessions are set up between PE1, P and PE2. After running the display mpls ldp session command on the routers, you can find the status of the session is "Operational" in the display result. Run the display mpls ldp lsp command, and view the state of the LDP LSP. Take the PE1 as an example:
Issue 03 (2008-09-22) Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd. 3-99
[PE1] display mpls ldp session LDP Session(s) in Public Network ------------------------------------------------------------------------Peer-ID Status LAM SsnRole SsnAge KA-Sent/Rcv ------------------------------------------------------------------------2.2.2.9:0 Operational DU Passive 000:00:01 5/5 ------------------------------------------------------------------------TOTAL: 1 session(s) Found. LAM : Label Advertisement Mode SsnAge Unit : DDD:HH:MM [PE1] display mpls ldp lsp LDP LSP Information -----------------------------------------------------------------SN DestAddress/Mask In/OutLabel Next-Hop In/Out-Interface -----------------------------------------------------------------1 1.1.1.9/32 3/NULL 127.0.0.1 Pos3/0/0/InLoop0 2 2.2.2.9/32 NULL/3 172.1.1.2 -------/Pos3/0/0 3 3.3.3.9/32 NULL/1024 172.1.1.2 -------/Pos3/0/0 -----------------------------------------------------------------TOTAL: 3 Normal LSP(s) Found. TOTAL: 0 Liberal LSP(s) Found. A '*' before an LSP means the LSP is not established A '*' before a Label means the USCB or DSCB is stale
3.
Configure VPN instances on PEs and bind the instance to the interfaces of CEs. # Configure PE1.
[PE1] ip vpn-instance vpna [PE1-vpn-instance-vpna] route-distinguisher 100:1 [PE1-vpn-instance-vpna] vpn-target 111:1 both [PE1-vpn-instance-vpna] quit [PE1] ip vpn-instance vpnb [PE1-vpn-instance-vpnb] route-distinguisher 100:2 [PE1-vpn-instance-vpnb] vpn-target 222:2 both [PE1-vpn-instance-vpnb] quit [PE1] interface gigabitethernet 1/0/0 [PE1-GigabitEthernet1/0/0] ip binding vpn-instance vpna [PE1-GigabitEthernet1/0/0] ip address 10.1.1.2 24 [PE1-GigabitEthernet1/0/0] quit [PE1] interface gigabitethernet 2/0/0 [PE1-GigabitEthernet2/0/0] ip binding vpn-instance vpnb [PE1-GigabitEthernet2/0/0] ip address 10.2.1.2 24 [PE1-GigabitEthernet2/0/0] quit
# Configure PE2.
[PE2] ip vpn-instance vpna [PE2-vpn-instance-vpna] route-distinguisher 200:1 [PE2-vpn-instance-vpna] vpn-target 111:1 both [PE2-vpn-instance-vpna] quit [PE2] ip vpn-instance vpnb [PE2-vpn-instance-vpnb] route-distinguisher 200:2 [PE2-vpn-instance-vpnb] vpn-target 222:2 both [PE2-vpn-instance-vpnb] quit [PE2] interface gigabitethernet 1/0/0 [PE2-GigabitEthernet1/0/0] ip binding vpn-instance vpna [PE2-GigabitEthernet1/0/0] ip address 10.3.1.2 24 [PE2-GigabitEthernet1/0/0] quit [PE2] interface gigabitethernet 2/0/0 [PE2-GigabitEthernet2/0/0] ip binding vpn-instance vpnb [PE2-GigabitEthernet2/0/0] ip address 10.4.1.2 24 [PE2-GigabitEthernet2/0/0] quit
# Configure IP address for the CE interface according to Figure 3-4. The configuration procedure is not mentioned here. After the configuration, view the configuration of VPN instances by running the display ip vpn-instance verbose command on the PEs. The PE can ping through its own CE. Take PE1 and CE1 for example:
[PE1] display ip vpn-instance verbose Total VPN-Instances configured : 2
3-100
Issue 03 (2008-09-22)
VPN-Instance Name and ID : vpna, 1 Create date : 2006/09/21 11:30:35 Up time : 0 days, 00 hours, 05 minutes and 19 seconds Route Distinguisher : 100:1 Export VPN Targets : 111:1 Import VPN Targets : 111:1 Label policy: label per route Interfaces : GigabitEthernet1/0/0 VPN-Instance Name and ID : vpnb, 2 Create date : 2006/09/21 11:31:18 Up time : 0 days, 00 hours, 04 minutes and 36 seconds Route Distinguisher : 100:2 Export VPN Targets : 222:2 Import VPN Targets : 222:2 Interfaces : GigabitEthernet2/0/0 [PE1] ping -vpn-instance vpna 10.1.1.1 PING 10.1.1.1: 56 data bytes, press CTRL_C to break Reply from 10.1.1.1: bytes=56 Sequence=1 ttl=255 time=56 ms Reply from 10.1.1.1: bytes=56 Sequence=2 ttl=255 time=4 ms Reply from 10.1.1.1: bytes=56 Sequence=3 ttl=255 time=4 ms Reply from 10.1.1.1: bytes=56 Sequence=4 ttl=255 time=52 ms Reply from 10.1.1.1: bytes=56 Sequence=5 ttl=255 time=3 ms --- 10.1.1.1 ping statistics --5 packet(s) transmitted 5 packet(s) received 0.00% packet loss round-trip min/avg/max = 3/23/56 ms
4.
Establish the EBGP peer relationship between the PE and the CE to import VPN routes. # Configure CE1.
[CE1] bgp 65410 [CE1-bgp] peer 10.1.1.2 as-number 100 [CE1-bgp] import-route direct
NOTE
The configuration of CE2, CE3 and CE4 is similar to CE1 and their configuration procedures are not mentioned here.
# Configure PE1.
[PE1] bgp 100 [PE1-bgp] ipv4-family vpn-instance vpna [PE1-bgp-vpna] peer 10.1.1.1 as-number 65410 [PE1-bgp-vpna] import-route direct [PE1-bgp-vpna] quit [PE1-bgp] ipv4-family vpn-instance vpnb [PE1-bgp-vpnb] peer 10.2.1.1 as-number 65420 [PE1-bgp-vpnb] import-route direct [PE1-bgp-vpnb] quit
NOTE
The configuration of PE2 is similar to PE1 and the configuration procedure is not mentioned here.
After the configuration, run the display bgp peer or the display bgp vpnv4 all peer command. You can find that the BGP peer relationship has been established between the PE and the CE. Take the peer relationship between PE1 and CE1 as an example.
[PE1] display bgp vpnv4 vpn-instance vpna peer BGP local router ID : 1.1.1.9 Local AS number : 100 Total number of peers : 1 Peers in established state : 1 Peer V AS MsgRcvd MsgSent OutQ Up/Down State PrefRcv 10.1.1.1 4 65410 11 9 0 00:06:37 Established 1
5.
Issue 03 (2008-09-22)
# Configure PE1.
[PE1] bgp 100 [PE1-bgp] peer 3.3.3.9 as-number 100 [PE1-bgp] peer 3.3.3.9 connect-interface loopback 1 [PE1-bgp] ipv4-family vpnv4 [PE1-bgp-af-vpnv4] peer 3.3.3.9 enable [PE1-bgp-af-vpnv4] quit
# Configure PE2.
[PE2] bgp 100 [PE2-bgp] peer 1.1.1.9 as-number 100 [PE2-bgp] peer 1.1.1.9 connect-interface loopback 1 [PE2-bgp] ipv4-family vpnv4 [PE2-bgp-af-vpnv4] peer 1.1.1.9 enable [PE2-bgp-af-vpnv4] quit
After the configuration, you can find that the BGP peer relationship has been set up between PE1 and PE2 by running the display bgp peer command or the display bgp vpnv4 all peer command.
[PE1] display bgp peer BGP local router ID : 1.1.1.9 Local AS number : 100 Total number of peers : 1 Peers in established state : 1 Peer V AS MsgRcvd MsgSent OutQ Up/Down State PrefRcv 3.3.3.9 4 100 2 6 0 00:00:12 Established 0 [PE1] display bgp vpnv4 all peer BGP local router ID : 1.1.1.9 Local AS number : 100 Total number of peers : 3 Peers in established state : 3 Peer V AS MsgRcvd MsgSent OutQ Up/Down State PrefRcv 3.3.3.9 4 100 12 18 0 00:09:38 Established 0 Peer of vpn instance: vpn instance vpna : 10.1.1.1 4 65410 25 25 0 00:17:57 Established 1 vpn instance vpnb : 10.2.1.1 4 65420 21 22 0 00:17:10 Established 1
6.
Verify the configuration. Running the display ip routing-table vpn-instance command on the PE, you can find the route to peer CEs. Take PE1 as an example.
[PE1] display ip routing-table vpn-instance vpna Route Flags: R - relied, D - download to fib -----------------------------------------------------------------------------Routing Tables: vpna Destinations : 3 Routes : 3 Destination/Mask Proto Pre Cost Flags NextHop Interface 10.1.1.0/24 Direct 0 0 D 10.1.1.2 GigabitEthernet1/0/0 10.1.1.2/32 Direct 0 0 D 127.0.0.1 InLoopBack0 10.3.1.0/24 BGP 255 0 RD 3.3.3.9 Pos3/0/0 [PE1] display ip routing-table vpn-instance vpnb Route Flags: R - relied, D - download to fib -----------------------------------------------------------------------------Routing Tables: vpnb Destinations : 3 Routes : 3 Destination/Mask Proto Pre Cost Flags NextHop Interface 10.2.1.0/24 Direct 0 0 D 10.2.1.2 GigabitEthernet2/0/0 10.2.1.2/32 Direct 0 0 D 127.0.0.1 InLoopBack0 10.4.1.0/24 BGP 255 0 RD 3.3.3.9 Pos3/0/0
The CEs in the same VPN can ping through each other while two CEs in different VPNs cannot ping through each other. For example, CE1 can ping through CE3 (10.3.1.1) but cannot ping through CE4 (10.4.1.1).
3-102 Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd. Issue 03 (2008-09-22)
[CE1] ping 10.3.1.1 PING 10.3.1.1: 56 data bytes, press CTRL_C to break Reply from 10.3.1.1: bytes=56 Sequence=1 ttl=253 time=72 Reply from 10.3.1.1: bytes=56 Sequence=2 ttl=253 time=34 Reply from 10.3.1.1: bytes=56 Sequence=3 ttl=253 time=50 Reply from 10.3.1.1: bytes=56 Sequence=4 ttl=253 time=50 Reply from 10.3.1.1: bytes=56 Sequence=5 ttl=253 time=34 --- 10.3.1.1 ping statistics --5 packet(s) transmitted 5 packet(s) received 0.00% packet loss round-trip min/avg/max = 34/48/72 ms [CE1] ping 10.4.1.1 PING 10.4.1.1: 56 data bytes, press CTRL_C to break Request time out Request time out Request time out Request time out Request time out --- 10.4.1.1 ping statistics --5 packet(s) transmitted 0 packet(s) received 100.00% packet loss
ms ms ms ms ms
Configuration Files
l
Issue 03 (2008-09-22)
3-103
Configuration file of P
# sysname P # mpls lsr-id 2.2.2.9 mpls lsp-trigger all # mpls ldp # interface Pos1/0/0 link-protocol ppp ip address 172.1.1.2 255.255.255.0 mpls mpls ldp # interface Pos2/0/0 link-protocol ppp ip address 172.2.1.1 255.255.255.0 mpls mpls ldp # interface LoopBack1 ip address 2.2.2.9 255.255.255.255 # ospf 1 area 0.0.0.0 network 172.1.1.0 0.0.0.255 network 172.2.1.0 0.0.0.255 network 2.2.2.9 0.0.0.0 # return
3-104
Issue 03 (2008-09-22)
Issue 03 (2008-09-22)
3-105
3-106
Issue 03 (2008-09-22)
AS:100
POS1/0/0 172.1.1.2/24
POS2/0/0 172.2.1.1/24
P
Loopback1 1.1.1.9/32 POS2/0/0 172.1.1.1/24 POS2/0/0 172.2.1.2/24 Loopback1 2.2.2.9/32
PE1
GE1/0/0 10.1.1.2/24 Tunnel5/0/0 20.1.1.1/24
GRE Tunnel
Tunnel5/0/0 20.1.1.2/24
PE2
GE1/0/0 10.2.1.2/24 GE1/0/0 10.2.1.1/24
GE1/0/0 10.1.1.1/24
CE2
Configuration Roadmap
The configuration roadmap is as follows: 1. 2. 3. 4. 5. 6. Configure common routing protocol (OSPF in this example) on the backbone network to implement interworking between the PEs. Establish GRE tunnels between the PEs. Enable MPLS on the PEs. Configure the tunnel policy on the PEs and specify the tunnel transmitting VPN traffic as GRE. Configure MP IBGP between the PEs to exchange VPN routing information. Configure EBGP between the CE and the PE to exchange VPN routing information.
Data Preparation
To configure BGP/MPLS IP VPN with the GRE tunnel, you need the following data:
l l l l l
The MPLS LSR-ID on the PE The tunnel policy configured on the PE The VPN instance name, RD and the route attribute The source address, destination address of the two ends of the GRE tunnel The IP address of the tunnel interface GRE
Configuration Procedure
1.
Issue 03 (2008-09-22)
Configure the IP address to each physical and loopback interface as shown in Figure 3-5. Run the undo shutdown command to change each physical interface to Up. The details of the configuration are not mentioned here. 2. Configure IGP on backbone to implement the interconnection among the PEs and the Ps. In this example, we use OSPF as the IGP on backbone. The configuration procedure is not mentioned here. After the configuration, the OSPF adjacency should be established between PE1, P and PE2. Using the display ospf peer command, you can see that the status of OSPF neighbor is "FULL". Using the display ip routing-table command, you can see that the PEs have learnt each other's loopback interface route. 3. Configure MPLS basic capabilities on PEs. # Configure PE1.
<PE1> system-view [PE1] mpls lsr-id 1.1.1.9 [PE1] mpls [PE1-mpls] quit
# Configure PE2.
<PE2> system-view [PE2] mpls lsr-id 2.2.2.9 [PE2] mpls [PE2-mpls] quit
4.
Configure VPN instances on the PE to associate the CEs, adopt a tunnel policy on the PE and specify a GRE tunnel to forward VPN packets. # Configure PE1.
[PE1] tunnel-policy gre1 [PE1-tunnel-policy-gre1] tunnel select-seq gre load-balance-number 1 [PE1-tunnel-policy-gre1] quit [PE1] ip vpn-instance vpna [PE1-vpn-instance-vpna] route-distinguisher 100:1 [PE1-vpn-instance-vpna] vpn-target 100:1 both [PE1-vpn-instance-vpna] tnl-policy gre1 [PE1-vpn-instance-vpna] quit [PE1] interface gigabitethernet 1/0/0 [PE1-GigabitEthernet1/0/0] ip binding vpn-instance vpna [PE1-GigabitEthernet1/0/0] ip address 10.1.1.2 24 [PE1-GigabitEthernet1/0/0] quit
# Configure PE2.
[PE2] tunnel-policy gre1 [PE2-tunnel-policy-gre1] tunnel select-seq gre load-balance-number 1 [PE2-tunnel-policy-gre1] quit [PE2] ip vpn-instance vpna [PE2-vpn-instance-vpna] route-distinguisher 100:2 [PE2-vpn-instance-vpna] vpn-target 100:1 both [PE2-vpn-instance-vpna] tnl-policy gre1 [PE2-vpn-instance-vpna] quit [PE2] interface gigabitethernet 1/0/0 [PE2-GigabitEthernet1/0/0] ip binding vpn-instance vpna [PE2-GigabitEthernet1/0/0] ip address 10.2.1.2 24 [PE2-GigabitEthernet1/0/0] quit
# Configure CE1.
<CE1> system-view [CE1] interface gigabitethernet 1/0/0 [CE1-GigabitEthernet1/0/0] ip address 10.1.1.1 24 [CE1-GigabitEthernet1/0/0] quit
# Configure CE2.
<CE2> system-view [CE2] interface gigabitethernet 1/0/0
3-108
Issue 03 (2008-09-22)
After the configuration, run the display ip vpn-instance verbose command on the PE and you will see the configuration of VPN instances. The PEs can ping through the CEs connected to it.
[PE1] display ip vpn-instance verbose Total VPN-Instances configured : 1 VPN-Instance Name and ID : vpna, 1 Create date : 2006/10/11 16:12:02 Up time : 0 days, 00 hours, 03 minutes and 07 seconds Route Distinguisher : 100:1 Export VPN Targets : 100:1 Import VPN Targets : 100:1 Label policy: label per route Tunnel Policy : gre1 Interfaces : GigabitEthernet1/0/0 [PE1] ping -vpn-instance vpna 10.1.1.1 PING 10.1.1.1: 56 data bytes, press CTRL_C to break Reply from 10.1.1.1: bytes=56 Sequence=1 ttl=255 time=27 ms Reply from 10.1.1.1: bytes=56 Sequence=2 ttl=255 time=33 ms Reply from 10.1.1.1: bytes=56 Sequence=3 ttl=255 time=7 ms Reply from 10.1.1.1: bytes=56 Sequence=4 ttl=255 time=29 ms Reply from 10.1.1.1: bytes=56 Sequence=5 ttl=255 time=9 ms --- 10.1.1.1 ping statistics --5 packet(s) transmitted 5 packet(s) received 0.00% packet loss round-trip min/avg/max = 7/21/33 ms
5.
Establish EBGP peers between the PE and the CE to import VPN routes. # Configure CE1.
[CE1] bgp 65410 [CE1-bgp] peer 10.1.1.2 as-number 100 [CE1-bgp] import-route direct
# Configure PE1.
[PE1] bgp 100 [PE1-bgp] ipv4-family vpn-instance vpna [PE1-bgp-vpna] peer 10.1.1.1 as-number 65410 [PE1-bgp-vpna] import-route direct [PE1-bgp-vpna] quit [PE1-bgp] quit
NOTE
The configuration of CE2 is similar to that of CE1, and the configuration of PE2 is similar to that of PE1. Their configuration procedures are not mentioned here.
After the configuration, run the display bgp vpnv4 vpn-instance peer command on the PE. You can find that the BGP peer has been established between the PE and the CE, the peer state is "Established".
[PE1] display bgp vpnv4 vpn-instance vpna peer BGP local router ID : 1.1.1.9 Local AS number : 100 Total number of peers : 1 Peers in established state : 1 Peer V AS MsgRcvd MsgSent OutQ Up/Down State PrefRcv 10.1.1.1 4 65410 5 5 0 00:02:03 Established 1
6.
Issue 03 (2008-09-22)
3-109
The configuration of the PE2 is similar to that of the PE1. Their configuration procedures are not mentioned here.
After the configuration, using the display bgp peer or display bgp vpnv4 all peer command on the PE, you can find that the BGP peer has been established between the PEs, and the status of the peer is "Established".
[PE1] display bgp vpnv4 all peer BGP local router ID : 1.1.1.9 Local AS number : 100 Total number of peers : 2 Peer V AS MsgRcvd 2.2.2.9 4 100 4 Peer of vpn instance: vpn instance vpna : 10.1.1.1 4 65410 12
Peers in established state : 2 MsgSent OutQ Up/Down State PrefRcv 7 0 00:01:22 Established 1 11 0 00:08:13 Established 1
7.
The source and destination of a GRE tunnel are the interfaces used to establish the MP-IBGP peer relationship between the PEs.
# Configure PE1.
[PE1] interface loopback1 [PE1-loopback1] target-board 5 [PE1-loopback1] binding tunnel gre [PE1-loopback1] quit [PE1] interface tunnel 5/0/0 [PE1-Tunnel5/0/0] tunnel-protocol gre [PE1-Tunnel5/0/0] source loopback 1 [PE1-Tunnel5/0/0] destination 2.2.2.9 [PE1-Tunnel5/0/0] ip address 20.1.1.1 24 [PE1-Tunnel5/0/0] quit
# Configure PE2.
[PE2] interface loopback1 [PE2-loopback1] target-board 5 [PE2-loopback1] binding tunnel gre [PE2-loopback1] quit [PE2] interface tunnel 5/0/0 [PE2-Tunnel5/0/0] tunnel-protocol gre [PE2-Tunnel5/0/0] source loopback 1 [PE2-Tunnel5/0/0] destination 1.1.1.9 [PE2-Tunnel5/0/0] ip address 20.1.1.2 24 [PE2-Tunnel5/0/0] quit
8.
Verify the configuration. After the configuration, the CEs should have learnt each other's interface route.
[CE1] display ip routing-table Route Flags: R - relied, D - download to fib -----------------------------------------------------------------------------Routing Tables: Public Destinations : 5 Routes : 5 Destination/Mask Proto Pre Cost Flags NextHop Interface 10.1.1.0/24 Direct 0 0 D 10.1.1.1 GigabitEthernet1/0/0 10.1.1.1/32 Direct 0 0 D 127.0.0.1 InLoopBack0 10.2.1.0/24 BGP 255 0 D 10.1.1.2 GigabitEthernet1/0/0 127.0.0.0/8 Direct 0 0 D 127.0.0.1 InLoopBack0 127.0.0.1/32 Direct 0 0 D 127.0.0.1 InLoopBack0
In the VPN routing table on the PE, there should be a BGP route to the destination CE network.
3-110 Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd. Issue 03 (2008-09-22)
Shutdown any one interface of the GRE tunnel to find that CEs cannot ping through each other. Consider PE1and CE1 as examples: # Shutdown the GRE tunnel interface on PE1.
[PE1] interface tunnel 5/0/0 [PE1-Tunnel5/0/0] shutdown
The result is that CE1 cannot ping through CE2. This clarifies that VPN traffic is encapsulated by the GRE tunnel and then forwarded through it.
Configuration Files
l
Issue 03 (2008-09-22)
3-111
Configuration file of P
# sysname P # interface Pos1/0/0 undo shutdown link-protocol ppp ip address 172.1.1.2 255.255.255.0
3-112
Issue 03 (2008-09-22)
Issue 03 (2008-09-22)
3-113
Loopback1 1.1.1.9/32
Loopback1 2.2.2.9/32 POS1/0/0 20.1.1.2/24 POS2/0/0 20.1.1.1/24 POS2/0/0 30.1.1.2/24 POS2/0/0 30.1.1.1/24 P
Loopback1 3.3.3.9/32
PE1
POS1/0/0 10.1.1.2/24 POS1/0/0 10.1.1.1/24
PE2
POS1/0/0 10.2.1.2/24 POS1/0/0 10.2.1.1/24 GE2/0/0 200.1.1.1/24
Backbone AS 100
CE1
GE2/0/0 100.1.1.1/24
CE2
VPN1 AS 600
VPN1 AS 600
Configuration Roadmap
The configuration roadmap is as follows: 1. Configure IGP on the backbone network to realize the interconnection between PEs and between the PE and the P.
Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd. Issue 03 (2008-09-22)
3-114
2. 3. 4.
Set up the MPLS LDP LSP between PEs. Create the VPN instance on the PE. Configure the CE to access the PE. Set up the EBGP relationship between the PE and the CE. Import the route of the CE to the PE. Configure the BGP AS number substitution on the PE.
Data Preparation
To configure the BGP AS number substitution, you need the following data:
l l l
MPLS LSR-ID of the PE and the P The VPN instance created on the PE1 and PE2 The same AS number used by the CE1 and the CE2 (It is different from the AS number of the backbone network.)
Configuration Procedure
1. Configure basic BGP/MPLS IP VPN. The configuration of basic BGP/MPLS IP VPN includes:
l
Configure OSPF on the MPLS backbone network. PE and P can learn routes of the Loopback interface from each other. Configure MPLS basic capability and MPLS LDP on the MPLS backbone network to establish LDP LSP. Establish the MP-IBGP neighbor between PEs and advertise VPN-IPv4 routes. Configure the VPN instances of VPN1 on PE2 and associate it with CE2. Configure the VPN instances of VPN1 on PE1 and associate it with CE1. Configure BGP between PE1 and CE1, and between PE2 and CE2 to import CE routes into PE.
l l l l
After the configuration given above, run the display ip routing-table command on CE. It shows that CE2 can learn the route of the network segment (10.1.1.0/24) of the interface on CE1 that is connected with PE1. There is no route to the VPN site (100.1.1.0/24) of the CE1. The same situation occurs on CE1.
[CE2] display ip routing-table Route Flags: R - relied, D - download to fib -----------------------------------------------------------------------------Routing Tables: Public Destinations : 8 Routes : 8 Destination/Mask Proto Pre Cost Flags NextHop Interface 10.1.1.0/24 BGP 255 0 D 10.2.1.2 Pos1/0/0 10.1.1.1/32 BGP 255 0 D 10.2.1.2 Pos1/0/0 10.2.1.0/24 Direct 0 0 D 10.2.1.1 Pos1/0/0 10.2.1.1/32 Direct 0 0 D 127.0.0.1 InLoopBack0 10.2.1.2/32 Direct 0 0 D 10.2.1.2 Pos1/0/0 127.0.0.0/8 Direct 0 0 D 127.0.0.1 InLoopBack0 127.0.0.1/32 Direct 0 0 D 127.0.0.1 InLoopBack0 200.1.1.0/24 Direct 0 0 D 200.1.1.1 GigabitEthernet2/0/0 200.1.1.1/32 Direct 0 0 D 127.0.0.1 InLoopBack0
Run the display ip routing-table vpn-instance command on PE. It shows that there are routes to the VPN site of the remote CE in the VPN instances of the PE. Consider PE2 as an example:
[PE2] display ip routing-table vpn-instance vpn1 Route Flags: R - relied, D - download to fib
Issue 03 (2008-09-22)
3-115
-----------------------------------------------------------------------------Routing Tables: vpn1 Destinations : 7 Routes : 7 Destination/Mask Proto Pre Cost Flags NextHop Interface 10.1.1.0/24 BGP 255 0 RD 1.1.1.9 Pos2/0/0 10.1.1.1/32 BGP 255 0 RD 1.1.1.9 Pos2/0/0 10.2.1.0/24 Direct 0 0 D 10.2.1.2 Pos1/0/0 10.2.1.1/32 Direct 0 0 D 10.2.1.1 Pos1/0/0 10.2.1.2/32 Direct 0 0 D 127.0.0.1 InLoopBack0 100.1.1.0/24 BGP 255 0 RD 1.1.1.9 Pos2/0/0 200.1.1.0/24 BGP 255 0 D 10.2.1.1 Pos1/0/0
Enable the BGP update packets debugging on PE2. It shows that PE2 advertises the route to 100.1.1.0/24 and the AS path information is "100 600".
<PE2> terminal monitor <PE2> terminal debugging <PE2> debugging bgp update vpn-instance vpn1 peer 10.2.1.1 verbose <PE2> refresh bgp vpn-instance vpn1 all export *0.4402392 PE2 RM/7/RMDEBUG: BGP.vpn1: Send UPDATE to 10.2.1.1 for following destinations : Origin : Incomplete AS Path : 100 600 Next Hop : 10.2.1.2 100.1.1.0/24,
Run the display bgp routing-table peer received-routes command on CE2. It shows that CE2 does not receive the route to 100.1.1.0/24.
[CE2] display bgp routing-table peer 10.2.1.2 received-routes Total Number of Routes: 4 BGP Local router ID is 10.2.1.1 Status codes: * - valid, > - best, d - damped, h - history, i - internal, s - suppressed, S - Stale Origin : i - IGP, e - EGP, ? - incomplete Network NextHop MED LocPrf PrefVal Path/Ogn *> 10.1.1.0/24 10.2.1.2 0 100? *> 10.1.1.1/32 10.2.1.2 0 100? * 10.2.1.0/24 10.2.1.2 0 0 100? * 10.2.1.1/32 10.2.1.2 0 0 100?
2.
Substitute the BGP AS number. # Substitute the BGP AS number on the PEs. Consider PE2 as an example.
[PE2] bgp 100 [PE2-bgp] ipv4-family vpn-instance vpn1 [PE2-bgp-vpn1] peer 10.2.1.1 substitute-as
In the route advertised by PE2 to CE2, it shows that the AP path information of 100.1.1.0/24 changes from "100 600" to "100 100".
*0.13498737 PE2 RM/7/RMDEBUG: BGP.vpn1: Send UPDATE to 10.2.1.1 for following destinations : Origin : Incomplete AS Path : 100 100 Next Hop : 10.2.1.2 100.1.1.0/24,
3-116
Issue 03 (2008-09-22)
*> 100.1.1.0/24 10.2.1.2 0 100 100? [CE2] display ip routing-table Route Flags: R - relied, D - download to fib -----------------------------------------------------------------------------Routing Tables: Public Destinations : 10 Routes : 10 Destination/Mask Proto Pre Cost Flags NextHop Interface 10.1.1.0/24 BGP 255 0 D 10.2.1.2 Pos1/0/0 10.1.1.1/32 BGP 255 0 D 10.2.1.2 Pos1/0/0 10.2.1.0/24 Direct 0 0 D 10.2.1.1 Pos1/0/0 10.2.1.1/32 Direct 0 0 D 127.0.0.1 InLoopBack0 10.2.1.2/32 Direct 0 0 D 10.2.1.2 Pos1/0/0 100.1.1.1/24 BGP 255 0 D 10.2.1.2 Pos1/0/0 127.0.0.0/8 Direct 0 0 D 127.0.0.1 InLoopBack0 127.0.0.1/32 Direct 0 0 D 127.0.0.1 InLoopBack0 200.1.1.0/24 Direct 0 0 D 127.0.0.1 GigabitEthernet2/0/0 200.1.1.1/32 Direct 0 0 D 127.0.0.1 InLoopBack0
Configure the BGP AS number substitution function on the PE1. The GigabitEthernet interfaces of CE1 and CE2 can then ping through each other.
[CE1] ping a 100.1.1.1 200.1.1.1 PING 200.1.1.1: 56 data bytes, press CTRL_C to break Reply from 200.1.1.1: bytes=56 Sequence=1 ttl=253 time=109 ms Reply from 200.1.1.1: bytes=56 Sequence=2 ttl=253 time=67 ms Reply from 200.1.1.1: bytes=56 Sequence=3 ttl=253 time=66 ms Reply from 200.1.1.1: bytes=56 Sequence=4 ttl=253 time=85 ms Reply from 200.1.1.1: bytes=56 Sequence=5 ttl=253 time=70 ms --- 200.1.1.1 ping statistics --5 packet(s) transmitted 5 packet(s) received 0.00% packet loss round-trip min/avg/max = 66/79/109 ms
Configuration Files
l
Issue 03 (2008-09-22)
3-117
Configuration file of P
# sysname P # mpls lsr-id 2.2.2.9 mpls lsp-trigger all # mpls ldp # interface Pos1/0/0 link-protocol ppp ip address 20.1.1.2 255.255.255.0 mpls mpls ldp # interface Pos2/0/0 link-protocol ppp ip address 30.1.1.1 255.255.255.0 mpls mpls ldp # interface LoopBack1 ip address 2.2.2.9 255.255.255.255 # ospf 1 area 0.0.0.0 network 2.2.2.9 0.0.0.0
3-118
Issue 03 (2008-09-22)
Issue 03 (2008-09-22)
3-119
Hub-PE
POS1/0/0 10.1.1.2/24 Loopback1 1.1.1.9/32 POS2/0/0 10.1.1.1/24 GE1/0/0 100.1.1.2/24 POS2/0/0 11.1.1.2/24 Loopback1 2.2.2.9/32 Loopback1 3.3.3.9/32 POS2/0/0 11.1.1.1/24
Spoke-PE2 GE1/0/0
120.1.1.2/24
GE1/0/0 100.1.1.1/24
GE1/0/0 120.1.1.1/24
Configuration Roadmap
The configuration roadmap is as follows: 1. Set up the IBGP peer relationship between the Hub-PE and Spoke-PE. (There is no need to set up the IBGP peer relationship between the Spoke-PEs.)
3-120
Issue 03 (2008-09-22)
2.
Create two VPN instances on the Hub-PE. Set the VPN-target community attribute as advertised by two Spoke-PEs. Set the advertised VPN-target community attribute to be different from the received one. Create a VPN instance on the Spoke-PE. Set the imported VPN-target community attribute to be the one that advertised by the Hub-PE. Set the VPN-target community attribute for the advertised route. Configure BGP between the CE and the PE. Configure Hub-PE to receive the route with the AS repeated for one time.
3.
4. 5.
Data Preparation
To configure the hub and spoke, you need the following data:
l l
MPLS LSR ID on the PE The VPN instance name of the Hub-PE and Spoke-PE, RD and the VPN-target
Configuration Procedure
1. Configure IGP to implement the inter-networking between the Hub-PE and the Spoke-PE in the backbone network. The OSPF is used in this instance, and the specific configuration procedures are not mentioned. After the configuration, the OSPF neighbor relationship is established between the PEs. After running the display ospf peer command, you can see that the status of the neighbor is Full. After running the display ip routing-table command on the PE, you can see the imported loopback routes of the peer. 2. Configure the basic MPLS capabilities and MPLS LDP on the backbone networks and establish LDP LSP. The specific configuration procedures are not mentioned here. After the configuration, LDP neighbor relationship is established between the Hub-PE and the Spoke-PE. After running the display mpls ldp session command on each device, you can see that the status of the session is "Operational". 3. Configure VPN instances on each PE and connect the CE to the PE.
NOTE
The export VPN target on the Hub-PE must be consistent with the import VPN target on the SpokePE. The import VPN target on the Hub-PE must be consistent with the export VPN target on the SpokePE.
# Configure Spoke-PE 1.
<Spoke-PE1> system-view [Spoke-PE1] ip vpn-instance vpna [Spoke-PE1-vpn-instance-vpna] route-distinguisher 100:1 [Spoke-PE1-vpn-instance-vpna] vpn-target 100:1 export-extcommunity [Spoke-PE1-vpn-instance-vpna] vpn-target 200:1 import-extcommunity [Spoke-PE1-vpn-instance-vpna] quit [Spoke-PE1] interface gigabitethernet 1/0/0 [Spoke-PE1-GigabitEthernet1/0/0] ip binding vpn-instance vpna [Spoke-PE1-GigabitEthernet1/0/0] ip address 100.1.1.2 24
Issue 03 (2008-09-22)
3-121
# Configure Spoke-PE 2.
<Spoke-PE2> system-view [Spoke-PE2] ip vpn-instance vpna [Spoke-PE2-vpn-instance-vpna] route-distinguisher 100:3 [Spoke-PE2-vpn-instance-vpna] vpn-target 100:1 export-extcommunity [Spoke-PE2-vpn-instance-vpna] vpn-target 200:1 import-extcommunity [Spoke-PE2-vpn-instance-vpna] quit [Spoke-PE2] interface gigabitethernet 1/0/0 [Spoke-PE2-GigabitEthernet1/0/0] ip binding vpn-instance vpna [Spoke-PE2-GigabitEthernet1/0/0] ip address 120.1.1.2 24 [Spoke-PE2-GigabitEthernet1/0/0] quit
# Configure Hub-PE.
<Hub-PE> system-view [Hub-PE] ip vpn-instance vpn_in [Hub-PE-vpn-instance-vpn_in] route-distinguisher 100:21 [Hub-PE-vpn-instance-vpn_in] vpn-target 100:1 import-extcommunity [Hub-PE-vpn-instance-vpn_in] quit [Hub-PE] ip vpn-instance vpn_out [Hub-PE-vpn-instance-vpn_out] route-distinguisher 100:22 [Hub-PE-vpn-instance-vpn_out] vpn-target 200:1 export-extcommunity [Hub-PE-vpn-instance-vpn_out] quit [Hub-PE] interface gigabitethernet 3/0/0 [Hub-PE-GigabitEthernet3/0/0] ip binding vpn-instance vpn_in [Hub-PE-GigabitEthernet3/0/0] ip address 110.1.1.2 24 [Hub-PE-GigabitEthernet3/0/0] quit [Hub-PE] interface gigabitethernet 4/0/0 [Hub-PE-GigabitEthernet4/0/0] ip binding vpn-instance vpn_out [Hub-PE-GigabitEthernet4/0/0] ip address 110.2.1.2 24 [Hub-PE-GigabitEthernet4/0/0] quit
# Configure IP addresses of the CE interfaces as shown in Figure 3-7. The configuration procedures are not mentioned here. After the configuration, run the display ip vpn-instance verbose command on the PE devices, and you can see the configurations of VPN instances. Each PE can ping through its attached CEs using the ping -vpn-instance vpn-name ip-address command. 4. Establish EBGP peers between the PE and the CE and import the VPN routes.
NOTE
l l
To accept the routes advertised by Spoke-PE, configure the Spoke-CE to allow AS number to be repeated once. To accept the routes advertised by Hub-PE, configure the Hub-CE to allow AS number to be repeated once.
65410 peer 100.1.1.2 as-number 100 peer 100.1.1.2 allow-as-loop 1 import-route direct quit
# Configure Spoke-CE 1.
[Spoke-CE1] bgp [Spoke-CE1-bgp] [Spoke-CE1-bgp] [Spoke-CE1-bgp] [Spoke-CE1-bgp]
# Configure Spoke-PE 1.
[Spoke-PE1] bgp 100 [Spoke-PE1-bgp] ipv4-family vpn-instance vpna [Spoke-PE1-bgp-vpna] peer 100.1.1.1 as-number 65410 [Spoke-PE1-bgp-vpna] import-route direct [Spoke-PE1-bgp-vpna] quit [Spoke-PE1-bgp] quit
# Configure Spoke-CE 2.
[Spoke-CE2] bgp 65420 [Spoke-CE2-bgp] peer 120.1.1.2 as-number 100 [Spoke-CE2-bgp] peer 120.1.1.2 allow-as-loop 1
3-122
Issue 03 (2008-09-22)
# Configure Spoke-PE 2.
[Spoke-PE2] bgp 100 [Spoke-PE2-bgp] ipv4-family vpn-instance vpna [Spoke-PE2-bgp-vpna] peer 120.1.1.1 as-number 65420 [Spoke-PE2-bgp-vpna] import-route direct [Spoke-PE2-bgp-vpna] quit [Spoke-PE2-bgp] quit
# Configure Hub-CE.
[Hub-CE] bgp [Hub-CE-bgp] [Hub-CE-bgp] [Hub-CE-bgp] [Hub-CE-bgp] 65430 peer 110.1.1.2 as-number 100 peer 110.2.1.2 as-number 100 import-route direct quit
# Configure Hub-PE.
[Hub-PE] bgp 100 [Hub-PE-bgp] ipv4-family vpn-instance vpn_in [Hub-PE-bgp-vpn_in] peer 110.1.1.1 as-number 65430 [Hub-PE-bgp-vpn_in] import-route direct [Hub-PE-bgp-vpn_in] quit [Hub-PE-bgp] ipv4-family vpn-instance vpn_out [Hub-PE-bgp-vpn_out] peer 110.2.1.1 as-number 65430 [Hub-PE-bgp-vpn_out] peer 110.2.1.1 allow-as-loop 1 [Hub-PE-bgp-vpn_out] import-route direct [Hub-PE-bgp-vpn_out] quit [Hub-PE-bgp] quit
After the configuration, run the display bgp vpnv4 all peer command on each PE devices and you can see that the BGP peer relationship is established between the PE and the CE. 5. Establish MP-IBGP peers between the PEs
NOTE
To accept the routes advertised by Hub-PE, configure the Spoke-CE to allow the AS number to be repeated once.
# Configure Spoke-PE 1.
[Spoke-PE1] bgp 100 [Spoke-PE1-bgp] peer 2.2.2.9 as-number 100 [Spoke-PE1-bgp] peer 2.2.2.9 connect-interface loopback 1 [Spoke-PE1-bgp] ipv4-family vpnv4 [Spoke-PE1-bgp-af-vpnv4] peer 2.2.2.9 enable [Spoke-PE1-bgp-af-vpnv4] quit
# Configure Spoke-PE 2.
[Spoke-PE2] bgp 100 [Spoke-PE2-bgp] peer 2.2.2.9 as-number 100 [Spoke-PE2-bgp] peer 2.2.2.9 connect-interface loopback 1 [Spoke-PE2-bgp] ipv4-family vpnv4 [Spoke-PE2-bgp-af-vpnv4] peer 2.2.2.9 enable [Spoke-PE2-bgp-af-vpnv4] quit
# Configure Hub-PE.
[Hub-PE] bgp 100 [Hub-PE-bgp] peer 1.1.1.9 as-number 100 [Hub-PE-bgp] peer 1.1.1.9 connect-interface loopback 1 [Hub-PE-bgp] peer 3.3.3.9 as-number 100 [Hub-PE-bgp] peer 3.3.3.9 connect-interface loopback 1 [Hub-PE-bgp] ipv4-family vpnv4 [Hub-PE-bgp-af-vpnv4] peer 1.1.1.9 enable [Hub-PE-bgp-af-vpnv4] peer 3.3.3.9 enable [Hub-PE-bgp-af-vpnv4] quit
Issue 03 (2008-09-22)
3-123
After the configuration, run the display bgp peer or display bgp vpnv4 all peer command on each PE device. You can see the BGP peer relationship is set up between the PEs. 6. Verify the configuration. After the configuration, the Spoke-CEs can ping through each other. Run the tracert command, and you can see that the traffic between Spoke-CEs is forwarded through HubCE. You can also deduce the number of forwarding devices between Spoke-CEs based on the TTL in the Ping result. Consider Spoke-CE 1 as an example:
[Spoke-CE1] ping 120.1.1.1 PING 120.1.1.1: 56 data bytes, press CTRL_C to break Reply from 120.1.1.1: bytes=56 Sequence=1 ttl=250 time=80 ms Reply from 120.1.1.1: bytes=56 Sequence=2 ttl=250 time=129 ms Reply from 120.1.1.1: bytes=56 Sequence=3 ttl=250 time=132 ms Reply from 120.1.1.1: bytes=56 Sequence=4 ttl=250 time=92 ms Reply from 120.1.1.1: bytes=56 Sequence=5 ttl=250 time=126 ms --- 120.1.1.1 ping statistics --5 packet(s) transmitted 5 packet(s) received 0.00% packet loss round-trip min/avg/max = 80/111/132 ms [Spoke-CE1] tracert 120.1.1.1 traceroute to 120.1.1.1(120.1.1.1) 30 hops max,40 bytes packet 1 100.1.1.2 24 ms 19 ms 11 ms 2 110.2.1.2 87 ms 60 ms 58 ms 3 110.2.1.1 59 ms 27 ms 53 ms 4 110.1.1.2 41 ms 34 ms 56 ms 5 120.1.1.2 90 ms 66 ms 75 ms 6 120.1.1.1 143 ms 96 ms 90 ms
Run the display bgp routing-table command on Spoke-CE, and you can see that there are repetitive AS numbers in AS paths of the BGP routes toward the remote Spoke-CE. Consider Spoke-CE 1 as an example:
[Spoke-CE1] display bgp routing-table Total Number of Routes: 6 BGP Local router ID is 100.1.1.1 Status codes: * - valid, > - best, d - damped, h - history, i - internal, s - suppressed, S - Stale Origin : i - IGP, e - EGP, ? - incomplete Network NextHop MED LocPrf PrefVal Path/Ogn *> 100.1.1.0/24 0.0.0.0 0 0 ? * 100.1.1.2 0 0 100? *> 100.1.1.1/32 0.0.0.0 0 0 ? *> 110.1.1.0/24 100.1.1.2 0 100 65430? *> 110.2.1.0/24 100.1.1.2 0 100? *> 120.1.1.0/24 100.1.1.2 0 100 65430 100?
Configuration Files
l
3-124
Issue 03 (2008-09-22)
Issue 03 (2008-09-22)
3-125
3-126
Issue 03 (2008-09-22)
Issue 03 (2008-09-22)
3-127
POS1/0/0 162.1.1.1/24 Loopback1 4.4.4.9/32 ASBR-PE2 POS1/0/0 162.1.1.2/24 GE2/0/0 10.2.1.2/24 GE1/0/0 10.2.1.1/24
PE1
PE2
CE1 AS 65001
CE2 AS 65002
Configuration Roadmap
The configuration roadmap is as follows: 1. 2. Set up the EBGP peer relationship between the PE and the CE. Set up the MP-IBGP peer relationship between the PE and the ASBR-PE Create the VPN instance on two ASBR-PEs and bind the instance to the interface connected another ASBR-PE. Set up the EBGP peer relationship between ASBR-PEs
Data Preparation
To complete the configuration, you need the following data:
l l
MPLS LSR-ID of the PE and the ASBR-PE The VPN instance names of the PE and the ASBR-PE, RD and the VPN-target
Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd. Issue 03 (2008-09-22)
3-128
Configuration Procedure
1. Configure IGP on the MPLS backbone of AS 100 and AS 200 respectively to make ASBRPE and PE can reach each other in the same AS. OSPF is used as the IGP in this example, the configuration procedure is not mentioned.
NOTE
The 32-bit loopback interface address used as LSR ID should be advertised by OSPF.
After the configuration, the OSPF neighbor relationship should be established between the ASBR-PE and the PE of the same AS. Run the display ospf peer command to find that the OSPF neighbor relationship is in "Full" state. The ASBR-PE and the PE in the same AS can ping through each other and can learn the Loopback interface address of each other. 2. Configure MPLS basic capability and MPLS LDP on the MPLS backbone of AS 100 and AS 200 respectively to set up LDP LSP. # Configure basic MPLS capability on PE1 and enable LDP on the interface connecting ASBR-PE 1.
<PE1> system-view [PE1] mpls lsr-id 1.1.1.9 [PE1] mpls [PE1-mpls] lsp-trigger all [PE1-mpls] quit [PE1] mpls ldp [PE1-mpls-ldp] quit [PE1] interface pos1/0/0 [PE1-Pos1/0/0] mpls [PE1-Pos1/0/0] mpls ldp [PE1-Pos1/0/0] quit
# Configure basic MPLS capability on ASBR-PE 1 and enable LDP on the interface connecting PE1.
<ASBR-PE1> system-view [ASBR-PE1] mpls lsr-id 2.2.2.9 [ASBR-PE1] mpls [ASBR-PE1-mpls] lsp-trigger all [ASBR-PE1-mpls] quit [ASBR-PE1] mpls ldp [ASBR-PE1-mpls-ldp] quit [ASBR-PE1] interface pos1/0/0 [ASBR-PE1-Pos1/0/0] mpls [ASBR-PE1-Pos1/0/0] mpls ldp [ASBR-PE1-Pos1/0/0] quit
# Configure basic MPLS capability on ASBR-PE 2 and enable LDP on the interface connecting PE2.
<ASBR-PE2> system-view [ASBR-PE2] mpls lsr-id 3.3.3.9 [ASBR-PE2] mpls [ASBR-PE2-mpls] lsp-trigger all [ASBR-PE2-mpls] quit [ASBR-PE2] mpls ldp [ASBR-PE2-mpls-ldp] quit [ASBR-PE2] interface pos1/0/0 [ASBR-PE2-Pos1/0/0] mpls [ASBR-PE2-Pos1/0/0] mpls ldp [ASBR-PE2-Pos1/0/0] quit
# Configure basic MPLS capability on PE2 and enable LDP on the interface connecting ASBR-PE 2.
<PE2> system-view [PE2] mpls lsr-id 4.4.4.9 [PE2] mpls
Issue 03 (2008-09-22)
3-129
After the configuration, the LDP neighbor relationship should be established between the PE and the ASBR-PE in the same AS. Running the display mpls ldp session command on the routers, you can find the session state is "Operational" in the output information. Consider PE1 as an example.
[PE1] display mpls ldp session LDP Session(s) in Public Network -------------------------------------------------------------------------Peer-ID Status LAM SsnRole SsnAge KA-Sent/Rcv -------------------------------------------------------------------------2.2.2.9:0 Operational DU Passive 000:00:02 9/9 -------------------------------------------------------------------------TOTAL: 1 session(s) Found. LAM : Label Advertisement Mode SsnAge Unit : DDD:HH:MM
3.
Configure basic BGP/MPLS IP VPN on the MPLS backbone of AS 100 and AS 200 respectively.
NOTE
The VPN target of the VPN instances of the ASBR-PE and the PE in the same AS should match. In different ASs, the matching of the VPN target attributes of the PEs is unnecessary.
# Configure CE1.
<CE1> system-view [CE1] interface gigabitethernet 1/0/0 [CE1-GigabitEthernet1/0/0] ip address 10.1.1.1 24 [CE1-GigabitEthernet1/0/0] quit [CE1] bgp 65001 [CE1-bgp] peer 10.1.1.2 as-number 100 [CE1-bgp] import-route direct [CE1-bgp] quit
3-130
Issue 03 (2008-09-22)
[ASBR-PE1-bgp] peer 1.1.1.9 connect-interface loopback 1 [ASBR-PE1-bgp] ipv4-family vpnv4 [ASBR-PE1-bgp-af-vpnv4] peer 1.1.1.9 enable [ASBR-PE1-bgp-af-vpnv4] quit [ASBR-PE1-bgp] quit
NOTE
The configurations of CE2, PE2 and ASBR-PE 2 are similar to that of CE1, PE1 and ASBR-PE 1 and are not mentioned here.
After the above configurations, run the display bgp vpnv4 vpn-instance peer command. You can find the BGP peer relationship between PE and CE is set up, that is the "State" in display is "Established". Run display bgp vpnv4 all peer to find the BGP peer relationship is "Established" between the PE and the CE, and between the PE and the ASBR-PE. Consider PE1 as an example.
[PE1] display bgp vpnv4 vpn-instance vpn1 peer BGP local router ID : 1.1.1.9 Local AS number : 100 Total number of peers : 1 Peers in established state : 1 Peer V AS MsgRcvd MsgSent OutQ Up/Down State PrefRcv 10.1.1.1 4 65001 10 10 0 00:07:10 Established 0 [PE1] display bgp vpnv4 all peer BGP local router ID : 1.1.1.9 Local AS number : 100 Total number of peers : 2 Peers in established state : 2 Peer V AS MsgRcvd MsgSent OutQ Up/Down State PrefRcv 2.2.2.9 4 100 3 7 0 00:01:36 Established 0 Peer of vpn instance: vpn instance vpn1 : 10.1.1.1 4 65001 13 13 0 00:04:00 Established 2
4.
Configure inter-AS VPN in VRF-to-VRF mode. # Configure ASBR-PE 1. Create a VPN instance and bind it to the interface connected to ASBR-PE 2. (ASBR-PE 1 regards ASBR-PE 2 as its own CE.)
[ASBR-PE1] ip vpn-instance vpn1 [ASBR-PE1-vpn-instance-vpn1] route-distinguisher 100:2 [ASBR-PE1-vpn-instance-vpn1] vpn-target 1:1 both [ASBR-PE1-vpn-instance-vpn1] quit [ASBR-PE1] interface pos 2/0/0 [ASBR-PE1-Pos2/0/0] ip binding vpn-instance vpn1 [ASBR-PE1-Pos2/0/0] ip address 192.1.1.1 24 [ASBR-PE1-Pos2/0/0] quit
# Configure ASBR-PE 2. Create a VPN instance and bind it to the interface connected to ASBR-PE 1. (ASBR-PE 2 regards ASBR-PE 1 as its CE after configuration.)
[ASBR-PE2] ip vpn-instance vpn1 [ASBR-PE2-vpn-instance-vpn1] route-distinguisher 200:2 [ASBR-PE2-vpn-instance-vpn1] vpn-target 2:2 both [ASBR-PE2-vpn-instance-vpn1] quit [ASBR-PE2] interface pos 2/0/0 [ASBR-PE2-Pos2/0/0] ip binding vpn-instance vpn1 [ASBR-PE2-Pos2/0/0] ip address 192.1.1.2 24 [ASBR-PE2-Pos2/0/0] quit
Issue 03 (2008-09-22)
3-131
After the above configuration, run the display bgp vpnv4 vpn-instance peer command, and you can see that the BGP peer relationship is established between the ASBR-PEs. 5. Verify the configuration. After the above configuration, the CEs learn interface routes of each other. CE1 and CE2 can ping through each other. Consider CE1 as an example.
[CE1] display ip routing-table Route Flags: R - relied, D - download to fib -----------------------------------------------------------------------------Routing Tables: Public Destinations : 7 Routes : 7 Destination/Mask Proto Pre Cost Flags NextHop Interface 10.1.1.0/24 Direct 0 0 D 10.1.1.1 GigabitEthernet1/0/0 10.1.1.1/32 Direct 0 0 D 127.0.0.1 InLoopBack0 10.2.1.0/24 BGP 255 0 D 10.1.1.2 GigabitEthernet1/0/0 127.0.0.0/8 Direct 0 0 D 127.0.0.1 InLoopBack0 127.0.0.1/32 Direct 0 0 D 127.0.0.1 InLoopBack0 192.1.1.0/24 BGP 255 0 D 10.1.1.2 GigabitEthernet1/0/0 192.1.1.2/32 BGP 255 0 D 10.1.1.2 GigabitEthernet1/0/0 [CE1] ping 10.2.1.1 PING 10.2.1.1: 56 data bytes, press CTRL_C to break Reply from 10.2.1.1: bytes=56 Sequence=1 ttl=251 time=119 ms Reply from 10.2.1.1: bytes=56 Sequence=2 ttl=251 time=141 ms Reply from 10.2.1.1: bytes=56 Sequence=3 ttl=251 time=136 ms Reply from 10.2.1.1: bytes=56 Sequence=4 ttl=251 time=113 ms Reply from 10.2.1.1: bytes=56 Sequence=5 ttl=251 time=78 ms --- 10.2.1.1 ping statistics --5 packet(s) transmitted 5 packet(s) received 0.00% packet loss round-trip min/avg/max = 78/117/141 ms
Run the display ip routing-table vpn-instance command on ASBR-PE to see the information of the VPN routing table on that device.
[ASBR-PE1] display ip routing-table vpn-instance vpn1 Route Flags: R - relied, D - download to fib -----------------------------------------------------------------------------Routing Tables: vpn1 Destinations : 7 Routes : 7 Destination/Mask Proto Pre Cost Flags NextHop Interface 10.1.1.0/24 BGP 255 0 RD 1.1.1.9 Pos1/0/0 10.1.1.1/32 BGP 255 0 RD 1.1.1.9 Pos1/0/0 10.2.1.0/24 BGP 255 0 D 192.1.1.2 Pos2/0/0 10.2.1.1/32 BGP 255 0 D 192.1.1.2 Pos2/0/0 192.1.1.0/24 Direct 0 0 D 192.1.1.1 Pos2/0/0 192.1.1.1/32 Direct 0 0 D 127.0.0.1 InLoopBack0 192.1.1.2/32 Direct 0 0 D 192.1.1.2 Pos2/0/0
Run the display bgp vpnv4 all routing-table command on the ASBR-PE, and you can see the IPv4 VPN routes on the ASBR-PE.
[ASBR-PE1] display bgp vpnv4 all routing-table BGP Local router ID is 2.2.2.9 Status codes: * - valid, > - best, d - damped, h - history, i - internal, s - suppressed, S - Stale Origin : i - IGP, e - EGP, ? - incomplete Total number of routes from all PE: 2 Route Distinguisher: 100:1 Network NextHop MED LocPrf PrefVal Path/Ogn
3-132
Issue 03 (2008-09-22)
Configuration Files
l
Issue 03 (2008-09-22)
3-133
3-134
Issue 03 (2008-09-22)
Issue 03 (2008-09-22)
3-135
ASBR-PE 1 switches VPN-IPv4 routes with ASBR-PE 2 by MP-EBGP. ASBR-PE does not perform VPN target filtering on the received VPN-IPv4 routes. See Figure 3-8 for the networking diagram.
Configuration Roadmap
The configuration roadmap is as follows:
3-136 Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd. Issue 03 (2008-09-22)
1. 2. 3. 4.
Configure IGP on the backbone network to interconnect the ASBR-PE and the PE in the same AS. Set up MPLS LDP LSP between the ASBR-PE and the PE in the same AS. Set up the EBGP peer relationship between the PE and the CE. Set up the MP-IBGP peer relationship between the PE and the ASBR-PE. Configure the VPN instance on the PE. (There is no need to configure the VPN instance on the ASBR-PE.) Enable MPLS on the interface connected ASBR-PEs. Set up the MP-EBGP peer relationship between ASBR-PEs. Configure no VPN-target filtration on the received IPv4 VPN routes.
Data Preparation
To complete the configuration, you need the following data:
l l
MPLS LSR-ID on the PE and the ASBR-PE Name, RD and the VPN-Target of the VPN instance configured on the PE1 and PE2
Configuration Procedure
1. Configure IGP on MPLS backbone of AS 100 and AS 200 respectively to make the PE and the P reach each other in the same AS. OSPF is used as the IGP in this example, the configuration procedure is not mentioned here.
NOTE
The 32-bit loopback interface address used as the LSR ID should be advertised by OSPF.
After the configuration, the OSPF neighbor relationship should be established between the ASBR-PE and the PE of the same AS. Run the display ospf peer command to find that the status of the OSPF neighbor relationship is "Full". The ASBR-PE and the PE in the same AS can learn the Loopback addresses of each other and can ping through each other. 2. Configure MPLS basic capability and MPLS LDP on the MPLS backbone of AS 100 and AS 200 respectively to setup LDP LSP. For configuration procedures, see Example for Configuring Inter-AS VPN Option A. 3. Configure basic BGP/MPLS IP VPN on the MPLS backbone of AS 100 and AS 200 respectively.
NOTE
The VPN target of the VPN instances of the PE1 and the PE2 should be consistent.
For configuration procedures, see the following configuration files. 4. Configure inter-AS VPN Option B mode. # Configure ASBR-PE 1. Enable MPLS on POS 2/0/0 connected with ASBR-PE 2.
<ASBR-PE1> system-view [ASBR-PE1] interface pos 2/0/0 [ASBR-PE1-Pos2/0/0] ip address 192.1.1.1 24 [ASBR-PE1-Pos2/0/0] mpls [ASBR-PE1-Pos2/0/0] quit
# Configure ASBR-PE 1. Establish MP-EBGP peer with ASBR-PE 2 and perform no VPN target filtering on the received IPv4 VPN routes.
[ASBR-PE1] bgp 100 [ASBR-PE1-bgp] peer 192.1.1.2 as-number 200
Issue 03 (2008-09-22)
3-137
[ASBR-PE1-bgp] ipv4-family vpnv4 [ASBR-PE1-bgp-af-vpnv4] peer 192.1.1.2 enable [ASBR-PE1-bgp-af-vpnv4] undo policy vpn-target [ASBR-PE1-bgp-af-vpnv4] quit [ASBR-PE1-bgp] quit
NOTE
The configurations of ASBR-PE 2 are similar to that of ASBR-PE 1 and are not mentioned here.
5.
Verify the configuration. After the above configuration, the CEs can learn the interface routes of each other. CE1 and CE2 can be pinged successfully on each other. Consider CE1 as an example.
<CE1> display ip routing-table Route Flags: R - relied, D - download to fib -----------------------------------------------------------------------------Routing Tables: Public Destinations : 5 Routes : 5 Destination/Mask Proto Pre Cost Flags NextHop Interface 10.1.1.0/24 Direct 0 0 D 10.1.1.1 GigabitEthernet1/0/0 10.1.1.1/32 Direct 0 0 D 127.0.0.1 InLoopBack0 10.2.1.0/24 BGP 255 0 D 10.1.1.2 GigabitEthernet1/0/0 127.0.0.0/8 Direct 0 0 D 127.0.0.1 InLoopBack0 127.0.0.1/32 Direct 0 0 D 127.0.0.1 InLoopBack0 <CE1> ping 10.2.1.1 PING 10.2.1.1: 56 data bytes, press CTRL_C to break Reply from 10.2.1.1: bytes=56 Sequence=1 ttl=252 time=120 ms Reply from 10.2.1.1: bytes=56 Sequence=2 ttl=252 time=73 ms Reply from 10.2.1.1: bytes=56 Sequence=3 ttl=252 time=111 ms Reply from 10.2.1.1: bytes=56 Sequence=4 ttl=252 time=86 ms Reply from 10.2.1.1: bytes=56 Sequence=5 ttl=252 time=110 ms --- 10.2.1.1 ping statistics --5 packet(s) transmitted 5 packet(s) received 0.00% packet loss round-trip min/avg/max = 73/100/120 ms
Run the display bgp vpnv4 all routing-table command on the ASBR-PE, and you can see the IPv4 VPN routes on the ASBR-PE. Consider ASBR-PE 1 for an example.
[ASBR-PE1] display bgp vpnv4 all routing-table BGP Local router ID is 2.2.2.9 Status codes: * - valid, > - best, d - damped, h - history, i - internal, s - suppressed, S - Stale Origin : i - IGP, e - EGP, ? - incomplete Total number of routes from all PE: 4 Route Distinguisher: 100:1 Network NextHop MED LocPrf PrefVal Path/Ogn *>i 10.1.1.0/24 1.1.1.9 0 100 0 ? *>i 10.1.1.1/32 1.1.1.9 0 100 0 ? Route Distinguisher: 200:1 Network NextHop MED LocPrf PrefVal Path/Ogn *> 10.2.1.0/24 192.1.1.2 0 200? *> 10.2.1.1/32 192.1.1.2 0 200?
Configuration Files
l
3-138
Issue 03 (2008-09-22)
Issue 03 (2008-09-22)
3-139
3-140
Issue 03 (2008-09-22)
Issue 03 (2008-09-22)
3-141
Configuration Roadmap
The configuration roadmap is as follows: 1. 2. Set up the MP-EBGP peer relationship between different ASs and configure the maximum hops between PEs. Configure the routing policy on the ASBR-PE. Assign MPLS labels to the routes received from the PE in the local AS when the routes are advertised to the remote ASBR-PE Assign new MPLS labels to the routes advertised to the PE in the local AS if they are labeled as IPv4 routes. Configure the PE and the ASBR-PE of the local AS to exchange the labeled IPv4 route. Configure the ASBR-PE and the peer ASBR-PE to exchange the labeled IPv4 route.
3. 4.
Data Preparation
To complete the configuration, you need the following data:
l l l
MPLS LSR-ID of the PE and the ASBR-PE The VPN instance configured on the PE, RD and the VPN-target Two routing policies configured on the ASBR-PE
Configuration Procedure
1. Configure IGP on the MPLS backbone of AS 100 and AS 200 respectively to make the PE and the ASBR-PE can reach each other in the same AS. OSPF is used as IGP in this example, and the configuration procedure is not mentioned here.
NOTE
The 32-bit loopback interface address used as the LSR ID should be advertised by OSPF.
3-142
Issue 03 (2008-09-22)
After the configuration, the OSPF neighbor relationship should be established between the ASBR-PE and the PE of the same AS. Run the display ospf peer command to find the status of the OSPF neighbor relationship as "Full". The ASBR-PE and the PE in the same AS can learn Loopback addresses of each other and can ping through each other. 2. Configure MPLS basic capability and MPLS LDP on the MPLS backbone of AS 100 and AS 200 respectively to setup LDP LSP. For configuration procedures, see . 3. 4. Set up the IBGP peer relationship between the PEs and the ASBR PEs in the same AS. The detailed configuration is not mentioned here. Configure the VPN instance on the PE and configure the CE to access the PE. For the detailed configuration, see the following configuration file.
NOTE
The import VPN-taget configured on PE1 must be the same as the export VPN-target configured on PE2; the export VPN-taget configured on PE1 must be the same as the import VPN-target configured on PE2.
5.
Configure exchange of labeled IPv4 routes. # Configure PE1. Enable to switch labeled IPv4 routes with ASBR-PE 1.
[PE1] bgp 100 [PE1-bgp] peer 2.2.2.9 label-route-capability [PE1-bgp] quit
# Configure ASBR-PE 1. Apply route policies to the routes advertised to PE1 and enable to switch label IPv4 routes with PE1.
[ASBR-PE1] bgp 100 [ASBR-PE1-bgp] peer 1.1.1.9 route-policy policy2 export [ASBR-PE1-bgp] peer 1.1.1.9 label-route-capability
# Configure ASBR-PE 1. Apply route policies to the routes advertised to ASBR-PE 2 and enable to switch label IPv4 routes with ASBR-PE 2.
[ASBR-PE1-bgp] [ASBR-PE1-bgp] [ASBR-PE1-bgp] [ASBR-PE1-bgp] peer 192.1.1.2 as-number 200 peer 192.1.1.2 route-policy policy1 export peer 192.1.1.2 label-route-capability quit
# Configure ASBR-PE1. Advertise the Loopback address of PE1 to ASBR-PE2, and then to PE2.
[ASBR-PE1] bgp 100 [ASBR-PE1-bgp] network 1.1.1.9 32 [ASBR-PE1-bgp] quit
Issue 03 (2008-09-22)
3-143
The configurations of PE2 and ASBR-PE 2 are similar to that of PE1 and ASBR-PE 1 and are not mentioned here.
6.
# Configure PE2.
[PE2] bgp 200 [PE2-bgp] peer 1.1.1.9 as-number 100 [PE2-bgp] peer 1.1.1.9 connect-interface LoopBack 1 [PE2-bgp] peer 1.1.1.9 ebgp-max-hop 10 [PE2-bgp] ipv4-family vpnv4 [PE2-bgp-af-vpnv4] peer 1.1.1.9 enable [PE2-bgp-af-vpnv4] quit [PE2-bgp] quit
7.
Verify the configuration. After the above configuration, the CEs can learn interface routes of each other. CE1 and CE2 can ping through each other. Consider CE1 as an example:
[CE1] display ip routing-table Route Flags: R - relied, D - download to fib -----------------------------------------------------------------------------Routing Tables: Public Destinations : 5 Routes : 5 Destination/Mask Proto Pre Cost Flags NextHop Interface 10.1.1.0/24 Direct 0 0 D 10.1.1.1 GigabitEthernet1/0/0 10.1.1.1/32 Direct 0 0 D 127.0.0.1 InLoopBack0 10.2.1.0/24 BGP 255 0 D 10.1.1.2 GigabitEthernet1/0/0 127.0.0.0/8 Direct 0 0 D 127.0.0.1 InLoopBack0 127.0.0.1/32 Direct 0 0 D 127.0.0.1 InLoopBack0 [CE1] ping 10.2.1.1 PING 10.2.1.1: 56 data bytes, press CTRL_C to break Reply from 10.2.1.1: bytes=56 Sequence=1 ttl=252 time=102 ms Reply from 10.2.1.1: bytes=56 Sequence=2 ttl=252 time=89 ms Reply from 10.2.1.1: bytes=56 Sequence=3 ttl=252 time=106 ms Reply from 10.2.1.1: bytes=56 Sequence=4 ttl=252 time=104 ms Reply from 10.2.1.1: bytes=56 Sequence=5 ttl=252 time=56 ms --- 10.2.1.1 ping statistics --5 packet(s) transmitted 5 packet(s) received 0.00% packet loss round-trip min/avg/max = 56/91/106 ms
There is no VPNv4 route on the ASBR-PE. Run the display bgp routing-table label command on the ASBR-PE to see the label information of the routes. Consider ASBR-PE1 as an example:
[ASBR-PE1] display bgp routing-table label Total Number of Routes: 2 BGP Local router ID is 2.2.2.9 Status codes: * - valid, > - best, d - damped, h - history, i - internal, s - suppressed, S - Stale Origin : i - IGP, e - EGP, ? - incomplete Network NextHop In/Out Label
3-144
Issue 03 (2008-09-22)
Configuration Files
l
Issue 03 (2008-09-22)
3-145
3-146
Issue 03 (2008-09-22)
Issue 03 (2008-09-22)
3-147
PE1 and PE2 are PEs of the Level 1 carrier's backbone. CE1 and CE2 belong to the Level 2 carrier and access the backbone of Level 1 carrier. PE3 and PE4 belong to the Level 2 carrier and provide access service for Level 2 carrier's customer. CE3 and CE4 are the Level 2 carrier's customer.
3-148
Issue 03 (2008-09-22)
PE1
POS1/0/0 11.1.1.2/24
PE2
POS2/0/0 21.1.1.1/24
AS: 100
PE3 GE1/0/0
POS1/0/0 10.1.1.2/24
CE1
Loopback1 2.2.2.9/32
CE2
100.1.1.2/24
PE4
MP-IBGP
GE1/0/0 100.1.1.1/24 GE1/0/0 120.1.1.1/24
CE3
AS:65410
AS:65420
CE4
Configuration Roadmap
The configuration roadmap is as follows: 1. Configure the two types of route exchange as follows:
l
The exchange of the internal route of the level 2 carrier on the backbone network of level 1 carrier: configure the level 2 carrier to access the level 1 carrier as the level 1 carrier's CE. The exchange of the external route of the level 2 carrier between the PE devices of the level 2 carrier: set up the MP-IBGP peer relationship between the PE devices (PE3 and PE4) of the level 2 carrier.
2.
Configure the carrier's carrier of the same AS and configure IGP and LDP between the PE of the level 1 carrier and the CE of the level 2 carrier.
Data Preparation
To configure the carrier's carrier in the same AS, you need the following data:
l
MPLS LSR ID on the PE of the level 1 carrier, MPLS LSR ID on the PE and the CE of the level 2 carrier Data for configuring IGP (The IS-IS process number of the IGP protocol running on the PE and the CE of the level 2 carrier is the same with that used when the CE of the level 2
Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd. 3-149
Issue 03 (2008-09-22)
carrier accesses the level 1 carrier. However, it is different with that on the PE of the level 1 carrier.)
l
The name of the VPN instance configured on the PE, RD and the VPN-target
Configuration Procedure
1. Configure the BGP/MPLS IP VPN on Level 1 carrier's backbone. Adopt IS-IS as the IGP. Enable LDP between PE1 and PE2 and establish MP-IBGP peer relationship between them. # Configure PE1
<Quidway> system-view [Quidway] sysname PE1 [PE1] interface loopback 1 [PE1-LoopBack1] ip address 3.3.3.9 32 [PE1-LoopBack1] quit [PE1] mpls lsr-id 3.3.3.9 [PE1] mpls [PE1-mpls] quit [PE1] mpls ldp [PE1-mpls-ldp] quit [PE1] isis 1 [PE1-isis-1] network-entity 10.0000.0000.0004.00 [PE1-isis-1] quit [PE1] interface loopback 1 [PE1-LoopBack1] isis enable 1 [PE1-LoopBack1] quit [PE1] interface pos 2/0/0 [PE1-Pos2/0/0] ip address 30.1.1.1 24 [PE1-Pos2/0/0] isis enable 1 [PE1-Pos2/0/0] mpls [PE1-Pos2/0/0] mpls ldp [PE1-Pos2/0/0] quit [PE1] bgp 100 [PE1-bgp] peer 4.4.4.9 as-number 100 [PE1-bgp] peer 4.4.4.9 connect-interface loopback 1 [PE1-bgp] ipv4-family vpnv4 [PE1-bgp-af-vpnv4] peer 4.4.4.9 enable [PE1-bgp-af-vpnv4] quit [PE1-bgp] quit
NOTE
The configuration of PE2 is similar to that of PE1 and is not mentioned here.
After the configuration, run the display mpls ldp session command on PE1 and PE2, to find that the LDP session has been established successfully. Run the display bgp peer command to find that the BGP peer relationship has been established. Run the display isis peer command to find that the IS-IS neighbor has been set up. Consider PE1 as an example:
[PE1] display mpls ldp session LDP Session(s) in Public Network ---------------------------------------------------------------Peer-ID Status LAM SsnRole SsnAge KA-Sent/Rcv ---------------------------------------------------------------4.4.4.9:0 Operational DU Active 000:00:01 8/8 ---------------------------------------------------------------TOTAL: 1 session(s) Found. LAM : Label Advertisement Mode SsnAge Unit : DDD:HH:MM [PE1] display bgp peer BGP local router ID : 3.3.3.9 Local AS number : 100 Total number of peers : 1 Peers in established state : 1 Peer V AS MsgRcvd MsgSent OutQ Up/Down State 4.4.4.9 4 100 7 8 0 00:02:47 Established [PE1] display isis peer Peer information for ISIS(1)
PrefRcv 0
3-150
Issue 03 (2008-09-22)
Type L1L2
2.
Configure Level 2 carrier's network. Adopt IS-IS as IGP and enable LDP between PE3 and CE1, PE4 and CE2 respectively. # Configure PE3.
<Quidway> system-view [Quidway] sysname PE3 [PE3] interface loopback 1 [PE3-LoopBack1] ip address 1.1.1.9 32 [PE3-LoopBack1] quit [PE3] mpls lsr-id 1.1.1.9 [PE3] mpls [PE3-mpls] quit [PE3] mpls ldp [PE3-mpls-ldp] quit [PE3] isis 2 [PE3-isis-2] network-entity 10.0000.0000.0001.00 [PE3-isis-2] quit [PE3] interface loopback 1 [PE3-LoopBack1] isis enable 2 [PE3-LoopBack1] quit [PE3] interface pos 2/0/0 [PE3-Pos2/0/0] ip address 10.1.1.1 24 [PE3-Pos2/0/0] isis enable 2 [PE3-Pos2/0/0] mpls [PE3-Pos2/0/0] mpls ldp [PE3-Pos2/0/0] quit
# Configure CE1.
<Quidway> system-view [Quidway] sysname CE1 [CE1] interface loopback 1 [CE1-LoopBack1] ip address 2.2.2.9 32 [CE1-LoopBack1] quit [CE1] mpls lsr-id 2.2.2.9 [CE1] mpls [CE1-mpls] quit [CE1] mpls ldp [CE1-mpls-ldp] quit [CE1] isis 2 [CE1-isis-2] network-entity 10.0000.0000.0002.00 [CE1-isis-2] quit [CE1] interface loopback 1 [CE1-LoopBack1] isis enable 2 [CE1-LoopBack1] quit [CE1] interface pos 1/0/0 [CE1-Pos1/0/0] ip address 10.1.1.2 24 [CE1-Pos1/0/0] isis enable 2 [CE1-Pos1/0/0] mpls [CE1-Pos1/0/0] mpls ldp [CE1-Pos1/0/0] quit
After the configuration, the LDP session and IS-IS neighbor relationship should be established between the PE3 and the CE1.
NOTE
The configurations of PE4 and CE2 are similar to that of PE3 and CE1. Their configurations are not mentioned here.
3.
Configure CEs of the Level 1 carrier to access PEs of the Level 1 carrier. # Configure PE1.
[PE1] ip vpn-instance vpn1
Issue 03 (2008-09-22)
3-151
[PE1-vpn-instance-vpn1] route-distinguisher 200:1 [PE1-vpn-instance-vpn1] vpn-target 1:1 both [PE1-vpn-instance-vpn1] quit [PE1] bgp 100 [PE1-bgp] ipv4-family vpn-instance vpn1 [PE1-bgp-vpn1] import-route isis 2 [PE1-bgp-vpn1] quit [PE1-bgp] quit [PE1] mpls ldp vpn-instance vpn1 [PE1-mpls-ldp-vpn-instance-vpn1] quit [PE1] isis 2 vpn-instance vpn1 [PE1-isis-2] network-entity 10.0000.0000.0003.00 [PE1-isis-2] import-route bgp [PE1-isis-2] quit [PE1] interface pos 1/0/0 [PE1-Pos1/0/0] ip binding vpn-instance vpn1 [PE1-Pos1/0/0] ip address 11.1.1.2 24 [PE1-Pos1/0/0] isis enable 2 [PE1-Pos1/0/0] mpls [PE1-Pos1/0/0] mpls ldp [PE1-Pos1/0/0] mpls ldp transport-address interface
# Configure CE1.
[CE1] interface pos 2/0/0 [CE1-Pos2/0/0] ip address 11.1.1.1 24 [CE1-Pos2/0/0] isis enable 2 [CE1-Pos2/0/0] mpls [CE1-Pos2/0/0] mpls ldp [CE1-Pos2/0/0] mpls ldp transport-address interface [CE1-Pos2/0/0] quit
After the configuration, the LDP session and IS-IS neighbor relationship should be established between PE1 and CE1.
NOTE
The configuration of PE2 and CE2 are similar to that of PE1 and CE1. Their configurations are not mentioned here.
4.
Configure the Level 2 carrier's CE and PE so that the CE can access the PE. # Configure CE3.
<Quidway> system-view [Quidway] sysname CE3 [CE3] interface gigabitethernet 1/0/0 [CE3-GigabitEthernet1/0/0] ip address 100.1.1.1 24 [CE3-GigabitEthernet1/0/0] quit [CE3] bgp 65410 [CE3-bgp] peer 100.1.1.2 as-number 100 [CE3-bgp] import-route direct [CE3-bgp] quit
# Configure PE3.
[PE3] ip vpn-instance vpn1 [PE3-vpn-instance-vpn1] route-distinguisher 100:1 [PE3-vpn-instance-vpn1] vpn-target 1:1 both [PE3-vpn-instance-vpn1] quit [PE3] interface gigabitethernet 1/0/0 [PE3-GigabitEthernet1/0/0] ip binding vpn-instance vpn1 [PE3-GigabitEthernet1/0/0] ip address 100.1.1.2 24 [PE3-GigabitEthernet1/0/0] quit [PE3] bgp 100 [PE3-bgp] ipv4-family vpn-instance vpn1 [PE3-bgp-vpn1] peer 100.1.1.1 as-number 65410 [PE3-bgp-vpn1] import-route direct [PE3-bgp-vpn1] quit [PE3-bgp] quit
After the configuration, you can view that the BGP peer is set up between CE3 and PE3 and the peer status is "Established".
3-152 Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd. Issue 03 (2008-09-22)
The configurations of PE4 and CE4 are similar to that of PE3 and CE3. Their configurations are not mentioned here.
5.
Establish MP-IBGP peers between Level 2 carrier's PEs to switch VPN routes of Level 2 carrier's CEs. # Configure PE3.
[PE3] bgp 100 [PE3-bgp] peer 6.6.6.9 as-number 100 [PE3-bgp] peer 6.6.6.9 connect-interface loopback 1 [PE3-bgp] ipv4-family vpnv4 [PE3-bgp-af-vpnv4] peer 6.6.6.9 enable [PE3-bgp-af-vpnv4] quit [PE3-bgp] quit
NOTE
The configuration of the PE4 is similar to that of the PE3 and is not mentioned here.
6.
Verify the configuration. After all the configurations, run the display ip routing-table command on PE1 and PE2 to find that the public routing table on PE1 and PE2 contain only the Level 1 carrier's routes. Consider PE1 as an example:
[PE1] display ip routing-table Route Flags: R - relied, D - download to fib -----------------------------------------------------------------------------Routing Tables: Public Destinations : 7 Routes : 7 Destination/Mask Proto Pre Cost Flags NextHop Interface 3.3.3.9/32 Direct 0 0 D 127.0.0.1 InLoopBack0 4.4.4.9/32 ISIS 15 10 D 30.1.1.2 Pos2/0/0 30.1.1.0/24 Direct 0 0 D 30.1.1.1 Pos2/0/0 30.1.1.1/32 Direct 0 0 D 127.0.0.1 InLoopBack0 30.1.1.2/32 Direct 0 0 D 30.1.1.2 Pos2/0/0 127.0.0.0/8 Direct 0 0 D 127.0.0.1 InLoopBack0 127.0.0.1/32 Direct 0 0 D 127.0.0.1 InLoopBack0
Run the display ip routing-table vpn-instance command on PE1 and PE2, to find that the VPN routing table does not contain the external but the internal routes of the Level 2 carrier. Consider PE1 as an example:
[PE1] display ip routing-table vpn-instance vpn1 Route Flags: R - relied, D - download to fib -----------------------------------------------------------------------------Routing Tables: vpn1 Destinations : 10 Routes : 10 Destination/Mask Proto Pre Cost Flags NextHop Interface 1.1.1.9/32 ISIS 15 20 D 11.1.1.1 Pos1/0/0 2.2.2.9/32 ISIS 15 10 D 11.1.1.1 Pos1/0/0 5.5.5.9/32 BGP 255 0 RD 4.4.4.9 Pos2/0/0 6.6.6.9/32 BGP 255 0 RD 4.4.4.9 Pos2/0/0 10.1.1.0/24 ISIS 15 20 D 11.1.1.1 Pos1/0/0 11.1.1.0/24 Direct 0 0 D 11.1.1.1 Pos1/0/0 11.1.1.1/32 Direct 0 0 D 127.0.0.1 InLoopBack0 11.1.1.2/32 Direct 0 0 D 11.1.1.2 Pos1/0/0 20.1.1.0/24 BGP 255 0 RD 4.4.4.9 Pos2/0/0 21.1.1.0/24 BGP 255 0 RD 4.4.4.9 Pos2/0/0
Run the display ip routing-table command on CE1 and CE2 to find that the public routing table does not contain external but internal routes of the Level 2 carrier. Consider CE1 as an example:
[CE1] display ip routing-table Route Flags: R - relied, D - download to fib -----------------------------------------------------------------------------Routing Tables: Public
Issue 03 (2008-09-22)
3-153
NextHop 10.1.1.2 127.0.0.1 11.1.1.2 11.1.1.2 10.1.1.2 10.1.1.1 127.0.0.1 11.1.1.1 127.0.0.1 11.1.1.2 11.1.1.2 11.1.1.2 127.0.0.1 127.0.0.1
Interface Pos1/0/0 InLoopBack0 Pos2/0/0 Pos2/0/0 Pos1/0/0 Pos1/0/0 InLoopBack0 Pos2/0/0 InLoopBack0 Pos2/0/0 Pos2/0/0 Pos2/0/0 InLoopBack0 InLoopBack0
Run the display ip routing-table command on PE3 and PE4 to find that the internal routes of the Level 2 carrier are contained in the public routing table. Consider PE3 as an example:
[PE3] display ip routing-table Route Flags: R - relied, D - download to fib -----------------------------------------------------------------------------Routing Tables: Public Destinations : 13 Routes : 13 Destination/Mask Proto Pre Cost Flags NextHop Interface 1.1.1.9/32 Direct 0 0 D 127.0.0.1 InLoopBack0 2.2.2.9/32 ISIS 15 10 D 10.1.1.2 Pos2/0/0 5.5.5.9/32 ISIS 15 84 D 10.1.1.2 Pos2/0/0 6.6.6.9/32 ISIS 15 84 D 10.1.1.2 Pos2/0/0 10.1.1.0/24 Direct 0 0 D 10.1.1.1 Pos2/0/0 10.1.1.1/32 Direct 0 0 D 127.0.0.1 InLoopBack0 10.1.1.2/32 Direct 0 0 D 10.1.1.2 Pos2/0/0 11.1.1.0/24 ISIS 15 20 D 10.1.1.2 Pos2/0/0 20.1.1.0/24 ISIS 15 84 D 10.1.1.2 Pos2/0/0 20.1.1.1/32 BGP 255 0 RD 6.6.6.9 Pos2/0/0 21.1.1.0/24 ISIS 15 84 D 10.1.1.2 Pos2/0/0 127.0.0.0/8 Direct 0 0 D 127.0.0.1 InLoopBack0 127.0.0.1/32 Direct 0 0 D 127.0.0.1 InLoopBack0
Run the display ip routing-table vpn-instance command on PE3 and PE4 to find that the routes of the remote CEs, that is, the external routes of the Level 2 carrier, are contained in the VPN routing table. Consider PE3 as an example:
[PE3] display ip routing-table vpn-instance vpn1 Route Flags: R - relied, D - download to fib -----------------------------------------------------------------------------Routing Tables: vpn1 Destinations : 3 Routes : 3 Destination/Mask Proto Pre Cost Flags NextHop Interface 100.1.1.0/24 Direct 0 0 D 100.1.1.2 GigabitEthernet1/0/0 100.1.1.2/32 Direct 0 0 D 127.0.0.1 InLoopBack0 120.1.1.0/24 BGP 255 0 RD 6.6.6.9 Pos2/0/0
3-154
Issue 03 (2008-09-22)
Configuration Files
l
Issue 03 (2008-09-22)
3-155
3-156
Issue 03 (2008-09-22)
Issue 03 (2008-09-22)
3-157
3-158
Issue 03 (2008-09-22)
PE1
POS1/0/0 11.1.1.2/24
PE2
POS2/0/0 21.1.1.1/24
Loopback1 Customer carrier 1.1.1.9/32 POS2/0/0 10.1.1.1/24 POS1/0/0 10.1.1.2/24 GE1/0/0 100.1.1.2/24
AS: 200
CE1
Loopback1 2.2.2.9/32
CE2
PE3
PE4
MP-EBGP
GE1/0/0 100.1.1.1/24 GE1/0/0 120.1.1.1/24
CE3
AS:65410
AS:65420
CE4
Configuration Roadmap
The configuration roadmap is as follows: 1. Configure the two types of routes exchange as follows:
l
The exchange of the internal route of the level 2 carrier on the backbone network of level 1 carrier: configure the level 2 carrier to access the level 1 carrier as the level 1 carrier's CE. The exchange of the external route of the level 2 carrier between the PE devices of the level 2 carrier: set up the MP-EBGP peer relationship between the PE devices (PE3 and PE4) of the level 2 carrier.
2.
Configuring the labeled MP-EBGP between the PE of the level 1 carrier and the CE of the level 2 carrier that are located in different ASs
Data Preparation
To configure the inter-AS carrier's carrier, you need the following data:
l
MPLS LSR ID on the PE of the level 1 carrier, MPLS LSR ID on the PE and the CE of the level 2 carrier Data for configuring IGP (The IS-IS process number of the IGP protocol running on the PE and the CE of the level 2 carrier is the same with that used when the CE of the level 2
Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd. Issue 03 (2008-09-22)
3-160
carrier accesses the level 1 carrier. However, it is different with that on the PE of the level 1 carrier.)
l l
The name of the VPN instance configured on the PE, RD and VPN-target Two routing policies configured on the CE of the level 2 carrier
Configuration Procedure
1. Configure BGP/MPLS IP VPN on the Level 1 carrier backbone network. Configure IS-IS as the IGP protocol of the backbone network. Enable LDP between PE1 and PE2. Establish MP-IBGP peer relationship. The specific configuration procedures are not mentioned here.
NOTE
During the configuration of IGP, note that the 32-bit Loopback interface address of each PE needs to be advertised.
2.
Configure the Level 2 carrier network. Configure IS-IS as the IGP protocol. Enable LDP between the PE3 and the CE1, and between the PE4 and the CE2 respectively. The configuration procedures are similar to those in Example for Configuring Carrier's Carrier in the Same AS and not mentioned here.
NOTE
During the IGP protocol configuration, note that the 32-bit Loopback interface address of each PE and CE needs to be advertised.
3.
Configure the Level 2 carrier CE to access the Level 1 carrier PE and configure the exchange of labeled IPv4 routes between them. # Configure CE1 to exchange labeled IPv4 routes with PE3 and PE1.
<CE1> system-view [CE1] interface pos 2/0/0 [CE1-Pos2/0/0] ip address 11.1.1.1 24 [CE1-Pos2/0/0] mpls [CE1-Pos2/0/0] quit [CE1] route-policy policy1 permit node 1 [CE1-route-policy] apply mpls-label [CE1-route-policy] quit [CE1] route-policy policy2 permit node 1 [CE1-route-policy] if-match mpls-label [CE1-route-policy] apply mpls-label [CE1-route-policy] quit [CE1] bgp 200 [CE1-bgp] peer 1.1.1.9 as-number 200 [CE1-bgp] peer 1.1.1.9 connect-interface loopback 1 [CE1-bgp] peer 1.1.1.9 route-policy policy2 export [CE1-bgp] peer 1.1.1.9 label-route-capability [CE1-bgp] peer 11.1.1.2 as-number 100 [CE1-bgp] peer 11.1.1.2 route-policy policy1 export [CE1-bgp] peer 11.1.1.2 label-route-capability [CE1-bgp] import-route isis 2 [CE1-bgp] quit
Issue 03 (2008-09-22)
3-161
[PE1-Pos1/0/0] quit [PE1] route-policy policy1 permit node 1 [PE1-route-policy] apply mpls-label [PE1-route-policy] quit [PE1] bgp 100 [PE1-bgp] ipv4-family vpn-instance vpn1 [PE1-bgp-vpn1] peer 11.1.1.1 as-number 200 [PE1-bgp-vpn1] peer 11.1.1.1 route-policy policy1 export [PE1-bgp-vpn1] peer 11.1.1.1 label-route-capability [PE1-bgp-vpn1] import-route direct [PE1-bgp-vpn1] quit [PE1-bgp] quit
After the above configuration, the BGP peer relationship is established between CE1 and PE3, and between CE1 and PE1.
[CE1] display bgp peer BGP local router ID : 2.2.2.9 Local AS number : 200 Total number of peers : 2 Peer V AS MsgRcvd MsgSent 1.1.1.9 4 200 7 8 11.1.1.2 4 100 3 4
NOTE
Peers in established state : 2 OutQ Up/Down State PrefRcv 0 00:04:07 Established 0 0 00:00:08 Established 0
The configuration procedures of PE4, CE2 and PE2 are similar to those of PE3, CE1 and PE1, and are not mentioned here.
4.
Configure the Level 2 carrier's customer to access the Level 2 carrier PE. The specific configurations are the same as those in Example for Configuring Carrier's Carrier in the Same AS and are not mentioned here.
5.
Establish MP-EBGP peer relationship between the Level 2 carrier PEs to exchange VPN routes of the Level 2 carrier's customer. # Configure PE3.
<PE3> system-view [PE3] bgp 200 [PE3-bgp] peer 6.6.6.9 as-number 300 [PE3-bgp] peer 6.6.6.9 connect-interface loopback 1 [PE3-bgp] peer 6.6.6.9 ebgp-max-hop 10 [PE3-bgp] ipv4-family vpnv4 [PE3-bgp-af-vpnv4] peer 6.6.6.9 enable [PE3-bgp-af-vpnv4] quit [PE3-bgp] quit
# Configure PE4.
<PE4> system-view [PE4] bgp 300 [PE4-bgp] peer 1.1.1.9 as-number 200 [PE4-bgp] peer 1.1.1.9 connect-interface loopback 1 [PE4-bgp] peer 1.1.1.9 ebgp-max-hop 10 [PE4-bgp] ipv4-family vpnv4 [PE4-bgp-af-vpnv4] peer 1.1.1.9 enable [PE4-bgp-af-vpnv4] quit [PE4-bgp] quit
6.
Verify the configuration. After the configuration, run the display ip routing-table command on PE1 and PE2 to see that the public routing table contains only the route of the Level 1 carrier network.
3-162
Issue 03 (2008-09-22)
Run the display ip routing-table vpn-instance command on PE1 and PE2 to see that the VPN routing table does not contain the external but internal routes of the Level 2 carrier. Consider PE1 as an example:
[PE1] display ip routing-table vpn-instance vpn1 Route Flags: R - relied, D - download to fib -----------------------------------------------------------------------------Routing Tables: vpn1 Destinations : 11 Routes : 11 Destination/Mask Proto Pre Cost Flags NextHop Interface 1.1.1.9/32 BGP 255 10 D 11.1.1.1 Pos1/0/0 2.2.2.9/32 BGP 255 0 D 11.1.1.1 Pos1/0/0 5.5.5.9/32 BGP 255 0 RD 4.4.4.9 Pos2/0/0 6.6.6.9/32 BGP 255 10 RD 4.4.4.9 Pos2/0/0 10.1.1.0/24 BGP 255 0 D 11.1.1.1 Pos1/0/0 11.1.1.0/24 Direct 0 0 D 11.1.1.2 Pos1/0/0 11.1.1.1/32 Direct 0 0 D 11.1.1.1 Pos1/0/0 11.1.1.2/32 Direct 0 0 D 127.0.0.1 InLoopBack0 20.1.1.0/24 BGP 255 0 RD 4.4.4.9 Pos2/0/0 21.1.1.0/24 BGP 255 0 RD 4.4.4.9 Pos2/0/0 21.1.1.2/32 BGP 255 0 RD 4.4.4.9 Pos2/0/0
Run the display ip routing-table command on CE1 and CE2 to see that the public routing table does not contain external but internal routes of the Level 2 carrier. Consider CE1 as an example:
[CE1] display ip routing-table Route Flags: R - relied, D - download to fib -----------------------------------------------------------------------------Routing Tables: Public Destinations : 15 Routes : 15 Destination/Mask Proto Pre Cost Flags NextHop Interface 1.1.1.9/32 ISIS 15 10 D 10.1.1.1 Pos1/0/0 2.2.2.9/32 Direct 0 0 D 127.0.0.1 InLoopBack0 5.5.5.9/32 BGP 255 0 D 11.1.1.2 Pos2/0/0 6.6.6.9/32 BGP 255 0 D 11.1.1.2 Pos2/0/0 10.1.1.0/24 Direct 0 0 D 10.1.1.2 Pos1/0/0 10.1.1.1/32 Direct 0 0 D 10.1.1.1 Pos1/0/0 10.1.1.2/32 Direct 0 0 D 127.0.0.1 InLoopBack0 11.1.1.0/24 Direct 0 0 D 11.1.1.1 Pos2/0/0 11.1.1.1/32 Direct 0 0 D 127.0.0.1 InLoopBack0 11.1.1.2/32 Direct 0 0 D 11.1.1.2 Pos2/0/0 20.1.1.0/24 BGP 255 0 D 11.1.1.2 Pos2/0/0 21.1.1.0/24 BGP 255 0 D 11.1.1.2 Pos2/0/0 21.1.1.2/32 BGP 255 0 D 11.1.1.2 Pos2/0/0 127.0.0.0/8 Direct 0 0 D 127.0.0.1 InLoopBack0 127.0.0.1/32 Direct 0 0 D 127.0.0.1 InLoopBack0
Run the display ip routing-table command on PE3 and PE4 to see that the public routing table contains the internal route of the Level 2 carrier. Consider PE3 as an example:
[PE3] display ip routing-table Route Flags: R - relied, D - download to fib
Issue 03 (2008-09-22)
3-163
-----------------------------------------------------------------------------Routing Tables: Public Destinations : 14 Routes : 14 Destination/Mask Proto Pre Cost Flags NextHop Interface 1.1.1.9/32 Direct 0 0 D 127.0.0.1 InLoopBack0 2.2.2.9/32 ISIS 15 10 D 10.1.1.2 Pos2/0/0 5.5.5.9/32 BGP 255 0 RD 2.2.2.9 Pos2/0/0 6.6.6.9/32 BGP 255 0 RD 2.2.2.9 Pos2/0/0 10.1.1.0/24 Direct 0 0 D 10.1.1.1 Pos2/0/0 10.1.1.1/32 Direct 0 0 D 127.0.0.1 InLoopBack0 10.1.1.2/32 Direct 0 0 D 10.1.1.2 Pos2/0/0 11.1.1.0/24 BGP 255 0 RD 6.6.6.9 Pos2/0/0 11.1.1.1/32 BGP 255 0 RD 6.6.6.9 Pos2/0/0 20.1.1.0/24 BGP 255 0 RD 2.2.2.9 Pos2/0/0 21.1.1.0/24 BGP 255 0 RD 2.2.2.9 Pos2/0/0 21.1.1.2/32 BGP 255 0 RD 2.2.2.9 Pos2/0/0 127.0.0.0/8 Direct 0 0 D 127.0.0.1 InLoopBack0 127.0.0.1/32 Direct 0 0 D 127.0.0.1 InLoopBack0
Running the display ip routing-table vpn-instance command on PE3 and PE4 to see that the external routes of the Level 2 carrier are contained in the VPN routing table. Consider PE3 as an example:
[PE3] display ip routing-table vpn-instance vpn1 Route Flags: R - relied, D - download to fib -----------------------------------------------------------------------------Routing Tables: vpn1 Destinations : 3 Routes : 3 Destination/Mask Proto Pre Cost Flags NextHop Interface 100.1.1.0/24 Direct 0 0 D 100.1.1.2 GigabitEthernet1/0/0 100.1.1.2/32 Direct 0 0 D 127.0.0.1 InLoopBack0 120.1.1.0/24 BGP 255 0 RD 6.6.6.9 Pos2/0/0
Configuration Files
l
3-164
Issue 03 (2008-09-22)
Issue 03 (2008-09-22)
3-165
3-166
Issue 03 (2008-09-22)
Issue 03 (2008-09-22)
3-167
3-168
Issue 03 (2008-09-22)
Issue 03 (2008-09-22)
3-169
CE1 and CE2 belong to VPN-A and the VPN target is 1:1. CE1 accesses the backbone network through the UPE and CE2 accesses the network through the PE. The UPE, the SPE and the PE are interconnected through OSPF.
Loopback1 3.3.3.9./32
POS1/0/0 172.1.1.2/24
PE
GE1/0/0 10.2.1.2/24
SPE
POS2/0/0 172.1.1.1/24
POS2/0/0 172.2.1.2/24
UPE GE1/0/0
10.1.1.2/24
AS: 100
GE1/0/0 10.1.1.1/24
GE1/0/0 10.2.1.1/24
CE2 VPN-A
Configuration Roadmap
The configuration roadmap is as follows: 1. 2. 3. 4. Configure IGP in the backbone network and ensure the PEs can learn the loopback address from each other. Configure MPLS LSP between PEs. Create the VPN instance on the UPE and set up the EBGP peer relationship between the UPE and the CE1. Create the VPN instance on the PE and set up the EBGP peer relationship between the PE and the CE2.
Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd. Issue 03 (2008-09-22)
3-170
5. 6.
Set up the MP-IBGP peer relationship between the UPE and the SPE, the PE and the SPE. Create the VPN instance on the SPE. Specify the UPE as the lower PE, that is, the user layer PE. Advertise the default route of the VPN instance to the UPE.
Data Preparation
To configure HoVPN, you need to know the MPLS LSR-ID of the UPE, SPE and PE
Configuration Procedure
1. Configure OSPF on the MPLS backbone network to implement internetworking. After the configuration, OSPF neighbors are established among UPE, SPE and PE. Run the display ospf peer command to see the neighbors are full. Run the display ip routingtable command to see that PEs know loopback routes from each other. The specific configuration procedures are not mentioned here. 2. Configure basic MPLS capability and MPLS LDP on MPLS backbone networks and establish LDP LSP. After the configuration, LDP session can be established among UPE, SPE and PE. Run the display mpls ldp session command to see that the session state is "Operational". Run the display mpls ldp lsp command to see LDP LSP is established. The specific configuration procedures are not mentioned here. 3. Configure PEs and CEs. # Configure UPE.
<UPE> system-view [UPE] ip vpn-instance vpna [UPE-vpn-instance-vpna] route-distinguisher 100:1 [UPE-vpn-instance-vpna] vpn-target 1:1 [UPE-vpn-instance-vpna] quit [UPE] interface gigabitethernet 1/0/0 [UPE-GigabitEthernet1/0/0] ip binding vpn-instance vpna [UPE-GigabitEthernet1/0/0] ip address 10.1.1.2 24 [UPE-GigabitEthernet1/0/0] quit [UPE] bgp 100 [UPE-bgp] ipv4-family vpn-instance vpna [UPE-bgp-vpna] peer 10.1.1.1 as-number 65410 [UPE-bgp-vpna] import-route direct [UPE-bgp-vpna] quit [UPE-bgp] quit
# Configure CE1.
<Quidway> system-view [Quidway] sysname CE1 [CE1] interface gigabitethernet 1/0/0 [CE1-GigabitEthernet1/0/0] ip address 10.1.1.1 24 [CE1-GigabitEthernet1/0/0] quit [CE1] bgp 65410 [CE1-bgp] peer 10.1.1.2 as-number 100 [CE1-bgp] import-route direct [CE1-bgp] quit
# Configure PE.
<PE> system-view [PE] ip vpn-instance vpna [PE-vpn-instance-vpna] route-distinguisher 100:2 [PE-vpn-instance-vpna] vpn-target 1:1 [PE-vpn-instance-vpna] quit [PE] interface gigabitethernet 1/0/0 [PE-GigabitEthernet1/0/0] ip binding vpn-instance vpna [PE-GigabitEthernet1/0/0] ip address 10.2.1.2 24
Issue 03 (2008-09-22)
3-171
# Configure CE2.
<Quidway> system-view [Quidway] sysname CE2 [CE2] interface gigabitethernet 1/0/0 [CE2-GigabitEthernet1/0/0] ip address 10.2.1.1 24 [CE2-GigabitEthernet1/0/0] quit [CE2] bgp 65420 [CE2-bgp] peer 10.2.1.2 as-number 100 [CE2-bgp] import-route direct [CE2-bgp] quit
After the configuration, run the display ip vpn-instance verbose command on the PE devices to see the configurations of VPN instances. Each PE pings the CEs attached to itself successfully. 4. Configure MP-IBGP peer relationship between UPE and SPE, and between PE and SPE. # Configure UPE.
<UPE> system-view [UPE] bgp 100 [UPE-bgp] peer 2.2.2.9 as-number 100 [UPE-bgp] peer 2.2.2.9 connect-interface loopback 1 [UPE-bgp] ipv4-family vpnv4 [UPE-bgp-af-vpnv4] peer 2.2.2.9 enable [UPE-bgp-af-vpnv4] quit [UPE-bgp] quit
# Configure SPE.
<SPE> system-view [SPE] bgp 100 [SPE-bgp] peer 1.1.1.9 as-number 100 [SPE-bgp] peer 1.1.1.9 connect-interface loopback 1 [SPE-bgp] peer 3.3.3.9 as-number 100 [SPE-bgp] peer 3.3.3.9 connect-interface loopback 1 [SPE-bgp] ipv4-family vpnv4 [SPE-bgp-af-vpnv4] peer 1.1.1.9 enable [SPE-bgp-af-vpnv4] peer 3.3.3.9 enable [SPE-bgp-af-vpnv4] quit [SPE-bgp] quit
# Configure PE.
<PE> system-view [PE] bgp 100 [PE-bgp] peer 2.2.2.9 as-number 100 [PE-bgp] peer 2.2.2.9 connect-interface loopback 1 [PE-bgp] ipv4-family vpnv4 [PE-bgp-af-vpnv4] peer 2.2.2.9 enable [PE-bgp-af-vpnv4] quit [PE-bgp] quit
5.
3-172
Issue 03 (2008-09-22)
6.
Verify the configuration. After the configuration, CE1 does not have a route to the network segment of the interface on CE2, but has a default route with the next hop to UPE. The CE2 has the route to the network segment of the interface on CE1. Therefore, CE1 and CE2 can ping through each other using the ping ip-address command.
<CE1> display ip routing-table Route Flags: R - relied, D - download to fib -----------------------------------------------------------------------------Routing Tables: Public Destinations : 5 Routes : 5 Destination/Mask Proto Pre Cost Flags NextHop Interface 0.0.0.0/0 BGP 255 0 D 10.1.1.2 GigabitEthernet1/0/0 10.1.1.0/24 Direct 0 0 D 10.1.1.1 GigabitEthernet1/0/0 10.1.1.1/32 Direct 0 0 D 127.0.0.1 InLoopBack0 127.0.0.0/8 Direct 0 0 D 127.0.0.1 InLoopBack0 127.0.0.1/32 Direct 0 0 D 127.0.0.1 InLoopBack0 [CE1] ping 10.2.1.1 PING 10.2.1.1: 56 data bytes, press CTRL_C to break Reply from 10.2.1.1: bytes=56 Sequence=1 ttl=253 time=85 ms Reply from 10.2.1.1: bytes=56 Sequence=2 ttl=253 time=70 ms Reply from 10.2.1.1: bytes=56 Sequence=3 ttl=253 time=57 ms Reply from 10.2.1.1: bytes=56 Sequence=4 ttl=253 time=66 ms Reply from 10.2.1.1: bytes=56 Sequence=5 ttl=253 time=55 ms --- 10.2.1.1 ping statistics --5 packet(s) transmitted 5 packet(s) received 0.00% packet loss round-trip min/avg/max = 55/66/85 ms [CE2] display ip routing-table Route Flags: R - relied, D - download to fib -----------------------------------------------------------------------------Routing Tables: Public Destinations : 5 Routes : 5 Destination/Mask Proto Pre Cost Flags NextHop Interface 10.1.1.0/24 BGP 255 0 D 10.2.1.2 GigabitEthernet1/0/0 10.2.1.0/24 Direct 0 0 D 10.2.1.1 GigabitEthernet1/0/0 10.2.1.1/32 Direct 0 0 D 127.0.0.1 InLoopBack0 127.0.0.0/8 Direct 0 0 D 127.0.0.1 InLoopBack0 127.0.0.1/32 Direct 0 0 D 127.0.0.1 InLoopBack0
Run the display bgp vpnv4 all routing-table command on UPE to see a default route of VPN instances vpna with the next hop to SPE.
[UPE] display bgp vpnv4 all routing-table BGP Local router ID is 1.1.1.9 Status codes: * - valid, > - best, d - damped, h - history, i - internal, s - suppressed, S - Stale Origin : i - IGP, e - EGP, ? - incomplete Total number of routes from all PE: 1 Route Distinguisher: 200:1 Network NextHop MED LocPrf PrefVal Path/Ogn *>i 0.0.0.0 2.2.2.9 100 0 i Total routes of vpn-instance vpna: 6 Network NextHop MED LocPrf PrefVal Path/Ogn *>i 0.0.0.0 2.2.2.9 100 0 i *> 10.1.1.0/24 0.0.0.0 0 0 ? * 10.1.1.2 0 0 65410? *> 10.1.1.1/32 0.0.0.0 0 0 ? *> 10.1.1.2/32 0.0.0.0 0 0 ? * 10.1.1.1 0 0 65410?
Issue 03 (2008-09-22)
3-173
Configuration Files
l
3-174
Issue 03 (2008-09-22)
Configuration file of PE
# sysname PE # ip vpn-instance vpna route-distinguisher 100:2 vpn-target 1:1 export-extcommunity vpn-target 1:1 import-extcommunity # mpls lsr-id 3.3.3.9 mpls lsp-trigger all #
Issue 03 (2008-09-22)
3-175
PE1
GE1/0/0 100.1.1.2/24
PE2
GE1/0/0 120.1.1.2/24
POS2/0/0 40.1.1.1/24
sham link
CE1
backdoor
Configuration Roadmap
The configuration roadmap is as follows: 1. 2. 3. 4. Set up the MP-IBGP peer relationship between PEs. Configure OSPF on the PE and the CE. Create the VPN instance on the PE and bind the instance with the interface connected with the CE. Configure the OSPF sham link on the PE. Adjust the cost value of the forwarding interface of the private network to be larger than that of the sham link.
Data Preparation
To configure the OSPF sham link, you need the following data:
l l l
MPLS LSR-ID of the PE and P The name of the VPN instance on the PE, RD and the VPN-target Data for configuring OSPF (The OSPF process running in the backbone network and that in the private network are different from that on the PE) The cost value of the sham link and that of the OSPF route forwarded through the private network
Configuration Procedure
1. Configure OSPF in the customer's network. Configure common OSPF on CE1, RT0 and CE2 and advertise the segment address of each interface as shown in Figure 3-12. # Configure CE1.
<Quidway> system-view [Quidway] sysname CE1 [CE1] interface pos2/0/0 [CE1-Pos2/0/0] ip address 20.1.1.1 24 [CE1-Pos2/0/0] quit
Issue 03 (2008-09-22)
3-177
[CE1] interface gigabitethernet1/0/0 [CE1-GigabitEthernet1/0/0] ip address 100.1.1.1 24 [CE1-GigabitEthernet1/0/0] quit [CE1] ospf [CE1-ospf-1] area 0 [CE1-ospf-1-area-0.0.0.0] network 20.1.1.0 0.0.0.255 [CE1-ospf-1-area-0.0.0.0] network 100.1.1.0 0.0.0.255 [CE1-ospf-1-area-0.0.0.0] quit [CE1-ospf-1] quit
# Configure RT0.
<Quidway> system-view [Quidway] sysname RT0 [RT0] interface pos1/0/0 [RT0-Pos1/0/0] ip address [RT0-Pos1/0/0] quit [RT0] interface pos2/0/0 [RT0-Pos2/0/0] ip address [RT0-Pos2/0/0] quit [RT0] ospf [RT0-ospf-1] area 0 [RT0-ospf-1-area-0.0.0.0] [RT0-ospf-1-area-0.0.0.0] [RT0-ospf-1-area-0.0.0.0] [RT0-ospf-1] quit
20.1.1.2 24 30.1.1.1 24
# Configure CE2.
<Quidway> system-view [Quidway] sysname CE2 [CE2] interface pos2/0/0 [CE2-Pos2/0/0] ip address 30.1.1.2 24 [CE2-Pos2/0/0] quit [CE2] interface gigabitethernet1/0/0 [CE2-GigabitEthernet1/0/0] ip address 120.1.1.1 24 [CE2-GigabitEthernet1/0/0] quit [CE2] ospf [CE2-ospf-1] area 0 [CE2-ospf-1-area-0.0.0.0] network 30.1.1.0 0.0.0.255 [CE2-ospf-1-area-0.0.0.0] network 120.1.1.0 0.0.0.255 [CE2-ospf-1-area-0.0.0.0] quit [CE2-ospf-1] quit
2.
Configure BGP/MPLS IP VPN on the backbone, including IGP, MPLS and LDP, and establish the MP-IBGP peer relationship between the PEs. # Configure PE1.
<Quidway> system-view [Quidway] sysname PE1 [PE1] interface loopback 1 [PE1-LoopBack1] ip address 1.1.1.9 32 [PE1-LoopBack1] quit [PE1] mpls lsr-id 1.1.1.9 [PE1] mpls [PE1-mpls] lsp-trigger all [PE1-mpls] quit [PE1] mpls ldp [PE1-mpls-ldp] quit [PE1] interface pos 2/0/0 [PE1-Pos2/0/0] ip address 10.1.1.1 24 [PE1-Pos2/0/0] mpls [PE1-Pos2/0/0] mpls ldp [PE1-Pos2/0/0] quit [PE1] ospf [PE1-ospf-1] area 0 [PE1-ospf-1-area-0.0.0.0] network 1.1.1.9 0.0.0.0 [PE1-ospf-1-area-0.0.0.0] network 10.1.1.0 0.0.0.255 [PE1-ospf-1-area-0.0.0.0] quit [PE1-ospf-1] quit [PE1] bgp 100 [PE1-bgp] peer 3.3.3.9 as-number 100
3-178
Issue 03 (2008-09-22)
[PE1-bgp] peer 3.3.3.9 connect-interface loopback 1 [PE1-bgp] ipv4-family vpnv4 [PE1-bgp-af-vpnv4] peer 3.3.3.9 enable [PE1-bgp-af-vpnv4] quit [PE1-bgp] quit
# Configure P.
<Quidway> system-view [Quidway] sysname P [P] interface loopback 1 [P-LoopBack1] ip address 2.2.2.9 32 [P-LoopBack1] quit [P] mpls lsr-id 2.2.2.9 [P] mpls [P-mpls] lsp-trigger all [P-mpls] quit [P] mpls ldp [P-mpls-ldp] quit [P] interface pos 1/0/0 [P-Pos1/0/0] ip address 10.1.1.2 24 [P-Pos1/0/0] mpls [P-Pos1/0/0] mpls ldp [P-Pos1/0/0] quit [P] interface pos 2/0/0 [P-Pos2/0/0] ip address 40.1.1.1 24 [P-Pos2/0/0] mpls [P-Pos2/0/0] mpls ldp [P-Pos2/0/0] quit [P] ospf [P-ospf-1] area 0 [P-ospf-1-area-0.0.0.0] network 2.2.2.9 0.0.0.0 [P-ospf-1-area-0.0.0.0] network 10.1.1.0 0.0.0.255 [P-ospf-1-area-0.0.0.0] network 40.1.1.0 0.0.0.255 [P-ospf-1-area-0.0.0.0] quit [P-ospf-1] quit
# Configure PE2.
<Quidway> system-view [Quidway] sysname PE2 [PE2] interface loopback 1 [PE2-LoopBack1] ip address 3.3.3.9 32 [PE2-LoopBack1] quit [PE2] mpls lsr-id 3.3.3.9 [PE2] mpls [PE2-mpls] lsp-trigger all [PE2-mpls] quit [PE2] mpls ldp [PE2-mpls-ldp] quit [PE2] interface pos 2/0/0 [PE2-Pos2/0/0] ip address 40.1.1.2 24 [PE2-Pos2/0/0] mpls [PE2-Pos2/0/0] mpls ldp [PE2-Pos2/0/0] quit [PE2] ospf [PE2-ospf-1] area 0 [PE2-ospf-1-area-0.0.0.0] network 3.3.3.9 0.0.0.0 [PE2-ospf-1-area-0.0.0.0] network 40.1.1.0 0.0.0.255 [PE2-ospf-1-area-0.0.0.0] quit [PE2-ospf-1] quit [PE2] bgp 100 [PE2-bgp] peer 1.1.1.9 as-number 100 [PE2-bgp] peer 1.1.1.9 connect-interface loopback 1 [PE2-bgp] ipv4-family vpnv4 [PE2-bgp-af-vpnv4] peer 1.1.1.9 enable [PE2-bgp-af-vpnv4] quit [PE2-bgp] quit
After the configuration, PE1 and PE2 know the routes of the Loopback interface from each other and establish the MP-IBGP peer relationship.
Issue 03 (2008-09-22) Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd. 3-179
3.
# Configure PE2.
[PE2] ip vpn-instance vpn1 [PE2-vpn-instance-vpn1] route-distinguisher 100:2 [PE2-vpn-instance-vpn1] vpn-target 1:1 [PE2-vpn-instance-vpn1] quit [PE2] interface gigabitethernet 1/0/0 [PE2-GigabitEthernet1/0/0] ip binding vpn-instance vpn1 [PE2-GigabitEthernet1/0/0] ip address 120.1.1.2 24 [PE2-GigabitEthernet1/0/0] quit [PE2] ospf 100 vpn-instance vpn1 [PE2-ospf-100] import-route bgp [PE2-ospf-100] domain-id 10 [PE2-ospf-100] area 0 [PE2-ospf-100-area-0.0.0.0] network 120.1.1.0 0.0.0.255 [PE2-ospf-100-area-0.0.0.0] quit [PE2-ospf-100] quit [PE2] bgp 100 [PE2-bgp] ipv4-family vpn-instance vpn1 [PE2-bgp-vpn1] import-route direct [PE2-bgp-vpn1] import-route ospf 100 [PE2-bgp-vpn1] quit [PE2-bgp] quit
After the configuration given above, run the display ip routing-table vpn-instance command on PE. You can find that the route to the remote CE is the OSPF route through the customer's network, not the BGP route through the MPLS backbone. CE1 and CE2 can ping through each other. Consider PE1 for an example:
[PE1] display ip routing-table vpn-instance vpn1 Route Flags: R - relied, D - download to fib -----------------------------------------------------------------------------Routing Tables: vpn1 Destinations : 5 Routes : 5 Destination/Mask Proto Pre Cost Flags NextHop Interface 20.1.1.0/24 OSPF 10 2 D 100.1.1.1 GigabitEthernet1/0/0 30.1.1.0/24 OSPF 10 3 D 100.1.1.1 GigabitEthernet1/0/0 100.1.1.0/24 Direct 0 0 D 100.1.1.2 GigabitEthernet1/0/0 100.1.1.2/32 Direct 0 0 D 127.0.0.1 InLoopBack0 120.1.1.0/24 OSPF 10 4 D 100.1.1.1 GigabitEthernet1/0/0
4.
3-180
Configure a sham-link.
Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd. Issue 03 (2008-09-22)
To forward the VPN traffic through the MPLS backbone network, configure the cost of the sham link less than that of the OSPF route through the user network. The common method is increases the cost of the forwarding interface of private network.
# Configure CE1.
[CE1] interface pos 2/0/0 [CE1-Pos2/0/0] ospf cost 10
# Configure CE2.
[CE2] interface pos 2/0/0 [CE2-Pos2/0/0] ospf cost 10
# Configure PE1.
[PE1] interface loopback 10 [PE1-LoopBack10] ip binding [PE1-LoopBack10] ip address [PE1-LoopBack10] quit [PE1] ospf 100 [PE1-ospf-100] area 0 [PE1-ospf-100-area-0.0.0.0] [PE1-ospf-100-area-0.0.0.0] [PE1-ospf-100] quit vpn-instance vpn1 5.5.5.5 32
# Configure PE2.
[PE2] interface loopback 10 [PE2-LoopBack10] ip binding [PE2-LoopBack10] ip address [PE2-LoopBack10] quit [PE2] ospf 100 [PE2-ospf-100] area 0 [PE2-ospf-100-area-0.0.0.0] [PE2-ospf-100-area-0.0.0.0] [PE2-ospf-100] quit vpn-instance vpn1 6.6.6.6 32
5.
Verify the configuration. After the configuration given above, run the display ip routing-table vpn-instance command on PE again. You can find that the route to the remote CE is a BGP route through the MPLS backbone. There is also a route to the destination of the sham-link. Consider PE1 as an example:
[PE1] display ip routing-table vpn-instance vpn1 Route Flags: R - relied, D - download to fib -----------------------------------------------------------------------------Routing Tables: vpn1 Destinations : 8 Routes : 8 Destination/Mask Proto Pre Cost Flags NextHop Interface 5.5.5.5/32 Direct 0 0 D 127.0.0.1 InLoopBack0 6.6.6.6/32 BGP 255 0 RD 3.3.3.9 Pos2/0/0 20.1.1.0/24 OSPF 10 11 D 100.1.1.1 GigabitEthernet1/0/0 30.1.1.0/24 OSPF 100 12 RD 3.3.3.9 Pos2/0/0 100.1.1.0/24 Direct 0 0 D 100.1.1.2 GigabitEthernet1/0/0 100.1.1.2/32 Direct 0 0 D 127.0.0.1 InLoopBack0 120.1.1.0/24 BGP 255 0 RD 3.3.3.9 Pos2/0/0 120.1.1.1/32 BGP 255 0 RD 3.3.3.9 Pos2/0/0
Run the display ip routing-table command on the CEs. You can find that the cost of the OSPF route to the remote CE has changed to 3, and the next hop is changed to the GigabitEthernet interface of the connected PE. That is, the VPN traffic to the remote CE is forwarded through the MPLS backbone. Consider CE1 as an example:
[CE1] display ip routing-table Route Flags: R - relied, D - download to fib
Issue 03 (2008-09-22)
3-181
-----------------------------------------------------------------------------Routing Tables: Public Destinations : 11 Routes : 11 Destination/Mask Proto Pre Cost Flags NextHop Interface 5.5.5.5/32 O_ASE 150 1 D 100.1.1.2 GigabitEthernet1/0/0 6.6.6.6/32 O_ASE 150 1 D 100.1.1.2 GigabitEthernet1/0/0 20.1.1.0/24 Direct 0 0 D 20.1.1.1 Pos2/0/0 20.1.1.1/32 Direct 0 0 D 127.0.0.1 InLoopBack0 20.1.1.2/32 Direct 0 0 D 20.1.1.2 Pos2/0/0 30.1.1.0/24 OSPF 10 11 D 100.1.1.2 GigabitEthernet1/0/0 100.1.1.0/24 Direct 0 0 D 100.1.1.1 GigabitEthernet1/0/0 100.1.1.1/32 Direct 0 0 D 127.0.0.1 InLoopBack0 120.1.1.0/24 OSPF 10 3 D 100.1.1.2 GigabitEthernet1/0/0 120.1.1.1/32 O_ASE 150 1 D 100.1.1.2 GigabitEthernet1/0/0 127.0.0.0/8 Direct 0 0 D 127.0.0.1 InLoopBack0 127.0.0.1/32 Direct 0 0 D 127.0.0.1 InLoopBack0
NOTE
The cost of the OSPF route from CE1 to CE2 = the cost from CE1 to PE1 + the cost of sham link + the cost from PE2 to CE2 = 1 + 1 + 1 =3.
Run the tracert command to find the data from CE1 to CE2 pass through CE1 interface, GE 1/0/0, which is attached with PE1. That is, the VPN traffic is transmitted through the MPLS backbone.
[CE1] tracert 120.1.1.1 traceroute to 120.1.1.1(120.1.1.1) 30 hops max,40 bytes packet 1 100.1.1.2 47 ms 31 ms 31 ms 2 120.1.1.2 94 ms 94 ms 94 ms 3 120.1.1.1 125 ms 156 ms 125 ms [CE1] tracert 30.1.1.2 traceroute to 30.1.1.2(30.1.1.2) 30 hops max,40 bytes packet 1 20.1.1.2 80 ms 60 ms 60 ms 2 30.1.1.2 100 ms 90 ms 130 ms
Run the display ospf sham-link command on the PE to find the information of the shamlink. Consider PE1 for example:
[PE1] display ospf sham-link OSPF Process 1 with Router ID 1.1.1.9 Sham link: Area NeighborId Source-IP Destination-IP State Cost OSPF Process 100 with Router ID 100.1.1.2 Sham link: Area NeighborId Source-IP Destination-IP State Cost 0.0.0.0 6.6.6.6 5.5.5.5 6.6.6.6 P-2-P 1
Run the display ospf sham-link area command, and you can find that the state of the peer end is "Full".
[PE1] display ospf sham-link area 0 OSPF Process 1 with Router ID 1.1.1.9 OSPF Process 100 with Router ID 5.5.5.5 Sham-Link: 5.5.5.5 --> 6.6.6.6 NeighborID: 6.6.6.6, State: Full Area: 0.0.0.0 Cost: 10 State: P-2-P, Type: Sham Timers: Hello 10 , Dead 40 , Retransmit 5 , Transmit Delay 1
Run the display ospf routing command on the CE device. It shows that the route of remote CE is considered as the intra-area route.
[CE1] display ospf routing OSPF Process 1 with Router ID 100.1.1.1 Routing Tables Routing for Network Destination Cost Type NextHop
AdvRouter
Area
3-182
Issue 03 (2008-09-22)
120.1.1.0/24 3 Transit 100.1.1.2 20.1.1.0/24 10 Stub 20.1.1.1 30.1.1.0/24 11 Stub 20.1.1.2 100.1.1.0/24 1 Transit 100.1.1.1 Routing for ASEs Destination Cost Type Tag 120.1.1.1/32 1 Type2 3489661028 6.6.6.6/32 1 Type2 3489661028 5.5.5.5/32 1 Type2 3489661028 100.1.1.1/32 1 Type2 3489661028 Total Nets: 8 Intra Area: 4 Inter Area: 0 ASE: 4 NSSA: 0
Configuration Files
l
Issue 03 (2008-09-22)
3-183
Configuration file of P
# sysname P # mpls lsr-id 2.2.2.9 mpls lsp-trigger all # mpls ldp # interface Pos1/0/0 link-protocol ppp ip address 10.1.1.2 255.255.255.0 mpls mpls ldp # interface Pos2/0/0 link-protocol ppp ip address 40.1.1.1 255.255.255.0 mpls mpls ldp # interface LoopBack1 ip address 2.2.2.9 255.255.255.255 # ospf 1 area 0.0.0.0 network 2.2.2.9 0.0.0.0 network 10.1.1.0 0.0.0.255 network 40.1.1.0 0.0.0.255 # return
3-184
Issue 03 (2008-09-22)
Issue 03 (2008-09-22)
3-185
vpna CE3
POS1/0/0 10.3.1.1/24 POS3/0/0 10.3.1.2/24
PE1
POS1/0/0 172.1.1.2/24
PE2
CE2 vpnb
CE4 vpnb
3-186
Issue 03 (2008-09-22)
Configuration Roadmap
The configuration roadmap is as follows: 1. 2. 3. Configure OSPF between the PEs. Configure the MP-IBGP for PEs to distribute VPN routes known from CEs to each other. Set up EBGP peer relationship between the PE and the connected CE to import the VPN routes to the VPN routing table of the PE. Configure the OSPF multi-instance between MCE and PE2 to switch VPN routes. Configure RIPv2 between MCE and CE3 to switch VPN routes. Configure RIPv2 between MCE and CE4 to switch VPN routes.
NOTE
When configuring OSPF multi-instance between MCE and PE2, configure as follows:
l
In the OSPF view of the PE2, (This OSPF process refers to the process used for the configuration of OSPF multi-instance) import the BGP route. Therefore, the MCE obtains the VPN routes that PE1 has learned from CE1 or CE2. Import the OSPF routes (This OSPF process refers to the process used by the configuration of OSPF multi-instance) in the BGP view of PE2. In this way, PE1 obtains the VPN route from the MCE.
Data Preparation
To complete this configuration, prepare the following data:
l
A VPN instance for each isolated service is created on PE1, PE2 and MCE. Set the name, the RD and the VPN target for these VPN instances. Note that, VPN targets of different VPN instances differ from each other. The VPN targets of the same VPN instance are identical. For different OSPF multi-instances, the OSPF process numbers must be different. On the MCE, the RIP process numbers used for importing the VPN routes of the CE3 should differ from that of the CE4.
l l
Configuration Procedure
1. Run OSPF on routers of the backbone network. The detailed configuration procedure is not mentioned here. After this configuration, the PEs can learn the loopback1 address of each other. Consider PE2 as an example:
<PE2> display ip routing-table Route Flags: R - relied, D - download to fib -----------------------------------------------------------------------------Routing Tables: Public Destinations : 7 Routes : 7 Destination/Mask Proto Pre Cost Flags NextHop Interface 1.1.1.9/32 OSPF 10 2 D 172.1.1.1 Pos1/0/0 2.2.2.9/32 Direct 0 0 D 127.0.0.1 InLoopBack0 127.0.0.0/8 Direct 0 0 D 127.0.0.1 InLoopBack0 127.0.0.1/32 Direct 0 0 D 127.0.0.1 InLoopBack0 172.1.1.0/24 Direct 0 0 D 172.1.1.2 Pos1/0/0 172.1.1.1/32 Direct 0 0 D 172.1.1.1 Pos1/0/0 172.1.1.2/32 Direct 0 0 D 127.0.0.1 InLoopBack0
2.
Enable MPLS and MPLS LDP for PEs to set up an LSP between PEs. The detailed configuration procedure is not mentioned here. After this configuration, PEs can learn the loopback1 address of each other. Run the display mpls ldp session command
Issue 03 (2008-09-22)
3-187
on the PE. You can find that the session status of the MPLS LDP between the PEs is "operational". Consider PE2 as an example:
<PE2> display mpls ldp session LDP Session(s) in Public Network -------------------------------------------------------------------------Peer-ID Status LAM SsnRole SsnAge KA-Sent/Rcv -------------------------------------------------------------------------1.1.1.9:0 Operational DU Active 000:00:04 17/17 -------------------------------------------------------------------------TOTAL: 1 session(s) Found. LAM : Label Advertisement Mode SsnAge Unit : DDD:HH:MM
3.
# Configure PE2.
<PE2> system-view [PE2] ip vpn-instance vpna [PE2-vpn-instance-vpna] route-distinguisher 200:1 [PE2-vpn-instance-vpna] vpn-target 111:1 both [PE2-vpn-instance-vpna] quit [PE2] ip vpn-instance vpnb [PE2-vpn-instance-vpnb] route-distinguisher 200:2 [PE2-vpn-instance-vpnb] vpn-target 222:2 both [PE2-vpn-instance-vpnb] quit [PE2] interface pos2/0/0 [PE2-Pos2/0/0] ip binding vpn-instance vpna [PE2-Pos2/0/0] ip address 192.1.1.1 24 [PE2-Pos2/0/0] quit [PE2]interface pos3/0/0 [PE2-Pos3/0/0] ip binding vpn-instance vpnb [PE2-Pos3/0/0] ip address 192.2.1.1 24 [PE2-Pos3/0/0] quit
4.
3-188
Issue 03 (2008-09-22)
5.
Set up MP-IBGP peer relationship between PE1 and PE2, and set up EBGP peer relationship between PE1 and CE1, and between PE1 and CE2. The detailed configuration procedure is not mentioned here. After this configuration, run the display bgp vpnv4 all peer command on PE1. You can find the status of IBGP peer relationship between PE1 and PE2 is "established". The state of EBGP peer relationship between PE1 and CE1, and between PE1 and CE2 are "established".
[PE1] display bgp vpnv4 all peer BGP local router ID : 1.1.1.9 Local AS number : 100 Total number of peers : 3 Peer V AS MsgRcvd MsgSent 2.2.2.9 4 100 13 10 Peer of vpn instance : vpn instance vpna : 10.1.1.1 4 65410 9 11 vpn instance vpnb : 10.2.1.1 4 65420 9 12
Peers in established state : 3 OutQ Up/Down State PrefRcv 0 00:03:45 Established 6 0 0 00:04:14 Established 00:04:09 Established 2 2
6.
# Configure MCE.
<MCE> system-view [MCE] ospf 100 vpn-instance [MCE-ospf-100] area 0 [MCE-ospf-100-area-0.0.0.0] [MCE-ospf-100-area-0.0.0.0] [MCE-ospf-100] quit [MCE] ospf 200 vpn-instance [MCE-ospf-200] area 0 [MCE-ospf-200-area-0.0.0.0] [MCE-ospf-200-area-0.0.0.0] [MCE-ospf-200] quit vpna network 192.1.1.0 0.0.0.255 quit vpnb network 192.2.1.0 0.0.0.255 quit
Issue 03 (2008-09-22)
3-189
7.
Configure RIPv2 between MCE and CE3, and between MCE and CE4. # Configure MCE.
[MCE] rip 100 [MCE-rip-100] [MCE-rip-100] [MCE-rip-100] [MCE-rip-100] [MCE] rip 200 [MCE-rip-200] [MCE-rip-200] [MCE-rip-200] vpn-instance vpna version 2 network 10.0.0.0 import-route ospf 100 quit vpn-instance vpnb version 2 network 10.0.0.0 import-route ospf 200
# Configure CE3.
<Quidway> system-view [Quidway] sysname CE3 [CE3] rip 100 [CE3-rip-100] version 2 [CE3-rip-100] network 10.0.0.0 [CE3-rip-100] import-route direct
# Configure CE4.
<Quidway> system-view [Quidway] sysname CE4 [CE4] rip 200 [CE4-rip-200] version 2 [CE4-rip-200] network 10.0.0.0 [CE4-rip-200] import-route direct
8.
Skip the test for loop on MCE, and import RIP routes.
<MCE> system-view [MCE] ospf 100 vpn-instance vpna [MCE-ospf-100] vpn-instance-capability simple [MCE-ospf-100] import-route rip 100 [MCE] ospf 200 vpn-instance vpnb [MCE-ospf-200] vpn-instance-capability simple [MCE-ospf-200] import-route rip 200
9.
Verify the configuration. After the configuration given above, run the display ip routing-table vpn-instance command on MCE. You can find MCE has a route to each peer CE. Consider vpna as an example:
[MCE] display ip routing-table vpn-instance vpna Route Flags: R - relied, D - download to fib -----------------------------------------------------------------------------Routing Tables: vpna Destinations : 8 Routes : 8 Destination/Mask Proto Pre Cost Flags NextHop Interface 10.1.1.0/24 O_ASE 150 1 D 192.1.1.1 Pos1/0/0 10.1.1.1/32 O_ASE 150 1 D 192.1.1.1 Pos1/0/0 10.3.1.0/24 Direct 0 0 D 10.3.1.2 Pos3/0/0 10.3.1.1/32 Direct 0 0 D 10.3.1.1 Pos3/0/0 10.3.1.2/32 Direct 0 0 D 127.0.0.1 InLoopBack0 192.1.1.0/24 Direct 0 0 D 192.1.1.2 Pos1/0/0 192.1.1.1/32 Direct 0 0 D 192.1.1.1 Pos1/0/0 192.1.1.2/32 Direct 0 0 D 127.0.0.1 InLoopBack0
Run the display ip routing-table vpn-instance command on the PE. You can find PE has a route to each peer CE. Consider vpna on PE1 as an example:
[PE1] display ip routing-table vpn-instance vpna Route Flags: R - relied, D - download to fib -----------------------------------------------------------------------------Routing Tables: vpna Destinations : 5 Routes : 5 Destination/Mask Proto Pre Cost Flags NextHop Interface
3-190
Issue 03 (2008-09-22)
CE1 and CE3 can ping through each other. Also, CE2 and CE4 can ping through each other. Consider CE1 as an example:
[CE1] ping 10.3.1.1 PING 10.3.1.1: 56 data bytes, press CTRL_C to break Reply from 10.3.1.1: bytes=56 Sequence=1 ttl=252 time=125 Reply from 10.3.1.1: bytes=56 Sequence=2 ttl=252 time=125 Reply from 10.3.1.1: bytes=56 Sequence=3 ttl=252 time=125 Reply from 10.3.1.1: bytes=56 Sequence=4 ttl=252 time=125 Reply from 10.3.1.1: bytes=56 Sequence=5 ttl=252 time=125 --- 10.3.1.1 ping statistics --5 packet(s) transmitted 5 packet(s) received 0.00% packet loss round-trip min/avg/max = 125/125/125 ms ms ms ms ms ms
The CE1 and CE3 can ping through CE2 and CE4. Consider the display of ping CE4 on CE1 as an example:
[CE1] ping 10.4.1.1 PING 10.4.1.1: 56 data bytes, press CTRL_C to break Request time out Request time out Request time out Request time out Request time out --- 10.4.1.1 ping statistics --5 packet(s) transmitted 0 packet(s) received 100.00% packet loss
Configuration Files
l
Issue 03 (2008-09-22)
3-191
3-192
Issue 03 (2008-09-22)
Issue 03 (2008-09-22)
3-193
3-194
Issue 03 (2008-09-22)
Issue 03 (2008-09-22)
3-195
Backbone
POS2/0/0 172.1.1.1/24
POS2/0/0 172.1.1.2/24
PE1
PE2
CE1 VPN1
GE2/0/0 100.1.1.1/24
POS1/0/0 10.2.1.1/24
VPN2
GE2/0/0
CE2 200.1.1.1/24
PC1
100.1.1.11/24
PC2
100.1.1.12/24
Configuration Roadmap
The configuration roadmap is as follows: 1. 2. 3. 4. Configure VPN instance vpn1 on PE1 and configure CE1 to access PE1. Configure VPN instances vpn1 and vpn2 on PE2. CE3 accesses vpn1; CE2 accesses vpn2. Create a VPN group on PE1 and add vpn2 to the VPN group. Configure VPN instance vpn2 on PE1.Configure a traffic policy and apply the policy. Redirect packets sent from PC1 to 10.2.1.0/24 to the VPN group. Configure static routes on PEs so that packets returned from vpn2 can access PC1.
Data Preparation
To configure PBR to VPN, you need the following data:
l l l l
MPLS LSR-ID on PEs VPN instance names, RDs, and VPN targets on PEs ACL number and rules Traffic class, traffic behavior, and traffic policy
Configuration Procedure
1. Configure OSPF and MPLS LDP. # Configure PE1.
3-196 Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd. Issue 03 (2008-09-22)
<Quidway> system-view [Quidway] sysname PE1 [PE1] interface loopback 1 [PE1-LoopBack1] ip address 1.1.1.9 32 [PE1-LoopBack1] quit [PE1] mpls lsr-id 1.1.1.9 [PE1] mpls [PE1-mpls] quit [PE1] mpls ldp [PE1-mpls-ldp] quit [PE1] interface pos2/0/0 [PE1-Pos2/0/0] ip address 172.1.1.1 24 [PE1-Pos2/0/0] mpls [PE1-Pos2/0/0] mpls ldp [PE1-Pos2/0/0] undo shutdown [PE1-Pos2/0/0] quit [PE1] ospf [PE1-ospf-1] area 0 [PE1-ospf-1-area-0.0.0.0] network 1.1.1.9 0.0.0.0 [PE1-ospf-1-area-0.0.0.0] network 172.1.1.0 0.0.0.255 [PE1-ospf-1-area-0.0.0.0] quit [PE1-ospf-1] quit
# Configure PE2.
<Quidway> system-view [Quidway] sysname PE2 [PE2] interface loopback 1 [PE2-LoopBack1] ip address 2.2.2.9 32 [PE2-LoopBack1] quit [PE2] mpls lsr-id 2.2.2.9 [PE2] mpls [PE2-mpls] quit [PE2] mpls ldp [PE2-mpls-ldp] quit [PE2] interface pos2/0/0 [PE2-Pos2/0/0] ip address 172.1.1.2 24 [PE2-Pos2/0/0] mpls [PE2-Pos2/0/0] mpls ldp [PE2-Pos2/0/0] undo shutdown [PE2-Pos2/0/0] quit [PE2] ospf [PE2-ospf-1] area 0 [PE2-ospf-1-area-0.0.0.0] network 2.2.2.9 0.0.0.0 [PE2-ospf-1-area-0.0.0.0] network 172.1.1.0 0.0.0.255 [PE2-ospf-1-area-0.0.0.0] quit [PE2-ospf-1] quit
2.
Establish the MP-IBGP relationship between PEs to advertise VPN-IPv4 routes. # Configure PE1.
[PE1] bgp 100 [PE1-bgp] peer 2.2.2.9 as-number 100 [PE1-bgp] peer 2.2.2.9 connect-interface loopback 1 [PE1-bgp] ipv4-family vpnv4 [PE1-bgp-af-vpnv4] peer 2.2.2.9 enable [PE1-bgp-af-vpnv4] quit [PE1-bgp] quit
# Configure PE2.
[PE2] bgp 100 [PE2-bgp] peer 1.1.1.9 as-number 100 [PE2-bgp] peer 1.1.1.9 connect-interface LoopBack 1 [PE2-bgp] ipv4-family vpnv4 [PE2-bgp-af-vpnv4] peer 1.1.1.9 enable [PE2-bgp-af-vpnv4] quit [PE2-bgp] quit
3.
Issue 03 (2008-09-22)
3-197
Configure VPN instance vpn1 on PE1 to access CE1. Configure VPN instance vpn1 on PE2 to access CE3. Configure VPN instance vpn2 on PE2 to access CE2. Configure the default route to the remote CE on the CE1. # Configure PE1.
[PE1] ip vpn-instance vpn1 [PE1-vpn-instance-vpn1] route-distinguisher 100:1 [PE1-vpn-instance-vpn1] vpn-target 1:1 [PE1-vpn-instance-vpn1] quit [PE1] interface pos 1/0/0 [PE1-Pos1/0/0] ip binding vpn-instance vpn1 [PE1-Pos1/0/0] ip address 10.1.1.2 24 [PE1-Pos1/0/0] undo shutdown
# Configure PE2.
[PE2] ip vpn-instance vpn1 [PE2-vpn-instance-vpn1] route-distinguisher 100:1 [PE2-vpn-instance-vpn1] vpn-target 1:1 [PE2-vpn-instance-vpn1] quit [PE2] ip vpn-instance vpn2 [PE2-vpn-instance-vpn2] route-distinguisher 100:2 [PE2-vpn-instance-vpn2] vpn-target 2:2 [PE2-vpn-instance-vpn2] quit [PE2] interface pos 1/0/0 [PE2-Pos1/0/0] ip binding vpn-instance vpn2 [PE2-Pos1/0/0] ip address 10.2.1.2 24 [PE2-Pos1/0/0] undo shutdown [PE2-Pos1/0/0] quit [PE2] interface pos 3/0/0 [PE2-Pos3/0/0] ip binding vpn-instance vpn1 [PE2-Pos3/0/0] ip address 10.3.1.2 24 [PE2-Pos3/0/0] undo shutdown [PE2-Pos3/0/0] quit
# Configure CE1.
<CE1> system-view [CE1] interface pos 1/0/0 [CE1-Pos1/0/0] ip address 10.1.1.1 24 [CE1-Pos1/0/0] undo shutdown [CE1-Pos1/0/0] quit [CE1] interface gigabitethernet 2/0/0 [CE1-GigabitEthernet2/0/0] ip address 100.1.1.1 24 [CE1-GigabitEthernet2/0/0] undo shutdown [CE1-GigabitEthernet2/0/0] quit [CE1] ip route-static 0.0.0.0 0 10.1.1.2
# Configure CE2.
<CE2> system-view [CE2] interface pos 1/0/0 [CE2-Pos1/0/0] ip address 10.2.1.1 24 [CE2-Pos1/0/0] undo shutdown [CE2-Pos1/0/0] quit [CE2] interface gigabitethernet 2/0/0 [CE2-GigabitEthernet2/0/0] ip address 200.1.1.1 24 [CE2-GigabitEthernet2/0/0] undo shutdown [CE2-GigabitEthernet2/0/0] quit
# Configure CE3.
<CE3> system-view [CE3] interface pos 1/0/0 [CE3-Pos1/0/0] ip address 10.3.1.1 24 [CE3-Pos1/0/0] undo shutdown [CE3-Pos1/0/0] quit
4.
Set up the EBGP relationship between PEs and CEs. # Configure CE1.
[CE1] bgp 600
3-198
Issue 03 (2008-09-22)
[CE1-bgp] peer 10.1.1.2 as-number 100 [CE1-bgp] import-route direct [CE1-bgp] quit [CE1] interface gigabitethernet 2/0/0 [CE1-GigabitEthernet2/0/0] ip address 100.1.1.1 24 [CE1-GigabitEthernet2/0/0] undo shutdown [CE1-GigabitEthernet2/0/0] quit
# Configure PE1.
[PE1] bgp 100 [PE1-bgp] ipv4-family vpn-instance vpn1 [PE1-bgp-vpn1] peer 10.1.1.1 as-number 600 [PE1-bgp-vpn1] import-route direct [PE1-bgp-vpn1] quit [PE1-bgp] quit
# Configure CE2.
[CE2] bgp [CE2-bgp] [CE2-bgp] [CE2-bgp] 700 peer 10.2.1.2 as-number 100 import-route direct quit
# Configure CE3.
[CE3] bgp [CE3-bgp] [CE3-bgp] [CE3-bgp] 800 peer 10.3.1.2 as-number 100 import-route direct quit
# Configure PE2.
[PE2] bgp 100 [PE2-bgp] ipv4-family vpn-instance vpn1 [PE2-bgp-vpn1] peer 10.3.1.1 as-number 800 [PE2-bgp-vpn1] import-route direct [PE2-bgp-vpn1] quit [PE2-bgp] ipv4-family vpn-instance vpn2 [PE2-bgp-vpn2] peer 10.2.1.1 as-number 700 [PE2-bgp-vpn2] import-route direct [PE2-bgp-vpn2] quit [PE2-bgp] quit
After the preceding configuration, CE1 can ping through CE3 instead of CE2. Run the display bgp vpnv4 all peer command on PE2 and you can view that the status of PE2 BGP peers is Established. The display is as follows:
[PE2] display bgp vpnv4 all peer BGP local router ID : 2.2.2.9 Local AS number : 100 Total number of peers : 3 Peers in established state : 3 Peer V AS MsgRcvd MsgSent OutQ Up/Down State PrefRcv 1.1.1.9 4 100 19 23 0 00:15:40 Established 14 Peer of vpn instance : vpn instance vpn1 : 10.3.1.1 4 800 14 7 0 00:03:51 Established 10 vpn instance vpn2 : 10.2.1.1 4 700 12 11 0 00:04:14 Established 5
5.
Issue 03 (2008-09-22)
3-199
# Configure a static route so that PC1 can access VPN2 and the return packet can find a correct route to PC1 in VPN1 routing table on PE1.
[PE1] ip route-static vpn-instance vpn2 100.1.1.0 24 vpn-instance vpn1 10.1.1.1
# Import the configured static route into BGP and advertise it to PE2.
[PE1] bgp 100 [PE1-bgp] ipv4-family vpn-instance vpn2 [PE1-bgp-vpn2] import-route static [PE1-bgp-vpn2] import-route direct [PE1-bgp-vpn2] quit [PE1-bgp] quit
# Configure a traffic policy to redirect the packets sent by PC1 to the VPN group vg1.
[PE1] traffic classifier c1 [PE1-classifier-c1] if-match acl 3000 [PE1-classifier-c1] quit [PE1] traffic behavior b1 [PE1-behavior-b1] redirect vpn-group vg1 [PE1-behavior-b1] quit [PE1] traffic policy p1 [PE1-trafficpolicy-p1] classifier c1 behavior b1 [PE1-trafficpolicy-p1] quit
# Apply the traffic policy to POS 1/0/0 and activate the policy.
[PE1] interface pos1/0/0 [PE1-Pos1/0/0] traffic-policy p1 inbound [PE1-Pos1/0/0] quit
6.
Verify the configuration. After the configuration, PC1 can ping through CE2.
C:\> ping 200.1.1.1 Pinging 200.1.1.1 with 32 bytes of data: Reply from 200.1.1.1: bytes=32 time=4ms TTL=255 Reply from 200.1.1.1: bytes=32 time=2ms TTL=255 Reply from 200.1.1.1: bytes=32 time=2ms TTL=255 Reply from 200.1.1.1: bytes=32 time=2ms TTL=255 Ping statistics for 200.1.1.1: Packets: Sent = 4, Received = 4, Lost = 0 (0% loss), Approximate round trip times in milli-seconds: Minimum = 2ms, Maximum = 4ms, Average = 2ms
Configuration Files
l
3-200
Issue 03 (2008-09-22)
Issue 03 (2008-09-22)
3-201
bgp 100 peer 2.2.2.9 as-number 100 peer 2.2.2.9 connect-interface LoopBack1 # ipv4-family unicast undo synchronization peer 2.2.2.9 enable # ipv4-family vpnv4 policy vpn-target peer 2.2.2.9 enable # ipv4-family vpn-instance vpn1 peer 10.1.1.1 as-number 600 import-route direct # ipv4-family vpn-instance vpn2 import-route static import-route direct # ospf 1 area 0.0.0.0 network 1.1.1.9 0.0.0.0 network 172.1.1.0 0.0.0.255 # ip route-static vpn-instance vpn2 100.1.1.0 24 vpn-instance vpn1 10.1.1.1 # return l
3-202
Issue 03 (2008-09-22)
Issue 03 (2008-09-22)
3-203
Loopback1 1.1.1.1/32
PE1
POS1/0/0 10.1.1.2/24 POS1/0/0 10.1.1.1/24 GE2/0/0 100.3.1.2/24
PE2
POS2/0/0 10.2.1.2/24 POS1/0/0 10.2.1.1/24
POS2/0/0 100.1.1.1/24
P Internet AS100
POS2/0/0 10.2.1.1/24
CE1
Configuration Roadmap
In this configuration, configure the L3VPN first. It needs the following static routes: 1. 2. 3. Add a default route on CE1. The next hop is PE1. Add a default route from the VPN device to the Internet on PE1. The next hop is P. Thus, the traffic of the proxy server reaches the Internet. Add a static route from the Internet to the proxy server on PE1 and the next hop is CE1. Use IGP to advertise this route to the Internet, Thus, the traffic of Internet reaches the server attached with CE1.
Data Preparation
To configure BGP/MPLS IP VPN, you need the following data:
l l l
3-204
Configuration Procedure
1. Configure IGP. Assign IP addresses for physical interfaces and loopback interfaces on the backbone network. Run IGP on each router of the backbone so that PE1, P and PE2 can ping through each other, and know the loopback address of each other. The detailed configuration procedure is not mentioned here. 2. Set up an MPLS LDP LSP and MP-IBGP peer relationship. Set up an MPLS LSP and MP-IBGP peer relationship between the PEs. The detailed configuration procedure is not mentioned here. After the configuration given above, run the display mpls ldp session command on P. You can find the LDP session "Status" between PE1 and P, and that between PE2 and P is "Operational". The display on P is as follows:
<P> display mpls ldp session LDP Session(s) in Public Network -------------------------------------------------------------------------Peer-ID Status LAM SsnRole SsnAge KA-Sent/Rcv 1.1.1.1:0 Operational DU Active 000:00:05 23/23 3.3.3.3:0 Operational DU Passive 000:00:04 18/18 -------------------------------------------------------------------------TOTAL: 2 session(s) Found. LAM : Label Advertisement Mode SsnAge Unit : DDD:HH:MM
Run the display bgp vpnv4 all peer command on PE. You can find that the MP-IBGP peer relationship state is "Established". Consider PE1 as an example:
<PE1> display bgp vpnv4 all peer BGP local router ID : 1.1.1.1 Local AS number : 100 Total number of peers : 1 Peer V AS MsgRcvd 3.3.3.3 4 100 6
Peers in established state : 1 MsgSent OutQ Up/Down State PrefRcv 8 0 00:03:48 Established
3.
Create VPN instances and establishing EBGP. Create the VPN instance named VPN1 on PE and bind it with the interface attached with the CE. Establish the EBGP peer relationship between PE1 and CE1, and that between PE2 and CE2. In this manner, the routes on the CE can be imported to the PE. The detailed configuration procedure is not mentioned. After the configuration given above, run the display ip vpn-instance command on PE. You can find the "VPN instance names" contains VPN1. Consider PE1 as an example:
[PE1] display ip vpn-instance Total VPN-Instances configured : 1 VPN-Instance Name RD vpn1 100:1 Creation Time 2007/01/08 18:40:57
Run the display bgp vpnv4 all peer on PE to display the status of IBGP and EBGP peers both of which are "established". Consider PE1 as an example:
<PE1> display bgp vpnv4 all peer BGP local router ID : 1.1.1.1 Local AS number : 100 Total number of peers : 2 Peer V AS MsgRcvd 3.3.3.3 4 100 127 BGP local router ID : 1.1.1.1 Local AS number : 100
Peers in established state : 2 MsgSent OutQ Up/Down State PrefRcv 134 0 01:39:44 Established 2
Issue 03 (2008-09-22)
3-205
MsgSent
110
4.
Configure the static route to enable VPN to access the public network. # Configure a default route on CE1and the next hop is PE1.
<CE1> system-view [CE1] ip route-static 0.0.0.0 0 10.1.1.2
# Configure PE1. # Configure a default route from the proxy server of the VPN site to Internet. The next hop is P. Specify the address of the next hop as public network address. That is, add a keyword public after the next hop address in the command.
<PE1> system-view [PE1] ip route-static vpn-instance vpn1 0.0.0.0 0 100.1.1.2 public
# Configure a static route back to the proxy server. The next hop is CE1.
[PE1] ip route-static 100.3.1.1 24 vpn-instance vpn1 10.1.1.1
# Configure the proxy server. Set the IP address of the proxy server as 100.3.1.1/24. Set its default gateway as CE1, that is, 100.3.1.2/24. A proxy software should also be run on the proxy server. 5. Verify the configuration. Run the display ip routing-table vpn-instance command on PE1. You can find a default route, with next hop being 100.1.1.2 and the egress being POS 2/0/0, exists in the VPN routing table.
[PE1] display ip routing-table vpn-instance vpn1 Route Flags: R - relied, D - download to fib -----------------------------------------------------------------------------Routing Tables: vpn1 Destinations : 7 Routes : 7 Destination/Mask Proto Pre Cost Flags NextHop Interface 0.0.0.0/0 Static 60 0 RD 100.1.1.2 Pos2/0/0 10.1.1.0/24 Direct 0 0 D 10.1.1.2 Pos1/0/0 10.1.1.1/32 Direct 0 0 D 10.1.1.1 Pos1/0/0 10.1.1.2/32 Direct 0 0 D 127.0.0.1 InLoopBack0 10.2.1.0/24 BGP 255 0 RD 3.3.3.3 Pos2/0/0 10.2.1.1/32 BGP 255 0 RD 3.3.3.3 Pos2/0/0 100.3.1.1/32 BGP 255 0 D 10.1.1.1 Pos1/0/0
Run the display ip routing-table command on PE1 to display that the route to the proxy server exists in the public network routing table, and the IP address of next hop is 10.1.1.1.
[PE1] display ip routing-table Route Flags: R - relied, D - download to fib -----------------------------------------------------------------------------Routing Tables: Public Destinations : 10 Routes : 10 Destination/Mask Proto Pre Cost Flags NextHop Interface 1.1.1.1/32 Direct 0 0 D 127.0.0.1 InLoopBack0 2.2.2.2/32 OSPF 10 2 D 100.1.1.2 Pos2/0/0 3.3.3.3/32 OSPF 10 3 D 100.1.1.2 Pos2/0/0 100.1.1.0/24 Direct 0 0 D 100.1.1.1 Pos2/0/0 100.1.1.1/32 Direct 0 0 D 127.0.0.1 InLoopBack0 100.1.1.2/32 Direct 0 0 D 100.1.1.2 Pos2/0/0 100.2.1.0/24 OSPF 10 2 D 100.1.1.2 Pos2/0/0 100.3.1.0/24 Static 60 0 D 10.1.1.1 Pos1/0/0 127.0.0.0/8 Direct 0 0 D 127.0.0.1 InLoopBack0 127.0.0.1/32 Direct 0 0 D 127.0.0.1 InLoopBack0
3-206
Issue 03 (2008-09-22)
Configuration Files
l
Issue 03 (2008-09-22)
3-207
ip address 1.1.1.1 255.255.255.255 # bgp 100 peer 3.3.3.3 as-number 100 peer 3.3.3.3 connect-interface LoopBack1 # ipv4-family unicast undo synchronization peer 3.3.3.3 enable # ipv4-family vpnv4 policy vpn-target peer 3.3.3.3 enable # ipv4-family vpn-instance vpn1 peer 10.1.1.1 as-number 65410 import-route static import-route direct # ospf 1 area 0.0.0.0 network 1.1.1.1 0.0.0.0 network 100.1.1.0 0.0.0.255 # ip route-static 100.3.1.0 255.255.255.0 Pos1/0/0 10.1.1.1 ip route-static vpn-instance vpn1 0.0.0.0 0.0.0.0 100.1.1.2 public # return l
Configuration file of P
# sysname P # mpls lsr-id 2.2.2.2 mpls lsp-trigger all # mpls ldp # interface Pos1/0/0 link-protocol ppp ip address 100.1.1.2 255.255.255.0 mpls mpls ldp # interface Pos2/0/0 link-protocol ppp ip address 100.2.1.1 255.255.255.0 mpls mpls ldp # interface LoopBack1 ip address 2.2.2.2 255.255.255.255 # ospf 1 area 0.0.0.0 network 2.2.2.2 0.0.0.0 network 100.1.1.0 0.0.0.255 network 100.2.1.0 0.0.0.255 # ip route-static 100.3.1.0 255.255.255.0 100.1.1.1 # return
3-208
Issue 03 (2008-09-22)
Issue 03 (2008-09-22)
3-209
Networking Requirements
With the development of the telecommunication services, all the telecommunication services will be carried on the universal IP network. Some important services such as 3G/NGN, IPTV media traffic, VIP customer VPN require high reliability of the network. To promote the network reliability, besides considering the reliability of the network devices, the link and network reliability such as fast route convergence, fault detection, fast reroute, and backup must be taken into consideration. For the access layer, the dual-homed CE is a common solution for improving the network reliability. A dual-homed CE refers to a CE that is connected with two PEs, which belong to the same VPN with the CE. The dual-homed CE accesses the backbone network through two links that can either perform load balancing or work as the active and standby link. As shown in Figure 3-16, CE1 resides in site1 of vpn1. CE2 resides in site2 of vpn1. CE1 accesses the PE1 and PE2 in dual-homed mode. The VPN2 access the PE3 and PE4 in dualhomed mode. If the data traffic from the CE1 to the CE2 is large while that from the CE2 to the CE1 is small, the traffic data from CE1 to CE2 can be configured to be transmitted in load-balancing mode. In addition, the data traffic from the CE2 to CE1 is transmitted through the PE4 instead of the PE3, which works as a backup. Figure 3-16 Networking diagram for the dual-homed CE
VPN backbone AS 100
Loopback1 Loopback1 Loopback1
GE1/0/0
POS2/0/0 POS1/0/0
POS2/0/0 POS1/0/0
GE2/0/0
CE1
GE1/0/0 GE2/0/0 GE3/0/0 GE1/0/0
PE1
P1
PE3
CE2
GE1/0/0 GE2/0/0 GE3/0/0 GE2/0/0
PE2
POS2/0/0 POS1/0/0 Loopback1
P2
POS2/0/0 POS1/0/0
PE4
Loopback1
vpn1 site2
Loopback1
AS 65420
Device CE1 GE2/0/0 GE3/0/0 PE1 GE1/0/0 POS2/0/0 PE2 GE1/0/0 POS2/0/0 P1
Interface GE1/0/0 10.2.1.1/30 10.5.1.1/24 Loopback1 10.1.1.2/30 100.1.1.1/30 Loopback1 10.2.1.2/30 100.2.1.1/30 Loopback1
IP address 10.1.1.1/30
1.1.1.1/32
2.2.2.2/32
5.5.5.5/32
3-210
Issue 03 (2008-09-22)
6.6.6.6/32
3.3.3.3/32
4.4.4.4/32
10.3.1.2/30
Configuration Roadmap
The configuration roadmap is as follows: 1. 2. 3. Configure the basic BGP/MPLS IP VPN. Enable load balancing for the data traffic to the CE2 in the BGP view on the CE1. Enlarge the MED value of the BGP-VPN route on the PE3 to ensure the next hop of the route selected by the CE2 to the users that access the CE1 is PE4.
Configuration Procedure
1. Configure IGP on the MPLS backbone network to ensure the communication between the PEs and Ps. # Configure PE1. # Configure the IP addresses of the interfaces. The IP address of the loopback interface has 32-bit mask.
<Quidway> system-view [Quidway] sysname PE1 [PE1] interface loopback 1 [PE1-LoopBack1] ip address 1.1.1.1 32 [PE1-LoopBack1] quit [PE1] interface pos2/0/0 [PE1-Pos2/0/0] ip address 100.1.1.1 30 [PE1-Pos2/0/0] quit
# Configure PE2. # Configure the IP addresses of the interfaces. The IP address of the loopback interface has 32-bit mask.
<Quidway> system-view [Quidway] sysname PE2
Issue 03 (2008-09-22)
3-211
# Configure P1. # Configure the IP addresses of the interfaces. The IP address of the loopback interface has 32-bit mask.
<Quidway> system-view [Quidway] sysname P1 [P1] interface loopback 1 [P1-LoopBack1] ip address 5.5.5.5 32 [P1-LoopBack1] quit [P1] interface pos 1/0/0 [P1-Pos1/0/0] ip address 100.1.1.2 30 [P1-Pos1/0/0] quit [P1] interface pos 2/0/0 [P1-Pos2/0/0] ip address 100.3.1.1 30 [P1-Pos2/0/0] quit
# Configure P2. # Configure the IP addresses of the interfaces. The IP address of the loopback interface has 32-bit mask.
<Quidway> system-view [Quidway] sysname P2 [P2] interface loopback 1 [P2-LoopBack1] ip address 6.6.6.6 32 [P2-LoopBack1] quit [P2] interface pos 1/0/0 [P2-Pos1/0/0] ip address 100.2.1.2 30 [P2-Pos1/0/0] quit [P2] interface pos 2/0/0 [P2-Pos2/0/0] ip address 100.4.1.1 30 [P2-Pos2/0/0] quit
3-212
Issue 03 (2008-09-22)
# Configure PE3. # Configure the IP addresses of the interfaces. The IP address of the loopback interface has 32-bit mask.
<Quidway> system-view [Quidway] sysname PE3 [PE3] interface loopback 1 [PE3-LoopBack1] ip address 3.3.3.3 32 [PE3-LoopBack1] quit [PE3] interface pos1/0/0 [PE3-Pos1/0/0] ip address 100.3.1.2 30 [PE3-Pos1/0/0] quit
# Configure PE4. # Configure the IP addresses of the interfaces. The IP address of the loopback interface has 32-bit mask.
<Quidway> system-view [Quidway] sysname PE4 [PE4] interface loopback 1 [PE4-LoopBack1] ip address 2.2.2.2 32 [PE4-LoopBack1] quit [PE4] interface pos2/0/0 [PE4-Pos2/0/0] ip address 100.2.1.1 30 [PE4-Pos2/0/0] quit
After the configuration is complete, run the display ip routing-table command. You can find the PE1 and PE3, the PE2 and PE4 has learned the Loopback1 routes between each other. Take the PE1 as an example:
[PE1] display ip routing-table Route Flags: R - relied, D - download to fib -----------------------------------------------------------------------------Routing Tables: Public Destinations : 9 Routes : 9 Destination/Mask Proto Pre Cost Flags NextHop Interface 1.1.1.1/32 Direct 0 0 D 127.0.0.1 InLoopBack0
Issue 03 (2008-09-22)
3-213
2.
Configure the basic MPLS capability and MPLS LDP on the MPLS backbone network and set up the LDP LSP. # Configure PE1. # Enable MPLS and LDP. Specify the LSR-ID as the address of the loopback interface and trigger the LSP setup.
[PE1] mpls lsr-id 1.1.1.1 [PE1] mpls [PE1-mpls] lsp-trigger all [PE1-mpls] quit [PE1] mpls ldp [PE1-mpls-ldp] quit
# Configure PE2. # Enable MPLS and LDP. Specify the LSR-ID as the address of the loopback interface and trigger the LSP setup.
[PE2] mpls lsr-id 1.1.1.1 [PE2] mpls [PE2-mpls] lsp-trigger all [PE2-mpls] quit [PE2] mpls ldp [PE2-mpls-ldp] quit
# Configure P1. # Enable MPLS and LDP. Specify the LSR-ID as the address of the loopback interface and trigger the LSP setup.
[P1] mpls lsr-id 5.5.5.5 [P1] mpls [P1-mpls] lsp-trigger all [P1-mpls] quit [P1] mpls ldp [P1-mpls-ldp] quit
# Configure P2.
3-214 Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd. Issue 03 (2008-09-22)
# Enable MPLS and LDP. Specify the LSR-ID as the address of the loopback interface and trigger the LSP setup.
[P2] mpls lsr-id 5.5.5.5 [P2] mpls [P2-mpls] lsp-trigger all [P2-mpls] quit [P2] mpls ldp [P2-mpls-ldp] quit
# Configure PE3. # Enable MPLS and LDP. Specify the LSR-ID as the address of the loopback interface and trigger the LSP setup.
[PE3] mpls lsr-id 3.3.3.3 [PE3] mpls [PE3-mpls] lsp-trigger all [PE3-mpls] quit [PE3] mpls ldp [PE3-mpls-ldp] quit
# Configure PE4. # Enable MPLS and LDP. Specify the LSR-ID as the address of the loopback interface and trigger the LSP setup.
[PE4] mpls lsr-id 4.4.4.4 [PE4] mpls [PE4-mpls] lsp-trigger all [PE4-mpls] quit [PE4] mpls ldp [PE4-mpls-ldp] quit
After the configuration is complete, the PE1 and P, P and PE2 can set up the LDP session. After running the display mpls ldp session command, you can view the Status item is displayed as "Operational". Running the display mpls ldp lsp command, you can view information about the LDP LSP setup. Take PE1 as an example:
<PE1> display mpls ldp session LDP Session(s) in Public Network -----------------------------------------------------------------------------Peer-ID Status LAM SsnRole SsnAge KA-Sent/Rcv -----------------------------------------------------------------------------5.5.5.5:0 Operational DU Passive 000:07:02 1688/1688
Issue 03 (2008-09-22)
3-215
-----------------------------------------------------------------------------TOTAL: 1 session(s) Found. LAM : Label Advertisement Mode SsnAge Unit : DDD:HH:MM <PE1> display mpls ldp lsp LDP LSP Information -----------------------------------------------------------------------------SN DestAddress/Mask In/OutLabel Next-Hop In/Out-Interface -----------------------------------------------------------------------------1 1.1.1.1/32 3/NULL 127.0.0.1 P2/0/0/InLoop0 2 3.3.3.3/32 NULL/1025 100.1.1.2 -------/P2/0/0 3 5.5.5.5/32 NULL/3 100.1.1.2 -------/P2/0/0 *4 100.1.1.0/30 Liberal 5 100.3.1.0/30 NULL/3 100.1.1.2 -------/P2/0/0 -----------------------------------------------------------------------------TOTAL: 4 Normal LSP(s) Found. TOTAL: 1 Liberal LSP(s) Found. A '*' before an LSP means the LSP is not established A '*' before a Label means the USCB or DSCB is stale
3.
Configure the VPN instance on the PE devices and configure the CEs to access the PEs. # Configure PE1. # Configure vpn1 and specify RD and VPN target. The import VPN target of the PE and the export VPN target of the MP-BGP peer PE must be the same. The export VPN target of the PE and the import VPN target of the MP-BGP peer PE must be the same. Thus, sites within a VPN can access each other.
[PE1] ip vpn-instance vpn1 [PE1-vpn-instance-vpn1] route-distinguisher 100:1 [PE1-vpn-instance-vpn1] vpn-target 1:1 both [PE1-vpn-instance-vpn1] quit
# Bind the interfaces connected with the CE with corresponding VPN and configure IP addresses.
[PE1] interface gigabitethernet 1/0/0 [PE1-GigabitEthernet1/0/0] ip binding vpn-instance vpn1 [PE1-GigabitEthernet1/0/0] ip address 10.1.1.2 30 [PE1-GigabitEthernet1/0/0] quit
# Configure PE2. # Configure vpn1 and specify RD and VPN target. The import VPN target of the PE and the export VPN target of the MP-BGP peer PE must be the same. The export VPN target of the PE and the import VPN target of the MP-BGP peer PE must be the same. Thus, sites within a VPN can access each other.
[PE2] ip vpn-instance vpn1 [PE2-vpn-instance-vpn1] route-distinguisher 100:2 [PE2-vpn-instance-vpn1] vpn-target 1:1 both [PE2-vpn-instance-vpn1] quit
# Bind the interfaces connected with the CE with corresponding VPN and configure IP addresses.
[PE2] interface gigabitethernet 1/0/0 [PE2-GigabitEthernet1/0/0] ip binding vpn-instance vpn1 [PE2-GigabitEthernet1/0/0] ip address 10.2.1.2 30 [PE2-GigabitEthernet1/0/0] quit
# Configure PE3. # Configure vpn1 and specify RD and VPN-Target. The import VPN target of the PE and the export VPN target of the MP-BGP peer PE must be the same. The export VPN target of the PE and the import VPN target of the MP-BGP peer PE must be the same. Thus, sites within a VPN can access each other.
3-216 Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd. Issue 03 (2008-09-22)
[PE3] ip vpn-instance vpn1 [PE3-vpn-instance-vpn1] route-distinguisher 100:3 [PE3-vpn-instance-vpn1] vpn-target 1:1 both [PE3-vpn-instance-vpn1] quit
# Bind the interfaces connected with the CE with corresponding VPN and configure IP addresses.
[PE3] interface gigabitethernet 2/0/0 [PE3-GigabitEthernet2/0/0] ip binding vpn-instance vpn1 [PE3-GigabitEthernet2/0/0] ip address 10.3.1.1 30 [PE3-GigabitEthernet2/0/0] quit
# Configure PE4. # Configure vpn1 and specify RD and VPN-Target. The import VPN target of the PE and the export VPN target of the MP-BGP peer PE must be the same. The export VPN target of the PE and the import VPN target of the MP-BGP peer PE must be the same. Thus, sites within a VPN can access each other.
[PE4] ip vpn-instance vpn1 [PE4-vpn-instance-vpn1 route-distinguisher 100:4 [PE4-vpn-instance-vpn1] vpn-target 1:1 both [PE4-vpn-instance-vpn1] quit
# Bind the interfaces connected with the CE with corresponding VPN and configure IP addresses.
[PE4] interface gigabitethernet 2/0/0 [PE4-GigabitEthernet2/0/0] ip binding vpn-instance vpn1 [PE4-GigabitEthernet2/0/0] ip address 10.4.1.1 30 [PE4-GigabitEthernet2/0/0] quit
# Configure the IP addresses of the CE interfaces as shown in Figure 3-16. The configuration is not mentioned here. After the configuration is complete, running the display ip vpn-instance verbose command on the PE devices, you can view the configuration of the VPN instance. Take the PE1 as an example:
<PE1> display ip vpn-instance verbose Total VPN-Instances configured : 1 VPN-Instance Name and ID : vpn1, 1 Create date : 2006/09/18 14:17:15 Up time : 0 days, 07 hours, 23 minutes and 53 seconds Route Distinguisher : 100:1 Export VPN Targets : 1:1 Import VPN Targets : 1:1 Label policy : label per route Interfaces : GigabitEthernet1/0/0
4.
Configure EBGP between the PEs and the CEs to import the VPN routes. # Configure CE1. # Enable BGP, specify the PE1 and the PE2 as the EBGP peer, and import the direct route.
[CE1] bgp [CE1-bgp] [CE1-bgp] [CE1-bgp] [CE1-bgp] 65410 peer 10.1.1.2 as-number 100 peer 10.2.1.2 as-number 100 import-route direct quit
# Enter the view of the BGP-VPN instance. Specify the CE as the EBGP peer and import the direct route.
[PE1-bgp] ipv4-family vpn-instance vpn1 [PE1-bgp-vpn1] peer 10.1.1.1 as-number 65410
Issue 03 (2008-09-22)
3-217
# Enter the view of the BGP-VPN instance. Specify the CE as the EBGP peer and import the direct route.
[PE2-bgp] ipv4-family vpn-instance vpn1 [PE2-bgp-vpn1] peer 10.2.1.1 as-number 65410 [PE2-bgp-vpn1] import-route direct [PE2-bgp-vpn1] quit
# Configure CE2. # Enable BGP, specify the PE3 and the PE4 as the EBGP peer, and import the direct route.
[CE2] bgp [CE2-bgp] [CE2-bgp] [CE2-bgp] [CE2-bgp] 65420 peer 10.3.1.1 as-number 100 peer 10.4.1.1 as-number 100 import-route direct quit
# Enter the view of the BGP-VPN instance. Specify the CE as the EBGP peer and import the direct route.
[PE3-bgp] ipv4-family vpn-instance vpn1 [PE3-bgp-vpn1] peer 10.3.1.2 as-number 65420 [PE3-bgp-vpn1] import-route direct [PE3-bgp-vpn1] quit
# Enter the view of the BGP-VPN instance. Specify the CE as the EBGP peer and import the direct route.
[PE4-bgp] ipv4-family vpn-instance vpn1 [PE4-bgp-vpn1] peer 10.4.1.2 as-number 65420 [PE4-bgp-vpn1] import-route direct [PE4-bgp-vpn1] quit
After the configuration is complete, running the display bgp vpnv4 vpn-instance vpninstance-name peer command on the PE devices, you can view the BGP peer is set up between the PEs and the CEs. The peer status is "Established". Take the peer relationship between the PE1 and the CE1 as an example:
[PE1] display bgp vpnv4 vpn-instance vpn1 peer BGP local router ID : 1.1.1.1 Local AS number : 100 Total number of peers : 1 Peers in established state : 1 Peer V AS MsgRcvd MsgSent OutQ Up/Down State PrefRcv 10.1.1.1 4 65410 408 435 0 06:16:09 Established 5
PEs can successfully ping the CEs that the PEs access. Take the PE1 as an example:
<PE1> ping -vpn-instance vpn1 10.1.1.1 PING 10.1.1.1: 56 data bytes, press CTRL_C to break Reply from 10.1.1.1: bytes=56 Sequence=1 ttl=255 Reply from 10.1.1.1: bytes=56 Sequence=2 ttl=255 Reply from 10.1.1.1: bytes=56 Sequence=3 ttl=255 Reply from 10.1.1.1: bytes=56 Sequence=4 ttl=255 Reply from 10.1.1.1: bytes=56 Sequence=5 ttl=255 time=80 time=20 time=30 time=50 time=30 ms ms ms ms ms
3-218
Issue 03 (2008-09-22)
5.
Set up the MP-IBGP peer relationship between the PEs. # Configure PE1. # Specify the remote PE3 as the IBGP peer. Configure the loopback interface to set up the IBGP connection.
[PE1] bgp 100 [PE1-bgp] peer 3.3.3.3 as-number 100 [PE1-bgp] peer 3.3.3.3 connect-interface loopback 1
# Enter the VPNV4 address family view and enable the exchange of the VPN IPv4 routing information between the peers.
[PE1-bgp] ipv4-family vpnv4 [PE1-bgp-af-vpnv4] peer 3.3.3.3 enable [PE1-bgp-af-vpnv4] quit
# Configure PE3. # Specify the remote PE1 as the IBGP peer. Configure the loopback interface to set up the IBGP connection.
[PE3] bgp 100 [PE3-bgp] peer 1.1.1.1 as-number 100 [PE3-bgp] peer 1.1.1.1 connect-interface loopback 1
# Enter the VPNV4 address family view and enable the exchange of the VPN IPv4 routing information between the peers.
[PE3-bgp] ipv4-family vpnv4 [PE3-bgp-af-vpnv4] peer 1.1.1.1 enable [PE3-bgp-af-vpnv4] quit
# Configure PE2. # Specify the remote PE4 as the IBGP peer. Configure the loopback interface to set up the IBGP connection.
[PE2] bgp 100 [PE2-bgp] peer 4.4.4.4 as-number 100 [PE2-bgp] peer 4.4.4.4 connect-interface loopback 1
# Enter the VPNV4 address family view and enable the exchange of the VPN IPv4 routing information between the peers.
[PE2-bgp] ipv4-family vpnv4 [PE2-bgp-af-vpnv4] peer 4.4.4.4 enable [PE2-bgp-af-vpnv4] quit
# Configure PE4. # Specify the remote PE2 as the IBGP peer. Configure the loopback interface to set up the IBGP connection.
[PE4] bgp 100 [PE4-bgp] peer 2.2.2.2 as-number 100 [PE4-bgp] peer 2.2.2.2 connect-interface loopback 1
# Enter the VPNV4 address family view and enable the exchange of the VPN IPv4 routing information between the peers.
[PE4-bgp] ipv4-family vpnv4 [PE4-bgp-af-vpnv4] peer 2.2.2.2 enable [PE4-bgp-af-vpnv4] quit
After the configuration is complete, running the display bgp peer or the display bgp vpnv4 all peer commands on the PE devices, you can find the BGP peer relationship is set up between the PEs. The peer status is "Established".
Issue 03 (2008-09-22) Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd. 3-219
<PE1> display bgp peer BGP local router ID : 1.1.1.1 Local AS number : 100 Total number of peers : 1 Peers in established state : 1 Peer V AS MsgRcvd MsgSent OutQ Up/Down State PrefRcv 3.3.3.3 4 100 2 6 0 00:00:12 Established 0 <PE1> display bgp vpnv4 all peer BGP local router ID : 1.1.1.1 Local AS number : 100 Total number of peers : 2 Peers in established state : 2 Peer V AS MsgRcvd MsgSent OutQ Up/Down State PrefRcv 3.3.3.3 4 100 12 18 0 00:09:38 Established 0 Peer of vpn instance: vpn instance vpn1 : 10.1.1.1 4 65410 25 25 0 00:17:57 Established 1
6.
Enable load balancing for the traffic from the CE1 to the CE2 on the CE1.
[CE1] bgp 65410 [CE1-bgp] ipv4-family unicast [CE1-bgp-af-ipv4] maximum load-balancing 2
7.
Configure routing policy. Enlarge the MED value of the vpn1 route of the PE3 and ensure the traffic from the CE2 to the CE1 can pass through the PE4. PE3 works as a backup.
[PE3] route-policy policy1 permit node 10 [PE3-route-policy] apply cost 120 [PE3-route-policy] quit [PE3] bgp 100 [PE3-bgp] ipv4-family vpn-instance vpn1 [PE3-bgp-vpn1] peer 10.3.1.2 route-policy policy1 export
Check the BGP routing table of the CE2. You can find, for the route to 1.5.1.0/30, the MED value advertised by the PE3 is 120. This value is larger than the MED value advertised by the PE4. therefore, the MED value advertised by the PE4 is chosen. By default, the MED value is 0.
[CE2] display bgp routing-table Total Number of Routes: 22 BGP Local router ID is 10.2.1.1 Status codes: * - valid, > - best, d - damped, h - history, i - internal, s - suppressed, S - Stale Origin : i - IGP, e - EGP, ? - incomplete Network NextHop MED LocPrf PrefVal Path/Ogn *> 1.5.1.0/24 10.4.1.1 0 100 65410? * 10.3.1.1 120 0 100 65410? *> 1.6.1.1/32 0.0.0.0 0 0 ? *> 1.6.1.1/32 0.0.0.0 0 0 ? *> 10.1.1.0/30 10.3.1.1 120 0 100? * 10.4.1.1 0 100 65410? *> 10.1.1.1/32 10.3.1.1 120 0 100? *> 10.1.1.2/32 10.4.1.1 0 100 65410? *> 10.2.1.0/30 10.4.1.1 0 100? * 10.3.1.1 120 0 100 65410? *> 10.2.1.1/32 10.4.1.1 0 100? *> 10.2.1.2/32 10.3.1.1 120 0 100 65410? *> 10.3.1.0/30 0.0.0.0 0 0 ? * 10.3.1.1 120 0 100? *> 10.3.1.1/32 0.0.0.0 0 0 ? *> 10.3.1.2/32 0.0.0.0 0 0 ? * 10.3.1.1 120 0 100? *> 10.4.1.0/30 0.0.0.0 0 0 ? * 10.4.1.1 0 0 100? *> 10.4.1.1/32 0.0.0.0 0 0 ? *> 10.4.1.2/32 0.0.0.0 0 0 ? * 10.4.1.1 0 0 100?
8.
Verify the configuration. If the configuration succeeds, you can obtain the following display.
3-220
Issue 03 (2008-09-22)
Run the display ip routing-table command on the CE devices. You can find the routes to the users that access the peer CE2. The routes are in load-balancing mode.
[CE1] display ip routing-table Route Flags: R - relied, D - download to fib -----------------------------------------------------------------------------Routing Tables: Public Destinations : 17 Routes : 18 Destination/Mask Proto Pre Cost Flags NextHop Interface 1.5.1.0/24 Direct 0 0 D 1.5.1.1 Gigabitethernet3/0/0 1.5.1.1/32 Direct 0 0 D 127.0.0.1 InLoopBack0 1.6.1.0/24 BGP 255 0 D 10.1.1.2 Gigabitethernet1/0/0 BGP 255 0 D 10.2.1.2 Gigabitethernet2/0/0 10.1.1.0/30 Direct 0 0 D 10.1.1.1 Gigabitethernet1/0/0 10.1.1.1/32 Direct 0 0 D 127.0.0.1 InLoopBack0 10.1.1.2/32 Direct 0 0 D 10.1.1.2 Gigabitethernet1/0/0 10.2.1.0/30 Direct 0 0 D 10.2.1.1 Gigabitethernet2/0/0 10.2.1.1/32 Direct 0 0 D 127.0.0.1 InLoopBack0 10.2.1.2/32 Direct 0 0 D 10.2.1.2 Gigabitethernet2/0/0 10.3.1.0/30 BGP 255 0 D 10.1.1.2 Gigabitethernet1/0/0 10.3.1.1/32 BGP 255 0 D 10.2.1.2 Gigabitethernet2/0/0 10.3.1.2/32 BGP 255 0 D 10.1.1.2 Gigabitethernet1/0/0 10.4.1.0/30 BGP 255 0 D 10.2.1.2 Gigabitethernet2/0/0 10.4.1.1/32 BGP 255 0 D 10.1.1.2 Gigabitethernet1/0/0 10.4.1.2/32 BGP 255 0 D 10.2.1.2 Gigabitethernet2/0/0 127.0.0.0/8 Direct 0 0 D 127.0.0.1 InLoopBack0 127.0.0.1/32 Direct 0 0 D 127.0.0.1 InLoopBack0
Run the load-balance packet all command in the system view on the CE1. Then run the tracert command. You can find the packets are transmitted in packet-by-packet load balancing mode.
[CE1] tracert 1.6.1.1 traceroute to 1.6.1.1 (1.6.1.1) 30 hops max,40 bytes packet 1 10.1.1.2 280 ms 10.2.1.2 50 ms 10.1.1.2 60 ms 2 10.4.1.1 130 ms 10.3.1.1 150 ms 10.4.1.1 130 ms 3 10.3.1.2 190 ms 10.4.1.2 150 ms 10.3.1.2 160 ms
Run the display ip routing-table command on the CE2 devices. You can find the routes to the users that access the peer CE1. The next hop of the route is 10.4.1.1. The next hop is the IP address of the interface through which the PE4 accesses the CE2.
[CE2] display ip routing-table Route Flags: R - relied, D - download to fib -----------------------------------------------------------------------------Routing Tables: Public Destinations : 17 Routes : 17 Destination/Mask Proto Pre Cost Flags NextHop Interface 1.5.1.0/24 BGP 255 0 D 10.4.1.1 Gigabitethernet2/0/0 1.6.1.0/24 Direct 0 0 D 1.6.1.1 Gigabitethernet3/0/0 1.6.1.1/32 Direct 0 0 D 127.0.0.1 InLoopBack0 10.1.1.0/30 BGP 255 100 D 10.3.1.1 Gigabitethernet1/0/0 10.1.1.1/32 BGP 255 100 D 10.3.1.1 Gigabitethernet1/0/0
Issue 03 (2008-09-22)
3-221
Configuration Files
l
3-222
Issue 03 (2008-09-22)
Issue 03 (2008-09-22)
3-223
3-224
Issue 03 (2008-09-22)
Issue 03 (2008-09-22)
3-225
3-226
Issue 03 (2008-09-22)
3.21.16 Example for Configuring Load Balancing Among EBGP and IBGP Routes When CEs Are Dual-Homed
Networking Requirements
As shown in Figure 3-17, CE1 and CE2 belong to the same VPN instance. CE1 accesses the network respectively through PE3 in AS 100 and PE2 in AS 200. That is, CE1 is dual-homed to PE3 and PE2. CE2 accesses the network through PE1 in AS 100. The Inter-AS BGP/MPLS IP VPN is implemented using Option C so that load balancing can be implemented among EBGP and IBGP routes. Figure 3-17 Networking diagram of configuring load balancing among EBGP and IBGP routes when CEs are dual-homed
AS 65002 CE2
GE1/0/0 10.3.1.2/24
POS2/0/0 192.1.1.1/24
ASBR -PE1
POS1/0/0 172.1.1.2/24
PE2
PE1
POS2/0/0 192.2.1.1/24
POS2/0/0 192.2.1.2/24
PE3
GE1/0/0 10.1.1.1/24
GE1/0/0 10.1.1.2/24
Loopback1 5.5.5.9/32
AS 65001
CE1
Configuration Roadmap
The configuration roadmap is as follows: 1. Establish the MP-EBGP peer relationship between the PEs in different ASs. Since the PEs are generally not directly connected, you also need to configure the maximum hops between the PEs for them to set up an EBGP connection. Configure a routing policy on the ASBR PE: Allocate MPLS labels to the the routes received by the PE in the local AS before advertising the route to the remote ASBR PE; allocate new MPLS labels to the labeled IPv4 routes advertised to the PE in the local AS.
Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd. 3-227
2.
Issue 03 (2008-09-22)
3. 4. 5.
Configure the PEs to exchange the labeled IPv4 routes with the ASBR PEs in the local AS. Enable the capability of exchanging the labeled IPv4 routes between the local ASBR PE and the remote ASBR PE. In the BGP-VPN instance view of PE1, enable load balancing among EBGP and IBGP routes to CE1.
Data Preparation
To complete the configuration, you need the following data.
l l l l
MPLS LSR IDs of PEs and ASBR-PEs Names of VPN instance created on PEs, RD, and VPN target Routing policies configured on ASBR-PEs Maximum number of EBGP and IBGP routes that perform load balancing
Configuration Procedures
1. Configure IGP on the MPLS backbone networks in AS 100 and AS 200 to implement interconnection between PEs and ASBR-PEs in each MPLS backbone network. Take OSPF as an example. The detailed configuration procedure is not mentioned here.
NOTE
Advertise the IP address of the loopback interface used as the LSR-ID through OSPF.
After the configuration, the OSPF neighbor relationship can be established between the ASBR-PEs and the PEs in the same AS. Running the display ospf peer command, you can find that the neighbor status is Full. Take the display on PE2 as an example.
<PE2> display ospf peer OSPF Process 1 with Router ID 4.4.4.9 Neighbors Area 0.0.0.0 interface 162.1.1.1(Pos1/0/0)'s neighbors Router ID: 3.3.3.9 Address: 162.1.1.2 GR State: Normal State: Full Mode:Nbr is Master Priority: 1 DR: None BDR: None MTU: 0 Dead timer due in 31 sec Neighbor is up for 00:28:11 Authentication Sequence: [ 0 ]
The ASBR-PEs and the PEs in the same AS can learn the IP address of loopback1 from each other and ping through each other. 2. Configure basic MPLS functions and MPLS LDP on the MPLS backbone networks of AS 100 and AS 200 to establish LDP LSPs. For detailed procedures, see Example for Configuring Inter-AS VPN Option A. 3. Configure the IBGP peer relationship of between AS 100 and AS 200 in the the IPv4 address family view. For detailed configurations, see the following configuration files. 4. Configure the VPN instance on the PEs and configure the CEs to access the instances.
NOTE
VPN-Target attributes of the VPN instances of the PEs in different ASs must match each other.
3-228
Issue 03 (2008-09-22)
For detailed configurations, see the following configuration files. 5. Enable the capability of exchanging labeled IPv4 routes. For detailed configuration procedures, see Example for Configuring Inter-AS VPN Option C. 6. Establish the MP-EBGP peer relationship between PE1 and PE2. # Configure PE1.
[PE1] bgp 100 [PE1-bgp] peer 4.4.4.9 as-number 200 [PE1-bgp] peer 4.4.4.9 connect-interface LoopBack 1 [PE1-bgp] peer 4.4.4.9 ebgp-max-hop 10 [PE1-bgp] ipv4-family vpnv4 [PE1-bgp-af-vpnv4] peer 4.4.4.9 enable [PE1-bgp-af-vpnv4] quit [PE1-bgp] quit
# Configure PE2.
[PE2] bgp 200 [PE2-bgp] peer 1.1.1.9 as-number 100 [PE2-bgp] peer 1.1.1.9 connect-interface LoopBack 1 [PE2-bgp] peer 1.1.1.9 ebgp-max-hop 10 [PE2-bgp] ipv4-family vpnv4 [PE2-bgp-af-vpnv4] peer 1.1.1.9 enable [PE2-bgp-af-vpnv4] quit [PE2-bgp] quit
7.
Configure load balancing among EBGP and IBGP routes on PE1. # Configure PE1.
[PE1] bgp 100 [PE1-bgp] ipv4-family vpn-instance vpn3 [PE1-bgp-vpn3] load-balancing as-path-ignore [PE1-bgp-vpn3] maximum load-balancing eibgp 2 [PE1-bgp-vpn3] quit [PE1-bgp] quit
8.
Verify the configuration. After the preceding configurations, you can view that load balancing is performed among EBGP and IBGP routes on PE1.
<PE1> display ip routing-table vpn-instance vpn3 Route Flags: R - relay, D - download to fib -----------------------------------------------------------------------------Routing Tables: vpn3 Destinations : 9 Routes : 11 Destination/Mask 10.1.1.0/24 10.1.1.1/32 10.1.1.2/32 10.2.1.0/24 Proto BGP BGP BGP BGP BGP BGP BGP BGP Direct Pre 255 255 255 255 255 255 255 255 0 Cost 0 0 0 0 0 0 0 0 0 0 0 Flags NextHop RD RD RD RD RD RD RD RD D D D 5.5.5.9 4.4.4.9 4.4.4.9 5.5.5.9 5.5.5.9 4.4.4.9 5.5.5.9 4.4.4.9 10.3.1.1 127.0.0.1 10.3.1.2 Interface Pos2/0/0 Pos1/0/0 Pos1/0/0 Pos2/0/0 Pos2/0/0 Pos1/0/0 Pos2/0/0 Pos1/0/0 InLoopBack0
Configuration Files
l
Issue 03 (2008-09-22)
3-230
Issue 03 (2008-09-22)
Issue 03 (2008-09-22)
3-231
interface Pos2/0/0 link-protocol ppp ip address 192.1.1.2 255.255.255.0 mpls # interface LoopBack1 ip address 3.3.3.9 255.255.255.255 # bgp 200 peer 4.4.4.9 as-number 200 peer 4.4.4.9 connect-interface LoopBack1 peer 192.1.1.1 as-number 100 # ipv4-family unicast undo synchronization network 4.4.4.9 255.255.255.255 network 162.1.1.0 255.255.255.0 import-route direct peer 4.4.4.9 enable peer 4.4.4.9 route-policy policy4 export peer 4.4.4.9 label-route-capability peer 192.1.1.1 enable peer 192.1.1.1 route-policy policy3 export peer 192.1.1.1 label-route-capability # ospf 1 area 0.0.0.0 network 3.3.3.9 0.0.0.0 network 162.1.1.0 0.0.0.255 # route-policy policy3 permit node 1 apply mpls-label # route-policy policy4 permit node 1 if-match mpls-label apply mpls-label # return l
3-232
Issue 03 (2008-09-22)
Issue 03 (2008-09-22)
3-233
3-234
Issue 03 (2008-09-22)
vpn1 site
GE1/0/0 10.3.1.2/30
VPN backbone
PE
GE2/0/0 10.2.1.1/30
Link_A Link_B
GE1/0/0 10.2.1.2/30
RTA
GE2/0/0 10.4.1.2/30 GE2/0/0 10.4.1.1/30
GE3/0/0 10.5.1.1/24
CE2
Configuration Roadmap
The configuration roadmap is as follows: 1. 2. 3. 4. Enable the OSPF on every device. Configure vpn1 on PE, bind GE1/0/0 and GE2/0/0 with vpn1, and configure OSPF multiinstances. Configure the cost value on GE2/0/0 on PE and RTA to make OSPF choose link A preferentially. Configure the IP FRR of the private network on PE. When the IP FRR is unnecessary; run the undo ip frr command to disable the action.
Data Preparation
To complete the configuration, you need the following data:
l
On PE, the VPN instance name is vpn1, route-distinguisher is 100:1 and VPN-target is 111:1. Enable area0 and area1 of OSPF. The cost value of GE2/0/0 on PE and RTA is 100.
Configuration Procedure
1. 2. Configure the IP address on every interface (omitted). Configure OSPF on CE1, CE2 and RTA (omitted). After the configuration, CE1, CE2, and RTA can learn the interface addresses from each other. Take CE1 as an example:
<CE1> display ip routing-table Route Flags: R - relied, D - download to fib -----------------------------------------------------------------------------Routing Tables: Public Destinations : 9 Routes : 9 Destination/Mask Proto Pre Cost Flags NextHop Interface 10.1.1.0/30 Direct 0 0 D 10.1.1.2 GigabitEthernet1/0/0 10.1.1.2/32 Direct 0 0 D 127.0.0.1 InLoopBack0 10.3.1.0/30 Direct 0 0 D 10.3.1.1 GigabitEthernet2/0/0 10.3.1.1/32 Direct 0 0 D 127.0.0.1 InLoopBack0
Issue 03 (2008-09-22)
3-235
3.
Configure VPN instance and OSPF multi-instance on PE. # Configure vpn1 on PE and bind GE 1/0/0 and GE 2/0/0 on vpn1.
<PE> system-view [PE] ip vpn-instance vpn1 [PE-vpn-instance-vpn1] route-distinguisher 100:1 [PE-vpn-instance-vpn1] vpn-target 111:1 [PE-vpn-instance-vpn1] quit [PE] interface gigabitethernet 1/0/0 [PE-GigabitEthernet1/0/0] ip binding vpn-instance vpn1 [PE-GigabitEthernet1/0/0] ip address 10.1.1.1 30 [PE-GigabitEthernet1/0/0] quit [PE] interface gigabitethernet 2/0/0 [PE-GigabitEthernet2/0/0] ip binding vpn-instance vpn1 [PE-GigabitEthernet2/0/0] ip address 10.2.1.1 30 [PE-GigabitEthernet2/0/0] quit
4.
Configure the cost value on the OSPF interface. # Configure the cost value on GigabitEthernet 2/0/0 of PE to enable OSPF to choose the link A preferentially.
[PE] interface gigabitethernet 2/0/0 [PE-GigabitEthernet2/0/0] ospf cost 100 [PE-GigabitEthernet2/0/0] quit
# Configure the cost value on GigabitEthernet 2/0/0 of RTA to make OSPF choose the link A preferentially.
[RTA] interface gigabitethernet 2/0/0 [RTA-GigabitEthernet2/0/0] ospf cost 100 [RTA-GigabitEthernet2/0/0] quit
5.
Configure a routing policy. # Configure the routing policy on PE and the backup next hop and backup egress, and configure an if-match clause to limit the application scope.
[PE] ip ip-prefix [PE] route-policy [PE-route-policy] [PE-route-policy] [PE-route-policy] [PE-route-policy] frr1 permit 10.5.1.1 24 ip_frr_rp permit node 10 if-match ip-prefix frr1 apply backup-nexthop 10.2.1.2 apply backup-interface gigabitethernet2/0/0 quit
6.
# Check information about the backup egress and the backup next hop.
<PE> display ip routing-table vpn-instance vpn1 10.5.1.0 verbose Routing Table : vpn1 Summary Count : 1 Destination: 10.5.1.0/24 Protocol: OSPF Process ID: 1 Preference: 10 Cost: 3
3-236
Issue 03 (2008-09-22)
7.
Run the undo ip frr command to disable the IP FRR when it is unnecessary.
[PE] ip vpn-instance vpn1 [PE-vpn-instance-vpn1] undo ip frr
8.
Check information about the backup egress and the backup next hop after disabling the IP FRR.
<PE> display ip routing-table vpn-instance vpn1 10.5.1.0 verbose Routing Table : vpn1 Summary Count : 1 Destination: 10.5.1.0/24 Protocol: OSPF Process ID: 1 Preference: 10 Cost: 3 NextHop: 10.1.1.2 Neighbour: 0.0.0.0 State: Active Adv Age: 00h49m33s Tag: 0 Priority: 0 Label: NULL QoSInfo: 0x0 RelayNextHop: 0.0.0.0 Interface: GigabitEthernet1/0/0 TunnelID: 0x0
Configuration Files
l
Configuration file of PE
# sysname PE # ip vpn-instance vpn1 route-distinguisher 100:1 ip frr route-policy ip_frr_rp vpn-target 111:1 export-extcommunity vpn-target 111:1 import-extcommunity # interface GigabitEthernet1/0/0 ip binding vpn-instance vpn1 ip address 10.1.1.1 255.255.255.252 # interface GigabitEthernet2/0/0 ip binding vpn-instance vpn1 ip address 10.2.1.1 255.255.255.252 ospf cost 100 # ospf 1 vpn-instance vpn1 area 0.0.0.0 network 10.1.1.0 0.0.0.3 network 10.2.1.0 0.0.0.3 # ip ip-prefix frr1 permit 10.5.1.1 24 # route-policy ip_frr_rp permit node 10 if-match ip-prefix frrl apply backup-nexthop 10.2.1.2 apply backup-interface GigabitEthernet2/0/0 # return
Issue 03 (2008-09-22)
3-237
3-238
Issue 03 (2008-09-22)
VPN backbone
PE2
PE1
POS3/0/0 100.2.1.1/30
CE Link_B
POS1/0/0 100.2.1.2/30 GE2/0/0 10.2.1.2/30 GE2/0/0 10.2.1.1/30
PE3
Loopback1 3.3.3.3/32
Configuration Roadmap
The configuration roadmap is as follows: 1. 2. 3. 4. 5. Configure OSPF on the MPLS backbone (PE1, PE2 and PE3) to realize the backbone interconnection. Configure the basic MPLS function on the MPLS backbone and enable the MPLS LDP to set up an LSP. Configure the VPN instances on every PE device (PE1, PE2 and PE3), and connect CE1 with PE2 and PE3. Establish the EBGP peers between PE and CE1. Import the VPN routing and establish the MP-IBGP peers among PEs. Configure the VPN FRR routing policy on PE1. Configure the backup nexthop. Enable the VPN FRR. When the VPN FRR is unnecessary; run the undo vpn frr command to disable the action.
Data Preparation
To complete the configuration, you need the following data:
l
The number of the AS where the PE devices are located is 100. The number of the AS where the CE device is located is 65410. The names of the VPN instances on the PE devices. The name of the routing policy on the PE1 and the name of the IP prefix are configured.
l l
Configuration Procedure
1. 2. 3. Configure the IP address on every interface (omitted). Configure OSPF on the MPLS backbone to realize the interconnection of the PEs on backbone (omitted). Configure the MPLS and MPLS LDP on the MPLS backbone, and establish the LDP LSP. # Configure the PE1.
<PE1> system-view
Issue 03 (2008-09-22)
3-239
Run the display mpls lsp command on the PEs. You can view the LSPs between PE1 and PE2, and between PE1 and PE3 are established. Take PE1 as an example:
[PE1] display mpls lsp ---------------------------------------------------------------------LSP Information: LDP LSP ---------------------------------------------------------------------FEC In/Out Label In/Out IF Vrf Name 3.3.3.3/32 NULL/3 -/P3/0/0 1.1.1.1/32 3/NULL -/100.1.1.0/30 3/NULL -/3.3.3.3/32 1024/3 -/P3/0/0 100.2.1.0/30 3/NULL -/2.2.2.2/32 NULL/3 -/P2/0/0 2.2.2.2/32 1025/3 -/P2/0/0
4.
Configure the VPN instances on the PE devices and connect the CE with the PE2 and PE3. # Configure the PE1.
[PE1] ip vpn-instance vpn1 [PE1-vpn-instance-vpn1] route-distinguisher 100:1 [PE1-vpn-instance-vpn1] vpn-target 111:1 [PE1-vpn-instance-vpn1] quit
3-240
Issue 03 (2008-09-22)
[PE2-vpn-instance-vpn1] vpn-target 111:1 [PE2-vpn-instance-vpn1] quit [PE2] interface gigabitethernet2/0/0 [PE2-GigabitEthernet2/0/0] ip binding vpn-instance vpn1 [PE2-GigabitEthernet2/0/0] ip address 10.1.1.2 30 [PE2-GigabitEthernet2/0/0] quit
5.
Import VPN routes on all PEs. Set up EBGP peer between PE2 and CE, between PE3 and CE. # Configure the PE1.
[PE1] bgp 100 [PE1-bgp] ipv4-family vpn-instance vpn1 [PE1-bgp-vpn1] import-route direct [PE1-bgp-vpn1] quit
After the configuration, run the display bgp vpnv4 all peer command on the PEs. You can view that the EBGP peer is established between the PEs and the CEs, and the peer status is "Established". Take PE2 as an example:
[PE2] display bgp vpnv4 all peer BGP local router ID : 2.2.2.2 Local AS number : 100 Total number of peers : 2 Peer V AS MsgRcvd Peer of vpn instance : vpn instance vpn1 : 10.1.1.1 4 65410 46
MsgSent 46
6.
Establish the MP-IBGP peers among the PEs. # Configure the PE1.
[PE1] bgp 100 [PE1-bgp] peer 2.2.2.2 as-number 100 [PE1-bgp] peer 2.2.2.2 connect-interface loopback 1
Issue 03 (2008-09-22)
3-241
[PE1-bgp] peer 3.3.3.3 as-number 100 [PE1-bgp] peer 3.3.3.3 connect-interface loopback 1 [PE1-bgp] ipv4-family vpnv4 [PE1-bgp-af-vpnv4] peer 2.2.2.2 enable [PE1-bgp-af-vpnv4] peer 3.3.3.3 enable [PE1-bgp-af-vpnv4] quit
After the configuration, run the display bgp vpnv4 all peer command on the PEs. You can view that the MP-IBGP peer is established between the PEs, and the peer status is "Established". Take PE1 as an example:
[PE1] display bgp vpnv4 all peer BGP local router ID : 1.1.1.1 Local AS number : 100 Total number of peers : 2 Peer V AS MsgRcvd 2.2.2.2 4 100 20 3.3.3.3 4 100 24
MsgSent 17 19
Peers in established state : 2 OutQ Up/Down State PrefRcv 0 00:13:26 Established 5 0 00:17:18 Established 5
7.
8.
Check the information about the backup next hop, the backup label and the backup Tunnel ID.
<PE1> display ip routing-table vpn-instance vpn1 10.3.1.0 verbose Routing Table : vpn1 Summary Count : 2 Destination: 10.3.1.0/24 Protocol: BGP Process ID: 0 Preference: 255 Cost: 0 NextHop: 3.3.3.3 Neighbour: 3.3.3.3 State: Inactive Adv GotQ Age: 00h17m56s Tag: 0 Priority: 0 Label: 15362 QoSInfo: 0x0 RelayNextHop: 0.0.0.0 Interface: Pos3/0/0 TunnelID: 0x6002000 Destination: 10.3.1.0/24 Protocol: BGP Process ID: 0 Preference: 255 Cost: 0 NextHop: 2.2.2.2 Neighbour: 2.2.2.2 State: Active Adv GotQ Age: 00h15m06s Tag: 0 Priority: 0
3-242
Issue 03 (2008-09-22)
9.
Run the undo vpn frr command to disable VPN FRR when it is unnecessary.
[PE1] ip vpn-instance vpn1 [PE1-vpn-instance-vpn1] undo vpn frr [PE1-vpn-instance-vpn1] quit
After disabling VPN FRR, check information about the backup next hop, the backup label and the backup Tunnel ID.
<PE1> display ip routing-table vpn-instance vpn1 10.3.1.0 verbose Routing Table : vpn1 Summary Count : 2 Destination: 10.3.1.0/24 Protocol: BGP Process ID: 0 Preference: 255 Cost: 0 NextHop: 3.3.3.3 Neighbour: 3.3.3.3 State: Inactive Adv GotQ Age: 00h19m05s Tag: 0 Priority: 0 Label: 15362 QoSInfo: 0x0 RelayNextHop: 0.0.0.0 Interface: Pos3/0/0 TunnelID: 0x6002000 Destination: 10.3.1.0/24 Protocol: BGP Process ID: 0 Preference: 255 Cost: 0 NextHop: 2.2.2.2 Neighbour: 2.2.2.2 State: Active Adv GotQ Age: 00h00m10s Tag: 0 Priority: 0 Label: 15361 QoSInfo: 0x0 RelayNextHop: 0.0.0.0 Interface: Pos2/0/0 TunnelID: 0x6002002
Configuration Files
l
Issue 03 (2008-09-22)
3-243
# bgp 100 peer 2.2.2.2 as-number 100 peer 2.2.2.2 connect-interface LoopBack1 peer 3.3.3.3 as-number 100 peer 3.3.3.3 connect-interface LoopBack1 # ipv4-family unicast undo synchronization peer 2.2.2.2 enable peer 3.3.3.3 enable # ipv4-family vpnv4 policy vpn-target peer 2.2.2.2 enable peer 3.3.3.3 enable # ipv4-family vpn-instance vpn1 import-route direct # ospf 1 area 0.0.0.0 network 100.1.1.0 0.0.0.3 network 100.2.1.0 0.0.0.3 network 1.1.1.1 0.0.0.0 # ip ip-prefix vpn_frr_list permit 2.2.2.2 32 # route-policy vpn_frr_rp permit node 10 if-match ip next-hop ip-prefix vpn_frr_list apply backup-nexthop 3.3.3.3 # return l
3-244
Issue 03 (2008-09-22)
Issue 03 (2008-09-22)
3-245
PE1
PE2
CE1
CE2
Configuration Roadmap
The configuration roadmap is as follows: 1. 2. 3. 4. 5.
3-246
Configure the BGP/MPLS IP VPN. Configure the IGP GR of the backbone network. Configure the MPLS LDP GR of the backbone network. Configure the GR of the routing protocol between the PE and the CE. Configure the BGP GR.
Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd. Issue 03 (2008-09-22)
Data Preparation
To complete the configuration, you need the following data:
l l
Name of the VPN instance, RD and VPN Target attribute Interval for re-establishing the GR session of IS-IS (In this example, the default value 300 seconds is adopted.) The reconnection time of the MPLS LDP session (In this example, the default value 300 seconds is adopted) and the validity period of the MPLS LDP session (In this example, the default value 600 seconds is adopted.) Maximum time of re-establishing the GR session (In this example, the default value 150 seconds is adopted.) Time of waiting for the End-of-Rib (In this example, the default value 600 seconds is adopted.) Data for running the routing protocol between the PE and the CE (In this example, BGP is run between CE1 and PE1, and the OSPF multi-instance is run between CE2 and PE2.) Data for running IGP on the backbone network (In this example, IS-IS is adopted.)
Configuration Procedure
1. Configure the BGP/MPLS IP VPN. IS-IS is adopted as the IGP protocol on the backbone network, enable LDP between PE1 and PE2 and establish the MP-IBGP peer relationship. # Configure PE1.
<Quidway> system-view [Quidway] sysname PE1 [PE1] interface loopback 1 [PE1-LoopBack1] ip address 1.1.1.9 32 [PE1-LoopBack1] quit [PE1] mpls lsr-id 1.1.1.9 [PE1] mpls [PE1-mpls] lsp-trigger all [PE1-mpls] quit [PE1] mpls ldp [PE1-mpls-ldp] quit [PE1] isis 1 [PE1-isis-1] network-entity 10.0000.0000.0001.00 [PE1-isis-1] quit [PE1] interface loopback 1 [PE1-LoopBack1] isis enable 1 [PE1-LoopBack1] quit [PE1] interface pos 2/0/0 [PE1-Pos2/0/0] ip address 100.1.1.1 30 [PE1-Pos2/0/0] isis enable 1 [PE1-Pos2/0/0] mpls [PE1-Pos2/0/0] mpls ldp [PE1-Pos2/0/0] quit [PE1] bgp 100 [PE1-bgp] peer 3.3.3.9 as-number 100 [PE1-bgp] peer 3.3.3.9 connect-interface loopback 1 [PE1-bgp] ipv4-family vpnv4 [PE1-bgp-af-vpnv4] peer 3.3.3.9 enable [PE1-bgp-af-vpnv4] quit [PE1-bgp] quit
# Configure P.
<Quidway> system-view [Quidway] sysname P [P] interface loopback 1
Issue 03 (2008-09-22)
3-247
[P-LoopBack1] ip address 2.2.2.9 32 [P-LoopBack1] quit [P] mpls lsr-id 2.2.2.9 [P] mpls [P-mpls] lsp-trigger all [P-mpls] quit [P] mpls ldp [P-mpls-ldp] quit [P] isis 1 [P-isis-1] network-entity 10.0000.0000.0002.00 [P-isis-1] quit [P] interface loopback 1 [P-LoopBack1] isis enable 1 [P-LoopBack1] quit [P] interface pos 1/0/0 [P-Pos1/0/0] ip address 100.1.1.2 30 [P-Pos1/0/0] isis enable 1 [P-Pos1/0/0] mpls [P-Pos1/0/0] mpls ldp [P-Pos1/0/0] quit [P] interface pos 2/0/0 [P-Pos2/0/0] ip address 100.2.1.1 30 [P-Pos2/0/0] isis enable 1 [P-Pos2/0/0] mpls [P-Pos2/0/0] mpls ldp [P-Pos2/0/0] quit
# Configure PE2.
<Quidway> system-view [Quidway] sysname PE2 [PE2] interface loopback 1 [PE2-LoopBack1] ip address 3.3.3.9 32 [PE2-LoopBack1] quit [PE2] mpls lsr-id 3.3.3.9 [PE2] mpls [PE2-mpls] lsp-trigger all [PE2-mpls] quit [PE2] mpls ldp [PE2-mpls-ldp] quit [PE2] isis 1 [PE2-isis-1] network-entity 10.0000.0000.0003.00 [PE2-isis-1] quit [PE2] interface loopback 1 [PE2-LoopBack1] isis enable 1 [PE2-LoopBack1] quit [PE2] interface pos 1/0/0 [PE2-Pos1/0/0] ip address 100.2.1.2 30 [PE2-Pos1/0/0] isis enable 1 [PE2-Pos1/0/0] mpls [PE2-Pos1/0/0] mpls ldp [PE2-Pos1/0/0] quit [PE2] bgp 100 [PE2-bgp] peer 1.1.1.9 as-number 100 [PE2-bgp] peer 1.1.1.9 connect-interface loopback 1 [PE2-bgp] ipv4-family vpnv4 [PE2-bgp-af-vpnv4] peer 1.1.1.9 enable [PE2-bgp-af-vpnv4] quit [PE2-bgp] quit
After the configuration, running the display mpls ldp session command on PE1 or PE2, you can view that the LDP session is set up with the status as Operational. Running the display bgp vpnv4 all peer command, you can view that peer relationship of BGP is set up with the status as Established. Running the display isis peer command, you can view that the adjacency relationship is set up with the status as Up. 2. Configure a VPN instance and configure it to access the CE.
3-248
Issue 03 (2008-09-22)
Configure a VPN instance vpn1 on PE1 and configure it to access the CE1. Configure a VPN instance vpn1 on PE2 and configure it to access the CE2. Configure BGP between CE1 and PE1 and configure OSPF between CE2 and PE2. # Configure CE1.
<Quidway> system-view [Quidway] sysname CE1 [CE1] interface pos 1/0/0 [CE1-Pos1/0/0] ip address 10.1.1.1 30 [CE1-Pos1/0/0] quit [CE1] bgp 65410 [CE1-bgp] peer 10.1.1.2 as-number 100 [CE1-bgp] import-route direct [CE1-bgp] quit
# Configure PE1.
[PE1] ip vpn-instance vpn1 [PE1-vpn-instance-vpn1] route-distinguisher 100:1 [PE1-vpn-instance-vpn1] vpn-target 111:1 [PE1-vpn-instance-vpn1] quit [PE1] interface pos 1/0/0 [PE1-Pos1/0/0] ip binding vpn-instance vpn1 [PE1-Pos1/0/0] ip address 10.1.1.2 30 [PE1-Pos1/0/0] quit [PE1] bgp 100 [PE1-bgp] ipv4-family vpn-instance vpn1 [PE1-bgp-vpn1] peer 10.1.1.1 as-number 65410 [PE1-bgp-vpn1] import-route direct [PE1-bgp-vpn1] quit [PE1-bgp] quit
# Configure PE2.
[PE2] ip vpn-instance vpn1 [PE2-vpn-instance-vpn1] route-distinguisher 100:2 [PE2-vpn-instance-vpn1] vpn-target 111:1 [PE2-vpn-instance-vpn1] quit [PE2] interface pos 2/0/0 [PE2-Pos2/0/0] ip binding vpn-instance vpn1 [PE2-Pos2/0/0] ip address 10.2.1.2 30 [PE2-Pos2/0/0] quit [PE2] ospf 2 vpn-instance vpn1 [PE2-ospf-2] area 0 [PE2-ospf-2-area-0.0.0.0] network 10.2.1.0 0.0.0.3 [PE2-ospf-2-area-0.0.0.0] quit [PE2-ospf-2] import-route bgp [PE2-ospf-2] quit [PE2] bgp 100 [PE2-bgp] ipv4-family vpn-instance vpn1 [PE2-bgp-vpn1] import-route ospf 2 [PE2-bgp-vpn1] import-route direct [PE2-bgp-vpn1] quit [PE2-bgp] quit
# Configure CE2.
<Quidway> system-view [Quidway] sysname CE2 [CE2] interface pos 1/0/0 [CE2-Pos1/0/0] ip address [CE2-Pos1/0/0] quit [CE2] ospf 2 [CE2-ospf-2] area 0 [CE2-ospf-2-area-0.0.0.0] [CE2-ospf-2-area-0.0.0.0] [CE2-ospf-2] import-route [CE2-ospf-2] quit
10.2.1.1 30
After the configuration of the BGP/MPLS IP VPN, CE1 and CE2 can communicate. 3.
Issue 03 (2008-09-22)
Configure the IGP GR on PE1, P and PE2 on the backbone network. # Configure PE1.
[PE1] isis 1 [PE1-isis-1] graceful-restart [PE1-isis-1] quit
# Configure P.
[P] isis 1 [P-isis-1] graceful-restart [P-isis-1] quit
# Configure PE2.
[PE2] isis 1 [PE2-isis-1] graceful-restart [PE2-isis-1] quit
Running the display isis graceful-restart status command on PE1, P and PE2 on the backbone network, you can view that the configuration of the IS-IS GR succeeds. Take the display of PE1 as an example:
[PE1] display isis graceful-restart status Restart information for ISIS(1) ------------------------------IS-IS(1) Level-1 Restart Status Restart Interval: 300 SA Bit Supported Total Number of Interfaces = 2 Restart Status: RESTART COMPLETE IS-IS(1) Level-2 Restart Status Restart Interval: 300 SA Bit Supported Total Number of Interfaces = 2 Restart Status: RESTART COMPLETE
4.
Configure the MPLS LDP GR on the backbone network. Configure the MPLS LDP GR on PE1, P and PE2 on the backbone network. # Configure PE1.
[PE1] mpls ldp [PE1-mpls-ldp] graceful-restart [PE1-mpls-ldp] quit
# Configure P.
[P] mpls ldp [P-mpls-ldp] graceful-restart [P-mpls-ldp] quit
# Configure PE2.
[PE2] mpls ldp [PE2-mpls-ldp] graceful-restart [PE2-mpls-ldp] quit
5.
Configure the GR of the routing protocol between the PE and the CE. Configure the BGP GR on PE1 and CE1 and configure the OSPF GR on PE2 and the CE2. # Configure PE1.
[PE1] bgp 100 [PE1-bgp] graceful-restart [PE1-bgp] quit
# Configure CE1.
[CE1] bgp 65410 [CE1-bgp] graceful-restart [CE1-bgp] quit
# Configure PE2.
3-250 Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd. Issue 03 (2008-09-22)
# Configure CE2.
[CE2] ospf 2 [CE2-ospf-2] [CE2-ospf-2] [CE2-ospf-2] [CE2-ospf-2] enable link-local-signaling enable out-of-band-resynchronization graceful-restart quit
Running the display ospf brief command on PE2 or CE2, you can view that the configuration of the OSPF GR succeeds. Take the display of PE2 as an example:
[PE2] display ospf brief OSPF Process 2 with Router ID 10.2.1.2 OSPF Protocol Information RouterID: 10.2.1.2 Border Router: AREA Route Tag: 3489661028 PE Device, Multi-VPN-Instance is enabled Link-local signaling capable Out-of-band resynchronize capable Graceful restart capable Graceful restart Helper filter capable, filter: Applications Supported: MPLS Traffic-Engineering Spf-schedule-interval: 5 Default ASE parameters: Metric: 1 Tag: 1 Type: 2 Route Preference: 10 ASE Route Preference: 150 SPF Computation Count: 6 RFC 1583 Compatible Area Count: 1 Nssa Area Count: 0 ExChange/Loading Neighbors: 0 Area: 0.0.0.0 (MPLS TE not enabled) Authtype: None Area flag: Normal SPF scheduled Count: 6 ExChange/Loading Neighbors: 0 Interface: 10.2.1.2 (Pos2/0/0) --> 10.2.1.1 Cost: 1 State: P-2-P Type: PTP MTU: Timers: Hello 10, Dead 40, Poll 120, Retransmit
AS
No Filter
6.
Configure the BGP GR on the PE. After the BGP GR is configured on PE1 in Step 5, configure the BGP GR on PE2. # Configure PE2.
[PE2] bgp 100 [PE2-bgp] graceful-restart [PE2-bgp] quit
Run the display bgp vpnv4 all peer verbose command on PE1, you can view that the configurations of the IBGP GR between PE1 and PE2 and the EBGP GR between PE1 and CE1 succeed.
[PE1] display bgp vpnv4 all peer verbose Peer: 3.3.3.9 Local: 1.1.1.9 Type: IBGP link BGP version 4, remote router ID 3.3.3.9 BGP current state: Established, Up for 00h23m47s BGP current event: RecvKeepalive BGP last state: OpenConfirm Port: Local - 52845 Remote - 179 Configured: Active Hold Time: 180 sec Keepalive Time:60 sec Received : Active Hold Time: 180 sec Negotiated: Active Hold Time: 180 sec Keepalive Time:60 sec Peer optional capabilities: Peer supports bgp multi-protocol extension
Issue 03 (2008-09-22)
3-251
Peer supports bgp route refresh capability Graceful Restart Capability: advertised and received Restart Timer Value received from Peer: 150 seconds GR Capability received from Peer for following Address families: IPv4 Unicast (Forwarding State) VPNv4 (Forwarding State) Address family IPv4 Unicast: advertised and received Address family VPNv4: advertised and received Received: Total 32 messages, Update messages 4 Sent: Total 33 messages, Update messages 4 Minimum time between advertisement runs is 15 seconds Optional capabilities: Route refresh capability has been enabled Connect-interface has been configured Peer Preferred Value: 0 Routing policy configured: No routing policy is configured VPN instance: vpn1 Peer: 10.1.1.1 Local: 1.1.1.9 Type: EBGP link BGP version 4, remote router ID 10.1.1.1 BGP current state: Established, Up for 00h43m05s BGP current event: KATimerExpired BGP last state: OpenConfirm Port: Local - 50390 Remote - 179 Configured: Active Hold Time: 180 sec Keepalive Time:60 sec Received : Active Hold Time: 180 sec Negotiated: Active Hold Time: 180 sec Keepalive Time:60 sec Peer optional capabilities: Peer supports bgp multi-protocol extension Peer supports bgp route refresh capability Graceful Restart Capability: advertised and received Restart Timer Value received from Peer: 150 seconds GR Capability received from Peer for following Address families: IPv4 Unicast (Forwarding State) Address family IPv4 Unicast: advertised and received Received: Total 58 messages, Update messages 3 Sent: Total 64 messages, Update messages 6 Minimum time between advertisement runs is 30 seconds Optional capabilities: Route refresh capability has been enabled Peer Preferred Value: 0 Routing policy configured: No routing policy is configured
7.
Verify the Configuration. # Run the display switchover state command on PE1 to view the SMB status and the display is as follows:
Info:HA FSM State, Realtime and routine backup.
Performing the AMB/SMB switchover on PE1, you can find communication between the CE site and the CE2 site is not interrupted.
[PE1] slave switchover Caution!!! Confirm switch slave to master[Y/N]?y
NOTE
On CE1, PE1, PE2 and CE2, if two or more neighboring devices perform the AMB/SMB switchover at the same time, the traffic may be broken.
Configuration Files
l
3-252
Issue 03 (2008-09-22)
Configuration file of P
# sysname P # mpls lsr-id 2.2.2.9 mpls lsp-trigger all # mpls ldp graceful-restart # isis 1 network-entity 10.0000.0000.0002.00 graceful-restart # interface Pos1/0/0 link-protocol ppp ip address 100.1.1.2 255.255.255.252 isis enable 1 mpls mpls ldp # interface Pos2/0/0 link-protocol ppp
Issue 03 (2008-09-22)
3-253
3-254
Issue 03 (2008-09-22)
Issue 03 (2008-09-22)
3-255
RR1
POS1/0/0 100.1.2.2/24 POS1/0/0 100.1.2.1/24 Loopback1 1.1.1.9/32
RR2
POS2/0/0 100.3.4.1/24 POS1/0/0 100.3.4.2/24 Loopback1 4.4.4.9/32
AS100
POS3/0/0 100.1.3.2/24
PE1
PE2
AS65420
In Figure 3-21:
l l
PE1, PE2, RR1 and RR2 are located within the backbone network AS100. CE1 and CE2 belong to the vpna.
Configuration Roadmap
The configuration roadmap is as follows: 1. 2. 3. 4. 5. Set up the MP-IBGP connection between the PE and the reflectors. (There is no need to set up the MP-IBGP connection between PEs.) Set up the EBGP connection between the PE and the CE. Configure the MPLS LSP on the public network tunnel and enable the MPLS LDP on the devices and interfaces along LSP. Configure the RR1 and RR2 to back up each other and configure the same reflector ID on them. Configure the RR1 and RR2 to restore all the VPNv4 routing information. Configure the ASBR-PE to receive all the VPNv4 routing information and not to filter the routing information according to the VPN-target.
NOTE
There must be at least two paths without shared network segments and nodes between the P device that works as the reflector and the PE device.
Data Preparation
To configure the double reflectors, you need the data for the VPN and BGP configuration.
3-256
Issue 03 (2008-09-22)
Configuration Procedure
1. Configure IGP on the MPLS backbone network to interconnect the devices along the LSP In this example, OSPF is adopted and the detailed configuration is not mentioned here.
NOTE
After the configuration, the devices along the LSP can learn the address of the loopback interface of each other. Consider the display on the PE1 as an example.
<PE1> display ip routing-table Route Flags: R - relied, D - download to fib -----------------------------------------------------------------------------Routing Tables: Public Destinations : 15 Routes : 17 Destination/Mask Proto Pre Cost Flags NextHop Interface 1.1.1.9/32 Direct 0 0 D 127.0.0.1 InLoopBack0 2.2.2.9/32 OSPF 10 2 D 100.1.2.2 Pos1/0/0 3.3.3.9/32 OSPF 10 2 D 100.1.3.2 Pos3/0/0 4.4.4.9/32 OSPF 10 3 D 100.1.3.2 Pos3/0/0 OSPF 10 3 D 100.1.2.2 Pos1/0/0 100.1.2.0/24 Direct 0 0 D 100.1.2.1 Pos1/0/0 100.1.2.1/32 Direct 0 0 D 127.0.0.1 InLoopBack0 100.1.2.2/32 Direct 0 0 D 100.1.2.2 Pos1/0/0 100.1.3.0/24 Direct 0 0 D 100.1.3.1 Pos3/0/0 100.1.3.1/32 Direct 0 0 D 127.0.0.1 InLoopBack0 100.1.3.2/32 Direct 0 0 D 100.1.3.2 Pos3/0/0 100.2.3.0/24 OSPF 10 2 D 100.1.3.2 Pos3/0/0 OSPF 10 2 D 100.1.2.2 Pos1/0/0 100.2.4.0/24 OSPF 10 2 D 100.1.2.2 Pos1/0/0 100.3.4.0/24 OSPF 10 2 D 100.1.3.2 Pos3/0/0 127.0.0.0/8 Direct 0 0 D 127.0.0.1 InLoopBack0 127.0.0.1/32 Direct 0 0 D 127.0.0.1 InLoopBack0
2.
Set up the LSP tunnel on the MPLS backbone network. Enable MPLS and the MPLS LDP on the devices and interfaces along the LSP. The detailed configuration is not mentioned here. After the configuration, run the display mpls ldp session command on the PE and RR. You can see that the "Session State" is "Operational" in the display. Consider the display on the PE1 and the RR1 as examples.
[PE1] display mpls ldp session LDP Session(s) in Public Network ---------------------------------------------------------------------Peer-ID Status LAM SsnRole SsnAge KA-Sent/Rcv ---------------------------------------------------------------------2.2.2.9:0 Operational DU Passive 000:00:01 8/8 3.3.3.9:0 Operational DU Passive 000:00:00 4/4 ---------------------------------------------------------------------TOTAL: 2 session(s) Found. LAM : Label Advertisement Mode SsnAge Unit : DDD:HH:MM [RR1] display mpls ldp session LDP Session(s) in Public Network ---------------------------------------------------------------------Peer-ID Status LAM SsnRole SsnAge KA-Sent/Rcv ---------------------------------------------------------------------1.1.1.9:0 Operational DU Active 000:00:02 11/11 3.3.3.9:0 Operational DU Passive 000:00:01 8/8 4.4.4.9:0 Operational DU Passive 000:00:00 4/4 ---------------------------------------------------------------------TOTAL: 3 session(s) Found. LAM : Label Advertisement Mode SsnAge Unit : DDD:HH:MM
3.
Issue 03 (2008-09-22)
For the detailed configuration, see Example for Configuring BGP/MPLS IP VPN. 4. Setting up the EBGP peer relationship between the PE and the CE and importing the VPN route For the detailed configuration, see Example for Configuring BGP/MPLS IP VPN. 5. Setting up the MP-IBGP peer relationship between the PE and the reflectors # Configure PE1.
<PE1> system-view [PE1] bgp 100 [PE1-bgp] peer 2.2.2.9 as-number 100 [PE1-bgp] peer 2.2.2.9 connect-interface loopback 1 [PE1-bgp] peer 3.3.3.9 as-number 100 [PE1-bgp] peer 3.3.3.9 connect-interface loopback 1 [PE1-bgp] ipv4-family vpnv4 [PE1-bgp-af-vpnv4] peer 2.2.2.9 enable [PE1-bgp-af-vpnv4] peer 3.3.3.9 enable [PE1-bgp-af-vpnv4] quit
# Configure RR1.
<RR1> system-view [RR1] bgp 100 [RR1-bgp] group rr1 internal [RR1-bgp] peer rr1 connect-interface loopback 1 [RR1-bgp] ipv4-family vpnv4 [RR1-bgp-af-vpnv4] peer rr1 enable [RR1-bgp-af-vpnv4] peer 1.1.1.9 group rr1 [RR1-bgp-af-vpnv4] peer 3.3.3.9 group rr1 [RR1-bgp-af-vpnv4] peer 4.4.4.9 group rr1 [RR1-bgp-af-vpnv4] quit [RR1-bgp] quit
# Configure RR2.
<RR2> system-view [RR2] bgp 100 [RR2-bgp] group rr2 internal [RR2-bgp] peer rr2 connect-interface loopback 1 [RR2-bgp] ipv4-family vpnv4 [RR2-bgp-af-vpnv4] peer rr2 enable [RR2-bgp-af-vpnv4] peer 1.1.1.9 group rr2 [RR2-bgp-af-vpnv4] peer 2.2.2.9 group rr2 [RR2-bgp-af-vpnv4] peer 4.4.4.9 group rr2 [RR2-bgp-af-vpnv4] quit [RR2-bgp] quit
# Configure PE2. The configuration of PE2 is similar to that of PE1 and is not mentioned here. After the configuration, run the display bgp vpnv4 all peer command on the PE device. You can see that the IBGP peer relationship is set up between the PE and the reflectors. The status of the relationship is "Established". The EBGP peer relationship has been set up between the PE and the CE. Consider the display on the PE1 and RR1 as examples.
<PE1> display bgp vpnv4 all peer BGP local router ID : 1.1.1.9 Local AS number : 100 Total number of peers : 3 Peers in established state : 3 Peer V AS MsgRcvd MsgSent OutQ Up/Down State PrefRcv 2.2.2.9 4 100 2 4 0 00:00:31 Established 0 3.3.3.9 4 100 3 5 0 00:01:23 Established 0 Peer of vpn instance : vpn instance vpna : 10.1.1.1 4 65410 79 82 0 01:13:29 Established 0
6.
3-258
# Configure RR1.
[RR1] bgp 100 [RR1-bgp] ipv4-family vpnv4 [RR1-bgp-af-vpnv4] reflector cluster-id 100 [RR1-bgp-af-vpnv4] peer rr1 reflect-client [RR1-bgp-af-vpnv4] undo policy vpn-target [RR1-bgp-af-vpnv4] quit
# Configure RR2.
[RR2] bgp 100 [RR2-bgp] ipv4-family vpnv4 [RR2-bgp-af-vpnv4] reflector cluster-id 100 [RR2-bgp-af-vpnv4] peer rr2 reflect-client [RR2-bgp-af-vpnv4] undo policy vpn-target [RR2-bgp-af-vpnv4] quit
7.
Verify the Configuration. On checking the VPN routing table on the PE, you can find the route to the remote CE. Consider the PE1 as an example.
<PE1> display ip routing-table vpn-instance vpna Route Flags: R - relied, D - download to fib -----------------------------------------------------------------------------Routing Tables: vpna Destinations : 5 Routes : 5 Destination/Mask Proto Pre Cost Flags NextHop Interface 10.1.1.0/24 Direct 0 0 D 10.1.1.2 Pos2/0/0 10.1.1.1/32 Direct 0 0 D 10.1.1.1 Pos2/0/0 10.1.1.2/32 Direct 0 0 D 127.0.0.1 InLoopBack0 10.2.1.0/24 BGP 255 0 RD 4.4.4.9 Pos3/0/0 10.2.1.1/32 BGP 255 0 RD 4.4.4.9 Pos3/0/0
CE1 and CE2 can ping each other successfully. It means that the reflectors are configured successfully. After the shutdown command is used on the POS 3/0/0 of the PE1 and the PE2 respectively, the CE1 and the CE2 can ping each other successfully. It means that the double reflectors are configured successfully.
Configuration Files
l
Issue 03 (2008-09-22)
3-259
3-260
Issue 03 (2008-09-22)
Issue 03 (2008-09-22)
3-261
3-262
Issue 03 (2008-09-22)
Inter-AS VPN Option B is adopted. The path PE1 - ASBR1 - ASBR2 - PE2 is the primary link, while the path PE1 - ASBR3 ASBR4 - PE2 is the backup link. CE1 and CE2 can communicate.
If the primary link fails, data of vpna is preferentially switched to the backup link. Figure 3-22 Networking diagram for inter-AS VPN Option B
Loopback0 Loopback0
Loopback0
POS1/0/0
POS1/0/1 POS1/0/0
POS1/0/1
Loopback0 POS1/0/0
PE1
POS2/0/0
ASBR1 AS100
ASBR2 ASBR4
PE2
AS200 ASBR3
POS1/0/1 POS1/0/1 GE2/0/0
POS2/0/1 GE1/0/0
POS1/0/0
POS1/0/0
POS1/0/1
GE1/0/0
Loopback0
Loopback0
GE1/0/0
CE1
CE2
Device PE1 GE1/0/0 POS2/0/0 POS2/0/1 ASBR1 POS1/0/0 POS1/0/1 ASBR2 POS1/0/0 POS1/0/1 ASBR3 POS1/0/0 POS1/0/1 ASBR4 POS1/0/0 POS1/0/1 PE2 POS1/0/0 POS1/0/1 GE12/0/0 CE1 CE2
Interface Loopback0 10.1.1.2/24 100.1.1.1/30 100.1.2.1/30 Loopback0 100.1.1.2/30 100.1.3.1/30 Loopback0 100.1.3.2/30 100.1.5.1/30 Loopback0 100.1.2.2/30 100.1.4.1/30 Loopback0 100.1.4.2/30 100.1.6.1/30 Loopback0 100.1.5.2/30 100.1.6.2/30 10.1.2.2/24 GE1/0/0 GE1/0/0
IP address 1.1.1.1/32
2.2.2.2/32
3.3.3.3/32
4.4.4.4/32
5.5.5.5/32
6.6.6.6/32
10.1.1.1/24 10.1.2.1/24
3-264
Issue 03 (2008-09-22)
Configuration Roadmap
The configuration roadmap is as follows: 1. 2. 3. 4. Configure inter-AS VPN Option B. Configure RD filters and routing policies for all the PEs and ASBRs on the primary link. Define convergence priorities for vpna. Apply the routing policy, which ensures vpna routes received from the local CE and vpna routes received from the peer PE with high priority, to the VPN instance of the PEs Apply the routing policy, which ensures vpna routes received from the intra-AS PE and vpna routes received from the neighboring ASBR with high priority, in the BGP VPNv4 view on the ASBRs.
Data Preparation
To complete the configuration, you need the following data:
l l l
MPLS LSR-ID of the PEs and the ASBRs Name of the VPN instance created on PE1 and PE2, RD, and VPN target Routing policy (EBGP in this example) that guides the route exchange between the PEs and the CEs Convergence priority for each VPN instance Name of the RD filter and the routing policy
l l
Configuration Procedure
1. Configure IGP on the MPLS backbone networks of AS100 and AS200 to ensure the PEs and the ASBRs can communicate. OSPF is adopted as the IGP protocol in this example. The detailed configuration is not mentioned here.
NOTE
During the configuration, advertise the 32-bit addresses of the loopback interfaces that serve as LSR IDs through OSPF.
After the configuration, run the display ospf peer command. You can view that the OSPF neighbor relationship is set up between the ASBRs and the PEs of the same AS, and the neighbor status is Full. The ASBRs and the PEs of the same AS can learn the loopback addresses from each other. In addition, the ASBRs and the PEs of the same AS can successfully ping each other. 2. Configure the basic MPLS capability and MPLS LDP on the MPLS backbone networks of AS100 and AS200 and set up MPLS LDP LSPs. # Configure the basic MPLS capability on PE1 and enable MPLS and MPLS LDP on the interfaces that connect ASBR1 and ASBR3.
<PE1> system-view [PE1] mpls lsr-id 1.1.1.1 [PE1] mpls [PE1-mpls] lsp-trigger all [PE1-mpls] quit [PE1] mpls ldp [PE1-mpls-ldp] quit [PE1] interface pos2/0/0 [PE1-Pos2/0/0] mpls
Issue 03 (2008-09-22)
3-265
Configure the basic MPLS capability on ASBR1 and enable MPLS and MPLS LDP on the ASBR1 interface that connects PE1. Configure the basic MPLS capability on ASBR2 and enable MPLS and MPLS LDP on the ASBR2 interfaces that connects PE2. Configure the basic MPLS capability on ASBR3 and enable MPLS and MPLS LDP on the ASBR3 interfaces that connects PE1. Configure the basic MPLS capability on ASBR4 and enable MPLS and MPLS LDP on the ASBR4 interfaces that connects PE2. Configure the basic MPLS capability on PE2 and enable MPLS and MPLS LDP on the PE2 interfaces that connect ASBR2 and ASBR4.
The detailed configuration is not mentioned here. After the configuration, running the display mpls ldp session command on each device, you can view that the LDP session is set up between the PEs and the ASBRs of the same AS, and "Status" is Operational. Take PE1 as an example:
[PE1] display mpls ldp session LDP Session(s) in Public Network -------------------------------------------------------------------------Peer-ID Status LAM SsnRole SsnAge KA-Sent/Rcv -------------------------------------------------------------------------2.2.2.2:0 Operational DU Passive 000:01:02 17/17 4.4.4.4:0 Operational DU Passive 000:00:02 9/9 -------------------------------------------------------------------------TOTAL: 2 session(s) Found. LAM : Label Advertisement Mode SsnAge Unit : DDD:HH:MM
3.
Configure VPN instances for PE1 and PE2 and configure PE1 and PE2 to access CE1 and CE2. # Configure PE1 to set up the EBGP peer relationship with CE1.
[PE1] ip vpn-instance vpna [PE1-vpn-instance-vpna] route-distinguisher 100:1 [PE1-vpn-instance-vpna] vpn-target 1:1 both [PE1-vpn-instance-vpna] quit [PE1] interface gigabitethernet 1/0/0 [PE1-GigabitEthernet1/0/0] ip binding vpn-instance vpna [PE1-GigabitEthernet1/0/0] ip address 10.1.1.2 24 [PE1-GigabitEthernet1/0/0] quit [PE1] bgp 100 [PE1-bgp] ipv4-family vpn-instance vpna [PE1-bgp-vpna] peer 10.1.1.1 as-number 65000 [PE1-bgp-vpna] import-route direct [PE1-bgp-vpna] quit [PE1-bgp] quit
# Configure CE1.
<CE1> system-view [CE1] interface gigabitethernet 1/0/0 [CE1-GigabitEthernet1/0/0] ip address 10.1.1.1 24 [CE1-GigabitEthernet1/0/0] quit [CE1] bgp 65000 [CE1-bgp] peer 10.1.1.2 as-number 100 [CE1-bgp] import-route direct
3-266
Issue 03 (2008-09-22)
The configuration on CE2 and PE2 is similar to that on CE1 and PE1, and is not mentioned here. Route distinguisher (RD) on PE2 is configured as 100:2.
After the configuration, run the display bgp vpnv4 vpn-instance vpn-instance-name peer command. You can view that the BGP peer relationship is set up between the PEs and the CEs, and the peer status is Established. Take PE1 as an example:
[PE1] display bgp vpnv4 vpn-instance vpna peer BGP local router ID : 1.1.1.1 Local AS number : 100 Total number of peers : 1 Peers in established state : 1 Peer V AS MsgRcvd MsgSent OutQ Up/Down State PrefRcv 10.1.1.1 4 65000 10 10 0 00:07:10 Established 0
4.
Set up the MP-IBGP peer relationship between the PEs and the ASBRs of the same AS. # Configure PE1 to set up the MP-IBGP peer relationship with ASBR1 and ASBR3.
[PE1] bgp 100 [PE1-bgp] peer 2.2.2.2 as-number 100 [PE1-bgp] peer 2.2.2.2 connect-interface loopback 0 [PE1-bgp] peer 4.4.4.4 as-number 100 [PE1-bgp] peer 4.4.4.4 connect-interface loopback 0 [PE1-bgp] ipv4-family vpnv4 [PE1-bgp-af-vpnv4] peer 2.2.2.2 enable [PE1-bgp-af-vpnv4] peer 4.4.4.4 enable [PE1-bgp-af-vpnv4] quit
# Configure ASBR1 to set up the MP-IBGP peer relationship with PE1. The configuration on ASBR3 and ASBR1 is similar to that on ASBR1, and is not mentioned here.
<ASBR1> system-view [ASBR1] bgp 100 [ASBR1-bgp] peer 1.1.1.1 as-number 100 [ASBR1-bgp] peer 1.1.1.1 connect-interface loopback 0 [ASBR1-bgp] ipv4-family vpnv4 [ASBR1-bgp-af-vpnv4] peer 1.1.1.1 enable [ASBR1-bgp-af-vpnv4] quit [ASBR1-bgp] quit
NOTE
The configuration on PE2, ASBR2, and ASBR4 is similar to that on PE1, ASBR1, and ASBR3, and is not mentioned here.
After the configuration, run the display bgp vpnv4 all peer command. You can view that the BGP peer relationship is set up between the PEs and the CEs, and between the PEs and the ASBRs, and the peer status is Established. Take PE1 as an example:
[PE1] display bgp vpnv4 all peer BGP local router ID : 1.1.1.1 Local AS number : 100 Total number of peers : 3 Peer V AS MsgRcvd 2.2.2.2 4 100 8 0 4.4.4.4 4 100 3 0 Peer of vpn instance: vpn instance vpna : 10.1.1.1 4 65000 13
Peers in established state : 3 MsgSent OutQ Up/Down State PrefRcv 19 0 00:32:36 Established 7 0 00:01:36 Established
13
0 00:04:00 Established
5.
Configure the ASBRs of the inter-AS VPN Option B. # On ASBR1, enalbe MPLS on the interface that connects ASBR1 and ASBR2.
[ASBR1] interface pos 1/0/1
Issue 03 (2008-09-22)
3-267
# On ASBR1, set up the MP-EBGP peer relationship with ASBR2 and disable the VPNtarget filtration on received IPv4 VPN routes.
[ASBR1] bgp 100 [ASBR1-bgp] peer 100.1.3.2 as-number 200 [ASBR1-bgp] ipv4-family vpnv4 [ASBR1-bgp-af-vpnv4] peer 100.1.3.2 enable [ASBR1-bgp-af-vpnv4] undo policy vpn-target [ASBR1-bgp-af-vpnv4] quit [ASBR1-bgp] quit
NOTE
The configuration on ASBR2, ASBR3, and ASBR4 is similar to that on ASBR1, and is not mentioned here.
After the configuration, run the display bgp vpnv4 all routing-table command on the ASBRs. You can view the IPv4 VPN routes on the ASBRs. Take ASBR1 as an example:
[ASBR1] display bgp vpnv4 all routing-table BGP Local router ID is 2.2.2.2 Status codes: * - valid, > - best, d - damped, h - history, i - internal, s - suppressed, S - Stale Origin : i - IGP, e - EGP, ? - incomplete Total number of routes from all PE: 4 Route Distinguisher: 100:1 Network NextHop MED LocPrf PrefVal Path/Ogn *>i 10.1.1.0/24 1.1.1.1 0 100 0 ? *>i 10.1.1.1/32 1.1.1.1 0 100 0 ? Route Distinguisher: 100:2 Network NextHop MED LocPrf PrefVal Path/Ogn *> 10.1.2.0/24 100.1.3.2 0 200? *> 10.1.2.1/32 100.1.3.2 0 200?
The CEs can learn the routes from each other. Take CE1 as an example:
[CE1] display ip routing-table Route Flags: R - relied, D - download to fib -----------------------------------------------------------------------------Routing Tables: Public Destinations : 5 Routes : 5 Destination/Mask Proto Pre Cost Flags NextHop Interface 10.1.1.0/24 Direct 0 0 D 10.1.1.1 GigabitEthernet1/0/0 10.1.1.1/32 Direct 0 0 D 127.0.0.1 InLoopBack0 10.1.2.0/24 BGP 255 0 D 10.1.1.2 GigabitEthernet1/0/0 127.0.0.0/8 Direct 0 0 D 127.0.0.1 InLoopBack0 127.0.0.1/32 Direct 0 0 D 127.0.0.1 InLoopBack0
CE1 and CE2 can successfully ping each other. 6. Configure RD filters and routing policies. # Configure RD filters and routing policies on PE1, PE2, ASBR1, and ASBR2. Configure the convergence priority of the IPv4 VPN routes that match the RD filter to 2. (By default, the convergence priority of the VPNv4 route is 0.) The configuration on PE2 is similar to that on PE1, and is not mentioned here. # Configure PE1.
<PE1> system-view [PE1] ip rd-filter 1 permit 100:1 100:2 [PE1] route-policy policy1 permit node 1 [PE1-route-policy] if-match rd-filter 1
3-268
Issue 03 (2008-09-22)
# Configure ASBR1.
<ASBR1> system-view [ASBR1] ip rd-filter [ASBR1] route-policy [ASBR1-route-policy] [ASBR1-route-policy] [ASBR1-route-policy] [ASBR1] ip rd-filter [ASBR1] route-policy [ASBR1-route-policy] [ASBR1-route-policy] 1 permit 100:1 policy1 permit node 1 if-match rd-filter 1 apply convergence-priority 2 quit 2 permit 100:2 policy2 permit node 1 if-match rd-filter 2 apply convergence-priority 2
# Configure ASBR2.
<ASBR2> system-view [ASBR2] ip rd-filter [ASBR2] route-policy [ASBR2-route-policy] [ASBR2-route-policy] [ASBR2-route-policy] [ASBR2] ip rd-filter [ASBR2] route-policy [ASBR2-route-policy] [ASBR2-route-policy] 1 permit 100:1 policy1 permit node 1 if-match rd-filter 1 apply convergence-priority 2 quit 2 permit 100:2 policy2 permit node 1 if-match rd-filter 2 apply convergence-priority 2
7.
Apply the routing policy on PE1, PE2, ASBR1 and ASBR2. # Apply the import routing policy in the VPN instance view on PE1.
[PE1] ip vpn-instance vpna [PE1-vpn-instance-vpna] import route-policy policy1
# Apply the import routing policy in the BGP VPNv4 address family view on ASBR1.
[ASBR1] bgp 100 [ASBR1-bgp] ipv4-family vpnv4 [ASBR1-bgp-af-vpnv4] peer 1.1.1.1 route-policy policy1 import [ASBR1-bgp-af-vpnv4] peer 100.1.3.2 route-policy policy2 import
# Apply the import routing policy in the BGP VPNv4 address family view on ASBR2.
[ASBR2] bgp 200 [ASBR2-bgp] ipv4-family vpnv4 [ASBR2-bgp-af-vpnv4] peer 100.1.3.1 route-policy policy1 import [ASBR2-bgp-af-vpnv4] peer 6.6.6.6 route-policy policy2 import
# Apply the import routing policy in the VPN instance view on PE2.
[PE2] ip vpn-instance vpna [PE2-vpn-instance-vpna] import route-policy policy1
8.
Verify the configuration. You can view the convergence priority of the VPN in the VPNv4 routing table of ASBR1 and ASBR2.
<ASBR2> display bgp vpnv4 all routing-table 10.1.1.0 Total routes of Route Distinguisher(100:1): 1 BGP routing table entry information of 10.1.1.0/24: Label information (Received/Applied): 15360/15362 From: 100.1.3.1 (100.1.3.1) Original nexthop: 1100.1.3.1 Ext-Community: <1 : 1> Convergence Priority: 2 AS-path Nil, origin incomplete, MED 0, localpref 100, pref-val 0, valid, internal, best, pre 255 Advertised to such 1 peers: 6.6.6.6 <ASBR2> display bgp vpnv4 all routing-table 10.1.2.0 Total routes of Route Distinguisher(100:2): 1 BGP routing table entry information of 10.1.2.0/24: Label information (Received/Applied): 15360/15362 From: 6.6.6.6 (6.6.6.6)
Issue 03 (2008-09-22)
3-269
Original nexthop: 6.6.6.6 Ext-Community: <1 : 1> Convergence Priority: 2 AS-path Nil, origin incomplete, MED 0, localpref 100, pref-val 0, valid, internal, best, pre 255 Advertised to such 1 peers: 100.1.3.1
Configuration Files
l
3-270
Issue 03 (2008-09-22)
Issue 03 (2008-09-22)
3-271
sysname ASBR2 # mpls lsr-id 3.3.3.3 mpls lsp-trigger all # mpls ldp # interface Pos1/0/0 link-protocol ppp ip address 100.1.3.2 255.255.255.252 mpls # interface Pos1/0/1 link-protocol ppp ip address 100.1.5.1 255.255.255.252 mpls mpls ldp # # interface LoopBack0 ip address 3.3.3.3 255.255.255.255 # bgp 200 peer 6.6.6.6 as-number 200 peer 6.6.6.6 connect-interface LoopBack0 peer 100.1.3.1 as-number 100 # ipv4-family unicast undo synchronization peer 6.6.6.6 enable peer 100.1.3.1 enable # ipv4-family vpnv4 undo policy vpn-target peer 6.6.6.6 enable peer 6.6.6.6 route-policy policy2 import peer 100.1.3.1 enable peer 100.1.3.1 route-policy policy1 import # ospf 1 area 0.0.0.0 network 3.3.3.3 0.0.0.0 network 100.1.5.0 0.0.0.255 # route-policy policy1 permit node 1 if-match rd-filter 1 apply convergence-priority 2 route-policy policy2 permit node 1 if-match rd-filter 2 apply convergence-priority 2 # ip rd-filter 1 permit 100:1 ip rd-filter 2 permit 100:2 # return l
3-272
Issue 03 (2008-09-22)
Issue 03 (2008-09-22)
3-273
3-274
Issue 03 (2008-09-22)
Issue 03 (2008-09-22)
3-275
Issue 03 (2008-09-22)
4-1
4.1 Overview
This section describes the principle and concepts of the BGP/MPLS IPv6 VPN 4.1.1 Introduction to BGP/MPLS IPv6 VPN 4.1.2 BGP/MPLS IPv6 VPN Features Supported by the NE80E/40E
Through the Multiprotocol Extensions for Border Gateway Protocol version 4 (MP BGPv4), the IPv6 VPN advertises IPv6 VPN routing information in the backbone network, triggers MPLS to allocate labels for IPv6 packets to mark the packets, and uses LSPs to transmit private network data in the backbone network. The implementation principle of an IPv6 VPN is similar to that of a BGP/MPLS IP VPN. Currently, the NE80E/40E supports the following IPv6 VPN networking schemes:
4-2 Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd. Issue 03 (2008-09-22)
Intranet VPN Extranet VPN Hub&Spoke Inter-AS VPN (both inter-AS and multi-AS backbones) Carriers' Carrier
For description about these networking schemes, refer to the chapter "BGP/MPLS IP VPN Configuration" in this manual.
Typical Networking
The NE80E/40E supports the following typical VPN networking:
l
Inter-AS VPN If a VPN backbone network span multiple ASs, the inter-AS VPN must be configured. The inter-AS VPN is classified into Option A, Option B, and Option C.
Carrier's carrier If a carrier's network has multiple ASs and requires other carriers' networks to complete a backbone network, the networking of carrier's carrier can be deployed.
Reliability
To improve the reliability of a VPN, generally, the following networking modes are adopted.
l
The backbone network is an MPLS network, in which the devices on the backbone layer are fully connected. The devices on the backbone layer are generally connected through high-speed interfaces. If the number of PEs is large, use the BGP route reflector to reflect IPv6 VPN routes to decrease the number of MP IBGP connections. The convergence layer is of either a mesh topology or a ring topology. The dual-homed CE or multi-homed CE is configured on the access layer.
l l
4.2.2 Creating an IPv6 VPN Instance 4.2.3 Configuring Route Related Attributes of an IPv6 VPN Instance 4.2.4 Configuring MPLS Label Allocation Based on the IPv6 VPN Instance 4.2.5 Checking the Configuration
Pre-configuration Tasks
Before configuring an IPv6 VPN instance, complete the following tasks:
l l
Data Preparation
To configure IPv6 VPN instances, you need the following data. No. 1 2 3 4 5 Data Name and RD of the IPv6 VPN instance Description of the IPv6 VPN instance (optional) VPN-Target The maximum number of routes allowed by the IPv6 VPN instance (optional) Routing policy that controls the receiving and sending of IPv6 VPN routes (optional)
Procedure
Step 1 Run:
system-view
An IPv6 VPN instance is created and the IPv6 VPN instance view is displayed. Step 3 Run:
route-distinguisher route-distinguisher
The RD for the IPv6 VPN instance is configured. An IPv6 VPN instance takes effect only after the RD is configured. Before configuring the RD, you may configure only the description for the IPv6 VPN instance. Step 4 Run:
description description-information
The description for the IPv6 VPN instance is configured. This step is optional. This describes the relationship between an IPv6 VPN instance and a certain IPv6 VPN. You should set the appropriate description for the IPv6 VPN instance. ----End
Procedure
Step 1 Run:
system-view
An IPv6 VPN-Target extended community is created for the IPv6 VPN instance. You can configure a maximum of eight IPv6 VPN-Targets with a command and a maximum of 16 IPv6 VPN-Targets for an IPv6 VPN instance.
Issue 03 (2008-09-22) Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd. 4-5
Step 4 Run:
routing-table limit number { alert-percent | simply-alert }
The maximum number of routes of the IPv6 VPN instance is configured. This step is optional. You can define the maximum number of routes that can be supported by an IPv6 VPN instance to avoid a PE importing too many routes of the IPv6 VPN instance. The maximum number of routes supported by a PE varies with the product. Step 5 Run:
import route-policy policy-name
4.2.4 Configuring MPLS Label Allocation Based on the IPv6 VPN Instance
Context
Do as follows on the routers.
Procedure
Step 1 Run:
system-view
The label is allocated based on VPN instance. That is, all the routes in an IPv6 VPN instance use the same label. The MPLS labels are generally allocated on a one label per route basis. When the number of routes becomes more, the Incoming Label Map (ILM) of a router needs to maintain more insegment entries accordingly. This puts a higher requirement for the capacity of the router.
4-6 Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd. Issue 03 (2008-09-22)
The NE80E/40E provides the feature of the MPLS label allocation based on the IPv6 VPN instance, that is, one label per IPv6 VPN instance. All the routes of an IPv6 VPN instance share the same label. ----End
Run the display ipv6 vpn6-instance brief command. If brief information including the RD and creating time about the VPN instance is displayed, it means the configuration succeeds. For example:
<Quidway> display ipv6 vpn6-instance brief vpn1 VPN6-Instance Name RD vpn1 1:1 Creation Time 2006/11/20 14:41:28
Run the display ipv6 vpn6-instance verbose command. If detailed information including creating date, period during which the VPN instance is Up, the RD value, VPN target, and the policy for label allocation about the VPN instance is displayed, it means the configuration succeeds. For example:
<Quidway> display ipv6 vpn6-instance verbose vpn1 VPN6-Instance Name and ID: vpn1, 1 Create date: 2006/11/20 14:41:28 Up time: 0 days, 00 hours, 11 minutes and 00 seconds Route Distinguisher: 1:1 Label policy: label per route Tunnel Policy: policy1 Interfaces: GigabitEthernet1/0/0
Pre-configuration Tasks
Before configuring basic BGP/MPLS IPv6 VPN, complete the following tasks:
l l l l l
Enabling IPv6 on the PEs Configuring IGP for the MPLS backbone network (PE, P) to implement IP connectivity Configuring the basic MPLS capabilities for the MPLS backbone network (PE, P) Configuring the tunnels between PEs (LSP, GRE or MPLS TE) Configuring the IPv6 addresses for the CE interface attached to PE
Data Preparation
To configure basic BGP/MPLS IPv6 VPN, you need the following data. No. 1 Data including: To configure an IPv6 VPN instance, you need the following data:
l l l l
Name and RD of the IPv6 VPN instance Description of the IPv6 VPN instance (optional) VPN Target Routing policy that controls the receiving and sending of IPv6 VPN routes (optional) The maximum number of routes allowed by the IPv6 VPN instance (optional)
2 3 4
IPv6 addresses of the PE interfaces attached to the CE IPv6 addresses of the CE interfaces attached to the PE Routing protocol between the PE and the CE, such as static route, RIPng, IS-ISv6, or BGP4+
Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd. Issue 03 (2008-09-22)
4-8
No. 5 6
Data AS number of the PE IP address and interface of the PE to establish the BGP peers
Procedure
Step 1 Run:
system-view
Running the ipv6 binding vpn6-instance command deletes the Layer 3 features such as IPv6 address and IPv6 routing protocols. They need to be re-configured if required.
After the interface connected with CE is bound with the IPv6 VPN instance, the interface becomes a private-network interface. The packets received on the interface are forwarded based on the forwarding information of the IPv6 VPN instance. ----End
Context
Do as follows on the PE devices connected with CE devices.
Procedure
Step 1 Run:
system-view
The BGP IPv6 VPN address family view is displayed. Step 6 Run:
peer peer-ipv4-address enable
Configuring BGP4+ Between PE and CE Configuring Static Routes Between PE and CE Configuring RIPng Between PE and CE Configuring IS-ISv6 Between PE and CE
Procedure
l Configuring BGP4+ Between PE and CE Configuring PE 1. Run:
system-view
4-10
Issue 03 (2008-09-22)
The maximum hop of the EBGP peer is configured. This step is optional. Generally, the EBGP peers have directly connected physical links between each other. If not, you must use the peer ebgp-max-hop command to permit the EBGP peers to set up the TCP connection through multiple hops. 6. Run:
import-route direct [ med value | route-policy policy-name ]*
The routes to the local CE are imported. The PE must import the routes of the local CEs into the IPv6 VPN routing table and advertise them to the peer PE. The type of routes to be imported in Step 6 may be different. 7. Run:
peer peer-ipv6-address allow-as-loop [ number ]
Routing loop is allowed. This step is optional. Step 7 applies to the Hub and Spoke networking. The BGP uses the AS number to detect a routing loop. In the case of Hub and Spoke networking, however, if EBGP runs between the PE and the CE at the Hub site, the Hub-PE carries the local AS number when advertising routes to the Hub-CE. Therefore, the PE denies the subsequent update from the Hub-CE, because it contains the local AS number. To ensure proper transmission of routes in the Hub and Spoke scenario, configure all the BGP peers along the path, used for the Hub-CE to advertise private network routes to the Spoke-CE, to accept the routes which have the AS number repeated once. 8. Run:
peer peer-ipv6-address substitute-as
Step 8 is used for the networking scenario where physically dispersed CEs use the same AS number. The configuration is run on the PE. Configuring CE 1. Run:
system-view
The router ID is configured. This step is optional. If the CE device has no interface configured with an IPv4 address, configure a router ID. 4. Run:
peer peer-ipv6-address as-number as-number
The maximum hop of the EBGP peer is configured. This step is optional. Generally, the EBGP peers have directly connected physical links between each other. If not, you must use the peer ebgp-max-hop command to permit the EBGP peers to set up the TCP connection through multiple hops. 8. Run:
import-route { direct | static | ripng process-id | ospfv3 process-id | isis process-id } [ med value | route-policy policy-name ]*
The address of the VPN network segment is advertised to the connected PE, and then is advertised by the PE to the peer CE. The type of the imported route varies with networking modes. l Configuring Static Routes Between PE and CE The configurations on the CE is the same as the ordinary IPv6 static routes and are not mentioned here.
4-12 Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd. Issue 03 (2008-09-22)
For the detailed configuration about the IPv6 static route, refer to the Quidway NetEngine80E/40E Router Configuration Guide - IP Routing.
1.
Run:
system-view
The static route is configured for the IPv6 VPN instance. 3. Run:
bgp as-number
The configured static route is imported to the routing table of BGP-IPv6-VPN instance. l Configuring RIPng Between PE and CE The configurations on the CE are similar to the configuration of common RIPng and are not mentioned here.
NOTE
For the detailed configuration about RIPng, refer to the Quidway NetEngine80E/40E Router Configuration Guide IP Routing Volume.
A RIPng instance is created between PE and CE and the RIPng view is displayed. A RIPng multi-instance process can only belong to on IPv6 VPN instance. If a RIPng process is not bound to an IPv6 VPN instance when the process is enabled, the process is classified as a public network process. If only one RIPng process (including public network process and multi-instance process) is run on a router, you need not specify process-id, that is, the default process ID 1 is adopted. 3. Run:
import-route bgp [ cost value ] [ route-policy policy-name ]
Issue 03 (2008-09-22)
4-13
The BGP routes are imported. After the execution of the import-route bgp command in the RIPng view, the PE imports the VPN-IPv6 routes learnt from the remote PE into the RIPng and further advertises them to its CE. 4. Run:
quit
The RIP routes are imported into the routing table of BGP-IPv6 VPN instance. After the running of the import-route ripng command in the BGP-IPv6 VPN view, the PE imports the RIPng routes learnt from its CE into BGP, forms them into VPNIPv6 routes and advertise them to the peer PE. l Configuring IS-ISv6 Between PE and CE You can configure the common IS-ISv6 on the CE. The configurations on CE are not mentioned here.
NOTE
For the detailed configuration about IS-ISv6, refer to the Quidway NetEngine80E/40E Router Configuration Guide - IP Routing.
4-14
Issue 03 (2008-09-22)
The IS-IS instance between the PE and the CE is created and the IS-IS view is displayed. An IS-IS multi-instance process can only belong to on IPv6 VPN instance. If an ISIS process is not bound to an IPv6 VPN instance when the process is enabled, the process is classified as a public network process. If only one IS-IS process (including public network process and multi-instance process) is run on a router, you need not specify process-id, that is, the default process ID 1 is adopted. 3. Run:
network-entity net
The Network Entity Title (NET) is configured. The NET defines the system ID of the router and the address of the local IS-IS area. A maximum of three NETs can be configured for a process on a router. 4. (Optional) Run:
is-level { level-1 | level-1-2 | level-2 }
The level of the router is configured. By default, the level of a router is level-1-2. 5. Run:
ipv6 enable
IPv6 is enabled for the IS-IS process. IPv6 can be enabled for an IS-IS process only after IPv6 is enabled in the system view. 6. Run:
import-route bgp [ cost value ] [ cost-type { external | internal } ] [ level-1 | level-1-2 | level-2 ] [ route-policy policy-name ] [ tag tagvalue ]
12. Run:
ipv6-family vpn6-instance vpn6-instance-name
The IS-IS route is installed to the BGP IPv6 VPN routing table. ----End
Run the display ipv6 routing-table vpn6-instance vpn6-instance-name command. If the VPN routes related to the CE are displayed, it means the configuration succeeds. Run the display ipv6 routing-table command. If the routes to the peer CE are displayed on the CE, it means the configuration succeeds.
Pre-configuration Tasks
Before configuring basic Hub&Spoke, complete the following tasks:
l l
Configuring IGP on PE devices and P devices in the MPLS backbone network Configuring basic MPLS capability on PE devices and P devices in the MPLS backbone network Configuring the tunnels between the PE devices Configuring the IPv6 addresses, through which the CE devices access the PE devices, on the CE devices
l l
Data Preparation
To configure Hub&Spoke, you need the following data. No. 1 Data To configure an IPv6 VPN instance, you need the following data:
l l l l
Name and RD of the IPv6 VPN instance Description of the IPv6 VPN instance (optional) VPN Target Routing policy that controls the receiving and sending of IPv6 VPN routes (optional) The maximum number of routes allowed by the IPv6 VPN instance (optional)
2 3 4
IPv6 addresses of the PE interfaces attached to the CE IPv6 addresses of the CE interfaces attached to the PE Data for the configurations of routing protocols (static route, RIPng, IS-ISv6, or BGP4+) between Hub-PE and Hub-CE, and between Spoke-PE and Spoke-CE
VPN-spoke: It receives and maintains all the VPN-IPv6 routes. VPN-hub: It maintains the routes of all the Hub stations and Spoke stations and advertises those routes to all the Spoke-PEs.
NOTE
Step 1 to 6 describes how to configure an IPv6 VPN instance. Different IPv6 VPN instances on a device are different in names, RDs, and description.
Issue 03 (2008-09-22)
4-17
Procedure
Step 1 Run:
system-view
An IPv6 VPN instance is created and the IPv6 VPN instance view is displayed. Step 3 Run:
route-distinguisher route-distinguisher
The RD is configured for the IPv6 VPN instance. An IPv6 VPN instance takes effect only after the RD is configured. Before configuring the RD, you may configure only the description for the IPv6 VPN instance. Step 4 Run:
description description-information
The description for the IPv6 VPN instance is configured. This step is optional. This describes the relationship between an IPv6 VPN instance and a certain IPv6 VPN. You should set the appropriate description for the IPv6 VPN instance. Step 5 Run:
apply-label per-instance
The label is allocated based on IPv6 VPN instance. That is, all the routes in a VPN instance use the same label. This step is optional. The MPLS labels are generally allocated on one label per route. The NE80E/40E provides the feature of the MPLS label allocation based on the VPN instance, that is, one label per VPN instance. All the routes of a VPN instance share the same label. Step 6 Run:
routing-table limit number { alert-percent | simply-alert }
The maximum number of routes of the IPv6 VPN instance is configured. This step is optional. You can define the maximum number of routes that can be supported by an IPv6 VPN instance to avoid a PE importing too many routes of the IPv6 VPN instance. The maximum number of routes supported by a PE varies with the product. ----End
Configuring Hub-PE
Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd. Issue 03 (2008-09-22)
1.
Run
system-view
The VPN target extended community for the IPv6 VPN instance is created. The VPNIPv6 routes advertised by all the Spoke-PEs are imported. vpn-target1 lists the export community attribute of vpn-target advertised by all the Spoke-PEs. 4. Run
import route-policy policy-name
The import routing policy of the IPv6 VPN instance is configured. This step is optional. 5. Run
export route-policy policy-name
The export routing policy of the VPN instance is configured. This step is optional. 6. Run
quit
The IPv6 VPN instance view of the VPN Hub is displayed. 8. Run
vpn-target vpn-target2 &<1-8> export-extcommunity
The VPN target extended community is configured to advertise the routes of all the Hub stations and Spoke stations. vpn-target2 is a list that contains all the import VPN targets of all the Spoke-PEs. 9. Run
import route-policy policy-name
The import routing policy of the IPv6 VPN instance is configured. This step is optional. 10. Run
export route-policy policy-name
The export routing policy of the IPv6 VPN instance is configured. This step is optional. l Configuring Spoke-PE 1. Run
system-view
2.
Run
ipv6 vpn6-instance vpn6-instance-name
The IPv6 VPN instance view of the VPN Spoke is displayed. 3. Run
vpn-target vpn-target2 &<1-8> import-extcommunity
The VPN target extended community for the VPN instance is created. The VPN-IPv6 routes advertised by the Hub-PE are imported. vpn-target2 is the export community attribute of vpn-target advertised by the HubPE. 4. Run
vpn-target vpn-target1 &<1-8> export-extcommunity
The VPN target extended community for the VPN instance is created. The IPv6 routes of stations the Spoke-PE accesses are advertised. 5. Run
import route-policy policy-name
The import routing policy of the IPv6 VPN instance is configured. This step is optional. 6. Run
export route-policy policy-name
The export routing policy of the IPv6 VPN instance is configured. This step is optional. ----End
Procedure
Step 1 Run
system-view
Step 4 Run
ipv6 binding vpn6-instance vpn6-instance-name
Running the ipv6 binding vpn6-instance command deletes the Layer 3 features such as IPv6 address and IPv6 routing protocols. They need to be re-configured if required.
After the interface connected with CE is bound with the IPv6 VPN instance, the interface becomes a private-network interface. The packets received on the interface are forwarded based on the forwarding information of the IPv6 VPN instance. ----End
Procedure
Step 1 Run
system-view
The BGP IPv6 VPN address family view is displayed. Step 6 Run
peer peer-ipv4-address enable
Configuring EBGP between the Hub-PE and the Hub-CE In this way, BGP4+, RIPng multi-instance, IS-ISv6 multi-instance or static routes can be adopted between the Spoke-PE and the Spoke-CE. To set up the EBGP peer between the Hub-PE and the Hub-CE, run the peer ipv6address allow-as-loop [ number ] command in the BGP-IPv6-VPN instance view to allow the routing loop.
Configuring IGP between the Hub-PE and the Hub-CE In this way, instead of BGP4+, RIPng multi-instance, IS-ISv6 multi-instance or static routes are adopted between the Spoke-PE and the Spoke-CE.
Configuring static routes between the Hub-PE and the Hub-CE If the Hub-CE uses the default route to access the Hub-PE, to advertise the default route to all the Spoke-PEs, do as follows on the Hub-PE:
Run the ipv6 route-static vpn6-instance vpn6-instance-name :: 0 nexthop-address command in the system view. vpn6-instance-name refers to the VPN-Hub. Run the network :: 0 command in the BGP-IPv6-VPN address family to advertise the default route to all the Spoke-PEs through MP-BGP.
Choose one of the preceding methods as required. For detailed configurations, see Configuring a Routing Policy Between PE and CE.
Run the preceding commands. If the routing table of the VPN Spoke has routes to all the Spoke stations, and the routing table of the VPN Hub has routes to the Hub and all the Spoke stations, it means the configuration succeeds. Additionally, Hub-CE and all the Spoke-CEs have routes to the Hub and all the Spoke stations.
4-22 Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd. Issue 03 (2008-09-22)
Pre-configuration Tasks
Before configuring the IPv6 VPN-Option A, complete the following tasks:
l
Configuring IGP for MPLS backbone networks in each AS to realize IP connectivity of the backbones in one AS Enabling MPLS on the PEs and the ASBR PEs Setting up the LSP tunnelbetween the PE and the ASBR PE in the same AS Configuring the IPv6 address for the CE interface connected the PE Configuring the IPv6 address of the CE interface through which the CE accesses the PE
l l l l
Data Preparation
To configure inter-AS IPv6 VPN-Option A, you need the following data:
Issue 03 (2008-09-22)
4-23
No. 1
Data To configure the VPN instance on the PE and the ASBR PE, you need the following data:
l l l l
Name and RD of the IPv6 VPN instance Description of the IPv6 VPN instance (optional) VPN Target Routing policy that controls the receiving and sending of IPv6 VPN routes (optional) Tunnel policy (optional) The maximum number of routes allowed by the IPv6 VPN instance (optional)
l l
2 3 4 5 6
IPv6 addresses of the PE interfaces attached to the CE AS number of the PE IPv6 addresses of the interfaces connected the ASBR PEs Routing protocol adopted between the PE and the CE: static route, RIPng, IS-ISv6 or BGP4+ IPv4 addresses and interfaces between the PE and ASBR PE to establish the MPIBGP peers
Configuring Basic BGP/MPLS IPv6 VPN on each AS Configuring ASBR-PE by considering the peer ASBR-PE as its CE Configuring IPv6 VPN instances for the PE and the ASBR-PE separately The VPN instance for PE is used to access CE; that for ASBR-PE is used to access its peer ASBR-PE.
NOTE
In inter-AS VPN-Option A mode, for the same IPv6 VPN, the VPN targets of IPv6 VPN instance on ASBRPE and the PE must be matched in an AS. This is not required for the PEs in different ASs.
4-24
Issue 03 (2008-09-22)
Action Check information about the BGP peers on the PE or the ASBR PE. Check the VPN-IPv6 routes on the PE or the ASBR-PE. Check the VPN routing table on the PE or the ASBR PE.
Command display bgp vpnv6 all peer display bgp vpnv6 all routing-table display ipv6 routing-table vpn6-instance [ vpn6instance-name ]
Run the display bgp vpnv6 all peer command. If the BGP IPv6 VPN peer relationship between the ASBR-PE and the PE is "Established", it means the configuration succeeds. Run the display bgp vpnv6 all routing-table command. If the VPN-IPv6 routes of the ASBRPE are displayed, it means the configuration succeeds. Running the display ipv6 routing-table vpn6-instance command, you can view IPv6 VPN routes in the VPN routing table of the PE and the ASBR PE.
Pre-configuration Tasks
Before configuring inter-AS IPv6 VPN-Option B, complete the following tasks:
Issue 03 (2008-09-22) Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd. 4-25
Configuring IGP for MPLS backbone networks in each AS to realize IP connectivity of the backbones in one AS Configuring basic MPLS capability for the MPLS backbone network Configuring MPLS LDP to establish LDP LSP for the MPLS backbone network Creating an IPv6 VPN Instance on the PE devices connected with the CE devices and Binding an IPv6 VPN Instance with an Interface Configuring the IPv6 addresses of the CE interfaces through which the CE accesses the PE
l l l
Data Preparation
To configure inter-AS IPv6 VPN-Option B, you need the following data: No. 1 Data To configure the VPN instance on the PE, you need the following data:
l l l l
Name and RD of the IPv6 VPN instance Description of the IPv6 VPN instance (optional) VPN Target Routing policy that controls the receiving and sending of IPv6 VPN routes (optional) The maximum number of routes allowed by the IPv6 VPN instance (optional)
2 3 4 5 6
IPv6 addresses of the PE interfaces attached to the CE AS number of the PE IPv4 addresses of the interfaces connected the ASBR PEs Routing protocol adopted between the PE and the CE: static route, RIPng, IS-ISv6 or BGP4+ IPv4 addresses and interfaces setting up the MP-IBGP peer between the PE and the ASBR PE
Procedure
Step 1 Run
system-view
4-26
Issue 03 (2008-09-22)
The address of the loopback interface is specified as the source address of the BGP session. Step 5 Run
ipv6-family vpnv6
The exchange of VPN-IPv6 routes with the peer PE or the ASBR PE is enabled. ----End
Procedure
Step 1 Run
system-view
The view of the interface connected with the ASBR PE interface is displayed. Step 3 Run
ip address ipv4-address { mask | mask-length }
Issue 03 (2008-09-22)
4-27
The exchange of VPN-IPv6 routes with the peer ASBR PE is enabled. ----End
Procedure
Step 1 Run
system-view
The VPN-IPv6 routes are not filtered by the VPN target. By default, the PE performs VPN target filtering on the received VPN-IPv6 routes. The routes passing the filter is added to the routing table, and the others are discarded. If the PE is not configured with IPv6 VPN instance, or the IPv6 VPN instance is not configured with the VPNTarget, the PE discards all the received VPN-IPv6 routes. In the inter-AS VPN-Option B mode, if the ASBR-PE does not store information about the IPv6 VPN instance, the ASBR-PE must save all the VPN-IPv6 routing information and advertise it
4-28 Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd. Issue 03 (2008-09-22)
to the peer ASBR-PE. In this case, the ASBR-PE should receive all the VPN-IPv6 routing information without the VPN-Target filtering. ----End
4.6.5 Storing Information About the IPv6 VPN Instance on the ASBR PEs
Context
Do as follows on the ASBR PE.
Procedure
Step 1 Run
system-view
An IPv6 VPN instance is created and the IPv6 VPN instance view is displayed. If the VPN receives and sends the VPN-IPv6 routing information through the ASBR-PE, configure the corresponding instance on the ASBR-PE. Otherwise, the instance is not needed. Step 3 Run
route-distinguisher route-distinguisher
The VPN target extended community for the VPN instance is created. For the same VPN in the inter-AS VPN-Option B mode, the VPN targets of the ASBR-PE and the PE in an AS should match with each other. The VPN targets of the PE in different Ass must match with each other likewise. Step 5 Run
routing-table limit number { alert-percent | simply-alert }
The maximum number of routes is configured for the IPv6 VPN instance. This step is optional. Step 6 Run
import route-policy policy-name
An import routing policy is created for the IPv6 VPN instance. (optional) Step 7 Run
export route-policy policy-name
Issue 03 (2008-09-22)
4-29
An export routing policy is created for the IPv6 VPN instance. (optional). ----End
Run the display bgp vpnv6 all routing-table command on the ASBR PE. If the IPv6 routes of the VPN are displayed, it means the configuration succeeds. Run the display bgp vpnv6 all peer command on the PE or the ASBR PE. If the status of the IBGP peer is "Established", and the status of the EBGP peer is "Established", it means the configuration succeeds. Run the display ipv6 routing-table vpn6-instance command on the PE. If the relevant IPv6 VPN routes are displayed, it means the configuration succeeds.
Pre-configuration Tasks
Before configuring inter-AS IPv6 VPN-Option C, complete the following tasks:
l
Configuring IGP for MPLS backbone networks in each AS to realize IP connectivity of the backbones in one AS Configuring basic MPLS capability for the MPLS backbone network Configuring MPLS LDP to establish LDP LSP for the MPLS backbone network Configuring the IBGP peer relationship between the PE and the ASBR of the same AS Creating an IPv6 VPN Instance on the PE devices connected with the CE devices and Binding an IPv6 VPN Instance with an Interface Configuring the IPv6 addresses of the CE interfaces through which the CE accesses the PE
l l l l
Data Preparation
To configure inter-AS IPv6 VPN-Option C, you need the following data: No. 1 Data To configure the IPv6 VPN instance on the PE, you need the following data:
l l l l
Name and RD of the IPv6 VPN instance Description of the IPv6 VPN instance (optional) VPN Target Routing policy that controls the receiving and sending of IPv6 VPN routes (optional) The maximum number of routes allowed by the IPv6 VPN instance (optional)
2 3 4 5 6 7
IPv6 addresses of the PE interfaces attached to the CE AS number of the PEs IPv4 addresses of the interfaces connected the ASBR PEs Routing policy configured on the ASBR PE Routing protocol adopted between the PE and the CE: static route, RIPng, IS-ISv6 or BGP4+ IPv4 addresses and interfaces setting up the IBGP peer between the PE and the ASBR PE
Issue 03 (2008-09-22)
4-31
The exchange of the labeled IPv4 routes with the ASBR PE in the same AS is enabled. l Configuring the ASBR PE 1. Run
system-view
The view of the interface connected with the peer ASBR PE is displayed. 3. Run
ip address ipv4-address { mask | mask-length }
The Capability of exchanging the labeled IPv4 routes with the PE of the same AS is enabled. In the Option C solution, you must establish an inter-AS VPN LSP. The related PEs and the ASBRs exchange public network routes with the MPLS labels. The ASBR-PE establishes an EBGP peer relationship with the remote ASBR-PE to switch labeled IPv4 routes.
4-32 Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd. Issue 03 (2008-09-22)
The public network routes with the MPLS labels are advertised by the MP-BGP. According to RFC 3107 (Carrying Label Information in BGP-4), the label mapping information of a route is carried by advertising BGP updates. This feature is implemented through BGP extension attributes, which requires BGP peers to process the labeled IPv4 routes. By default, BGP peers cannot process labeled IPv4 routes. 8. Run
peer peer-ipv4-address as-number as-number
The exchange of the labeled IPv4 routes with the peer ASBR PE is enabled. ----End
Procedure
l Creating a Routing Policy 1. Run
system-view
The routing policy applied to the local PE is created. The MPLS labels are allocated to the labeled IPv4 routes advertised to the PEs in the same AS. 3. Run
if-match mpls-label
Issue 03 (2008-09-22)
4-33
The routing policy applied to the peer ASBR PE is created. The MPLS labels are allocated to the routes that are received from the PEs in the same AS and are sent to the peer ASBR PE, 7. Run
apply mpls-label
The label is allocated to the IPv4 route. l Applying Routing Policies 1. Run
system-view
The routing policy adopted when the route is advertised to the local PE is configured. 4. Run
peer peer-ipv4-address route-policy policy-name2 export
The routing policy adopted when the route is advertised to the peer ASBR PE is configured. ----End
Procedure
l Configuring the ASBR PEs 1. Run
system-view
4-34
Issue 03 (2008-09-22)
The address of the network segment that connects the two ASBRs is configured. 4. Run
network ip-address [ mask | mask-length ] [ route-policy route-policyname ]
The address of the loopback interface, which sets up the BGP session, on the PE within the AS is advertised. l Configuring the PEs 1. Run
system-view
The maximum hop of the EBGP peer is configured. PEs of different ASs are generally not directly connected. To set up the EBGP peer between PEs of different ASs, configure the maximum hop between PEs and ensure PEs are reachable. 5. Run
ipv6-family vpnv6
The exchange of IPv6 VPN routes with the peer PE is enabled. 7. Run
peer peer-ipv6-address next-hop-invariable
The next hop is not changed when the route is advertised to the EBGP peer. ----End
Action Check the BGP peers on the PE. Check the VPN-IPv6 routing table on the PE or the ASBR PE. Check information about the labels of the IPv4 routes on the ASBR PE. Check the VPN-IPv6 routing table on the PE.
Command display bgp vpnv6 all peer display bgp vpnv6 all routing-table display bgp routing-table label display ipv6 routing-table vpn6-instance [ vpn6-instance-name ]
Run the display bgp vpnv6 all peer command on the PE. If the status of the EBGP peer between PEs is "Established", it means the configuration succeeds. Running the display bgp vpnv6 all routing-table command on the PE and the ASBR PE, you can view that the PE has the VPN-IPv6 routes while the ASBR PE has no VPN-IPv6 route. Run the display bgp routing-table label command on the ASBR PE. If information about the label of the IPv4 route is displayed, it means the configuration succeeds. Run the display ipv6 routing-table vpn6-instance command on the PE. If the VPN routes to related CEs are displayed, it means the configuration succeeds.
4-36
The Level 2 carrier network is the IPv4 network. The users of the Level 2 carrier network is the IPv6 network.
Pre-configuration Tasks
Before configuring the carrier's carrier, complete the following tasks:
l
Configuring IGP for the Level 1 carrier's MPLS backbone network to implement the IP connectivity of the backbone network Configuring the MPLS basic capacity and the LDP for the Level 1 carrier's MPLS backbone network and establish the LSP Establishing the MP-IBGP connection between the Level 1 carrier PEs Configuring the IGP for the Level 2 carrier's IP network or MPLS network to the IP connectivity Configuring the MPLS basic capacity and LDP for the Level 2 carrier network and establish the LSP if the Level 2 carrier provides the BGP/MPLS IPv6 VPN services
l l
Data Preparation
To configure the carrier's carrier, you need the following data. No. 1 2 3 4 5 6 Data Name, RD and VPN-Target of the IPv4 VPN instance used by the Level 1 carrier CE to access the Level 1 carrier PE Name, RD and VPN-Target of the IPv6 VPN instance used by the Level 2 carrier PE to access the Level 1 carrier CE IPv4 addresses of each interface on the Level 1 carrier PE, and the Level 2 carrier CE and PE AS number of the Level 1 carrier network and that of the Level 2 carrier network Name and number of the routing policy used when the Level 1 and Level 2 carrier have different AS numbers The maximum hops of the EBGP connection allowed for the Level 2 carrier network (inter-AS)
Issue 03 (2008-09-22)
4-37
A VPN instance is created and the VPN instance view is displayed. 3. Run:
route-distinguisher route-distinguisher-name
The IP address is configured for the interface. l Configuring LDP and IGP on Level 1 Carrier PE 1. Run:
system-view
4-38
Issue 03 (2008-09-22)
If the interface is bound with a VPN instance and enabled with LDP, the LSR cannot use the LSR ID, but the IP address of the current interface to establish the LDP session. You cannot configure the mpls ldp transport-address command and the undo mpls ldp transportaddress command on the interface bound with a VPN instance.
7.
Run:
quit
Return to the system view. 8. Configure the IGP protocol between the Level 1 carrier PE and the Level 2 carrier CE. The RIP multi-instance, the OSPF multi-instance or the IS-IS multi-instance can be used on PE as the IGP protocol between the PE and the Level 2 carrier CE. The detailed configuration is not mentioned here. l Configuring LDP and IGP on the Level 1 Carrier CE 1. Run:
system-view
The IP address of the current interface is used to establish an LDP session. 7. Run:
quit
Return to the system view. 8. Configure IGP between the Level 2 carrier CE and the Level 1 carrier PE. RIP, OSPF or IS-IS can be used on the CE as an IGP protocol between the CE and the Level 1 carrier PE. The detailed configuration is not mentioned here. ----End
Issue 03 (2008-09-22) Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd. 4-39
A VPN instance is created and the VPN instance view is displayed. 3. Run:
route-distinguisher route-distinguisher-name
MPLS is enabled on the interface. l Configuring Labeled BGP on the Level 1 Carrier PE 1. Run:
system-view
3.
Run:
apply mpls-label
Labels are assigned to routes advertised to the Level 2 carrier CE. 10. Run:
import-route direct
Direct routes are imported. l Configuring Labeled BGP on the Level 2 Carrier CE Between It and the Level 1 Carrier PE 1. Run:
system-view
The view of the interface connected to the Level 1 carrier PE is displayed. 3. Run:
ip address ip-address { mask | mask-length }
Issue 03 (2008-09-22)
4-41
The routing policy is created for the Level 1 carrier PE. 7. Run:
apply mpls-label
Labels are assigned to the routes advertised to the Level 1 carrier PE. l Configuring Labeled BGP on the Level 2 Carrier CE Between the Level 2 Carrier PE 1. Run:
system-view
4-42
Issue 03 (2008-09-22)
Labels are assigned to the labeled IPv4 routes advertised to the Level 2 carrier PE. 11. Run:
import-route direct
Import internal routes of the Level 2 carrier network. In Step 12, the imported route type depends on the type of IGP running on the Level 2 carrier MPLS network. l Configuring Labeled BGP on the Level 2 Carrier PE 1. Run:
system-view
The Level 2 Carrier Is Common ISP The Level 2 Carrier Provides BGP/MPLS IPv6 VPN Services
Procedure
l The Level 2 Carrier Is Common ISP 1. Run:
system-view
To establish EBGP peer relationship between the Level 2 carrier PEs, you must configure Step 5. l The Level 2 Carrier Provides BGP/MPLS IPv6 VPN Services 1. Run:
system-view
The number of maximum hops of the EBGP connection is configured. If the MP-EBGP peer relationship exists between the Level 2 carrier PEs, you need to configure Step 5. 6. Run:
ipv6-family vpnv6
The function of exchanging VPN-IPv6 routes with the peer is enabled. ----End
Action Check the private routing tables on the PEs of the Level 2 carrier.
Run the display ip routing-table command on the PEs and CEs of the Level 1 carrier and the Level 2 carrier. You can view the following:
l
The public routing table of the Level 1 carrier PE contains only the routes of the Level 1 carrier network. The public routing table of the Level 1 carrier CE and that of the Level 2 carrier PE contain the internal routes of the Level 2 carrier network.
Running the display ipv6 routing-table command on the CE of the Level 2 carrier network, you can view the routes to the related remote CEs exist between the CEs of the Level 2 carrier. Running the display ip routing-table vpn-instance command on the PEs of the Level 1 carrier network, you can view the VPN routing table contains the internal routes of the Level 2 carrier network. Running display ipv6 routing-table vpn6-instance command on the PEs of the Level 2 carrier network, you can find the IPv6 VPN routing table contains the routes of the remote IPv6 VPN users, that is, the external routes of the Level 2 carrier.
The introduction of the RR reduces the number of MP IBGP connections. This lightens the burden of PEs and facilitates network maintenance and management.
Pre-configuration Tasks
Before configuring the route reflection for BGP IPv6 VPN routes, complete the following tasks:
l
Enable IPv6 globally on the PE, and enable IPv6 on the interface that need be configured with IPv6. Configuring the routing protocol for the MPLS backbone network to implement IP interworking between routers in the backbone network Establishing LSP tunnels between the RR and all PEs serving as the clients
Data Preparation
To configure route reflection for BGP IPv6 VPN routes, you need the following data. No. 1 2 3 Data Local AS number and peer AS number Type and number of the interfaces used to set up the TCP connection IP address of the peer
4.9.2 Configuring the Client PEs to Establish MP IBGP Connections with the RR
Context
Do as follows on all Client PEs:
Procedure
Step 1 Run:
system-view
The IP address of the interface must be the same as the MPLS LSR ID. It is recommended to specify a loopback interface to establish the TCP connection. Step 5 Run:
ipv6-family vpnv6
The BGP IPv6 VPN address family view is displayed. Step 6 Run:
peer peer-ipv4-address enable
The capability of exchanging IPv6 VPN routes between the Client PE and the RR is enabled. ----End
4.9.3 Configuring the RR to Establish MP IBGP Connections with All Client PEs
Context
Choose one of the following schemes to configure the RR to establish MP IBGP connections with the Client PEs.
Procedure
l Configuring the RR to Establish MP IBGP Connections with the Peer Group 1. Run:
system-view
The interface is specified as an interface to establish the TCP connection. The IP address of the interface must be the same as the MPLS LSR ID. It is recommended to specify a loopback interface to establish the TCP connection. 6. Run:
ipv6-family vpnv6
4-48
Issue 03 (2008-09-22)
The capability of exchanging IPv6 VPN routes between the RR and the peer group is enabled. 8. Run:
peer ip-address group group-name
The peer is added to the peer group. l Configuring the RR to Establish an MP IBGP Connection with Each Client PE 1. Run:
system-view
The interface is specified as an interface to establish the TCP connection. The IP address of the interface must be the same as the MPLS LSR ID. It is recommended to specify a loopback interface to establish the TCP connection. 5. Run:
ipv6-family vpnv6
The capability of exchanging IPv6 VPN routes between the RR and the Client PE is enabled. ----End
Procedure
Step 1 Run:
system-view
Issue 03 (2008-09-22)
4-49
The BGP IPv6 VPN address family view is displayed. Step 4 Enable the route reflection for BGP IPv6 VPN routes on the RR.
l
Run the peer { group-name | peer-ipv4-address } reflect-client command to enable the route reflection if the RR establishes the MP IBGP connection with the peer group consisting of all Client PEs. Run the peer peer-ipv4-address reflect-client command repeatedly to enable the route reflection if the RR establishes the MP IBGP connection with each PE rather than peer group.
Step 5 Run:
undo policy vpn-target
The filtering of IPv6 VPN routes based on the VPN target is disabled. Step 6 (Optional) Run:
rr-filter extended-list-number
You can find that the status of the MP IBGP connections between the RR and all Client PEs is "Established" after running the display bgp vpnv6 all peer command on the RR or Client PEs. You can find that the RR and each Client PE can receive and send IPv6 VPN routing information between each other after running the display bgp vpnv6 all routing-table peer command on the RR or the Client PEs.
Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd. Issue 03 (2008-09-22)
4-50
If the peer group is configured, you can view information about the group members and find that the status of the BGP connections between the RR and the group members is "Established" after running the display bgp vpnv6 all group command on the RR.
View information of the BGP VPN-IPv6 routing table. View BGP IPv6 VPN peer group information. View BGP IPv6 VPN peer information.
Issue 03 (2008-09-22)
Action View VPN-IPv6 routing information advertised. View AS path information of BGP VPNIPv6. View BGP peer's log information of specified IPv6 VPN instance.
Command display bgp vpnv6 { all | vpn6-instance vpn6instance-name } network display bgp vpnv6 { all | vpn6-instance vpn6instance-name } paths [ as-regular-expression ] display bgp vpnv6 vpn6-instance vpn6instance-name peer { group-name | peeraddress } log-info
After the VPN configuration, using the ping command without vpn6-instance vpn6-instancename on PE device, you can check whether the PE and the CE that belongs to the same VPN can communicate with each other. If the ping fails, you can use the tracert command with vpn6instance vpn6-instance-name to locate the fault. If multiple interfaces bound with the same VPN exist on the PE, specify the source IP address, that is -a source-ipv6-address when you ping the remote CE that accesses the peer PE. If you do not specify a source IP address, the PE chooses an IPv6 address of the interface bound with the VPN on the PE as the source address of the ICMPv6 packet randomly. If the selected interface is Down, the ICMP packet sent back from the peer PE is discarded.
4-52 Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd. Issue 03 (2008-09-22)
By default, as for the MPLS TTL timeout packet with level 1 label, the router returns the ICMPv6 packet according to the local IP route, which is the route of the public network. However, no VPN route exists in the public-network routing table of the ASBR PE. Therefore, the ICMPv6 packet is discarded when it is sent from the ASBR PE or returns to the ASBR PE. In this situation, the ping command can succeed. For inter-AS VPN, when you perform the tracert operation, to check the correct path that the carrier network forwards the private-network packets, it is recommended to configure the undo ttl expiration command on ASBR PEs.
Issue 03 (2008-09-22)
Command reset bgp vpnv6 { as-number | peer-ipv4-address | group group-name | all | internal | external }
CAUTION
Enabling the debugging affects the system performance. After debugging, run the undo debugging all command to disable it at once. Run the following debugging commands in user view to debug BGP/MPLS IPv6 VPN and to locate the fault. For more information, see the chapter "Maintenance and Debugging" in the Quidway NetEngine80E/40E Router Configuration Guide - System Management. Action Enable the debugging of BGP peers in an IPv6 VPN instance. Enable the packet debugging of BGP peers in an IPv6 VPN instance. Enable the BGP Update packets debugging of IPv6 VPN instances. Enable the BGP Update packets debugging of VPN-IPv6 routes. Enable the BGP Update packets debugging of labeled routes. Command debugging bgp vpn6-instance vpn6-instance-name ipv6-address { all | event | timer } debugging bgp vpn6-instance vpn6-instance-name ipv6-address { keepalive | open | packet | raw-packet | route-refresh } [ receive | send ] [ verbose ] debugging bgp update vpn6-instance vpn6-instancename peer ipv6-address [ ipv6-prefix ipv6-prefixname ] [ receive | send ] [ verbose ] debugging bgp update vpnv6 [ peer ipv4-address ] [ receive | send ] [ verbose ] debugging bgp update label-route [ peer peer-ipv4address ] [ acl acl-number | ip-prefix ipv4-prefixname ] [ receive | send ] [ verbose ]
4.11.4 Example for Configuring Inter-AS VPN Option A 4.11.5 Example for Configuring Inter-AS VPN Option B 4.11.6 Example for Configuring Inter-AS VPN Option C 4.11.7 Example for Configuring Carrier's Carrier in a Same AS 4.11.8 Example for Configuring the Carrier's Carrier (Inter-AS) 4.11.9 Example for Configuring Route Reflector in an IPv6 VPN
CE1 and CE3 are in vpna while CE2 and CE4 are in vpnb. Users in different VPN cannot access each other. GE 2/0/0 on each CE is the interface of the internal network.
In this example, different ways for exchanging routes are adopted according to the AS to which the directly-connected PEs and CEs belong to.
l l l l
Intercommunication between PE1 and CE1 is implemented through the BGP4+. Intercommunication between PE1 and CE2 is implemented through the IPv6 static route. Intercommunication between PE2 and CE3 is implemented through the IS-ISv6. Intercommunication between PE2 and CE4 is implemented through the RIPng.
You can choose one of the preceding ways as required by the actual networking. Figure 4-2 BGP/MPLS IPv6 VPN networking diagram
AS: 65410 vpna CE1
GE1/0/0 2001::1 Loopback1 2.2.2.9/32 POS1/0/0 PE1 192.168.1.2/24 POS3/0/0 192.168.1.1/24 POS2/0/0 PE2 192.168.2.1/24 POS3/0/0 192.168.2.2/24 GE2/0/0 1998::1/64
AS: 100
GE2/0/0 1999::1/64
vpnb
CE4
GE1/0/0 2005::1
P AS: 100
MPLS backbone
GE1/0/0 2003::1
CE2 vpnb
GE2/0/0 1998::1/64
GE2/0/0 1999::1/64
GE1/0/0 2004::1
CE3 vpna
AS: 65420
AS: 100
Issue 03 (2008-09-22)
4-55
Configuration Roadmap
The configuration roadmap is as follows: 1. 2. 3. 4. Configure IGP on IPv4 backbone to implement the IP connectivity of the backbone network. Configure the basic MPLS capability and MPLS LDP on PEs and Ps. Configure MP-IBGP between PE1 and PE2 to exchange the VPN-IPv6 routing information through BGP. Configure IPv6 routing protocol on the PEs and CEs to ensure the PEs and the CEs can exchange the IPv6 routes
Data Preparation
To configure BGP/MPLS IPv6 VPN, you need the following data:
l l
AS number of the PE and the CE RD, Export VPN Target and import VPN Target of the IPv6 VPN instance
Configuration Procedures
1. Configure the IPv6 packet forwarding for each CE and PE. # Enable the IPv6 packet forwarding on CE1.
[CE1] ipv6
The configurations on the CE2 to CE4, and PE1 to PE2 are similar and are not mentioned here. 2. Configure the IP address for each interface. Configure the IPv4/IPv6 address and mask for each interface including the loopback interface as shown in Figure 4-2 (except for the PE interfaces that connect the CEs) # Configure the IPv6 address on the interface of the CE1.
<CE1> system-view [CE1] interface gigabitethernet 1/0/0 [CE1-GigabitEthernet1/0/0] ipv6 enable [CE1-GigabitEthernet1/0/0] ipv6 address 2001::1 64 [CE1-GigabitEthernet1/0/0] quit
The configurations on the other interfaces are similar and are not mentioned here. 3. Configure IGP on MPLS backbone network. # Configure IPv4 IGP on the PE1. IS-IS is adopted in this example.
<PE1> system-view [PE1] isis 1 [PE1-isis-1] network-entity 10.1111.1111.1111.00 [PE1-isis-1] quit [PE1] interface pos 3/0/0 [PE1-Pos3/0/0] isis enable 1 [PE1-Pos3/0/0] quit [PE1] interface loopback 1 [PE1-LoopBack1] isis enable 1 [PE1-LoopBack1] quit
4-56
Issue 03 (2008-09-22)
After the configuration, the PE1, P and PE2 can learn routes including the loopback routes between each other. You can view this by using the display ip routing-table command. Take the PE1 as an example:
[PE1] display ip routing-table Routing Tables: Public Destinations: 9 Destination/Mask Proto Pre 1.1.1.9/32 Direct 0 2.2.2.9/32 ISIS 15 3.3.3.9/32 ISIS 15 127.0.0.0/8 Direct 0 127.0.0.1/32 Direct 0 192.168.1.0/24 Direct 0 192.168.1.1/32 Direct 0 192.168.1.2/32 Direct 0 192.168.2.0/24 ISIS 15 Routes: 9 Cost 0 10 20 0 0 0 0 0 20
Flags D D D D D D D D D
NextHop 127.0.0.1 192.168.1.2 192.168.1.2 127.0.0.1 127.0.0.1 192.168.1.1 127.0.0.1 192.168.1.2 192.168.1.2
Interface InLoopBack0 Pos3/0/0 Pos3/0/0 InLoopBack0 InLoopBack0 Pos3/0/0 InLoopBack0 Pos3/0/0 Pos3/0/0
4.
Create a tunnel between the PE1 and PE2. In this example, LDP LSP is adopted. # Enable MPLS and MPLS LDP on the PE1.
[PE1] mpls lsr-id 1.1.1.9 [PE1] mpls [PE1-mpls] quit [PE1] mpls ldp [PE1-mpls-ldp] quit [PE1] interface pos 3/0/0 [PE1-Pos3/0/0] mpls [PE1-Pos3/0/0] mpls ldp
[P-Pos2/0/0] mpls ldp # Enable MPLS and MPLS LDP on the PE2.
[PE2] mpls lsr-id 3.3.3.9
Issue 03 (2008-09-22)
4-57
After the configuration, the LDP LSP should be set up between the PE1 and the PE2. Run the display mpls ldp lsp command, you can view information about the LDP LSP setup. Take the PE1 as an example:
[PE1] display mpls ldp lsp LDP LSP Information -------------------------------------------------------------------------SN DestAddress/Mask In/OutLabel Next-Hop In/Out-Interface -------------------------------------------------------------------------1 1.1.1.9/32 3/NULL 127.0.0.1 Pos3/0/0/InLoop0 2 2.2.2.9/32 NULL/3 192.168.1.2 -------/Pos3/0/0 3 3.3.3.9/32 NULL/1024 192.168.1.2 -------/Pos3/0/0 -------------------------------------------------------------------------A '*' before an LSP means the LSP is not established A '*' before a Label means the USCB or DSCB is stale
5.
Configure the IPv6 VPN instance on the PE1 and the PE2. # Configure the IPv6 VPN instance named vpna on the PE1.
[PE1] ipv6 vpn6-instance [PE1-vpn6-instance-vpna] [PE1-vpn6-instance-vpna] [PE1-vpn6-instance-vpna] [PE1-vpn6-instance-vpna] vpna route-distinguisher 100:1 vpn-target 22:22 export-extcommunity vpn-target 33:33 import-extcommunity quit
# Bind the PE1 interface that is directly connected with the CE1 with the IPv6 VPN instance vpna.
[PE1] interface gigabitethernet [PE1-GigabitEthernet1/0/0] ipv6 [PE1-GigabitEthernet1/0/0] ipv6 [PE1-GigabitEthernet1/0/0] ipv6 [PE1-GigabitEthernet1/0/0] quit 1/0/0 enable binding vpn6-instance vpna address 2001::2 64
# Bind the PE1 interface that is directly connected with the CE2 with the IPv6 VPN instance vpnb.
[PE1] interface gigabitethernet [PE1-GigabitEthernet2/0/0] ipv6 [PE1-GigabitEthernet2/0/0] ipv6 [PE1-GigabitEthernet2/0/0] ipv6 [PE1-GigabitEthernet2/0/0] quit 2/0/0 enable binding vpn6-instance vpnb address 2003::2 64
# Bind the PE2 interface that is directly connected with the CE3 with the IPv6 VPN instance vpna.
[PE2] interface gigabitethernet 2/0/0 [PE2-GigabitEthernet2/0/0] ipv6 enable [PE2-GigabitEthernet2/0/0] ipv6 binding vpn6-instance vpna
4-58
Issue 03 (2008-09-22)
# Bind the PE2 interface that is directly connected with the CE4 with the IPv6 VPN instance vpnb.
[PE2] interface gigabitethernet [PE2-GigabitEthernet1/0/0] ipv6 [PE2-GigabitEthernet1/0/0] ipv6 [PE2-GigabitEthernet1/0/0] ipv6 [PE2-GigabitEthernet1/0/0] quit 1/0/0 enable binding vpn6-instance vpnb address 2005::2 64
After the configuration, run the display ipv6 vpn6-instance verbose command on each PE to view the configuration about the IPv6 VPN instance. You can find that the PE can successfully ping the CE that the PE accesses. Take the PE1 as an example:
[PE1] display ipv6 vpn6-instance verbose Total VPN6-Instances configured: 2 VPN6-Instance Name and ID: vpna, 1 Create date: 2006/06/17 15:38:28 Up time: 0 days, 00 hours, 07 minutes and 34 seconds Route Distinguisher: 100:1 Export VPN Targets: 22:22 Import VPN Targets: 33:33 Label policy: label per route Interfaces: GigabitEthernet1/0/0 VPN6-Instance Name and ID: vpnb, 2 Create date: 2006/06/17 15:40:18 Up time: 0 days, 00 hours, 05 minutes and 44 seconds Route Distinguisher: 200:1 Export VPN Targets: 44:44 Import VPN Targets: 55:55 Label policy: label per route Interfaces: GigabitEthernet2/0/0 [PE1] ping ipv6 vpn6-instance vpna 2001::1 PING 2001::1: 56 data bytes, press CTRL_C to break Reply from 2001::1 bytes=56 Sequence=1 hop limit=64 time = 47 ms Reply from 2001::1 bytes=56 Sequence=2 hop limit=64 time = 31 ms Reply from 2001::1 bytes=56 Sequence=3 hop limit=64 time = 62 ms Reply from 2001::1 bytes=56 Sequence=4 hop limit=64 time = 62 ms Reply from 2001::1 bytes=56 Sequence=5 hop limit=64 time = 31 ms --- 2001::1 ping statistics --5 packet(s) transmitted 5 packet(s) received 0.00% packet loss round-trip min/avg/max = 31/46/62 ms
6.
Create the IPv6 VPN peer relationship between the PE1 and the PE2. # Configure BGP on the PE1.
[PE1] bgp 100 [PE1-bgp] peer 3.3.3.9 as-number 100 [PE1-bgp] peer 3.3.3.9 connect-interface loopback 1 [PE1-bgp] ipv6-family vpnv6 [PE1-bgp-af-vpnv6] peer 3.3.3.9 enable [PE1-bgp-af-vpnv6] quit
[PE2] bgp 100 [PE2-bgp] peer 1.1.1.9 as-number 100 [PE2-bgp] peer 1.1.1.9 connect-interface loopback 1 [PE2-bgp] ipv6-family vpnv6 [PE2-bgp-af-vpnv6] peer 1.1.1.9 enable [PE2-bgp-af-vpnv6] quit
After the configuration, you can run the display bgp vpnv6 all peer command on each PE to check information about the VPNv6 peer setup. Take the PE1 as an example:
[PE1] display bgp vpnv6 all peer BGP local router ID: 1.1.1.9 Local AS number: 100 Total number of peers: 1 Peer V AS MsgRcvd 3.3.3.9 4 100 3
Peers in established state: 1 MsgSent OutQ Up/Down State PrefRcv 3 0 00:02:19 Established 0
From the preceding display, you can view that the VPNv6 peer relationship between the PE1 and the PE2 is established. 7. Configure BGP4+ on the PE1 and the CE1. # Configure EBGP on the PE1.
[PE1] bgp 100 [PE1-bgp] ipv6-family vpn6-instance vpna [PE1-bgp6-vpna] peer 2001::1 as-number 65410 [PE1-bgp6-vpna] import-route direct [PE1-bgp6-vpna] quit [PE1-bgp] quit
After the configuration, you can run the display bgp vpnv6 vpn6-instance vpnv6-instancename peer command on the PE1 to check information about the peer setup.
[PE1] display bgp vpnv6 vpn6-instance vpna peer BGP local router ID: 1.1.1.9 Local AS number: 100 Total number of peers: 1 Peers in established state: 1 Peer V AS MsgRcvd MsgSent OutQ Up/Down State PrefRcv 2001::1 4 65410 10 9 0 00:06:10 Established 1
Alternatively, you can run the display bgp ipv6 peer on the CE1 to check information about the peer setup.
[CE1] display bgp ipv6 peer BGP local router ID: 10.10.10.10 Local AS number: 65410 Total number of peers: 1 Peer V AS MsgRcvd 2001::2 4 100 2
Peers in established state: 1 MsgSent OutQ Up/Down State PrefRcv 3 0 00:00:32 Established 0
From the preceding display, you can view that the EBGP connection is set up between the PE1 and the CE1. 8. Configure the static route between the PE1 and the CE2. # Configure the Ipv6 static route for the VPNv6 instance named vpnb on the PE1.
[PE1] ipv6 route-static vpn6-instance vpnb 1998:: 64 2003::1
# Import the static route and the direct route into BGP on the PE1.
[PE1] bgp 100
4-60
Issue 03 (2008-09-22)
9.
Configure IS-ISv6 between the PE2 and the CE3. # Configure IS-ISv6 on the PE2.
[PE2] isis 10 vpn6-instance vpna [PE2-isis-10] network-entity 30.4444.4444.4444.4444.00 [PE2-isis-10] ipv6 enable [PE2-isis-10] ipv6 import-route bgp [PE2-isis-10] quit [PE2] interface gigabitethernet 2/0/0 [PE2-GigabitEthernet2/0/0] isis ipv6 enable 10
10. Configure RIPng between the PE2 and the CE4. # Configure RIPng on the PE2.
[PE2] ripng 100 vpn6-instance vpnb [PE2-ripng-100] import-route bgp [PE2-ripng-100] quit [PE2] interface gigabitethernet 1/0/0 [PE2-GigabitEthernet1/0/0] ripng 100 enable [PE2-GigabitEthernet1/0/0] quit
11. Verify the configuration. After the configuration is complete, the CEs that are allowed to communicate can learn routes from each other. Run the display ipv6 routing-table vpn6-instance command on each PE to check the routes of the VPNv6 instances. You can also use the ping or the tracert command to testify the network connectivity.
Issue 03 (2008-09-22) Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd. 4-61
Alternatively, you can run the display ipv6 routing-table command on each CE to view the routing table. You can also use the ping or the tracert command to testify the network connectivity. Take the PE1 and the CE1 as examples:
[PE1] ping ipv6 vpn6-instance vpna 1999::1 PING 1999::1: 56 data bytes, press CTRL_C Reply from 1999::1 bytes=56 Sequence=1 hop limit=63 time = Reply from 1999::1 bytes=56 Sequence=2 hop limit=63 time = Reply from 1999::1 bytes=56 Sequence=3 hop limit=63 time = Reply from 1999::1 bytes=56 Sequence=4 hop limit=63 time = Reply from 1999::1 bytes=56 Sequence=5 hop limit=63 time = --- 1999::1 ping statistics --5 packet(s) transmitted 5 packet(s) received 0.00% packet loss round-trip min/avg/max = 94/94/94 ms [CE1] tracert ipv6 1999::1 traceroute to 1999::1 30 hops max,60 bytes 1 2001::2 62 ms 31 ms 32 ms 2 2004::2 101 ms 94 ms 98 ms 3 1999::1 156 ms 157 ms 171 ms to break 94 ms 94 ms 94 ms 94 ms 94 ms
packet
1999::1/64 also exists on the CE4. Run the display ipv6 statistics command on the CE3 and the CE4 to check the change of the number of received and sent ICMPv6 packets. From the display, you can see the packets are sent to the correct interfaces. The VPN sites that are not allowed to communicate are isolated from each other.
Configuration Files
l
4-62
Issue 03 (2008-09-22)
ipv6 enable ipv6 binding vpn6-instance vpnb ipv6 address 2003::2/64 # interface Pos3/0/0 link-protocol ppp undo shutdown ip address 192.168.1.1 255.255.255.0 isis enable 1 mpls mpls ldp # interface LoopBack1 ip address 1.1.1.9 255.255.255.255 isis enable 1 # bgp 100 peer 3.3.3.9 as-number 100 peer 3.3.3.9 connect-interface LoopBack1 # ipv4-family unicast undo synchronization peer 3.3.3.9 enable # ipv6-family vpnv6 policy vpn-target peer 3.3.3.9 enable # ipv6-family vpn6-instance vpna import-route direct peer 2001::1 as-number 65410 # ipv6-family vpn6-instance vpnb import-route direct import-route static # ipv6 route-static vpn6-instance vpnb 1998:: 64 2003::1 # return l
Configuration file of P
# sysname P # mpls lsr-id 2.2.2.9 mpls # mpls ldp # isis 1 network-entity 20.2222.2222.2222.00 # interface Pos1/0/0 link-protocol ppp undo shutdown ip address 192.168.1.2 255.255.255.0 isis enable 1 mpls mpls ldp # interface Pos2/0/0 link-protocol ppp undo shutdown ip address 192.168.2.1 255.255.255.0 isis enable 1 mpls mpls ldp # interface LoopBack1 ip address 2.2.2.9 255.255.255.255
Issue 03 (2008-09-22)
4-63
4-64
Issue 03 (2008-09-22)
Issue 03 (2008-09-22)
4-65
4.11.2 Example for Configuring Hub and Spoke (BGP4+ Between the PE and the CE)
Networking Requirements
As shown in Figure 4-3, the communication between the Spoke-CEs is controlled by the HubCE in the central site. That is, the traffic between the Spoke-CEs is forwarded by not only the Hub-PEs but also the Hub-CE. It is required that between the Hub-PE and the Hub-CE, and between the Spoke-PE and the Spoke-CE, routing information is exchanged by using BGP4+.
4-66
Issue 03 (2008-09-22)
Hub-PE
POS1/0/0 10.1.1.2/24 Loopback1 1.1.1.9/32 POS2/0/0 10.1.1.1/24 GE1/0/0 2001::2/64 POS2/0/0 11.1.1.2/24 Loopback1 2.2.2.9/32 Loopback1 3.3.3.9/32 POS2/0/0 11.1.1.1/24
Spoke-PE2 GE1/0/0
2002::2/64
GE1/0/0 2001::1/64
GE1/0/0 2002::1/64
Configuration Roadmap
The configuration roadmap is as follows: 1. 2. Set up the IBGP peer relationship between the Hub-PE and Spoke-PE. (Do not set up the tunnel and the IBGP peer relationship between the Spoke-PEs.) Create two IPv6 VPN instances, namely, vpn_in and vpn_out on the Hub-PE. Set the VPNTarget community attribute received by vpn_in as those advertised by two Spoke-PEs. Set the VPN target community attribute advertised by vpn_out to be the VPN target community attribute received by the two Spoke-PEs and to be different from the attributes received by vpn_out. Create an IPv6 VPN instance on the Spoke-PE. Set the imported VPN target community attribute to be the one that advertised by vpn_out. Set the advertised VPN target community attribute to be the one received by vpn_in. Configure BGP4+ between the CE and the PE. Configure Hub-PE to receive the route with the AS repeated for one time.
3.
4. 5.
Data Preparation
To configure the hub and spoke, you need the following data:
l
Issue 03 (2008-09-22)
The IPv6 VPN instance names of the Hub-PE and Spoke-PE, RD and the VPN-Target
Configuration Procedures
1. Configure IGP to implement the inter-networking between the Hub-PE and the Spoke-PE in the backbone network. The OSPF is used in this example, and the specific configuration procedures are not mentioned. After the configuration, the OSPF neighbor relationship is established between the PEs. After running the display ospf peer command, you can see that the status of the neighbor is Full. After running the display ip routing-table command on the PE, you can see the imported loopback routes of the peer. 2. Configure the basic MPLS capabilities and MPLS LDP on the backbone networks and establish LDP LSP. The specific configuration procedures are not mentioned here. After the configuration, LDP neighbor relationship is established between the Hub-PE and the Spoke-PE. After running the display mpls ldp session command on each device, you can see that the field of Session State is "Operational". 3. Configure IPv6 VPN instances on each PE and connect the CE to the PE.
NOTE
The VPN targets of the two IPv6 VPN instances on the Hub-PE are the VPN targets advertised by the two Spoke-PEs. In addition, the exported VPN targets are different from the imported VPN targets.
Configure the IPv6 VPN instance for the Spoke-PE and import the VPN target that is the VPN target advertised by the Hub-PE. # Configure Spoke-PE1.
<Spoke-PE1> system-view [Spoke-PE1] ipv6 vpn6-instance vpna [Spoke-PE1-vpn6-instance-vpna] route-distinguisher 100:1 [Spoke-PE1-vpn6-instance-vpna] vpn-target 100:1 export-extcommunity [Spoke-PE1-vpn6-instance-vpna] vpn-target 200:1 import-extcommunity [Spoke-PE1-vpn6-instance-vpna] quit [Spoke-PE1] interface gigabitethernet 1/0/0 [Spoke-PE1-GigabitEthernet1/0/0] ipv6 enable [Spoke-PE1-GigabitEthernet1/0/0] ipv6 binding vpn6-instance vpna [Spoke-PE1-GigabitEthernet1/0/0] ipv6 address 2001::2 64 [Spoke-PE1-GigabitEthernet1/0/0] quit
# Configure Spoke-PE2.
<Spoke-PE2> system-view [Spoke-PE2] ipv6 vpn6-instance vpna [Spoke-PE2-vpn6-instance-vpna] route-distinguisher 100:3 [Spoke-PE2-vpn6-instance-vpna] vpn-target 100:1 export-extcommunity [Spoke-PE2-vpn6-instance-vpna] vpn-target 200:1 import-extcommunity [Spoke-PE2-vpn6-instance-vpna] quit [Spoke-PE2] interface gigabitethernet 1/0/0 [Spoke-PE2-GigabitEthernet1/0/0] ipv6 enable [Spoke-PE2-GigabitEthernet1/0/0] ipv6 binding vpn6-instance vpna [Spoke-PE2-GigabitEthernet1/0/0] ipv6 address 2002::2 64 [Spoke-PE2-GigabitEthernet1/0/0] quit
# Configure Hub-PE.
<Hub-PE> system-view
4-68
Issue 03 (2008-09-22)
[Hub-PE] ipv6 vpn6-instance vpn_in [Hub-PE-vpn6-instance-vpn_in] route-distinguisher 100:21 [Hub-PE-vpn6-instance-vpn_in] vpn-target 100:1 import-extcommunity [Hub-PE-vpn6-instance-vpn_in] quit [Hub-PE] ipv6 vpn6-instance vpn_out [Hub-PE-vpn6-instance-vpn_out] route-distinguisher 100:22 [Hub-PE-vpn6-instance-vpn_out] vpn-target 200:1 export-extcommunity [Hub-PE-vpn6-instance-vpn_out] quit [Hub-PE] interface gigabitethernet 3/0/0 [Hub-PE-GigabitEthernet3/0/0] ipv6 enable [Hub-PE-GigabitEthernet3/0/0] ipv6 binding vpn6-instance vpn_in [Hub-PE-GigabitEthernet3/0/0] ipv6 address 2003::2 64 [Hub-PE-GigabitEthernet3/0/0] quit [Hub-PE] interface gigabitethernet 4/0/0 [Hub-PE-GigabitEthernet4/0/0] ipv6 enable [Hub-PE-GigabitEthernet4/0/0] ipv6 binding vpn6-instance vpn_out [Hub-PE-GigabitEthernet4/0/0] ipv6 address 2004::2 64 [Hub-PE-GigabitEthernet4/0/0] quit
# Configure IPv6 addresses of the CE interfaces as shown in Figure 4-3. The configuration procedures are not mentioned here. After the configuration, run the display ipv6 vpn6-instance verbose command on the PE devices, and you can see the configurations of IPv6 VPN instances. Take the Hub-PE as an example:
[Hub-PE] display ipv6 vpn6-instance verbose Total VPN6-Instances configured: 2 VPN6-Instance Name and ID: vpn_in, 1 Create date: 2006/10/12 13:13:32 Up time: 0 days, 00 hours, 09 minutes and 40 seconds Route Distinguisher: 100:21 Import VPN Targets: 100:1 Label policy: label per route Interfaces: GigabitEthernet3/0/0 VPN6-Instance Name and ID: vpn_out, 2 Create date: 2006/10/12 13:13:38 Up time: 0 days, 00 hours, 09 minutes and 34 seconds Route Distinguisher: 100:22 Export VPN Targets: 200:1 Label policy: label per route Interfaces: GigabitEthernet4/0/0
4.
Establish EBGP peers between the PE and the CE and import the VPN routes. # Configure Spoke-CE1.
<Spoke-CE1> system-view [Spoke-CE1] bgp 65410 [Spoke-CE1-bgp] router-id 10.10.10.10 [Spoke-CE1-bgp] peer 2001::2 as-number 100 [Spoke-CE1-bgp] ipv6-family unicast [Spoke-CE1-bgp-af-ipv6] peer 2001::2 enable [Spoke-CE1-bgp-af-ipv6] import-route direct [Spoke-CE1-bgp-af-ipv6] quit [Spoke-CE1-bgp] quit
# Configure Spoke-PE 1.
[Spoke-PE1] bgp 100 [Spoke-PE1-bgp] ipv6-family vpn6-instance vpna [Spoke-PE1-bgp6-vpna] peer 2001::1 as-number 65410 [Spoke-PE1-bgp6-vpna] import-route direct [Spoke-PE1-bgp6-vpna] quit [Spoke-PE1-bgp] quit
# Configure Spoke-CE 2.
<Spoke-CE2> system-view [Spoke-CE2] bgp 65420 [Spoke-CE2-bgp] router-id 20.20.20.20 [Spoke-CE2-bgp] peer 2002::2 as-number 100
Issue 03 (2008-09-22)
4-69
# Configure Spoke-PE 2.
[Spoke-PE2] bgp 100 [Spoke-PE2-bgp] ipv6-family vpn6-instance vpna [Spoke-PE2-bgp6-vpna] peer 2001::1 as-number 65420 [Spoke-PE2-bgp6-vpna] import-route direct [Spoke-PE2-bgp6-vpna] quit [Spoke-PE2-bgp] quit
# Configure Hub-CE.
<Hub-CE1> system-view [Hub-CE] bgp 65430 [Hub-CE-bgp] router-id 30.30.30.30 [Hub-CE-bgp] peer 2003::2 as-number 100 [Hub-CE-bgp] peer 2004::2 as-number 100 [Hub-CE-bgp] ipv6-family unicast [Hub-CE-bgp-af-ipv6] peer 2003::2 enable [Hub-CE-bgp-af-ipv6] peer 2004::2 enable [Hub-CE-bgp-af-ipv6] import-route direct [Hub-CE-bgp-af-ipv6] quit [Hub-CE-bgp] quit
# Configure Hub-PE.
[Hub-PE] bgp 100 [Hub-PE-bgp] ipv6-family vpn6-instance vpn_in [Hub-PE-bgp6-vpn_in] peer 2003::1 as-number 65430 [Hub-PE-bgp6-vpn_in] import-route direct [Hub-PE-bgp6-vpn_in] quit [Hub-PE-bgp] ipv6-family vpn6-instance vpn_out [Hub-PE-bgp6-vpn_out] peer 2004::1 as-number 65430 [Hub-PE-bgp6-vpn_out] peer 2004::1 allow-as-loop 1 [Hub-PE-bgp6-vpn_out] import-route direct [Hub-PE-bgp6-vpn_out] quit [Hub-PE-bgp] quit
After the configuration, run the display bgp vpnv6 all peer command on each PE devices and you can see that the BGP peer relationship is established between the PE and the CE. Each PE can ping through its attached CEs using the ping ipv6 vpn6-instance command. Take the Hub-PE as an example:
[Hub-PE] ping ipv6 vpn6-instance vpn_in -a 2003::2 2003::1 PING 2003::1 : 56 data bytes, press CTRL_C to break Reply from 2003::1 bytes=56 Sequence=1 hop limit=64 time = 31 ms Reply from 2003::1 bytes=56 Sequence=2 hop limit=64 time = 31 ms Reply from 2003::1 bytes=56 Sequence=3 hop limit=64 time = 31 ms Reply from 2003::1 bytes=56 Sequence=4 hop limit=64 time = 31 ms Reply from 2003::1 bytes=56 Sequence=5 hop limit=64 time = 31 ms --- 2003::1 ping statistics --5 packet(s) transmitted 5 packet(s) received 0.00% packet loss round-trip min/avg/max = 31/31/31 ms [Hub-PE] ping ipv6 vpn6-instance vpn_out -a 2004::2 2004::1 PING 2004::1 : 56 data bytes, press CTRL_C to break Reply from 2004::1 bytes=56 Sequence=1 hop limit=64 time = 31 ms Reply from 2004::1 bytes=56 Sequence=2 hop limit=64 time = 31 ms Reply from 2004::1
4-70
Issue 03 (2008-09-22)
ms
When using the ping ipv6 vpn6-instance command to ping the CE that accesses the peer PE, specify the source IPv6 address, that is, specify the parameter -a source-ipv6-address in the ping ipv6 -a source-ipv6-address dest-ipv6-address vpn6-instance vpn6-instance-name command if multiple interfaces bound with the same VPN exist on the PE. Otherwise, the ping may fail.
5.
You need not allow the AS number to be repeated once on the Spoke-PE because a router does not check the AS-PATH attribute when the router receives the routes advertised by the IBGP peer.
# Configure Spoke-PE 1.
[Spoke-PE1] bgp 100 [Spoke-PE1-bgp] peer 2.2.2.9 as-number 100 [Spoke-PE1-bgp] peer 2.2.2.9 connect-interface loopback 1 [Spoke-PE1-bgp] ipv6-family vpnv6 [Spoke-PE1-bgp-af-vpnv6] peer 2.2.2.9 enable [Spoke-PE1-bgp-af-vpnv6] quit
# Configure Spoke-PE 2.
[Spoke-PE2] bgp 100 [Spoke-PE2-bgp] peer 2.2.2.9 as-number 100 [Spoke-PE2-bgp] peer 2.2.2.9 connect-interface loopback 1 [Spoke-PE2-bgp] ipv6-family vpnv6 [Spoke-PE2-bgp-af-vpnv6] peer 2.2.2.9 enable [Spoke-PE2-bgp-af-vpnv6] quit
# Configure Hub-PE.
[Hub-PE] bgp 100 [Hub-PE-bgp] peer 1.1.1.9 as-number 100 [Hub-PE-bgp] peer 1.1.1.9 connect-interface loopback 1 [Hub-PE-bgp] peer 3.3.3.9 as-number 100 [Hub-PE-bgp] peer 3.3.3.9 connect-interface loopback 1 [Hub-PE-bgp] ipv6-family vpnv6 [Hub-PE-bgp-af-vpnv6] peer 1.1.1.9 enable [Hub-PE-bgp-af-vpnv6] peer 3.3.3.9 enable [Hub-PE-bgp-af-vpnv6] quit
After the configuration, run the display bgp peer or display bgp vpnv6 all peer command on each PE device. You can see the BGP peer relationship is established between the PEs. 6. Verify the configuration. After the configuration, the Spoke-CEs can ping through each other. Run the tracert command, and you can see that the traffic between Spoke-CEs is forwarded through HubCE. You can also deduce the number of forwarding devices between Spoke-CEs based on the TTL in the Ping result. Take Spoke-CE 1 as an example:
[Spoke-CE1] ping ipv6 2002::1 PING 2002::1 : 56 data bytes, press CTRL_C to break Reply from 2002::1 bytes=56 Sequence=1 hop limit=59 time = 187 ms Reply from 2002::1 bytes=56 Sequence=2 hop limit=59 time = 187 ms Reply from 2002::1
Issue 03 (2008-09-22)
4-71
bytes=56 Sequence=3 hop limit=59 time = Reply from 2002::1 bytes=56 Sequence=4 hop limit=59 time = Reply from 2002::1 bytes=56 Sequence=5 hop limit=59 time = --- 2002::1 ping statistics --5 packet(s) transmitted 5 packet(s) received 0.00% packet loss round-trip min/avg/max = 187/187/187 ms [Spoke-CE1] tracert ipv6 2002::1 traceroute to 2002::1 30 hops max,60 bytes 1 2001::2 31 ms 31 ms 32 ms 2 2004::2 93 ms 94 ms 110 ms 3 2004::1 93 ms 94 ms 94 ms 4 2003::2 94 ms 93 ms 94 ms 5 2002::2 156 ms 157 ms 156 ms 6 2002::1 187 ms 188 ms 187 ms
packet
Run the display bgp ipv6 routing-table command on Spoke-CE, and you can see that there are repetitive AS numbers in AS paths of the BGP routes toward the remote SpokeCE. Take Spoke-CE 1 as an example:
[Spoke-CE1] display bgp ipv6 routing-table Total Number of Routes: 8 BGP Local router ID is 10.10.10.10 Status codes: * - valid, > - best, d - damped, h - history, i - internal, s - suppressed, S - Stale Origin : i - IGP, e - EGP, ? - incomplete *> Network : ::1 PrefixLen : NextHop : :: LocPrf : MED : 0 PrefVal : Label : Path/Ogn : ? *> Network : 2001:: PrefixLen : NextHop : :: LocPrf : MED : 0 PrefVal : Label : Path/Ogn : ? * NextHop : 2001::2 LocPrf : MED : 0 PrefVal : Label : Path/Ogn : 100 ? *> Network : 2001::1 PrefixLen : NextHop : :: LocPrf : MED : 0 PrefVal : Label : Path/Ogn : ? *> Network : 2002:: PrefixLen : NextHop : 2001::2 LocPrf : MED : PrefVal : Label : Path/Ogn : 100 65430 100 ? *> Network : 2003:: PrefixLen : NextHop : 2001::2 LocPrf : MED : PrefVal : Label : Path/Ogn : 100 65430 ? *> Network : 2004:: PrefixLen : NextHop : 2001::2 LocPrf : MED : PrefVal : Label : Path/Ogn : 100 ? *> Network : FE80:: PrefixLen : NextHop : :: LocPrf : MED : 0 PrefVal : Label :
128 0 64 0
0 128 0 64 0 64 0 64 0 10 0
4-72
Issue 03 (2008-09-22)
Configuration Files
l
Issue 03 (2008-09-22)
4-73
4-74
Issue 03 (2008-09-22)
4-75
4.11.3 Example for Configuring Hub and Spoke (Default Route Between the Hub-PE and the Hub-CE)
4-76
Issue 03 (2008-09-22)
Networking Requirements
As shown in Figure 4-4, the communication between the Spoke-CEs is controlled by the HubCE in the central site. That is, the traffic between the Spoke-CEs is forwarded by not only the Hub-PEs but also the Hub-CE. It is required that the default route is used between the Hub-PE and the Hub-CE. Figure 4-4 Hub&Spoke networking diagram
AS: 65430 Hub-CE
GE1/0/0 2003::1/64 GE3/0/0 2003::2/64
Hub-PE
POS1/0/0 10.1.1.2/24 Loopback1 1.1.1.9/32 POS2/0/0 10.1.1.1/24 GE1/0/0 2001::2/64 POS2/0/0 11.1.1.2/24 Loopback1 2.2.2.9/32 Loopback1 3.3.3.9/32 POS2/0/0 11.1.1.1/24
Spoke-PE2 GE1/0/0
2002::2/64
GE1/0/0 2001::1/64
GE1/0/0 2002::1/64
Configuration Roadmap
The configuration roadmap is as follows: 1. 2. Set up the IBGP peer relationship between the Hub-PE and Spoke-PE. (Do not set up the IBGP peer relationship between the Spoke-PEs.) Create two IPv6 VPN instances, namely, vpn_in and vpn_out on the Hub-PE. Set the VPNTarget community attribute received by vpn_in as those advertised by two Spoke-PEs. Set the VPN target community attribute advertised by vpn_out to be the VPN target community attribute received by the two Spoke-PEs and to be different from the attributes received by vpn_out. Create an IPv6 VPN instance on the Spoke-PE. The VPN-target attribute received by the instance is that advertised by vpn_out; the VPN-target attribute advertised by the instance is that received by vpn_in. Configure the default route as follows:
Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd. 4-77
3.
4.
Issue 03 (2008-09-22)
Configure the IPv6 default route on the Hub-PE with the next hop address is the IPv6 address of the Hub-PE interface bound with vpn_in. Configure the default route on the Hub-PE with the next hop being Hub-CE. Run the network :: 0 command on the Hub-PE in the BGP VPN6 instance address family view of the vpn_out to advertise the default route to all the Spokes.
l l
5.
Data Preparation
To configure the hub and spoke, you need the following data:
l l
MPLS LSR-ID of the PE The IPv6 VPN instance name of the Hub-PE and Spoke-PE, RD and the VPN-Target
Configuration Procedures
1. Configure IGP to implement the inter-networking between the Hub-PE and the Spoke-PE in the backbone network. The OSPF is used in this example, and the specific configuration procedures are not mentioned. After the configuration, the OSPF neighbor relationship is established between the PEs. After running the display ospf peer command, you can see that the status of the neighbor is Full. After running the display ip routing-table command on the PE, you can see the imported loopback routes of the peer. 2. Configure the basic MPLS capabilities and MPLS LDP on the backbone networks to establish LDP LSP. The specific configuration procedures are not mentioned here. After the configuration, LDP neighbor relationship is established between the Hub-PE and the Spoke-PE. After running the display mpls ldp session command on each device, you can see that the status of the session is "Operational". 3. Configure IPv6 VPN instances on each PE and connect the CE to the PE. Configure the IPv6 VPN instance for the Spoke-PE and import the VPN target that is the VPN target advertised by the Hub-PE. # Configure Spoke-PE1.
[Spoke-PE1] ipv6 vpn6-instance vpna [Spoke-PE1-vpn6-instance-vpna] route-distinguisher 100:1 [Spoke-PE1-vpn6-instance-vpna] vpn-target 100:1 export-extcommunity [Spoke-PE1-vpn6-instance-vpna] vpn-target 200:1 import-extcommunity [Spoke-PE1-vpn6-instance-vpna] quit [Spoke-PE1] interface gigabitethernet 1/0/0 [Spoke-PE1-GigabitEthernet1/0/0] ipv6 binding vpn6-instance vpna [Spoke-PE1-GigabitEthernet1/0/0] ipv6 address 2001::2 64 [Spoke-PE1-GigabitEthernet1/0/0] quit
# Configure Spoke-PE2.
[Spoke-PE2] ipv6 vpn6-instance [Spoke-PE2-vpn6-instance-vpna] [Spoke-PE2-vpn6-instance-vpna] [Spoke-PE2-vpn6-instance-vpna] [Spoke-PE2-vpn6-instance-vpna] vpna route-distinguisher 100:3 vpn-target 100:1 export-extcommunity vpn-target 200:1 import-extcommunity quit
4-78
Issue 03 (2008-09-22)
[Spoke-PE2] interface gigabitethernet 1/0/0 [Spoke-PE2-GigabitEthernet1/0/0] ipv6 binding vpn6-instance vpna [Spoke-PE2-GigabitEthernet1/0/0] ipv6 address 2002::2 64 [Spoke-PE2-GigabitEthernet1/0/0] quit
# Configure Hub-PE.
[Hub-PE] ipv6 vpn6-instance vpn_in [Hub-PE-vpn6-instance-vpn_in] route-distinguisher 100:21 [Hub-PE-vpn6-instance-vpn_in] vpn-target 100:1 import-extcommunity [Hub-PE-vpn6-instance-vpn_in] quit [Hub-PE] ipv6 vpn6-instance vpn_out [Hub-PE-vpn6-instance-vpn_out] route-distinguisher 100:22 [Hub-PE-vpn6-instance-vpn_out] vpn-target 200:1 export-extcommunity [Hub-PE-vpn6-instance-vpn_out] quit [Hub-PE] interface gigabitethernet 3/0/0 [Hub-PE-GigabitEthernet3/0/0] ipv6 binding vpn6-instance vpn_in [Hub-PE-GigabitEthernet3/0/0] ipv6 address 2003::2 64 [Hub-PE-GigabitEthernet3/0/0] quit [Hub-PE] interface gigabitethernet 4/0/0 [Hub-PE-GigabitEthernet4/0/0] ipv6 binding vpn6-instance vpn_out [Hub-PE-GigabitEthernet4/0/0] ipv6 address 2004::2 64 [Hub-PE-GigabitEthernet4/0/0] quit
# Configure IPv6 addresses of the CE interfaces as shown in Figure 4-4. The configuration procedures are not mentioned here. After the configuration, run the display ipv6 vpn6-instance verbose command on the PE devices, and you can see the configurations of IPv6 VPN instances. Take Hub-PE as an example:
[Hub-PE] display ipv6 vpn6-instance verbose Total VPN6-Instances configured : 2 VPN6-Instance Name and ID : vpn_in, 1 Create date : 2006/10/12 13:13:32 Up time : 0 days, 00 hours, 09 minutes and 40 seconds Route Distinguisher : 100:21 Import VPN Targets : 100:1 Label policy : label per route Interfaces : GigabitEthernet3/0/0 VPN6-Instance Name and ID : vpn_out, 2 Create date : 2006/10/12 13:13:38 Up time : 0 days, 00 hours, 09 minutes and 34 seconds Route Distinguisher : 100:22 Export VPN Targets : 200:1 Label policy : label per route Interfaces : GigabitEthernet4/0/0
4.
Establish EBGP peers between the Spoke-PE and the Spoke-CE and import the VPN routes. # Configure Spoke-CE1.
<Spoke-CE1> system-view [Spoke-CE1] bgp 65410 [Spoke-CE1-bgp] router-id 10.10.10.10 [Spoke-CE1-bgp] peer 2001::2 as-number 100 [Spoke-CE1-bgp] ipv6-family unicast [Spoke-CE1-bgp-af-ipv6] peer 2001::2 enable [Spoke-CE1-bgp-af-ipv6] import-route direct [Spoke-CE1-bgp-af-ipv6] quit [Spoke-CE1-bgp] quit
# Configure Spoke-PE1.
[Spoke-PE1] bgp 100 [Spoke-PE1-bgp] ipv6-family vpn6-instance vpna [Spoke-PE1-bgp6-vpna] peer 2001::1 as-number 65410 [Spoke-PE1-bgp6-vpna] import-route direct [Spoke-PE1-bgp6-vpna] quit [Spoke-PE1-bgp] quit
# Configure Spoke-CE2.
Issue 03 (2008-09-22) Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd. 4-79
# Configure Spoke-PE2.
[Spoke-PE2] bgp 100 [Spoke-PE2-bgp] ipv6-family vpn6-instance vpna [Spoke-PE2-bgp6-vpna] peer 2001::1 as-number 65420 [Spoke-PE2-bgp6-vpna] import-route direct [Spoke-PE2-bgp6-vpna] quit [Spoke-PE2-bgp] quit
After the configuration, run the display bgp vpnv6 all peer command on the PE devices, and you can see the BGP peer relationship is set up between the PEs and the CEs. The peer status is Established. The PEs can successfully ping the CEs that the PEs access by using the ping ipv6 vpn6-instance command.
NOTE
When using the ping ipv6 vpn6-instance command to ping the CE that accesses the peer PE, specify the source IPv6 address, that is, specify the parameter -a source-ipv6-address in the ping ipv6 -a source-ipv6-address dest-ipv6-address vpn6-instance vpn6-instance-name command if multiple interfaces bound with the same VPN exist on the PE. Otherwise, the ping may fail.
5.
Configure the default route on the Hub-PE and the Hub-CE. # Configure Hub-CE.
[Spoke-CE1] ipv6 route-static :: 0 2003::2
# Configure Hub-PE. # Configure the default route for vpn_out with the next hop being the Hub-CE.
[Hub-PE] ipv6 route-static vpn6-instance vpn_out :: 0 2004::1
6.
You need not allow the AS number to be repeated once on the Spoke-PE because a router does not check the AS-PATH attribute when the router receives the routes advertised by the IBGP peer.
# Configure Spoke-PE1.
[Spoke-PE1] bgp 100 [Spoke-PE1-bgp] peer 2.2.2.9 as-number 100 [Spoke-PE1-bgp] peer 2.2.2.9 connect-interface loopback 1 [Spoke-PE1-bgp] ipv6-family vpnv6 [Spoke-PE1-bgp-af-vpnv6] peer 2.2.2.9 enable [Spoke-PE1-bgp-af-vpnv6] quit
# Configure Spoke-PE2.
[Spoke-PE2] bgp [Spoke-PE2-bgp] [Spoke-PE2-bgp] [Spoke-PE2-bgp] 100 peer 2.2.2.9 as-number 100 peer 2.2.2.9 connect-interface loopback 1 ipv6-family vpnv6
4-80
Issue 03 (2008-09-22)
# Configure Hub-PE.
[Hub-PE] bgp 100 [Hub-PE-bgp] peer 1.1.1.9 as-number 100 [Hub-PE-bgp] peer 1.1.1.9 connect-interface loopback 1 [Hub-PE-bgp] peer 3.3.3.9 as-number 100 [Hub-PE-bgp] peer 3.3.3.9 connect-interface loopback 1 [Hub-PE-bgp] ipv6-family vpnv6 [Hub-PE-bgp-af-vpnv6] peer 1.1.1.9 enable [Hub-PE-bgp-af-vpnv6] peer 3.3.3.9 enable [Hub-PE-bgp-af-vpnv6] quit
After the configuration, run the display bgp vpnv6 all peer command on each PE device. You can see the BGP peer relationship is set up between the PEs. 7. Verify the configuration. After the configuration, check the BGP VPN-IPv6 routes on the Spoke-PE, you can find the vpn_out default route on the Hub-PE has been advertised to each Spoke-PE. Take Spoke-PE1 as an example:
[Spoke-PE1] display bgp vpnv6 all routing-table BGP Local router ID is 1.1.1.1 Status codes: * - valid, > - best, d - damped, h - history, i - internal, s - suppressed, S - Stale Origin : i - IGP, e - EGP, ? - incomplete Total number of routes from all PE: 2 Route Distinguisher: 100:22 *>i Network : :: PrefixLen : NextHop : ::FFFF:3.3.3.3 LocPrf : MED : 0 PrefVal : Label : 15365 Path/Ogn : i *>i Network : 2004:: PrefixLen : NextHop : ::FFFF:3.3.3.3 LocPrf : MED : 0 PrefVal : Label : 15364 Path/Ogn : ? Total routes of vpn6-instance vpna: 6 *>i Network : :: PrefixLen : NextHop : ::FFFF:3.3.3.3 LocPrf : MED : 0 PrefVal : Label : 15365 Path/Ogn : i *> Network : 2001:: PrefixLen : NextHop : :: LocPrf : MED : 0 PrefVal : Label : NULL Path/Ogn : ? * NextHop : 2001::1 LocPrf : MED : 0 PrefVal : Label : NULL Path/Ogn : 65410 ? *> Network : 2001::2 PrefixLen : NextHop : :: LocPrf : MED : 0 PrefVal : Label : NULL Path/Ogn : ? *>i Network : 2004:: PrefixLen : NextHop : ::FFFF:3.3.3.3 LocPrf : MED : 0 PrefVal : Label : 15364 Path/Ogn : ? *> Network : FE80:: PrefixLen : NextHop : :: LocPrf : MED : 0 PrefVal : Label : NULL
0 100 0 64 100 0
0 100 0 64 0
0 128 0 64 100 0 10 0
Issue 03 (2008-09-22)
4-81
The Spoke-CEs can ping through each other. Run the tracert command, and you can see that the traffic between Spoke-CEs is forwarded through Hub-CE. You can also deduce the number of forwarding devices between Spoke-CEs based on the TTL in the Ping result. Take Spoke-CE1 as an example:
[Spoke-CE1] ping ipv6 2002::1 PING 2002::1 : 56 data bytes, press CTRL_C to break Reply from 2002::1 bytes=56 Sequence=1 hop limit=59 time = 187 ms Reply from 2002::1 bytes=56 Sequence=2 hop limit=59 time = 187 ms Reply from 2002::1 bytes=56 Sequence=3 hop limit=59 time = 187 ms Reply from 2002::1 bytes=56 Sequence=4 hop limit=59 time = 187 ms Reply from 2002::1 bytes=56 Sequence=5 hop limit=59 time = 187 ms --- 2002::1 ping statistics --5 packet(s) transmitted 5 packet(s) received 0.00% packet loss round-trip min/avg/max = 187/187/187 ms [Spoke-CE1] tracert ipv6 2002::1 traceroute to 2002::1 30 hops max,60 bytes packet 1 2001::2 16 ms 31 ms 16 ms 2 2004::2 78 ms 62 ms 63 ms 3 2004::1 62 ms 63 ms 62 ms 4 2003::2 63 ms 62 ms 63 ms 5 2002::2 109 ms 94 ms 109 ms 6 2002::1 125 ms 141 ms 125 ms
Run the display bgp ipv6 routing-table command on the Spoke-CE, and you can see that the default route advertised by peer Spoke-PE through BGP. Running the display ipv6 routing-table command, you can find the default route with the next hop being the peer Spoke-PE. Take Spoke-CE1 as an example:
[Spoke-CE1] display bgp ipv6 routing-table Total Number of Routes: 6 BGP Local router ID is 10.10.10.10 Status codes: * - valid, > - best, d - damped, h - history, i - internal, s - suppressed, S - Stale Origin : i - IGP, e - EGP, ? - incomplete *> Network : :: PrefixLen : 0 NextHop : 2001::2 LocPrf : MED : PrefVal : 0 Label : Path/Ogn : 100 ? *> Network : ::1 PrefixLen : 128 NextHop : :: LocPrf : MED : 0 PrefVal : 0 Label : Path/Ogn : ? *> Network : 2001:: PrefixLen : 64 NextHop : :: LocPrf : MED : 0 PrefVal : 0 Label : Path/Ogn : ? * NextHop : 2001::2 LocPrf : MED : 0 PrefVal : 0 Label : Path/Ogn : 100 ? *> Network : 2001::1 PrefixLen : 128 NextHop : :: LocPrf : MED : 0 PrefVal : 0 Label :
4-82
Issue 03 (2008-09-22)
PrefixLength Preference Protocol Cost Label PrefixLength Preference Protocol Cost Label PrefixLength Preference Protocol Cost Label PrefixLength Preference Protocol Cost Label PrefixLength Preference Protocol Cost Label PrefixLength Preference Protocol Cost Label
: : : : : : : : : : : : : : : : : : : : : : : : : : : : : :
0 255 BGP 0 NULL 128 0 Direct 0 NULL 64 0 Direct 0 NULL 128 0 Direct 0 NULL 64 255 BGP 0 NULL 10 0 Direct 0 NULL
Configuration Files
l
Issue 03 (2008-09-22)
4-83
4-84
Issue 03 (2008-09-22)
Issue 03 (2008-09-22)
4-85
4-86
Issue 03 (2008-09-22)
Loopback1 2.2.2.9/32
POS1/0/0 162.1.1.1/24 Loopback1 ASBR-PE2 4.4.4.9/32 POS1/0/0 162.1.1.2/24 GE2/0/0 2002::2/64 GE1/0/0 2002::1/64
PE1
PE2
CE1 AS 65001
CE2 AS 65002
Configuration Roadmap
The configuration roadmap is as follows: 1. 2. Set up the EBGP peer relationship between the PE and the CE. Set up the MP-IBGP peer relationship between the PE and the ASBR-PE. Create the IPv6 VPN instance on two ASBR-PEs and bind the instance to the interface that is connected with another ASBR-PE and set up the EBGP peer relationship between ASBRPEs.
Data Preparation
To complete the configuration, you need the following data:
l
Issue 03 (2008-09-22)
The IPv6 VPN instance names of the PE and the ASBR-PE, RD and the VPN-Target
Configuration Procedures
1. Configure IGP on the MPLS backbone of AS 100 and AS 200 respectively to make ASBRPE and PE can reach each other in the same AS. OSPF is used as the IGP in this example, the configuration procedure is not mentioned.
NOTE
The 32-bit address of the loopback interface used as LSR ID should be advertised by OSPF.
After the configuration, the OSPF neighbor relationship should be established between the ASBR-PE and the PE of the same AS. Run the display ospf peer command to find that the OSPF neighbor relationship is in "Full" state. The ASBR-PE and the PE in the same AS can learn the Loopback interface address of each other and can ping through each other. 2. Configure basic MPLS capability and MPLS LDP on the MPLS backbone of AS 100 and AS 200 respectively to set up LDP LSP. # Configure basic MPLS capability on PE1 and LDP is enabled on the interface connecting ASBR-PE1.
[PE1] mpls lsr-id 1.1.1.9 [PE1] mpls [PE1-mpls] lsp-trigger all [PE1-mpls] quit [PE1] mpls ldp [PE1-mpls-ldp] quit [PE1] interface pos1/0/0 [PE1-Pos1/0/0] mpls [PE1-Pos1/0/0] mpls ldp [PE1-Pos1/0/0] quit
# Configure basic MPLS capability on ASBR-PE1 and LDP is enabled on the interface connecting PE1.
[ASBR-PE1] mpls lsr-id 2.2.2.9 [ASBR-PE1] mpls [ASBR-PE1-mpls] lsp-trigger all [ASBR-PE1-mpls] quit [ASBR-PE1] mpls ldp [ASBR-PE1-mpls-ldp] quit [ASBR-PE1] interface pos1/0/0 [ASBR-PE1-Pos1/0/0] mpls [ASBR-PE1-Pos1/0/0] mpls ldp [ASBR-PE1-Pos1/0/0] quit
# Configure basic MPLS capability on ASBR-PE2 and LDP is enabled on the interface connecting PE2.
[ASBR-PE2] mpls lsr-id 3.3.3.9 [ASBR-PE2] mpls [ASBR-PE2-mpls] lsp-trigger all [ASBR-PE2-mpls] quit [ASBR-PE2] mpls ldp [ASBR-PE2-mpls-ldp] quit [ASBR-PE2] interface pos1/0/0 [ASBR-PE2-Pos1/0/0] mpls [ASBR-PE2-Pos1/0/0] mpls ldp [ASBR-PE2-Pos1/0/0] quit
# Configure basic MPLS capability on PE2 and LDP is enabled on the interface connecting ASBR-PE2.
[PE2] mpls lsr-id 4.4.4.9 [PE2] mpls [PE2-mpls] lsp-trigger all
4-88
Issue 03 (2008-09-22)
After the configuration, the LDP neighbor relationship should be established between the PE and the ASBR-PE in the same AS. Running the display mpls ldp session command on the routers, you can find the session state is "Operational" in the output information. Take PE1 as an example.
[PE1] display mpls ldp session LDP Session(s) in Public Network -------------------------------------------------------------------------Peer-ID Status LAM SsnRole SsnAge KA-Sent/Rcv -------------------------------------------------------------------------2.2.2.9:0 Operational DU Passive 000:00:02 9/9 -------------------------------------------------------------------------LAM : Label Advertisement Mode SsnAge Unit : DDD:HH:MM
3.
Configure basic BGP/MPLS IPv6 VPN on the MPLS backbone of AS 100 and AS 200 respectively.
NOTE
The VPN-Targets of the IPv6 VPN instances of the ASBR-PE and the PE in the same AS should be matched. In different ASs, the matching of the VPN-Target attributes of the PEs is unnecessary.
# Configure CE1.
[CE1] interface gigabitethernet 1/0/0 [CE1-GigabitEthernet1/0/0] ipv6 address 2001::1 64 [CE1-GigabitEthernet1/0/0] quit [CE1] bgp 65001 [CE1-bgp] router-id 10.10.10.10 [CE1-bgp] peer 2001::2 as-number 100 [CE1-bgp] ipv6-family unicast [CE1-bgp-af-ipv6] peer 2001::2 enable [CE1-bgp-af-ipv6] import-route direct [CE1-bgp-af-ipv6] quit [CE1-bgp] quit
Issue 03 (2008-09-22)
4-89
[ASBR-PE1-bgp] peer 1.1.1.9 as-number 100 [ASBR-PE1-bgp] peer 1.1.1.9 connect-interface loopback 1 [ASBR-PE1-bgp] ipv6-family vpnv6 [ASBR-PE1-bgp-af-vpnv6] peer 1.1.1.9 enable [ASBR-PE1-bgp-af-vpnv6] quit [ASBR-PE1-bgp] quit
NOTE
The configurations of CE2, PE2 and ASBR-PE2 are similar to that of CE1, PE1 and ASBR-PE1 and are not mentioned here.
After the above configurations, run the display bgp vpnv6 vpn6-instance peer. You can find the BGP relationship between PE and CE is set up, that is the "State" in display is "Established". Run display bgp vpnv6 all peer to find the BGP peer relationship is "Established" between the PE and the CE, and between the PE and the ASBR-PE. Take PE1 as an example.
[PE1] display bgp vpnv6 vpn6-instance vpn1 peer BGP local router ID : 1.1.1.9 Local AS number : 100 Total number of peers : 1 Peers in established state : 1 Peer V AS MsgRcvd MsgSent OutQ Up/Down State PrefRcv 2001::1 4 65001 14 12 0 00:08:36 Established 1 [PE1] display bgp vpnv6 all peer BGP local router ID : 1.1.1.9 Local AS number : 100 Total number of peers : 2 Peers in established state : 2 Peer V AS MsgRcvd MsgSent OutQ Up/Down State PrefRcv 2.2.2.9 4 100 13 12 0 00:09:10 Established 0 Peer of vpn6 instance : vpn6 instance vpn1 : 2001::1 4 65001 17 14 0 00:11:09 Established 1
4.
Configure inter-AS VPN in VRF-to-VRF mode. # Configure ASBR-PE1. Create an IPv6 VPN instance and bind it to the interface connecting ASBR-PE2. (ASBR-PE1 regards ASBR-PE2 as its own CE.)
[ASBR-PE1] ipv6 vpn6-instance vpn1 [ASBR-PE1-vpn6-instance-vpn1] route-distinguisher 100:2 [ASBR-PE1-vpn6-instance-vpn1] vpn-target 1:1 both [ASBR-PE1-vpn6-instance-vpn1] quit [ASBR-PE1] interface pos 2/0/0 [ASBR-PE1-Pos2/0/0] ipv6 binding vpn6-instance vpn1 [ASBR-PE1-Pos2/0/0] ipv6 address 2003::1 64 [ASBR-PE1-Pos2/0/0] quit
# Configure ASBR-PE2. Create an IPv6 VPN instance and bind it to the interface connecting ASBR-PE1. (ASBR-PE2 regards ASBR-PE1 as its CE.)
[ASBR-PE2] ipv6 vpn6-instance vpn1 [ASBR-PE2-vpn6-instance-vpn1] route-distinguisher 200:2 [ASBR-PE2-vpn6-instance-vpn1] vpn-target 2:2 both [ASBR-PE2-vpn6-instance-vpn1] quit [ASBR-PE2] interface pos 2/0/0 [ASBR-PE2-Pos2/0/0] ipv6 binding vpn6-instance vpn1 [ASBR-PE2-Pos2/0/0] ipv6 address 2003::2 64 [ASBR-PE2-Pos2/0/0] quit
4-90
Issue 03 (2008-09-22)
[ASBR-PE2-bgp6-vpn1] peer 2003::1 as-number 100 [ASBR-PE2-bgp6-vpn1] import-route direct [ASBR-PE2-bgp6-vpn1] quit [ASBR-PE2-bgp] quit
After the above configuration, run the display bgp vpnv6 vpn6-instance peer command, and you can see that the BGP peer relationship is established between the ASBR-PEs. 5. Verify the configuration. After the above configuration, the CEs learn interface routes of each other. CE1 and CE2 can ping through each other. Take CE1 as an example.
[CE1] display ipv6 routing-table Routing Table : Public Destinations : 4 Routes : 4 Destination : ::1 NextHop : ::1 Interface : InLoopBack0 State : Active NoAdv Tunnel ID : 0x0 Age : 10889sec Destination : 2001:: NextHop : 2001::1 Interface : GigabitEthernet1/0/0 State : Active Adv Tunnel ID : 0x0 Age : 789sec Destination : 2001::1 NextHop : ::1 Interface : InLoopBack0 State : Active NoAdv Tunnel ID : 0x0 Age : 789sec Destination : FE80:: NextHop : :: Interface : NULL0 State : Active NoAdv Tunnel ID : 0x0 Age : 792sec [CE1] ping ipv6 2002::1 PING 2002::1 : 56 data bytes, press CTRL_C to break Reply from 2002::1 bytes=56 Sequence=1 hop limit=60 time = 94 ms Reply from 2002::1 bytes=56 Sequence=2 hop limit=60 time = 109 ms Reply from 2002::1 bytes=56 Sequence=3 hop limit=60 time = 110 ms Reply from 2002::1 bytes=56 Sequence=4 hop limit=60 time = 94 ms Reply from 2002::1 bytes=56 Sequence=5 hop limit=60 time = 110 ms --- 2002::1 ping statistics --5 packet(s) transmitted 5 packet(s) received 0.00% packet loss round-trip min/avg/max = 94/103/110 ms
PrefixLength Preference Protocol Cost Label PrefixLength Preference Protocol Cost Label PrefixLength Preference Protocol Cost Label PrefixLength Preference Protocol Cost Label
: : : : : : : : : : : : : : : : : : : :
128 0 Direct 0 NULL 64 0 Direct 0 NULL 128 0 Direct 0 NULL 10 0 Direct 0 NULL
Run the display ipv6 routing-table vpn6-instance command on ASBR-PE to see the information of the IPv6 VPN routing table.
[ASBR-PE1] display ipv6 routing-table vpn6-instance vpn1 Routing Table : vpn1 Destinations : 5 Routes : 5 Destination : 2001:: PrefixLength NextHop : ::FFFF:1.1.1.9 Preference Interface : NULL0 Protocol State : Active Adv GotQ Cost Tunnel ID : 0x6002000 Label Age : 1937sec
: : : : :
Issue 03 (2008-09-22)
4-91
Run the display bgp vpnv6 all routing-table command on the ASBR-PE, and you can see the VPN-IPv6 routes on the ASBR-PE.
[ASBR-PE1] display bgp vpnv6 all routing-table BGP Local router ID is 2.2.2.9 Status codes: * - valid, > - best, d - damped, h - history, i - internal, s - suppressed, S - Stale Origin : i - IGP, e - EGP, ? - incomplete Total number of routes from all PE: 1 Route Distinguisher: 100:1 *>i Network : 2001:: PrefixLen : NextHop : ::FFFF:1.1.1.9 LocPrf : MED : 0 PrefVal : Label : 15360 Path/Ogn : ? Total routes of vpn6-instance vpn1: 6 *>i Network : 2001:: PrefixLen : NextHop : ::FFFF:1.1.1.9 LocPrf : MED : 0 PrefVal : Label : 15360 Path/Ogn : ? *> Network : 2002:: PrefixLen : NextHop : 2003::2 LocPrf : MED : PrefVal : Label : NULL Path/Ogn : 200 ? *> Network : 2003:: PrefixLen : NextHop : :: LocPrf : MED : 0 PrefVal : Label : NULL Path/Ogn : ? * NextHop : 2003::2 LocPrf : MED : 0 PrefVal : Label : NULL Path/Ogn : 200 ? *> Network : 2003::1 PrefixLen : NextHop : :: LocPrf : MED : 0 PrefVal : Label : NULL Path/Ogn : ? *> Network : FE80:: PrefixLen : NextHop : :: LocPrf : MED : 0 PrefVal : Label : NULL
64 100 0
64 100 0 64 0 64 0
0 128 0 10 0
4-92
Issue 03 (2008-09-22)
Configuration Files
l
Issue 03 (2008-09-22)
4-93
4-94
Issue 03 (2008-09-22)
Issue 03 (2008-09-22)
4-95
4-96
Issue 03 (2008-09-22)
Loopback1 2.2.2.9/32
POS1/0/0 162.1.1.1/24 Loopback1 ASBR-PE2 4.4.4.9/32 POS1/0/0 162.1.1.2/24 GE2/0/0 2002::2/64 GE1/0/0 2002::1/64
PE1
PE2
CE1 AS 65001
CE2 AS 65002
ASBR-PE1 switches VPN-IPv6 routes with ASBR-PE2 by MP-EBGP. ASBR-PEs do not perform VPN-Target filtering on the received VPN-IPv6 routes.
Configuration Roadmap
The configuration roadmap is as follows: 1. 2. 3. 4. Configure IGP on the backbone network to interconnect the ASBR-PE and the PE and set up MPLS LDP LSP between PE and ASBR PE. Set up the EBGP peer relationship between the PE and the CE. Set up the MP-IBGP peer relationship between the PE and the ASBR-PE. Configure the IPv6 VPN instance on the PE. (There is no need to configure the IPv6 VPN instance on the ASBR-PE.) Enable MPLS on the interfaces that are connected with ASBR-PEs. Set up the MP-EBGP peer relationship between ASBR-PEs. Do not configure VPN-Target filtration on the received VPN-IPv6 routes.
Data Preparation
To complete the configuration, you need the following data:
l l
MPLS LSR-IDs on the PEs and the ASBR-PEs The names, RDs and VPN-Targets of the IPv6 VPN instance configured on the PE1 and PE2
Configuration Procedures
1. Configure IGP on MPLS backbone of AS 100 and AS 200 respectively to make the PE and the ASBR-PE reach each other in the same AS.
Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd. 4-97
Issue 03 (2008-09-22)
OSPF is used as the IGP in this example, the configuration procedure is not mentioned here.
NOTE
The address of the loopback interface in 32-bit used as the LSR ID should be advertised by OSPF.
After the configuration, the OSPF neighbor relationship should be established between the ASBR-PE and the PE of the same AS. Run the display ospf peer command to find that the status of the OSPF neighbor relationship is "Full". The ASBR-PE and the PE in the same AS can learn the Loopback addresses of each other and can ping through each other. 2. Configure MPLS basic capability and MPLS LDP on the backbone of AS 100 and AS 200 respectively to set up an LDP LSP. For configuration procedures, see Example for Configuring Inter-AS VPN Option A. 3. Configure basic BGP/MPLS IPv6 VPN on the backbone of AS 100 and AS 200 respectively.
NOTE
The VPN-Target of the IPv6 VPN instances on the PE1 and the PE2 should be matched.
For the configuration procedure, see the configuration files. 4. Configure inter-AS VPN-Option B mode. # Configure ASBR-PE1. Enable MPLS on POS2/0/0 connected with ASBR-PE2.
<ASBR-PE1> system-view [ASBR-PE1] interface pos 2/0/0 [ASBR-PE1-Pos2/0/0] ip address 192.1.1.1 24 [ASBR-PE1-Pos2/0/0] mpls [ASBR-PE1-Pos2/0/0] quit
# Configure ASBR-PE1. Establish MP-EBGP peer with ASBR-PE2 and perform no VPNTarget filtering on the received VPN-IPv6 routes.
[ASBR-PE1] bgp 100 [ASBR-PE1-bgp] peer 192.1.1.2 as-number 200 [ASBR-PE1-bgp] ipv6-family vpnv6 [ASBR-PE1-bgp-af-vpnv6] peer 192.1.1.2 enable [ASBR-PE1-bgp-af-vpnv6] undo policy vpn-target [ASBR-PE1-bgp-af-vpnv6] quit [ASBR-PE1-bgp] quit
NOTE
The configurations of ASBR-PE2 are similar to that of ASBR-PE1 and are not mentioned here.
5.
Verify the configuration. After the above configuration, the CEs can learn the interface routes of each other. CE1 and CE2 can be pinged successfully on each other. Take CE1 as an example.
[CE1] display ipv6 routing-table Routing Table : Public Destinations : 5 Routes : 5 Destination : ::1 NextHop : ::1 Interface : InLoopBack0 State : Active NoAdv Tunnel ID : 0x0 Age : 4662sec Destination : 2001:: NextHop : 2001::1 Interface : GigabitEthernet1/0/0 State : Active Adv Tunnel ID : 0x0
PrefixLength Preference Protocol Cost Label PrefixLength Preference Protocol Cost Label
: : : : : : : : : :
4-98
Issue 03 (2008-09-22)
Age : 1252sec Destination : 2001::1 NextHop : ::1 Interface : InLoopBack0 State : Active NoAdv Tunnel ID : 0x0 Age : 1252sec Destination : 2002:: NextHop : 2001::2 Interface : GigabitEthernet1/0/0 State : Active Adv Tunnel ID : 0x0 Age : 118sec Destination : FE80:: NextHop : :: Interface : NULL0 State : Active NoAdv Tunnel ID : 0x0 Age : 1255sec [CE1] ping ipv6 2002::1 PING 2002::1 : 56 data bytes, press CTRL_C to Reply from 2002::1 bytes=56 Sequence=1 hop limit=62 time = 125 Reply from 2002::1 bytes=56 Sequence=2 hop limit=62 time = 109 Reply from 2002::1 bytes=56 Sequence=3 hop limit=62 time = 109 Reply from 2002::1 bytes=56 Sequence=4 hop limit=62 time = 109 Reply from 2002::1 bytes=56 Sequence=5 hop limit=62 time = 110 --- 2002::1 ping statistics --5 packet(s) transmitted 5 packet(s) received 0.00% packet loss round-trip min/avg/max = 109/112/125 ms
PrefixLength Preference Protocol Cost Label PrefixLength Preference Protocol Cost Label PrefixLength Preference Protocol Cost Label break ms ms ms ms ms
: : : : : : : : : : : : : : :
Run the display bgp vpnv6 all routing-table command on the ASBR-PE, and you can see the VPN-IPv6 routes on the ASBR-PE. Take ASBR-PE1 for an example.
[ASBR-PE1] display bgp vpnv6 all routing-table BGP Local router ID is 2.2.2.9 Status codes: * - valid, > - best, d - damped, h - history, i - internal, s - suppressed, S - Stale Origin : i - IGP, e - EGP, ? - incomplete Total number of routes from all PE: 2 Route Distinguisher: 100:1 *>i Network : 2001:: PrefixLen : NextHop : ::FFFF:1.1.1.9 LocPrf : MED : 0 PrefVal : Label : 15360 Path/Ogn : ? Route Distinguisher: 200:1 *> Network : 2002:: PrefixLen : NextHop : ::FFFF:192.1.1.2 LocPrf : MED : PrefVal : Label : 15361 Path/Ogn : 200 ?
64 100 0
64 0
Configuration Files
l
Issue 03 (2008-09-22)
4-99
4-100
Issue 03 (2008-09-22)
Issue 03 (2008-09-22)
4-101
4-102
Issue 03 (2008-09-22)
Loopback1 2.2.2.9/32
POS1/0/0 162.1.1.1/24 Loopback1 ASBR-PE2 4.4.4.9/32 POS1/0/0 162.1.1.2/24 GE2/0/0 2002::2/64 GE1/0/0 2002::1/64
PE1
PE2
CE1 AS 65001
CE2 AS 65002
Issue 03 (2008-09-22)
4-103
Configuration Roadmap
The configuration roadmap is as follows: 1. 2. Set up the MP-EBGP peer relationship between PEs in different ASs and configure the maximum hops between PEs to set up the EBGP relationship Configuring the routing policy on the ASBR-PEs; assigning MPLS labels to the routes received from the PE in the local AS when advertising them to the remote ASBR-PE; assigning new MPLS labels to the routes advertised to the PE in the local AS if they are labeled IPv4 routes Configuring the PE and the ASBR-PE of the local AS to exchange the labeled IPv4 route Configuring the ASBR-PE and the peer ASBR-PE to exchange the labeled IPv4 route
3. 4.
Data Preparation
To complete the configuration, you need the following data:
l l l
MPLS LSR-IDs of the PEs and the ASBR-PEs The names, RDs and the VPN-Targets of IPv6 VPN instance configured on the PEs Two tunnel policies configured on the ASBR-PEs
Configuration Procedures
1. Configure IGP on the backbone of AS 100 and AS 200 respectively to make the PE and the ASBR-PE can reach each other in the same AS. OSPF is used as IGP in this example, and the configuration procedure is not mentioned here.
NOTE
The loopback interface address in 32-bit used as the LSR ID should be advertised by OSPF.
After the configuration, the OSPF neighbor relationship should be established between the ASBR-PE and the PE of the same AS. Run the display ospf peer command to find the status of the OSPF neighbor relationship as "Full". Take PE1 as an example:
<PE1> display ospf peer OSPF Process 1 with Router ID 1.1.1.9 Neighbors Area 0.0.0.0 interface 172.1.1.2(Pos1/0/0)'s neighbors Router ID: 2.2.2.9 Address: 172.1.1.1 GR State: Normal State: Full Mode:Nbr is Master Priority: 1 DR: None BDR: None MTU: 0 Dead timer due in 31 sec Neighbor is up for 00:28:11 Authentication Sequence: [ 0 ]
The ASBR PE and the PE in the same AS can learn the IP address of Loopback1 from each other and they can successfully ping each other. 2. Configure MPLS basic capability and MPLS LDP on the backbone of AS 100 and AS 200 respectively to set up an LDP LSP. For configuration procedures, see Example for Configuring Inter-AS VPN Option A. 3. Configure VPN for the AS100 and the AS200.
l
Configuring the VPN instance on the PE1 and the PE2 and bind the VPN instance with the interface on the connected CE
Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd. Issue 03 (2008-09-22)
4-104
Configuring the routing protocol or the static route between the PE1 and the CE1, and between the PE2 and the CE (BGP4+ is adopted in this example.) Setting up the IBGP relationship between the PE1 and the ASBR-PE1, and between the PE2 and the ASBR-PE2
NOTE
The VPN-Targets of IPv6 VPN instances on the PEs in the different ASs should be matched.
For configuration procedures, see Example for Configuring Inter-AS VPN Option A. 4. Configure switch of labeled IPv4 routes. # Configure PE1. Enable to switch labeled IPv4 routes with ASBR-PE1.
[PE1] bgp 100 [PE1-bgp] peer 2.2.2.9 label-route-capability [PE1-bgp] quit
# Configure ASBR-PE1. Enable MPLS on POS 2/0/0 that is connected with the ASBRPE2.
[ASBR-PE1] interface pos 2/0/0 [ASBR-PE1-Pos2/0/0] ip address 192.1.1.1 24 [ASBR-PE1-Pos2/0/0] mpls [ASBR-PE1-Pos2/0/0] quit
# Configure ASBR-PE1. Apply route policies to the routes advertised to PE1 and enable to exchange IPv4 routes with label with PE1.
[ASBR-PE1] bgp 100 [ASBR-PE1-bgp] peer 1.1.1.9 route-policy policy2 export [ASBR-PE1-bgp] peer 1.1.1.9 label-route-capability
# Configure ASBR-PE1. Apply route policies to the routes advertised to ASBR-PE2 and enable to switch label IPv4 routes with ASBR-PE2.
[ASBR-PE1-bgp] [ASBR-PE1-bgp] [ASBR-PE1-bgp] [ASBR-PE1-bgp] peer 192.1.1.2 as-number 200 peer 192.1.1.2 route-policy policy1 export peer 192.1.1.2 label-route-capability quit
# Configure ASBR-PE1. Advertise the Loopback address of PE1 to ASBR-PE2, and then to PE2.
[ASBR-PE1] bgp [ASBR-PE1-bgp] [ASBR-PE1-bgp] [ASBR-PE1-bgp]
NOTE
The configurations of PE2 and ASBR-PE2 are similar to that of PE1 and ASBR-PE1 and are not mentioned here.
5.
Issue 03 (2008-09-22)
4-105
# Configure PE2.
[PE2] bgp 200 [PE2-bgp] peer 1.1.1.9 as-number 100 [PE2-bgp] peer 1.1.1.9 connect-interface LoopBack 1 [PE2-bgp] peer 1.1.1.9 ebgp-max-hop 10 [PE2-bgp] ipv6-family vpnv6 [PE2-bgp-af-vpnv6] peer 1.1.1.9 enable [PE2-bgp-af-vpnv6] quit [PE2-bgp] quit
6.
Verify the configuration. After the above configuration, the CEs can learn interface routes of each other. CE1 and CE2 can ping through each other. Take CE1 as an example:
[CE1] display ipv6 routing-table Routing Table : Public Destinations : 5 Routes : 5 Destination : ::1 NextHop : ::1 Interface : InLoopBack0 State : Active NoAdv Tunnel ID : 0x0 Age : 8366sec Destination : 2001:: NextHop : 2001::1 Interface : GigabitEthernet1/0/0 State : Active Adv Tunnel ID : 0x0 Age : 4956sec Destination : 2001::1 NextHop : ::1 Interface : InLoopBack0 State : Active NoAdv Tunnel ID : 0x0 Age : 4956sec Destination : 2002:: NextHop : 2001::2 Interface : GigabitEthernet1/0/0 State : Active Adv Tunnel ID : 0x0 Age : 76sec Destination : FE80:: NextHop : :: Interface : NULL0 State : Active NoAdv Tunnel ID : 0x0 Age : 4960sec [CE1] ping ipv6 2002::1 PING 2002::1 : 56 data bytes, press CTRL_C to break Reply from 2002::1 bytes=56 Sequence=1 hop limit=62 time = 109 ms Reply from 2002::1 bytes=56 Sequence=2 hop limit=62 time = 125 ms Reply from 2002::1 bytes=56 Sequence=3 hop limit=62 time = 94 ms Reply from 2002::1 bytes=56 Sequence=4 hop limit=62 time = 109 ms Reply from 2002::1 bytes=56 Sequence=5 hop limit=62 time = 109 ms --- 2002::1 ping statistics --5 packet(s) transmitted 5 packet(s) received 0.00% packet loss round-trip min/avg/max = 94/109/125 ms
PrefixLength Preference Protocol Cost Label PrefixLength Preference Protocol Cost Label PrefixLength Preference Protocol Cost Label PrefixLength Preference Protocol Cost Label PrefixLength Preference Protocol Cost Label
: : : : : : : : : : : : : : : : : : : : : : : : :
128 0 Direct 0 NULL 64 0 Direct 0 NULL 128 0 Direct 0 NULL 64 255 BGP 0 NULL 10 0 Direct 0 NULL
4-106
Issue 03 (2008-09-22)
There is no VPN-IPv6 route on the ASBR-PEs. Run the display bgp routing-table label command on the ASBR-PE to see the label information of the routes. Take ASBR-PE1 as an example:
[ASBR-PE1] display bgp routing-table label Total Number of Routes: 4 BGP Local router ID is 2.2.2.9 Status codes: * - valid, > - best, d - damped, h - history, i - internal, s - suppressed, S - Stale Origin : i - IGP, e - EGP, ? - incomplete Network NextHop In/Out Label *> 1.1.1.9 172.1.1.2 15362/NULL *> 4.4.4.9 192.1.1.2 15361/15361 *> 192.1.1.0 192.1.1.1 15360/NULL * 192.1.1.2 NULL/15360
Configuration Files
l
Issue 03 (2008-09-22)
4-107
4-108
Issue 03 (2008-09-22)
Issue 03 (2008-09-22)
4-109
4-110
Issue 03 (2008-09-22)
PE1 and PE2 are PEs of the Level 1 carrier's backbone. CE1 and CE2 belong to the Level 2 carrier and access the backbone of Level 1 carrier. PE3 and PE4 belong to the Level 2 carrier and provide access service for Level 2 carrier's customer. CE3 and CE4 are the Level 2 carrier's customer.
PE1
POS1/0/0 11.1.1.2/24
PE2
POS2/0/0 21.1.1.1/24
AS: 100
PE3 GE1/0/0
2001::2/64
POS1/0/0 10.1.1.2/24
CE1
Loopback1 2.2.2.9/32
CE2
PE4
MP-IBGP
GE1/0/0 2001::1/64 GE1/0/0 2002::1/64
CE3
AS:65410
AS:65420
CE4
Configuration Roadmap
The configuration roadmap is as follows: 1.
Issue 03 (2008-09-22)
The exchange of the internal routes of the level 2 carrier on the backbone network of level 1 carrier: configuring the level 2 carrier to access the level 1 carrier as the level 1 carrier's CE The exchange of the external routes of the level 2 carrier between the PE devices of the level 2 carrier: setting up the MP-IBGP peer relationship between the PE devices (PE3 and PE4) of the level 2 carrier
2.
Configuring the carrier's carrier of the same AS and configuring IGP and LDP between the PE of the level 1 carrier and the CE of the level 2 carrier
Data Preparation
To configure the carrier's carrier in the same AS, you need the following data:
l
MPLS LSR-ID on the PE of the level 1 carrier, MPLS LSR-IDs on the PE and the CE of the level 2 carrier Data for configuring IGP (The IS-IS process number of the IGP protocol running on the PE and the CE of the level 2 carrier is the same with that used when the CE of the level 2 carrier accesses the level 1 carrier. However, it is different from that on the PE of the level 1 carrier.) The name of the IPv6 VPN instance configured on the PE, RD and the VPN-Target
Configuration Procedures
1. Configure the BGP/MPLS IP VPN on Level 1 carrier's backbone. Adopt IS-IS as the IGP, enable the LDP between PE1 and PE2 and establish MP-IBGP peer relationship between them. # Configure PE1
<Quidway> system-view [Quidway] sysname PE1 [PE1] interface loopback 1 [PE1-LoopBack1] ip address 3.3.3.9 32 [PE1-LoopBack1] quit [PE1] mpls lsr-id 3.3.3.9 [PE1] mpls [PE1-mpls] lsp-trigger all [PE1-mpls] quit [PE1] mpls ldp [PE1-mpls-ldp] quit [PE1] isis 1 [PE1-isis-1] network-entity 10.0000.0000.0004.00 [PE1-isis-1] quit [PE1] interface loopback 1 [PE1-LoopBack1] isis enable 1 [PE1-LoopBack1] quit [PE1] interface pos 2/0/0 [PE1-Pos2/0/0] ip address 30.1.1.1 24 [PE1-Pos2/0/0] isis enable 1 [PE1-Pos2/0/0] mpls [PE1-Pos2/0/0] mpls ldp [PE1-Pos2/0/0] quit [PE1] bgp 100 [PE1-bgp] peer 4.4.4.9 as-number 100 [PE1-bgp] peer 4.4.4.9 connect-interface loopback 1 [PE1-bgp] ipv4-family vpnv4 [PE1-bgp-af-vpnv4] peer 4.4.4.9 enable [PE1-bgp-af-vpnv4] quit [PE1-bgp] quit
4-112
Issue 03 (2008-09-22)
The configuration of PE2 is similar to that of PE1 and is not mentioned here.
After the configuration, run the display mpls ldp session command on PE1 or PE2, to find that the LDP session has been established successfully. Run the display bgp peer command to find that the BGP peer relationship has been established. Run the display isis peer command to find that the IS-IS neighbor has been set up. Take PE1 as an example:
[PE1] display isis peer Peer information for ISIS(1) ---------------------------System Id Interface Circuit Id State HoldTime Type PRI 0000.0000.0005 Pos2/0/0 002 Up 29s L2(L1L2) -[PE1] display mpls ldp session LDP Session(s) in Public Network ---------------------------------------------------------------Peer-ID Status LAM SsnRole SsnAge KA-Sent/Rcv ---------------------------------------------------------------4.4.4.9:0 Operational DU Active 000:00:01 8/8 ---------------------------------------------------------------TOTAL: 1 session(s) Found. LAM : Label Advertisement Mode SsnAge Unit : DDD:HH:MM [PE1] display bgp vpnv4 all peer BGP local router ID : 3.3.3.9 Local AS number : 100 Total number of peers : 1 Peers in established state : 1 Peer V AS MsgRcvd MsgSent OutQ Up/Down State PrefRcv 4.4.4.9 4 100 162 145 0 02:12:47 Established 0
2.
Configure Level 2 carrier's network. Adopt IS-IS as the IGP and enable LDP between PE3 and CE1, PE4 and CE2 respectively # Configure PE3.
<Quidway> system-view [Quidway] sysname PE3 [PE3] interface loopback 1 [PE3-LoopBack1] ip address 1.1.1.9 32 [PE3-LoopBack1] quit [PE3] mpls lsr-id 1.1.1.9 [PE3] mpls [PE3-mpls] lsp-trigger all [PE3-mpls] quit [PE3] mpls ldp [PE3-mpls-ldp] quit [PE3] isis 2 [PE3-isis-2] network-entity 10.0000.0000.0001.00 [PE3-isis-2] quit [PE3] interface loopback 1 [PE3-LoopBack1] isis enable 2 [PE3-LoopBack1] quit [PE3] interface pos 2/0/0 [PE3-Pos2/0/0] ip address 10.1.1.1 24 [PE3-Pos2/0/0] isis enable 2 [PE3-Pos2/0/0] mpls [PE3-Pos2/0/0] mpls ldp [PE3-Pos2/0/0] quit
# Configure CE1.
<Quidway> system-view [Quidway] sysname CE1 [CE1] interface loopback 1 [CE1-LoopBack1] ip address 2.2.2.9 32 [CE1-LoopBack1] quit [CE1] mpls lsr-id 2.2.2.9 [CE1] mpls [CE1-mpls] lsp-trigger all
Issue 03 (2008-09-22)
4-113
[CE1-mpls] quit [CE1] mpls ldp [CE1-mpls-ldp] quit [CE1] isis 2 [CE1-isis-2] network-entity 10.0000.0000.0002.00 [CE1-isis-2] quit [CE1] interface loopback 1 [CE1-LoopBack1] isis enable 2 [CE1-LoopBack1] quit [CE1] interface pos 1/0/0 [CE1-Pos1/0/0] ip address 10.1.1.2 24 [CE1-Pos1/0/0] isis enable 2 [CE1-Pos1/0/0] mpls [CE1-Pos1/0/0] mpls ldp [CE1-Pos1/0/0] quit
After the configuration, the LDP session and IS-IS neighbor relationship should be established between the PE3 and the CE1.
NOTE
The configurations of PE4 and CE2 are similar to those of PE3 and CE1. Their configurations are not mentioned here.
3.
Configure CEs of the Level 2 carrier to access PEs of the Level 1 carrier. # Configure PE1.
[PE1] ip vpn-instance vpn1 [PE1-vpn-instance-vpn1] route-distinguisher 200:1 [PE1-vpn-instance-vpn1] vpn-target 1:1 both [PE1-vpn-instance-vpn1] quit [PE1] bgp 100 [PE1-bgp] ipv4-family vpn-instance vpn1 [PE1-bgp6-vpn1] import-route isis 2 [PE1-bgp6-vpn1] quit [PE1-bgp] quit [PE1] mpls ldp vpn-instance vpn1 [PE1-mpls-ldp-vpn-instance-vpn1] quit [PE1] isis 2 vpn-instance vpn1 [PE1-isis-2] network-entity 10.0000.0000.0003.00 [PE1-isis-2] import-route bgp [PE1-isis-2] quit [PE1] interface pos 1/0/0 [PE1-Pos1/0/0] ip binding vpn-instance vpn1 [PE1-Pos1/0/0] ip address 11.1.1.2 24 [PE1-Pos1/0/0] isis enable 2 [PE1-Pos1/0/0] mpls [PE1-Pos1/0/0] mpls ldp [PE1-Pos1/0/0] mpls ldp transport-address interface
# Configure CE1.
[CE1] interface pos 2/0/0 [CE1-Pos2/0/0] ip address 11.1.1.1 24 [CE1-Pos2/0/0] isis enable 2 [CE1-Pos2/0/0] mpls [CE1-Pos2/0/0] mpls ldp [CE1-Pos2/0/0] mpls ldp transport-address interface [CE1-Pos2/0/0] quit
After the configuration, the LDP session and IS-IS neighbor relationship should be established between PE1 and CE1.
NOTE
The configurations of PE2 and CE2 are similar to those of PE1 and CE1. Their configurations are not mentioned here.
4.
Configure the Level 2 carrier's CE and PE so that the CE can access the PE. # Configure CE3.
<Quidway> system-view
4-114
Issue 03 (2008-09-22)
[Quidway] sysname CE3 [CE3] interface gigabitethernet 1/0/0 [CE3-GigabitEthernet1/0/0] ipv6 address 2001::1 64 [CE3-GigabitEthernet1/0/0] quit [CE3] bgp 65410 [CE3-bgp] router-id 10.10.10.10 [CE3-bgp] peer 2001::2 as-number 100 [CE3-bgp] ipv6-family unicast [CE3-bgp-af-ipv6] peer 2001::2 enable [CE3-bgp-af-ipv6] import-route direct [CE3-bgp-af-ipv6] quit [CE3-bgp] quit
# Configure PE3.
[PE3] ipv6 vpn6-instance vpn1 [PE3-vpn6-instance-vpn1] route-distinguisher 100:1 [PE3-vpn6-instance-vpn1] vpn-target 1:1 both [PE3-vpn6-instance-vpn1] quit [PE3] interface gigabitethernet 1/0/0 [PE3-GigabitEthernet1/0/0] ipv6 binding vpn6-instance vpn1 [PE3-GigabitEthernet1/0/0] ipv6 address 2001::2 64 [PE3-GigabitEthernet1/0/0] quit [PE3] bgp 100 [PE3-bgp] ipv6-family vpn6-instance vpn1 [PE3-bgp6-vpn1] peer 2001::1 as-number 65410 [PE3-bgp6-vpn1] import-route direct [PE3-bgp6-vpn1] quit [PE3-bgp] quit
NOTE
The configurations of PE4 and CE4 are similar to those of PE3 and CE3. Their configurations are not mentioned here.
Then run the display bgp vpnv6 vpn6-instance vpn1 peer command on PE3 and PE4, or run the display bgp ipv6 peer command on CE3 and CE3. You can view that the status of the BGP peer relationship between PE3 and CE3, and that between PE4 and CE4 are "Established". 5. Establish MP-IBGP peers between Level 2 carrier's PEs to exchange VPN routes of Level 2 carrier's CEs. # Configure PE3.
[PE3] bgp 100 [PE3-bgp] peer 6.6.6.9 as-number 100 [PE3-bgp] peer 6.6.6.9 connect-interface loopback 1 [PE3-bgp] ipv6-family vpnv6 [PE3-bgp-af-vpnv6] peer 6.6.6.9 enable [PE3-bgp-af-vpnv6] quit [PE3-bgp] quit
NOTE
The configuration of the PE4 is similar to that of the PE3 and is not mentioned here.
Then run the display bgp vpnv6 vpn6-instance vpn1 peer command on PE3 and PE4. You can view that the MP-IBGP peer relationship between PE3 and PE4 is "Established". 6. Verify the configuration. After all the configurations, run the display ip routing-table command on PE1 and PE2 to find that the public routing table on PE1 and PE2 contains only the Level 1 carrier's routes. Take PE1 as an example:
[PE1] display ip routing-table Routing Tables: Public Destinations : 7 Destination/Mask Proto Pre 3.3.3.9/32 Direct 0 Routes : 7 Cost Flags NextHop 0 D 127.0.0.1
Interface InLoopBack0
Issue 03 (2008-09-22)
4-115
Run the display ip routing-table vpn-instance command on PE1 and PE2, to find that the VPN routing table contains the internal routes of the Level 2 carrier. Take PE1 as an example:
[PE1] display ip routing-table vpn-instance vpn1 Routing Tables: vpn1 Destinations : 11 Routes : 11 Destination/Mask Proto Pre Cost Flags NextHop Interface 1.1.1.9/32 ISIS 15 20 D 11.1.1.1 Pos1/0/0 2.2.2.9/32 ISIS 15 10 D 11.1.1.1 Pos1/0/0 5.5.5.9/32 BGP 255 0 RD 4.4.4.9 Pos2/0/0 6.6.6.9/32 BGP 255 0 RD 4.4.4.9 Pos2/0/0 10.1.1.0/24 ISIS 15 20 D 11.1.1.1 Pos1/0/0 11.1.1.0/24 Direct 0 0 D 11.1.1.1 Pos1/0/0 11.1.1.1/32 Direct 0 0 D 127.0.0.1 InLoopBack0 11.1.1.2/32 Direct 0 0 D 11.1.1.2 Pos1/0/0 20.1.1.0/24 BGP 255 0 RD 4.4.4.9 Pos2/0/0 21.1.1.0/24 BGP 255 0 RD 4.4.4.9 Pos2/0/0
Run the display ip routing-table command on CE1 and CE2 to find that the public routing table contains internal routes of the Level 2 carrier. Take CE1 as an example:
[CE1] display ip routing-table Routing Tables: Public Destinations : 15 Routes : 15 Destination/Mask Proto Pre Cost Flags NextHop 1.1.1.9/32 ISIS 15 10 D 10.1.1.2 2.2.2.9/32 Direct 0 0 D 127.0.0.1 5.5.5.9/32 ISIS 15 74 D 11.1.1.2 6.6.6.9/32 ISIS 15 74 D 11.1.1.2 10.1.1.0/24 Direct 0 0 D 10.1.1.2 10.1.1.1/32 Direct 0 0 D 10.1.1.1 10.1.1.2/32 Direct 0 0 D 127.0.0.1 11.1.1.0/24 Direct 0 0 D 11.1.1.1 11.1.1.1/32 Direct 0 0 D 127.0.0.1 11.1.1.2/32 Direct 0 0 D 11.1.1.2 20.1.1.0/24 ISIS 15 74 D 11.1.1.2 21.1.1.0/24 ISIS 15 74 D 11.1.1.2 127.0.0.0/8 Direct 0 0 D 127.0.0.1 127.0.0.1/32 Direct 0 0 D 127.0.0.1
Interface Pos1/0/0 InLoopBack0 Pos2/0/0 Pos2/0/0 Pos1/0/0 Pos1/0/0 InLoopBack0 Pos2/0/0 InLoopBack0 Pos2/0/0 Pos2/0/0 Pos2/0/0 InLoopBack0 InLoopBack0
Run the display ip routing-table command on PE3 and PE4 to find that the internal routes of the Level 2 carrier are contained in the public routing table. Take PE3 as an example:
[PE3] display ip routing-table Routing Tables: Public Destinations : 13 Routes : 13 Destination/Mask Proto Pre Cost Flags NextHop 1.1.1.9/32 Direct 0 0 D 127.0.0.1 2.2.2.9/32 ISIS 15 10 D 10.1.1.2 5.5.5.9/32 ISIS 15 84 D 10.1.1.2 6.6.6.9/32 ISIS 15 84 D 10.1.1.2 10.1.1.0/24 Direct 0 0 D 10.1.1.1 10.1.1.1/32 Direct 0 0 D 127.0.0.1 10.1.1.2/32 Direct 0 0 D 10.1.1.2 11.1.1.0/24 ISIS 15 20 D 10.1.1.2 20.1.1.0/24 ISIS 15 84 D 10.1.1.2 20.1.1.1/32 BGP 255 0 RD 6.6.6.9 21.1.1.0/24 ISIS 15 84 D 10.1.1.2 127.0.0.0/8 Direct 0 0 D 127.0.0.1
Interface InLoopBack0 Pos2/0/0 Pos2/0/0 Pos2/0/0 Pos2/0/0 InLoopBack0 Pos2/0/0 Pos2/0/0 Pos2/0/0 Pos2/0/0 Pos2/0/0 InLoopBack0
4-116
Issue 03 (2008-09-22)
Run the display ipv6 routing-table vpn6-instance command on PE3 and PE4 to find that the routes of the remote CEs, that is, the external routes of the Level 2 carrier, are contained in the VPN routing table. Take PE3 as an example:
[PE3] display ipv6 routing-table vpn6-instance vpn1 Routing Table : vpn1 Destinations : 4 Routes : 4 Destination : 2001:: NextHop : 2001::2 Interface : GigabitEthetnet1/0/0 State : Active Adv Tunnel ID : 0x0 Age : 59114sec Destination : 2001::2 NextHop : ::1 Interface : InLoopBack0 State : Active NoAdv Tunnel ID : 0x0 Age : 59114sec Destination : 2002:: NextHop : ::FFFF:6.6.6.9 Interface : NULL0 State : Active Adv GotQ Tunnel ID : 0x6002015 Age : 143sec Destination : FE80:: NextHop : :: Interface : NULL0 State : Active NoAdv Tunnel ID : 0x0 Age : 59120sec
PrefixLength Preference Protocol Cost Label PrefixLength Preference Protocol Cost Label PrefixLength Preference Protocol Cost Label PrefixLength Preference Protocol Cost Label
: : : : : : : : : : : : : : : : : : : :
64 0 Direct 0 NULL 128 0 Direct 0 NULL 64 255 BGP 0 15360 10 0 Direct 0 NULL
Issue 03 (2008-09-22)
4-117
Configuration Files
l
4-118
Issue 03 (2008-09-22)
Issue 03 (2008-09-22)
4-119
4-120
Issue 03 (2008-09-22)
Issue 03 (2008-09-22)
4-121
PE1
POS1/0/0 11.1.1.2/24
PE2
POS2/0/0 21.1.1.1/24
Loopback1 Customer carrier 1.1.1.9/32 POS2/0/0 10.1.1.1/24 POS1/0/0 10.1.1.2/24 GE1/0/0 2001::2/64
AS: 200
CE1
Loopback1 2.2.2.9/32
CE2
PE3
PE4
MP-EBGP
GE1/0/0 2001::1/64 GE1/0/0 2002::1/64
CE3
AS:65410
AS:65420
CE4
Configuration Roadmap
The configuration roadmap is as follows: 1. The two types of routes are exchanged as follows:
l
The exchange of the internal routes of the level 2 carrier on the backbone network of level 1 carrier: configuring the level 2 carrier to access the level 1 carrier as the level 1 carrier's CE The exchange of the external routes of the level 2 carrier between the PE devices of the level 2 carrier: setting up the MP-EBGP peer relationship between the PE devices (PE3 and PE4) of the level 2 carrier
2.
Configuring the labeled MP-EBGP between the PE of the level 1 carrier and the CE of the level 2 carrier that are located in different ASs
Data Preparation
To configure the inter-AS carrier's carrier, you need the following data:
l
MPLS LSR-ID on the PE of the level 1 carrier, MPLS LSR-IDs on the PE and the CE of the level 2 carrier Data for configuring IGP (The IS-IS process number of the IGP protocol running on the PE and the CE of the level 2 carrier is the same with that used when the CE of the level 2
Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd. 4-123
Issue 03 (2008-09-22)
carrier accesses the level 1 carrier. However, it is different from that on the PE of the level 1 carrier.)
l l
The name of the IPv6 VPN instance configured on the PE, RD and VPN-Target Two routing policies configured on the CE of the level 2 carrier
Configuration Procedures
1. Configure BGP/MPLS IP VPN on the Level 1 carrier backbone network, using IS-IS as IGP protocol of the backbone network. Enable LDP between PE1 and PE2, and establish MP-IBGP peer relationship. The configuration procedures are similar to those in Example for Configuring Carrier's Carrier in a Same AS, the specific configuration procedures are not mentioned here.
NOTE
During the IGP protocol configuration, the Loopback interface address in 32-bit of each PE needs to be advertised.
2.
Configure the Level 2 carrier network. Use IS-IS as the IGP protocol. Enable LDP between the PE3 and the CE1, and between the PE4 and the CE2 respectively. The configuration procedures are similar to those in Example for Configuring Carrier's Carrier in a Same AS and not mentioned here.
NOTE
During the IGP protocol configuration, the Loopback interface address in 32-bit of each PE and CE needs to be advertised.
3.
Configure the Level 2 carrier CE to access the Level 1 carrier PE. Configure the exchange of labeled IPv4 routes between them. # Configure CE1 to exchange labeled IPv4 routes with PE3 and PE1.
<CE1> system-view [CE1] interface pos 2/0/0 [CE1-Pos2/0/0] ip address 11.1.1.1 24 [CE1-Pos2/0/0] mpls [CE1-Pos2/0/0] quit [CE1] route-policy policy1 permit node 1 [CE1-route-policy] apply mpls-label [CE1-route-policy] quit [CE1] route-policy policy2 permit node 1 [CE1-route-policy] if-match mpls-label [CE1-route-policy] apply mpls-label [CE1-route-policy] quit [CE1] bgp 200 [CE1-bgp] peer 1.1.1.9 as-number 200 [CE1-bgp] peer 1.1.1.9 connect-interface loopback 1 [CE1-bgp] peer 1.1.1.9 route-policy policy2 export [CE1-bgp] peer 1.1.1.9 label-route-capability [CE1-bgp] peer 11.1.1.2 as-number 100 [CE1-bgp] peer 11.1.1.2 route-policy policy1 export [CE1-bgp] peer 11.1.1.2 label-route-capability [CE1-bgp] import-route isis 2 [CE1-bgp] quit
4-124
Issue 03 (2008-09-22)
[PE1-Pos1/0/0] mpls [PE1-Pos1/0/0] quit [PE1] route-policy policy1 permit node 1 [PE1-route-policy] apply mpls-label [PE1-route-policy] quit [PE1] bgp 100 [PE1-bgp] ipv4-family vpn-instance vpn1 [PE1-bgp-vpn1] peer 11.1.1.1 as-number 200 [PE1-bgp-vpn1] peer 11.1.1.1 route-policy policy1 export [PE1-bgp-vpn1] peer 11.1.1.1 label-route-capability [PE1-bgp-vpn1] import-route direct [PE1-bgp-vpn1] quit [PE1-bgp] quit
After the above configuration, the BGP peer relationship is established between CE1 and PE3, and between CE1 and PE1.
[CE1] display bgp vpnv4 all peer BGP local router ID : 2.2.2.9 Local AS number : 200 Total number of peers : 2 Peer V AS MsgRcvd MsgSent 1.1.1.9 4 200 7 8 11.1.1.2 4 100 3 4
NOTE
Peers in established state : 2 OutQ Up/Down State PrefRcv 0 00:04:07 Established 0 0 00:00:08 Established 0
The configuration procedures of PE4, CE2 and PE2 are similar to those of PE3, CE1 and PE1, and are not mentioned here.
4.
Configure the Level 2 carrier's customer to access the Level 2 carrier PE. The specific configuration procedures are the same as those in Example for Configuring Carrier's Carrier in a Same AS and are not mentioned here.
5.
Establish MP-EBGP peer relationship between the Level 2 carrier PEs to exchange VPN routes of the Level 2 carrier's customer. # Configure PE3.
<PE3> system-view [PE3] bgp 200 [PE3-bgp] peer 6.6.6.9 as-number 300 [PE3-bgp] peer 6.6.6.9 connect-interface loopback 1 [PE3-bgp] peer 6.6.6.9 ebgp-max-hop 10 [PE3-bgp] ipv6-family vpnv6 [PE3-bgp-af-vpnv6] peer 6.6.6.9 enable [PE3-bgp-af-vpnv6] quit [PE3-bgp] quit
# Configure PE4.
<PE4> system-view [PE4] bgp 300 [PE4-bgp] peer 1.1.1.9 as-number 200 [PE4-bgp] peer 1.1.1.9 connect-interface loopback 1 [PE4-bgp] peer 1.1.1.9 ebgp-max-hop 10 [PE4-bgp] ipv6-family vpnv6 [PE4-bgp-af-vpnv6] peer 1.1.1.9 enable [PE4-bgp-af-vpnv6] quit [PE4-bgp] quit
6.
Verifying the configuration. After the configuration, run the display ip routing-table command on PE1 and PE2 to see that the public routing table contains only the routes of the Level 1 carrier network.
Issue 03 (2008-09-22)
4-125
Run the display ip routing-table vpn-instance command on PE1 and PE2 to see that the VPN routing table does not contain internal routes of the Level 2 carrier. Take PE1 as an example:
[PE1] display ip routing-table vpn-instance vpn1 Routing Tables: vpn1 Destinations : 13 Routes : 13 Destination/Mask Proto Pre Cost Flags 1.1.1.9/32 BGP 255 10 D 2.2.2.9/32 BGP 255 0 D 5.5.5.9/32 BGP 255 0 RD 6.6.6.9/32 BGP 255 10 RD 10.1.1.0/24 BGP 255 0 D 11.1.1.0/24 Direct 0 0 D 11.1.1.1/32 Direct 0 0 D 11.1.1.2/32 Direct 0 0 D 20.1.1.0/24 BGP 255 0 RD 21.1.1.0/24 BGP 255 0 RD 21.1.1.2/32 BGP 255 0 RD
NextHop 11.1.1.1 11.1.1.1 4.4.4.9 4.4.4.9 11.1.1.1 11.1.1.2 11.1.1.1 127.0.0.1 4.4.4.9 4.4.4.9 4.4.4.9
Interface Pos1/0/0 Pos1/0/0 Pos2/0/0 Pos2/0/0 Pos1/0/0 Pos1/0/0 Pos1/0/0 InLoopBack0 Pos2/0/0 Pos2/0/0 Pos2/0/0
Run the display ip routing-table command on CE1 and CE2 to see that the public routing table contains internal routes of the Level 2 carrier. Take CE1 as an example:
[CE1] display ip routing-table Routing Tables: Public Destinations : 16 Destination/Mask Proto Pre 1.1.1.9/32 ISIS 15 2.2.2.9/32 Direct 0 5.5.5.9/32 BGP 255 6.6.6.9/32 BGP 255 10.1.1.0/24 Direct 0 10.1.1.1/32 Direct 0 10.1.1.2/32 Direct 0 11.1.1.0/24 Direct 0 11.1.1.1/32 Direct 0 11.1.1.2/32 Direct 0 20.1.1.0/24 BGP 255 21.1.1.0/24 BGP 255 21.1.1.2/32 BGP 255 127.0.0.0/8 Direct 0 127.0.0.1/32 Direct 0 Routes : 16 Cost Flags 10 D 0 D 0 D 0 D 0 D 0 D 0 D 0 D 0 D 0 D 0 D 0 D 0 D 0 D 0 D
NextHop 10.1.1.1 127.0.0.1 11.1.1.2 11.1.1.2 10.1.1.2 10.1.1.1 127.0.0.1 11.1.1.1 127.0.0.1 11.1.1.2 11.1.1.2 11.1.1.2 11.1.1.2 127.0.0.1 127.0.0.1
Interface Pos1/0/0 InLoopBack0 Pos2/0/0 Pos2/0/0 Pos1/0/0 Pos1/0/0 InLoopBack0 Pos2/0/0 InLoopBack0 Pos2/0/0 Pos2/0/0 Pos2/0/0 Pos2/0/0 InLoopBack0 InLoopBack0
Run the display ip routing-table command on PE3 and PE4 to see that the public routing table contains the internal route of the Level 2 carrier. Take PE3 as an example:
[PE3] display ip routing-table Routing Tables: Public Destinations : 15 Destination/Mask Proto Pre 1.1.1.9/32 Direct 0 2.2.2.9/32 ISIS 15 5.5.5.9/32 BGP 255 6.6.6.9/32 BGP 255 Routes : 15 Cost Flags 0 D 10 D 0 RD 0 RD
4-126
Issue 03 (2008-09-22)
Running the display ipv6 routing-table vpn6-instance command on PE3 and PE4 to see that the external routes of the Level 2 carrier are contained in the VPN routing table. Take PE3 as an example:
[PE3] display ipv6 routing-table vpn6-instance vpn1 Routing Table : vpn1 Destinations : 4 Routes : 4 Destination : 2001:: NextHop : 2001::2 Interface : GigabitEthetnet1/0/0 State : Active Adv Tunnel ID : 0x0 Age : 65664sec Destination : 2001::2 NextHop : ::1 Interface : InLoopBack0 State : Active NoAdv Tunnel ID : 0x0 Age : 65664sec Destination : 2002:: NextHop : ::FFFF:6.6.6.9 Interface : NULL0 State : Active Adv GotQ Tunnel ID : 0x6002694 Age : 161sec Destination : FE80:: NextHop : :: Interface : NULL0 State : Active NoAdv Tunnel ID : 0x0 Age : 65668sec
PrefixLength Preference Protocol Cost Label PrefixLength Preference Protocol Cost Label PrefixLength Preference Protocol Cost Label PrefixLength Preference Protocol Cost Label
: : : : : : : : : : : : : : : : : : : :
64 0 Direct 0 NULL 128 0 Direct 0 NULL 64 255 BGP 0 15360 10 0 Direct 0 NULL
Issue 03 (2008-09-22)
4-127
Configuration Files
l
ipv6
# bgp 65410 router-id 10.10.10.10 peer 2001::2 as-number 200 # ipv6-family unicast undo synchronization import-route direct peer 2001::2 enable # return l
4-128
Issue 03 (2008-09-22)
Issue 03 (2008-09-22)
4-129
4-130
Issue 03 (2008-09-22)
Issue 03 (2008-09-22)
4-131
4-132
Issue 03 (2008-09-22)
PE1, PE2, and RR1 are located within the backbone network AS100. CE1 and CE2 belong to the VPNA.
Issue 03 (2008-09-22)
4-133
POS1/0/0 100.1.2.2/24
POS2/0/0 100.2.3.1/24
RR1
POS1/0/0 100.1.2.1/24 Loopback1 1.1.1.9/32
CE1 AS65410
CE1 AS65420
Configuration Roadmap
The configuration roadmap is as follows: 1. 2. 3. 4. Set up the MP-IBGP connection between the PE and the reflector. (There is no need to set up the MP-IBGP connection between PEs.) Set up the EBGP connection between the PE and the CE. Configure the MPLS LSP on the public network tunnel and enable the MPLS LDP on the devices and interfaces along LSP. Configure the RR1 to back up VPN-IPv6 routes from PE1 and PE2 to advertise to PE. RR must receive all the IPv6 VPN routing information without any filtration by VPN target.
Data Preparation
To complete the configuration, you need the following data:
l l l
MPLS LSR IDs of the PE and the ASBR Names, RDs, and VPN targets of the VPN instances created on PE1 and PE2 Routing protocol used to exchange routing information between the PE and CE (EBGP in this example) Convergence priorities of the routes in the VPN instances Name of the RD filter and the name of the routing policy
l l
Configuration Procedures
1. Configure IGP on the MPLS backbone network to interconnect the devices along the LSP. In this example, OSPF is adopted and the detailed configuration is not mentioned here.
NOTE
4-134
Issue 03 (2008-09-22)
After the configuration, the devices along the LSP can learn the address of the loopback interface of each other. Take the display on the PE1 as an example.
<PE1> display ip routing-table Routing Tables: Public Destinations : 9 Destination/Mask Proto Pre 1.1.1.9/32 Direct 0 2.2.2.9/32 OSPF 10 3.3.3.9/32 OSPF 10 100.1.2.0/24 Direct 0 100.1.2.1/32 Direct 0 100.1.2.2/32 Direct 0 100.2.3.0/24 OSPF 10 127.0.0.0/8 Direct 0 127.0.0.1/32 Direct 0 Routes : 9 Cost Flags 0 D 1 D 3 D 0 D 0 D 0 D 2 D 0 D 0 D
NextHop 127.0.0.1 100.1.2.2 100.1.2.2 100.1.2.1 127.0.0.1 100.1.2.2 100.1.2.2 127.0.0.1 127.0.0.1
Interface InLoopBack0 Pos1/0/0 Pos1/0/0 Pos1/0/0 InLoopBack0 Pos1/0/0 Pos1/0/0 InLoopBack0 InLoopBack0
2.
Set up the LSP tunnel on the MPLS backbone network. Enable MPLS and the MPLS LDP on the devices and interfaces along the LSP. The detailed configuration is not mentioned here. After the configuration, run the display mpls ldp session command on the PE and RR. You can see that the "Session State" is "Operational" in the display. Take the display on the PE1 and the RR1 as examples.
[PE1] display mpls ldp session LDP Session(s) in Public Network ---------------------------------------------------------------------Peer-ID Status LAM SsnRole SsnAge KA-Sent/Rcv ---------------------------------------------------------------------2.2.2.9:0 Operational DU Passive 000:00:01 8/8 ---------------------------------------------------------------------LAM : Label Advertisement Mode SsnAge Unit : DDD:HH:MM [RR] display mpls ldp session LDP Session(s) in Public Network ---------------------------------------------------------------------Peer-ID Status LAM SsnRole SsnAge KA-Sent/Rcv ---------------------------------------------------------------------1.1.1.9:0 Operational DU Active 000:00:02 11/11 3.3.3.9:0 Operational DU Passive 000:00:01 8/8 ---------------------------------------------------------------------LAM : Label Advertisement Mode SsnAge Unit : DDD:HH:MM
3. 4. 5.
Configure the IPv6 VPN instance on the PE device. For the detailed configuration, see Example for Configuring BGP/MPLS IPv6 VPN. Set up the EBGP peer relationship between the PE and the CE and import the VPN routes. For the detailed configuration, see Configuring BGP4+ Between PE and CE. Set up the MP-IBGP peer relationship between the PE and the reflectors. # Configure PE1.
[PE1] bgp 100 [PE1-bgp] peer 2.2.2.9 as-number 100 [PE1-bgp] peer 2.2.2.9 connect-interface loopback 1 [PE1-bgp] ipv6-family vpnv6 [PE1-bgp-af-vpnv6] peer 2.2.2.9 enable [PE1-bgp-af-vpnv6] quit
# Configure RR.
<RR> system-view [RR] bgp 100 [RR-bgp] peer 1.1.1.9 [RR-bgp] peer 1.1.1.9 [RR-bgp] peer 3.3.3.9 [RR-bgp] peer 3.3.3.9 as-number 100 connect-interface loopback 1 as-number 100 connect-interface loopback 1
Issue 03 (2008-09-22)
4-135
# Configure PE2. The configuration of PE2 is similar to that of PE1 and is not mentioned here. After the configuration, run the display bgp vpnv6 all peer command on the PE device. You can see that the IBGP peer relationship is set up between the PE and the reflectors. The status of the relationship is "Established". The EBGP peer relationship has been set up between the PE and the CE. Take the display on the PE1 and RR as examples.
<PE1> display bgp vpnv6 all peer BGP local router ID : 1.1.1.9 Local AS number : 100 Total number of peers : 2 Peer V AS MsgRcvd 2.2.2.9 4 100 15 Peer of vpn6 instance : vpn6 instance VPNA : 2001::1 4 65410 9
MsgSent 17 10
Peers in established state : 2 OutQ Up/Down State PrefRcv 0 00:13:11 Established 0 0 00:06:41 Established 0
6.
7.
Check the configuration. On checking the VPN routing table on the PE, you can find the route to the remote CE. Take the PE1 as an example.
<PE1> display ipv6 routing-table vpn6-instance VPNA Routing Table : VPNA Destinations : 4 Routes : 4 Destination : 2001:: NextHop : 2001::2 Interface : Pos2/0/0 State : Active Adv Tunnel ID : 0x0 Age : 10936sec Destination : 2001::2 NextHop : ::1 Interface : InLoopBack0 State : Active NoAdv Tunnel ID : 0x0 Age : 10936sec Destination : 2002:: NextHop : ::FFFF:4.4.4.9 Interface : NULL0 State : Active Adv GotQ Tunnel ID : 0x6002d20 Age : 1753sec Destination : FE80:: NextHop : :: Interface : NULL0 State : Active NoAdv Tunnel ID : 0x0 Age : 10940sec
PrefixLength Preference Protocol Cost Label PrefixLength Preference Protocol Cost Label PrefixLength Preference Protocol Cost Label PrefixLength Preference Protocol Cost Label
: : : : : : : : : : : : : : : : : : : :
64 0 Direct 0 NULL 128 0 Direct 0 NULL 64 255 BGP 0 15360 10 0 Direct 0 NULL
4-136
Issue 03 (2008-09-22)
CE1 and CE2 can ping each other successfully. It means that the reflector is configured successfully.
Configuration Files
l
Configuration file of RR
# sysname RR # ipv6 # mpls lsr-id 2.2.2.9 mpls lsp-trigger all
Issue 03 (2008-09-22)
4-137
4-138
Issue 03 (2008-09-22)
Issue 03 (2008-09-22)
4-139
5 VLL Configuration
5
About This Chapter
VLL Configuration
This chapter describes the principle, application and configuration for various VLL technologies. 5.1 Overview This section describes the basic principle of VLL. 5.2 Configuring CCC VLL This section describes how to configure CCC VLL. 5.3 Configuring the SVC VLL This section describes how to configure SVC VLL. 5.4 Configuring Martini VLL This section describes how to configure Martini VLL. 5.5 Configuring Kompella VLL This section describes how to configure Kompella VLL. 5.6 Configuring VLL IP Interworking This section describes how to configure VLL IP interworking. 5.7 Configuring Inter-AS Martini VLL This section describes how to configure the inter-AS Martini VLL. 5.8 Configuring the Inter-AS Kompella VLL This section describes how to configure the inter-AS Kompella VLL. 5.9 Configuring VLL FRR This section describes how to configure VLL FRR. 5.10 Maintaining VLL This section describes how to maintain VLL. 5.11 Configuration Examples This section provides several configuration examples of VLL.
Issue 03 (2008-09-22)
5-1
5 VLL Configuration
5.1 Overview
This section describes the basic principle of VLL. 5.1.1 Introduction to VLL 5.1.2 VLL Features Supported by the NE80E/40E
Dependence on special media (such as ATM or FR): The carriers must establish ATM networks or FR networks for ATM-based or FR-based VPNs across the country. This is a waste of network construction. Complicated VPN structure: when a site is added to an existing VPN, it is necessary to modify the configuration of all the edge nodes that access the VPN site.
To avoid the preceding disadvantages, new solutions are introduced. Virtual Leased Line (VLL) based on Multiprotocol Label Switching (MPLS) L2VPN is one of the solutions.
NOTE
VLL in this chapter refers to VLL based on MPLS L2VPN, unless otherwise specified.
The VLL provides Layer 2 VPN services on the MPLS network. It allows the establishment of L2VPNs on different media including ATM, FR, VLAN, Ethernet and PPP. At the same time, the MPLS network provides traditional IP services, MPLS L3VPN, traffic engineering and QoS. The VLL transfers Layer 2 data of the user transparently on the MPLS network. The MPLS network is a Layer 2 switching network used to establish Layer 2 connections between nodes. Consider ATM as an example. Configure an ATM virtual circuit for each Customer Edge device (CE) to communicate with another CE device through the MPLS network, similar to that through the ATM network.
NOTE
In VLL, the concepts and the principles of CE, PE and P are similar to that in BGP/MPLS L3VPN.
5-2
Issue 03 (2008-09-22)
5 VLL Configuration
CE VPN A
TM
M AT
VC
VC
P LS
PE
PE
V C
AT M
AT M
P CE VPN B
PE
CE VPN B
High scalability: The VLL establishes layer 2 link relationships. It does not import and manage the routing information of the user. It significantly reduces the load of the PE device and SP network. This enables the carrier to support more VPNs and more users. Reliability and guaranteed security of private routing information: The VLL cannot obtain and process VPN routing information because it is not imported. Support for network layer protocols such as IP, IPX, and SNA.
Figure 5-2 shows the model of VLL. Figure 5-2 VLL model
AC
VC Tunnel
AC
CE
PE
MPLS Network
PE
CE
Attachment Circuit (AC) : AC is an independent link or circuit that connects CE and PE. The AC interface may be a physical interface or a logical interface. The AC attributes include the encapsulation type, MTU and interface parameters of specified link type. Virtual Circuit (VC) : It refers to a kind of logical connection between two PEs. Tunnel (Network Tunnel) : It transmits the user data transparently.
l l
Through the label stack, VLL can realize the transparent transmission of user datagram in an MPLS network.
Issue 03 (2008-09-22)
5-3
5 VLL Configuration
l
Outer label: The label, which is also called tunnel label, is used in transferring packets from one PE to another. Inner label: The label, which is also called VC label in VLL, is used to identify different links between VPNs. The PE on the receiver side transfers packets to the corresponding CE according to the VC label.
Figure 5-3 shows the packet label change in the forwarding process. Figure 5-3 VLL label processing
CE 1 PE 1 P PE 2 CE 2
L2PDU
T V
L2PDU
T' V
L2PDU
L2PDU
Figure 5-3 shows the Layer 2 Protocol Data Unit (PDU) that is the link layer packet. Here, T represents Tunnel label; V represents VC label; T indicates that the outer label is substituted in the forwarding process.
Local connection: refers to the connection between two local CEs. The two CEs are connected to the same PE. Similar to a layer 2 switch, PE can directly transport packets without configuring static LSP. Remote connection: refers to the connection between local CE and remote CE. The two CEs are on different PEs. In this case, static LSP configuration is needed to transfer packets from one PE to another PE. Configuration command is run on the PE to map the static LSP to the CCC connection.
SVC VLL
The SVC implements VLL through static configuration. The SVC transfers L2VPN information without using the signaling protocols. The VC label needs to be configured manually. While creating the static L2VC connection of SVC, specify the tunnel type (LDP LSP, GRE or CR LSP) and enable the load balancing by configuring the tunnel policy. The SVC supports inter-AS L2VPN in multi-hop mode. It does not support local connection.
NOTE
The labels used by CCC and SVC range from 16 to 1023. They are in the same label space with those reserved for static LSPs.
5-4
Issue 03 (2008-09-22)
5 VLL Configuration
Martini VLL
The Martini mode implements the L2VPN by setting up a point-to-point link. It takes LDP as the signaling protocol to transfer Layer 2 information and VC labels. The Martini VLL adopts VC-type plus VC-ID to identify a VC between two CEs.
l
VC-type: indicates the type of the VC, such as ATM (atm-aal5-sdu, atm-trans-cell), Ethernet, PPP and HDLC. VC-ID: VC-ID of each VC in the same VC-type must be unique in the whole PE.
The PEs connecting two CEs exchange VC labels through LDP, and bind the corresponding CE by VC-ID. A VC is set up when all the following conditions are satisfied:
l l l
The tunnel between the two PEs is successfully created. The label exchange and the binding with CE are completed. The state of the two interfaces of AC is Up.
In order to exchange VC labels between PEs, the Martini extends LDP by adding the FEC type in the VC FEC. For remote connections, the two PEs that exchange the VC label cannot be directly connected; therefore, the remote LDP session must be set up to convey the VC FEC and the VC label. Martini supports inter-AS L2VPN in multi-hop mode. However, it does not support local connection.
Kompella VLL
The Kompella mode takes BGP as the signaling protocol to transfer Layer 2 information and VC labels. It realizes the L2VPN by means of end-to-end (CE to CE) in the MPLS network. The Kompella VLL is different from Martini. That is, it does not operate on the connection between the CEs directly. It allocates different VPNs in the whole SP network and encodes each CE in the VPN. Similar to BGP/MPLS VPN, the Kompella VLL uses VPN targets to identify different VPNs that make the VPN networking more flexible. To connect two CEs, you need to configure the local CE ID and remote CE ID on the PE. The Kompella supports both local and remote connections. It supports inter-AS L2VPN in the following two modes:
l l
Multi-hop mode: adopts routes with BGP label. MP-EBGP mode: saves label block on the ASBR.
The Kompella VLL adopts the label block to allocate the labels. Through the label blocks, labels can be allocated to connections at the same time. Users specify the local CE range that indicates the number of CEs that can be connected with this CE. The PE assigns a label block for this CE. The size of the label block is equal to the CE range. In this manner, the users can reserve some extra labels for the VPN for future use. On a short term basis, it is a waste of label resources, but it reduces the workload of VPN deployment and configuration in expansion. Suppose an enterprise VPN has 10 CEs and the number may increase to 20 due to its service expansion in future. The CE range of each CE can be set to 20 to meet future expansion. If the
Issue 03 (2008-09-22) Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd. 5-5
5 VLL Configuration
VPN adds nodes in the future, it is necessary to modify the configuration of the PE that is directly connected with the new CE, without modifying other PEs.
L2VPN Internetworking
If the link types of CEs at the two ends of an L2VPN are different, use the L2VPN internetworking feature. According to the recommendation in draft-kompella-ppvpn-l2vpn, IP-internetworking should be used as the encapsulation type of the L2VPN interface on the PE to set up an L2VPN connection. In this case, Layer 3 data (IP packets) can be delivered transparently across the MPLS network. When the L2VPN internetworking feature is adopted,
l
You need to encapsulate the L2VPN interface on the PE at the two ends with IPinternetworking. The PE begins to establish the L2VPN connection after the physical status of the interfaces goes up. The PE allows L2VPN forwarding once the L2VPN connection is established. In this case, the system considers the physical link for transparent transmission available irrespective of whether the status of the link layer protocol is up or down. After the status of both the AC and L2VPN tunnel goes up, the CEs at the two ends can transmit and receive IP packets.
After the L2VPN connection is established, the IP packets are processed as follows:
l
On receiving an IP packet from the CE, the PE decapsulates the link layer packet and delivers the IP packet to the MPLS network. The IP packet is transparently transported to the peer PE across the MPLS network. The peer PE re-encapsulates the IP packet according to its own link layer protocol type, and then sends the encapsulated packet to the CE connected with it. The link layer control packet sent by the CE is processed by the PE and does not enter the MPLS network. All non-IP packets (such as MPLS and IPX packets) are discarded and none of them is transferred across the MPLS network.
NOTE
l l
Unless otherwise stated, the PE in the CE-PE configuration refers to the local PE.
Different link layer protocols process MPLS L2VPN internetworking in different ways:
l
Ethernet and VLAN The following interfaces used in L2VPN can be encapsulated with IP-internetworking:
Interfaces and sub-interfaces of Ethernet type Interfaces and sub-interfaces of Gigabit Ethernet type Interfaces of Virtual-Ethernet (VE) type Eth-Trunk interface and its sub-interface There is no need to assign an IP address to the Ethernet interface of the PE. No route is generated even if an IP address has been assigned.
Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd. Issue 03 (2008-09-22)
Note that:
5-6
5 VLL Configuration
The Ethernet interface of the PE processes only the ARP packets and the IP packets. The PE does not update the dynamic MAC entry when receiving IP packets from the CE. You can not encapsulate an ATM interface or an ATM sub interface as IPinternetworking when the VE interface associated with the same PVC is also encapsulated as IP-internetworking. The ARP entries of the L2VPN Ethernet interface with IP-internetworking are different from those of the L2VPN Ethernet interface without IP-internetworking. The L2VPN incoming interface with IP-internetworking on the PE uses the MAC address of the PE to respond to the ARP request packet from the CE irrespective of the destination IP address of the packet. An Ethernet interface or sub interface of the PE can be connected only with one CE and cannot be connected with multiple CEs or other devices through a hub or a LAN switch. Otherwise, the PE may learn useless MAC addresses, resulting in forwarding failure. The L2VPN supports two types of authentication protocols, Password Authentication Protocol (PAP) and Challenge Handshake Authentication Protocol (CHAP). The authentication mode can be local, RADIUS or HWTACACS. The L2VPN internetworking supports the STAC-LZS compression. It does not support the IPHC and VJ compression. The IP address of PE and CE can be assigned y PE or by CE. The address assignment mechanism is the same as that in ordinary situations. The L2VPN internetworking supports transparent transmission of IP packets from the local CE to the remote CE. It does not support transparent transmission of MPLS, ISIS, and IPX packets. If these protocols are configured on the interface, the system still negotiates their NCPs but does not forward their data packets.
NOTE
PPP
It is recommended to assign the IP address to the PE through CE for PPP links. This can avoid address collision on the PE, and is also convenient for the deployment of the network.
Inter-AS VLL
The realization of an inter-AS VLL depends on the actual environment. In CCC mode, the label is of single layer. Therefore, the inter-AS can be realized after the static LSP is set up between the ASBRs. SVC, Martini and Kompella modes can realize the inter-AS Option A (VRF-to-VRF) . In the L2VPN networking, the link type between the ASBRs and that of the VC must be the same. In the inter-AS Option A, each ASBR must reserve a sub-interface for each inter-AS VC. If the number of the inter-AS VCs is small, the Option A can be adopted. Compared with the L3VPN, the inter-AS Option A of the L2VPN consume more resources. Option C is a better solution. The SP network devices need only set up the outer tunnel on the PEs of different ASs. The ASBR need not maintain information about the inter-AS L2VPN. The ASBR also need not reserve interfaces for the inter-AS L2VPN. The L2VPN information is exchanged only between PEs. Thus, the resources consumption decreases.
Issue 03 (2008-09-22)
5-7
5 VLL Configuration
VLL FRR
With the wide applications of VLLs, the requirement for the reliability of VLLs becomes increasingly high, especially for L2VPNs that carry real-time services such as VoIP and IPTV. Virtual Lease Line Fast Reroute (VLL FRR) is one of the solutions to increasing the reliability of L2VPNs. VLL FRR detects faults in L2VPNs through the Operations, Administration and Maintenance (OAM) and BFD, advertises the faults, and fast switches traffic. PW FRR is mainly used in the following networking modes:
l
Symmetrically dual-homed CEs The CEs at the two ends are dual-homed to the corresponding PEs through two ACs, as shown in Figure 5-4. Figure 5-4 Symmetrically dual-homed CEs
PE1 P1 PE4
VPN backbone
AC4 CE2
P2
PE3
AC3 Site2
Asymmetrically connected CEs One CE is connected to a PE through an AC and the other CE is dual-homed to PEs through two ACs, as shown in Figure 5-5. Figure 5-5 Asymmetrically connected CEs
P1 PE1 VPN backbone AC1 AC3 Site1 P2 PE3 Site2 PE2
AC2 CE2
CE1
In the scenario shown in Figure 5-5, you need to note the following:
l
When a CE is connected to a PE through an Ethernet link, networking between homogeneous services instead of internetworking can be configured on the PE.
Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd. Issue 03 (2008-09-22)
5-8
5 VLL Configuration
When a CE is connected to a PE through a PPP, or HDLC link, the following situations occur:
Internetworking rather than networking between homogenous services can be configured on the PE. Primary and secondary IP addresses can be configured on the CE1 interfaces connecting CE1 to PE1. The traffic with the primary IP address is forwarded by the master PW and the traffic with the secondary IP address is forwarded by the backup PW. CEs can advertise routes to each other by using OSPF, but OSPF does not support the advertisement of the routes with secondary IP addresses. If a device configured with the secondary IP address is connected to other devices, the device cannot forward routes.
VLL supports Ethernet interface or sub interface, GE interface or sub interface, POS interface, serial interface, and ATM interface or sub interfaces.
The VLAN can use only the Ethernet sub interface as the CE interface. If the Ethernet main interface serves as the CE interface, the system defaults its encapsulation type as Ethernet, rather than VLAN. In VLL, configure only one virtual circuit for each sub interface. If there are two or more virtual circuits, only the first one is valid.
Pre-configuration Tasks
Before configuring CCC L2VPN, you need to complete the following tasks:
Issue 03 (2008-09-22) Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd. 5-9
5 VLL Configuration
l l
Configuring basic MPLS capability for the MPLS backbone network (PE or P) Configuring sub-interfaces when the AC type is VLAN, configuring VCs when the AC type is ATM
NOTE
For the configuration of VLAN sub-interface and ATM Virtual Channel, refer to the chapter "VLAN Configuration" in the Quidway NetEngine80E/40E Router Configuration Guide - LAN Access and MAN Access and the chapter "ATM Configuration" in the Quidway NetEngine80E/40E Router Configuration Guide - WAN Access.
Data Preparations
To configure CCC VLL, you need the following data. No. 1 2 3 4 5 Data Name of the CCC connection Connection type: local connection or remote connection Local CCC connection: the type and number of the incoming and outgoing interfaces Remote CCC connection: the type and number of the incoming interface, next hop address or the type and number of outgoing interface Remote CCC connection: the in-label and out-label values of LSRs
Choose Creating a Local CCC Connection or Creating a Remote CCC Connection according to the required connection type.
Procedure
Step 1 Run:
system-view
5 VLL Configuration
Context
The local CCC connection is bidirectional, and thus only one connection is required. Do as follows on the PEs:
Procedure
Step 1 Run:
system-view
A local CCC connection is created. After the configuration mentioned above on the PE, a local CCC connection is created. ----End
A remote CCC connection is configured. When configuring PE and P, if the outgoing interface is of non-Point-to-Point (P2P) type (such as Ethernetand ATM), you must specify the next hop address for the outgoing interface by specifying nexthop. In the NE80E/40E, for a PE, only the inner label and outer label rather than two static LSPs need be configured for a remote CCC connection. Exclusively used by this CCC connection, the inner label serves as the static LSP. l Configuring P Do as follows on the Ps that the VC passes through: 1. Run:
system-view
5 VLL Configuration
2.
Run:
static-lsp transit lsp-name incoming-interface interface-type interfacenumber in-label in-label { nexthop next-hop-addr | outgoing-interface interface-type interface-number } out-label out-label
The P device is configured as a transit LSR of the static LSP. It is not necessary to configure static LSPs on the PEs for the CCC connection. You should configure a bidirectional transit static LSP on all the P devices between the PEs. These LSPs are used to transfer the data of this CCC exclusively. Furthermore, MPLS L2VPN need not be enabled on the P devices. ----End
Run the display ccc command. You can find that the status of the CCC VC is Up. For example: Information about the local connection is as follows:
<Quidway> display ccc total ccc vc : 1 local ccc vc : 1, 1 up remote ccc vc : 0, 0 up name: CE1-CE2, type: local, state: up, intf1: Pos1/0/0 (up), intf2: Pos2/0/0 (up)
Run the display l2vpn ccc-interface vc-type ccc command. You can find that the VC type is CCC and the VC status is Up. For example:
<Quidway> display l2vpn ccc-interface vc-type all Total ccc-interface of CCC : 1 up (1), down (0) Interface Encap Type Pos1/0/0 ppp
State up
VC Type ccc
5-12
Issue 03 (2008-09-22)
5 VLL Configuration
5.3.1 Establishing the Configuration Task 5.3.2 Enabling MPLS L2VPN 5.3.3 Creating an SVC VLL Connection 5.3.4 Checking the Configuration
Pre-configuration Tasks
Before configuring SVC VLL, you need to complete the following tasks:
l
Configuring the static route or IGP for the MPLS backbone network (PE and P) to implement IP connectivity Enabling the MPLS for PEs Establishing a tunnel between PEs according to the tunnel policy Configuring sub-interfaces when the AC type is VLAN, configuring VCs when the AC type is ATM
NOTE
l l l
For the configuration of VLAN sub interface and ATM virtual channel, refer to the chapter "VLAN Configuration" in the Quidway NetEngine80E/40E Router Configuration Guide - LAN Access and MAN Access and the chapter "ATM Configuration" in the Quidway NetEngine80E/40E Router Configuration Guide - WAN Access.
Data Preparation
To configure the SVC VLL, you need the following data. No. 1 2 3 4 Data Type and number of the interface accessing CE Destination LSR ID of SVC In-label and out-label values of L2VPN connection Tunnel policy of the SVC
Issue 03 (2008-09-22)
5-13
5 VLL Configuration
Procedure
Step 1 Run:
system-view
Procedure
Step 1 Run:
system-view
The parameters raw and tagged are needed only for the Ethernet link.
----End
5 VLL Configuration
Action Check the SVC L2VPN connection information on the PE. Check the interface information of the SVC connections in Up/Down state.
Command display mpls static-l2vc [ interface interface-type interface-number ] display l2vpn ccc-interface vc-type static-l2vc [ down | up ]
Run the display mpls static-l2vc command. You can find that the VC status is Up. For example:
<Quidway> display mpls Total svc connections: *Client Interface AC Status VC State VC ID VC Type Destination Transmit VC Label Receive VC Label Control Word VCCV Capability Tunnel Policy Name Traffic Behavior PW Template Name Main or Secondary Create time UP time Last change time static-l2vc 1, 1 up, 0 down : Pos1/0/0 is up : up : up : 0 : PPP : 3.3.3.9 : 100 : 200 : Disable : Disable : -: -: -: Main : 0 days, 0 hours, 6 minutes, 44 seconds : 0 days, 0 hours, 6 minutes, 44 seconds : 0 days, 0 hours, 6 minutes, 44 seconds
Run the display l2vpn ccc-interface vc-type static-vc up command. You can find that the VC type is SVC and the status is Up. For example:
<Quidway> display l2vpn ccc-interface vc-type static-vc up Total ccc-interface of SVC VC: 1 up (1), down (0) Interface Encap Type State Pos1/0/0 ppp up
VC Type static-vc
5 VLL Configuration
In Martini mode, an LSP between two PEs can be shared by multiple VCs. Information about the VC label and LSP is stored only on the PE devices. The P devices do not store any Layer 2 VPN information. Therefore, Martini mode features excellent extensibility. When a new VC is needed, you only need to configure a unidirectional VC on each PE device of the two ends. The network operation is not affected. Compared with Kompella mode, Martini mode uses LDP rather than BGP as the signaling protocol, which ensures Martini mode to be independent of the refresh mechanism. Therefore, Martini mode can feel the faults swiftly.
Pre-configuration Tasks
Before configuring Martini VLL, you need to complete the following tasks:
l
Configuring the static route or IGP for the MPLS backbone network (PE or P) to implement IP connectivity Enabling MPLS for PEs Establishing an LDP session between PEs which are connected directly, or establishing a remote LDP session between PEs which are connected indirectly Establishing a tunnel between PEs according to the tunnel policy Configuring a sub interface for the VLAN access of CE and configuring VC for the ATM access of CE
NOTE
l l
l l
For the configuration of VLAN sub interface and ATM virtual channel, refer to the chapter "VLAN Configuration" in the Quidway NetEngine80E/40E Router Configuration Guide - LAN Access and MAN Access and the chapter "ATM Configuration" in the Quidway NetEngine80E/40E Router Configuration Guide - WAN Access.
Data Preparation
To configure Martini VLL, you need the following data. No. 1 2 3 Data Type and number of the interface accessing CE Destination address and VC ID of L2VC Tunnel policy
Procedure
Step 1 Run:
system-view
5-16
Issue 03 (2008-09-22)
5 VLL Configuration
Procedure
Step 1 Run:
system-view
By default, the system adopts the PWE3 mode. The PWE3 mode supports the Notification packet while the Martini mode does not support the Notification packet. For the detail about the Notification packet, refer to "PWE3 Configuration." If the opposite PE does not support the Notification packet, use the mpls l2vpn default martini command to switch the system mode to Martini.
Step 4 Run:
quit
The parameters raw and tagged are needed only for the Ethernet link.
Issue 03 (2008-09-22)
5-17
5 VLL Configuration
Martini VLL requires that the VC ID of the same encapsulation type on a PE must be unique. The modification of encapsulation might cause VC ID collision. For example, the interfaces POS 1/0/0 and POS 2/0/0 are encapsulated in HDLC and PPP separately and each creates an LDP connection with VC ID being 1. If you modify the link layer encapsulation type of POS 2/0/0 to HDLC: there are two CCC-HDLC encapsulated LDP connections. The VC IDs of both are 1. To avoid collision, the LDP connection on POS 2/0/0 is deleted automatically. ----End
Run the display mpls l2vc command. You can find that destination is the peer IP address of the specified VC and VC state is up. For example:
<Quidway> display mpls l2vc total LDP VC : 1 1 up 0 down *client interface : GigabitEthernet1/0/0.1 session state : up AC status : up VC state : up VC ID : 101 VC type : VLAN destination : 3.3.3.9 local VC label : 21504 remote VC label : 21504 control word : disable forwarding entry : existent local group ID : 0 manual fault : not set active state : active link state : up local VC MTU : 1500 remote VC MTU : 1500 tunnel policy name : -traffic behavior name: -PW template name : -primary or secondary : primary create time : 0 days, 0 hours, 6 minutes, 48 seconds up time : 0 days, 0 hours, 5 minutes, 9 seconds last change time : 0 days, 0 hours, 5 minutes, 9 seconds
Run the display mpls l2vc remote-info command. You can find that the peer address is the peer address of the specified VC. For example:
<Quidway> display mpls l2vc remote-info Total remote ldp vc : 1 Transport Group Peer Remote
Remote
MTU/
5-18
Issue 03 (2008-09-22)
5 VLL Configuration
Bit CELLS Bit Bit 0 1500 0 0
Run the display mpls l2vc brief command. You can find that destination is the peer IP address of the specified VC and VC state is up. For example:
<Quidway> display mpls l2vc brief Total ldp vc : 1 1 up 0 down *Client Interface VC State VC ID VC Type Destination : : : : : GigabitEthernet1/0/0.1 up 101 VLAN 3.3.3.9
Pre-configuration Tasks
Before configuring Kompella VLL, complete the following tasks:
l
Configuring the static route or IGP for the MPLS backbone network (PE and P) to implement IP connectivity
Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd. 5-19
Issue 03 (2008-09-22)
5 VLL Configuration
l l l
Enabling MPLS for the PE and P Establishing tunnels (CR-LSP, GRE, or LSP) between PEs according to the tunnel policy Configuring sub-interfaces when the AC type is VLAN, configuring VCs when the AC type is ATM
NOTE
For the local connection, the IGP and LDP configurations are not required.
Data Preparation
To configure Kompella VLL, you need the following data. No. 1 2 3 4 Data AS number of local PE and peer PE Name, RD and VPN-Target of the L2VPN connection CE name, CE ID and CE range CE offset
Procedure
Step 1 Run:
system-view
5 VLL Configuration
Procedure
Step 1 Run:
system-view
An interface to create the TCP connection is specified. The loopback interface address with 32-bit mask must be used to establish the MP-IBGP peer relationship between the PEs. This can avoid a situation of packets being unable to find the correct route due to route aggregation. The route to the loopback interface is advertised to the peer PE through IGP on the MPLS backbone network. Step 5 Run:
l2vpn-family
The specified peer is enabled. For local connection, the configuration in this section is not required. ----End
Configure the MTU of the L2VPN on the PE to be the same as that of non-Huawei products. Use the ignore-mtu-match command to ignore the MTU matching check.
The Kompella VLL must create an L2VPN instance on the PE for each directly connected CE. When an L2VPN is created, the specified encapsulation type must be consistent with that of the CE interface.
Issue 03 (2008-09-22) Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd. 5-21
5 VLL Configuration
The configuration and usage of the VPN target and RD are completely the same as that of the BGP/MPLS VPN. It means that the configuration and usage of the VPN target and RD are omitted here except one point: For Kompella VLL, you must configure RD before configuring the other commands. The RD cannot be changed once it is configured. The only way to modify RD is to delete this VLL and re-create one. Do as follows on the PEs of the two ends of the VC:
Procedure
Step 1 Run:
system-view
A VPN is created and the MPLS L2VPN view is displayed. Step 3 Run:
route-distinguisher route-distinguisher
The Layer 2 MTU is set for the VPN. Step 5 (Optional) Run:
ignore-mtu-match
Procedure
Step 1 Run:
system-view
5 VLL Configuration
Step 2 Run:
mpls l2vpn l2vpn-name
A CE is specified and the MPLS-L2VPN-CE view is displayed. The CE ID is used to uniquely identify a CE in a VPN. It is recommended to encode CE ID with continuous numbers starting from 1. The CE range indicates the maximum number of CEs that this CE can connect with. According to the prediction of the VPN expansion, configure the CE range more than what is required. This can reduce the configuration modification when CE devices are added in the VPN in future. You can increase only the CE range. For example, if the original CE range is 10, you can increase it to 20, but cannot reduce it to 5. When the CE range is modified, PE allocates another 10-label block instead of releasing the original label block to allocate a 20-label block. Therefore, the service will not be interrupted by the modification of the CE range. The only way to reduce the CE range is to delete this CE and re-create one. The CE offset is the CE ID of the other local or remote CE that is connected with this CE. Default-offset is the defaulted CE offset. You can specify default-offset as 0 or 1. Its default value is 0. If default-offset is 1, you cannot change it to 0. If the default-offset is 0, the CE offset must be less than the CE range. If the default-offset is 1, the CE offset must be less than or the same as that of the CE range. For the remote connection, the CE offset and the CE ID of the remote CE must be the same. Otherwise, the connection cannot be set up. For the local connection between two CEs, a offset of a CE is the CE ID of the other CE. If the CE offset is not designated:
l l
For the first connection of this CE, the CE offset is the default value of default-offset. For other connections, the CE offset is that of the former connection plus 1. If the CE offset of the former connection plus 1 is equal to this CE ID, then the CE offset is that of the former connection plus 2.
If CE ID starting from 1 is numbered in an incremental sequence and the connection is configured according to this sequence, then the ce-offset parameters of most of the connections can use the default ones. This simplifies the configuration. Step 4 Run:
connection [ ce-offset id ] interface interface-type interface-number [ tunnelpolicy policy-name ] [ raw | tagged ]
A CE connection is created.
Issue 03 (2008-09-22)
5-23
5 VLL Configuration
NOTE
All Kompella L2VPN instances and VPLS VSI instances of one device share one label block; therefore, the sum of the ranges of all Kompella L2VPN instances and VPLS VSI instances cannot exceed the size of the label block. Otherwise, the system prompts that the labels cannot be obtained because the required labels exceed the upper limit; thus, allocation of a site ID to a VSI or creation of a CE fails. The permitted maximum label block varies with specific products.
----End
Procedure
l Configuring BGP L2VPN Route Attributes
NOTE
BGP L2VPN uses the TCP connection the same as the common BGP, and most BGP L2VPN features inherit the common BGP configurations. You need to enable the capability of exchanging L2VPN label blocks between BGP peers in the BGP L2VPN sub-address family view because L2VPN label blocks need to be exchanged.
Configuring the RR to Establish MP IBGP Connections with the Peer Group Add all the client PEs to a peer group and establish an MP-IBGP connection with the peer group. Do as follows on the RR: 1. Run:
system-view
5-24
Issue 03 (2008-09-22)
5 VLL Configuration
The interface is specified as an interface to establish the TCP connection. The IP address of the interface must be the same as the MPLS LSR ID. It is recommended to specify a loopback interface to establish the TCP connection. 6. Run:
l2vpn-family
The capability of exchanging IPv4 VPN routes between the RR and the peer group is enabled. 8. Run:
peer ip-address group group-name
The peer is added to the peer group. l Configuring BGP L2VPN Route Reflection on the RR Do as follows on the RR: 1. Run:
system-view
The filtering of L2VPN label blocks based on the VPN target is disabled. 6. (Optional) Run:
rr-filter extended-list-number
5 VLL Configuration
Action View the BGP information of the Kompella VLL. View the connection information of the Kompella VLL. View the L2VPN information on PE. View the route target list of the L2VPN.
Command display bgp l2vpn { all | group [ group-name ] | peer [ [ peer-ip-address ] verbose ] | route-distinguisher routedistinguisher [ ce-id ce-id [ label-offset label-offset ] ] } display mpls l2vpn connection [ vpn-name [ remote-ce ce-id | down | up | verbose ] | summary | interface interface-type interface-number ] display mpls l2vpn [ l2vpn-name [ local-ce | remote-ce ] ] display mpls l2vpn { export-route-target-list | importroute-target-list }
Run the display bgp l2vpn command. You can find that nexthop is the peer address of the VC, route-distinguisher of the L2VPN is correct, and the label allocation is complete. For example:
<Quidway> display bgp l2vpn all BGP Local router ID : 1.1.1.9, local AS number : 100 Origin codes:i - IGP, e - EGP, ? - incomplete bgp.l2vpn: 1 destination Route Distinguisher: 100:1 CE ID Label Offset Label Base nexthop pref 2 0 25600 3.3.3.9 100
as-path
Run the display mpls l2vpn connection command. You can find that VPN name is correctly configured, status of the connection is up, and route-distinguisher is correctly configured. For example:
<Quidway> display mpls l2vpn connection 1 total connections, connections: 1 up, 0 down, 0 local, 1 remote, 0 unknown CE name: ce1, id: 1, Rid type status peer-id route-distinguisher interface primary or not ---------------------------------------------------------------------------2 rmt up 3.3.3.9 100:1 GigabitEthernet1/0/0.1 primary
Run the display mpls l2vpn [ l2vpn-name [ local-ce | remote-ce ] ] command. You can find that route-distinguisher and L2VPN route targets are correctly configured. For example:
<Quidway> display mpls l2vpn vpn1 VPN name: vpn1, encap type: ppp, local ce number(s): 1, remote ce number(s): 1 route distinguisher: 100:1, MTU: 1500 import vpn target: 1:1, export vpn target: 1:1, remote vpn site(s) : no. remote-pe-id route-distinguisher 1 3.3.3.9 100:1
Run the display mpls l2vpn { export-route-target-list | import-route-target-list } command. You can find that the route target is correctly configured. For example:
<Quidway> display import vpn target <Quidway> display export vpn target mpls l2vpn import-route-target-list list: 744:7 745:7 746:7 888:8 VLL export-route-target-list list: 755:7 888:8
5-26
Issue 03 (2008-09-22)
5 VLL Configuration
Pre-configuration Tasks
Before configuring VLL internetworking, complete the following tasks:
l
Configuring the static route or IGP for the MPLS backbone network (PE or P) to implement IP connectivity Enabling the MPLS for the PE and P Establishing a tunnel between PEs according to the tunnel policy if it is a remote connection For Martini mode, establishing an LDP session between PEs that are connected directly, or establishing a remote LDP session between PEs that are not connected directly For Kompella mode, establishing the BGP peering session between PEs Configuring sub-interfaces when the AC type is VLAN, configuring VCs when the AC type is ATM
NOTE
l l l
l l
For configuration of VLAN sub interface and ATM virtual channel, refer to the chapter "VLAN Configuration" in the Quidway NetEngine80E/40E Router Configuration Guide - LAN Access and MAN Access and the chapter "ATM Configuration" in the Quidway NetEngine80E/40E Router Configuration Guide - WAN Access.
Data Preparation
To configure VLL internetworking, you need the following data.
Issue 03 (2008-09-22)
5-27
5 VLL Configuration
No. 1 2
Data Media for access at two ends MAC address of CE for Ethernet or VLAN access
Other required data is the same as that for the local CCC connection, Martini VLL or Kompella VLL.
Procedure
Step 1 Run:
system-view
Procedure
Step 1 Run:
system-view
5 VLL Configuration
Step 3 Run
ccc ip-interworking ccc-connection-name interface interface-type interface-number in-label in-label-value out-label out-label-value { nexthop ip-address | outinterface interface-type interface-number } [ control-word | no-control-word ]
Procedure
Step 1 Run:
system-view
By default, PWE3 mode is used. PWE3 mode supports Notification packets to negotiate the PW status information. Martini mode does not support Notification packets. For description about Notification packets, refer to the chapter "PWE3 Configuration." If the peer CE does not support Notification packets, use the mpls l2vpn default martini command to switch the system mode to Martini.
----End
Issue 03 (2008-09-22) Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd. 5-29
5 VLL Configuration
Procedure
Step 1 Run:
system-view
Postrequisite
After the configuration mentioned above, you also need to configure BGP with the L2VPN capacity, VPN and CE connection. These configurations are the same as those for common Kompella L2VPN. For details, see Configuring Kompella VLL.
The L2VPN Ethernet interface or sub interface is IP-internetworking encapsulated on the PE.
Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd. Issue 03 (2008-09-22)
5-30
5 VLL Configuration
The MAC address of the local CE cannot be learned (regardless of in dynamic or static way). The broadcast mode is not enabled.
Procedure
Step 1 Run:
system-view
The view of the interface accessing the CE is displayed. Step 3 Choose one of the following commands.
l l
Run the local-ce ip ip-address command to configure an IP address for the CE interface. Run the local-ce mac mac-address command to specify the MAC address of the local CE interface.
Broadcast is enabled on the interface connected to the local CE. Step 5 (Optional) Run:
ip address remote-ip-address
The IP address of the remote CE is assigned to the interface connected to the local CE. ----End
Postrequisite
The commands mentioned above are valid only for Ethernet-type (such as Ethernet, Gigabit Ethernet and Virtual Ethernet) interfaces that connect the PE and the CE. The IPinternetworking-encapsulated L2VPN connections are forwarded through these interfaces. The following describes the above commands:
l
On the PE, the MAC address of the CE can be configured manually through the local-ce mac command. Once the MAC address is configured, all IP packets sent from the PE to the CE use this MAC address. On the PE, the IP address of the CE can be configured manually through the local-ce ip command. Suppose that the IP address of the CE is configured on the PE. Before sending an IP packet to the CE, the PE searches for the MAC address of the CE, a static or dynamic one. If no MAC address is found, the PE sends the ARP request within which the source and destination IP addresses are both set to the IP address of the CE. After receiving the ARP request, CE regards that there is another device with the same IP address as itself on the network. If the CE supports gratuitous ARP response packet, the PE can learn the MAC address of the local CE. If not, the PE cannot learn the MAC address of the local CE and fails to forward the packet.
Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd. 5-31
Issue 03 (2008-09-22)
5 VLL Configuration
l
The local-ce mac broadcast command enables the broadcast on the PE. Once the broadcast is enabled, when PE sends IP packets to the CE, the broadcast address is taken as the destination MAC address if no static or dynamic MAC address is found and the IP address of the CE is not statically configured.
Run the reset local-ce mac command in user view to clear the MAC address and VLAN ID information that the Ethernet interface dynamically learns from the local CE.
NOTE
Large packets sent from a CE to a PE cannot be forwarded to the PSN because L2VPN does not support packet fragmentation. When configuring the VLL, you are recommended to set the MTU value on the CE interface connecting the PE to 1500 by using the mtu command. As a result, the CE fragments large packets before sending the large packets to the PE. The fragmented packets can be normally forwarded in the public network.
Run the display ccc command, and you can find that the status of the CCC VC is Up. For example:
[Quidway] display ccc total ccc vc : 1 local ccc vc : 0, 0 up remote ccc vc : 1, 1 up name: CE2-CE1, type: remote, state: up, intf: GigabitEthernet2/0/0 (up), in-label: 201 , out-label: 101 , out-interface : Pos1/0/0
Run the display mpls l2vc command, and you can find that destination is the peer IP address of the specified VC, VC state is up, and VC type is IP-interworking. For example:
[Quidway] display mpls l2vc total LDP VC : 1 1 up 0 down *client interface : GigabitEthernet1/0/0 session state : up AC status : up
5-32
Issue 03 (2008-09-22)
5 VLL Configuration
up 1 IP-interworking 3.3.3.9 21504 remote VC label : 21504 disable exist 0 not set active up 1500 remote VC MTU : 1500 ---primary 0 days, 0 hours, 5 minutes, 7 seconds 0 days, 0 hours, 0 minutes, 6 seconds 0 days, 0 hours, 0 minutes, 6 seconds
Run the display mpls l2vc brief command. You can find that destination is the peer IP address of the specified VC and VC state is up. For example:
<Quidway> display mpls l2vc brief Total ldp vc : 1 1 up 0 down *Client Interface VC State VC ID VC Type Destination : : : : : GigabitEthernet1/0/0.1 up 101 VLAN 3.3.3.9
Run the display mpls l2vpn connection command, and you can find that VPN name is correctly configured and status of the connection is up. For example: Information about the local connection is as follows:
[Quidway] display mpls l2vpn connection 2 total connections, connections: 2 up, 0 down, 2 local, 0 remote, 0 unknown VPN name: vlantoatm, 2 total connections, connections: 2 up, 0 down, 2 local, 0 remote, 0 unknown CE name: ce1, id: 1, Rid type status peer-id route-distinguisher interface primary or not ---------------------------------------------------------------------------2 loc up ----Atm2/0/0.1 primary CE name: ce2, id: 2, Rid type status peer-id route-distinguisher interface primary or not ---------------------------------------------------------------------------1 loc up ----GigabotEthernet1/0/0.1 primary
Issue 03 (2008-09-22)
5-33
5 VLL Configuration
Inter-AS Option A: This solution can be easily implemented. When the number of interAS Martini VLLs on ASBRs is small, Option A is recommended. Inter-AS Option C: In this solution, ASBRs do not need to create or maintain VCs. When each AS has a large number of Martini L2VPN routes to be exchanged, Option C can be used to prevent the ASBR from hindering the network extension.
Pre-configuration Tasks
Before configuring the inter-AS Martini VLL, complete the following tasks:
l
Configuring static routes or IGP on the PE or P devices in the MPLS backbone network of ASs to implement the IP connectivity of the backbone network devices in the same AS Configuring the basic MPLS capability on the MPLS backbone network of each AS Configuring MPLS LDP and establishing LDP LSP for the MPLS backbone of each AS Establishing the IBGP peer relationship between the PE and ASBR in the same AS and the EBGP peer relationship between two ASBRs in different ASs (for Option C)
l l l
Data Preparation
To configure the inter-AS Martini VLL, you need the following data. No. 1 2 3 4 Data Mode of the inter-AS VPN Number of each AS IP addresses of the interfaces between ASBRs (for Option C) Routing policy (for Option C)
5-34
Issue 03 (2008-09-22)
5 VLL Configuration
Creating a Martini VLL Connection for each AS Configuring the ASBR by regarding the peer ASBR as the local CE
You do not need to perform inter-AS related configurations on the ASBR or to configure the IP addresses on the ASBR interfaces that directly connect ASBRs. The detailed configurations are not mentioned here.
NOTE
If the inter-AS SVC VLL Option A needs to be configured, create the SVC for each AS. For the detailed configuration, see Creating an SVC VLL Connection.
CAUTION
In Option C, do not enable LDP between ASBRs. If LDP is enabled on the interfaces connecting the ASBRs, the LDP session is set up between the ASBRs. The ASBR establishes the egress LSP and sends Mapping messages to the upstream ASBR. After receiving the Mapping message, the upstream ASBR establishes the transit LSP. When a large number of BGP routes exist, enabling LDP on the interfaces connecting the ASBRs leads to the consumption of a great number of LDP labels. To advertise routes destined for the LSR ID of the local PE to a remote P device, you can set up the IBGP peer relationship between a remote ASBR and the remote P device.
Procedure
l Configuring the Capability of Exchanging Labeled IPv4 Routes on the PE Do as follows on the PEs within the area: 1. Run:
system-view
Issue 03 (2008-09-22)
5-35
5 VLL Configuration
The capability of exchanging labeled IPv4 routes between the local AS and the ASBR is enabled. l Configuring the Capability of Exchanging Labeled IPv4 Routes on the ASBR Do as follows on the ASBRs within the area: 1. Run:
system-view
The view of the interface that connects the peer ASBR is displayed. 3. Run:
ip address ip-address { mask | mask-length }
The capability of exchanging labeled IPv4 routes between the PEs of the same AS is enabled. 8. Run:
peer peer-address as-number as-number
The capability of exchanging labeled IPv4 routes between the PE and the peer ASBR is enabled. In an inter-AS VPLS using Option C, you must establish an inter-AS LSP. The related PE devices and ASBR devices exchange public network routes with the MPLS labels. The ASBR establishes an EBGP peer relationship with the remote ASBR to exchange the labeled IPv4 routes. The public network routes with the MPLS labels are advertised through MP-BGP. Complying with RFC 3107 (Carrying Label Information in BGP-4), the label mapping information of a route is contained in the BGP Update message (piggyback). This feature is implemented through the BGP extension attribute, which requires BGP peers to process the labeled IPv4 routes.
5-36 Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd. Issue 03 (2008-09-22)
5 VLL Configuration
By default, the BGP peers do not process the labeled IPv4 routes. l Creating a Routing Policy Do as follows on the ASBRs within the area: 1. Run:
system-view
The label allocation for the IPv4 routes is enabled. l Applying the Routing Policy Do as follows on the ASBRs within the area: 1. Run:
system-view
The routing policy used when the routes are advertised to the local PE is configured. 4. Run:
peer peer-address route-policy policy-name2 export
The routing policy used when the routes are advertised to the peer ASBR is configured. After the routing policy is applied on the ASBR:
Issue 03 (2008-09-22) Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd. 5-37
5 VLL Configuration
For the routes received on the PE in the local AS, the MPLS label is allocated to the routes when the routes are advertised to the peer ASBR. For the routes advertised to the PE in the local AS, if the routes are labeled IPv4 routes, the MPLS label is allocated to the routes.
The allocation of labels to the IPv4 routes is controlled by the routing policy. The labels are allocated to the routes that satisfy certain conditions. By default, IPv4 routes do not carry MPLS labels. l Establishing the Remote MPLS LDP Sessions Between the PEs Do as follows on the PEs within the AS: 1. Run:
system-view
The name of the remote LDP session is specified. To exchange PW information between the PEs, the remote MPLS LDP session must be set up between the PEs. 3. Run:
remote-ip ip-address
The remote IP address is specified for the remote LDP session. l Configuring MPLS L2VC Configure VCs on the PEs. For the detailed configurations, see Creating a Martini VLL Connection.
NOTE
If the inter-AS SVC VLL Option C needs to be configured, create the SVC on the PE. For the detailed configuration, see Creating an SVC VLL Connection.
----End
Run the display mpls l2vc [ vc-id | interface interface-type interface-number ] command. You can see that VC State is up. For example:
5-38 Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd. Issue 03 (2008-09-22)
5 VLL Configuration
Run the display mpls l2vc remote-info command. You can find that Peer Address is the peer address of the specified VC. For example:
<Quidway> display mpls l2vc remote-info Total remote ldp vc : 1 Transport Group Peer Remote VC ID ID Addr Encap 100 0 3.3.3.9 vlan
Inter-AS VPN-Option A If the number of VPNs and VPN routes on the PE is small, the inter-AS VPN Option A scheme can be used. When this scheme is used, the ASBR must support VPN instances
Issue 03 (2008-09-22)
5-39
5 VLL Configuration
and can manage VPN routes. In addition, the ASBR must provide a dedicated interface for each inter-AS VPN. The interface can be a sub-interface, physical interface, or logical interface. Therefore, this scheme puts high requirement on the performance of the ASBR. The ASBR, however, does not need any inter-AS configuration.
l
Inter-AS VPN Option C If each AS has a large number of VPN routes to be exchanged, the VPN Option C can be used to prevent the ASBR PE from becoming a bottleneck of the network. If this scheme is adopted, the VPN routes are exchanged between the ingress PE and egress PE directly, and are not forwarded or stored by the intermediate devices. This scheme is applicable to the scenario of load balancing in the MPLS VPN.
Pre-configuration Tasks
Before configuring the inter-AS Kompella VLL, complete the following tasks:
l
Configuring static routes or IGP on the PE or P devices in the MPLS backbone network of the ASs to implement IP networking of the backbone network devices in the same AS Configuring the basic MPLS capacity on the MPLS backbone network of each AS Configuring MPLS LDP and establishing LDP LSP for the MPLS backbone of each AS Setting up the IBGP peers between the PE and ASBR in the same AS and setting up the EBGP peers between the ASBRs in different ASs (for Option C)
l l l
Data Preparation
To configure the inter-AS Kompella VLL, you need the following data. No. 1 2 3 4 Data Scheme of the inter-AS VPN Number of each AS IP addresses of the interfaces connecting ASBRs (for Option C) Routing policy (for Option C)
Configuring Kompella VLL for each AS Configuring the ASBR of the remote end as the CE of the local end
You do not need to perform inter-AS related configurations on the ASBR or to configure the IP addresses on the ASBR interfaces that directly connect ASBRs. The configuration details are not mentioned here.
5-40 Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd. Issue 03 (2008-09-22)
5 VLL Configuration
CAUTION
In Option C, do not enable LDP between ASBRs. If LDP is enabled on the interfaces connecting the ASBRs, the LDP session is set up between the ASBRs. The ASBR establishes the egress LSP and sends a Mapping message to the upstream ASBR. After receiving the Mapping message, the upstream ASBR establishes a transit LSP. When a large number of BGP routes exist, enabling LDP on the interfaces connecting ASBRs leads to the consumption of excessive LDP labels. To advertise routes destined for the LSR ID of the local PE to a remote P device, you can set up the IBGP peer relationship between a remote ASBR and the remote P device.
Procedure
l Configuring the Capability of Exchanging Labeled IPv4 Routes on the PE Side Do as follows on the PEs within the AS: 1. Run:
system-view
The capability of exchanging labeled IPv4 routes between the local AS and the ASBR is enabled. l Configuring the Capability of Exchanging Labeled IPv4 Routes on the ASBR Side Do as follows on the ASBRs within the AS: 1. Run:
system-view
The view of the interface that connects the peer ASBR is displayed. 3. Run:
ip address ip-address { mask | mask-length }
Issue 03 (2008-09-22)
5-41
5 VLL Configuration
The capability of exchanging labeled IPv4 routes with the PEs of the same AS is enabled. 8. Run:
peer peer-address label-route-capability
The capability of exchanging labeled IPv4 routes with the peer ASBR is enabled. In the Option C, an inter-AS LSP must be set up. The public routes advertised between the related PEs and the ASBRs carry MPLS label information. If the ASBR and the peer ASBR set up the common EBGP peer relationship, the labeled IPv4 routes can be exchanged. The public routes carrying MPLS labels are advertised by MP BGP. According to RFC 3107 (Carrying Label Information in BGP-4), information about the label mapping of a route can be carried in the BGP route update message. The feature is realized through the BGP extended attribute. The BGP peer is required to possess the capability of processing the labeled IPv4 routes. By default, a BGP peer cannot process labeled IPv4 routes. l Creating a Routing Policy Do as follows on the ASBRs within the AS: 1. Run:
system-view
5-42
Issue 03 (2008-09-22)
5 VLL Configuration
The label allocation for the IPv4 routes is enabled. l Applying the Routing Policy Do as follows on the ASBRs within the AS: 1. Run:
system-view
The routing policy used when the routes are advertised to the local CE is configured. 4. Run:
peer peer-address route-policy policy-name2 export
The routing policy used when the routes are advertised to the peer ASBR is configured. After the routing policy is applied on the ASBR:
For the routes received from the PE in the local AS, MPLS labels are allocated to the routes when the routes are advertised to the peer ASBR. For the routes advertised to the PE in the local AS, if the routes are labeled IPv4 routes, MPLS labels are allocated to the routes.
The allocation of labels to the IPv4 routes is controlled by the routing policy. Labels are allocated to the routes that satisfy certain conditions. By default, the IPv4 routes do not carry MPLS labels. l l Establishing the EBGP Peer Relationship Between the PEs Configuring the ASBR PE Do as follows on the ASBR PE: 1. 2. Run:
system-view
Run:
bgp as-number
Issue 03 (2008-09-22)
5-43
5 VLL Configuration
The local PE loopback interface address used in BGP sessions is advertised to the peer ASBR PE. l Configuring the PE Do as follows on the PE that the CE accesses: 1. 2. Run:
system-view
Run:
bgp as-number
The permitted maximum hop in setting up the EBGP peer is set. The PE devices in different ASs are generally indirectly connected. To set up the EBGP peers between these PEs, configure the maximum number of hops between the PEs and ensure that the PE devices are reachable. 5. Run:
l2vpn-family
The capability of exchanging labeled IPv4 routes with the peer PE is enabled. 7. Run:
peer peer-address next-hop-invariable
The next hop is specified to be unchanged when information about VPLS label blocks is sent to the EBGP peer.
NOTE
Step 7 is required when the VPN IPv4 routes are advertised through the route reflector (RR). When the VPN IPv4 routes are advertised between the RRs, the next hop of the routes cannot be changed. Step 7 is not required generally.
Configuring MPLS L2VC Configure VCs on the PEs. For the detailed configuration, see Configuring Kompella VLL.
----End
5 VLL Configuration
Action Check BGP information about a Kompella VLL. Check information about the Kompella VLLs. Check L2VPN information about a PE. Check the route target list of an L2VPN.
Command display bgp l2vpn { all | group [ group-name ] | peer [ [ peerip-address ] verbose ] | route-distinguisher routedistinguisher [ ce-id ce-id [ label-offset label-offset ] ] } display mpls l2vpn connection [ vpn-name [ remote-ce ce-id | down | up | verbose ] | summary | interface interface-type interface-number ] display mpls l2vpn [ l2vpn-name [ local-ce | remote-ce ] ] display mpls l2vpn { export-route-target-list | import-routetarget-list }
Run the display bgp l2vpn command. You can find that Nexthop is the peer address of the VC, route-distinguisher of the L2VPN is correct, and the label allocation is complete. For example:
<Quidway> display bgp l2vpn all BGP Local router ID : 1.1.1.9, local AS number : 100 Origin codes:i - IGP, e - EGP, ? - incomplete bgp.l2vpn: 1 destination Route Distinguisher: 100:1 CE ID Label Offset Label Base nexthop pref 2 0 25600 3.3.3.9 100
as-path
Run the display mpls l2vpn connection command. You can find that VPN name is correctly configured, Status of the connection is up, and route-distinguisher is correctly configured. For example:
<Quidway> display mpls l2vpn connection 1 total connections, connections: 1 up, 0 down, 0 local, 1 remote, 0 unknown VPN name: vpn1, 1 total connections, connections: 1 up, 0 down, 0 local, 1 remote, 0 unknown CE name: ce1, id: 1, Rid type status peer-id route-distinguisher intf primary or not 2 rmt up 3.3.3.9 100:1 Pos1/0/0 primary
Run the display mpls l2vpn [ l2vpn-name [ local-ce | remote-ce ] ] command. You can find that route-distinguisher and L2VPN route targets are correctly configured. For example:
<Quidway> display mpls l2vpn vpn1 VPN name: vpn1, encap type: ppp, local ce number(s): 1, remote ce number(s): 1 route distinguisher: 100:1, MTU: 1500 import vpn target: 1:1, export vpn target: 1:1, remote vpn site(s) : no. remote-pe-id route-distinguisher 1 3.3.3.9 100:1
Run the display mpls l2vpn { export-route-target-list | import-route-target-list } command. You can find that the route target is correctly configured. For example:
<Quidway> display mpls l2vpn import-route-target-list import vpn target list: 744:7 745:7 746:7 888:8
Issue 03 (2008-09-22)
5-45
5 VLL Configuration
Symmetrically dual-homed CEs Two communication paths exist between the CEs on the two ends of the VC. One is the master path; the other is a backup path. Asymmetrically connected CEs The CE on one end of the VC accesses the PE of higher reliability through a single reliable link. The CE on the other end is dual-homed to the PE of lower reliability. Thus, two communication paths form between the CEs on the two ends of the VC. The path of higher reliability acts as the master path, and the path with the lower reliability acts as the backup path.
l l
After VLL FRR is configured, L2VPN traffic is rapidly switched to the backup path when a fault occurs on the master path. After the fault on the master path is cleared, the L2VPN traffic is switched back to the master path according to the revertive switchover policy.
NOTE
For asymmetrically connected CEs, the primary and secondary IP addresses need to be configured on the interface on the CE connected to the PE through a single link. When the master path is available, the CE uses the master IP address to communicate with the remote CE. When a fault occurs on the master path, this CE communicates with the remote CE by using the secondary IP address.
Pre-configuration Tasks
Before configuring VLL FRR, complete the following tasks:
l
Configuring a PW on the master path and backup path respectively for the networking where CEs are symmetrically dual-homed to PEs PWs on the master path and backup path can be different. Configuring a master PW and a backup PW for the networking where CEs are asymmetrically connected to PEs The master PW and backup PW must be of the same type.
Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd. Issue 03 (2008-09-22)
l l
5-46
5 VLL Configuration
Configuring CEs to exchange routing information by using routing protocols or static routes
NOTE
To configure a PW for PPP, FR, or HDLC in VLL FRR, you must specify the parameter ipinterworking and enable the control word. To configure a Martini VLL or PWE3, you must use the PW template to configure a PW, enable the control word in the PW template, and use BFD to perform Virtual Circuit Connectivity Verification (VCCV). If the IP addresses of the AC interfaces on the two CEs at the both ends of the PW are not in the same network segment, the type of the AC links must be modified to PPP and the ppp peer hostroutesuppress command cannot be used. In the networking where CEs are asymmetrically connected to related PEs, the backup PW cannot transmit data when the master path and backup path work normally. If the AC interface of the backup PW borrows the IP address of the AC interface of the master PW, the following situations occur:
l l l
A permanent switching policy cannot be configured. The local CE has two equal-cost and direct routes to the remote CE. The destination addresses and next hops of the two routes are the same. In fact, the route that passes through the backup PW is invalid. If CEs exchange routing information by using routing protocols, you need to modify the cost or metric of the AC interface of the backup path to be greater than that of the AC interface of the master path. The local CE cannot communicate with the peer CE, but can communicate with other user devices. If CEs use static routes to exchange routing information, you need to modify the preference of the backup route to be lower than that of the primary route (the greater the value, the lower the preference) by using the ip route-static dest-ip-address mask out-interface preference preference-value command.
Data Preparation
To configure VLL FRR, you need the following data. No. 1 2 Data Local and remote discriminators of the BFD session Delay for revertively switching traffic when faults are cleared and the delay for advertising that the fault is cleared (by default, the delay for revertively switching traffic is 30 seconds and the delay for advertising that the fault is cleared is 10 seconds.) Link types of AC interfaces
Procedure
l Configuring Static BFD for PW Do as follows on the PE: 1.
Issue 03 (2008-09-22)
Run:
Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd. 5-47
5 VLL Configuration
system-view
BFD for PW is configured. secondary is required only for BFD for a backup PW. 5. Run:
discriminator local local-discriminator-value
The remote BFD discriminator is set. The local BFD discriminator on the local PE is the same as the remote BFD discriminator on the peer PE; the remote BFD discriminator on the local PE is the same as the local BFD discriminator on the peer PE. 7. Run:
commit
Once configured, the local and remote BFD discriminators cannot be modified. To modify the local and remote BFD discriminators, run the undo bfd bfd-name command in the system view to delete the configurations related to BFD for PW, and then re-configure the local and remote BFD discriminators. After the PW is deleted, related BFD sessions and configurations are deleted.
5-48
Issue 03 (2008-09-22)
5 VLL Configuration
BFD for PW is created. You can use this command to create a BFD session or use this command to adjust BFD parameters. For BFD for multi-hop PW, you must specify remote-vcid, namely, the VC ID of the remote PW. For BFD for a backup PW, secondary must be used.
NOTE
l l
BFD for PW must be configured or deleted on the two PEs simultaneously; otherwise, the PW status on the two PEs may be different. To detect status of the tunnels that carry PWs, you can configure BFD for tunnels. For detailed configurations, refer to the chapters "Basic MPLS Configuration" and "MPLS TE Configuration" in the Quidway NetEngine80E/40E Router Configuration Guide - MPLS.
----End
Procedure
Step 1 Run:
system-view
The AC interface view is displayed. Step 3 Select one of the following configurations to configure the OAM mapping between the AC and PW:
l l
Run the mpls l2vpn oam-mapping auto command to enable OAM mapping automatically. After OAM mapping is automatically enabled, association between the AC and PW is enabled, and PEs can automatically enable AC OAM fault detection and fault advertisement according to the AC type.
Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd. 5-49
Issue 03 (2008-09-22)
5 VLL Configuration
l
AC OAM fault detection refers to the detection of faults over ACs. AC OAM fault advertisement refers to advertising PW faults to CEs. Run the mpls l2vpn oam-mapping command to enable manually configured OAM mapping and enable AC fault detection and fault advertisement based on the AC type.
For PPP links, run the oam { detect lcp-terminal | notify lcp-terminal } * command. For HDLC links, run the oam { detect hello-stop | notify hello-stop } * command.
NOTE
In VLL FRR, PWs are configured with IP-internetworking. CEs cannot negotiate link parameters; therefore, CEs cannot sense faults. As a result, you must configure OAM mapping on the PEs on the master and backup paths. PEs, therefore, can advertise faults to the CEs; otherwise, when a PW fails, the related AC is still in the Up state. This leads to the interruption of services.
----End
Procedure
Step 1 Run:
system-view
The revertive switchover policy is configured. The types of the revertive switchover on PEs are as follows:
l
Immediate revertive switchover: The local PE immediately switches traffic to the master PW and notifies the fault to the remote PE of the backup PW. The PE notifies the rectification of the fault to the remote PE of the backup PW after the period of resume-time. Delayed revertive switchover: The PE switches traffic to the master PW after the period of delay-time. None revertive switchover: The PE does not switch traffic to the master PW until the backup PW fails.
For an asymmetric PW FRR networking, in which ACs are of the Ethernet type, note the following:
l
If the remote shutdown function is configured on the interface of a PE that connects a CE, you are not recommended to use the policy of immediate revertive switchover, because this
Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd. Issue 03 (2008-09-22)
5-50
5 VLL Configuration
policy may lead to network flapping and traffic loss. On the other hand, you can use the policy of delayed revertive switchover to set delay-time equal to or more than 30 seconds.
l
If the Ethernet OAM function is configured on the interface of a PE that connects a CE, and a revertive switchover policy is also configured, you cannot set resume-time to be 0 seconds, but be equal to or higher than one second.
----End
Run the display mpls l2vc [ vc-id | interface interface-type interface-number ] command, and you can view that the status of the master and backup PWs is up, VC state of the master PW is active, and VC state of the backup PW is inactive. For example:
<Quidway> display mpls l2vc interface pos 1/0/0 *client interface : Pos1/0/0 is up session state : up AC state : up VC state : up VC ID : 100 VC type : IP-interworking destination : 3.3.3.3 local group ID : 0 remote group ID local VC label : 21504 remote VC label local AC OAM State : up local PSN State : up local forwarding state : forwarding remote AC OAM state : up remote PSN state : up
: 0 : 21504
Issue 03 (2008-09-22)
5-51
5 VLL Configuration
Run the display mpls l2vc remote-info command, and you can view that Peer Addr is the peer address of the specified VC. For example:
<Quidway> display mpls l2vc remote-info Total remote ldp vc : 2 Transport Group Peer Remote Remote VC ID ID Addr Encap VC Label 100 0 3.3.3.3 interworking 21504
5-52
Issue 03 (2008-09-22)
5 VLL Configuration
1500 1 0
Run the display mpls l2vpn connection interface command. You can find that local vc state and remote vc state are both up, the forwarding state of the master PW is true, and the forwarding state of the backup PW is false.
<Quidway> display mpls l2vpn connection interface pos 1/0/0 conn-type: remote local vc state: up remote vc state: up local ce-id: 1 local ce name: ce1 remote ce-id: 2 intf(state,encap): Pos1/0/0(up,interworking) peer id: 3.3.3.3 route-distinguisher: 100:2 local vc label: 25602 remote vc label: 25601 tunnel policy: p1 primary or secondary: primary forwardEntry exist or not: true forward entry active or not:true manual fault set or not: not set AC OAM state: up BFD for PW session index: 256 BFD for PW state: up BFD for LSP state: true Local C bit is set, Remote C bit is set tunnel type: cr lsp, id: 0x42002002 conn-type: remote local vc state: up remote vc state: up local ce-id: 1 local ce name: ce1 remote ce-id: 3 intf(state,encap): Pos1/0/0(up,interworking) peer id: 2.2.2.2 route-distinguisher: 100:3 local vc label: 25603 remote vc label: 25601 tunnel policy: default primary or secondary: secondary forwardEntry exist or not: true forward entry active or not:false manual fault set or not: not set AC OAM state: up BFD for PW session index: 257 BFD for PW state: up BFD for LSP state: true Local C bit is set, Remote C bit is set tunnel type: lsp , id: 0x2002004 Reroute policy : delay 30 s, resume 10 s Reason of last reroute : -Time of last reroute : -- days, -- hours, -- minutes, -- seconds delay timer ID : -rest time :-resume timer ID : -rest time :--
Run the display bfd session pw interface interface-type interface-number [ secondary] [ verbose ] command, and you can view the status of the BFD session, discriminators of the BFD session, the type of the PW that is bound to the BFD session, and the type of the BFD session. For example:
<Quidway> display bfd session pw interface pos 1/0/0 verbose -------------------------------------------------------------------------------Session MIndex : 257 (One Hop) State : Up Name : 1to3 -------------------------------------------------------------------------------Local Discriminator : 13 Remote Discriminator : 31 Session Detect Mode : Asynchronous Mode Without Echo Function
Issue 03 (2008-09-22)
5-53
5 VLL Configuration
BFD Bind Type : PW(Master) Bind Session Type : Static Bind Peer Ip Address : 127.0.0.1 NextHop Ip Address : --.--.--.-Bind Interface : Pos1/0/0 FSM Board Id : 1 TOS-EXP : 6 Min Tx Interval (ms) : 1000 Min Rx Interval (ms) : 1000 Actual Tx Interval (ms): 1000 Actual Rx Interval (ms): 1000 Local Detect Multi : 3 Detect Interval (ms) : 3000 Echo Passive : Disable Acl Number : -Proc interface status : Disable Process PST : Enable WTR Interval (ms) : -Local Demand Mode : Disable Active Multi : 3 Last Local Diagnostic : No Diagnostic Bind Application : L2VPN | OAM_MANAGER | MPLSFW Session TX TmrID : -Session Detect TmrID : -Session Init TmrID : -Session WTR TmrID : -Session Echo Tx TmrID : -PDT Index : FSM-0 | RCV-0 | IF-0 | TOKEN-0 Session Description : --------------------------------------------------------------------------------Total UP/DOWN Session Number : 1/0
Run the display mpls l2vpn forwarding-info [ vc-label ] interface interface-type interfacenumber [ | { begin | exclude | include } regular-expression ] command, and you can view that ENTRYTYPE of the master PW is SEND, PWSTATE is ACTIVE, BFDSTATE is UP, and ADMIN is TURE. For example:
<Quidway> display mpls l2vpn forwarding-info interface Pos 1/0/0 The Main PW Forward Infomation : VCLABEL TNLTYPE ENTRYTYPE PWSTATE BFDSTATE ADMIN CTLWORD CC CV TNLID --------------------------------------------------------------------------21504 CRLSP SEND ACTIVE UP UP TRUE 1 8 0x42002002 1 Record(s) Found. The Second PW Forward Infomation : VCLABEL TNLTYPE ENTRYTYPE PWSTATE BFDSTATE ADMIN CTLWORD CC CV TNLID --------------------------------------------------------------------------21504 LSP SEND INACTIVE UP UP TRUE 1 8 0x2002004 1 Record(s) Found.
Run the display mpls l2vc oam-mapping [ interface interface-type interface-number ] command, and you can view that AC OAM State and BFD state are Up. For example:
<Quidway> display mpls l2vc oam-mapping int pos 1/0/0 AC OAM Info: ACFD Index : 0x800 Notify : Enable Detect : Enable AC OAM State : Up OAM-mapping : Enable PSN info: VC-ID : 100 VC status : Primary Active State : Active Link State : Up BFD for PW : Enable BFDSessionIndex:257 ,BFD State : up BFD for LSP : 0 TunnelNum: 1 PSN State : up VC-ID : 200 VC status : Secondary Active State : Inactive Link State : Up BFD for PW : Enable BFDSessionIndex:256 ,BFD State : up BFD for LSP : 0 TunnelNum: 1 PSN State : up
Run the display mpls l2vpn oam-mapping [ interface interface-type interface-number ] command. You can find that AC OAM State, Link State, BFD State, and PSN State are up.
5-54 Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd. Issue 03 (2008-09-22)
5 VLL Configuration
Run the manual-set pw-ac-fault command on the AC interface of the master PW, the following situations occur:
l l l
The status of the master PW turns Down. The VC status of the master PW is InActive, and that of the backup PW is Active. L2VPN data is switched to the backup PW.
Run the undo manual-set pw-ac-fault command on the AC interface of the master PW to rectify the fault on the PW, the following situations occur:
l l l
The status of the master PW turns Up. The VC status of the master PW is Active, and the VC status of the backup PW is InActive. L2VPN data is switched to the backup PW.
CAUTION
If the BGP L2VPN application and other applications share the same TCP connection, the reset bgp l2vpn command resets the BGP neighbor relationship of all applications on this TCP connection. So, confirm the action before you use the command.
Issue 03 (2008-09-22)
5-55
5 VLL Configuration
After the parameters configured in the BGP L2VPN address family view are modified, you can run the reset bgp l2vpn command to reset the TCP connection of the BGP L2VPN. After that, BGP re-negotiates parameters, re-sends label information, and re-establishes the session. Action Reset BGP L2VPN TCP connections. Command reset bgp l2vpn { as-number | peer-ip-address | all | internal | external }
display bgp l2vpn { all | group [ group-name ] | peer [ [ ip-address ] verbose ] | route-distinguisher rd [ ceid ce-id [ label-offset label-offset ] ] } display mpls l2vpn connection [ vpn-name [ remotece ce-offset | down | up | verbose ] | summary | interface interface-type interface-number ]
CAUTION
Debugging affects the performance of the system. So, after debugging, run the undo debugging all command to disable it immediately. When a fault occurs, run the following debugging commands in the user view to locate the fault.
5-56 Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd. Issue 03 (2008-09-22)
5 VLL Configuration
For the procedure of displaying the debugging information, refer to the chapter "System Maintenance" in the Quidway NetEngine80E/40E Router Configuration Guide - System Management. Action Enable the debugging of the VLL. Command debugging mpls l2vpn { all | advertisement | download | error | event | oam-mapping | reroute | timer | connections [ interface interface-type interfacenumber ] } debugging bgp update l2vpn [ acl acl-number | ipprefix ip-prefix-name | peer peer-ipv4-address ] [ receive | send ] [ verbose ]
5 VLL Configuration
POS1/0/0 100.1.1.2/24
PE
Loopback1 1.1.1.9/32
Configuration Roadmap
The configuration roadmap is as follows: 1. 2. Configure basic MPLS capability on PE and enable the MPLS L2VPN. Create a local connection from CE1 to CE2 on PE. (Because the local CCC connection is duplex, only one connection is needed.)
Data Preparation
To complete the configuration, you need the IP addresses of the interfaces.
Configuration Procedure
1. Configure CE. # Configure CE1.
<Quidway> system-view [Quidway] sysname CE1 [CE1] interface pos 1/0/0 [CE1-Pos1/0/0] ip address 100.1.1.1 24 [CE1-Pos1/0/0] undo shutdown [CE1-Pos1/0/0] quit
# Configure CE2.
<Quidway> system-view [Quidway] sysname CE2 [CE2] interface pos 1/0/0 [CE2-Pos1/0/0] ip address 100.1.1.2 24 [CE2-Pos1/0/0] undo shutdown [CE2-Pos1/0/0] quit
5-58
Issue 03 (2008-09-22)
5 VLL Configuration
2.
Configure PE. # Configure LSR IDs and enable MPLS and MPLS L2VPN.
<Quidway> system-view [Quidway] sysname PE [PE] interface loopback 1 [PE-LoopBack1] ip address 1.1.1.9 32 [PE-LoopBack1] quit [PE] mpls lsr-id 1.1.1.9 [PE] mpls [PE-mpls] quit [PE] mpls l2vpn [PE-l2vpn] quit [PE] interface pos 1/0/0 [PE-Pos1/0/0] undo shutdown [PE-Pos1/0/0] quit [PE] interface pos 2/0/0 [PE-Pos2/0/0] undo shutdown [PE-Pos2/0/0] quit
3.
Verify the configuration. After the configuration is complete, run the display ccc command to view information about the CCC connection on the PE. You can find that a local CCC connection is set up on the PE, and the connection status is Up.
<PE> display ccc total ccc vc : 1 local ccc vc : 1, 1 up remote ccc vc : 0, 0 up name: ce1-ce2, type: local, state: up, intf1: Pos1/0/0 (up), intf2: Pos2/0/0 (up)
Run the display l2vpn ccc-interface vc-type ccc command, and you can find that the VC type is CCC and the status is Up.
<PE> display l2vpn ccc-interface vc-type all Total ccc-interface of CCC : 2 up (2), down (0) Interface Encap Type Pos1/0/0 ppp Pos2/0/0 ppp
State up up
Run the display ip routing-table command on the CEs to check the interface routes learned on CE1 and CE2 from each other. CE1 and CE2 can successfully ping each other. Take CE1 as an example:
<CE1> display ip routing-table Route Flags: R - relied, D - download to fib -----------------------------------------------------------------------------Routing Tables: Public Destinations : 5 Routes : 5 Destination/Mask Proto Pre Cost Flags NextHop Interface 100.1.1.0/24 Direct 0 0 D 100.1.1.1 Pos1/0/0 100.1.1.1/32 Direct 0 0 D 127.0.0.1 InLoopBack0 100.1.1.2/32 Direct 0 0 D 100.1.1.2 Pos1/0/0 127.0.0.0/8 Direct 0 0 D 127.0.0.1 InLoopBack0 127.0.0.1/32 Direct 0 0 D 127.0.0.1 InLoopBack0 <CE1> ping 100.1.1.2 PING 100.1.1.2: 56 data bytes, press CTRL_C to break Reply from 100.1.1.2: bytes=56 Sequence=1 ttl=255 time=180 ms Reply from 100.1.1.2: bytes=56 Sequence=2 ttl=255 time=60 ms Reply from 100.1.1.2: bytes=56 Sequence=3 ttl=255 time=10 ms Reply from 100.1.1.2: bytes=56 Sequence=4 ttl=255 time=70 ms Reply from 100.1.1.2: bytes=56 Sequence=5 ttl=255 time=60 ms --- 100.1.1.2 ping statistics --5 packet(s) transmitted
Issue 03 (2008-09-22)
5-59
5 VLL Configuration
5 packet(s) received 0.00% packet loss round-trip min/avg/max = 10/76/180 ms
Configuration Files
l
Creating a remote CCC connection on PE Configuring two static LSPs on the P device for bidirectional packet transmission
Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd. Issue 03 (2008-09-22)
5-60
5 VLL Configuration
CE 2 to CE 1
Loopback1 1.1.1.9/32
Loopback1 2.2.2.9/32
Loopback1 3.3.3.9/32
P PE 1
POS 1/0/0 POS 2/0/0 10.1.1.1/24 POS 2/0/0 10.1.1.2/24 POS1/0/0 10.2.2.2/24 POS 1/0/0 10.2.2.1/24
PE 2
POS 2/0/0
CE 1
CE 2
Configuration Roadmap
The configuration roadmap is as follows: 1. 2. 3. Configure two static LSPs with opposite directions which work as the data tunnel used by the local CCC connection exclusively. Enable the MPLS L2VPN on PE. (It is not needed on P.) Configure two connections, that is, from CE1 to CE2 and from CE2 to CE1.
Data Preparation
To complete the configuration, you need the following data:
l l
Outer label of the remote CCC connection Inner label of the remote CCC connection
For the settings of the outer label and the inner label, see Figure 5-7.
Configuration Procedure
1. Configure CE. # Configure CE1.
<Quidway> system-view [Quidway] sysname CE1 [CE1] interface pos 1/0/0 [CE1-Pos1/0/0] ip address 100.1.1.1 24 [CE1-Pos1/0/0] undo shutdown [CE1-Pos1/0/0] quit
# Configure CE2.
<Quidway> system-view
Issue 03 (2008-09-22)
5-61
5 VLL Configuration
[Quidway] sysname CE2 [CE2] interface pos 1/0/0 [CE2-Pos1/0/0] ip address 100.1.1.2 24 [CE2-Pos1/0/0] undo shutdown [CE2-Pos1/0/0] quit
2.
# Configure P.
<Quidway> system-view [Quidway] sysname P [P] interface loopback 1 [P-LoopBack1] ip address 2.2.2.9 32 [P-LoopBack1] quit [P] interface pos 1/0/0 [P-Pos1/0/0] ip address 10.2.2.2 24 [P-Pos1/0/0] undo shutdown [P-Pos1/0/0] quit [P] interface pos 2/0/0 [P-Pos2/0/0] ip address 10.1.1.2 24 [P-Pos2/0/0] undo shutdown [P-Pos2/0/0] quit
# Configure PE2.
<Quidway> system-view [Quidway] sysname PE2 [PE2] interface loopback 1 [PE2-LoopBack1] ip address 3.3.3.9 32 [PE2-LoopBack1] quit [PE2] interface pos 1/0/0 [PE2-Pos1/0/0] ip address 10.2.2.1 24 [PE2-Pos1/0/0] undo shutdown [PE2-Pos1/0/0] quit
3.
# Configure P.
[P] mpls lsr-id 2.2.2.9 [P] mpls [P-mpls] quit [P] interface pos 1/0/0 [P-Pos1/0/0] mpls [P-Pos1/0/0] quit [P] interface pos 2/0/0 [P-Pos2/0/0] mpls [P-Pos2/0/0] quit
# Configure PE2.
[PE2] mpls lsr-id 3.3.3.9 [PE2] mpls [PE2-mpls] quit
5-62
Issue 03 (2008-09-22)
5 VLL Configuration
4.
Create the remote CCC connection on PE. # On PE1, enable MPLS L2VPN globally and create the remote CCC connection from CE1 to CE2. Connect the incoming interface of PE1 to CE1 and the outgoing interface of PE1 to the P. Set the incoming label to 100 and the outgoing label to 200.
[PE1] mpls l2vpn [PE1-l2vpn] quit [PE1] interface pos 1/0/0 [PE1-Pos1/0/0] undo shutdown [PE1-Pos1/0/0] quit [PE1] ccc CE1-CE2 interface pos 1/0/0 in-label 100 out-label 200 out-interface pos 2/0/0
# On PE2, enable VLL globally and create the remote CCC connection from CE2 to CE1. Connect the incoming interface of PE2 to CE2 and the outgoing interface of PE2 to the P. Set the incoming label to 201 and the outgoing label to 101.
[PE2] mpls l2vpn [PE2-l2vpn] quit [PE2] interface pos 2/0/0 [PE2-Pos2/0/0] undo shutdown [PE2-Pos2/0/0] quit [PE2] ccc CE2-CE1 interface pos 2/0/0 in-label 201 out-label 101 out-interface pos 1/0/0
5.
Forward static LSP on P. # On the P, configure a static LSP to forward packets from PE1 to PE2, and configure another static LSP to forward packets from PE2 to PE1.
[P] static-lsp transit outgoing-interface pos [P] static-lsp transit outgoing-interface pos PE1-PE2 incoming-interface pos 2/0/0 in-label 200 1/0/0 out-label 201 PE2-PE1 incoming-interface pos 1/0/0 in-label 101 2/0/0 out-label 100
6.
Verify the configuration. After the configuration, run the display ccc command to view information about the CCC connection on the PEs. You can find that a remote CCC connection is set up on PE1 and PE2 respectively.
<PE1> display ccc total ccc vc : 1 local ccc vc : 0, 0 up remote ccc vc : 1, 1 up name: CE1-CE2, type: remote, state: up, intf: Pos1/0/0 (up), in-label: 100 , out-label: 200 , out-interface : Pos2/0/0 <PE2> display ccc total ccc vc : 1 local ccc vc : 0, 0 up remote ccc vc : 1, 1 up name: CE2-CE1, type: remote, state: up, intf: Pos2/0/0 (up), in-label: 201 , out-label: 101 , out-interface : Pos1/0/0
Run the display l2vpn ccc-interface vc-type ccc command, and you can find that the VC type is CCC and the VC status is Up. Take PE1 as an example:
<PE1> display l2vpn ccc-interface vc-type ccc Total ccc-interface of CCC : 1 up (1), down (0) Interface Encap Type Pos1/0/0 ppp
State up
VC Type ccc
Run the display mpls lsp command on the P, and you can find information about the labels and interfaces of the two established static LSPs.
<P> display mpls lsp ----------------------------------------------------------------------
Issue 03 (2008-09-22)
5-63
5 VLL Configuration
Run the display ip routing-table command on the CEs to check the interface routes learned on CE1 and CE2 from each other. CE1 and CE2 can successfully ping each other. Take CE1 as an example:
<CE1> display ip routing-table Route Flags: R - relied, D - download to fib -----------------------------------------------------------------------------Routing Tables: Public Destinations : 5 Routes : 5 Destination/Mask Proto Pre Cost Flags NextHop Interface 100.1.1.0/24 Direct 0 0 D 100.1.1.1 Pos1/0/0 100.1.1.1/32 Direct 0 0 D 127.0.0.1 InLoopBack0 100.1.1.2/32 Direct 0 0 D 100.1.1.2 Pos1/0/0 127.0.0.0/8 Direct 0 0 D 127.0.0.1 InLoopBack0 127.0.0.1/32 Direct 0 0 D 127.0.0.1 InLoopBack0 <CE1> ping 100.1.1.2 PING 100.1.1.2: 56 data bytes, press CTRL_C to break Reply from 100.1.1.2: bytes=56 Sequence=1 ttl=255 time=58 ms Reply from 100.1.1.2: bytes=56 Sequence=2 ttl=255 time=67 ms Reply from 100.1.1.2: bytes=56 Sequence=3 ttl=255 time=52 ms Reply from 100.1.1.2: bytes=56 Sequence=4 ttl=255 time=69 ms Reply from 100.1.1.2: bytes=56 Sequence=5 ttl=255 time=92 ms --- 100.1.1.2 ping statistics --5 packet(s) transmitted 5 packet(s) received 0.00% packet loss round-trip min/avg/max = 52/67/92 ms
Configuration Files
l
5-64
Issue 03 (2008-09-22)
5 VLL Configuration
Configuration file of P
# sysname P # mpls lsr-id 2.2.2.9 mpls # interface Pos1/0/0 link-protocol ppp undo shutdown ip address 10.2.2.2 255.255.255.0 mpls # interface Pos2/0/0 link-protocol ppp undo shutdown ip address 10.1.1.2 255.255.255.0 mpls # interface LoopBack1 ip address 2.2.2.9 255.255.255.255 # static-lsp transit PE1-PE2 incoming-interface Pos2/0/0 in-label 200 outgoinginterface Pos1/0/0 out-label 201 static-lsp transit PE2-PE1 incoming-interface Pos1/0/0 in-label 101 outgoinginterface Pos2/0/0 out-label 100 # return
Issue 03 (2008-09-22)
5-65
5 VLL Configuration
ip address 100.1.1.2 255.255.255.0 # return
PE 1
POS 1/0/0
PE 2
POS 2/0/0
SVC connection
CE 1
CE 2
Configuration Roadmap
The configuration roadmap is as follows: 1. 2. Enable MPLS and the MPLS L2VPN. Create the L2VC connection between PEs and configure the VC label information manually.
Data Preparation
To complete the configuration, you need the label value of the static L2VC connection.
NOTE
The outer label of PE1 is the same as the inner label of PE2; the inner label of PE1 is the same as the outer label of PE2.
Configuration Procedure
1. 2. Configure interface addresses for CE, PE and P as shown in Figure 5-8. The specific configuration procedures are not mentioned here. Configure IGP on MPLS backbone network. (OSPF is used in this instance.) During the OSPF configuration, the 32-bit loopback interface addresses for PE1, P and PE2 should be advertised.
5-66 Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd. Issue 03 (2008-09-22)
5 VLL Configuration
The specific configuration procedures are omitted here. 3. Configure MPLS basic capability and LDP on MPLS backbone network, using the LDP LSP tunnel. # Configure PE1.
[PE1] mpls lsr-id 1.1.1.9 [PE1] mpls [PE1-mpls] quit [PE1] mpls ldp [PE1-mpls-ldp] quit [PE1] interface pos 2/0/0 [PE1-Pos2/0/0] mpls [PE1-Pos2/0/0] mpls ldp [PE1-Pos2/0/0] quit
# Configure P.
[P] mpls lsr-id 2.2.2.9 [P] mpls [P-mpls] quit [P] mpls ldp [P-mpls-ldp] quit [P] interface pos 1/0/0 [P-Pos1/0/0] mpls [P-Pos1/0/0] mpls ldp [P-Pos1/0/0] quit [P] interface pos 2/0/0 [P-Pos2/0/0] mpls [P-Pos2/0/0] mpls ldp [P-Pos2/0/0] quit
# Configure PE2.
[PE2] mpls lsr-id 3.3.3.9 [PE2] mpls [PE2-mpls] quit [PE2] mpls ldp [PE2-mpls-ldp] quit [PE2] interface pos 1/0/0 [PE2-Pos1/0/0] mpls [PE2-Pos1/0/0] mpls ldp [PE2-Pos1/0/0] quit
After the configuration, LDP sessions are set up between PE1, P, and PE2. Run the display mpls ldp session command, and you can view that the status of the LDP session is Operational. Take PE1 as an example:
<PE1> display mpls ldp session LDP Session(s) in Public Network -----------------------------------------------------------------------------Peer-ID Status LAM SsnRole SsnAge KA-Sent/Rcv -----------------------------------------------------------------------------2.2.2.9:0 Operational DU Passive 000:00:05 22/22 -----------------------------------------------------------------------------TOTAL: 1 session(s) Found. LAM : Label Advertisement Mode SsnAge Unit : DDD:HH:MM
Run the display mpls ldp lsp command, and you can view the establishment of the LDP LSP. Take PE1 as an example:
<PE1> display mpls ldp lsp LDP LSP Information -----------------------------------------------------------------------------SN DestAddress/Mask In/OutLabel Next-Hop In/Out-Interface
Issue 03 (2008-09-22)
5-67
5 VLL Configuration
-----------------------------------------------------------------------------1 1.1.1.9/32 3/NULL 127.0.0.1 Pos2/0/0/InLoop0 2 2.2.2.9/32 NULL/3 10.1.1.2 -------/Pos2/0/0 3 3.3.3.9/32 NULL/1025 10.1.1.2 -------/Pos2/0/0 -----------------------------------------------------------------------------TOTAL: 3 Normal LSP(s) Found. TOTAL: 0 Liberal LSP(s) Found. A '*' before an LSP means the LSP is not established A '*' before a Label means the USCB or DSCB is stale
4.
Enable MPLS L2VPN on PE and creating a static VC connection. # On PE1, create a static VC on POS 1/0/0 that connects CE1.
[PE1] mpls l2vpn [PE1-l2vpn] quit [PE1] interface pos 1/0/0 [PE1-Pos1/0/0] mpls static-l2vc destination 3.3.3.9 transmit-vpn-label 100 receive-vpn-label 200 [PE1-Pos1/0/0] undo shutdown [PE1-Pos1/0/0] quit
5.
Verify the configuration. Check information about the SVC L2VPN connection on PEs. You can find that a static L2VC is set up. Take PE1 as an example:
<PE1> display mpls static-l2vc interface pos 1/0/0 *Client Interface : Pos1/0/0 is up AC Status : up VC State : up VC ID : 0 VC Type : PPP Destination : 3.3.3.9 Transmit VC Label : 100 Receive VC Label : 200 Control Word : Disable VCCV Capability : Disable Tunnel Policy : -PW Template Name : -Traffic Behavior : -Main or Secondary : Main VC tunnel/token info : 1 tunnels/tokens NO.0 TNL Type : lsp , TNL ID : 0x2002002 Create time : 0 days, 0 hours, 8 minutes, 2 seconds UP time : 0 days, 0 hours, 6 minutes, 12 seconds Last change time : 0 days, 0 hours, 6 minutes, 12 seconds
Run the display l2vpn ccc-interface vc-type static-vc up command, and you can find that the VC type is SVC and the status is Up. Take PE1 as an example:
<PE1> display l2vpn ccc-interface vc-type static-vc up Total ccc-interface of SVC VC: 1 up (1), down (0) Interface Encap Type State Pos1/0/0 ppp up
VC Type static-vc
Run the display ip routing-table command on the CEs to check the interface routes learned on CE1 and CE2 from each other.
5-68 Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd. Issue 03 (2008-09-22)
5 VLL Configuration
Configuration Files
l
Issue 03 (2008-09-22)
5-69
5 VLL Configuration
area 0.0.0.0 network 1.1.1.9 0.0.0.0 network 10.1.1.0 0.0.0.255 # return l
Configuration file of P
# sysname P # mpls lsr-id 2.2.2.9 mpls # mpls ldp # interface Pos1/0/0 link-protocol ppp undo shutdown ip address 10.2.2.2 255.255.255.0 mpls mpls ldp # interface Pos2/0/0 link-protocol ppp undo shutdown ip address 10.1.1.2 255.255.255.0 mpls mpls ldp # interface LoopBack1 ip address 2.2.2.9 255.255.255.255 # ospf 1 area 0.0.0.0 network 2.2.2.9 0.0.0.0 network 10.1.1.0 0.0.0.255 network 10.2.2.0 0.0.0.255 # return
5-70
Issue 03 (2008-09-22)
5 VLL Configuration
PE 1
GE1/0/0.1 VLAN10 GE1/0/0.1 100.1.1.1/24 VLAN10
PE 2
GE1/0/0.1 VLAN20 GE 1/0/0.1 100.1.1.2/24 VLAN20
Martini
CE 1
CE 2
Configuration Roadmap
The configuration roadmap is as follows: 1. 2. 3. 4. Configure the routing protocol on related devices in the backbone network and enable MPLS. Adopt the default tunnel policy to set up the LSP as the tunnel used to transmit the user data. Enable the MPLS L2VPN and create the VC connection on PE. Configure the VLAN sub-interface on CE.
Data Preparation
To complete the configuration, you need the following data:
l
Issue 03 (2008-09-22)
5 VLL Configuration
l l
Configuration Procedure
1. Configure CE. # Configure CE1.
<Quidway> system-view [Quidway] sysname CE1 [CE1] interface gigabitethernet 1/0/0 [CE1-GigabitEthernet1/0/0] undo shutdown [CE1-GigabitEthernet1/0/0] quit [CE1] interface gigabitethernet 1/0/0.1 [CE1-GigabitEthernet1/0/0.1] vlan-type dot1q 10 [CE1-GigabitEthernet1/0/0.1] ip address 100.1.1.1 24 [CE1-GigabitEthernet1/0/0.1] undo shutdown [CE1-GigabitEthernet1/0/0.1] quit
# Configure CE2.
<Quidway> system-view [Quidway] sysname CE2 [CE2] interface gigabitethernet 1/0/0 [CE2-GigabitEthernet1/0/0] undo shutdown [CE2-GigabitEthernet1/0/0] quit [CE2] interface gigabitethernet 1/0/0.1 [CE2-GigabitEthernet1/0/0.1] vlan-type dot1q 20 [CE2-GigabitEthernet1/0/0.1] ip address 100.1.1.2 24 [CE2-GigabitEthernet1/0/0.1] undo shutdown [CE2-GigabitEthernet1/0/0.1] quit
2.
Configure an IGP protocol on the MPLS backbone network. OSPF is used in this example. As shown in Figure 5-9, configure IP addresses for interfaces on PEs and the P. When configuring OSPF, note that the 32-bit loopback interface addresses of PE1, P, and PE2, which are used as LSR IDs, should be advertised. The detailed configurations are not mentioned here. After the configuration, OSPF neighbor relationship is set up between PE1, P, and PE2. Run the display ospf peer command, and you can view that the neighbor status is Full. Run the display ip routing-table command, and you can find that the PEs learn the Loopback1 interface routes from each other.
3.
Configure MPLS basic capability and LDP on MPLS backbone network. # Configure PE1.
[PE1] mpls lsr-id 1.1.1.9 [PE1] mpls [PE1-mpls] quit [PE1] mpls ldp [PE1-mpls-ldp] quit [PE1] interface pos 2/0/0 [PE1-Pos2/0/0] mpls [PE1-Pos2/0/0] mpls ldp [PE1-Pos2/0/0] quit
# Configure P.
[P] mpls lsr-id 2.2.2.9 [P] mpls [P-mpls] quit [P] mpls ldp [P-mpls-ldp] quit [P] interface pos 1/0/0 [P-Pos1/0/0] mpls [P-Pos1/0/0] mpls ldp [P-Pos1/0/0] quit
5-72
Issue 03 (2008-09-22)
5 VLL Configuration
# Configure PE2.
[PE2] mpls lsr-id 3.3.3.9 [PE2] mpls [PE2-mpls] quit [PE2] mpls ldp [PE2-mpls-ldp] quit [PE2] interface pos 2/0/0 [PE2-Pos2/0/0] mpls [PE2-Pos2/0/0] mpls ldp [PE2-Pos2/0/0] quit
4.
# Configure PE2.
[PE2] mpls ldp remote-peer 1 [PE2-mpls-ldp-remote-1] remote-ip 1.1.1.9 [PE2-mpls-ldp-remote-1] quit
After the configuration, run the display mpls ldp session command on PE1 to check the establishment of the LDP session. You can find that the remote LDP session between PE1 and PE2 is newly set up. Take PE1 as an example:
<PE1> display mpls ldp session LDP Session(s) in Public Network -----------------------------------------------------------------------------Peer-ID Status LAM SsnRole SsnAge KA-Sent/Rcv -----------------------------------------------------------------------------2.2.2.9:0 Operational DU Passive 000:00:09 40/40 3.3.3.9:0 Operational DU Passive 000:00:09 37/37 -----------------------------------------------------------------------------TOTAL: 2 session(s) Found. LAM : Label Advertisement Mode SsnAge Unit : DDD:HH:MM
5.
Enable MPLS L2VPN on PE and create the VC connection. # On PE1, create a VC on Gigabit Ethernet 1/0/0.1, which connects CE1.
[PE1] mpls l2vpn [PE1-l2vpn] mpls l2vpn default martini [PE1-l2vpn] quit [PE1] interface gigabitethernet 1/0/0 [PE1-GigabitEthernet1/0/0] undo shutdown [PE1-GigabitEthernet1/0/0] quit [PE1] interface gigabitethernet 1/0/0.1 [PE1-GigabitEthernet1/0/0.1] vlan-type dot1q 10 [PE1-GigabitEthernet1/0/0.1] mpls l2vc 3.3.3.9 101 [PE1-GigabitEthernet1/0/0.1] undo shutdown [PE1-GigabitEthernet1/0/0.1] quit
Issue 03 (2008-09-22)
5-73
5 VLL Configuration
6.
Verify the configuration. Check the L2VPN connection on the PEs. You can find that an L2VC is set up and the VC status is Up. Take PE1 as an example:
<PE1> display mpls l2vc interface gigabitethernet 1/0/0.1 *client interface : GigabitEthernet1/0/0.1 is up session state : up AC state : up VC state : up VC ID : 101 VC type : VLAN destination : 3.3.3.9 local group ID : 0 remote group ID : 0 local VC label : 21504 remote VC label : 21504 local AC OAM State : up local PSN State : up local forwarding state : forwarding remote AC OAM state : up remote PSN state : up remote forwarding state: forwarding BFD for PW : disable manual fault : not set active state : active forwarding entry : exist link state : up local VC MTU : 1500 remote VC MTU : 1500 local VCCV : Disable remote VCCV : Disable local control word : disable remote control word : disable tunnel policy name : -traffic behavior name : -PW template name : -primary or secondary : primary VC tunnel/token info : 1 tunnels/tokens NO.0 TNL type : lsp , TNL ID : 0x2002003 create time : 0 days, 0 hours, 4 minutes, 19 seconds up time : 0 days, 0 hours, 2 minutes, 40 seconds last change time : 0 days, 0 hours, 2 minutes, 40 seconds
CE1 and CE2 can successfully ping each other. Take CE1 as an example:
<CE1> ping 100.1.1.2 PING 100.1.1.2: 56 data bytes, press CTRL_C to break Reply from 100.1.1.2: bytes=56 Sequence=1 ttl=255 time=31 ms Reply from 100.1.1.2: bytes=56 Sequence=2 ttl=255 time=10 ms Reply from 100.1.1.2: bytes=56 Sequence=3 ttl=255 time=5 ms Reply from 100.1.1.2: bytes=56 Sequence=4 ttl=255 time=2 ms Reply from 100.1.1.2: bytes=56 Sequence=5 ttl=255 time=28 ms --- 100.1.1.2 ping statistics --5 packet(s) transmitted 5 packet(s) received 0.00% packet loss round-trip min/avg/max = 2/15/31 ms
Configuration Files
l
5-74
Issue 03 (2008-09-22)
5 VLL Configuration
Configuration file of P
# sysname P # mpls lsr-id 2.2.2.9 mpls # mpls ldp # interface Pos1/0/0 link-protocol ppp undo shutdown ip address 10.2.2.2 255.255.255.0 mpls mpls ldp # interface Pos2/0/0 link-protocol ppp undo shutdown ip address 10.1.1.2 255.255.255.0
Issue 03 (2008-09-22)
5-75
5 VLL Configuration
mpls mpls ldp # interface LoopBack1 ip address 2.2.2.9 255.255.255.255 # ospf 1 area 0.0.0.0 network 2.2.2.9 0.0.0.0 network 10.1.1.0 0.0.0.255 network 10.2.2.0 0.0.0.255 # return l
5-76
Issue 03 (2008-09-22)
5 VLL Configuration
POS1/0/0
PE Loopback1 1.1.1.9/32
Configuration Roadmap
The configuration roadmap is as follows: 1. 2. 3. Enable MPLS on PE. Enable the L2VPN. Connect the VLL instance with CE.
Data Preparation
To configure the Kompella VLL, you need the following data:
l l l
Name of the VPN instance and route distinguisher (RD) Name and number of the CEs (The CE number is unique globally.) Size of the label block (CE range) as required
Configuration Procedure
1. 2. Configure interface addresses for CE1 and CE2 as shown in Figure 5-10. The configuration details are not mentioned here. Configure a local Kompella connection. # Configure the basic MPLS capability.
[PE] interface loopback 1 [PE-LoopBack1] ip address 1.1.1.9 32 [PE-LoopBack1] quit [PE] mpls lsr-id 1.1.1.9 [PE] mpls [PE-mpls] quit
5 VLL Configuration
3.
Verify the configuration. After the configuration, run the display mpls l2vpn connection command on the PEs. You can view that an L2VPN connection is established and the connection status is Up.
<PE> display mpls l2vpn connection 2 total connections, connections: 2 up, 0 down, 2 local, 0 remote, 0 unknown VPN name: vpn1, 2 total connections, connections: 2 up, 0 down, 2 local, 0 remote, 0 unknown CE name: ce1, id: 1, Rid type status peer-id route-distinguisher interface primary or not 2 loc up ----Pos1/0/0 primary CE name: ce2, id: 2, Rid type status peer-id route-distinguisher interface primary or not 1 loc up ----Pos2/0/0 primary
Configuration Files
l
Configuration file of PE
# sysname PE #
5-78
Issue 03 (2008-09-22)
5 VLL Configuration
PE 1
PE 2 POS 2/0/0
Kompella Remote
CE 1
CE 2
Issue 03 (2008-09-22)
5-79
5 VLL Configuration
Configuration Roadmap
The configuration roadmap is as follows: 1. 2. 3. Configure a routing protocol and enable MPLS and LDP on related devices in the backbone network (PEs and P) to implement interworking. Enable MPLS L2VPN and configure the L2VPN capability of BGP between the PEs. Configure VPN instances to connect with the CEs.
Data Preparation
To configure the remote Kompella VLL connection, you need the following data:
l l l l
AS number of BGP Name of the VPN instance, RD, and VPN target Name and number of the CEs (The CE number is unique globally.) Size of the label block (CE range) as required
Configuration Procedure
1. Configure an IP address for each interface on the CEs, PEs, and P as shown in Figure 5-11. The configuration details are not mentioned here. 2. Configure IGP on the MPLS backbone network. OSPF is used as IGP in this example. When configuring OSPF, note that the 32-bit addresses of loopback interfaces of PE1, P, and PE2, which are used as LSR IDs, need be advertised. The configuration details are not mentioned here. After the configuration, run the display ip routing-table command on each LSR. You can view that the LSRs have learnt the routes of the LSR IDs from each other. Take the display on PE1 as an example:
<PE1> display ip routing-table Route Flags: R - relied, D - download to fib -----------------------------------------------------------------------------Routing Tables: Public Destinations : 9 Routes : 9 Destination/Mask Proto Pre Cost Flags NextHop Interface 1.1.1.9/32 Direct 0 0 D 127.0.0.1 InLoopBack0 2.2.2.9/32 OSPF 10 2 D 168.1.1.2 Pos2/0/0 3.3.3.9/32 OSPF 10 3 D 168.1.1.2 Pos2/0/0 127.0.0.0/8 Direct 0 0 D 127.0.0.1 InLoopBack0 127.0.0.1/32 Direct 0 0 D 127.0.0.1 InLoopBack0 168.1.1.0/24 Direct 0 0 D 168.1.1.1 Pos2/0/0 168.1.1.1/32 Direct 0 0 D 127.0.0.1 InLoopBack0 168.1.1.2/32 Direct 0 0 D 168.1.1.2 Pos2/0/0 169.1.1.0/24 OSPF 10 2 D 168.1.1.2 Pos2/0/0
Run the display ospf peer command. You can view that the OSPF neighbor relationship is established and the status is FULL. Take the display on PE1 as an example:
<PE1> display ospf peer OSPF Process 1 with Router ID 1.1.1.9 Neighbors Area 0.0.0.0 interface 168.1.1.1(Pos2/0/0)'s neighbors Router ID: 2.2.2.9 Address: 168.1.1.2 GR State: Normal State: Full Mode:Nbr is Master Priority: 1 DR: None BDR: None MTU: 0
5-80
Issue 03 (2008-09-22)
5 VLL Configuration
3.
Configure the basic MPLS capability and LDP and establish LDP LSP. The configuration details are not mentioned here. After the configuration, run the display mpls ldp session and display mpls ldp peer commands on each LSR. You can view information about LDP sessions and LDP peers. Take the display on PE1 as an example:
<PE1> display mpls ldp session LDP Session(s) in Public Network -----------------------------------------------------------------------------Peer-ID Status LAM SsnRole SsnAge KA-Sent/Rcv -----------------------------------------------------------------------------2.2.2.9:0 Operational DU Passive 000:00:07 32/32 -----------------------------------------------------------------------------TOTAL: 1 session(s) Found. LAM : Label Advertisement Mode SsnAge Unit : DDD:HH:MM <PE1> display mpls ldp peer LDP Peer Information in Public network -----------------------------------------------------------------------------Peer-ID Transport-Address Discovery-Source -----------------------------------------------------------------------------2.2.2.9:0 2.2.2.9 Pos2/0/0 -----------------------------------------------------------------------------TOTAL: 1 Peer(s) Found.
Run the display mpls lsp command. You can view information about the establishment of LSP. Take the display on PE1 as an example:
<PE1> display mpls lsp ---------------------------------------------------------------------LSP Information: LDP LSP ---------------------------------------------------------------------FEC In/Out Label In/Out IF Vrf Name 1.1.1.9/32 3/NULL -/2.2.2.9/32 NULL/3 -/Pos2/0/0 3.3.3.9/32 NULL/1025 -/Pos2/0/0
4.
# Configure PE2.
[PE2] mpls l2vpn [PE2-l2vpn] quit [PE2] bgp 100 [PE2-bgp] peer 1.1.1.9 as-number 100 [PE2-bgp] peer 1.1.1.9 connect-interface loopback 1 [PE2-bgp] l2vpn-family [PE2-bgp-af-l2vpn] peer 1.1.1.9 enable
Issue 03 (2008-09-22)
5-81
5 VLL Configuration
[PE2-bgp-af-l2vpn] quit [PE2-bgp] quit
After the configuration, run the display bgp l2vpn peer command on PE1 and PE2. You can view that the peer relationship is established between the PEs and the peer status is Established. Take the display on PE1 as an example:
<PE1> display bgp l2vpn peer BGP local router ID : 1.1.1.9 Local AS number : 100 Total number of peers : 1 Peer V AS MsgRcvd 3.3.3.9 4 100 9
MsgSent 7
5.
# Configure PE2.
[PE2] mpls l2vpn vpn1 encapsulation ppp [PE2-mpls-l2vpn-vpn1] route-distinguisher 100:1 [PE2-mpls-l2vpn-vpn1] vpn-target 1:1 [PE2-mpls-l2vpn-vpn1] ce ce2 id 2 range 10 [PE2-mpls-l2vpn-ce-vpn1-ce2] connection ce-offset 1 interface pos 2/0/0 [PE2-mpls-l2vpn-ce-vpn1-ce2] quit [PE2-mpls-l2vpn-vpn1] quit [PE2] interface pos 2/0/0 [PE2-Pos2/0/0] undo shutdown [PE2-Pos2/0/0] quit
6.
Verify the configuration. After the configuration, run the display mpls l2vpn connection command on the PEs. You can view that an L2VPN connection is established and the connection status is Up. Take the display on PE1 as an example:
<PE1> display mpls l2vpn connection 1 total connections, connections: 1 up, 0 down, 0 local, 1 remote, 0 unknown VPN name: vpn1, 1 total connections, connections: 1 up, 0 down, 0 local, 1 remote, 0 unknown CE name: ce1, id: 1, Rid type status peer-id route-distinguisher interface or not 2 rmt up 3.3.3.9 100:1 Pos1/0/0
primary primary
5-82
Issue 03 (2008-09-22)
5 VLL Configuration
Configuration Files
l
Issue 03 (2008-09-22)
5-83
5 VLL Configuration
l
Configuration file of P
# sysname P # mpls lsr-id 2.2.2.9 mpls # mpls ldp # interface Pos1/0/0 link-protocol ppp undo shutdown ip address 168.1.1.2 255.255.255.0 mpls mpls ldp # interface Pos2/0/0 link-protocol ppp undo shutdown ip address 169.1.1.1 255.255.255.0 mpls mpls ldp # interface LoopBack1 ip address 2.2.2.9 255.255.255.255 # ospf 1 area 0.0.0.0 network 168.1.1.0 0.0.0.255 network 169.1.1.0 0.0.0.255 network 2.2.2.9 0.0.0.0 # return
5-84
Issue 03 (2008-09-22)
5 VLL Configuration
5.11.7 Example for Configuring VLL Internetworking (Interconnecting Ethernet with PPP by Using the Remote CCC Connection)
Networking Requirements
In Figure 5-12, CE1 and PE1 are connected through POS interfaces. Packets transmitted over the link layer are encapsulated with PPP.CE2 and PE2 are connected through GE interfaces. To ensure that CE1 and CE2 can communicate, the remote CCC connection and internetworking must be configured on the PEs. In addition, two static LSPs are required on the P to transmit packets in a bidirectional way.
Issue 03 (2008-09-22)
5-85
5 VLL Configuration
Figure 5-12 Networking diagram of L2VPN internetworking (Ethernet interconnecting with PPP by using the remote CCC connection)
CE 1 to CE 2 O-Label 200 I-Label 100 Loopback1 1.1.1.9/32 I-Label 200 O-Label 100 O-Label 201 I-Label 101 I-Label 201 O-Label 101
CE 2 to CE 1
Loopback1 2.2.2.9/32
Loopback1 3.3.3.9/32
P PE 1
POS 1/0/0 POS 2/0/0 100.1.1.1/24 POS 2/0/0 100.1.1.2/24 POS1/0/0 100.2.2.2/24 POS 1/0/0 100.2.2.1/24
PE 2
GE 2/0/0
GE1/0/0 10.1.1.2/24
CE 1
CE 2
Configuration Roadmap
The configuration roadmap is as follows: 1. 2. 3. Configure two static bidirectional LSPs to work as the data tunnels exclusively used by the local CCC connection. Enable MPLS L2VPN on the PEs. (MPLS L2VPN is not required on the P.) Configure two connections, that is, the connections from CE1 to CE2 and from CE2 to CE1.
Data Preparation
To complete the configuration, you need the outer label and the inner label of the remote CCC connection. Note the mapping between the outer label and the inner label on the PE and the P. For the settings of the outer label and the inner label, see Figure 5-12.
Configuration Procedure
1. Configure the CEs. # Configure CE1.
<Quidway> system-view [Quidway] sysname CE1 [CE1] interface pos 1/0/0 [CE1-Pos1/0/0] ip address 10.1.1.1 24 [CE1-Pos1/0/0] remote address 10.1.1.6 [CE1-Pos1/0/0] mtu 1500 [CE1-Pos1/0/0] shutdown [CE1-Pos1/0/0] undo shutdown [CE1-Pos1/0/0] quit
5-86
Issue 03 (2008-09-22)
5 VLL Configuration
You are recommended to set the MTU of CE1 and the MTU of PE1 to be the same to avoid the negotiation during forwarding.
# Configure CE2.
<Quidway> system-view [Quidway] sysname CE2 [CE2] interface gigabitethernet 1/0/0 [CE2-GigabitEthernet1/0/0] ip address 10.1.1.2 24 [CE2-GigabitEthernet1/0/0] undo shutdown [CE2-GigabitEthernet1/0/0] quit
2.
Configure an IP address for each interface on the routers in the backbone network. # Configure PE1.
<Quidway> system-view [Quidway] sysname PE1 [PE1] interface loopback 1 [PE1-LoopBack1] ip address 1.1.1.9 32 [PE1-LoopBack1] quit [PE1] interface pos 2/0/0 [PE1-Pos2/0/0] ip address 100.1.1.1 24 [PE1-Pos2/0/0] undo shutdown [PE1-Pos2/0/0] quit [PE1] interface pos 1/0/0 [PE1-Pos1/0/0] ip address ppp-negotiate [PE1-Pos1/0/0] mtu 1500 [PE1-Pos1/0/0] undo shutdown [PE1-Pos1/0/0] quit
NOTE
For PE1, the local attached circuit (AC) is a POS link running PPP, with the default MTU as 4470; the remote AC is an Ethernet link, with the default MTU as 1500. If PEs fail to negotiate the MTU because the MTUs of the ACs on the two ends are different, the VC cannot be established normally. You need to set the MTUs of the ACs on the two ends to be the same (1500).
# Configure P.
<Quidway> system-view [Quidway] sysname P [P] interface loopback 1 [P-LoopBack1] ip address 2.2.2.9 32 [P-LoopBack1] quit [P] interface pos 1/0/0 [P-Pos1/0/0] ip address 100.2.2.2 24 [P-Pos1/0/0] undo shutdown [P-Pos1/0/0] quit [P] interface pos 2/0/0 [P-Pos2/0/0] ip address 100.1.1.2 24 [P-Pos2/0/0] undo shutdown [P-Pos2/0/0] quit
# Configure PE2.
<Quidway> system-view [Quidway] sysname PE2 [PE2] interface loopback 1 [PE2-LoopBack1] ip address 3.3.3.9 32 [PE2-LoopBack1] quit [PE2] interface pos 1/0/0 [PE2-Pos1/0/0] ip address 100.2.2.1 24 [PE2-Pos1/0/0] undo shutdown [PE2-Pos1/0/0] quit
3.
Configure the basic MPLS functions on the MPLS backbone network. # Configure PE1.
[PE1] mpls lsr-id 1.1.1.9 [PE1] mpls [PE1-mpls] quit
Issue 03 (2008-09-22)
5-87
5 VLL Configuration
[PE1] interface pos 2/0/0 [PE1-Pos2/0/0] mpls [PE1-Pos2/0/0] quit
# Configure P.
[P] mpls lsr-id 2.2.2.9 [P] mpls [P-mpls] quit [P] interface pos 1/0/0 [P-Pos1/0/0] mpls [P-Pos1/0/0] quit [P] interface pos 2/0/0 [P-Pos2/0/0] mpls [P-Pos2/0/0] quit
# Configure PE2.
[PE2] mpls lsr-id 3.3.3.9 [PE2] mpls [PE2-mpls] quit [PE2] interface pos 1/0/0 [PE2-Pos1/0/0] mpls [PE2-Pos1/0/0] quit
4.
Enable MPLS L2VPN and create a remote CCC connection on the PEs. # Configure PE1. Enable MPLS L2VPN globally and create a remote CCC connection from CE1 to CE2. Connect the incoming interface to CE1 and the outgoing interface to P. Set the incoming label to 100 and the outgoing label to 200.
[PE1] mpls l2vpn [PE1-l2vpn] quit [PE1] ccc ip-interworking CE1-CE2 interface pos 1/0/0 in-label 100 out-label 200 out-interface pos 2/0/0
# Configure PE2. Enable MPLS L2VPN globally and create a remote CCC connection from CE2 to CE1. Connect the incoming interface to CE2 and the outgoing interface to P. Set the incoming label to 201 and the outgoing label to 101.
[PE2] mpls l2vpn [PE2-l2vpn] quit [PE2] ccc ip-interworking CE2-CE1 interface gigabitethernet 2/0/0 in-label 201 out-label 101 out-interface pos 1/0/0 [PE2] interface gigabitethernet 2/0/0 [PE2-GigabitEthernet2/0/0] undo shutdown [PE2-GigabitEthernet2/0/0] local-ce ip 10.1.1.2 [PE2-GigabitEthernet2/0/0] quit
5.
Configure static LSPs on P. # Configure a static LSP on P for forwarding packets from PE1 to PE2, and configure another static LSP for forwarding packets from PE2 to PE1.
[P] static-lsp transit outgoing-interface pos [P] static-lsp transit outgoing-interface pos PE1-PE2 incoming-interface pos 2/0/0 in-label 200 1/0/0 out-label 201 PE2-PE1 incoming-interface pos 1/0/0 in-label 101 2/0/0 out-label 100
6.
Verify the configuration. After the configuration, check information about the CCC connection on the PEs. You can view that a remote CCC connection is established on PE1 and PE2 respectively.
<PE1> display ccc total ccc vc : 1 local ccc vc : 0, 0 up remote ccc vc : 1, 1 up name: CE1-CE2, type: remote, state: up, intf: Pos1/0/0 (up), in-label: 100 , out-label: 200 , out-interface : Pos2/0/0 <PE2> display ccc total ccc vc : 1 local ccc vc : 0, 0 up remote ccc vc : 1, 1 up
5-88
Issue 03 (2008-09-22)
5 VLL Configuration
name: CE2-CE1, type: remote, state: up, intf: GigabitEthernet2/0/0 (up), in-label: 201 , out-label: 101 , outinterface : Pos1/0/0
Run the display mpls lsp command on P. You can view information about the labels and interfaces of the two established static LSPs.
<P> display mpls lsp ---------------------------------------------------------------------LSP Information: STATIC LSP ---------------------------------------------------------------------FEC In/Out Label In/Out IF Vrf Name -/200/201 Pos2/0/0/Pos1/0/0 -/101/100 Pos1/0/0/Pos2/0/0
Run the display ip routing-table command on the CEs. You can view the interface routes learned by CE1 and CE2 from each other. Take the display on CE1 as an example:
<CE1> display ip routing-table Route Flags: R - relied, D - download to fib -----------------------------------------------------------------------------Routing Tables: Public Destinations : 5 Routes : 5 Destination/Mask Proto Pre Cost Flags NextHop Interface 10.1.1.0/24 Direct 0 0 D 10.1.1.1 Pos1/0/0 10.1.1.1/32 Direct 0 0 D 127.0.0.1 InLoopBack0 10.1.1.6/32 Direct 0 0 D 10.1.1.6 Pos1/0/0 127.0.0.0/8 Direct 0 0 D 127.0.0.1 InLoopBack0 127.0.0.1/32 Direct 0 0 D 127.0.0.1 InLoopBack0
Configuration Files
l
Issue 03 (2008-09-22)
5-89
5 VLL Configuration
Configuration file of P
# sysname P # mpls lsr-id 2.2.2.9 mpls # interface Pos1/0/0 link-protocol ppp undo shutdown ip address 100.2.2.2 255.255.255.0 mpls # interface Pos2/0/0 link-protocol ppp undo shutdown ip address 100.1.1.2 255.255.255.0 mpls # interface LoopBack1 ip address 2.2.2.9 255.255.255.255 # static-lsp transit PE1-PE2 incoming-interface Pos2/0/0 in-label 200 outgoinginterface Pos1/0/0 out-label 201 static-lsp transit PE2-PE1 incoming-interface Pos1/0/0 in-label 101 outgoinginterface Pos2/0/0 out-label 100 # return
5-90
Issue 03 (2008-09-22)
5 VLL Configuration
5.11.8 Example for Configuring VLL Internetworking (Interconnecting Ethernet with HDLC in Martini Mode)
Networking Requirements
Figure 5-13 shows that CE1 is connected to PE1 through GE interfaces, while CE2 is connected to PE2 through HDLC (POS). Figure 5-13 Networking diagram of IP-interworking Ethernet to HDLC
PE1 PE2 P Loopback1 Loopback1 Loopback1 1.1.1.9/32 2.2.2.9/32 3.3.3.9/32 POS2/0/0 POS2/0/0 169.1.1.1/24 168.1.1.1/24 POS1/0/0 POS1/0/0 GE1/0/0 168.1.1.2/24 169.1.1.2/24 POS2/0/0 Martini GE1/0/0 30.1.1.1/24 CE1 POS1/0/0 30.1.1.2/24 CE2
Configuration Roadmap
The configuration roadmap is as follows: 1. 2. 3. 4. 5. Configure the routing protocol on PEs and Ps in the backbone network and enable MPLS. Set up the remote MPLS LDP session between PEs. Set up the tunnel according to the tunnel policy and create the L2VC connection. Configure the HDLC protocol and ensure the same MTU on the interfaces connecting CE and PE. On PE, statically configure the MAC address and the IP address used when PE sends packets to CE.
Issue 03 (2008-09-22)
5-91
5 VLL Configuration
Data Preparation
To interconnect Ethernet with HDLC, you need the following data:
l l l l
Name of the PE remote peer Label value of the L2VC MTU value of the interfaces connected CE and PE MAC address used when PE sends packets to CE
Configuration Procedure
1. Configure IGP on the MPLS backbone network. OSPF is used as IGP in this example. The configuration details are not mentioned here. After the configuration, run the display ip routing-table command on each LSR. You can view that the LSRs have learnt the routes of the LSR IDs from each other. Run the display ospf peer command. You can view that the OSPF neighbor relationship is established between the LSRs and the status is FULL. Take the display on PE1 as an example:
<PE1> display ip routing-table Route Flags: R - relied, D - download to fib -----------------------------------------------------------------------------Routing Tables: Public Destinations : 9 Routes : 9 Destination/Mask Proto Pre Cost Flags NextHop Interface 1.1.1.9/32 Direct 0 0 D 127.0.0.1 InLoopBack0 2.2.2.9/32 OSPF 10 2 D 168.1.1.2 Pos2/0/0 3.3.3.9/32 OSPF 10 3 D 168.1.1.2 Pos2/0/0 127.0.0.0/8 Direct 0 0 D 127.0.0.1 InLoopBack0 127.0.0.1/32 Direct 0 0 D 127.0.0.1 InLoopBack0 168.1.1.0/24 Direct 0 0 D 168.1.1.1 Pos2/0/0 168.1.1.1/32 Direct 0 0 D 127.0.0.1 InLoopBack0 168.1.1.2/32 Direct 0 0 D 168.1.1.2 Pos2/0/0 169.1.1.0/24 OSPF 10 2 D 168.1.1.2 Pos2/0/0
Run the display ospf peer command. You can view that the OSPF neighbor relationship is established between the LSRs and the status is FULL. Take the display on PE1 as an example:
<PE1> display ospf peer OSPF Process 1 with Router ID 1.1.1.9 Neighbors Area 0.0.0.0 interface 168.1.1.1(Pos2/0/0)'s neighbors Router ID: 2.2.2.9 Address: 168.1.1.2 GR State: Normal State: Full Mode:Nbr is Master Priority: 1 DR: None BDR: None MTU: 0 Dead timer due in 30 sec Neighbor is up for 00:04:12
Authentication Sequence: [ 0 ] 2. Configure basic MPLS capability and LDP, and establish LDP LSP and remote LDP session between PE1 and PE2. # Configure PE1.
[PE1] mpls lsr-id 1.1.1.9 [PE1] mpls [PE1-mpls] quit [PE1] mpls ldp [PE1-mpls-ldp] quit [PE1] mpls ldp remote-peer 3.3.3.9 [PE1-mpls-ldp-remote-3.3.3.9] remote-ip 3.3.3.9 [PE1-mpls-ldp-remote-3.3.3.9] quit
5-92
Issue 03 (2008-09-22)
5 VLL Configuration
# Configure P.
[P] mpls lsr-id 2.2.2.9 [P] mpls [P-mpls] quit [P] mpls ldp [P-mpls-ldp] quit [P] interface pos 1/0/0 [P-Pos1/0/0] mpls [P-Pos1/0/0] mpls ldp [P-Pos1/0/0] quit [P] interface pos 2/0/0 [P-Pos2/0/0] mpls [P-Pos2/0/0] mpls ldp [P-Pos2/0/0] quit
# Configure PE2.
[PE2] mpls lsr-id 3.3.3.9 [PE2] mpls [PE2-mpls] quit [PE2] mpls ldp [PE2-mpls-ldp] quit [PE2] mpls ldp remote-peer 1.1.1.9 [PE2-mpls-ldp-remote-1.1.1.9] remote-ip 1.1.1.9 [PE2-mpls-ldp-remote-1.1.1.9] quit [PE2] interface pos 1/0/0 [PE2-Pos1/0/0] mpls [PE2-Pos1/0/0] mpls ldp [PE2-Pos1/0/0] quit
After the configuration, run the display mpls ldp session and display mpls ldp peer commands on each LSR. You can view information about LDP sessions and LDP peers. Take the display on PE1 as an example:
<PE1> display mpls ldp session LDP Session(s) in Public Network -----------------------------------------------------------------------------Peer-ID Status LAM SsnRole SsnAge KA-Sent/Rcv -----------------------------------------------------------------------------2.2.2.9:0 Operational DU Passive 000:00:07 31/31 3.3.3.9:0 Operational DU Passive 000:00:07 29/29 -----------------------------------------------------------------------------TOTAL: 2 session(s) Found. LAM : Label Advertisement Mode SsnAge Unit : DDD:HH:MM <PE1> display mpls ldp peer LDP Peer Information in Public network -----------------------------------------------------------------------------Peer-ID Transport-Address Discovery-Source -----------------------------------------------------------------------------2.2.2.9:0 2.2.2.9 Pos2/0/0 3.3.3.9:0 3.3.3.9 Remote Peer : 3.3.3.9 -----------------------------------------------------------------------------TOTAL: 2 Peer(s) Found.
3.
Issue 03 (2008-09-22)
5-93
5 VLL Configuration
[CE1-GigabitEthernet1/0/0] quit
# Configure PE1.
[PE1] mpls l2vpn [PE1-l2vpn] mpls l2vpn default martini [PE1-l2vpn] quit [PE1] interface gigabitethernet 1/0/0 [PE1-GigabitEthernet1/0/0] mpls l2vc 3.3.3.9 1 ip-interworking [PE1-GigabitEthernet1/0/0] local-ce ip 30.1.1.1 [PE1-GigabitEthernet1/0/0] undo shutdown [PE1-GigabitEthernet1/0/0] quit
# Configure CE2.
[CE2] interface pos 1/0/0 [CE2-Pos1/0/0] mtu 1500 [CE2-Pos1/0/0] link-protocol hdlc [CE2-Pos1/0/0] ip address 30.1.1.2 24 [CE2-Pos1/0/0] undo shutdown [CE2-Pos1/0/0] quit
# Configure PE2.
[PE2] mpls [PE2-l2vpn] l2vpn default martini [PE2-l2vpn] quit [PE2] interface pos 2/0/0 [PE2-Pos2/0/0] mtu 1500 [PE2-Pos2/0/0] link-protocol hdlc [PE2-Pos2/0/0] mpls l2vc 1.1.1.9 1 ip-interworking [PE2-Pos2/0/0] undo shutdown [PE2-Pos2/0/0] quit
4.
Verify the configuration. After the configuration, run the display mpls l2vc command on the PEs. You can view that the VC status is Up and the VC type is IP-interworking.
<PE1> display mpls l2vc interface gigabitethernet 1/0/0 *client interface : GigabitEthernet1/0/0 is up session state : up AC state : up VC state : up VC ID : 1 VC type : IP-interworking destination : 3.3.3.9 local group ID : 0 remote group ID : 0 local VC label : 21504 remote VC label : 21504 local AC OAM State : up local PSN State : up local forwarding state : forwarding remote AC OAM state : up remote PSN state : up remote forwarding state: forwarding BFD for PW : disable manual fault : not set active state : active forwarding entry : exist link state : up local VC MTU : 1500 remote VC MTU : 1500 local VCCV : Disable remote VCCV : Disable local control word : disable remote control word : disable tunnel policy name : -traffic behavior name : -PW template name : -primary or secondary : primary VC tunnel/token info : 1 tunnels/tokens NO.0 TNL type : lsp , TNL ID : 0x2002003 create time : 0 days, 0 hours, 8 minutes, 50 seconds up time : 0 days, 0 hours, 5 minutes, 24 seconds last change time : 0 days, 0 hours, 5 minutes, 24 seconds
5-94
Issue 03 (2008-09-22)
5 VLL Configuration
Run the display interface command on the interfaces that access the PEs. You can view that the status of the L2VPN connection is Up.
<PE1> display interface gigabitethernet 1/0/0 GigabitEthernet1/0/0 current state : UP Line protocol current state : DOWN Description:HUAWEI, Quidway Series, GigabitEthernet1/0/0 Interface Route Port,The Maximum Transmit Unit is 1500 Internet protocol processing : disabled IP Sending Frames' Format is PKTFMT_ETHNT_2, Hardware address is 00e0-c54e-4202 L2VPN interworking connection of the main PW is up L2VPN interworking connection of the second PW is down L2VPN input: 0 packets, 0 discards output: 0 packets, 0 discards QoS max-bandwidth : 100000 Kbps Output queue : (Urgent queue : Size/Length/Discards) 0/50/0 Output queue : (Protocol queue : Size/Length/Discards) 0/1000/0 Output queue : (FIFO queue : Size/Length/Discards) 0/256/0 Hardware address is 00e0-c54e-4202 Input: 0 Bytes, 0 Packets Unicast: 0, Multicast: 0, Broadcast: 0 Output: 0 Bytes, 0 Packets Unicast: 0, Multicast: 0, Broadcast: 0
Configuration Files
l
Issue 03 (2008-09-22)
5-95
5 VLL Configuration
mpls l2vc 3.3.3.9 1 ip-interworking # interface Pos2/0/0 link-protocol ppp undo shutdown ip address 168.1.1.1 255.255.255.0 mpls mpls ldp # interface LoopBack1 ip address 1.1.1.9 255.255.255.255 # ospf 1 area 0.0.0.0 network 1.1.1.9 0.0.0.0 network 168.1.1.0 0.0.0.255 # return l
Configuration file of P
# sysname P # mpls lsr-id 2.2.2.9 mpls # mpls ldp # interface Pos1/0/0 link-protocol ppp undo shutdown ip address 168.1.1.2 255.255.255.0 mpls mpls ldp # interface Pos2/0/0 link-protocol ppp undo shutdown ip address 169.1.1.1 255.255.255.0 mpls mpls ldp # interface LoopBack1 ip address 2.2.2.9 255.255.255.255 # ospf 1 area 0.0.0.0 network 2.2.2.9 0.0.0.0 network 168.1.1.0 0.0.0.255 network 169.1.1.0 0.0.0.255 # return
5-96
Issue 03 (2008-09-22)
5 VLL Configuration
5.11.9 Example for Configuring VLL Internetworking (Interconnecting VLAN with ATM by Using the Local Kompella Connection)
Networking Requirements
As shown in Figure 5-14, CE1 is connected to the PE through the GE sub-interface, while CE2 is connected to the PE through the ATM sub-interface. A local Kompella connection is established between CE1 and CE2 for their interworking. Figure 5-14 Networking diagram of IP-interworking VLAN to ATM in Kompella mode
Loopback1 1.1.1.9/32 GE 1/0/0.1 30.1.1.1/24 ATM 1/0/0.1 30.1.1.2/24
GE 1/0/0.1
ATM 2/0/0.1
CE1
PE
CE2
Configuration Roadmap
The configuration roadmap is as follows:
Issue 03 (2008-09-22) Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd. 5-97
5 VLL Configuration
1. 2. 3. 4. 5.
Enable L2VPN. Connect the VPN instance to the CEs and specify the encapsulation type of the L2VPN as IP-interworking. The local connection need not transmit the signaling protocol; therefore, BGP and LSP tunnels are not needed. Configure the VLAN sub-interface on CE1 because CE1 accesses the PE through the GE sub-interface. Configure the VCs because CE2 accesses the PE through the ATM sub-interface.
Data Preparation
To complete the configuration, you need the following data:
l l l l l
ID of the VLAN to which the GE interface belongs ATM VC number VPN instance name, RD, and VPN target Name and number of the CEs (The CE number is unique globally.) Size of the label block (CE range) as required
Configuration Procedure
1. Configure the CEs to access the PE. # Configure CE1.
<Quidway> system-view [Quidway] sysname CE1 [CE1] interface gigabitethernet 1/0/0 [CE1-GigabitEthernet1/0/0] undo shutdown [CE1-GigabitEthernet1/0/0] quit [CE1] interface gigabitethernet 1/0/0.1 [CE1-GigabitEthernet1/0/0.1] vlan-type dot1q 100 [CE1-GigabitEthernet1/0/0.1] ip address 30.1.1.1 255.255.255.0 [CE1-GigabitEthernet1/0/0.1] undo shutdown [CE1-GigabitEthernet1/0/0.1] quit
# Configure CE2.
<Quidway> system-view [Quidway] sysname CE2 [CE2] interface atm 1/0/0 [CE2-Atm1/0/0] undo shutdown [CE2-Atm1/0/0] quit [CE2] interface atm 1/0/0.1 [CE2-Atm1/0/0.1] pvc 1/100 [CE2-atm-pvc-Atm1/0/0.1-1/100] map ip 30.1.1.1 broadcast [CE2-atm-pvc-Atm1/0/0.1-1/100] quit [CE2-Atm1/0/0.1] ip address 30.1.1.2 255.255.255.0 [CE2-Atm1/0/0.1] undo shutdown [CE2-Atm1/0/0.1] quit
# Configure PE.
<Quidway> system-view [Quidway] sysname PE [PE] interface gigabitethernet 1/0/0 [PE-GigabitEthernet1/0/0] undo shutdown [PE-GigabitEthernet1/0/0] quit [PE] interface gigabitethernet 1/0/0.1 [PE-GigabitEthernet1/0/0.1] vlan-type dot1q 100 [PE-GigabitEthernet1/0/0.1] undo shutdown [PE-GigabitEthernet1/0/0.1] quit
5-98
Issue 03 (2008-09-22)
5 VLL Configuration
2.
Configure L2VPN IP-interworking. # Configure the basic MPLS capability on the PE.
[PE] interface loopback 1 [PE-LoopBack1] ip address 1.1.1.9 32 [PE-LoopBack1] quit [PE] mpls lsr-id 1.1.1.9 [PE] mpls [PE-mpls] quit
3.
Verify the configuration. After the configuration, run the display mpls l2vpn connection command on the PE. You can view that two local Kompella connections are established and the connection status is Up.
<PE> display mpls l2vpn connection 2 total connections, connections: 2 up, 0 down, 2 local, 0 remote, 0 unknown VPN name: vlantoatm, 2 total connections, connections: 2 up, 0 down, 2 local, 0 remote, 0 unknown CE name: ce1, id: 1, Rid type status peer-id route-distinguisher intf primary or not 2 loc up ----Atm2/0/0.1 primary CE name: ce2, id: 2, Rid type status peer-id route-distinguisher intf primary or not 1 loc up ----GigabitEthernet1/0/0.1 primary
Issue 03 (2008-09-22)
5-99
5 VLL Configuration
round-trip min/avg/max = 3/22/52 ms
Configuration Files
l
Configuration file of PE
# sysname PE # mpls lsr-id 1.1.1.9 mpls # mpls l2vpn # interface GigabitEthernet1/0/0 undo shutdown # interface GigabitEthernet1/0/0.1 undo shutdown vlan-type dot1q 100 local-ce ip 30.1.1.1 # interface Atm2/0/0 undo shutdown # interface Atm2/0/0.1 p2p undo shutdown pvc 1/100 map ip 30.1.1.2 broadcast # mpls l2vpn vlantoatm encapsulation ip-interworking route-distinguisher 100:1 ce ce1 id 1 range 10 default-offset 0 connection ce-offset 2 interface Atm2/0/0.1 ce ce2 id 2 range 10 default-offset 0 connection ce-offset 1 interface GigaibitEthernet1/0/0.1 # # interface LoopBack1 ip address 1.1.1.9 255.255.255.255 # return
5-100
Issue 03 (2008-09-22)
5 VLL Configuration
5.11.10 Example for Configuring VLL Internetworking (Interconnecting VLAN with PPP by Using the Remote Kompella Connection)
Networking Requirements
In Figure 5-15, CE1 and PE1 are connected through VLAN 10. Packets are encapsulated with PPP on CE2 and PE2.CE1 and CE2 are required to communicate through the MPLS L2VPN interworking by using the remote Kompella connection. PE1, P, and PE2 belong to AS 100, and the P does not support MPLS.GRE tunnels are established between the PEs; thus, CE1 and CE2 can communicate on Layer 2. Figure 5-15 Networking diagram of VLL interworking - VLAN interworking with PPP by using the remote Kompella connection
Loopback1 1.1.1.9/32 Loopback1 2.2.2.9/32 Loopback1 3.3.3.9/32
PE 1
PE 2 POS 2/0/0
GE1/0/0.1 30.1.1.1/24
CE 1
CE 2
Configuration Roadmap
The configuration roadmap is as follows: 1. 2. Configure routing protocols on the PEs and the P in the backbone network. Establish GRE tunnels on the PEs, with the Loopback 1 address of the local PE as the source address of the tunnel and the Loopback 1 address of the peer PE as the destination address of the tunnel. Create a tunnel policy on the PEs, create GRE tunnels between the PEs, and set the number of tunnels participating in load balancing to 1. Enable L2VPN on the PEs and configure L2VPN in Kompella mode.
3. 4.
Data Preparation
To complete the configuration, you need the following data:
l l l
Name of the tunnel policy AS number of BGP VPN instance name, route distinguisher, and VPN target
Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd. 5-101
Issue 03 (2008-09-22)
5 VLL Configuration
l
Configuration Procedure
1. Configure the CEs to access the PEs. # Configure CE1.
<CE1> system-view [CE1] interface gigabitethernet 1/0/0 [CE1-GigabitEthernet1/0/0] undo shutdown [CE1-GigabitEthernet1/0/0] quit [CE1] interface gigabitethernet 1/0/0.1 [CE1-GigabitEthernet1/0/0.1] vlan-type dot1q 10 [CE1-GigabitEthernet1/0/0.1] ip address 30.1.1.1 24 [CE1-GigabitEthernet1/0/0.1] undo shutdown [CE1-GigabitEthernet1/0/0.1] quit
# Configure PE1.
<PE1> system-view [PE1] interface gigabitethernet 1/0/0 [PE1-GigabitEthernet1/0/0] undo shutdown [PE1-GigabitEthernet1/0/0] quit [PE1] interface gigabitethernet 1/0/0.1 [PE1-GigabitEthernet1/0/0.1] vlan-type dot1q 10 [PE1-GigabitEthernet1/0/0.1] local-ce ip 30.1.1.1 [PE1-GigabitEthernet1/0/0.1] undo shutdown [PE1-GigabitEthernet1/0/0.1] quit
# Configure PE2.
<PE2> system-view [PE2] interface pos 2/0/0 [PE2-Pos2/0/0] ip address ppp-negotiate [PE2-Pos2/0/0] mtu 1500 [PE2-Pos2/0/0] undo shutdown [PE2-Pos2/0/0] quit
NOTE
For PE2, the local AC is a POS link running PPP, with the default MTU as 4470; the remote AC is an Ethernet link, with the default MTU as 1500. If PEs fail to negotiate the MTU because the MTUs of the ACs on the two ends are different, the VC cannot be established normally. You need to set the MTUs of the ACs on the two ends to be the same (1500).
# Configure CE2.
<CE2> system-view [CE2] interface pos 1/0/0 [CE2-Pos1/0/0] ip address 30.1.1.2 24 [CE2-Pos1/0/0] remote address 30.1.1.6 [CE2-Pos1/0/0] mtu 1500 [CE2-Pos1/0/0] shutdown [CE2-Pos1/0/0] undo shutdown [CE2-Pos1/0/0] quit
NOTE
You are recommended to set the MTU of CE1 and the MTU of PE1 to be the same to avoid the negotiation during forwarding.
2.
Configure IGP on the MPLS backbone network. OSPF is used as IGP in this example. When configuring OSPF, advertise the 32-bit loopback interface addresses of the PEs and the P, which are used as the LSR IDs. # Configure PE1.
<PE1> system-view [PE1] interface loopback 1 [PE1-LoopBack1] ip address 1.1.1.9 32 [PE1-LoopBack1] quit
5-102
Issue 03 (2008-09-22)
5 VLL Configuration
# Configure P.
<P> system-view [P] interface loopback 1 [P-LoopBack1] ip address 2.2.2.9 32 [P-LoopBack1] quit [P] interface pos 1/0/0 [P-Pos1/0/0] ip address 168.1.1.2 24 [P-Pos1/0/0] undo shutdown [P-Pos1/0/0] quit [P] interface pos 2/0/0 [P-Pos2/0/0] ip address 169.1.1.1 24 [P-Pos2/0/0] undo shutdown [P-Pos2/0/0] quit [P] ospf [P-ospf-1] area 0 [P-ospf-1-area-0.0.0.0] network 2.2.2.9 0.0.0.0 [P-ospf-1-area-0.0.0.0] network 168.1.1.0 0.0.0.255 [P-ospf-1-area-0.0.0.0] network 169.1.1.0 0.0.0.255 [P-ospf-1-area-0.0.0.0] quit [P-ospf-1] quit
# Configure PE2.
<PE2> system-view [PE2] interface loopback 1 [PE2-LoopBack1] ip address 3.3.3.9 32 [PE2-LoopBack1] quit [PE2] interface pos 1/0/0 [PE2-Pos1/0/0] ip address 169.1.1.2 24 [PE2-Pos1/0/0] undo shutdown [PE2-Pos1/0/0] quit [PE2] ospf [PE2-ospf-1] area 0 [PE2-ospf-1-area-0.0.0.0] network 3.3.3.9 0.0.0.0 [PE2-ospf-1-area-0.0.0.0] network 169.1.1.0 0.0.0.255 [PE2-ospf-1-area-0.0.0.0] quit [PE2-ospf-1] quit
After the configuration, run the display ip routing-table command on each LSR. You can view that the LSRs have learnt the routes of the LSR IDs from each other. Take the display on PE1 as an example:
<PE1> display ip routing-table Route Flags: R - relied, D - download to fib -----------------------------------------------------------------------------Routing Tables: Public Destinations : 9 Routes : 9 Destination/Mask Proto Pre Cost Flags NextHop Interface 1.1.1.9/32 Direct 0 0 D 127.0.0.1 InLoopBack0 2.2.2.9/32 OSPF 10 2 D 168.1.1.2 Pos2/0/0 3.3.3.9/32 OSPF 10 3 D 168.1.1.2 Pos2/0/0 127.0.0.0/8 Direct 0 0 D 127.0.0.1 InLoopBack0 127.0.0.1/32 Direct 0 0 D 127.0.0.1 InLoopBack0 168.1.1.0/24 Direct 0 0 D 168.1.1.1 Pos2/0/0 168.1.1.1/32 Direct 0 0 D 127.0.0.1 InLoopBack0 168.1.1.2/32 Direct 0 0 D 168.1.1.2 Pos2/0/0 169.1.1.0/24 OSPF 10 2 D 168.1.1.2 Pos2/0/0
Issue 03 (2008-09-22)
5-103
5 VLL Configuration
Run the display ospf peer command. You can view that the OSPF neighbor relationship is established between the PEs and P and the status is FULL. Take the display on PE1 as an example:
<PE1> display ospf peer OSPF Process 1 with Router ID 1.1.1.9 Neighbors Area 0.0.0.0 interface 168.1.1.1(Pos2/0/0)'s neighbors Router ID: 2.2.2.9 Address: 168.1.1.2 GR State: Normal State: Full Mode:Nbr is Master Priority: 1 DR: None BDR: None MTU: 0 Dead timer due in 35 sec Neighbor is up for 00:04:59 Authentication Sequence: [ 0 ]
3.
# Configure PE2.
[PE2] mpls lsr-id 3.3.3.9 [PE2] mpls [PE2-mpls] quit
4.
# Configure PE2.
<PE2> system-view [PE2] interface loopback 10 [PE2-LoopBack10] ip address 3.3.3.3 32 [PE2-LoopBack10] target-board 3 [PE2-LoopBack10] binding tunnel gre [PE2-LoopBack10] quit [PE2] ospf [PE2-ospf-1] area 0 [PE2-ospf-1-area-0.0.0.0] network 3.3.3.3 0.0.0.0 [PE2-ospf-1-area-0.0.0.0] quit [PE2-ospf-1] quit [PE2] interface tunnel 3/0/0 [PE2-Tunnel3/0/0] tunnel-protocol gre [PE2-Tunnel3/0/0] source loopback 10 [PE2-Tunnel3/0/0] destination 1.1.1.1 [PE2-Tunnel3/0/0] ip address 40.1.1.2 24 [PE2-Tunnel3/0/0] quit
After the configuration, two tunnel interfaces become Up. Take the display on PE1 as an example:
5-104 Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd. Issue 03 (2008-09-22)
5 VLL Configuration
[PE1-Tunnel3/0/0] display this interface Tunnel3/0/0 current state : UP Line protocol current state : UP Description : HUAWEI, Quidway Series, Tunnel3/0/0 Interface, Route Port The Maximum Transmit Unit is 1500 bytes Internet Address is 40.1.1.1/24 Encapsulation is TUNNEL, loopback not set Tunnel source 1.1.1.1 (LoopBack10), destination 3.3.3.3 Tunnel protocol/transport GRE/IP, key disabled keepalive disabled Checksumming of packets disabled QoS max-bandwidth : 64 Kbps 300 seconds input rate 0 bytes/sec, 0 packets/sec 300 seconds output rate 0 bytes/sec, 0 packets/sec 63 packets input, 6460 bytes 0 input error 153 packets output, 17316 bytes 15 output error
5.
# Configure PE2.
<PE2> system-view [PE2] tunnel-policy policy1 [PE2-tunnel-policy-policy1] tunnel select-seq gre load-balance-number 1 [PE2] quit
6.
# Configure PE2.
[PE2] mpls l2vpn [PE2] bgp 100 [PE2-bgp] peer 1.1.1.9 as-number 100 [PE2-bgp] peer 1.1.1.9 connect-interface loopback 1 [PE2-bgp] l2vpn-family [PE2-bgp-af-l2vpn] peer 1.1.1.9 enable [PE2-bgp-af-l2vpn] quit [PE2-bgp] quit
After the configuration, run the display bgp l2vpn peer command on PE1 and PE2. You can find that the peer relationship is established between PEs and the peer status is Established. Take the display on PE1 as an example:
<PE1> display bgp l2vpn peer BGP local router ID : 1.1.1.9 Local AS number : 100 Total number of peers : 1 Peer V AS MsgRcvd 3.3.3.9 4 100 2
MsgSent 4
7.
Create the L2VPN instances on the PEs and configure the CEs to access the L2VPN instances.
Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd. 5-105
Issue 03 (2008-09-22)
5 VLL Configuration
# Configure PE1.
[PE1] mpls l2vpn vpn1 encapsulation ip-interworking [PE1-mpls-l2vpn-vpn1] route-distinguisher 100:1 [PE1-mpls-l2vpn-vpn1] vpn-target 1:1 both [PE1-mpls-l2vpn-vpn1] ce ce1 id 1 range 10 [PE1-mpls-l2vpn-ce-vpn1-ce1] connection ce-offset 2 interface GigabitEthernet 1/0/0.1 tunnel-policy policy1 [PE1-mpls-l2vpn-ce-vpn1-ce1] quit [PE1-mpls-l2vpn-vpn1] quit
# Configure PE2.
[PE2] mpls l2vpn vpn1 encapsulation ip-interworking [PE2-mpls-l2vpn-vpn1] route-distinguisher 100:1 [PE2-mpls-l2vpn-vpn1] vpn-target 1:1 both [PE2-mpls-l2vpn-vpn1] ce ce2 id 2 range 10 [PE2-mpls-l2vpn-ce-vpn1-ce2] connection ce-offset 1 interface pos 2/0/0 tunnelpolicy policy1 [PE2-mpls-l2vpn-ce-vpn1-ce2] quit [PE2-mpls-l2vpn-vpn1] quit
8.
Verify the configuration. After the configuration, run the display mpls l2vpn connection command on the PEs. You can view that an L2VPN connection is established and the connection status is Up. Take the display on PE1 as an example:
<PE1> display mpls l2vpn connection 1 total connections, connections: 1 up, 0 down, 0 local, 1 remote, 0 unknown VPN name: vpn1, 1 total connections, connections: 1 up, 0 down, 0 local, 1 remote, 0 unknown CE name: ce1, id: 1, Rid type status peer-id route-distinguisher interface primary or not 2 rmt up 3.3.3.9 100:1 GigabitEthernet1/0/0.1 primary
Configuration Files
l
5-106
Issue 03 (2008-09-22)
5 VLL Configuration
Configuration file of P
Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd. 5-107
Issue 03 (2008-09-22)
5 VLL Configuration
# sysname P # interface Pos1/0/0 link-protocol ppp undo shutdown ip address 168.1.1.2 255.255.255.0 # interface Pos2/0/0 link-protocol ppp undo shutdown ip address 169.1.1.1 255.255.255.0 # interface LoopBack1 ip address 2.2.2.9 255.255.255.255 # ospf 1 area 0.0.0.0 network 2.2.2.9 0.0.0.0 network 168.1.1.0 0.0.0.255 network 169.1.1.0 0.0.0.255 # return l
5-108
Issue 03 (2008-09-22)
5 VLL Configuration
l l
The processing for IP-interworking enabled interface is similar on Martini connection and Kompella connection. The following takes the Martini configuration for example. The configuration examples in this section assume that L2VPN is globally enabled on PE and the relevant configurations are omitted here.
Networking requirements The CE accesses PE through PPP and assigns IP addresses to PE. The LDP session between the local PE and remote PE must be already established. Figure 5-16 Networking diagram of PPP between CE and PE
CE
PPP POS 1/0/0 163.1.1.1/24 POS 1/0/0 163.1.1.2/24 LSR ID: 4.4.4.4
PE1
PE2
Issue 03 (2008-09-22)
5-109
5 VLL Configuration
[CE-Pos1/0/0] undo shutdown [CE-Pos1/0/0] quit
# Configure PE1.
[PE1] interface pos 1/0/0 [PE1-Pos1/0/0] link-protocol ppp [PE1-Pos1/0/0] ip address ppp-negotiate [PE1-Pos1/0/0] mtu 1500 [PE1-Pos1/0/0] mpls l2vc 5.5.5.5 1000 ip-interworking [PE1-Pos1/0/0] undo shutdown [PE1-Pos1/0/0] quit
NOTE
For a PPP link, you need to configure an IP address for the PE interface connected to the CE, the AC link can thus be negotiated through IPCP. If the PE interface connected to the CE does not have an IP address, the negotiation fails and the link layer is unavailable. You can configure the IP address on the PE manually. Alternatively, you can run the ip address ppp-negotiate command on the PE interface connected to the CE or the remote-address command on the CE interface connected to the PE, and then the CE assigns an IP address to the PE.
If the L2VPN interface in IP interworking mode works normally, you can view the following information:
L2VPN interworking connection of the main PW is up L2VPN interworking connection of the second PW is down L2VPN input: 0 packets, 0 discards output: 0 packets, 0 discards
If a POS link is adopted, the MTU of 1500 bytes is recommended. The default value of MTU on a POS link is 4470 bytes that may be too big for some links of the MPLS network.
5-110
Issue 03 (2008-09-22)
5 VLL Configuration
PE1
PE2
# Configure PE.
[PE] interface atm 1/0/0 [PE-Atm1/0/0] pvc 1/500 [PE-atm-pvc-Atm1/0/0-1/500] map ip inarp broadcast [PE-atm-pvc-Atm1/0/0-1/500] quit [PE-Atm1/0/0] ip address 100.1.1.2 255.255.255.0 [PE-Atm1/0/0] mpls l2vc 5.5.5.5 333 ip-interworking [PE-Atm1/0/0] undo shutdown [PE-Atm1/0/0] quit
NOTE
l l
When using L2VPN IP interworking, you need to configure the IPoA mapping on the PVC. The AAL5 encapsulation type of PVC can be aal5snap, InARP supported.
Networking requirements As shown in Figure 5-18, CE accesses PE through ATM. The sub-interface is used for the interworking access with the precondition that the primary interface works normally.
NOTE
L2VPN does not support P2MP. Thus, to create the MPLS L2VC on an ATM sub-interface, configure a P2P ATM sub-interface.
PE1
PE2
Issue 03 (2008-09-22)
5-111
5 VLL Configuration
# Configure PE.
[PE] interface atm 1/0/0 [PE-Atm1/0/0] undo shutdown [PE-Atm1/0/0] quit [PE] interface atm 1/0/0.1 p2p [PE-Atm1/0/0.1] pvc 1/105 [PE-atm-pvc-Atm1/0/0.1-1/105] map ip 105.1.1.1 broadcast [PE-atm-pvc-Atm1/0/0.1-1/105] quit [PE-Atm1/0/0.1] mpls l2vc 5.5.5.5 1000 ip-interworking [PE-Atm1/0/0.1] undo shutdown [PE-Atm1/0/0.1] quit
# Configure PE.
[PE] interface atm 1/0/0 [PE-Atm1/0/0] undo shutdown [PE-Atm1/0/0] quit [PE] interface atm 1/0/0.1 p2p [PE-Atm1/0/0.1] pvc 1/103 [PE-atm-pvc-Atm1/0/0.1-1/103] map ip inarp [PE-atm-pvc-Atm1/0/0.1-1/103] quit [PE-Atm1/0/0.1] ip address 105.1.1.2 255.255.255.0 [PE-Atm1/0/0.1] mpls l2vc 5.5.5.5 1000 ip-interworking [PE-Atm1/0/0.1] undo shutdown [PE-Atm1/0/0.1] quit
NOTE
If the mapping is created dynamically through InARP, an IP address should be configured on PE. The IP address is that of the CE interface connected to the remote PE.
5-112
Issue 03 (2008-09-22)
5 VLL Configuration
Figure 5-19 Networking diagram of configuring the inter-AS Martini VLL Option A
MPLS backbone AS 100
Loopback0 1.1.1.9/32 POS2/0/0 10.1.1.1/24 Loopback0 2.2.2.9/32
PE1
ASBR -PE1
ASBR -PE2
PE2
POS1/0/0 100.1.1.1/24
POS1/0/0 100.1.1.2/24
CE1
CE2
Configuration Roadmap
The configuration roadmap is as follows: 1. 2. Run an IGP protocol on the MPLS backbone network so that the routers in the same AS can communicate. Configure the basic MPLS capability on the backbone network and establish dynamic LSPs between the PE and ASBR PE in the same AS. Establish a remote LDP session if the PE and ASBR PE are not directly connected. Establish an MPLS L2VC connection between the PE and ASBR PE in the same AS.
3.
Data Preparation
To complete the configuration, you need the following data:
l l l l
Data needed for configuring IS-IS IP address of the remote peer MPLS LSR IDs on PEs and ASBR PEs L2VC IDs
NOTE
The PE interfaces connected to the CEs need not be configured with IP addresses because the VLL is an emulated Layer 2 service.
Configuration Procedure
1. Configure IGP on the MPLS backbone network. The PEs and ASBR PEs on the backbone network can communicate by using IGP. In this example, IS-IS is used as IGP and the configuration details are not mentioned.
Issue 03 (2008-09-22) Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd. 5-113
5 VLL Configuration
After the configuration, the IS-IS neighbor relationship is established between the ASBR PEs and PEs in the same AS. Run the display isis peer command. You can view that the status of IS-IS neighbors is Up, and the PEs can learn loopback addresses from each other. Take the display on PE1 as an example:
<PE1> display isis peer System Id 0000.0000.0002 -Peer information for ISIS(1) ---------------------------Interface Circuit Id State HoldTime Type Pos2/0/0 0000000001 Up 21s L1L2 PRI
The ASBR PEs and PEs in the same AS can ping through each other. Take the display on PE1 as an example:
<PE1> ping 2.2.2.9 PING 2.2.2.9: 56 data bytes, press CTRL_C to break Reply from 2.2.2.9: bytes=56 Sequence=1 ttl=255 time=180 ms Reply from 2.2.2.9: bytes=56 Sequence=2 ttl=255 time=90 ms Reply from 2.2.2.9: bytes=56 Sequence=3 ttl=255 time=60 ms Reply from 2.2.2.9: bytes=56 Sequence=4 ttl=255 time=60 ms Reply from 2.2.2.9: bytes=56 Sequence=5 ttl=255 time=100 ms --- 2.2.2.9 ping statistics --5 packet(s) transmitted 5 packet(s) received 0.00% packet loss round-trip min/avg/max = 60/98/180 ms
2.
Enable MPLS and configure dynamic LSPs. Configure the basic MPLS capability on the MPLS backbone network. Establish a dynamic LDP LSP between the PE and ASBR PE in the same AS. After this step, an LSP tunnel is established between the PE and ASBR PE in the same AS. Take the display on ASBR-PE1 as an example:
<ASBR-PE1> display mpls ldp session LDP Session(s) in Public Network -----------------------------------------------------------------------------Peer-ID Status LAM SsnRole SsnAge KA-Sent/Rcv -----------------------------------------------------------------------------1.1.1.9:0 Operational DU Active 000:00:19 79/79 -----------------------------------------------------------------------------TOTAL: 1 session(s) Found. LAM : Label Advertisement Mode SsnAge Unit : DDD:HH:MM
3.
Configure the MPLS L2VPN connection. Configure the L2VC connection on the PEs and ASBR PEs and connect the CEs to the PEs. # Configure PE1.
[PE1] mpls l2vpn [PE1-l2vpn] mpls l2vpn default martini [PE1-l2vpn] quit [PE1] interface pos1/0/0 [PE1-Pos1/0/0] mpls l2vc 2.2.2.9 100 [PE1-Pos1/0/0] undo shutdown [PE1-Pos1/0/0] quit
# Configure ASBR-PE1.
[ASBR-PE1] mpls l2vpn [ASBR-PE1-l2vpn] mpls l2vpn default martini [ASBR-PE1-l2vpn] quit [ASBR-PE1] interface pos2/0/0 [ASBR-PE1-Pos2/0/0] mpls l2vc 1.1.1.9 100
5-114
Issue 03 (2008-09-22)
5 VLL Configuration
# Configure ASBR-PE2.
[ASBR-PE2] mpls l2vpn [ASBR-PE2-l2vpn] mpls l2vpn default martini [ASBR-PE2-l2vpn] quit [ASBR-PE2] interface pos1/0/0 [ASBR-PE2-Pos1/0/0] mpls l2vc 4.4.4.9 100 [ASBR-PE2-Pos1/0/0] undo shutdown [ASBR-PE2-Pos1/0/0] quit
# Configure PE2.
[PE2] mpls l2vpn [PE2-l2vpn] mpls l2vpn default martini [PE2-l2vpn] quit [PE2] interface pos2/0/0 [PE2-Pos2/0/0] mpls l2vc 3.3.3.9 100 [PE2-Pos2/0/0] undo shutdown [PE2-Pos2/0/0] quit
# Configure CE1.
[CE1] interface pos1/0/0 [CE1-Pos1/0/0] ip address 100.1.1.1 255.255.255.0 [CE1-Pos1/0/0] undo shutdown [CE1-Pos1/0/0] quit
# Configure CE2.
[CE2] interface pos1/0/0 [CE2-Pos1/0/0] ip address 100.1.1.2 255.255.255.0 [CE2-Pos1/0/0] undo shutdown [CE2-Pos1/0/0] quit
4.
Verify the configuration. Check information about the L2VPN connection on the PEs. You can view that an L2VC is established and the VC status is Up. Take the display on PE1 as an example:
<PE1> display mpls l2vc interface pos 1/0/0 *client interface : Posl1/0/0 is up session state : up AC state : up VC state : up VC ID : 100 VC type : PPP destination : 2.2.2.9 local group ID : 0 remote local VC label : 21505 remote local AC OAM State : up local PSN State : up local forwarding state : forwarding remote AC OAM state : up remote PSN state : up remote forwarding state: forwarding BFD for PW : disable manual fault : not set active state : active forwarding entry : exist link state : up local VC MTU : 1500 remote local VCCV : Disable remote VCCV : Disable local fragmentantion : disable remote local control word : disable remote tunnel policy : -traffic behavior : -PW template name : -primary or secondary : primary
group ID VC label
: 0 : 21505
VC MTU
: 1500
Issue 03 (2008-09-22)
5-115
5 VLL Configuration
CE1 and CE2 can ping through each other. Take the display on CE1 as an example:
<CE1> ping 100.1.1.2 PING 100.1.1.2: 56 data bytes, press CTRL_C to break Reply from 100.1.1.2: bytes=56 Sequence=1 ttl=255 time=172 Reply from 100.1.1.2: bytes=56 Sequence=2 ttl=255 time=156 Reply from 100.1.1.2: bytes=56 Sequence=3 ttl=255 time=156 Reply from 100.1.1.2: bytes=56 Sequence=4 ttl=255 time=156 Reply from 100.1.1.2: bytes=56 Sequence=5 ttl=255 time=156 --- 100.1.1.2 ping statistics --5 packet(s) transmitted 5 packet(s) received 0.00% packet loss round-trip min/avg/max = 156/159/172 ms ms ms ms ms ms
Configuration Files
l
5-116
Issue 03 (2008-09-22)
5 VLL Configuration
Issue 03 (2008-09-22)
5-117
5 VLL Configuration
l
5-118
5 VLL Configuration
return
PE1
ASBR -PE1
ASBR -PE2
PE2
POS1/0/0 100.1.1.1/24
POS1/0/0 100.1.1.2/24
CE1
CE2
Configuration Roadmap
The configuration roadmap is as follows: 1. 2. 3. 4. 5.
Issue 03 (2008-09-22)
Run an IGP protocol on the MPLS backbone network so that the routers in the same AS can communicate. Enable MPLS on the backbone network and establish dynamic LSP tunnels between the PEs and ASBR PEs. Establish IBGP peers between the PEs and ASBR PEs in the same AS and EBGP peers between the ASBR PEs. Configure a routing policy and enable the labeled route function on the ASBR PEs. Establish MPLS LDP remote peers between PE1 and PE2.
Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd. 5-119
5 VLL Configuration
6.
Data Preparation
To complete the configuration, you need the following data:
l l l
Data needed for configuring IS-IS IP addresses of remote peers (IP addresses of the loopback interfaces on the remote peers) MPLS LSR IDs of the PEs and ASBR PEs (IP addresses of the loopback interfaces on the local device) L2VC IDs Routing policy applied to the ASBR PEs IP addresses of the CE interfaces through which the CEs access the PEs
NOTE
l l l
IP addresses of the PE interfaces through which the PEs access the CEs need not be configured.
Configuration Procedure
1. Configure IGP on the MPLS backbone network. The PEs and ASBR PEs on the backbone network can communicate by using IGP. IS-IS is used as IGP in this example. The configuration details are not mentioned here. Note that IS-IS must be enabled on Loopback0. After the configuration, IS-IS peers are established between the ASBR PEs and PEs in the same AS. Run the display isis peer command. You can view that the status of the peers is Up, and the ASBR PEs and PEs can learn the loopback addresses of each other. Take the display on PE1 as an example:
<PE1> display isis peer Peer information for ISIS(1) ---------------------------System Id Interface Circuit Id State HoldTime Type PRI 0000.0000.0002 P2/0/0 001 Up 23s L1L2 -<PE1> display ip routing-table Route Flags: R - relied, D - download to fib -----------------------------------------------------------------------------Routing Tables: Public Destinations : 7 Routes : 7 Destination/Mask Proto Pre Cost Flags NextHop Interface 1.1.1.9/32 Direct 0 0 D 127.0.0.1 InLoopBack0 2.2.2.9/32 ISIS 15 10 D 10.1.1.2 Pos2/0/0 10.1.1.0/24 Direct 0 0 D 10.1.1.1 Pos2/0/0 10.1.1.1/32 Direct 0 0 D 127.0.0.1 InLoopBack0 10.1.1.2/32 Direct 0 0 D 10.1.1.2 Pos2/0/0 127.0.0.0/8 Direct 0 0 D 127.0.0.1 InLoopBack0 127.0.0.1/32 Direct 0 0 D 127.0.0.1 InLoopBack0
The ASBR PEs and PEs in the same AS can ping the Loopback0 address of each other. Take the display on ASBR-PE1 as an example:
<ASBR-PE1> ping 1.1.1.9 PING 1.1.1.9: 56 data bytes, press CTRL_C to break Reply from 1.1.1.9: bytes=56 Sequence=1 ttl=255 time=47 Reply from 1.1.1.9: bytes=56 Sequence=2 ttl=255 time=31 Reply from 1.1.1.9: bytes=56 Sequence=3 ttl=255 time=31 Reply from 1.1.1.9: bytes=56 Sequence=4 ttl=255 time=31 Reply from 1.1.1.9: bytes=56 Sequence=5 ttl=255 time=31 --- 1.1.1.9 ping statistics --ms ms ms ms ms
5-120
Issue 03 (2008-09-22)
5 VLL Configuration
2.
Enable MPLS and establish tunnels. Enable MPLS and establish LDP LSPs on the ASBR PEs and PEs in the same AS. The configuration details are not mentioned here. After the configuration, LDP peers are established between the PEs and ASBR PEs in the same AS. Run the display mpls ldp session command on each device. You can view that the session status is Operational. Take the display on PE1 as an example:
[PE1] display mpls ldp session LDP Session(s) in Public Network --------------------------------------------------------------------Peer-ID Status LAM SsnRole SsnAge KA-Sent/Rcv ---------------------------------------------------------------------2.2.2.9:0 Operational DU Passive 000:00:00 2/2 ---------------------------------------------------------------------TOTAL: 1 session(s) Found. LAM : Label Advertisement Mode SsnAge Unit : DDD:HH:MM
3.
Configure MP-BGP. Configure MP-IBGP between PE1 and ASBR-PE1, and between PE2 and ASBR-PE2. Configure MP-IBGP between ASBR-PE1 and ASBR-PE2. Note that the Loopback0 route of the PE in the local AS must be advertised to the peer ASBR PE. # Configure PE1.
[PE1] bgp [PE1-bgp] [PE1-bgp] [PE1-bgp] [PE1-bgp] 100 peer 2.2.2.9 as-number 100 peer 2.2.2.9 label-route-capability peer 2.2.2.9 connect-interface LoopBack0 quit
# Configure ASBR-PE1. For the routes received from the PE in the same AS and advertised to the peer ASBR PE, the ASBR PE allocates MPLS labels to the routes. For the labeled IPv4 routes advertised to the PE in the same AS, the ASBR PE allocates new MPLS labels to the routes.
[ASBR-PE1] interface pos 2/0/0 [ASBR-PE1-Pos2/0/0] mpls [ASBR-PE1-Pos2/0/0] undo shutdown [ASBR-PE1-Pos2/0/0] quit [ASBR-PE1] route-policy policy1 permit node 1 [ASBR-PE1-route-policy] if-match mpls-label [ASBR-PE1-route-policy] apply mpls-label [ASBR-PE1-route-policy] quit [ASBR-PE1] route-policy policy2 permit node 1 [ASBR-PE1-route-policy] apply mpls-label [ASBR-PE1-route-policy] quit [ASBR-PE1] bgp 100 [ASBR-PE1-bgp] network 1.1.1.9 32 [ASBR-PE1-bgp] peer 1.1.1.9 as-number 100 [ASBR-PE1-bgp] peer 1.1.1.9 route-policy policy1 export [ASBR-PE1-bgp] peer 1.1.1.9 label-route-capability [ASBR-PE1-bgp] peer 1.1.1.9 connect-interface loopback0 [ASBR-PE1-bgp] peer 20.1.1.2 as-number 200 [ASBR-PE1-bgp] peer 20.1.1.2 route-policy policy2 export [ASBR-PE1-bgp] peer 20.1.1.2 label-route-capability [ASBR-PE1-bgp] quit
# Configure ASBR-PE2.
Issue 03 (2008-09-22) Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd. 5-121
5 VLL Configuration
For the routes received from the PE in the same AS and advertised to the peer ASBR PE, the ASBR PE allocates MPLS labels to the routes. For the labeled IPv4 routes advertised to the PE in the same AS, the ASBR PE allocates new MPLS labels to the routes.
[ASBR-PE2] interface pos 1/0/0 [ASBR-PE2-Pos1/0/0] mpls [ASBR-PE2-Pos1/0/0] undo shutdown [ASBR-PE2-Pos1/0/0] quit [ASBR-PE2] route-policy policy1 permit node 1 [ASBR-PE2-route-policy] if-match mpls-label [ASBR-PE2-route-policy] apply mpls-label [ASBR-PE2-route-policy] quit [ASBR-PE2] route-policy policy2 permit node 1 [ASBR-PE2-route-policy] apply mpls-label [ASBR-PE2-route-policy] quit [ASBR-PE2] bgp 200 [ASBR-PE2-bgp] network 4.4.4.9 32 [ASBR-PE2-bgp] peer 20.1.1.1 as-number 100 [ASBR-PE2-bgp] peer 20.1.1.1 route-policy policy2 export [ASBR-PE2-bgp] peer 20.1.1.1 label-route-capability [ASBR-PE2-bgp] peer 4.4.4.9 as-number 200 [ASBR-PE2-bgp] peer 4.4.4.9 route-policy policy1 export [ASBR-PE2-bgp] peer 4.4.4.9 label-route-capability [ASBR-PE2-bgp] peer 4.4.4.9 connect-interface loopback0 [ASBR-PE2-bgp] quit
# Configure PE2.
[PE2] bgp [PE2-bgp] [PE2-bgp] [PE2-bgp] [PE2-bgp] 200 peer 3.3.3.9 as-number 200 peer 3.3.3.9 label-route-capability peer 3.3.3.9 connect-interface loopback0 quit
After the configuration, run the display bgp peer command on the ASBRs. You can view that the status of the IBGP sessions between the PEs and ASBR PEs in the same AS and the status of the EBGP sessions between the ASBR PEs are Established. Take the display on ASBR-PE1 as an example:
[ASBR-PE1] display bgp peer BGP local router ID : 2.2.2.9 Local AS number : 100 Total number of peers : 2 Peers in established state : 2 Peer V AS MsgRcvd MsgSent OutQ Up/Down State PrefRcv 1.1.1.9 4 100 111 128 0 00:34:24 Established 0 20.1.1.2 4 200 75 89 0 00:38:40 Established 1
4.
Establish remote LDP sessions between PE1 and PE2. # Configure PE1.
[PE1] mpls ldp remote-peer 4.4.4.9 [PE1-mpls-ldp-remote-4.4.4.9] remote-ip 4.4.4.9 [PE1-mpls-ldp-remote-4.4.4.9] quit
# Configure PE2.
[PE2] mpls ldp remote-peer 1.1.1.9 [PE2-mpls-ldp-remote-1.1.1.9] remote-ip 1.1.1.9 [PE2-mpls-ldp-remote-1.1.1.9] quit
After the configuration, LDP peers are established between the PEs and ASBRs in different ASs. Run the display mpls ldp session command on each PE. You can view that the session status is Operational. Take the display on PE1 as an example:
<PE1> display mpls ldp session LDP Session(s) in Public Network -----------------------------------------------------------------------------Peer-ID Status LAM SsnRole SsnAge KA-Sent/Rcv
5-122
Issue 03 (2008-09-22)
5 VLL Configuration
-----------------------------------------------------------------------------2.2.2.9:0 Operational DU Passive 000:00:21 87/87 4.4.4.9:0 Operational DU Passive 000:00:18 75/75 -----------------------------------------------------------------------------TOTAL: 2 session(s) Found. LAM : Label Advertisement Mode SsnAge Unit : DDD:HH:MM
5.
Configure L2VPN connections. Configure L2VPN connections on the PEs and connect the CEs to the PEs. # Configure PE1.
[PE1] mpls l2vpn [PE1-l2vpn] mpls l2vpn default martini [PE1-l2vpn] quit [PE1] interface pos 1/0/0 [PE1-Pos1/0/0] mpls l2vc 4.4.4.9 100 [PE1-Pos1/0/0] undo shutdown [PE1-Pos1/0/0] quit
# Configure PE2.
[PE2] mpls l2vpn [PE2-l2vpn] mpls l2vpn default martini [PE2-l2vpn] quit [PE2] interface pos 2/0/0 [PE2-Pos2/0/0] mpls l2vc 1.1.1.9 100 [PE2-Pos2/0/0] undo shutdown [PE2-Pos2/0/0] quit
# Configure CE1.
[CE1] interface pos 1/0/0 [CE1-Pos1/0/0] ip address 100.1.1.1 255.255.255.0 [CE1-Pos1/0/0] undo shutdown [CE1-Pos1/0/0] quit
# Configure CE2.
[CE2] interface pos 1/0/0 [CE2-Pos1/0/0] ip address 100.1.1.2 255.255.255.0 [CE2-Pos1/0/0] undo shutdown [CE2-Pos1/0/0] quit
6.
Verify the configuration. Check information about the L2VPN connection on the PEs. You can view that an L2VC is established and the VC status is Up. Take the display on PE1 as an example:
<PE1> display mpls l2vc interface pos 1/0/0 *client interface : Pos1/0/0 is up session state : up AC state : up VC state : up VC ID : 100 VC type : PPP destination : 4.4.4.9 local group ID : 0 remote group ID local VC label : 21504 remote VC label local AC OAM State : up local PSN State : up local forwarding state : forwarding remote AC OAM state : up remote PSN state : up remote forwarding state: forwarding BFD for PW : disable manual fault : not set active state : active forwarding entry : exist link state : up
: 0 : 21504
Issue 03 (2008-09-22)
5-123
5 VLL Configuration
local VC MTU local VCCV remote VCCV local fragmentantion local control word tunnel policy traffic behavior PW template name primary or secondary VC tunnel/token info NO.0 TNL type : lsp create time up time last change time : : : : : : : : : :
After the configuration, CE1 has the route to CE2, and CE2 has the route to CE1. Take the display on CE1 as an example:
<CE1> display ip routing-table Route Flags: R - relied, D - download to fib -----------------------------------------------------------------------------Routing Tables: Public Destinations : 5 Routes : 5 Destination/Mask Proto Pre Cost Flags NextHop Interface 100.1.1.0/24 Direct 0 0 D 100.1.1.1 Pos1/0/0 100.1.1.1/32 Direct 0 0 D 127.0.0.1 InLoopBack0 100.1.1.2/32 Direct 0 0 D 100.1.1.2 Pos1/0/0 127.0.0.0/8 Direct 0 0 D 127.0.0.1 InLoopBack0 127.0.0.1/32 Direct 0 0 D 127.0.0.1 InLoopBack0
Configuration Files
l
5-124
Issue 03 (2008-09-22)
5 VLL Configuration
Issue 03 (2008-09-22)
5-125
5 VLL Configuration
ipv4-family unicast undo synchronization network 1.1.1.9 255.255.255.255 peer 20.1.1.2 enable peer 20.1.1.2 route-policy policy2 export peer 20.1.1.2 label-route-capability peer 1.1.1.9 enable peer 1.1.1.9 route-policy policy1 export peer 1.1.1.9 label-route-capability # route-policy policy1 permit node 1 if-match mpls-label apply mpls-label # route-policy policy2 permit node 1 apply mpls-label # return l
5-126
Issue 03 (2008-09-22)
5 VLL Configuration
Issue 03 (2008-09-22)
5-127
5 VLL Configuration
Networking Requirements
As shown in Figure 5-21, routers in the MPLS backbone network use OSPF as IGP to realize the communication between the routers in the same AS. The Option A scheme is adopted to establish the inter-AS Kompella VLL. The peer AS is regarded as the CE. Figure 5-21 Networking diagram of configuring the inter-AS Kompella VLL Option A
BGP/MPLS Backbone AS 100
Loopback1 1.1.1.1/32 POS2/0/0 20.1.1.1/30 Loopback1 2.2.2.2/32
POS2/0/0
PE1
ASBR -PE2
PE2
POS1/0/0 10.1.1.1/24
POS1/0/0 10.1.1.2/24
CE1
CE2
Configuration Roadmap
The configuration roadmap is as follows: 1. 2. 3. 4. Run an IGP protocol on the MPLS backbone network so that the routers in the same AS can communicate. Enable MPLS on the backbone network and establish a dynamic LSP tunnel between the PE and ASBR PE. Establish IBGP peers between the PEs and ASBR PEs in the same AS. Establish the Kompella VLL connection between the PE and ASBR PE in the same AS.
Data Preparation
To complete the configuration, you need the following data:
l l l l
Data needed for configuring OSPF MPLS LSR IDs on the PEs and ASBR PEs VSI names, RDs, and VPN targets on the PEs and ASBR PEs CE connection names, CE IDs, CE range (by default, it is 10), default-offset (it can be 1 or 0; by default, it is 0)
NOTE
The PE interfaces connected to the CEs need not be configured with IP addresses because L2VPN is an emulated Layer 2 service.
5-128
Issue 03 (2008-09-22)
5 VLL Configuration
Configuration Procedure
1. Configure IGP on the MPLS backbone network. The PEs and ASBR PEs on the backbone network can communicate by using IGP. OSPF is used as IGP in this example. The configuration details are not mentioned here. Note that the Loopback1 address must be advertised to IBGP peers. The ASBR PEs and PEs in the same AS can learn the Loopback1 address of each other. Run the display ip routing-table command. You can view that the ASBR PEs and PEs learn the Loopback1 address of each other. Take the display on PE1 as an example:
<PE1> display ip routing-table Route Flags: R - relied, D - download to fib -----------------------------------------------------------------------------Routing Tables: Public Destinations : 7 Routes : 7 Destination/Mask Proto Pre Cost Flags NextHop Interface 1.1.1.1/32 Direct 0 0 D 127.0.0.1 InLoopBack0 2.2.2.2/32 OSPF 10 2 D 20.1.1.2 Pos2/0/0 20.1.1.0/30 Direct 0 0 D 20.1.1.1 Pos2/0/0 20.1.1.1/32 Direct 0 0 D 127.0.0.1 InLoopBack0 20.1.1.2/32 Direct 0 0 D 20.1.1.2 Pos2/0/0 127.0.0.0/8 Direct 0 0 D 127.0.0.1 InLoopBack0 127.0.0.1/32 Direct 0 0 D 127.0.0.1 InLoopBack0
The ASBR PEs and PEs in the same AS can ping the Loopback1 address of each other.
<PE1> ping 2.2.2.2 PING 2.2.2.2: 56 data bytes, press CTRL_C to break Reply from 2.2.2.2: bytes=56 Sequence=1 ttl=255 time=90 Reply from 2.2.2.2: bytes=56 Sequence=2 ttl=255 time=90 Reply from 2.2.2.2: bytes=56 Sequence=3 ttl=255 time=60 Reply from 2.2.2.2: bytes=56 Sequence=4 ttl=255 time=90 Reply from 2.2.2.2: bytes=56 Sequence=5 ttl=255 time=60 --- 2.2.2.2 ping statistics --5 packet(s) transmitted 5 packet(s) received 0.00% packet loss round-trip min/avg/max = 60/78/90 ms ms ms ms ms ms
2.
Enable MPLS and establish LSPs. Enable MPLS and establish LDP LSPs on the ASBR PEs and PEs in the same AS. The configuration details are not mentioned here. After the configuration, LDP peers are established between the PEs and ASBR PEs in the same AS. Run the display mpls ldp session command on each device. You can view that the session status is Operational. Take the display on PE1 as an example:
<PE1> display mpls ldp session LDP Session(s) in Public Network --------------------------------------------------------------------Peer-ID Status LAM SsnRole SsnAge KA-Sent/Rcv ---------------------------------------------------------------------2.2.2.2:0 Operational DU Passive 000:01:03 2/2 ---------------------------------------------------------------------TOTAL: 1 session(s) Found. LAM : Label Advertisement Mode SsnAge Unit : DDD:HH:MM
3.
Configure IBGP. Configure MP-IBGP between PE1 and ASBR-PE1, and between PE2 and ASBR-PE2. # Configure PE1.
[PE1] bgp 100
Issue 03 (2008-09-22)
5-129
5 VLL Configuration
# Configure ASBR-PE1.
[ASBR-PE1] bgp [ASBR-PE1-bgp] [ASBR-PE1-bgp] [ASBR-PE1-bgp] 100 peer 1.1.1.1 as-number 100 peer 1.1.1.1 connect-interface loopback 1 quit
# Configure ASBR-PE2.
[ASBR-PE2] bgp [ASBR-PE2-bgp] [ASBR-PE2-bgp] [ASBR-PE2-bgp] 200 peer 4.4.4.4 as-number 200 peer 4.4.4.4 connect-interface loopback 1 quit
# Configure PE2.
[PE2] bgp [PE2-bgp] [PE2-bgp] [PE2-bgp] 200 peer 3.3.3.3 as-number 200 peer 3.3.3.3 connect-interface loopback 1 quit
After the configuration, run the display bgp peer command. You can view that the status of the IBGP peer between the PE1 and ASBR PE in the same AS is Established. Take the display on PE1 as an example:
[PE1] display bgp peer BGP local router ID : 1.1.1.1 Local AS number : 100 Total number of peers : 1 Peer V AS MsgRcvd 2.2.2.2 4 100 2
MsgSent 3
4.
Enable BGP peers in the BGP L2VPN address family view. After BGP peers are enabled on the PEs and ASBR PEs in the BGP L2VPN address family view, L2VPN instance information can be exchanged between the PEs and ASBR PEs. # Configure PE1.
[PE1] bgp 100 [PE1-bgp] l2vpn-family [PE1-bgp-af-l2vpn] peer 2.2.2.2 enable
# Configure ASBR-PE1.
[ASBR-PE1] bgp 100 [ASBR-PE1-bgp] l2vpn-family [ASBR-PE1-bgp-af-l2vpn] peer 1.1.1.1 enable
# Configure ASBR-PE2.
[ASBR-PE2] bgp 200 [ASBR-PE2-bgp] l2vpn-family [ASBR-PE2-bgp-af-l2vpn] peer 4.4.4.4 enable
# Configure PE2.
[PE2] bgp 200 [PE2-bgp] l2vpn-family [PE2-bgp-af-l2vpn] peer 3.3.3.3 enable
5.
Establish Kompella L2VPN connections between the PEs. The configuration procedure is as follows:
l l l
Enable MPLS L2VPN on the PEs and ASBR PEs. Create a VPN instance and CE connection on PE1 and PE2. Configure IP addresses in the same network segment for the interfaces through which CE1 and CE2 access the PEs.
# Configure PE1.
5-130 Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd. Issue 03 (2008-09-22)
5 VLL Configuration
[PE1] mpls l2vpn [PE1-l2vpn] quit [PE1] mpls l2vpn vpn1 encapsulation ppp [PE1-mpls-l2vpn-vpn1] route-distinguisher 100:1 [PE1-mpls-l2vpn-vpn1] mtu 1500 [PE1-mpls-l2vpn-vpn1] vpn-target 1:1 both [PE1-mpls-l2vpn-vpn1] ce ce1 id 1 range 10 default-offset 0 [PE1-mpls-l2vpn-ce-vpn1-ce1] connection ce-offset 2 interface pos1/0/0 [PE1-mpls-l2vpn-ce-vpn1-ce1] quit [PE1-mpls-l2vpn-vpn1] quit [PE1] interface pos 1/0/0 [PE1-Pos1/0/0] undo shutdown [PE1-Pos1/0/0] quit
# Configure ASBR-PE1.
[ASBR-PE1] mpls l2vpn [ASBR-PE1-l2vpn] quit [ASBR-PE1] mpls l2vpn vpn1 encapsulation ppp [ASBR-PE1-mpls-l2vpn-vpn1] route-distinguisher 100:2 [ASBR-PE1-mpls-l2vpn-vpn1] mtu 1500 [ASBR-PE1-mpls-l2vpn-vpn1] vpn-target 1:1 both [ASBR-PE1-mpls-l2vpn-vpn1] ce ce2 id 2 range 10 default-offset 0 [ASBR-PE1-mpls-l2vpn-ce-vpn1-ce1] connection ce-offset 1 interface pos2/0/0 [ASBR-PE1-mpls-l2vpn-ce-vpn1-ce1] quit [ASBR-PE1-mpls-l2vpn-vpn1] quit [ASBR-PE1] interface pos 2/0/0 [ASBR-PE1-Pos2/0/0] undo shutdown [ASBR-PE1-Pos2/0/0] quit
# Configure ASBR-PE2.
[ASBR-PE2] mpls l2vpn [ASBR-PE2-l2vpn] quit [ASBR-PE2] mpls l2vpn vpn1 encapsulation ppp [ASBR-PE2-mpls-l2vpn-vpn1] route-distinguisher 200:1 [ASBR-PE2-mpls-l2vpn-vpn1] mtu 1500 [ASBR-PE2-mpls-l2vpn-vpn1] vpn-target 1:1 both [ASBR-PE2-mpls-l2vpn-vpn1] ce ce3 id 3 range 10 default-offset 0 [ASBR-PE2-mpls-l2vpn-ce-vpn1-ce1] connection ce-offset 4 interface pos1/0/0 [ASBR-PE2-mpls-l2vpn-ce-vpn1-ce1] quit [ASBR-PE2-mpls-l2vpn-vpn1] quit [ASBR-PE2] interface pos 1/0/0 [ASBR-PE2-Pos1/0/0] undo shutdown [ASBR-PE2-Pos1/0/0] quit
# Configure PE2.
[PE2] mpls l2vpn [PE2-l2vpn] quit [PE2] mpls l2vpn vpn1 encapsulation ppp [PE2-mpls-l2vpn-vpn1] route-distinguisher 200:2 [PE2-mpls-l2vpn-vpn1] mtu 1500 [PE2-mpls-l2vpn-vpn1] vpn-target 1:1 both [PE2-mpls-l2vpn-vpn1] ce ce4 id 4 range 10 default-offset 0 [PE2-mpls-l2vpn-ce-vpn1-ce1] connection ce-offset 3 interface pos2/0/0 [PE2-mpls-l2vpn-ce-vpn1-ce1] quit [PE2-mpls-l2vpn-vpn1] quit [PE2] interface pos 2/0/0 [PE2-Pos2/0/0] undo shutdown [PE2-Pos2/0/0] quit
# Configure CE1.
[CE1] interface pos 1/0/0 [CE1-Pos1/0/0] ip address 10.1.1.1 255.255.255.0 [CE1-Pos1/0/0] undo shutdown [CE1-Pos1/0/0] quit
# Configure CE2.
[CE2] interface pos 1/0/0 [CE2-Pos1/0/0] ip address 10.1.1.2 255.255.255.0 [CE2-Pos1/0/0] undo shutdown
Issue 03 (2008-09-22)
5-131
5 VLL Configuration
[CE2-Pos1/0/0] quit
6.
Verify the configuration. Check information about the L2VPN connection on PE1. You can view that an L2VC is established and the VC status is Up. Take the display on PE1 and ASBR-PE2 as examples. # The display on PE1 is as follows:
<PE1> display mpls l2vpn connection interface pos 1/0/0 conn-type: remote local vc state: up remote vc state: up local ce-id: 1 local ce name: ce1 remote ce-id: 2 intf(state,encap): Pos1/0/0(up,ppp) peer id: 2.2.2.2 route-distinguisher: 100:2 local vc label: 25602 remote vc label: 25601 tunnel policy: default primary or secondary: primary forwardEntry exist or not: true forward entry active or not:true manual fault set or not: not set AC OAM state: up BFD for PW session index: -BFD for PW state: invalid BFD for LSP state: true Local C bit is not set, Remote C bit is not set tunnel type: lsp , id: 0x2002000
You can view that reachable routes between CE1 and CE2 exist. Take the display on CE1 as an example:
<CE1> display ip routing-table Route Flags: R - relied, D - download to fib -----------------------------------------------------------------------------Routing Tables: Public Destinations : 5 Routes : 5 Destination/Mask Proto Pre Cost Flags NextHop Interface 10.1.1.0/24 Direct 0 0 D 10.1.1.1 Pos1/0/0 10.1.1.1/32 Direct 0 0 D 127.0.0.1 InLoopBack0 10.1.1.2/32 Direct 0 0 D 10.1.1.2 Pos1/0/0
5-132
Issue 03 (2008-09-22)
5 VLL Configuration
InLoopBack0 InLoopBack0
Configuration Files
l
Issue 03 (2008-09-22)
5-133
5 VLL Configuration
undo synchronization peer 2.2.2.2 enable # l2vpn-family policy vpn-target peer 2.2.2.2 enable # # ospf 1 area 0.0.0.0 network 1.1.1.1 0.0.0.0 network 20.1.1.0 0.0.0.3 # return l
5-134
Issue 03 (2008-09-22)
5 VLL Configuration
Issue 03 (2008-09-22)
5-135
5 VLL Configuration
5-136
Issue 03 (2008-09-22)
5 VLL Configuration
Figure 5-22 Networking diagram of configuring the inter-AS Kompella VLL Option C
BGP/MPLS Backbone AS 100
Loopback1 1.1.1.1/32 POS2/0/0 20.1.1.1/30 Loopback1 2.2.2.2/32 POS2/0/0 30.1.1.1/24 POS1/0/0 30.1.1.2/24
ASBR -PE2
PE2
POS1/0/0 10.1.1.1/24
POS1/0/0 10.1.1.2/24
CE1
CE2
Configuration Roadmap
The configuration roadmap is as follows: 1. 2. 3. 4. 5. 6. Run an IGP protocol on the MPLS backbone network so that the routers in the same AS can communicate. Enable MPLS on the backbone network and establish a dynamic LSP tunnel between the PE and ASBR PE. Establish IBGP peers between the PEs and ASBR PEs in the same AS and EBGP peers between the ASBR PEs. Configure a routing policy and enable the labeled route function on the ASBR PEs. Establish MP-EBGP peers between PE1 and PE2. Establish a Kompella VLL connection between PE1 and PE2.Configure L2VPN instances on the ASBRs.
Data Preparation
To complete the configuration, you need the following data:
l l l l
Data needed for configuring OSPF MPLS LSR IDs on the PEs and ASBR PEs L2VPN instance names, RDs, and VPN target on the PEs CE connection names, CE IDs, CE range (by default, it is 10), default-offset (it can be 1 or 0; by default, it is 0) Routing policy applied to the ASBR PEs
NOTE
The PE interfaces connected to the CEs need not be configured with IP addresses because L2VPN is an emulated Layer 2 service.
Issue 03 (2008-09-22)
5-137
5 VLL Configuration
Configuration Procedure
1. Configure IGP on the MPLS backbone network. The PEs and ASBR PEs on the backbone network can communicate by using IGP. OSPF is used as IGP in this example. The configuration details are not mentioned here. Note that the Loopback1 address must be advertised to IBGP peers. After the configuration, the ASBR PEs and PEs in the same AS can learn the Loopback1 address of each other. Run the display ip routing-table command. You can view that the ASBR PEs and PEs learn the Loopback1 address of each other. Take the display on PE1 as an example:
<PE1> display ip routing-table Route Flags: R - relied, D - download to fib -----------------------------------------------------------------------------Routing Tables: Public Destinations : 7 Routes : 7 Destination/Mask Proto Pre Cost Flags NextHop Interface 1.1.1.1/32 Direct 0 0 D 127.0.0.1 InLoopBack0 2.2.2.2/32 OSPF 10 2 D 20.1.1.2 Pos2/0/0 20.1.1.0/30 Direct 0 0 D 20.1.1.1 Pos2/0/0 20.1.1.1/32 Direct 0 0 D 127.0.0.1 InLoopBack0 20.1.1.2/32 Direct 0 0 D 20.1.1.2 Pos2/0/0 127.0.0.0/8 Direct 0 0 D 127.0.0.1 InLoopBack0 127.0.0.1/32 Direct 0 0 D 127.0.0.1 InLoopBack0
The ASBR PEs and PEs in the same AS can ping the Loopback1 address of each other. Take the display on PE1 as an example:
<PE1> ping 2.2.2.2 PING 2.2.2.2: 56 data bytes, press CTRL_C to break Reply from 2.2.2.2: bytes=56 Sequence=1 ttl=255 time=140 ms Reply from 2.2.2.2: bytes=56 Sequence=2 ttl=255 time=30 ms Reply from 2.2.2.2: bytes=56 Sequence=3 ttl=255 time=60 ms Reply from 2.2.2.2: bytes=56 Sequence=4 ttl=255 time=90 ms Reply from 2.2.2.2: bytes=56 Sequence=5 ttl=255 time=60 ms --- 2.2.2.2 ping statistics --5 packet(s) transmitted 5 packet(s) received 0.00% packet loss round-trip min/avg/max = 30/76/140 ms
2.
Enable MPLS and establish LSPs. Enable MPLS and establish LDP LSPs on the ASBR PEs and PEs in the same AS. The configuration details are not mentioned here. After the configuration, LDP peers are established between the PEs and ASBR PEs in the same AS. Run the display mpls ldp session command on each device. You can view that the session status is Operational. Take the display on PE1 as an example:
[PE1] display mpls ldp session LDP Session(s) in Public Network -----------------------------------------------------------------------------Peer-ID Status LAM SsnRole SsnAge KA-Sent/Rcv -----------------------------------------------------------------------------2.2.2.2:0 Operational DU Passive 000:00:03 13/13 -----------------------------------------------------------------------------TOTAL: 1 session(s) Found. LAM : Label Advertisement Mode SsnAge Unit : DDD:HH:MM
5-138
Issue 03 (2008-09-22)
5 VLL Configuration
3.
Configure MP-BGP. Configure MP-IBGP between PE1 and ASBR-PE1, and between PE2 and ASBR-PE2. Configure MP-IBGP between ASBR-PE1 and ASBR-PE2. The Loopback1 route of the PE in the local AS must be advertised to the peer ASBR PE. # Configure PE1.
[PE1] bgp [PE1-bgp] [PE1-bgp] [PE1-bgp] [PE1-bgp] 100 peer 2.2.2.2 as-number 100 peer 2.2.2.2 label-route-capability peer 2.2.2.2 connect-interface LoopBack 1 quit
# Configure ASBR-PE1. For the routes received from the PE in the same AS and advertised to the peer ASBR PE, the ASBR PE allocates MPLS labels to the routes. For the labeled IPv4 routes advertised to the PE in the same AS, the ASBR PE allocates new MPLS labels to the routes.
[ASBR-PE1] interface pos 2/0/0 [ASBR-PE1-Pos2/0/0] mpls [ASBR-PE1-Pos2/0/0] undo shutdown [ASBR-PE1-Pos2/0/0] quit [ASBR-PE1] route-policy policy1 permit node 1 [ASBR-PE1-route-policy] if-match mpls-label [ASBR-PE1-route-policy] apply mpls-label [ASBR-PE1-route-policy] quit [ASBR-PE1] route-policy policy2 permit node 1 [ASBR-PE1-route-policy] apply mpls-label [ASBR-PE1-route-policy] quit [ASBR-PE1] bgp 100 [ASBR-PE1-bgp] network 1.1.1.1 32 [ASBR-PE1-bgp] peer 1.1.1.1 as-number 100 [ASBR-PE1-bgp] peer 1.1.1.1 route-policy policy1 export [ASBR-PE1-bgp] peer 1.1.1.1 label-route-capability [ASBR-PE1-bgp] peer 1.1.1.1 connect-interface loopback 1 [ASBR-PE1-bgp] peer 30.1.1.2 as-number 200 [ASBR-PE1-bgp] peer 30.1.1.2 route-policy policy2 export [ASBR-PE1-bgp] peer 30.1.1.2 label-route-capability [ASBR-PE1-bgp] quit
# Configure ASBR-PE2. For the routes received from the PE in the same AS and advertised to the peer ASBR PE, the ASBR PE allocates MPLS labels to the routes. For the labeled IPv4 routes advertised to the PE in the same AS, the ASBR PE allocates new MPLS labels to the routes.
[ASBR-PE2] interface pos 1/0/0 [ASBR-PE2-Pos1/0/0] mpls [ASBR-PE2-Pos1/0/0] undo shutdown [ASBR-PE2-Pos1/0/0] quit [ASBR-PE2] route-policy policy1 permit node 1 [ASBR-PE2-route-policy] if-match mpls-label [ASBR-PE2-route-policy] apply mpls-label [ASBR-PE2-route-policy] quit [ASBR-PE2] route-policy policy2 permit node 1 [ASBR-PE2-route-policy] apply mpls-label [ASBR-PE2-route-policy] quit [ASBR-PE2] bgp 200 [ASBR-PE2-bgp] network 4.4.4.4 32 [ASBR-PE2-bgp] peer 30.1.1.1 as-number 100 [ASBR-PE2-bgp] peer 30.1.1.1 route-policy policy2 export [ASBR-PE2-bgp] peer 30.1.1.1 label-route-capability [ASBR-PE2-bgp] peer 4.4.4.4 as-number 200 [ASBR-PE2-bgp] peer 4.4.4.4 route-policy policy1 export [ASBR-PE2-bgp] peer 4.4.4.4 label-route-capability [ASBR-PE2-bgp] peer 4.4.4.4 connect-interface loopback 1 [ASBR-PE2-bgp] quit
# Configure PE2.
Issue 03 (2008-09-22) Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd. 5-139
5 VLL Configuration
[PE2] bgp [PE2-bgp] [PE2-bgp] [PE2-bgp] [PE2-bgp]
After the configuration, run the display bgp peer command on the ASBR. You can view that the status of the IBGP sessions between the PEs and ASBR PEs in the same AS and the status of the EBGP sessions between the ASBR PEs are Established.
<ASBR-PE1> display bgp peer BGP local router ID : 2.2.2.2 Local AS number : 100 Total number of peers : 2 Peer V AS MsgRcvd 1.1.1.1 4 100 6 30.1.1.2 4 200 7
MsgSent 9 8
Peers in established state : 2 OutQ Up/Down State PrefRcv 0 00:04:25 Established 0 0 00:04:03 Established 1
4.
Establish EBGP peers between PE1 and PE2. After the BGP peers are enabled in the BGP L2VPN address family view, L2VPN label blocks can be exchanged between the PEs. # Configure PE1.
[PE1] bgp 100 [PE1-bgp] peer 4.4.4.4 as-number 200 [PE1-bgp] peer 4.4.4.4 ebgp-max-hop 255 [PE1-bgp] peer 4.4.4.4 connect-interface loopback 1 [PE1-bgp] l2vpn-family [PE1-bgp-af-l2vpn] peer 4.4.4.4 enable
# Configure PE2.
[PE2] bgp 200 [PE2-bgp] peer 1.1.1.1 as-number 100 [PE2-bgp] peer 1.1.1.1 ebgp-max-hop 255 [PE2-bgp] peer 1.1.1.1 connect-interface loopback 1 [PE2-bgp] l2vpn-family [PE2-bgp-af-l2vpn] peer 1.1.1.1 enable
After the configuration, run the display bgp vpls peer command on PE1 or PE2. You can view that the status of the EBGP peers is Established. Take the display on PE1 as an example:
[PE1] display bgp peer BGP local router ID : 1.1.1.1 Local AS number : 100 Total number of peers : 2 Peer V AS MsgRcvd 4.4.4.4 4 200 22 2.2.2.2 4 100 26
MsgSent 23 21
Peers in established state : 2 OutQ Up/Down State PrefRcv 0 00:15:48 Established 0 0 00:17:12 Established 2
5.
Establish Kompella L2VPN connections between the PEs. Enable VLL, configure L2VPN instances, and create CE connections on the PEs. On CE1 and CE2, configure IP addresses in the same network segment for the interfaces through which CE1 and CE2 access the PEs. # Configure PE1.
[PE1] mpls l2vpn [PE1-l2vpn] quit [PE1] mpls l2vpn vpn1 encapsulation ppp [PE1-mpls-l2vpn-vpn1] route-distinguisher 100:1 [PE1-mpls-l2vpn-vpn1] mtu 1500 [PE1-mpls-l2vpn-vpn1] vpn-target 1:1 [PE1-mpls-l2vpn-vpn1] ce ce1 id 1 range 10 default-offset 0 [PE1-mpls-l2vpn-ce-vpn1-ce1] connection ce-offset 2 interface pos1/0/0 [PE1-mpls-l2vpn-ce-vpn1-ce1] quit [PE1-mpls-l2vpn-vpn1] quit [PE1] interface pos 1/0/0 [PE1-Pos1/0/0] undo shutdown
5-140
Issue 03 (2008-09-22)
5 VLL Configuration
# Configure PE2.
[PE2] mpls l2vpn [PE2-l2vpn] quit [PE2] mpls l2vpn vpn1 encapsulation ppp [PE2-mpls-l2vpn-vpn1] route-distinguisher 200:1 [PE2-mpls-l2vpn-vpn1] mtu 1500 [PE2-mpls-l2vpn-vpn1] vpn-target 1:1 [PE2-mpls-l2vpn-vpn1] ce ce1 id 2 range 10 default-offset 0 [PE2-mpls-l2vpn-ce-vpn1-ce1] connection ce-offset 1 interface pos2/0/0 [PE2-mpls-l2vpn-ce-vpn1-ce1] quit [PE2-mpls-l2vpn-vpn1] quit [PE2] interface pos 2/0/0 [PE2-Pos2/0/0] undo shutdown [PE2-Pos2/0/0] quit
# Configure CE1.
[CE1] interface pos 1/0/0 [CE1-Pos1/0/0] ip address 10.1.1.1 255.255.255.0 [CE1-Pos1/0/0] undo shutdown [CE1-Pos1/0/0] quit
# Configure CE2.
[CE2] interface pos 1/0/0 [CE2-Pos1/0/0] ip address 10.1.1.2 255.255.255.0 [CE2-Pos1/0/0] undo shutdown [CE2-Pos1/0/0] quit
6.
Verify the configuration. Check information about the L2VPN connection on PE1. You can view that an L2VC is established and the VC status is Up. Take the display on PE1 as an example:
<PE1> display mpls l2vpn connection interface pos 1/0/0 conn-type: remote local vc state: up remote vc state: up local ce-id: 1 local ce name: ce1 remote ce-id: 2 intf(state,encap): Pos1/0/0(up,ppp) peer id: 4.4.4.4 route-distinguisher: 200:1 local vc label: 25602 remote vc label: 25601 tunnel policy: default primary or secondary: primary forwardEntry exist or not: true forward entry active or not:true manual fault set or not: not set AC OAM state: up BFD for PW session index: -BFD for PW state: invalid BFD for LSP state: true Local C bit is not set, Remote C bit is not set tunnel type: lsp , id: 0x2002002
You can view that reachable routes exist between CE1 and CE2. Take the display on CE1 as an example:
<CE1> display ip routing-table Route Flags: R - relied, D - download to fib -----------------------------------------------------------------------------Routing Tables: Public Destinations : 5 Routes : 5 Destination/Mask Proto Pre Cost Flags NextHop Interface 10.1.1.0/24 Direct 0 0 D 10.1.1.1 Pos1/0/0 10.1.1.1/32 Direct 0 0 D 127.0.0.1 InLoopBack0
Issue 03 (2008-09-22)
5-141
5 VLL Configuration
10.1.1.2/32 127.0.0.0/8 127.0.0.1/32 Direct 0 Direct 0 Direct 0 0 0 0
Configuration Files
l
5-142
Issue 03 (2008-09-22)
5 VLL Configuration
Issue 03 (2008-09-22)
5-143
5 VLL Configuration
apply mpls-label # return l
5-144
Issue 03 (2008-09-22)
5 VLL Configuration
5.11.16 Example for Configuring Martini VLL FRR (Symmetrically Dual-homed CEs)
Networking Requirements
As shown in Figure 5-23, CE1 accesses PE1 and PE2, and CE2 accesses PE3 and PE4.The requirements are as follows:
l
Issue 03 (2008-09-22)
5 VLL Configuration
l
Establish PWs between PE1 and PE3, and between PE2 and PE4, and use MPLS LSPs as tunnels. When the primary path CE2PE3PPE1CE1 fails, L2VPN traffic can be rapidly switched to the backup path CE2PE4PE2CE1. When the primary path CE2PE3PPE1CE1 recovers, the L2VPN traffic can be switched back to the primary path.
Figure 5-23 Networking diagram of configuring Martini VLL FRR (symmetrically dual-homed CEs)
P
1 /0/ 30 / S2 PO .13.2 .1 0 10 1 /0/ 30 / S2 PO .13.1 .1 0 10
Loopback1 1.1.1.1/32
Loopback1 5.5.5.5/32
PE1
POS1/0/0 10.1.1.2/30 Loopback1 2.2.2.2/32
LSP
PE3
POS1/0/0 10.1.1.1/30
PE2
POS1/0/0 10.1.2.2/30 POS1/0/0 10.1.1.1/30 POS1/0/1 10.1.2.1/30
POS2/0/0 100.1.24.1/30
PE4
LSP
CE1
POS1/0/2 10.1.3.1/24
CE2
Configuration Roadmap
The configuration roadmap is as follows: 1. 2. 3. 4. 5. 6. Configure OSPF on the backbone network. Establish LSPs between PE1 and PE3, and between PE2 and PE4. Establish MPLS LDP sessions between PE1 and PE3, and between PE2 and PE4. Configure PWs on the PEs by using PW templates. Establish BFD for PW sessions between PE1 and PE3, and between PE2 and PE4. Configure the AC OAM detection and advertisement function on the PEs, and enable the OAM mapping function.
Data Preparation
To complete the configuration, you need the following data:
l l l
Name of the remote peer of MPLS LDP VC IDs of the master PW and backup PW Name of the PW template
Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd. Issue 03 (2008-09-22)
5-146
5 VLL Configuration
Configuration Procedure
1. Configure IP addresses for the CE interfaces that access the PEs. # Configure CE1.
<Quidway> system-view [Quidway] sysname CE1 [CE1] interface pos 1/0/0 [CE1-Pos1/0/0] ip address 10.1.1.1 30 [CE1-Pos1/0/0] undo shutdown [CE1-Pos1/0/0] quit [CE1] interface pos 1/0/1 [CE1-Pos1/0/1] ip address 10.1.2.1 30 [CE1-Pos1/0/1] undo shutdown [CE1-Pos1/0/1] quit [CE1] interface pos 1/0/2 [CE1-Pos1/0/2] ip address 10.1.3.1 24 [CE1-Pos1/0/2] undo shutdown [CE1-Pos1/0/2] quit
# Configure CE2.
<Quidway> system-view [Quidway] sysname CE2 [CE2] interface pos 1/0/0 [CE2-Pos1/0/0] ip address 10.1.1.2 30 [CE2-Pos1/0/0] undo shutdown [CE2-Pos1/0/0] quit [CE2] interface pos 1/0/1 [CE2-Pos1/0/1] ip address 10.1.2.2 30 [CE2-Pos1/0/1] undo shutdown [CE2-Pos1/0/1] quit
2.
Configure IGP on the MPLS backbone network to implement interworking between PEs and P. # Configure PE1.
<Quidway> system-view [Quidway] sysname PE1 [PE1] interface loopback1 [PE1-LoopBack1] ip address 1.1.1.1 32 [PE1-LoopBack1] quit [PE1] interface pos 2/0/1 [PE1-Pos2/0/1] ip address 100.1.13.1 30 [PE1-Pos2/0/1] undo shutdown [PE1-Pos2/0/1] quit [PE1] ospf 1 [PE1-ospf-1] area 0 [PE1-ospf-1-area-0.0.0.0] network 1.1.1.1 0.0.0.0 [PE1-ospf-1-area-0.0.0.0] network 100.1.13.0 0.0.0.3
# Configure P.
[P] interface loopback1 [P-LoopBack1] ip address 5.5.5.5 32 [P-LoopBack1] quit [P] interface pos 2/0/1 [P-Pos2/0/1] ip address 100.1.13.2 30 [P-Pos2/0/1] undo shutdown [P-Pos2/0/1] quit [P] interface pos 2/0/2 [P-Pos2/0/2] ip address 100.1.31.1 30 [P-Pos2/0/2] undo shutdown [P-Pos2/0/2] quit [P] ospf 1 [P-ospf-1] area 0 [P-ospf-1-area-0.0.0.0] network 5.5.5.5 0.0.0.0 [P-ospf-1-area-0.0.0.0] network 100.1.13.0 0.0.0.3
Issue 03 (2008-09-22)
5-147
5 VLL Configuration
# Configure PE3.
[PE3] interface loopback1 [PE3-LoopBack1] ip address 3.3.3.3 32 [PE3-LoopBack1] quit [PE3] interface pos2/0/1 [PE3-Pos2/0/1] ip address 100.1.31.2 30 [PE3-Pos2/0/1] undo shutdown [PE3-Pos2/0/1] quit [PE3] ospf 1 [PE3-ospf-1] area 0 [PE3-ospf-1-area-0.0.0.0] network 3.3.3.3 0.0.0.0 [PE3-ospf-1-area-0.0.0.0] network 100.1.31.0 0.0.0.3
# Configure PE2.
[PE2] interface loopback1 [PE2-LoopBack1] ip address 2.2.2.2 32 [PE2-LoopBack1] quit [PE2] interface pos 2/0/0 [PE2-Pos2/0/0] ip address 100.1.24.1 30 [PE2-Pos2/0/0] undo shutdown [PE2-Pos2/0/0] quit [PE2] ospf 1 [PE2-ospf-1] area 0 [PE2-ospf-1-area-0.0.0.0] network 2.2.2.2 0.0.0.0 [PE2-ospf-1-area-0.0.0.0] network 100.1.24.0 0.0.0.3
# Configure PE4.
[PE4] interface loopback1 [PE4-LoopBack1] ip address 4.4.4.4 32 [PE4-LoopBack1] quit [PE4] interface pos 2/0/0 [PE4-Pos2/0/0] ip address 100.1.24.2 30 [PE4-Pos2/0/0] undo shutdown [PE4-Pos2/0/0] quit [PE4] ospf 1 [PE4-ospf-1] area 0 [PE4-ospf-1-area-0.0.0.0] network 4.4.4.4 0.0.0.0 [PE4-ospf-1-area-0.0.0.0] network 100.1.24.0 0.0.0.3
After the configuration, run the display ip routing-table command on the PEs. You can view that PE1 and PE2, and PE1 and PE3 can learn the Loopback1 route from each other. Take the display on PE1 as an example:
<PE1> display ip routing-table Route Flags: R - relied, D - download to fib -----------------------------------------------------------------------------Routing Tables: Public Destinations : 9 Routes : 9 Destination/Mask Proto Pre Cost Flags NextHop Interface 1.1.1.1/32 Direct 0 0 D 127.0.0.1 InLoopBack0 3.3.3.3/32 OSPF 10 3 D 100.1.13.2 Pos2/0/1 5.5.5.5/32 OSPF 10 2 D 100.1.13.2 Pos2/0/1 100.1.13.0/30 Direct 0 0 D 100.1.13.1 Pos2/0/1 100.1.13.1/32 Direct 0 0 D 127.0.0.1 InLoopBack0 100.1.13.2/32 Direct 0 0 D 100.1.13.2 Pos2/0/1 100.1.31.0/30 OSPF 10 2 D 100.1.13.2 Pos2/0/1 127.0.0.0/8 Direct 0 0 D 127.0.0.1 InLoopBack0 127.0.0.1/32 Direct 0 0 D 127.0.0.1 InLoopBack0
3.
Configure the basic MPLS capability on the MPLS backbone network. # Enable MPLS and specify LSR IDs as the IP addresses of Loopback1 interfaces. Enable MPLS and MPLS LDP on the backbone network interfaces. # Configure PE1.
[PE1] mpls lsr-id 1.1.1.1 [PE1] mpls
5-148
Issue 03 (2008-09-22)
5 VLL Configuration
# Configure P.
[P] mpls lsr-id 5.5.5.5 [P] mpls [P-mpls] quit [P] mpls ldp [P-mpls-ldp] quit [P] interface pos2/0/1 [P-Pos2/0/1] mpls [P-Pos2/0/1] mpls ldp [P-Pos2/0/1] quit [P] interface pos 2/0/2 [P-Pos2/0/2] mpls [P-Pos2/0/2] mpls ldp [P-Pos2/0/2] quit
# Configure PE3.
[PE3] mpls lsr-id 3.3.3.3 [PE3] mpls [PE3-mpls] quit [PE3] mpls ldp [PE3-mpls-ldp] quit [PE3] interface pos 2/0/1 [PE3-Pos2/0/1] mpls [PE3-Pos2/0/1] mpls ldp [PE3-Pos2/0/1] quit
# Configure PE2.
[PE2] mpls lsr-id 2.2.2.2 [PE2] mpls [PE2-mpls] quit [PE2] mpls ldp [PE2-mpls-ldp] quit [PE2] interface pos 2/0/0 [PE2-Pos2/0/0] mpls [PE2-Pos2/0/0] mpls ldp [PE2-Pos2/0/0] quit
# Configure PE4.
[PE4] mpls lsr-id 4.4.4.4 [PE4] mpls [PE4-mpls] quit [PE4] mpls ldp [PE4-mpls-ldp] quit [PE4] interface pos 2/0/0 [PE4-Pos2/0/0] mpls [PE4-Pos2/0/0] mpls ldp [PE4-Pos2/0/0] quit
After the configuration, run the display tunnel-info all command on the PEs. You can view that MPLS LSP tunnels are established between PE1 and PE3, and between PE2 and PE4. Take the display on PE1 and PE2 as examples:
[PE1] display tunnel-info all * -> Allocated VC Token Tunnel ID Type Destination Token ---------------------------------------------------------------------0x2002005 lsp 3.3.3.3 5 0x2002006 lsp -6 0x2002007 lsp 5.5.5.5 7 0x2002008 lsp -8
Issue 03 (2008-09-22)
5-149
5 VLL Configuration
4.
Establish remote LDP sessions between the PEs. # Configure remote LDP sessions and specify their IP addresses as the addresses of the loopback interfaces on LDP remote peers.
NOTE
In this example, PE2 and PE4 are directly connected; thus, remote LDP sessions between PE2 and PE4 need not be configured manually.
# Configure PE1.
[PE1] mpls ldp remote-peer pe3 [PE1-mpls-ldp-remote-pe3] remote-ip 3.3.3.3 [PE1-mpls-ldp-remote-pe3] quit
# Configure PE3.
[PE3] mpls ldp remote-peer pe1 [PE3-mpls-ldp-remote-pe1] remote-ip 1.1.1.1 [PE3-mpls-ldp-remote-pe1] quit
After the configuration, run the display mpls ldp session command on the PEs. You can view that the status of remote LDP peers is Operational. That is, the remote peer relationship is established. Take the display on PE1 as an example:
<PE1> display mpls ldp session LDP Session(s) in Public Network -----------------------------------------------------------------------------Peer-ID Status LAM SsnRole SsnAge KA-Sent/Rcv -----------------------------------------------------------------------------3.3.3.3:0 Operational DU Passive 000:00:56 225/227 5.5.5.5:0 Operational DU Passive 000:00:13 56/56 -----------------------------------------------------------------------------TOTAL: 2 session(s) Found. LAM : Label Advertisement Mode SsnAge Unit : DDD:HH:MM
5.
# Configure PE3.
[PE3] mpls l2vpn [PE3-l2vpn] mpls l2vpn [PE3-l2vpn] quit [PE3] pw-template 3to1 [PE3-pw-template-3to1] [PE3-pw-template-3to1] [PE3-pw-template-3to1] [PE3-pw-template-3to1] default martini peer-address 1.1.1.1 control-word vccv cc cw cv bfd quit
5-150
Issue 03 (2008-09-22)
5 VLL Configuration
[PE3] interface pos 1/0/0 [PE3-Pos1/0/0] mpls l2vc pw-template 3to1 100 ip-interworking [PE3-Pos1/0/0] ip address 10.1.1.1 30 [PE3-Pos1/0/0] undo shutdown [PE3-Pos1/0/0] quit
# Configure PE2.
[PE2] mpls l2vpn [PE2-l2vpn] mpls l2vpn default martini [PE2-l2vpn] quit [PE2] pw-template 2to4 [PE2-pw-template-2to4] peer-address 4.4.4.4 [PE2-pw-template-2to4] control-word [PE2-pw-template-2to4] vccv cc cw cv bfd [PE2-pw-template-2to4] quit [PE2] interface pos 1/0/0 [PE2-Pos1/0/0] mpls l2vc pw-template 2to4 200 ip-interworking [PE2-Pos1/0/0] ip address 10.1.2.2 30 [PE2-Pos1/0/0] undo shutdown [PE2-Pos1/0/0] quit
# Configure PE4.
[PE4] mpls l2vpn [PE4-l2vpn] mpls l2vpn default martini [PE4-l2vpn] quit [PE4] pw-template 4to2 [PE4-pw-template-4to2] peer-address 2.2.2.2 [PE4-pw-template-4to2] control-word [PE4-pw-template-4to2] vccv cc cw cv bfd [PE4-pw-template-4to2] quit [PE4] interface pos 1/0/0 [PE4-Pos1/0/0] mpls l2vc pw-template 4to2 200 ip-interworking [PE4-Pos1/0/0] ip address 10.1.2.1 30 [PE4-Pos1/0/0] undo shutdown [PE4-Pos1/0/0] quit
After the configuration, run the display pw-template command on the PEs. You can view that the configuration of the PW templates and the VCCV is enabled in these templates. Take the display on PE1 as an example:
<PE1> display pw-template Total PW template number : 1 PW Template Name : 1to3 PeerIP : 3.3.3.3 Tnl Policy Name : -CtrlWord : Enable VCCV Capability : cw bfd Behavior Name : -Total PW : 1, Static PW : 0, LDP PW : 1, Rsvp PW : 0
View information about L2VPN connections on the PEs. Run the display mpls l2vc command on the PEs. You can view that the PWs are established and the PW status is Active. Take the display on PE1 as an example:
<PE1> display mpls l2vc total LDP VC : 1 1 up 0 down *client interface : Pos1/0/0 session state : up AC status : up VC state : up VC ID : 100 VC type : IP-interworking destination : 3.3.3.3 local VC label : 21504 remote VC label control word : enable forwarding entry : existent local group ID : 0 manual fault : not set
: 21504
Issue 03 (2008-09-22)
5-151
5 VLL Configuration
active state : link state : local VC MTU : tunnel policy name : traffic behavior name: PW template name : primary or secondary : create time : up time : last change time :
VC MTU
: 1500
Run OSPF on CE1 and CE2, and advertise the routes destined for 10.1.3.0/24 to CE2. To transmit traffic along the path CE1PE1PPE3CE2, modify the OSPF cost of POS 1/0/1 on CE1 and CE2. For example, modify the OSPF cost to 10. # Configure CE1.
[CE1] ospf 1 [CE1-ospf-1] area 0.0.0.0 [CE1-ospf-1-area-0.0.0.0] network 10.1.1.0 0.0.0.3 [CE1-ospf-1-area-0.0.0.0] network 10.1.2.0 0.0.0.3 [CE1-ospf-1-area-0.0.0.0] network 10.1.3.0 0.0.0.255 [CE1-ospf-1-area-0.0.0.0] quit [CE1-ospf-1] quit [CE1] interface pos1/0/1 [CE1-Pos1/0/1] ospf cost 10
# Configure CE2.
[CE2] ospf 1 [CE2-ospf-1] area 0.0.0.0 [CE2-ospf-1-area-0.0.0.0] network 10.1.1.0 0.0.0.3 [CE2-ospf-1-area-0.0.0.0] network 10.1.2.0 0.0.0.3 [CE2-ospf-1-area-0.0.0.0] quit [CE2-ospf-1] quit [CE2] interface pos1/0/1 [CE2-Pos1/0/1] ospf cost 10
# Run the display ip routing-table command on CE2. You can view that on CE2, the outbound interface of the routes to 10.1.3.0/24 is POS 1/0/0. That is, the traffic is transmitted through the primary path.
<CE2> display ip routing-table Route Flags: R - relied, D - download to fib -----------------------------------------------------------------------------Routing Tables: Public Destinations : 8 Routes : 8 Destination/Mask Proto Pre Cost Flags NextHop Interface 10.1.1.0/30 Direct 0 0 D 10.1.1.2 Pos1/0/0 10.1.1.1/32 Direct 0 0 D 10.1.1.1 Pos1/0/0 10.1.1.2/32 Direct 0 0 D 127.0.0.1 InLoopBack0 10.1.2.0/30 Direct 0 0 D 10.1.2.2 Pos1/0/1 10.1.2.1/32 Direct 0 0 D 10.1.2.1 Pos1/0/1 10.1.2.2/32 Direct 0 0 D 127.0.0.1 InLoopBack0 10.1.3.1/32 OSPF 10 2 D 10.1.1.1 Pos1/0/0 127.0.0.0/8 Direct 0 0 D 127.0.0.1 InLoopBack0 127.0.0.1/32 Direct 0 0 D 127.0.0.1 InLoopBack0
5-152
Issue 03 (2008-09-22)
5 VLL Configuration
6.
Local discriminators and remote discriminators of BFD sessions must correspond to each other and cannot be modified after being configured.
# Configure PE1.
[PE1] bfd [PE1-bfd] quit [PE1] bfd 1to3 bind pw interface pos 1/0/0 [PE1-bfd-lsp-session-1to3] discriminator local 13 [PE1-bfd-lsp-session-1to3] discriminator remote 31 [PE1-bfd-lsp-session-1to3] commit [PE1-bfd-lsp-session-1to3] quit
# Configure PE3.
[PE3] bfd [PE3-bfd] quit [PE3] bfd 3to1 bind pw interface pos 1/0/0 [PE3-bfd-lsp-session-3to1] discriminator local 31 [PE3-bfd-lsp-session-3to1] discriminator remote 13 [PE3-bfd-lsp-session-3to1] commit [PE3-bfd-lsp-session-3to1] quit
# Configure PE2.
[PE2] bfd [PE2-bfd] quit [PE2] bfd 2to4 bind pw interface pos 1/0/0 [PE2-bfd-lsp-session-2to4] discriminator local 24 [PE2-bfd-lsp-session-2to4] discriminator remote 42 [PE2-bfd-lsp-session-2to4] commit [PE2-bfd-lsp-session-2to4] quit
# Configure PE4.
[PE4] bfd [PE4-bfd] quit [PE4] bfd 4to2 bind pw interface pos 1/0/0 [PE4-bfd-lsp-session-4to2] discriminator local 42 [PE4-bfd-lsp-session-4to2] discriminator remote 24 [PE4-bfd-lsp-session-4to2] commit [PE4-bfd-lsp-session-4to2] quitt
After the configuration, BFD sessions are established between PE1 and PE3, and between PE2 and PE4. Run the display bfd session all command. You can view that the status of the BFD sessions is Up. Take the display on PE1 as an example:
<PE1> display bfd session all ------------------------------------------------------------------------------Local Remote PeerIpAddr InterfaceName State Type ------------------------------------------------------------------------------13 31 127.0.0.1 Pos1/0/0 Up S_PW (M) ------------------------------------------------------------------------------Total UP/DOWN Session Number : 1/0
Run the display bfd configuration all command. You can view the configuration of the BFD sessions and the Commit state is True.
<PE1> display bfd configuration all ------------------------------------------------------------------------------CFG Name CFG Type LocalDiscr MIndex SessNum Commit AdminDown -------------------------------------------------------------------------------
Issue 03 (2008-09-22)
5-153
5 VLL Configuration
7.
Enable the OAM mapping function. Then, the AC OAM detection and advertisement function is automatically enabled on the PEs. # Take the configuration of PE1 as an example. Configurations of PE2, PE3, and PE4 are similar to that of PE1 and are not mentioned here.
[PE1] interface pos 1/0/0 [PE1-Pos1/0/0] mpls l2vpn oam-mapping auto
Run the display mpls l2vc oam-mapping interface command on the PEs. You can view information about the OAM mapping. The AC OAM status is Up, the status of BFD for PW is Enable, and the BFD status is Up. Take the display on PE1 as an example:
<PE1> display mpls l2vc oam-mapping interface pos1/0/0 AC OAM Info: ACFD Index : 0x800 Notify : Enable Detect : Enable AC OAM State : Up OAM-mapping : Enable PSN info: VC-ID : 100 VC status : Primary Active State : Active Link State : Up BFD for PW : Enable BFDSessionIndex:256 ,BFD State : up BFD for LSP : 0 TunnelNum: 1 PSN State : up
8.
Verify the configuration. If the configuration succeeds, run the display mpls l2vc interface command on PE1 or PE3. You can view that the PW1 status is Up. Take the display on PE1 as an example:
<PE1> display mpls l2vc interface pos 1/0/0 *client interface : Pos1/0/0 is up session state : up AC state : up VC state : up VC ID : 100 VC type : IP-interworking destination : 3.3.3.3 local group ID : 0 remote group ID : local VC label : 21504 remote VC label : local AC OAM State : up local PSN State : up local forwarding state : forwarding remote AC OAM state : up remote PSN state : up remote forwarding state: forwarding BFD for PW : enable BFD sessionIndex : 256 BFD state : up manual fault : not set active state : active forwarding entry : exist link state : up local VC MTU : 1500 remote VC MTU : local VCCV : cw bfd remote VCCV : cw bfd local fragmentantion : disable remote fragmentantion: local control word : enable remote control word : tunnel policy : -traffic behavior : -PW template name : 1to3 primary or secondary : primary
0 21504
5-154
Issue 03 (2008-09-22)
5 VLL Configuration
tunnels/tokens TNL ID : 0x2002005 days, 1 hours, 30 minutes, 27 seconds days, 0 hours, 27 minutes, 48 seconds days, 0 hours, 27 minutes, 48 seconds
Run the shutdown command on POS 2/0/1 of PE3. Run the display bfd session all command on PE1 or PE3. You can view that the status of the BFD session on PW1 is Down. Take the display on PE1 as an example:
<PE1> display bfd session all ------------------------------------------------------------------------------Local Remote PeerIpAddr InterfaceName State Type ------------------------------------------------------------------------------13 31 127.0.0.1 Pos1/0/0 Down S_PW(M) ------------------------------------------------------------------------------Total UP/DOWN Session Number : 0/1
Run the display mpls l2vc interface command on PE1 or PE3. You can view that the status of PW1 becomes Down. Take the display on PE1 as an example:
<PE1> display mpls l2vc interface pos 1/0/0 *client interface : Pos1/0/0 is up session state : down AC state : up VC state : down VC ID : 100 VC type : IP-interworking destination : 3.3.3.3 local group ID : 0 remote group ID : 0 local VC label : 21504 remote VC label : 0 local AC OAM State : up local PSN State : up local forwarding state : not forwarding BFD for PW : enable BFD sessionIndex : 256 BFD state : down manual fault : not set active state : active forwarding entry : not exist link state : down local VC MTU : 1500 remote VC MTU : 0 local VCCV : cw bfd remote VCCV : none local fragmentantion : disable remote fragmentantion: none local control word : enable remote control word : none tunnel policy : -traffic behavior : -PW template name : 1to3 primary or secondary : primary VC tunnel/token info : 0 tunnels/tokens create time : 0 days, 1 hours, 33 minutes, 18 seconds up time : 0 days, 0 hours, 0 minutes, 0 seconds last change time : 0 days, 0 hours, 1 minutes, 11 seconds
Check the routing table on CE2, and you can view that the outbound interface of the routes destined for 10.1.3.0 changes to POS 1/0/1. That is, L2VPN traffic is switched to the backup path.
<CE2> display ip routing-table Route Flags: R - relied, D - download to fib -----------------------------------------------------------------------------Routing Tables: Public Destinations : 6 Routes : 6 Destination/Mask Proto Pre Cost Flags NextHop Interface 10.1.2.0/30 Direct 0 0 D 10.1.2.2 Pos1/0/1 10.1.2.1/32 Direct 0 0 D 10.1.2.1 Pos1/0/1 10.1.2.2/32 Direct 0 0 D 127.0.0.1 InLoopBack0 10.1.3.1/32 OSPF 10 11 D 10.1.2.1 Pos1/0/1
Issue 03 (2008-09-22)
5-155
5 VLL Configuration
127.0.0.0/8 127.0.0.1/32 Direct 0 Direct 0 0 0
Run the undo shutdown command on POS 2/0/1 of PE3. Check the routing table on CE2, and you can view that the outbound interface of the routes destined for 10.1.3.0 changes to POS 1/0/0. That is, the L2VPN traffic is switched back to the primary path.
<CE2> display ip routing-table Route Flags: R - relied, D - download to fib -----------------------------------------------------------------------------Routing Tables: Public Destinations : 9 Routes : 9 Destination/Mask Proto Pre Cost Flags NextHop Interface 10.1.1.0/30 Direct 0 0 D 10.1.1.2 Pos1/0/0 10.1.1.1/32 Direct 0 0 D 10.1.1.1 Pos1/0/0 10.1.1.2/32 Direct 0 0 D 127.0.0.1 InLoopBack0 10.1.2.0/30 Direct 0 0 D 10.1.2.2 Pos1/0/1 10.1.2.1/32 Direct 0 0 D 10.1.2.1 Pos1/0/1 10.1.2.2/32 Direct 0 0 D 127.0.0.1 InLoopBack0 10.1.3.1/32 OSPF 10 2 D 10.1.1.1 Pos1/0/0 127.0.0.0/8 Direct 0 0 D 127.0.0.1 InLoopBack0 127.0.0.1/32 Direct 0 0 D 127.0.0.1 InLoopBack0
Configuration Files
l
5-156
Issue 03 (2008-09-22)
5 VLL Configuration
Configuration file of P
# sysname P # mpls lsr-id 5.5.5.5 mpls # mpls ldp # interface Pos2/0/1
Issue 03 (2008-09-22)
5-157
5 VLL Configuration
link-protocol ppp undo shutdown ip address 100.1.13.2 255.255.255.252 mpls mpls ldp # interface Pos2/0/2 link-protocol ppp undo shutdown ip address 100.1.31.1 255.255.255.252 mpls mpls ldp # interface LoopBack1 ip address 5.5.5.5 255.255.255.255 # ospf 1 area 0.0.0.0 network 5.5.5.5 0.0.0.0 network 100.1.13.0 0.0.0.3 network 100.1.31.0 0.0.0.3 # return l
5-158
Issue 03 (2008-09-22)
5 VLL Configuration
Issue 03 (2008-09-22)
5-159
5 VLL Configuration
5.11.17 Example for Configuring Martini VLL FRR (Asymmetrically Connected CEs)
Networking Requirements
As shown in Figure 5-24, CE1 accesses PE1 through a single link. CE2 accesses PE2 and PE3 in dual-homed mode. The requirements are as follows:
l
CE1 accesses PE1 by using an HDLC link; CE2 accesses PE2 and PE3 by using two PPP links. A PW is established between PE1 and PE3. This PW is a master PW using an MPLS TE tunnel. A PW is established between PE1 and PE2. This PW is a backup PW using an MPLS LSP. When the path CE2PE3PPE1 fails, L2VPN traffic can be rapidly switched to the backup path CE2PE2PE1. When the path CE2PE3PPE1 recovers, the L2VPN traffic can be switched back to the original path.
l l
5-160
Issue 03 (2008-09-22)
5 VLL Configuration
Figure 5-24 Networking diagram of configuring Martini VLL FRR (asymmetrically connected CEs)
1 /0 / 0 S2 1.2/3 O . P 13 0. 10 1 /0 / /30 S2 PO 3.1.1 0.1 10
Loopback1 1.1.1.1/32
PE1
POS1/0/0 10.1.1.2/30
MPLS TE
PE3
PO 100 S2/0 /2 .1 2. 1.1/ 30
MPL
SL SP
PO 100 S2/0 /1 .1 2. 1.2/ 30
Loopback1 2.2.2.2/32
HDLC
POS1/0/0 10.1.1.1/30 10.1.2.1/30 sub
PPP
PE2 PPP
POS1/0/1 10.1.2.2/30 POS1/0/0 10.1.1.2/30
CE1
POS1/0/1 10.1.3.1/24
CE2
Configuration Roadmap
The configuration roadmap is as follows: 1. 2. 3. 4. 5. 6. 7. Configure OSPF on the backbone network. Establish an MPLS TE tunnel between PE1 and PE3, and establish an LSP between PE1 and PE2. Establish MPLS LDP sessions between PE1 and PE1, and between PE1 and PE3. Establish MPLS LDP sessions between PE1 and PE3. Configure PWs by using PW templates on the PEs. When configuring the master PW, configure a tunnel policy because the master PW uses an MPLS TE tunnel. Establish BFD for PW sessions between PE1 and PE2, and between PE1 and PE3. Enable the OAM mapping function and automatically enable the AC OAM detection and advertisement function on the PEs.
Data Preparation
To complete the configuration, you need the following data:
l l l l l
Tunnel policy Bandwidth of the MPLS TE tunnel Name of the remote peer of MPLS LDP VC IDs of the master PW and backup PW Name of the PW template
Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd. 5-161
Issue 03 (2008-09-22)
5 VLL Configuration
Configuration Procedure
1. Configure IP addresses for the CE interfaces that access the PEs. # Configure CE1.
<Quidway> system-view [Quidway] sysname CE1 [CE1] interface pos 1/0/0 [CE1-Pos1/0/0] link-protocol hdlc [CE1-Pos1/0/0] ip address 10.1.1.1 30 [CE1-Pos1/0/0] ip address 10.1.2.1 30 sub [CE1-Pos1/0/0] undo shutdown [CE1-Pos1/0/0] quit [CE1] interface pos 1/0/1 [CE1-Pos1/0/1] link-protocol hdlc [CE1-Pos1/0/1] ip address 10.1.3.1 24 [CE1-Pos1/0/1] undo shutdown [CE1-Pos1/0/1] quit
# Configure CE2.
<Quidway> system-view [Quidway] sysname CE2 [CE2] interface pos 1/0/0 [CE2-Pos1/0/0] ip address 10.1.1.2 30 [CE2-Pos1/0/0] undo shutdown [CE2-Pos1/0/0] quit [CE2] interface pos 1/0/1 [CE2-Pos1/0/1] ip address 10.1.2.2 30 [CE2-Pos1/0/1] undo shutdown [CE2-Pos1/0/1] quit
2.
Configure IGP on the MPLS backbone network to implement interworking between PEs and P. # Configure PE1.
[PE1] interface loopback 1 [PE1-LoopBack1] ip address 1.1.1.1 32 [PE1-LoopBack1] quit [PE1] interface pos 2/0/1 [PE1-Pos2/0/1] ip address 100.13.1.1 30 [PE1-Pos2/0/1] undo shutdown [PE1-Pos2/0/1] quit [PE1] interface pos 2/0/2 [PE1-Pos2/0/2] ip address 100.12.1.1 30 [PE1-Pos2/0/2] undo shutdown [PE1-Pos2/0/2] quit [PE1] ospf 1 [PE1-ospf-1] area 0 [PE1-ospf-1-area-0.0.0.0] network 1.1.1.1 0.0.0.0 [PE1-ospf-1-area-0.0.0.0] network 100.13.1.0 0.0.0.3 [PE1-ospf-1-area-0.0.0.0] network 100.12.1.0 0.0.0.3
# Configure P.
[P] interface loopback 1 [P-LoopBack1] ip address 4.4.4.4 32 [P-LoopBack1] quit [P] interface pos 2/0/1 [P-Pos2/0/1] ip address 100.13.1.2 30 [P-Pos2/0/1] undo shutdown [P-Pos2/0/1] quit [P] interface pos 2/0/2 [P-Pos2/0/2] ip address 100.34.1.1 30 [P-Pos2/0/2] undo shutdown [P-Pos2/0/2] quit [P] ospf 1 [P-ospf-1] area 0 [P-ospf-1-area-0.0.0.0] network 100.13.1.0 0.0.0.3 [P-ospf-1-area-0.0.0.0] network 100.34.1.0 0.0.0.3 [P-ospf-1-area-0.0.0.0] network 4.4.4.4 0.0.0.0
5-162
Issue 03 (2008-09-22)
5 VLL Configuration
# Configure PE3.
[PE3] interface loopback 1 [PE3-LoopBack1] ip address 3.3.3.3 32 [PE3-LoopBack1] quit [PE3] interface pos2/0/1 [PE3-Pos2/0/1] ip address 100.34.1.2 30 [PE3-Pos2/0/1] undo shutdown [PE3-Pos2/0/1] quit [PE3] ospf 1 [PE3-ospf-1] area 0 [PE3-ospf-1-area-0.0.0.0] network 3.3.3.3 0.0.0.0 [PE3-ospf-1-area-0.0.0.0] network 100.34.1.0 0.0.0.3
# Configure PE2.
[PE2] interface loopback 1 [PE2-LoopBack1] ip address 2.2.2.2 32 [PE2-LoopBack1] quit [PE2] interface pos 2/0/1 [PE2-Pos2/0/1] ip address 100.12.1.2 30 [PE2-Pos2/0/1] undo shutdown [PE2-Pos2/0/1] quit [PE2] ospf 1 [PE2-ospf-1] area 0 [PE2-ospf-1-area-0.0.0.0] network 2.2.2.2 0.0.0.0 [PE2-ospf-1-area-0.0.0.0] network 100.12.1.0 0.0.0.3
After the configuration, run the display ip routing-table command on the PEs. You can view that PE1 and PE2, and PE1 and PE3 can learn the Loopback1 route from each other.
<PE1> display ip routing-table Route Flags: R - relied, D - download to fib -----------------------------------------------------------------------------Routing Tables: Public Destinations : 13 Routes : 13 Destination/Mask Proto Pre Cost Flags NextHop Interface 1.1.1.1/32 Direct 0 0 D 127.0.0.1 InLoopBack0 2.2.2.2/32 OSPF 10 2 D 100.12.1.2 Pos2/0/2 3.3.3.3/32 OSPF 10 3 D 100.13.1.2 Pos2/0/1 4.4.4.4/32 OSPF 10 2 D 100.13.1.2 Pos2/0/1 100.12.1.0/30 Direct 0 0 D 100.12.1.1 Pos2/0/2 100.12.1.1/32 Direct 0 0 D 127.0.0.1 InLoopBack0 100.12.1.2/32 Direct 0 0 D 100.12.1.2 Pos2/0/2 100.13.1.0/30 Direct 0 0 D 100.13.1.1 Pos2/0/1 100.13.1.1/32 Direct 0 0 D 127.0.0.1 InLoopBack0 100.13.1.2/32 Direct 0 0 D 100.13.1.2 Pos2/0/1 100.34.1.0/30 OSPF 10 2 D 100.13.1.2 Pos2/0/1 127.0.0.0/8 Direct 0 0 D 127.0.0.1 InLoopBack0 127.0.0.1/32 Direct 0 0 D 127.0.0.1 InLoopBack0
3.
Configure the basic MPLS capability on the MPLS backbone network. # Enable MPLS on the system and specify LSR IDs as the IP addresses of Loopback1 interfaces. Enable MPLS on the backbone network interfaces. # Configure PE1.
[PE1] mpls lsr-id 1.1.1.1 [PE1] mpls [PE1-mpls] quit [PE1] interface pos2/0/1 [PE1-Pos2/0/1] mpls [PE1-Pos2/0/1] quit [PE1] interface pos2/0/2 [PE1-Pos2/0/2] mpls [PE1-Pos2/0/2] quit
# Configure P.
[P] mpls lsr-id 4.4.4.4 [P] mpls [P-mpls] quit [P] interface pos2/0/1
Issue 03 (2008-09-22)
5-163
5 VLL Configuration
[P-Pos2/0/1] mpls [P-Pos2/0/1] quit [P] interface pos 2/0/2 [P-Pos2/0/2] mpls [P-Pos2/0/2] quit
# Configure PE2.
[PE2] mpls lsr-id 2.2.2.2 [PE2] mpls [PE2-mpls] quit [PE2] interface pos 2/0/1 [PE2-Pos2/0/1] mpls [PE2-Pos2/0/1] quit
# Configure PE3.
[PE3] mpls lsr-id 3.3.3.3 [PE3] mpls [PE3-mpls] quit [PE3] interface pos 2/0/1 [PE3-Pos2/0/1] mpls [PE3-Pos2/0/1] quit
4.
Establish an MPLS TE tunnel between PE1 and PE3, and establish an LSP between PE1 and PE2. # Configure PE1.
[PE1] mpls [PE1-mpls] mpls te [PE1-mpls] mpls rsvp-te [PE1-mpls] mpls te cspf [PE1-mpls] quit [PE1] interface pos2/0/1 [PE1-Pos2/0/1] mpls te [PE1-Pos2/0/1] mpls rsvp-te [PE1-Pos2/0/1] mpls te max-link-bandwidth 50 [PE1-Pos2/0/1] mpls te max-reservable-bandwidth 30 [PE1-Pos2/0/1] quit [PE1] interface tunnel2/0/0 [PE1-Tunnel2/0/0] ip address unnumbered interface loopback1 [PE1-Tunnel2/0/0] tunnel-protocol mpls te [PE1-Tunnel2/0/0] destination 3.3.3.3 [PE1-Tunnel2/0/0] mpls te tunnel-id 13 [PE1-Tunnel2/0/0] mpls te bandwidth bc0 20 [PE1-Tunnel2/0/0] mpls te commit [PE1-Tunnel2/0/0] quit [PE1] ospf 1 [PE1-ospf-1] opaque-capability enable [PE1-ospf-1] area 0 [PE1-ospf-1-area-0.0.0.0] mpls-te enable
# Configure P.
[P] mpls [P-mpls] mpls te [P-mpls] mpls rsvp-te [P-mpls] quit [P] interface pos2/0/1 [P-Pos2/0/1] mpls te [P-Pos2/0/1] mpls rsvp-te [P-Pos2/0/1] mpls te max-link-bandwidth 50 [P-Pos2/0/1] mpls te max-reservable-bandwidth 30 [P-Pos2/0/1] quit [P] interface pos 2/0/2 [P-Pos2/0/2] mpls te [P-Pos2/0/2] mpls rsvp-te [P-Pos2/0/2] mpls te max-link-bandwidth 50 [P-Pos2/0/2] mpls te max-reservable-bandwidth 30 [P-Pos2/0/2] quit [P] ospf 1 [P-ospf-1] opaque-capability enable
5-164
Issue 03 (2008-09-22)
5 VLL Configuration
# Configure PE3.
[PE3] mpls [PE3-mpls] mpls te [PE3-mpls] mpls rsvp-te [PE3-mpls] mpls te cspf [PE3-mpls] quit [PE3] interface pos2/0/1 [PE3-Pos2/0/1] mpls te [PE3-Pos2/0/1] mpls rsvp-te [PE3-Pos2/0/1] mpls te max-link-bandwidth 50 [PE3-Pos2/0/1] mpls te max-reservable-bandwidth 30 [PE3-Pos2/0/1] quit [PE3] interface tunnel2/0/0 [PE3-Tunnel2/0/0] ip address unnumbered interface LoopBack1 [PE3-Tunnel2/0/0] tunnel-protocol mpls te [PE3-Tunnel2/0/0] destination 1.1.1.1 [PE3-Tunnel2/0/0] mpls te tunnel-id 31 [PE3-Tunnel2/0/0] mpls te bandwidth bc0 20 [PE3-Tunnel2/0/0] mpls te commit [PE3-Tunnel2/0/0] quit [PE3] ospf 1 [PE3-ospf-1] opaque-capability enable [PE3-ospf-1] area0 [PE3-ospf-1-area-0.0.0.0] mpls-te enable
# Configure PE1.
[PE1] mpls ldp [PE1-mpls-ldp] quit [PE1] interface pos2/0/2 [PE1-Pos2/0/2] mpls ldp [PE1-Pos2/0/2] quit
# Configure PE2.
[PE2] mpls ldp [PE2-mpls-ldp] quit [PE2] interface pos2/0/1 [PE2-Pos2/0/1] mpls ldp [PE2-Pos2/0/1] quit
After the configuration, run the display tunnel-info all command on the PEs. You can view that MPLS TE tunnels are established between PE1 and PE3, and MPLS LSP tunnels are established between PE1 and PE2. Take the display on PE1 as an example:
<PE1> display tunnel-info all * -> Allocated VC Token Tunnel ID Type Destination Token ---------------------------------------------------------------------0x42002000 cr lsp 3.3.3.3 0 0x2002001 lsp 2.2.2.2 1
5.
Establish remote LDP sessions between the PEs. # Configure remote LDP sessions and specify their IP addresses as the addresses of the loopback interfaces on LDP remote peers.
NOTE
In this example, PE1 and PE2 are directly connected; thus, remote LDP sessions between PE1 and PE2 need not be configured manually.
# Configure PE1.
[PE1] mpls ldp remote-peer 3.3.3.3 [PE1-mpls-ldp-remote-3.3.3.3] remote-ip 3.3.3.3
# Configure PE3.
[PE3] mpls ldp
Issue 03 (2008-09-22)
5-165
5 VLL Configuration
After the configuration, run the display mpls ldp session command on the PEs. You can view that the status of remote LDP peers is Operational. That is, the remote peer relationship is established. Take the display on PE1 as an example:
<PE1> display mpls ldp session LDP Session(s) in Public Network -----------------------------------------------------------------------------Peer-ID Status LAM SsnRole SsnAge KA-Sent/Rcv -----------------------------------------------------------------------------2.2.2.2:0 Operational DU Passive 000:00:03 16/16 3.3.3.3:0 Operational DU Passive 000:00:00 1/1 -----------------------------------------------------------------------------TOTAL: 2 session(s) Found. LAM : Label Advertisement Mode SsnAge Unit : DDD:HH:MM
6.
# Configure PE3.
[PE3] tunnel-policy p1 [PE3-tunnel-policy-p1] tunnel select-seq [PE3-tunnel-policy-p1] quit cr-lsp load-balance-number 1
7.
Configure PWs by using PW templates on the PEs. # Configure the master and backup PWs on PE1. Create a PW on PE2 and PE3 respectively. # Configure PE1.
[PE1] mpls l2vpn [PE1-l2vpn] mpls l2vpn default martini [PE1-l2vpn] quit [PE1] pw-template 1to2 [PE1-pw-template-1to2] peer-address 2.2.2.2 [PE1-pw-template-1to2] control-word [PE1-pw-template-1to2] vccv cc cw cv lsp-ping [PE1-pw-template-1to2] quit [PE1] pw-template 1to3 [PE1-pw-template-1to3] peer-address 3.3.3.3 [PE1-pw-template-1to3] control-word [PE1-pw-template-1to3] vccv cc cw cv lsp-ping [PE1-pw-template-1to3] quit [PE1] interface pos1/0/0 [PE1-Pos1/0/0] link-protocol hdlc [PE1-Pos1/0/0] mpls l2vc pw-template 1to3 100 [PE1-Pos1/0/0] mpls l2vc pw-template 1to2 200 [PE1-Pos1/0/0] ip address 10.1.1.2 30 [PE1-Pos1/0/0] undo shutdown [PE1-Pos1/0/0] quit
bfd
bfd
# Configure PE2.
[PE2] mpls l2vpn [PE2-l2vpn] mpls l2vpn [PE2-l2vpn] quit [PE2] pw-template 2to1 [PE2-pw-template-2to1] [PE2-pw-template-2to1] [PE2-pw-template-2to1] [PE2-pw-template-2to1] default martini peer-address 1.1.1.1 control-word vccv cc cw cv lsp-ping bfd quit
5-166
Issue 03 (2008-09-22)
5 VLL Configuration
[PE2] interface pos 1/0/0 [PE2-Pos1/0/0] mpls l2vc pw-template 2to1 200 ip-interworking [PE2-Pos1/0/0] ip address 10.1.2.1 30 [PE2-Pos1/0/0] undo shutdown [PE2-Pos1/0/0] quit
# Configure PE3.
[PE3] mpls l2vpn [PE3-l2vpn] mpls l2vpn default martini [PE3-l2vpn] quit [PE3] pw-template 3to1 [PE3-pw-template-3to1] peer-address 1.1.1.1 [PE3-pw-template-3to1] control-word [PE3-pw-template-3to1] vccv cc cw cv lsp-ping bfd [PE3-pw-template-3to1] quit [PE3] interface pos 1/0/0 [PE3-Pos1/0/0] mpls l2vc pw-template 3to1 100 tunnel-policy p1 ip-interworking [PE3-Pos1/0/0] ip address 10.1.1.1 30 [PE3-Pos1/0/0] undo shutdown [PE3-Pos1/0/0] quit
After the configuration, view information about L2VPN connections on the PEs. Run the display mpls l2vc command on the PEs. You can view that the master and backup PWs are established and the PW status is Up. The master PW is in the Active state; the backup PW is in the Inactive state. Take the display on PE1 as an example:
<PE1> display mpls l2vc interface pos 1/0/0 *client interface : Pos1/0/0 is up session state : up AC state : up VC state : up VC ID : 100 VC type : IP-interworking destination : 3.3.3.3 local group ID : 0 remote group ID : 0 local VC label : 21504 remote VC label : 21504 local AC OAM State : up local PSN State : up local forwarding state : forwarding remote AC OAM state : up remote PSN state : up remote forwarding state: forwarding BFD for PW : unavailable manual fault : not set active state : active forwarding entry : exist link state : up local VC MTU : 1500 remote VC MTU : 1500 local VCCV : cw lsp-ping bfd remote VCCV : cw lsp-ping bfd local fragmentantion : disable remote fragmentantion: disable local control word : enable remote control word : enable tunnel policy : p1 traffic behavior : -PW template name : 1to3 primary or secondary : primary VC tunnel/token info : 1 tunnels/tokens NO.0 TNL type : cr lsp, TNL ID : 0x42002000 create time : 0 days, 0 hours, 23 minutes, 7 seconds up time : 0 days, 0 hours, 1 minutes, 21 seconds last change time : 0 days, 0 hours, 1 minutes, 21 seconds *client interface : Pos1/0/0 is up session state : up AC state : up VC state : up VC ID : 200 VC type : IP-interworking destination : 2.2.2.2
Issue 03 (2008-09-22)
5-167
5 VLL Configuration
local group ID : local VC label : local AC OAM state : local PSN state : local forwarding state : remote AC OAM state : remote PSN state : remote forwarding state: BFD for PW : manual fault : active state : forwarding entry : link state : local VC MTU : local VCCV : remote VCCV : local fragmentation : local control word : tunnel policy : traffic behavior : PW template name : primary or secondary : VC tunnel/token info : NO.0 TNL type : lsp create time : up time : last change time : reroute policy : reason of last reroute : time of last reroute : delay timer ID : resume timer ID :
Run OSPF on CE1 and CE2, and advertise the routes destined for 10.1.3.0/24 to CE2. # Configure CE1.
[CE1] ospf 1 [CE1-ospf-1] area 0.0.0.0 [CE1-ospf-1-area-0.0.0.0] network 10.1.1.0 0.0.0.3 [CE1-ospf-1-area-0.0.0.0] network 10.1.2.0 0.0.0.3 [CE1-ospf-1-area-0.0.0.0] network 10.1.3.0 0.0.0.255
# Configure CE2.
[CE2] ospf 1 [CE2-ospf-1] area 0.0.0.0 [CE2-ospf-1-area-0.0.0.0] network 10.1.1.0 0.0.0.3 [CE2-ospf-1-area-0.0.0.0] network 10.1.2.0 0.0.0.3
# Run the display ip routing-table command on CE2. You can view that on CE2, the outbound interface of the routes to 10.1.3.0/24 is POS 1/0/0. That is, the traffic is transmitted through the primary path. Take the display on CE2 as an example:
<CE2> display ip routing-table Route Flags: R - relied, D - download to fib -----------------------------------------------------------------------------Routing Tables: Public Destinations : 9 Routes : 9 Destination/Mask Proto Pre Cost Flags NextHop Interface 10.1.1.0/30 Direct 0 0 D 10.1.1.2 Pos1/0/0 10.1.1.1/32 Direct 0 0 D 10.1.1.1 Pos1/0/0 10.1.1.2/32 Direct 0 0 D 127.0.0.1 InLoopBack0 10.1.2.0/30 Direct 0 0 D 10.1.2.2 Pos1/0/1 10.1.2.1/32 Direct 0 0 D 10.1.2.1 Pos1/0/1 10.1.2.2/32 Direct 0 0 D 127.0.0.1 InLoopBack0 10.1.3.1/32 OSPF 10 2 D 10.1.1.1 Pos1/0/0 127.0.0.0/8 Direct 0 0 D 127.0.0.1 InLoopBack0 127.0.0.1/32 Direct 0 0 D 127.0.0.1 InLoopBack0
5 VLL Configuration
<CE2> ping 10.1.3.1 PING 10.1.3.1: 56 data bytes, press CTRL_C to break Reply from 10.1.3.1: bytes=56 Sequence=1 ttl=255 time=180 Reply from 10.1.3.1: bytes=56 Sequence=2 ttl=255 time=150 Reply from 10.1.3.1: bytes=56 Sequence=3 ttl=255 time=150 Reply from 10.1.3.1: bytes=56 Sequence=4 ttl=255 time=190 Reply from 10.1.3.1: bytes=56 Sequence=5 ttl=255 time=160 --- 10.1.3.1 ping statistics --5 packet(s) transmitted 5 packet(s) received 0.00% packet loss round-trip min/avg/max = 150/166/190 ms
ms ms ms ms ms
8.
# Configure PE1.
[PE1] bfd [PE1-bfd] quit [PE1] interface pos 1/0/0 [PE1-Pos1/0/0] mpls l2vpn pw bfd min-rx-interval 100 min-tx-interval 100 [PE1-Pos1/0/0] mpls l2vpn pw bfd min-rx-interval 100 min-tx-interval 100 secondary [PE1-Pos1/0/0] quit
# Configure PE2.
[PE2] bfd [PE2-bfd] quit [PE2] interface pos 1/0/0 [PE2-Pos1/0/0] mpls l2vpn pw bfd min-rx-interval 100 min-tx-interval 100 [PE2-Pos1/0/0] quit
# Configure PE3.
[PE3] bfd [PE3-bfd] quit [PE3] interface pos 1/0/0 [PE3-Pos1/0/0] mpls l2vpn pw bfd min-rx-interval 100 min-tx-interval 100 [PE3-Pos1/0/0] quit
After the configuration, BFD sessions are established between PE1 and PE2, and between PE1 and PE3. Run the display bfd session all command. You can view that the status of the BFD sessions is Up. Take the display on PE1 as an example:
<PE1> display bfd session all ------------------------------------------------------------------------------Local Remote PeerIpAddr InterfaceName State Type ------------------------------------------------------------------------------8192 8192 --.--.--.-Pos1/0/0 Up D_PW(M) 8193 8192 --.--.--.-Pos1/0/0 Up D_PW(S) ------------------------------------------------------------------------------Total UP/DOWN Session Number : 2/0
Run the display bfd configuration all command. You can view the configuration of the BFD sessions and the Commit state is True.
<PE1> display bfd configuration all ------------------------------------------------------------------------------CFG Name CFG Type LocalDiscr MIndex SessNum Commit AdminDown ------------------------------------------------------------------------------dyn_8192 Dynamic 8192 256 1 True False dyn_8193 Dynamic 8193 257 1 True False
Issue 03 (2008-09-22)
5-169
5 VLL Configuration
9.
Enable the OAM mapping function and automatically enable the AC OAM detection and advertisement function on the PEs. # Take the configuration of PE1 as an example. The configurations of PE2 and PE3 are similar to the configuration of PE1 and are not mentioned here.
[PE1] interface pos 1/0/0 [PE1-Pos1/0/0] mpls l2vpn oam-mapping auto [PE1-Pos1/0/0] quit
Run the display mpls l2vc oam-mapping interface command on the PEs. You can view information about the OAM mapping. The AC OAM status is Up, the status of BFD for PW is Enable, and the BFD status is Up. Take the display on PE1 as an example:
<PE1> display mpls l2vc oam-mapping interface pos1/0/0 AC OAM Info: ACFD Index : 0x800 Notify : Enable Detect : Enable AC OAM State : Up OAM-mapping : Enable PSN info: VC-ID : 100 VC status : Primary Active State : Active Link State : Up BFD for PW : Enable BFDSessionIndex:256 ,BFD State : up BFD for LSP : 0 TunnelNum: 1 PSN State : up VC-ID : 200 VC status : Secondary Active State : Inactive Link State : Up BFD for PW : Enable BFDSessionIndex:257 ,BFD State : up BFD for LSP : 0 TunnelNum: 1 PSN State : up
10. Verify the configuration. If the configuration succeeds, run the display mpls l2vc interface command on PE1. You can view that the status of the master PW is Active, the status of the backup PW is Inactive, and the BFD for PW status of the master and backup PWs is Available.
<PE1> display mpls l2vc interface pos 1/0/0 *client interface : Pos1/0/0 is up session state : up AC state : up VC state : up VC ID : 100 VC type : IP-interworking destination : 3.3.3.3 local group ID : 0 remote group ID local VC label : 21504 remote VC label local AC OAM State : up local PSN State : up local forwarding state : forwarding remote AC OAM state : up remote PSN state : up remote forwarding state: forwarding Dynamic BFD for PW : enable Detect Multipier : 3 Min Transit Interval : 100 Max Receive Interval : 100 Dynamic BFD Session : built BFD for PW : available
: 0 : 21504
5-170
Issue 03 (2008-09-22)
5 VLL Configuration
BFD sessionIndex : 256 BFD state : up manual fault : not set active state : active forwarding entry : exist link state : up local VC MTU : 1500 remote VC MTU : 1500 local VCCV : cw lsp-ping bfd remote VCCV : cw lsp-ping bfd local fragmentantion : disable remote fragmentantion: disable local control word : enable remote control word : enable tunnel policy : p1 traffic behavior : -PW template name : 1to3 primary or secondary : primary VC tunnel/token info : 1 tunnels/tokens NO.0 TNL type : cr lsp, TNL ID : 0x42002000 create time : 0 days, 1 hours, 5 minutes, 19 seconds up time : 0 days, 0 hours, 43 minutes, 33 seconds last change time : 0 days, 0 hours, 43 minutes, 33 seconds *client interface : Pos1/0/0 is up session state : up AC state : up VC state : up VC ID : 200 VC type : IP-interworking destination : 2.2.2.2 local group ID : 0 remote group ID : 0 local VC label : 21505 remote VC label : 21505 local AC OAM state : up local PSN state : up local forwarding state : forwarding remote AC OAM state : up remote PSN state : up remote forwarding state: forwarding Dynamic BFD for PW : enable Detect Multipier : 3 Min Transit Interval : 100 Max Receive Interval : 100 Dynamic BFD Session : built BFD for PW : available BFD sessionIndex : 257 BFD state : up manual fault : not set active state : inactive forwarding entry : existent link state : up local VC MTU : 1500 remote VC MTU : 1500 local VCCV : cw lsp-ping bfd remote VCCV : cw lsp-ping bfd local fragmentation : disable remote fragmentation: disable local control word : enable remote control word : enable tunnel policy : -traffic behavior : -PW template name : 1to2 primary or secondary : secondary VC tunnel/token info : 1 tunnels/tokens NO.0 TNL type : lsp , TNL ID : 0x2002001 create time : 0 days, 1 hours, 4 minutes, 31 seconds up time : 0 days, 0 hours, 43 minutes, 44 seconds last change time : 0 days, 0 hours, 43 minutes, 44 seconds reroute policy : delay 30 s, resume 10 s reason of last reroute : New LDP mapping message was received time of last reroute : 0 days, 0 hours, 43 minutes, 2 seconds delay timer ID : -rest time :-resume timer ID : -rest time :--
Issue 03 (2008-09-22)
5-171
5 VLL Configuration
Run the display bfd session all command on PE1. You can view that the status of the BFD session on the master PW is Down.
<PE1> display bfd session all ------------------------------------------------------------------------------Local Remote PeerIpAddr InterfaceName State Type ------------------------------------------------------------------------------8192 8192 --.--.--.-Pos1/0/0 Down D_PW(M) 8193 8192 --.--.--.-Pos1/0/0 Up D_PW(S) ------------------------------------------------------------------------------Total UP/DOWN Session Number : 1/1
Run the display mpls 12vc interface command on PE1. You can view that the status of the master PW becomes Inactive and the status of the backup PW becomes Active.
<PE1> display mpls l2vc interface pos 1/0/0 *client interface : Pos1/0/0 is up session state : Down AC state : up VC state : Down VC ID : 100 VC type : IP-interworking destination : 3.3.3.3 local group ID : 0 remote group ID : 0 local VC label : 21504 remote VC label : 21504 local AC OAM State : up local PSN State : up local forwarding state : not forwarding remote AC OAM state : up remote PSN state : up remote forwarding state: forwarding Dynamic BFD for PW : enable Detect Multipier : 3 Min Transit Interval : 100 Max Receive Interval : 100 Dynamic BFD Session : built BFD for PW : available BFD sessionIndex : 256 BFD state : down manual fault : not set active state : inactive forwarding entry : not exist link state : down local VC MTU : 1500 remote VC MTU : 1500 local VCCV : cw lsp-ping bfd remote VCCV : cw lsp-ping bfd local fragmentantion : disable remote fragmentantion: disable local control word : enable remote control word : enable tunnel policy : p1 traffic behavior : -PW template name : 1to3 primary or secondary : primary VC tunnel/token info : 1 tunnels/tokens NO.0 TNL type : cr lsp, TNL ID : 0x42002000 create time : 0 days, 1 hours, 5 minutes, 19 seconds up time : 0 days, 0 hours, 43 minutes, 33 seconds last change time : 0 days, 0 hours, 43 minutes, 33 seconds *client interface : Pos1/0/0 is up session state : up AC state : up VC state : up VC ID : 200 VC type : IP-interworking destination : 2.2.2.2 local group ID : 0 remote group ID : 0 local VC label : 21505 remote VC label : 21505 local AC OAM state : up local PSN state : up
5-172
Issue 03 (2008-09-22)
5 VLL Configuration
forwarding up up forwarding enable 3 100 100 built available 257 BFD state : up not set active existent up 1500 remote VC MTU : 1500 cw lsp-ping bfd cw lsp-ping bfd disable remote fragmentation: disable enable remote control word : enable --1to2 secondary 1 tunnels/tokens , TNL ID : 0x2002001 0 days, 1 hours, 4 minutes, 31 seconds 0 days, 0 hours, 43 minutes, 44 seconds 0 days, 0 hours, 43 minutes, 44 seconds delay 30 s, resume 10 s New LDP mapping message was received 0 days, 0 hours, 43 minutes, 2 seconds -rest time :--rest time :--
Check the routing table on CE2, and you can view that the outbound interface of the routes destined for 10.1.3.0 changes to POS 1/0/1. That is, L2VPN traffic is switched to the backup path.
<CE2> display ip routing-table Route Flags: R - relied, D - download to fib -----------------------------------------------------------------------------Routing Tables: Public Destinations : 7 Routes : 7 Destination/Mask Proto Pre Cost Flags NextHop Interface 10.1.1.0/30 OSPF 10 0 D 10.1.1.1 Pos1/0/1 10.1.1.1/32 Direct 0 0 D 10.1.1.1 Pos1/0/1 10.1.2.0/30 Direct 0 0 D 10.1.2.2 Pos1/0/1 10.1.2.2/32 Direct 0 0 D 127.0.0.1 InLoopBack0 10.1.3.1/32 OSPF 10 2 D 10.1.1.1 Pos1/0/1 127.0.0.0/8 Direct 0 0 D 127.0.0.1 InLoopBack0 127.0.0.1/32 Direct 0 0 D 127.0.0.1 InLoopBack0
Check the routing table on CE2, and you can view that the outbound interface of the routes destined for 10.1.3.0 changes to POS 1/0/0. That is, the L2VPN traffic is switched back to the primary path.
<CE2> display ip routing-table Route Flags: R - relied, D - download to fib -----------------------------------------------------------------------------Routing Tables: Public Destinations : 8 Routes : 9 Destination/Mask Proto Pre Cost Flags NextHop Interface 10.1.1.0/30 Direct 0 0 D 10.1.1.2 Pos1/0/0 10.1.1.1/32 Direct 0 0 D 10.1.1.1 Pos1/0/0 Direct 0 0 D 10.1.1.1 Pos1/0/1
Issue 03 (2008-09-22)
5-173
5 VLL Configuration
10.1.1.2/32 10.1.2.0/30 10.1.2.2/32 10.1.3.1/32 127.0.0.0/8 127.0.0.1/32 Direct Direct Direct OSPF Direct Direct 0 0 0 10 0 0 0 0 0 2 0 0
Configuration Files
l
5-174
Issue 03 (2008-09-22)
5 VLL Configuration
peer-address 2.2.2.2 control-word vccv cc cw cv lsp-ping bfd # pw-template 1to3 peer-address 3.3.3.3 control-word vccv cc cw cv lsp-ping bfd # mpls ldp # mpls ldp remote-peer 3.3.3.3 remote-ip 3.3.3.3 # interface Pos1/0/0 link-protocol hdlc undo shutdown ip address 10.1.1.2 255.255.255.252 mpls l2vc pw-template 1to3 100 tunnel-policy p1 ip-interworking mpls l2vpn pw bfd min-rx-interval 100 min-tx-interval 100 mpls l2vc pw-template 1to2 200 ip-interworking secondary mpls l2vpn pw bfd min-rx-interval 100 min-tx-interval 100 secondary # interface Pos2/0/1 link-protocol ppp undo shutdown ip address 100.13.1.1 255.255.255.252 mpls mpls te mpls te max-link-bandwidth 50 mpls te max-reservable-bandwidth 30 mpls rsvp-te # interface Pos2/0/2 link-protocol ppp undo shutdown ip address 100.12.1.1 255.255.255.252 mpls mpls ldp # interface LoopBack1 ip address 1.1.1.1 255.255.255.255 # interface Tunnel2/0/0 ip address unnumbered interface LoopBack1 tunnel-protocol mpls te destination 3.3.3.3 mpls te tunnel-id 13 mpls te bandwidth bc0 20 mpls te commit # ospf 1 opaque-capability enable area 0.0.0.0 network 1.1.1.1 0.0.0.0 network 100.13.1.0 0.0.0.3 network 100.12.1.0 0.0.0.3 mpls-te enable # tunnel-policy p1 tunnel select-seq cr-lsp load-balance-number 1 # return l
Configuration file of P
# sysname P # mpls lsr-id 4.4.4.4 mpls
Issue 03 (2008-09-22)
5-175
5 VLL Configuration
mpls te mpls rsvp-te # interface Pos2/0/1 link-protocol ppp undo shutdown ip address 100.13.1.2 255.255.255.252 mpls mpls te mpls te max-link-bandwidth 50 mpls te max-reservable-bandwidth 30 mpls rsvp-te # interface Pos2/0/2 link-protocol ppp undo shutdown ip address 100.34.1.1 255.255.255.252 mpls mpls te mpls te max-link-bandwidth 50 mpls te max-reservable-bandwidth 30 mpls rsvp-te # interface LoopBack1 ip address 4.4.4.4 255.255.255.255 # ospf 1 opaque-capability enable area 0.0.0.0 network 100.13.1.0 0.0.0.3 network 100.34.1.0 0.0.0.3 network 4.4.4.4 0.0.0.0 mpls-te enable # return l
5-176
Issue 03 (2008-09-22)
5 VLL Configuration
Issue 03 (2008-09-22)
5-177
5 VLL Configuration
# ospf 1 area 0.0.0.0 network 2.2.2.2 0.0.0.0 network 100.12.1.0 0.0.0.3 # return
POS3/0/0 100.2.4.1/30
POS3/0/0 100.1.3.2/30
POS3/0/0 100.1.3.1/30
PE1
PE2
CE1
CE2
Configuration Roadmap
The configuration roadmap is as follows: 1. 2. 3. 4. Configure MPLS LSPs as public network tunnels. Establish MP IBGP connections between the PEs and RRs; no MP IBGP connection needs to be established between the PEs. Configure the same reflector ID for RR1 and RR2 because they back up each other. Configure RR1 and RR2 not to filter label blocks based on VPN targets because RR1 and RR2 need to store information about all L2VPN labels to advertise the information to the PEs.
Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd. Issue 03 (2008-09-22)
5-178
5 VLL Configuration
5.
Configure L2VPN instances on the PEs and connect the CEs to the L2VPN instances.
NOTE
In the L2VPN with two reflectors, the two reflection paths cannot share the same network segment or node (excluding the PE nodes on both ends); otherwise, it is meaningless to configure two reflectors.
Data Preparation
To complete the configuration, you need the following data:
l l
Data needed for configuring OSPF MPLS LSR IDs of the PEs and RRs (IP addresses of the loopback interfaces on the local device) Cluster IDs of the RRs CE IDs and CE range IP addresses of the CE interfaces through which the CEs access the PEs
NOTE
l l l
You do not need to configure an IP address for the PE interface through which the PE accesses the CE.
Configuration Procedure
1. 2. Configure IGP on the MPLS backbone network to enable the devices on LSPs to communicate. In this example, IS-IS is used as IGP and the configuration details are not mentioned.
NOTE
After the configuration, the devices along the LSP can learn loopback interface addresses from each other. Take the display on PE1 as an example:
<PE1> display ip routing-table [PE1]dis ip rout Route Flags: R - relied, D - download to fib -----------------------------------------------------------------------------Routing Tables: Public Destinations : 14 Routes : 15 Destination/Mask Proto Pre Cost Flags NextHop Interface 1.1.1.9/32 Direct 0 0 D 127.0.0.1 InLoopBack0 2.2.2.9/32 OSPF 10 2 D 100.1.2.2 Pos1/0/0 3.3.3.9/32 OSPF 10 2 D 100.1.3.2 Pos3/0/0 4.4.4.9/32 OSPF 10 3 D 100.1.3.2 Pos3/0/0 OSPF 10 3 D 100.1.2.2 Pos1/0/0 100.1.2.0/30 Direct 0 0 D 100.1.2.1 Pos1/0/0 100.1.2.1/32 Direct 0 0 D 127.0.0.1 InLoopBack0 100.1.2.2/32 Direct 0 0 D 100.1.2.2 Pos1/0/0 100.1.3.0/30 Direct 0 0 D 100.1.3.1 Pos3/0/0 100.1.3.1/32 Direct 0 0 D 127.0.0.1 InLoopBack0 100.1.3.2/32 Direct 0 0 D 100.1.3.2 Pos3/0/0 100.2.4.0/30 OSPF 10 2 D 100.1.2.2 Pos1/0/0 100.3.4.0/30 OSPF 10 2 D 100.1.3.2 Pos3/0/0 127.0.0.0/8 Direct 0 0 D 127.0.0.1 InLoopBack0 127.0.0.1/32 Direct 0 0 D 127.0.0.1 InLoopBack0
3.
Establish LSPs on the MPLS backbone network. Enable MPLS and MPLS LDP on the devices and interfaces, which the LSPs pass through. The configuration details are not mentioned here.
Issue 03 (2008-09-22)
5-179
5 VLL Configuration
After the configuration, run the display mpls lsp command on each PE and RR. You can view the LSPs of each PE and RR. Take the display on PE1 and RR1 as examples:
<PE1> display mpls lsp ---------------------------------------------------------------------LSP Information: LDP LSP ---------------------------------------------------------------------FEC In/Out Label In/Out IF Vrf Name 1.1.1.9/32 3/NULL -/2.2.2.9/32 NULL/3 -/Pos1/0/0 2.2.2.9/32 1024/3 -/Pos1/0/0 3.3.3.9/32 NULL/3 -/Pos3/0/0 3.3.3.9/32 1025/3 -/Pos3/0/0 4.4.4.9/32 NULL/1026 -/Pos1/0/0 4.4.4.9/32 NULL/1026 -/Pos3/0/0 <RR1> display mpls lsp ---------------------------------------------------------------------LSP Information: LDP LSP ---------------------------------------------------------------------FEC In/Out Label In/Out IF Vrf Name 1.1.1.9/32 NULL/3 -/Pos1/0/0 2.2.2.9/32 3/NULL -/3.3.3.9/32 NULL/1025 -/Pos1/0/0 1.1.1.9/32 1024/3 -/Pos1/0/0 4.4.4.9/32 NULL/3 -/Pos3/0/0 4.4.4.9/32 1026/3 -/Pos3/0/0 3.3.3.9/32 NULL/1025 -/Pos3/0/0
4.
Establish the MP IBGP peer relationship between the PEs and RRs. # Establish the MP IBGP connection and enable the basic L2VPN capability of BGP. # Configure PE1.
<PE1> system-view [PE1] bgp 100 [PE1-bgp] peer 2.2.2.9 as-number 100 [PE1-bgp] peer 2.2.2.9 connect-interface loopback 1 [PE1-bgp] peer 3.3.3.9 as-number 100 [PE1-bgp] peer 3.3.3.9 connect-interface loopback 1 [PE1-bgp] l2vpn-family [PE1-bgp-af-l2vpn] peer 2.2.2.9 enable [PE1-bgp-af-l2vpn] peer 3.3.3.9 enable
# Configure RR1.
<RR1> system-view [RR1] bgp 100 [RR1-bgp] group rr1 internal [RR1-bgp] peer rr1 connect-interface loopback 1 [RR1-bgp] l2vpn-family [RR1-bgp-af-l2vpn] peer rr1 enable [RR1-bgp-af-l2vpn] peer 1.1.1.9 group rr1 [RR1-bgp-af-l2vpn] peer 4.4.4.9 group rr1
# Configure RR2.
<RR2> system-view [RR2] bgp 100 [RR2-bgp] group rr2 internal [RR2-bgp] peer rr2 connect-interface loopback 1 [RR2-bgp] l2vpn-family [RR2-bgp-af-l2vpn] peer rr2 enable [RR2-bgp-af-l2vpn] peer 1.1.1.9 group rr2 [RR2-bgp-af-l2vpn] peer 4.4.4.9 group rr2
# Configure PE2.
[PE2] bgp [PE2-bgp] [PE2-bgp] [PE2-bgp] 100 peer 2.2.2.9 as-number 100 peer 2.2.2.9 connect-interface loopback 1 peer 3.3.3.9 as-number 100
5-180
Issue 03 (2008-09-22)
5 VLL Configuration
After this step, run the display bgp l2vpn peer command on the PEs or run the display bgp l2vpn group group-name command on the RRs. You can view that MP BGP connections are established between the PEs and RRs and the status of the MP BGP connections is Established. Take the display on PE1 and RR1 as an example:
<PE1> display bgp l2vpn peer BGP local router ID : 1.1.1.9 Local AS number : 100 Total number of peers : 2 Peers in established state : 2 Peer V AS MsgRcvd MsgSent OutQ Up/Down State PrefRcv 2.2.2.9 4 100 14 14 0 00:10:28 Established 0 3.3.3.9 4 100 15 14 0 00:09:55 Established 0 <RR1> display bgp l2vpn group rr1 BGP peer-group: rr1 Remote AS 100 Type : internal Configured hold timer value: 180 Keepalive timer value: 60 Minimum route advertisement interval is 15 seconds Connect-interface has been configured PeerSession Members: NONE Peer Preferred Value: 0 No routing policy is configured Peer Members: Peer V AS MsgRcvd MsgSent OutQ Up/Down State PrefRcv 1.1.1.9 4 100 8 8 0 00:03:28 Established 0 4.4.4.9 4 100 6 9 0 00:02:37 Established 0
5.
Configure route reflection on RR1 and RR2. # RRs need to store information about all L2VPN labels to advertise the information to the client. Thus, configure RR1 and RR2 not to filter the L2VPN label blocks based on VPN targets. # Configure RR1.
[RR1] bgp 100 [RR1-bgp] l2vpn-family [RR1-bgp-af-l2vpn] reflector cluster-id 100 [RR1-bgp-af-l2vpn] peer rr1 reflect-client [RR1-bgp-af-l2vpn] undo policy vpn-target
# Configure RR2.
[RR2] bgp 100 [RR2-bgp] l2vpn-family [RR2-bgp-af-l2vpn] reflector cluster-id 100 [RR2-bgp-af-l2vpn] peer rr2 reflect-client [RR2-bgp-af-l2vpn] undo policy vpn-target
6.
Configure L2VPN instances on the PEs and connect the CEs to the PEs. # Configure PE1.
[PE1] mpls l2vpn [PE1-l2vpn] quit [PE1] mpls l2vpn vpn1 encapsulation ppp [PE1-mpls-l2vpn-vpn1] route-distinguisher 100:1 [PE1-mpls-l2vpn-vpn1] vpn-target 1:1 both [PE1-mpls-l2vpn-vpn1] ce ce1 id 1 range 10 [PE1-mpls-l2vpn-ce-vpn1-ce1] connection ce-offset 2 interface pos 2/0/0 [PE1-mpls-l2vpn-ce-vpn1-ce1] quit [PE1-mpls-l2vpn-vpn1] quit [PE1] interface pos 2/0/0 [PE1-Pos2/0/0] undo shutdown
Issue 03 (2008-09-22)
5-181
5 VLL Configuration
[PE1-Pos2/0/0] quit
# Configure PE2.
[PE2] mpls l2vpn [PE2-l2vpn] quit [PE2] mpls l2vpn vpn1 encapsulation ppp [PE2-mpls-l2vpn-vpn1] route-distinguisher 100:2 [PE2-mpls-l2vpn-vpn1] vpn-target 1:1 both [PE2-mpls-l2vpn-vpn1] ce ce2 id 2 range 10 [PE2-mpls-l2vpn-ce-vpn1-ce2] connection ce-offset 1 interface pos 2/0/0 [PE2-mpls-l2vpn-ce-vpn1-ce1] quit [PE2-mpls-l2vpn-vpn1] quit [PE2] interface pos 2/0/0 [PE2-Pos2/0/0] undo shutdown [PE2-Pos2/0/0] quit
7.
# Configure CE2.
[CE2] interface pos 1/0/0 [CE2-Pos1/0/0] ip address 10.1.1.2 24 [CE2-Pos1/0/0] undo shutdown [CE2-Pos1/0/0] quit
8.
Verify the configuration. Run the display mpls l2vpn connection interface command on the PEs. You can view that both ends of the VC are Up. Take the display on PE1 as an example:
<PE1> display mpls l2vpn connection interface pos 2/0/0 conn-type: remote local vc state: up remote vc state: up local ce-id: 1 local ce name: ce1 remote ce-id: 2 intf(state,encap): Pos2/0/0(up,ppp) peer id: 4.4.4.9 route-distinguisher: 100:2 local vc label: 25602 remote vc label: 25601 tunnel policy: default primary or secondary: primary forwardEntry exist or not: true forward entry active or not:true manual fault set or not: not set AC OAM state: up BFD for PW session index: -BFD for PW state: invalid BFD for LSP state: true Local C bit is not set, Remote C bit is not set tunnel type: lsp , id: 0x1002006
CE1 and CE2 can ping through each other. This indicates that RRs are successfully configured.
<CE1> ping 10.1.1.2 PING 10.1.1.2: 56 data bytes, press CTRL_C to break Reply from 10.1.1.2: bytes=56 Sequence=1 ttl=255 time=110 ms Reply from 10.1.1.2: bytes=56 Sequence=2 ttl=255 time=120 ms Reply from 10.1.1.2: bytes=56 Sequence=3 ttl=255 time=160 ms Reply from 10.1.1.2: bytes=56 Sequence=4 ttl=255 time=90 ms Reply from 10.1.1.2: bytes=56 Sequence=5 ttl=255 time=130 ms
5-182
Issue 03 (2008-09-22)
5 VLL Configuration
After the shutdown command is run in the view of POS 3/0/0 on PE1 or PE2, CE1 and CE2 still can ping through each other. This indicates that the two RRs are successfully configured.
[PE1] interface pos 3/0/0 [PE1-Pos/0/0] shutdown <CE1> ping 10.1.1.2 PING 10.1.1.2: 56 data bytes, press CTRL_C to break Reply from 10.1.1.2: bytes=56 Sequence=1 ttl=255 time=170 Reply from 10.1.1.2: bytes=56 Sequence=2 ttl=255 time=160 Reply from 10.1.1.2: bytes=56 Sequence=3 ttl=255 time=150 Reply from 10.1.1.2: bytes=56 Sequence=4 ttl=255 time=180 Reply from 10.1.1.2: bytes=56 Sequence=5 ttl=255 time=190 --- 10.1.1.2 ping statistics --5 packet(s) transmitted 5 packet(s) received 0.00% packet loss round-trip min/avg/max = 150/170/190 ms
ms ms ms ms ms
Run the display bgp l2vpn route-distinguisher route-distinguisher ce-id ce-id labeloffset default- offset command on the PEs or RRs. You can view the BGP attributes of label blocks, such as the AS-path attribute. Take the display on PE2 as an example:
<PE2> display bgp l2vpn route-distinguisher 100:1 ce-id 1 label-offset 0 BGP Local router ID : 4.4.4.9, local AS number : 100 Origin codes:i - IGP, e - EGP, ? - incomplete nexthop:1.1.1.9, pref :100, as-path : label base: 25600, label range: 10, layer-2 mtu: 1500, encap type:ppp label state 25600 down 25601 down 25602 up 25603 down 25604 down 25605 down 25606 down 25607 down 25608 down 25609 down
Configuration Files
l
Issue 03 (2008-09-22)
5-183
5 VLL Configuration
5-184
Issue 03 (2008-09-22)
5 VLL Configuration
Issue 03 (2008-09-22)
5-185
5 VLL Configuration
peer 1.1.1.9 as-number 100 group rr2 internal peer rr2 connect-interface LoopBack1 # ipv4-family unicast undo synchronization undo peer 4.4.4.9 enable undo peer 1.1.1.9 enable peer rr2 enable # l2vpn-family reflector cluster-id 100 undo policy vpn-target peer rr2 enable peer rr2 reflect-client peer 1.1.1.9 enable peer 1.1.1.9 group rr2 peer 4.4.4.9 enable peer 4.4.4.9 group rr2 # ospf 1 area 0.0.0.0 network 100.3.4.0 0.0.0.3 network 100.1.3.0 0.0.0.3 network 3.3.3.9 0.0.0.0 # return l
5-186
Issue 03 (2008-09-22)
5 VLL Configuration
Issue 03 (2008-09-22)
5-187
6 PWE3 Configuration
6
About This Chapter
PWE3 Configuration
This chapter describes the principle, application and configuration for PWE3. 6.1 Introduction This section describes the basic principle of the PWE3. 6.2 Configuring Attributes of a PW Template This section describes how to configure attributes for a PW template. 6.3 Configuring Static PWs This section describes how to configure static PW. 6.4 Configuring Dynamic PWs This section describes how to configure dynamic PW. 6.5 Configuring PW Switching This section describes how to configure PW switching. 6.6 Configuring a Backup PW This section describes how to configure a backup PW. 6.7 Configuring Static BFD for PW This section describes how to configure static BFD for PW. 6.8 Configuring Dynamic BFD for PW This section describes how to configure dynamic BFD for PW. 6.9 Configuring PW FRR This section describes how to configure PW FRR. 6.10 Configuring Heterogeneous Transport in PWE3 This section describes how to configure heterogeneous transport in PWE3. 6.11 Configuring Inter-AS PWE3 This section describes how to configure inter-AS PWE3. 6.12 Configuing ATM Cell Transport This section describes how to configure ATM Cell Transport.
Issue 03 (2008-09-22) Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd. 6-1
6 PWE3 Configuration
6.13 Maintaining a PW This section describes how to check the PW connectivity and debug PWE3. 6.14 Configuration Examples This section provides several configuration examples for PWE3.
6-2
Issue 03 (2008-09-22)
6 PWE3 Configuration
6.1 Introduction
This section describes the basic principle of the PWE3. 6.1.1 PWE3 6.1.2 PWE3 Features Supported by the NE80E/40E
6.1.1 PWE3
Pseudo-Wire Emulation Edge to Edge (PWE3) is a type of end-to-end Layer 2 transmitting technology. It emulates the essential attributes of a telecommunications service such as ATM, FR or Ethernet in a Packet Switched Network (PSN). PWE3 also emulates the essential attributes of low speed Time Division Multiplexing (TDM) circuit and SONET/SDH. On PEs in the PSN network, PWE3, with the Label Distribution Protocol (LDP) as the signaling protocol, emulates various Layer 2 service (such as Layer 2 data packets) of the Customer Edge (CE) through tunnels such as the Multiprotocol Label Switch Protocol Label Switched Paths (MPLS LSPs), or the Generic Routing Encapsulation (GRE) tunnels, Besides, PWE3 also transparently transmits the Layer 2 data of the CEs. This proximate emulation may lead to the distortion of the TDM data. Figure 6-1 shows the PWE3 framework. Figure 6-1 PWE3 framework
AC
PW
AC
Provider Edge (PE) device. Customer Edge (CE) device. Provider (P): It is a device in the backbone network of a service provider. Attachment Circuit (AC): It is an unshared link or circuit that connects a CE and a PE. An AC can be either physical or virtual. The attributes about an AC are encapsulation type, MTU, and link interface parameters. PSN tunnel: One or more PWs can be carried in a PSN tunnel. Pesudo-Wire (PW): It is a virtual connection. A PW is set up by using the signaling protocol.
l l
A PW uses VC-type and VC-ID to identify a Virtual Circuit (VC), which is similar to that of VLL in Martini mode.
Issue 03 (2008-09-22) Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd. 6-3
6 PWE3 Configuration
l
VC type refers to the encapsulation type of the VC, such as ATM (atm-aal5-sdu, atm-transcell), FR, PPP, Ethernet, VLAN, or HDLC. VC ID refers to the identifier of the VC. The VC ID of each VC with the same type must be unique on the entire PE.
Ultimate PE (U-PE): a PE which an AC is bound to. U-PE is the first or last PE of an MHPW (introduced in the following). Switching Point PE (S-PE): a PE in charge of switching PW labels in an MH-PW. An SPE sets up and manages PW segments with other S-PEs or U-PEs. The PW segment is a static or dynamically configured PW set up between a pair of PEs. This pair of PEs can be two U-PEs, or two S-PEs, or one U-PE and one S-PE.
Implementation mechanism: Static PW and Dynamic PW Networking model: SH-PW and MH-PW
Static PW The Static PW negotiates parameters without signaling protocol. You must specify the relevant information manually.
Dynamic PW
The Dynamic PW is a PW which is set up through the signaling protocol. The U-PE switches VC labels and binds the corresponding CE through VC-ID. If the tunnel between two PEs is successfully set up, and label interchanging and binding are completed, a VC is set up. The LDP-PW uses LDP as signaling protocol to send PW messages. The LDP-PW requires switching PWs to complete the MH-PW. The tunnel used to set up LDP PW can be LDP LSP, CR-LSP or GRE. By default, LDP LSP is used. LDP-PW messages include:
Request: a message used to request label distribution. Mapping: a message used to distribute label to the remote PE (U-PE or S-PE). The state bit can be carried by this message to the remote PE. Whether to carry the state bit or not is up to configuration. By default, the Martini mode does not carry state bit. Notification: a message used to announce and negotiate about the PW state to reduce messages to intercommunicate. Withdraw: a message used to ask the peer to remove labels. (It carries labels and state information.) Release: a message as a response for Withdraw. It is used to ask the peer that sends Withdraw to remove labels.
Figure 6-2 shows the interactive process of the packet during the establishment, maintenance and dismantlement of the LDP PW.
6-4 Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd. Issue 03 (2008-09-22)
6 PWE3 Configuration
PE2
Mapp ing
Mapp ing
The dynamic allocation of the LDP-PW label is performed on the receiving and sending directions. On the basis of Martini, the dynamic PW adds the optional status parameter in the Mapping packet and supports the Notification packet. When the network is in the unstable state, the Notification packet can decrease the interactive times of the packets. For example, if the AC link flapping occurs on the PE device, the Notification packet is sent to notify the AC link status. After receiving the packet, the peer does not dismantle the VC. However, in the Martini mode, the Withdraw packet is sent repeatedly. Thus, the PW is set up and dismantled repeatedly.
NOTE
The PWE3 supports Notification mode to negotiate about PW state information. The Withdraw packet is compatible to withdraw labels in PWE3. Which mode to be adopted is up to the negotiation of two ends of the PW.
This is the tearing down process for the dynamic PW. Figure 6-3 shows the interactive messages in the tearing down process for the dynamic PW. Figure 6-3 Process of tearing down single-hop PWE3
Loopback1 1.1.1.1/32 Loopback1 2.2.2.2/32
VC Deletion
Issue 03 (2008-09-22)
6-5
6 PWE3 Configuration
When PE1 does not forward packets sent from PE2 for a specific cause, such that PE2 is not specified as the peer any more, PE1 sends a Withdraw message to PE2. After receiving the Withdraw message, PE2 tears down the PW tunnel and responds PE1 with a Release message. After receiving the Release message, PE1 releases the label and tears down the PW tunnel.
SH-PW The SH-PW is a PW that is set up between two U-PEs. That is, switching labels at PW label layer is not required, as shown in Figure 6-4.
PW100
CE1
CE2
MH-PW The MH-PW is a set of two or more contiguous PW segments between two U-PEs. Switching labels at PW label layer is required. Figure 6-5 shows that the MH-PW functions as a single point-to-point PW. Figure 6-5 Networking diagram of MH-PWE3
U-PE1 S-PE P U-PE2
PW100 CE1
l
PW200 CE2
The forwarding mechanism of U-PE in MH-PW is the same as that in SH-PW. The only difference is that MH-PW requires switching the control and data planes of the preceding and succeeding PW segments on the S-PE. To carry out MH-PW, the S-PE device connects two PWs on both of PW endpoints and interchanges labels. There are three combinations of two PWs used to switch:
Dynamic and dynamic switch: Both PWs to switch are dynamic PWs. The PWs on both sides of the S-PE are set up using signaling. The remote labels are sent from two neighboring endpoints (U-PE or S-PE) to this S-PE using signaling. Static and static switch: Both PWs to switch are static PWs. Dynamic and static switch: One of the PWs to switch is set up with signaling, and the other one is set up without signaling.
Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd. Issue 03 (2008-09-22)
6-6
6 PWE3 Configuration
The preceding types of PW switching support the Control Word (CW) and Virtual Circuit Connectivity Verification (VCCV). The CW and VCCV are sent from two U-PEs to the S-PE through labels.
BFD for PW
The Bidirectional Forwarding Detection (BFD) can fast detect the PW link between the local PE and remote PE to support PW Fast Reroute (FRR). This lessens the impact of link faults on services.
l
Static BFD for PW BFD control packets are transmitted on PW links after being encapsulated by PWs. PWs distinguish control packets and data packets by using CWs. BFD packets are encapsulated by using the CWs of PWs. Detected PWs must be created by using the PW template. For an MH PW, the intermediate SPE only forwards BFD packets but does not send the BFD packets to its CPU for processing.
Dynamic BFD for PW 1. The Up and Down states of a PW can trigger the dynamic creation and deletion of a BFD session. When the status of a PW that needs to be detected is Up, the local device notifies information about its neighbor and detection parameters to the BFD module. The BFD module then sets up a session to detect the link between the local device and its neighbor. BFD session negotiation can be implemented by adding the BFD Discriminator TLV field to VCCV ping packets. After a session is set up, BFD fast sends detection packets. VCCV ping is used to periodically check the consistency of the control plane and data plane. When a dynamic BFD session detects that the status of the PW changes, BFD notifies the L2VPN to trigger route convergence. When a neighbor is unreachable, the protocol notifies the L2VPN to delete the related session.
2. 3. 4.
NOTE
For details of BFD for LDP LSP, refer to the chapter "MPLS Configuration" in the Quidway NetEngine80E/ 40E Router Configuration Guide - MPLS.
The format of the BFD Discriminator TLV in a VCCP ping packet is the same as the format of the BFD Discriminator TLV in an LSP ping packet, as shown in Figure 6-6. Figure 6-6 Structure of an LSP ping packet
Version Number Message Type Reply Mode Must Be Zero Return Code Sender's Handle Sequence Number Timestamp Sent (Seconds) Timestamp Sent (Microseconds) Timestamp Receive (Seconds) Timestamp Receive (Microseconds) TLVs Returen Subcode
Issue 03 (2008-09-22)
6-7
6 PWE3 Configuration
PW FRR
With the wide applications of PWE3, the requirement for the reliability of networks becomes increasingly higher, especially for L2VPNs that carry real-time services such as VoIP and IPTV. PW FRR is one of the solutions for increasing the reliability of L2VPNs. PW FRR detects faults in L2VPNs through the Operations, Administration and Maintenance (OAM) and BFD, advertises the faults, and fast switches traffic. PW FRR is used in the following types of networking:
l
Symmetrically Dual-homed CEs The CEs at the two ends are dual-homed to the corresponding PEs through two ACs, as shown in Figure 6-7.
VPN backbone
AC4 CE2
P2
PE3
AC3 Site2
Asymmetrically connected CEs One CE is connected to a PE through an AC and the other CE is dual-homed to PEs through two ACs, as shown in Figure 6-8. Figure 6-8 Asymmetrically connected CEs
P1 PE1 VPN backbone AC1 AC3 Site1 P2 PE3 Site2 PE2
AC2 CE2
CE1
In the scenario shown in Figure 6-8, you need to note the following:
l
When a CE is connected to a PE through an Ethernet link, only networking between homogeneous services can be configured on the PE. When a CE is connected to a PE through a PPP or HDLC link, the following situations occur:
Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd. Issue 03 (2008-09-22)
6-8
6 PWE3 Configuration
Only internetworking can be configured on the PE. Primary and secondary IP addresses can be configured on the interface connecting CE1 to PE1.The traffic with the primary IP address is forwarded by the master PW and the traffic with the secondary IP address is forwarded by the backup PW. CEs can advertise routes to each other by using OSPF, but OSPF does not support the advertisement of the routes with secondary IP addresses. If a device configured with the secondary IP address is connected to other devices, the device cannot forward routes.
Internetworking
The PWE3 supports internetworking. The PWE3 provides homogeneous and heterogeneous transports. If both ACs are of the same technology, for example, both Ethernet, both Frame Relay, both ATM, the PW provides "homogeneous transport." Otherwise, it provides "heterogeneous transport". When different sites access the PWE3 backbone with various transports, use the PWE3 internetworking transport. Figure 6-9 shows site 3 and site 4 access the PWE3 backbone with homogeneous transport. The site 1 and site 2 access the PWE3 backbone with heterogeneous transport. Figure 6-9 PWE3 internetworking
site1 CE
ATM1/0/0
site2
Backbone PW200
GE1/0/0
CE
VPN1
ATM1/0/0
GE1/0/0
VPN1
PE
POS2/0/0
PE PW100
POS2/0/0
VPN2
POS1/0/0 POS1/0/0
VPN2
CE site4
CE site3
Table 6-1 shows different types of data that can be transmitted transparently through the PWE3. Table 6-1 Data types capable of transparent transmission through PWE3 Type No. 0x0001 0x0002 0x0003 0x0004
Issue 03 (2008-09-22)
Type Frame Relay DLCI ATM AAL5 SDU VCC transport ATM cell transport Ethernet Tagged Mode VLAN
Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd. 6-9
6 PWE3 Configuration
Type No. 0x0005 0x0006 0x0007 0x0009 0x000A 0x000B 0x000C 0x000D 0x0011 0x0040
Type Ethernet HDLC PPP ATM N-to-1 VCC cell transport ATM N-to-1 VPC cell transport IP Layer 2 Transport ATM 1-to-1 VCC Cell Mode ATM 1-to-1 VPC Cell Mode IP-Interworking Mode IP-Interworking Mode
Inter-AS PWE3
In actual network, multiple sites of the VPN of a user may connect with multiple service providers of different ASs or with multiple ASs of a service provider. The VPN is called interAS VPN. Inter-AS PWE3 has three schemes:
l
Inter-AS PWE3-Option A: Data of an inter-AS user is transmitted through special interfaces between ASBRs. The user exclusively occupies the link between the ASBRs. Inter-AS PWE3-Option C: The PEs advertise the VPN IPv4 routes through multi-hop MPEBGP.
The NE80E/40E supports all the two schemes. The following describes those three schemes in detail:
l
Inter-AS PWE3-Option A In Option A, the ASBRs of the two ASs are directly connected. The ASBRs are the PEs of their respective ASs. The two ASBRs regard the peer ASBRs as their CE devices.
6-10
Issue 03 (2008-09-22)
6 PWE3 Configuration
PE-1
ASBR-PE1
CE-3
ASBR-PE2
PE-2
LSP1
AC
CE-2
As shown in Figure 6-10, for the ASBR-PE1 in the AS100, the ASBR-PE2 is a CE device. Similarly, for the ASBR-PE2, the ASBR-PE1 is a CE device. Option A is easy to implement. No inter-AS configuration is needed on the ASBR-PEs. The interfaces that connect the ASBR need not be configured with the IP addresses. In Option A, the two directly-connected ASBRs use different links including physical and logical links for each inter-AS VPN. The links work as ACs to connect the VPN. Thus, the performance requirement on the PE devices is relatively high.
l
Inter-AS PWE3-Option C In the previous two options, the ASBRs take part in the allocation and maintenance of PW labels. If each AS has a great amount of PW information to be exchanged, the ASBRs may become the bottleneck of the network. To solve this problem, Option C is introduced. In this option, the ASBRs set up and maintain PWs, while the PEs exchange the PW labels.
The ASBRs advertise the labeled IPv4 routes to the PEs in their respective ASs through MP-IBGP and advertise the labeled IPv4 routes received by the PE of the local AS to the ASBR peer in the remote AS. The ASBRs in the transit AS also advertise the labeled IPv4 routes. An LDP LSP is thus set up between the ingress PE and the egress PE. The PEs of different ASs set up remote multi-hop MPLS LDP session to exchange the PW information.
Issue 03 (2008-09-22)
6-11
6 PWE3 Configuration
EBGP
CE1
SH-PW
CE2
PE
PE
ATM CE
ATM CE
ATM Sw itch
ATM Sw itch
As shown in Figure 6-12, the ATM networks are connected through the high-speed PSN network (MPLS/IP network). ATM cell transport can help transfer the earlier ATM or ISP network through the PSN network without adding new ATM devices and changing the ATM CE configurations. ATM CEs consider the ATM cell transport as the TDM leased line.
6-12 Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd. Issue 03 (2008-09-22)
6 PWE3 Configuration
ATM cell transport is a technology through which the ATM cells are transmitted on the PWE3.
PWE3 Tracert
With the wide applications of PWE3, PWE3 is required to support related operations and maintenance. PWE3 tracert is a type of a network maintenance tool developed to meet this requirement. Based on different networking types, PWs are classified into SH PWs and MH PWs. Similarly, PWE3 tracert is classified into PWE3 SH tracecert and PWE3 MH tracert.
l
Basic principle
PWE3 SH Tracert
As shown in Figure 6-13, CE1 and CE4 belong to VPN 1; CE2 and CE3 belong to VPN 2; the LSP from PE1 to PE4 is PE1-P-PE4; the LSP from PE2 to PE3 is PE2P-PE3. Figure 6-13 Networking diagram of PWE3 SH tracert
CE1 VPN1 PE1 PE2 CE2 VPN2
CE3
PE3
PE4
CE4 VPN1
VPN2
LSP1 LSP2
On PE1, you can start PWE3 tracert of VPN 1 by using related command. This PWE3 tracert is the same as the LSP tracert in the public network, except that a PW label is added to packets, and the remote PE checks whether the receiving PW label and the VC ID are the the same as those of the local end. The source PE of the PWE3 tracert continues to send MPLS echo request packets with the Time-to-Live (TTL) of the outer label from one to a certain value and the TTL of the inner label as one. Each Label Switching Router (LSR) does not forward the received packet with the TTL of the outer label as one. Based on the contents of the packet, each LSR checks the correctness of specific services and labels, and then sends an MPLS echo reply packet to the source PE. In this way, the source PE can collect information about each LSR that a PW passes through and information about the egress PE. At present, the MPLS echo reply packet is an IP packet that does not carry any label.
Issue 03 (2008-09-22)
6-13
6 PWE3 Configuration
The following takes the LSP between PE1 and PE4 as an example to explain the mechanism adopted by PWE3 tracert to collect information about nodes. By starting PWE3 tracert, PE1 can collect information about nodes that the LSP from PE1 to PE4 passes through. By comparing paths obtained by the PWE3 tracert and PW paths generated by the protocol, you can judge whether there is an error. If the PWE3 tracert obtains only information about PE4 (TTL=2) instead of information about P (TTL=1), it indicates that P does not support MPLS ping. If the PWE3 tracert obtains only information about P (TTL=1) instead of information about PE4 (TTL=2), it indicates that PE4 or the link between P and PE4 is faulty. If the PWE3 tracert obtains information about PE1, PE2, and PE4, it indicates that P may be faulty. A new path is generated by the protocol. As shown in Figure 6-14, an MH PW is set up between CE1 and CE2. the IDs of PW segments are different. The LSP is UPE1-P1-SPE1-SPE2-P2-UPE2. Figure 6-14 Networking diagram of PWE3 MH tracert
CE2
PWE3 MH tracert
UPE2
CE1
The PWE3 tracert started on UPE1 can obtain correct response only from P1 and SPE1. SPE2 and UPE2 find that the "Remote PE Address" and "VC ID" are not consistent. This indicates that the PWE3 tracert passes through an MH PW. In addition, you can know the PW label switching from the downstream mapping information sent by each device. On SPE1, start PWE3 tracert to UPE1 or to SPE2 and UPE2. The PWE3 tracert to UPE1 is the same as the PWE3 SH tracert. The PWE3 tracert to SPE2 and UPE2 is PWE3 MH tracert. PWE3 tracert started on other PEs is the same as the preceding ones, and is not mentioned here.
The relations between MPLS ping and PWE3 ping and between MPLS tracert and PWE3 tracert are as follows: MPLS ping MPLS ping is similar to IP ping. The source node sends an MPLS echo request packet. The packet is forwarded by nodes along the LSP. When the packet reaches the egress in the MPLS area, the egress replies an MPLS echo reply packet. If the source node receives the MPLS echo reply packet from the destination node, the source node regards that the LSP can be used to forward data; otherwise, the source node regards that the LSP cannot be used to forward data.
MPLS tracert
Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd. Issue 03 (2008-09-22)
6-14
6 PWE3 Configuration
The source node of MPLS tracert continuously sends MPLS echo request packets with TTL values from one to a certain value. After the TTL of each node on the LSP expires, each node replies an MPLS echo reply packet. The ingress thus can collect information about each node on the LSP, and then locate the faulty node. At the same time, MPLS tracert can be used to collect important information about each node on the entire LSP, such as assigned labels.
l
PWE3 ping The principle of PWE3 ping is similar to that of MPLS ping and IP ping. The difference lies in that PWE3 ping uses a PW to forward MPLS echo request packets to judge whether the PW can be used to forward packets. When MPLS ping succeeds, PWE3 ping may fail.
PWE3 Tracert The principle of PWE3 tracert is similar to that of MPLS tracert and IP tracert. The difference lies in that PWE3 tracert uses a PW to forward MPLS echo request packets to collect information about nodes on the PW. When MPLS tracert succeeds, PWE3 tracert may fail.
CW
The PWE3 supports CW. The CW is a four-octet header in some encapsulations. The CW is used for sending packet information in MPLS PSN. On the PWE3 control plane, there is a bit symbolizing whether the CW presents on the PW or not. On the PWE3 data plane, if the CW is supported, a four-octet control word is added in the header of the packet to indicate the sequence of the packet. But in the following case control word can be used: the link between PE and PE is Ethernet, and the link between PE and CE is PPP. Because the MTU of the PPP packet is less than the MTU minimum of Ethernet packet, PPP negotiation fails. You can avoid this through CW, as adding control word lengthens the packet. Negotiation will be carried out successfully only when both endpoints of PW support CW, or both do not support CW at the control layer. The CW is optional. For static PW, CW requirements are configured manually.
VCCV-PING
The NE80E/40E supports VC Connectivity Verification (VCCV) negotiation and VCCV-PING on U-PEs of static PW, dynamic PW, SH-PW, and MH-PW. The VCCV-PING includes CW mode and MPLS router alert mode.
l l
The CW mode supports VC Connectivity Verification form U-PE to U-PE. The MPLS router alert mode supports VCCV-PING form U-PE to U-PE, and VCCV-PING form U-PE to S-PE.
PW Template
The PW template is a set of public attributes abstracted from PWs, which enables sharing of different PWs. For the sake of scalability, the command mode of PW template is added to set some public attributes of PW. When creating PW in the interface mode, you can use this template. The PW can be bound with PW template and can be reset.
Issue 03 (2008-09-22) Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd. 6-15
6 PWE3 Configuration
Other Features
The other NE80E/40E features are as follows:
l
Supporting the PW protection (The signaling is LDP). You can configure two PWs with different PW ID on the same interface. One serves as master, and the other serves as backup. When the master fails, the service is switched to the backup automatically. This configuration fits better for Multi-Hop. Supporting the PW to be configured in VLANIF interface and trunk interface. Supporting the PW QoS. Supporting the PWE3 configuration on Layer 2 devices.
l l l
Some PW attributes such as MTU, PW type, and encapsulation type are obtained from the interfaces directly connected with the CE. Therefore, those parameters do not need manual configuration.
Pre-configuration Tasks
Before configuring attributes of a PW template, you need to complete the following tasks:
l l
Data Preparation
To configure attributes of a PW template, you need the following data. All this data is optional.
6-16
Issue 03 (2008-09-22)
6 PWE3 Configuration
No. 1 2 3
Data Peer IP address Name of the tunnel policy Name and attributes of the PW template, such as CW and VCCV.
Procedure
Step 1 Run:
system-view
Procedure
Step 1 Run:
pw-template pw-template-name
Issue 03 (2008-09-22)
6-17
6 PWE3 Configuration
Run the display pw-template command. You can view the PW template name and parameters that you have configured. For example:
<Quidway> display pw-template Total PW template number : 2 PW Template Name : pwt1 PeerIP : 1.1.1.1 Tnl Policy Name : -CtrlWord : Enable VCCV Capability : cw bfd Behavior Name : -Total PW : 1, Static PW : 0, LDP PW : 1, Rsvp PW : 0 PW Template Name : pwt2 PeerIP : 2.2.2.2 Tnl Policy Name : -CtrlWord : Enable VCCV Capability : cw bfd Behavior Name : -Total PW : 1, Static PW : 0, LDP PW : 1, Rsvp PW : 0
6 PWE3 Configuration
Pre-configuration Tasks
Before configuring MPLS static PWs, complete the following tasks:
l l l l
Configuring MPLS backbone's IGP to implement IP interconnectivity Enabling MPLS for PEs Setting up tunnels of the relevant type between PEs according to the tunnel policy in use Configuring sub-interfaces when the AC type is VLAN, configuring virtual circuits when the AC type is ATM
Data Preparation
To configure MPLS static PWs, you need the following data. No. 1 2 3 4 Data Interface type and number of the interface for CE access Destination LSR ID of static PW The label value received and sent in L2VPN. Tunnel policy of Static PW
Procedure
Step 1 Run:
system-view
Issue 03 (2008-09-22)
6-19
6 PWE3 Configuration
MPLS L2VPN is enabled. Before configuring the MPLS L2VC connection, enable MPLS L2VPN. ----End
Procedure
Step 1 Run:
system-view
The parameters raw and tagged are needed only for the Ethernet link.
NOTE
VC-IDs of both PWs to switch should not be 0. Therefore, when configuring the static PW to switch, you are recommended to configure with PW template.
----End
Run the display mpls static-l2vc [ vc-id | interface interface-type interface-number | state { down | up } ] command, and you can view that VC State of the PW is up. For example:
<Quidway> display mpls static-l2vc interface pos 1/0/0
6-20
Issue 03 (2008-09-22)
6 PWE3 Configuration
*Client Interface : Pos1/0/0 is up AC Status : up VC State : up VC ID : 100 VC Type : PPP Destination : 3.3.3.9 Transmit VC Label : 100 Receive VC Label : 100 Control Word : Disable VCCV Capability : Disable Tunnel Policy : -PW Template Name : pwt Traffic Behavior : -Main or Secondary : Main VC tunnel/token info : 1 tunnels/tokens NO.0 TNL Type : lsp , TNL ID : 0x2002003 Create time : 0 days, 0 hours, 13 minutes, 7 seconds UP time : 0 days, 0 hours, 10 minutes, 23 seconds Last change time : 0 days, 0 hours, 10 minutes, 23 seconds
Pre-configuration Tasks
Before configuring dynamic PWs, complete the following tasks:
l
Configuring an IGP protocol on PEs and Ps in the MPLS backbone network for IP connectivity Configuring basic MPLS functions in the backbone network Establishing related tunnels between PEs according to the tunnel policy Setting up remote LDP sessions between PEs Configuring sub-interfaces when the AC type is VLAN, configuring VCs when the AC type is ATM
NOTE
l l l l
PWE3 does not support Point-to-Multipoint (P2MP). Therefore, if MPLS L2VCs are created on ATM sub interfaces, the ATM sub interfaces must be Point-to-Point (P2P) interfaces. ATM cell transport can be configured on both P2MP interfaces and P2P interfaces.
Issue 03 (2008-09-22)
6-21
6 PWE3 Configuration
Data Preparation
To configure dynamic PW, you need the following data. No. 1 2 3 Data Type and number of the interface connected with CE Destination address of L2VC and VC ID Policy name of the tunnel
Procedure
Step 1 Run:
system-view
MPLS L2VPN is enabled. Before configuring the MPLS L2VC connection, enable MPLS L2VPN. ----End
Procedure
Step 1 Run:
system-view
6 PWE3 Configuration
Step 3 Run:
mpls l2vc { ip-address | pw-template pw-template-name } * vc-id [ group-id groupid ] [ [ control-word | no-control-word ] | [ raw | tagged | ip-interworking | iplayer2 ] | tunnel-policy policy-name] * [ secondary ]
l l
raw and tagged are needed only for the Ethernet link. secondary is used to configure a backup PW. The backup PW can be configured only after the master PW is configured. For the detailed configuration, see Configuring a Backup PW
NOTE
l l
On the same endpoint, the combination of PW ID and PW type must be unique, but PW ID on both endpoints of switch PW can be identical. When configuring the dynamic PW, if the Huawei devices are connected with non-Huawei devices in internetworking mode, choose ip-layer2; if all the connected devices are Huawei products, choose ipinterworking.
----End
Run the display mpls l2vc [ vc-id | interface interface-type interface-number ] command, you can view that VC state is up. For example:
<Quidway> display mpls l2vc interface gigabitethernet 1/0/0.1 *client interface : GigabitEthernet1/0/0.1 is up session state : up AC state : up VC state : up VC ID : 100 VC type : VLAN destination : 192.3.3.3 local group ID : 0 remote group ID : 0 local VC label : 21504 remote VC label : 21504 local AC OAM State : up local PSN State : up local forwarding state : forwarding remote AC OAM state : up remote PSN state : up remote forwarding state: forwarding BFD for PW : unavailable manual fault : not set active state : active
Issue 03 (2008-09-22)
6-23
6 PWE3 Configuration
forwarding entry link state local VC MTU local VCCV remote VCCV local fragmentantion local control word tunnel policy traffic behavior PW template name primary or secondary VC tunnel/token info NO.0 TNL type : gre create time up time last change time : : : : : : : : : : : :
Run the display mpls l2vc brief command. You can find that destination is the peer IP address of the specified VC and VC state is up. For example:
<Quidway> display mpls l2vc brief Total ldp vc : 1 1 up 0 down *Client Interface VC State VC ID VC Type Destination : : : : : GigabitEthernet1/0/0.1 up 101 VLAN 3.3.3.9
Run the display mpls l2vc remote-info command, and you can view that Peer Addr is the peer address of the specified VC. For example:
<Quidway> display mpls l2vc remote-info Total remote ldp vc : 1 Transport Group Peer Remote VC ID ID Addr Encap 100 0 192.3.3.3 vlan
6 PWE3 Configuration
Two PEs are not located in the same AS and no signaling or tunnel can be set up between the two PEs. (If inter-AS tunnel is set up by the BGP labeled route, MH-PW is not required.) The signaling of two PEs differs from each other. If access device supports MPLS, but cannot set up large numbers of LDP session, you can use User Facing Provider Edge (UFPE) as U-PE. And you can use the S-PE as the switching node of LDP session, which is similar to signaling reflector.
l l
Pre-configuration Tasks
Before configuring PW switching, complete the following tasks:
l l l
Enabling MPLS L2VPN on the PEs Configuring Static PW on U-PEs if the PW switching is between two static PWs Configuring Dynamic PW on U-PEs if the PW switching is between two dynamic PWs
Data Preparation
To configure PW switching, you need the following data. No. 1 2 3 4 Data IP address and VC-ID of static PWs or dynamic PWs to-be-switch Encapsulation type of L2VC Sending label and receiving label of L2VPN if the PW to be switched is a static PW The MTU values of the interfaces on the two ends of the PW if the PW to be switched is a static PW
Static PWs switching: Both PWs used to switch are static. Dynamic PWs switching: Both PWs used to switch are dynamic. Mixed PWs switching: One of the PWs is dynamic, and the other is static.
Procedure
l Static PW Switching Do as follows on the S-PEs. 1. Run:
system-view
6 PWE3 Configuration
2.
Run:
mpls switch-l2vc ip-address vc-id trans trans-label recv received-label between ip-address vc-id trans trans-label recv received-label encapsulation { atm-1to1-vcc | atm-1to1-vpc | atm-aal5-sdu | atm-nto1-vcc | atm-nto1-vpc | atm-trans-cell | ethernet | hdlc | ip-interworking | iplayer2 | ppp | vlan } [ control-word [ cc { alert | cw } * cv lsp-ping ] | [ no-control-word ] [ cc alert cv lsp-ping ] ]
The static PWs switching is enabled. To configure static PWs switching, you must configure PW labels. Enable CW and VCCV if required. The conditions of setting up a static SH-PW are as follows:
On U-PE, once the AC state is up and PSN tunnel exists, the PW state is up. On the S-PE, once the PSN tunnels on both sides exist, the PW is in up state. This is regardless of whether the PW encapsulation of S-PE is consistent with that of U-PE or not.
For the sake of management convenience, it is recommended to configure the same PW encapsulation type on the devices along the PW (U-PE and S-PE). l Dynamic PW Switching Do as follows on the S-PEs. 1. Run:
system-view
The dynamic PWs switching is configured. The remote labels are sent from both neighboring endpoints (U-PE or S-PE) to this S-PE through the signaling. The CW and VCCV are sent from two U-PEs to this SPE using the signaling. When configuring dynamic PWs switching, ensure that the PW encapsulation type is consistent on the devices along the PW (U-PE and S-PE). l Mixed PW Switching
NOTE
While configuring mixed PWs switching, note that the parameters "ip-address" and "vc-id" before "between" in the command are that of dynamic PW, while the ones after "between" are that of static PW. Both these cannot be interchanged.
6-26
Issue 03 (2008-09-22)
6 PWE3 Configuration
atm-aal5-sdu | atm-nto1-vcc | atm-nto1-vpc | atm-trans-cell | ethernet | hdlc | ip-interworking | ip-layer2 | ppp | vlan } [ mtu mtu-value ] [ control-word [ cc { alert | cw } * cv lsp-ping ] | [ no-control-word ] [ cc alert cv lsp-ping ] ]
The mixed PWs switching is enabled For mixed PWs switching, static PWs needs to be configured with PW label. Enable CW and VCCV if required. When configuring the mixed PWs switching, ensure that the following MTUs are the same:
Local MTU of the dynamic PW Peer MTU of the dynamic PW Local MTU of the static PW Peer MTU of the static PW
NOTE
When configuring the mixed PW, if the Huawei devices are connected with non-Huawei devices in internetworking mode, choose ip-layer2; if all the connected devices are Huawei products, choose ip-interworking. In the internetworking connection, the MTU values of the interfaces on the two ends must be the same and cannot be large than 1500 bytes.
----End
Run the display mpls switch-l2vc [ ip-address vc-id encapsulation { encapsulation-type | ipinterworking | ip-layer2 } | state { down | up } ] command. You can view the VC status is Up. For example:
<Quidway> display mpls switch-l2vc Total Switch VC : 1, 1 up, 0 down *Switch-l2vc type : LDP<---->LDP Peer IP Address : 5.5.5.9, 1.1.1.9 VC ID : 200, 100 VC Type : PPP VC State : up VC StatusCode |PSN |OAM | FW | |PSN |OAM | FW | -Local VC :| UP | UP | UP | | UP | UP | UP | -Remote VC:| UP | UP | UP | | UP | UP | UP | Session State : up, up Local/Remote Label : 21504/21504, 21505/21504 Local/Remote MTU : 1500/1500, 1500/1500 Local/Remote Control Word : Enable/Enable, Enable/Enable Local/Remote VCCV Capability : cw lsp-ping/cw lsp-ping, cw lsp-ping/cw lsp-ping Local/Remote Frag Capability : Disable/Disable, Disable/Disable
Issue 03 (2008-09-22)
6-27
6 PWE3 Configuration
Switch-l2vc tunnel info : 1 tunnels NO.0 TNL 1 tunnels NO.0 TNL : 0 days, 0 : 0 days, 0 : 0 days, 0
for peer 5.5.5.9 Type : lsp , TNL ID : 0x2002006 for peer 1.1.1.9 Type : lsp , TNL ID : 0x1002000 hours, 13 minutes, 1 seconds hours, 3 minutes, 58 seconds hours, 3 minutes, 58 seconds
AC2 CE2
CE1
As shown in Figure 6-15, the master PW and backup PW need to be configured on PE1. Only one PW is required on PE2 and PE3. For inter-AS L2VPN and MH PWE3, the ASBR and SPE do not distinguish the master and backup PWs.
Pre-configuration Tasks
Before configuring a backup PW, complete the following tasks:
l
Configuring an IGP protocol on PEs and Ps in the MPLS backbone network for IP connectivity Enabling MPLS on PEs and Ps
Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd. Issue 03 (2008-09-22)
6-28
6 PWE3 Configuration
Setting up the tunnels (CR-LSP, LSP) used by the master and backup PWs between PEs on the master and backup paths Configuring the tunnel policy when the tunnels are CR-LSPs and not configuring the tunnel policy when the LSP is used as a tunnel Configuring the master PW on PEs on the master path Configuring a PW on the PE on the backup path, without distinguishing the master and backup PWs Configuring the PW template and enabling the CW when configuring PWs Configuring the IP addresses of the interfaces connecting the CEs to the PEs
l l
l l
Data Preparation
To configure a backup PW, you need the following data. No. 1 2 Data (Optional) tunnel policy used by the backup PW Destination address and VC ID of the backup PW
The types of the master and backup PWs must be consistent. That is, the encapsulation types of the master and backup PWs must be consistent.
Procedure
Step 1 Run:
system-view
A backup VC connection is configured. The ID of the backup VC cannot be the same as that of the master VC. As for the scenario of asymmetrical access of CEs, you need pay attention to the following:
Issue 03 (2008-09-22) Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd. 6-29
6 PWE3 Configuration
l
When the CE accesses the PE through the Ethernet, the PE can only be configured with the homogenous transport. When the CE accesses the PE through PPP, or HDLC:
PE can only be configured with the heterogeneous transport. The interface on CE1 that connects PE1 can be configured with the primary and secondary IP addresses. The master PW forwards packets through the primary IP address, and the backup PW forwards packets through the secondary IP address. CEs can advertise routes to each other through OSPF. OSPF, however, does not support the route advertised by the secondary IP address. If the device with the secondary IP address is connected with other devices, it cannot achieve the route forwarding.
----End
After the configuration is successful, the following results are displayed when the display mpls l2vc [ vc-id | interface interface-type interface-number | remote-info [ vc-id ] | state { down | up } ] command is used on the PE to which a CE is connected through only one link:
l l
The statuses of the master and backup PWs are up. VC state of the master PW is active, and VC state of the backup PW is inactive.
For example:
<Quidway> display mpls l2vc interface pos 1/0/0 *client interface : Pos1/0/0 is up session state : up AC state : up VC state : up VC ID : 100 VC type : IP-interworking destination : 3.3.3.3 local group ID : 0 remote group ID local VC label : 21504 remote VC label local AC OAM State : up local PSN State : up local forwarding state : forwarding remote AC OAM state : up remote PSN state : up remote forwarding state: forwarding BFD for PW : available BFD sessionIndex : 257 BFD state : up manual fault : not set active state : active forwarding entry : exist link state : up
: 0 : 21504
6-30
Issue 03 (2008-09-22)
6 PWE3 Configuration
local VC MTU : 1500 remote VC MTU : 1500 local VCCV : cw bfd remote VCCV : cw bfd local fragmentantion : disable remote fragmentantion: disable local control word : enable remote control word : enable tunnel policy : p1 traffic behavior : -PW template name : 1to3 primary or secondary : primary VC tunnel/token info : 1 tunnels/tokens NO.0 TNL type : cr lsp, TNL ID : 0x42002002 create time : 0 days, 0 hours, 56 minutes, 39 seconds up time : 0 days, 0 hours, 18 minutes, 2 seconds last change time : 0 days, 0 hours, 18 minutes, 2 seconds *client interface : Pos1/0/0 is up session state : up AC state : up VC state : up VC ID : 200 VC type : IP-interworking destination : 2.2.2.2 local group ID : 0 remote group ID : 0 local VC label : 21505 remote VC label : 21504 local AC OAM state : up local PSN state : up local forwarding state : forwarding remote AC OAM state : up remote PSN state : up remote forwarding state: forwarding BFD for PW : available BFD sessionIndex : 256 BFD state : up manual fault : not set active state : inactive forwarding entry : existent link state : up local VC MTU : 1500 remote VC MTU : 1500 local VCCV : cw bfd remote VCCV : cw bfd local fragmentation : disable remote fragmentation: disable local control word : enable remote control word : enable tunnel policy : -traffic behavior : -PW template name : 1to2 primary or secondary : secondary VC tunnel/token info : 1 tunnels/tokens NO.0 TNL type : lsp , TNL ID : 0x2002004 create time : 0 days, 0 hours, 56 minutes, 39 seconds up time : 0 days, 0 hours, 18 minutes, 2 seconds last change time : 0 days, 0 hours, 18 minutes, 2 seconds reroute policy : delay 30 s, resume 0 s reason of last reroute : Remote PSN fault time of last reroute : 0 days, 0 hours, 18 minutes, 2 seconds delay timer ID : -rest time :-resume timer ID : -rest time :--
Run the display mpls l2vc brief command. You can find that destination is the peer IP address of the specified VC and VC state is up. For example:
<Quidway> display mpls l2vc brief Total ldp vc : 1 1 up 0 down *Client Interface VC State VC ID VC Type Destination : : : : : GigabitEthernet1/0/0.1 up 101 VLAN 3.3.3.9
Issue 03 (2008-09-22)
6-31
6 PWE3 Configuration
Pre-configuration Tasks
Before configuring static BFD for PW, complete the following tasks:
l l
Data Preparation
To configure static BFD for PW, you need the following data. No. 1 2 3 Data Name of a BFD session Interfaces where PWs reside (AC interfaces) Local discriminator and remote discriminator of a BFD session
6-32
Issue 03 (2008-09-22)
6 PWE3 Configuration
Global BFD is enabled on the local node and the global BFD view is displayed. ----End
Procedure
Step 1 Run:
system-view
A BFD configuration entry is created. interface interface-type interface-number specifies the AC interface where the PW resides. When the PW to be detected is a backup PW, you must select secondary. Step 3 Run:
discriminator local discr-value
The configuration is committed. When the status of the PW is Down, the BFD session is created successfully but cannot be Up. ----End
Issue 03 (2008-09-22) Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd. 6-33
6 PWE3 Configuration
Run the display bfd configuration pw interface interface-type interface-number [ secondary] [ verbose ] command, and you can view discriminators of the BFD session, the type of the PW that is bound to the BFD session, and the type of the BFD session. For example:
<Quidway> display bfd configuration pw interface pos 1/0/0 verbose -------------------------------------------------------------------------------BFD Session Configuration Name : 1to2 -------------------------------------------------------------------------------Local Discriminator : 12 Remote Discriminator : 21 BFD Bind Type : PW(Master) Bind Session Type : Static Bind Interface : pos1/0/0 TOS-EXP : 6 Local Detect Multi : 3 Min Tx Interval (ms) : 1000 Min Rx Interval (ms) : 1000 WTR Interval (ms) : -Process PST : Enable Proc interface status : Disable Local Demand Mode : Disable Bind Application : L2VPN | OAM_MANAGER | MPLSFW Session Description : --------------------------------------------------------------------------------Total Commit/Uncommit CFG Number : 1/0
Run the display bfd session pw interface interface-type interface-number [ secondary] [ verbose ] command, and you can view the status of the BFD session, discriminators of the BFD session, the type of the PW that is bound to the BFD session, and the type of the BFD session. For example:
<PE1> display bfd session pw interface pos 1/0/0 verbose -------------------------------------------------------------------------------Session MIndex : 256 (One Hop) State : Up Name : 1to2 -------------------------------------------------------------------------------Local Discriminator : 12 Remote Discriminator : 21 Session Detect Mode : Asynchronous Mode Without Echo Function BFD Bind Type : PW(Master) Bind Session Type : Static Bind Peer Ip Address : --.--.--.-NextHop Ip Address : --.--.--.-Bind Interface : pos1/0/0 FSM Board Id : 1 TOS-EXP : 6 Min Tx Interval (ms) : 1000 Min Rx Interval (ms) : 1000 Actual Tx Interval (ms): 1000 Actual Rx Interval (ms): 1000 Local Detect Multi : 3 Detect Interval (ms) : 3000 Echo Passive : Disable Acl Number : -Proc interface status : Disable Process PST : Enable WTR Interval (ms) : -Local Demand Mode : Disable Active Multi : 3 Last Local Diagnostic : No Diagnostic Bind Application : L2VPN | OAM_MANAGER | MPLSFW Session TX TmrID : -Session Detect TmrID : -Session Init TmrID : -Session WTR TmrID : --
6-34
Issue 03 (2008-09-22)
6 PWE3 Configuration
Session Echo Tx TmrID : -PDT Index : FSM-0 | RCV-0 | IF-0 | TOKEN-0 Session Description : --------------------------------------------------------------------------------Total UP/DOWN Session Number : 1/0
Pre-configuration Tasks
Before configuring dynamic BFD for PW, complete the following tasks:
l l
Data Preparation
To configure dynamic BFD for PW, you need the following data. No. 1 2 Data VC ID of a PW BFD parameters
Issue 03 (2008-09-22)
6-35
6 PWE3 Configuration
Procedure
Step 1 Run:
system-view
Global BFD is enabled on the local node and the global BFD view is displayed. ----End
Procedure
Step 1 Run:
system-view
6 PWE3 Configuration
Procedure
Step 1 Run:
system-view
Procedure
Step 1 Run:
system-view
A BFD session is dynamically set up to detect PWs. After this command is used, the BFD session is created immediately. This command can also be used to adjust BFD detection parameters. To detect backup PWs, secondary must be used.
Issue 03 (2008-09-22) Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd. 6-37
6 PWE3 Configuration
NOTE
BFD for PW must be configured or deleted on the two PEs of a PW simultaneously; otherwise, the PW statuses on the two PEs are different.
----End
Run the display bfd configuration pw interface interface-type interface-number [ secondary] [ verbose ] command, and you can view discriminators of the BFD session, the type of the PW that is bound to the BFD session, and the type of the BFD session. For example:
<Quidway> display bfd configuration pw interface pos 1/0/0 verbose -------------------------------------------------------------------------------BFD Session Configuration Name : dyn_8192 -------------------------------------------------------------------------------Local Discriminator : 8192 Remote Discriminator : 8192 BFD Bind Type : PW(Master) Bind Session Type : Dynamic Bind Interface : Pos1/0/0 TOS-EXP : 6 Local Detect Multi : 3 Min Tx Interval (ms) : 100 Min Rx Interval (ms) : 100 WTR Interval (ms) : -Process PST : Enable Proc interface status : Disable Local Demand Mode : Disable Bind Application : L2VPN | OAM_MANAGER | MPLSFW Session Description : --------------------------------------------------------------------------------Total Commit/Uncommit CFG Number : 1/0
Run the display bfd session pw interface interface-type interface-number [ secondary] [ verbose ] command, and you can view the status of the BFD session, discriminators of the BFD session, the type of the PW that is bound to the BFD session, and the type of the BFD session. For example:
<Quidway> display bfd session pw interface pos 1/0/0 verbose -------------------------------------------------------------------------------Session MIndex : 256 (One Hop) State : Up Name : dyn_8192 -------------------------------------------------------------------------------Local Discriminator : 8192 Remote Discriminator : 8192 Session Detect Mode : Asynchronous Mode Without Echo Function BFD Bind Type : PW(Master) Bind Session Type : Dynamic Bind Peer Ip Address : --.--.--.-NextHop Ip Address : --.--.--.-Bind Interface : Pos1/0/0 FSM Board Id : 1 TOS-EXP : 6 Min Tx Interval (ms) : 100 Min Rx Interval (ms) : 100 Actual Tx Interval (ms): -Actual Rx Interval (ms): -Local Detect Multi : 3 Detect Interval (ms) : --
6-38
Issue 03 (2008-09-22)
6 PWE3 Configuration
Echo Passive : Disable Acl Number : -Proc interface status : Disable Process PST : Enable WTR Interval (ms) : -Local Demand Mode : Disable Last Local Diagnostic : No Diagnostic Bind Application : L2VPN | OAM_MANAGER | MPLSFW Session TX TmrID : -Session Detect TmrID : -Session Init TmrID : -Session WTR TmrID : -Session Echo Tx TmrID : -PDT Index : FSM-0 | RCV-0 | IF-0 | TOKEN-0 Session Description : --------------------------------------------------------------------------------Total UP/DOWN Session Number : 1/0
Networking where CEs are symmetrically dual-homed to PEs Two paths exist between CEs at the two ends of a VC. One path acts as the master path, and the other one acts as the backup path. Networking where CEs are asymmetrically connected to PEs One CE of the VC is connected to a more reliable PE through a single link of higher reliability. The other CE is dual-homed to PEs of lower reliability. Two paths thus exist between the CEs. The path with higher reliability acts as the master path, and the path with lower reliability acts as the backup path. In the networking where CEs are asymmetrically connected to PEs, the revertive switching policy needs to be configured, and the default revertive switching policy refers to the delay switching.
l l
After PW FRR is configured, L2VPN traffic is switched to the backup path in time when a fault occurs on the master path. After the fault on the master path is cleared, the L2VPN traffic is switched to the master path according to the revertive switchover policy.
NOTE
For the non-Ethernet AC link in which the CE accesses the PE asymmetrically, the primary and secondary IP addresses need to be configured on the interface on the CE that is connected to the related PE through a single link. When the master path is available, the primary IP address is used to communicate with the remote CE. When a fault occurs on the primary link, this CE communicates with the remote CE by using the secondary IP address.
Issue 03 (2008-09-22)
6-39
6 PWE3 Configuration
Pre-configuration Tasks
Before configuring PW FRR, complete the following tasks:
l
For the networking where CEs are symmetrically dual-homed to PEs, configuring a PW on the master path and backup path respectively. PWs on the master path and backup path can be different. For the networking where CEs are asymmetrically connected to PEs, configuring a master PW and a backup PW. The master PW and backup PW must be of the same type. Configure routing protocols or static routes on CEs to enable CEs to exchange routes.
NOTE
In VLL FRR, if the type of the AC link is PPP, or HDLC, you need to specify ip-interworking and enable the control word when configuring a PW. To configure a Martini VLL or PWE3, you must use the PW template to configure a PW, enable the control word in the PW template, and use BFD to perform Virtual Circuit Connectivity Verification (VCCV). If the IP addresses of the AC interfaces on the CEs at the both ends of the PW are not in the same network segment, the type of the AC links must be modified to PPP and the ppp peer hostroute-suppress command cannot be used. In the networking where CEs are asymmetrically connected to related PEs, the backup PW cannot transmit data when the master path and backup path work normally. If the AC interface of the backup PW borrows the IP address of the AC interface of the master PW, the following situations occur:
l l l
A permanent switching policy cannot be configured. The local CE has two equal-cost and direct routes to the remote CE. The destination addresses and next hops of the two routes are the same. In fact, the route that passes through the backup PW is invalid. If CEs exchange routing information by using routing protocols, you need to modify the cost or metric of the AC interface of the backup path to be greater than that of the AC interface of the master path. The local CE cannot interwork with the remote CE, but can interconnect with other user devices. If CEs exchange routing information by using static routes, and the AC is not an Ethernet link, you need modify the preference of the backup route to be lower than that of the primary route by using the ip route-static dest-ip-address mask out-interface preference preference-value command. Note that the greater is the preference value, the lower is the preference. If the AC is an Ethernet link, you also need to configure the function of BFD for static routes on CEs.
Data Preparation
To configure PW FRR, you need the following data. No. 1 2 Data Local and remote discriminators of the BFD session Delay for revertively switching traffic when a fault is cleared and the delay for advertising that the fault is cleared (by default, the delay for revertively switching traffic is 30 seconds and the delay for advertising that the fault is cleared is 10 seconds.) Link types of AC interfaces
NOTE
In the networking where CEs are asymmetrically connected to PEs, the revertive switchover policy needs to be set. By default, the revertive switchover policy is to delay the revertive switchover.
6-40
Issue 03 (2008-09-22)
6 PWE3 Configuration
l l
BFD for PW must be configured or deleted on the PEs at the both ends of a PW simultaneously. Otherwise, the PW statuses on the two PEs are different. To detect statuses of the tunnels that carry PWs, you can configure BFD for tunnels. For detailed configuration, refer to the chapters "Basic MPLS Configuration" and "MPLS TE Configuration" in the Quidway NetEngine80E/40E Router Configuration Guide - MPLS.
Procedure
l If the AC is a link of PPP/HDLC, do as follows on PEs in both the master path and the backup path: 1. Run:
system-view
The view of the AC interface is displayed. 3. Configure the fault mapping between the AC and the PW by running either of the following commands:
Run:
mpls l2vpn oam-mapping auto
OAM mapping is enabled automatically. After OAM mapping is automatically enabled, the fault mapping between AC and PW is enabled. In addition, PEs can automatically enable the detection and notification of the AC OAM fault according to the specific AC type. The detection of the AC OAM fault indicates the detection of the AC fault. The notification of AC OAM fault indicates the notification of PW fault to CEs.
Run:
mpls l2vpn oam-mapping
Issue 03 (2008-09-22)
6-41
6 PWE3 Configuration
The manual configuration of OAM mapping is enabled, and the detection and notification of the AC fault is also enabled. Then choose any of the following commands according to the AC type: For PPP, run the oam { detect lcp-terminal | notify lcp-terminal } * command. For HDLC, run the oam { detect hello-stop | notify hello-stop } * command.
NOTE
l l
In PW FRR, if the AC is PPP/HDLC, the PW is configured in IP interworking mode. After PW being configured with the IP interworking mode, CEs cannot detect any fault because they cannot negotiate links. Therefore, PEs in both the master path and the backup path must be configured with OAM mapping. In this manner, PEs can inform CEs of the fault. Otherwise, the AC is always in the Up state if the PW fails, which leads to the service interruption.
If the AC is an Ethernet, do as follows on PEs in both the primary path and the backup path: 1. Run:
system-view
In the PW FRR, the PW need be configured in homogeneous interworking mode when the AC is an Ethernet. Otherwise, the use device may learn a wrong outbound interface according to ARP. Before running the mpls l2vpn oam-mapping { 1ag md md-name ma ma-name | 3ah command, you need configure Ethernet OAM on the AC link. For details, refer to "Ethernet OAM Configuration" in the Quidway NetEngine80E/40E Router Configuration Guide - Reliability.
----End
Procedure
Step 1 Run:
system-view
6 PWE3 Configuration
The revertive switchover policy is configured. The types of the revertive switchover on PEs are as follows:
l
Immediate revertive switchover: The local PE immediately switches traffic to the master PW and notifies the fault to the remote PE of the backup PW. The PE notifies the rectification of the fault to the remote PE of the backup PW after the period of resume-time. Delayed revertive switchover: The PE switches traffic to the master PW after the period of delay-time. None revertive switchover: The PE does not switch traffic to the master PW until the backup PW is faulty.
For an asymmetric PW FRR networking, in which ACs are of the Ethernet type, note the following:
l
If the remote shutdown function is configured on the interface of a PE that connects a CE, you are recommended not to use the policy of immediate revertive switchover, which may lead to network flapping and traffic loss. On the other hand, you can use the policy of delayed revertive switchover to set delay-time equal to or more than 30 seconds. If the Ethernet OAM function is configured on the interface of a PE that connects a CE, and a revertive switchover policy is also configured, you cannot set resume-time to be 0 seconds, but be equal to or higher than one seconds.
----End
Issue 03 (2008-09-22)
6 PWE3 Configuration
Run the display mpls l2vc [ vc-id | interface interface-type interface-number ] command, and you can view that the statuses of the master and backup PWs are up, VC state of the master PW is active, and VC state of the backup PW is inactive. For example:
<Quidway> display mpls l2vc interface pos 1/0/0 *client interface : Pos1/0/0 is up session state : up AC state : up VC state : up VC ID : 100 VC type : IP-interworking destination : 3.3.3.3 local group ID : 0 remote group ID : 0 local VC label : 21504 remote VC label : 21504 local AC OAM State : up local PSN State : up local forwarding state : forwarding remote AC OAM state : up remote PSN state : up remote forwarding state: forwarding BFD for PW : available BFD sessionIndex : 257 BFD state : up manual fault : not set active state : active forwarding entry : exist link state : up local VC MTU : 1500 remote VC MTU : 1500 local VCCV : cw bfd remote VCCV : cw bfd local control word : enable remote control word : enable tunnel policy name : p1 traffic behavior name : -PW template name : 1to3 primary or secondary : primary VC tunnel/token info : 1 tunnels/tokens NO.0 TNL type : cr lsp, TNL ID : 0x42002002 create time : 0 days, 0 hours, 12 minutes, 47 seconds up time : 0 days, 0 hours, 2 minutes, 11 seconds last change time : 0 days, 0 hours, 2 minutes, 11 seconds *client interface : Pos1/0/0 is up session state : up AC state : up VC state : up VC ID : 200 VC type : IP-interworking destination : 2.2.2.2 local group ID : 0 remote group ID : 0 local VC label : 21505 remote VC label : 21504 local AC OAM state : up local PSN state : up local forwarding state : forwarding remote AC OAM state : up remote PSN state : up remote forwarding state: forwarding BFD for PW : available BFD sessionIndex : 256 BFD state : up manual fault : not set active state : inactive forwarding entry : existent link state : up
6-44
Issue 03 (2008-09-22)
6 PWE3 Configuration
1500 remote VC MTU : 1500 cw bfd cw bfd enable remote control word : enable --1to2 secondary 1 tunnels/tokens , TNL ID : 0x2002004 0 days, 0 hours, 12 minutes, 47 seconds 0 days, 0 hours, 1 minutes, 32 seconds 0 days, 0 hours, 1 minutes, 32 seconds delay 30 s, resume 0 s Remote AC fault was resumed 0 days, 0 hours, 1 minutes, 38 seconds -rest time :--rest time :--
Run the display mpls l2vc brief command. You can find that destination is the peer IP address of the specified VC and VC state is up. For example:
<Quidway> display mpls l2vc brief Total ldp vc : 1 1 up 0 down *Client Interface VC State VC ID VC Type Destination : : : : : GigabitEthernet1/0/0.1 up 101 VLAN 3.3.3.9
Run the display mpls l2vc remote-info command, and you can view that Peer Addr is the peer address of the specified VC. For example:
<Quidway> display mpls l2vc remote-info Total remote ldp vc : 2 Transport Group Peer Remote VC ID ID Addr Encap 100 0 3.3.3.3 interworking 200 0 2.2.2.2 interworking
C Bit 1 1
N Bit 1 1
S Bit 0 0
Run the display bfd session pw interface interface-type interface-number [ secondary] [ verbose ] command, and you can view the status of the BFD session, discriminators of the BFD session, the type of the PW that is bound to the BFD session, and the type of the BFD session. For example:
<Quidway> display bfd session pw interface pos 1/0/0 verbose -------------------------------------------------------------------------------Session MIndex : 257 (One Hop) State : Up Name : 1to3 -------------------------------------------------------------------------------Local Discriminator : 13 Remote Discriminator : 31 Session Detect Mode : Asynchronous Mode Without Echo Function BFD Bind Type : PW(Master) Bind Session Type : Static Bind Peer Ip Address : --.--.--.-NextHop Ip Address : --.--.--.-Bind Interface : Pos1/0/0 FSM Board Id : 1 TOS-EXP : 6 Min Tx Interval (ms) : 1000 Min Rx Interval (ms) : 1000 Actual Tx Interval (ms): 1000 Actual Rx Interval (ms): 1000 Local Detect Multi : 3 Detect Interval (ms) : 3000 Echo Passive : Disable Acl Number : -Proc interface status : Disable Process PST : Enable WTR Interval (ms) : -Local Demand Mode : Disable Active Multi : 3 Last Local Diagnostic : No Diagnostic Bind Application : L2VPN | OAM_MANAGER | MPLSFW Session TX TmrID : -Session Detect TmrID : --
Issue 03 (2008-09-22)
6-45
6 PWE3 Configuration
Session Init TmrID : -Session WTR TmrID : -Session Echo Tx TmrID : -PDT Index : FSM-0 | RCV-0 | IF-0 | TOKEN-0 Session Description : --------------------------------------------------------------------------------Total UP/DOWN Session Number : 1/0
Run the display mpls l2vpn forwarding-info [ vc-label ] interface interface-type interfacenumber [ | { begin | exclude | include } regular-expression ] command, and you can view that the ENTRYTYPE of the master PW is SEND, PWSTATE is ACTIVE, BFDSTATE is UP, and ADMIN is TURE. For example:
<Quidway> display mpls l2vpn forwarding-info interface Pos 1/0/0 The Main PW Forward Infomation : VCLABEL TNLTYPE ENTRYTYPE PWSTATE BFDSTATE ADMIN CTLWORD CC CV TNLID --------------------------------------------------------------------------21504 CRLSP SEND ACTIVE UP UP TRUE 1 8 0x42002002 1 Record(s) Found. The Second PW Forward Infomation : VCLABEL TNLTYPE ENTRYTYPE PWSTATE BFDSTATE ADMIN CTLWORD CC CV TNLID --------------------------------------------------------------------------21504 LSP SEND INACTIVE UP UP TRUE 1 8 0x2002004 1 Record(s) Found.
Run the display mpls l2vc oam-mapping [ interface interface-type interface-number ] command, and you can view that AC OAM State and BFD state are up. For example:
<Quidway> display mpls l2vc oam-mapping int pos 1/0/0 AC OAM Info: ACFD Index : 0x800 Notify : Enable Detect : Enable AC OAM State : Up OAM-mapping : Enable PSN info: VC-ID : 100 VC status : Primary Active State : Active Link State : Up BFD for PW : Enable BFDSessionIndex:257 ,BFD State : up BFD for LSP : 0 TunnelNum: 1 PSN State : up VC-ID : 200 VC status : Secondary Active State : Inactive Link State : Up BFD for PW : Enable BFDSessionIndex:256 ,BFD State : up BFD for LSP : 0 TunnelNum: 1 PSN State : up
Run the manual-set pw-ac-fault command on the AC interface of the master PW, the following situations occur:
l l l
The status of the master PW is Down. VC status of the master PW is InActive, and that of the backup PW is Active. L2VPN data is switched to the backup PW.
Run the undo manual-set pw-ac-fault command on the AC interface of the master PW to rectify the fault on the PW, the following situations occur:
l l l
The status of the master PW is up. VC status of the master PW is Active, and VC status of the backup PW is InActive. L2VPN data is switched to the master PW.
Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd. Issue 03 (2008-09-22)
6-46
6 PWE3 Configuration
Pre-configuration Tasks
Before configuring heterogeneous transport in PWE3, complete the following tasks:
l
Configuring an IGP protocol for PEs and Ps in the MPLS backbone network for IP connectivity Enabling MPLS on PEs Setting up a tunnel according to the tunnel policy in the case of non-local connections Establishing an LDP session between PEs, or establishing a remote LDP session between PEs that are not directly connected Configuring sub-interfaces when the AC type is VLAN, configuring VCs when the AC type is ATM
NOTE
l l l
For details of VLAN sub-interfaces and ATM VCs, refer to the chapter "VLAN Configuration" in the Quidway NetEngine80E/40E Router Configuration Guide - LAN Access and MAN Access and the chapter "ATM Configuration" in the Quidway NetEngine80E/40E Router Configuration Guide - WAN Access.
Data Preparation
Before configuring heterogeneous transport in PWE3, complete the following tasks: No. 1 2 Data Two CEs accessing the homogeneous networks MAC address of the CE connected to the Ethernet network or VLAN
6 PWE3 Configuration
Context
Do as follows on the PEs at the two ends of a VC:
Procedure
l Dynamic PWs 1. Run:
system-view
The AC interface view is displayed. 5. (Optional) Choose one of the following commands.
Run the local-ce ip ip-address command to configure an IP address for the CE interface. Run the local-ce mac mac-address command to specify the MAC address of the local CE interface.
6 PWE3 Configuration
Run the local-ce ip ip-address command to configure an IP address for the CE interface. Run the local-ce mac mac-address command to specify the MAC address of the local CE interface.
Because L2VPN does not support packet fragmentation, large packets sent from the CE to the PE cannot be forwarded to the PSN. When configuring VLL, you are recommended to set the MTU value of a CE interface that connects to the PE to 1500 by using the mtu command. As a result, larger packets sent by the CE to the PE are fragmented first. The fragmented packets can be correctly forwarded in the public network.
----End
Run the display mpls l2vc [ vc-id | interface interface-type interface-number ] command, you can view that the peer address of the specified VC is destination, VC State is up, and VC type is IP-interworking. For example:
<PE1> display mpls l2vc interface atm 1/0/0 *client interface : Atm1/0/0 is up session state : up AC state : up VC state : up VC ID : 100 VC type : IP-interworking destination : 2.2.2.2 local group ID : 0 remote group ID local VC label : 21504 remote VC label local AC OAM State : up local PSN State : up
: 0 : 21504
Issue 03 (2008-09-22)
6-49
6 PWE3 Configuration
local forwarding state : remote AC OAM state : remote PSN state : remote forwarding state: BFD for PW : manual fault : active state : forwarding entry : link state : local VC MTU : local VCCV : remote VCCV : local fragmentantion : local control word : tunnel policy : traffic behavior : PW template name : primary or secondary : VC tunnel/token info : NO.0 TNL type : lsp create time : up time : last change time :
Run the display mpls l2vc brief command. You can find that destination is the peer IP address of the specified VC and VC state is up. For example:
<Quidway> display mpls l2vc brief Total ldp vc : 1 1 up 0 down *Client Interface VC State VC ID VC Type Destination : : : : : GigabitEthernet1/0/0.1 up 101 VLAN 3.3.3.9
Run the display mpls l2vc remote-info command, and you can view that Peer Addr is the peer address of the specified VC and Remote Encap is IP-interworking. For example:
<Quidway> display mpls l2vc remote-info Total remote ldp vc : 1 Transport Group Peer Remote Remote VC ID ID Addr Encap VC Label 100 0 2.2.2.2 interworking 21504
Run the display mpls static-l2vc [ vc-id | interface interface-type interface-number | state { down | up } ] command, and you can view that the VC State of the PW is up and VC Type is IP-interworking. For example:
<Quidway> display mpls static-l2vc interface pos 1/0/0 *Client Interface : Pos1/0/0 is up AC Status : up VC State : up VC ID : 100 VC Type : IP-interworking Destination : 3.3.3.9 Transmit VC Label : 100 Receive VC Label : 100 Control Word : Disable VCCV Capability : Disable Tunnel Policy : -PW Template Name : pwt Traffic Behavior : -Main or Secondary : Main VC tunnel/token info : 1 tunnels/tokens NO.0 TNL Type : lsp , TNL ID : 0x2002003 Create time : 0 days, 0 hours, 13 minutes, 7 seconds UP time : 0 days, 0 hours, 10 minutes, 23 seconds Last change time : 0 days, 0 hours, 10 minutes, 23 seconds
6-50
Issue 03 (2008-09-22)
6 PWE3 Configuration
Inter-AS PWE3-Option A: Option A is easy to implement and applicable to the scenario where the number of inter-AS PWs is small. Inter-AS PWE3-Option C: In this option, PWs are not required for ASBR PEs. When multiple inter-AS PWs exist in each AS, the ASBR PE may be the bottleneck in expanding the network.
Pre-configuration Tasks
Before configuring inter-AS PWE3, complete the following tasks:
l
Configuring an IGP protocol for MPLS backbone networks in each AS to ensure IP connectivity within an AS Configuring basic MPLS functions for MPLS backbone networks in each AS Configuring MPLS LDP for MPLS backbone networks in each AS and establishing LDP LSP For Option C, setting up the IBGP peer relationship between the PE and the ASBR PE of the same AS and setting up the EBGP peer relationship between two ASBR PEs
l l
Data Preparation
To configure inter-AS PWE3, you need the following data. No. 1 2 3
Issue 03 (2008-09-22)
Data Option of the inter-AS VPN AS number of each AS IP addresses of the interfaces that connect ASBR PEs (for Option C)
Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd. 6-51
6 PWE3 Configuration
No. 4
NOTE
Configuring Dynamic PWs for each AS Configuring the local ASBR PE by regarding the peer ASBR PE as its CE
No inter-AS configuration is needed on the ASBR-PEs. You need not configure the IP addresses on the interfaces that directly connected ASBRs. The configuration details are not mentioned here.
CAUTION
In inter-AS Option C, LDP cannot be applied between ASBR PEs. If LDP is enabled on the interfaces between the ASBR PEs, an LDP session is set up between the ASBR PEs. In this way, the local ASBR PE sets up the egress LSP and sends a Mapping message to the upstream ASBR PE. After receiving the Mapping message, the upstream ASBR PE sets up the transit LSP. In the case of a large number of BGP routes, a great amount of LDP labels are consumed if LDP is enabled on the interfaces connecting two ASBR PEs. To advertise routes destined for the LSR ID of the local PE to a remote P device, you can set up the IBGP peer relationship between a remote ASBR and the remote P device.
Procedure
l Configuring Labeled IPv4 Route Exchange on the PE Side Do as follows on the PEs: 1. Run:
system-view
6-52
Issue 03 (2008-09-22)
6 PWE3 Configuration
The labeled IPv4 route exchange with the ASBR PE in the local AS is enabled. l Configuring Labeled IPv4 Route Exchange on the ASBR PE Side Do as follows on the ASBR PEs: 1. Run:
system-view
The view of the interface that connects the peer ASBR is displayed. 3. Run:
ip address ip-address { mask | mask-length }
The labeled IPv4 route exchange with the U-PE in the local AS is enabled. 8. Run:
peer peer-address as-number as-number
The labeled IPv4 route exchange with the peer ASBR PE is enabled. In the Option C, an inter-AS LSP must be set up. The public network routes advertised between the related PEs and the ASBR PEs carry MPLS labels. If an ASBR PE and its peer ASBR PE set up the EBGP peer relationship, the two peers can exchange labeled IPv4 routes. The public network routes carrying MPLS labels are advertised by MP-BGP. According to RFC 3107 (Carrying Label Information in BGP-4), label mapping information of a route can be carried in the BGP update (piggyback). The feature is realized through the extended BGP attribute. BGP peers must be capable of processing labeled IPv4 routes. By default, a BGP peer cannot process labeled IPv4 routes. l
Issue 03 (2008-09-22)
6 PWE3 Configuration
A label is allocated to the IPv4 route. l Applying the Routing Policy Do as follows on the ASBR PE: 1. Run:
system-view
The routing policy used when the routes are advertised to the local U-CE is configured. 4. Run:
peer peer-address route-policy policy-name2 export
The routing policy used when the routes are advertised to the peer ASBR PE is configured. After the routing policy is applied on the ASBR PE:
6-54 Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd. Issue 03 (2008-09-22)
6 PWE3 Configuration
For the routes received on the PE in the local AS, an MPLS label is allocated to the routes when the routes are advertised to the peer ASBR PE. For the routes advertised to the PE in the local AS, if the routes are labeled IPv4 routes, the MPLS label is reallocated to the routes.
Allocating labels to the IPv4 routes is controlled by the routing policy. The labels are allocated to the routes that satisfy certain conditions. By default, IPv4 routes do not carry any MPLS label. l Establishing MPLS LDP Remote Sessions Between U-PEs Do as follows on the U-PEs: 1. Run:
system-view
The name of an LDP remote session is specified. To exchange PW information between the U-PEs, the MPLS LDP remote session must be set up. 3. Run:
remote-ip ip-address
The remote IP address of the LDP remote session is specified. l Configuring MPLS L2VC Connections 1. ----End Configure the SH dynamic PW on the inter-AS U-PEs. For the detailed configuration, see "Configuring Dynamic PWs."
Run the display mpls l2vc [ vc-id | interface interface-type interface-number ] command, you can view that "VC state" is up. For example:
<Quidway> display mpls l2vc interface gigabitethernet 1/0/0.1 *client interface : GigabitEthernet1/0/0.1 is up session state : up AC state : up VC state : up
Issue 03 (2008-09-22)
6-55
6 PWE3 Configuration
VC ID : VC type : destination : local group ID : local VC label : local AC OAM State : local PSN State : local forwarding state : remote AC OAM state : remote PSN state : remote forwarding state: BFD for PW : manual fault : active state : forwarding entry : link state : local VC MTU : local VCCV : remote VCCV : local fragmentantion : local control word : tunnel policy : traffic behavior : PW template name : primary or secondary : VC tunnel/token info : NO.0 TNL type : gre create time : up time : last change time :
Run the display mpls l2vc remote-info command, and you can view that "Peer Addr" is the peer address of the specified VC. For example:
<Quidway> display mpls l2vc remote-info Total remote ldp vc : 1 Transport Group Peer Remote VC ID ID Addr Encap 100 0 192.3.3.3 vlan
When a PW that connects the ATM interfaces on two CEs is simulated as the leased line, you can configure ATM whole port cell transport. In this way, the ATM cells can be
Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd. Issue 03 (2008-09-22)
6-56
6 PWE3 Configuration
transparently transmitted to the peer port without being processed or switched on the VPC/ VCC layer.
l
If a PSN network that transmits ATM services requires high transmission speed but has light service traffic, you can configure 1-to-1 VCC ATM cell transport. If a large amount of ATM services are transparently transmitted over a PSN network, you can configure N-to-1 VCC ATM cell transport. In N-to-1 VCC ATM cell transport, an ATM physical link can be divided into multiple PVCs. Each PVC can transmit a single service. For example, you can create three PVCs to transmit audio traffic, video traffic, and data traffic respectively. This helps improve ATM QoS. If a PSN that transmits the ATM services requires high transmission speed, the service traffic is light, and the ATM services have the same destination (that is, the VPI values on the PW are the same), you can configure 1-to-1 VPC ATM cell transport. If a large amount of ATM services are transmitted over a PSN network and a PW bears cells of multiple ATM PVCs, you can configure N-to-1 VPC ATM cell transport. In Nto-1 VPC ATM cell transport, multiple PVPs can transmit various services such as video traffic, audio traffic, and data. Each PVP can transmit a single service. For example, a PVP transmits audio traffic, and another PVP transmits video traffic. This helps improve ATM QoS. If an ATM network has a great amount of services in AAL5 frames, you can configure ATM AAL5 SDU VCC cell transport.
Pre-configuration Tasks
Before configuring ATM cell transport, complete the following tasks:
l
Configuring an IGP protocol for PEs and Ps in the MPLS backbone network for IP connectivity Configuring basic MPLS functions for PEs and Ps in the backbone network Configuring MPLS LDP for PEs and Ps in the MPLS backbone network Setting up remote LDP sessions between PEs Enabling MPLS L2VPN on the PEs Configuring a primary ATM interface on the PEs to ensure the interface and the physical links of CEs are Up. IPOA instead of port transparent transmission can be configured on the primary interface
l l l l l
Data Preparation
To configure ATM cell transport, you need the following data. No. 1 2 Data Numbers of the ATM interfaces Destination address and VC ID of the L2VC
6 PWE3 Configuration
Context
Do as follows on the ATM interface connecting the CE to the PE:
Procedure
Step 1 Run:
system-view
The VPI and VCI of the ATM interface are configured. Step 5 Run:
map ip { ip-address [ ip-mask ] | default | inarp [ minutes ] } [ broadcast ]
Procedure
l ATM Whole Port Cell Transport 1. Run:
system-view
6 PWE3 Configuration
For the , configure the interface to be in cell transport mode by running the atm cell transfer command before configuring MPLS L2VPN. If MPLS L2VPN is configured first, MPLS L2VPN uses the frame transport by default. After you use the atm cell transfer command to configure an interface to be in cell transport mode, you must run the shutdown and the undo shutdown commands on the interface; otherwise, the interface still works in frame transpot mode.
An ATM sub-interface of the P2P mode is created and the ATM sub-interface view is displayed.
NOTE
Actually, the P2P interface type partially determines the ATM cell transport mode. The P2P interface type also determines the 1-to-1 mode. Whether the mode is 1-to-1 VCC or 1-to-1 VPC is determined by other commands. The default type of the created sub-interface is P2MP.
3.
Run:
atm cell transfer
For the , configure the interface to be in cell transport mode by running the atm cell transfer command before configuring MPLS L2VPN. If MPLS L2VPN is configured first, MPLS L2VPN uses the frame transport by default. After you use the atm cell transfer command to configure an interface to be in cell transport mode, you must run the shutdown and the undo shutdown commands on the interface; otherwise, the interface still works in frame transpot mode.
4.
Run:
pvc { pvc-name vpi/vci | vpi/vci }
A PVC is created and the PVC view is displayed. Different from the N-to-1 VCC mode, the 1-to-1 VCC mode has the VPI/VCI mapping that does not need to be explicitly configured. When creating a PVC, the PEs at both ends use the VPI/VCI values of the CEs to which the PEs are connected. Through L2VC connections, the system automatically identifies them as the same VC and completes VPI/VCI mapping. l N-to-1 VCC ATM Cell Transport 1. Run:
system-view
An ATM sub-interface of the P2MP mode is created and the ATM sub-interface view is displayed.
Issue 03 (2008-09-22) Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd. 6-59
6 PWE3 Configuration
The default type of the created sub-interface is P2MP. The N-to-1 ATM cell transport can be configured only on the ATM sub-interface of the P2MP type rather than the main interface. The N-to-1 mode indicates that multiple VCs are mapped to only one PW. The type of the sub-interface must be P2MP. 3. Run:
atm cell transfer
For the , configure the interface to be in cell transport mode by running the atm cell transfer command before configuring MPLS L2VPN. If MPLS L2VPN is configured first, MPLS L2VPN uses the frame transport by default. After you use the atm cell transfer command to configure an interface to be in cell transport mode, you must run the shutdown and the undo shutdown commands on the interface; otherwise, the interface still works in frame transpot mode.
4.
Run:
pvc { pvc-name vpi/vci | vpi/vci }
A PVC is created and the PVC view is displayed. l 1-to-1 VPC ATM Cell Transport 1. Run:
system-view
An ATM sub-interface of the P2P mode is created and the sub-interface view is displayed. The default type of the created sub-interface is P2MP. The 1-to-1 ATM cell transport can be configured only on the ATM sub-interface of the P2P type instead of the primary interface. The 1-to-1 mode indicates a PW is mapped to a VC. The type of the sub-interface must be P2P. 3. Run:
atm cell transfer
The ATM cell transport is configured for the ATM interface. The encapsulation types of the ATM cell transport are classified into cell transport and frame transport. The former is applied to all AALs (indicated by AAL0) and the latter is applied to AAL5. An ATM sub-interface has three types of working modes:
If the atm cell transfer command is used, cell transport is adopted; otherwise, AAL5 is adopted by default and frame transport or IPoA forwarding is adopted. 4. Run:
pvp vpi
6-60
Issue 03 (2008-09-22)
6 PWE3 Configuration
A PVP is created and the PVP view is displayed. Different from the N-to-1 VCC mode with the VPI/VCI mapping that needs to be configured explicitly, 1-to-1 VPC mode has the VPI mapping that does not need to be explicitly configured. When creating a PVC, the PEs at the both ends use the VPI values of the CEs with which the PEs are connected. Through L2VC connections, the system automatically identifies them as the same VP and completes VPI mapping. l N-to-1 VPC ATM Cell Transport 1. Run:
system-view
An ATM sub-interface of the P2MP mode is created and the sub-interface view is displayed. The N-to-1 ATM cell transport can be configured only on the ATM sub-interface of the P2MP type rather than the main interface. The N-to-1 mode indicates that multiple VCs are mapped to only one PW. The type of the sub-interface must be P2MP. 3. Run:
atm cell transfer
For the , configure the interface to be in cell transport mode by running the atm cell transfer command before configuring MPLS L2VPN. If MPLS L2VPN is configured first, MPLS L2VPN uses the frame transport by default. After you use the atm cell transfer command to configure an interface to be in cell transport mode, you must run the shutdown and the undo shutdown commands on the interface; otherwise, the interface still works in frame transpot mode.
The encapsulation types of the ATM cell transport are classified into cell transport and frame transport. The former is applicable to all AALs (indicated by AAL0) and the latter is applicable to AAL5. An ATM sub-interface has three types of working modes:
If the atm cell transfer command is used, cell transport is adopted; otherwise, AAL5 is adopted by default and frame transport or IPoA forwarding is adopted. 4. Run:
pvp vpi
A PVP is created and the PVP view is displayed. l ATM AAL5 SDU VCC Cell Transport 1. Run:
system-view
Issue 03 (2008-09-22)
6-61
6 PWE3 Configuration
An ATM sub-interface of the P2P type is created and the sub-interface view is displayed. 3. Run:
pvc { pvc-name vpi/vci | vpi/vci }
A PVC is created and the PVC view is displayed. To configure AAL5 SDU cell transport, create a PVC before establishing an MPLS L2VPN connection in Martini mode. After the L2VPN connection is set up successfully, you cannot delete the created PVC unless you have torn down the L2VPN connection. The encapsulation types of the ATM cell transport are classified into cell transport and frame transport. The former is applicable to all AALs (indicated by AAL0) and the latter is applicable to AAL5. An ATM sub-interface has three types of working modes:
If the atm cell transfer command is used, cell transport is adopted; otherwise, AAL5 is adopted by default and frame transport or IPoA forwarding is adopted. If the atm cell transfer command is not used, the sub-interface works in cell transport mode. ----End
When configuring ATM cell transport, you can use PWE3 or other connections of VLL. For the detailed configuration, refer to the chapter "VLL Configuration" in the Quidway NetEngine80E/40E Router Configuration Guide - VPN.
6 PWE3 Configuration
Procedure
l ATM Whole Port Cell Transport 1. Run:
system-view
The ATM cell transport of the ATM interface is deleted. l 1-to-1 VCC ATM Cell Transport 1. Run:
system-view
Issue 03 (2008-09-22)
6-63
6 PWE3 Configuration
The ATM sub-interface is deleted. l N-to-1 VCC ATM Cell Transport 1. Run:
system-view
The ATM sub-interface is deleted. If multiples PVCs exist on the ATM sub-interface, you can use the commands in Steps 4, 5, 6, and 7 repeatedly to delete all PVCs. After tearing down the MPLS L2VPN connection on the ATM sub-interface by running the command in Step 3, you can run the commands in Steps 9 and 10 to delete the ATM sub-interface. l 1-to-1 VPC ATM Cell Transport 1.
6-64
Run:
Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd. Issue 03 (2008-09-22)
6 PWE3 Configuration
The ATM sub-interface is deleted. N-to-1 VPC ATM Cell TransportRun:system-viewThe system view is displayed.Run:interface atm interface-number.subnumberThe ATM sub-interface view is displayed.Run:undo mpls l2vcThe MPLS L2VPN connection in Martini mode is torn down.Run:pvp vpiThe PVP view is displayed.Run:shutdownThe PVP is disabled.Run:quitReturn to the ATM sub-interface view.Run:undo pvp vpiThe PVC is deleted.Run:undo atm cell transferThe cell transport on the ATM interface is deleted.Run:quitReturn to the system view.Run:undo interface atm interfacenumber.subnumberThe ATM sub-interface is deleted.If multiples PVCs exist on the ATM sub-interface, you can use the commands in Steps 4, 5, 6, and 7 repeatedly to delete all PVCs. After tearing down the MPLS L2VPN connection on the ATM sub-interface by running the command in Step 3, you can run the commands in Steps 9 and 10 to delete the ATM sub-interface. ----End
Issue 03 (2008-09-22) Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd. 6-65
6 PWE3 Configuration
Run the display mpls l2vc command, and you can view that the "Destination" is the peer address of the specified VC, "VC State" is "up", "VC Type" is the configured ATM cell transport type, and CEs can ping through each other. For example:
<Quidway> display mpls l2vc Total ldp vc : 1 1 up 0 down *Client Interface : Atm1/0/0.1 Session State : up AC Status : up VC State : up VC ID : 101 VC Type : atm aal5 sdu Destination : 3.3.3.9 Local VC Label : 17408 Remote VC Label : 17408 Control Word : enable Local VC MTU : 1500 Remote VC MTU : 1500 Tunnel Policy Name : -Traffic Behavior Name: -PW Template Name : -Create time : 0 days, 0 hours, 3 minutes, 14 seconds UP time : 0 days, 0 hours, 1 minutes, 48 seconds Last change time : 0 days, 0 hours, 1 minutes, 48 seconds
Run the display mpls l2vc remote-info command, and you can view that "Peer Addr" is the peer address of the specified VC and "Remote Encap" is the configured ATM cell transport type. For example:
<Quidway> display mpls l2vc remote-info Total remote ldp vc : 1 Transport Group Peer Remote Remote VC ID ID Addr Encap VC Label 100 0 3.3.3.9 atm aal5 sdu 17408
6.13 Maintaining a PW
This section describes how to check the PW connectivity and debug PWE3. 6.13.1 Verifying the Connectivity of a PW 6.13.2 Debugging a PW 6.13.3 Debugging a PWE3
6-66 Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd. Issue 03 (2008-09-22)
6 PWE3 Configuration
To verify the connectivity of a PW in CW mode, you need to configure the vccv cc cw cv lspping command on PW templates of the two U-PEs at both ends of the PW. Similarly, to verify the connectivity of a PW in MPLS Router Alert mode, you need to configure the vccv cc alert cv lsp-ping command on PW templates on both ends of the PW. At present, VCCV-PING does not support the following:
l
S-PE devices do not support the vccv cc alert cv lsp-ping command. (The command is supported only on U-PE devices.) Multiple users cannot run the command simultaneously. That is, the devices on the two ends cannot ping a VC at the same time. On a device serving as both a U-PE and an S-PE, if the PW serving as S-PE is performing VCCV-PING, the PW serving as U-PE will be unable to perform VCCV-PING. That is, two VCCV-PINGs cannot be performed on a same device at the same time. The MTU check of the VC is not supported.
For a multi-hop PW (MH-PW), you need to specify the local VC ID and VC type. For the CW mode, if VC IDs are different, you need to specify the VC ID of the remote U-PE. For the MPLS router Alert mode, you need to specify the addresses of the remote peer S-PEs or U-PEs Because a static PW does not support signaling negotiation, configurations of the U-PE control word on both ends of the PW are different, with the control word being enabled on one end, but disabled on the other. When the MPLS Router Alert mode is enabled on both ends, the PW can be Up and the ping vc command can work. However, CEs cannot communicate with each other because the control words are different.
6.13.2 Debugging a PW
Issue 03 (2008-09-22) Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd. 6-67
6 PWE3 Configuration
To locate a PW fault, first configure basic PWE3 functions through the PW template, and then run the following commands on U-PEs. Action Enter the system view of U-PE. Enter the PW template view. Enable the CW mode. Enable connectivity check of a PW. Collect information about each LSR on the PW and the egress PE. Command system-view pw-template pw-template-name control-word vccv cc { alert | cw } * cv lsp-ping
l
tracert vc { { encapsulation | ip-interworking } pwid [ -exp exp-value | -f first-ttl | -m max-ttl | -r replymode | -t timeout-value ]* control-word [ remote remote-pw-id ] } [ full-lsp-path ] tracert vc { { encapsulation | ip-interworking } pwid [ -exp exp-value | -f first-ttl | -m max-ttl | -r replymode | -t timeout-value ]* label-alert [ remote remote-ip-address ] } [ full-lsp-path ] tracert vc { { encapsulation | ip-interworking } pwid [ -exp exp-value | -f first-ttl | -m max-ttl | -r replymode | -t timeout-value ]* normal [ remote remoteip-address ] } [ full-lsp-path ]
To locate a PW fault in CW mode, you need to configure the vccv cc cw cv lsp-ping command in PW templates of the two U-PEs on both ends of the PW. Similarly, to locate a PW fault in MPLS Router Alert mode, you need to configure the vccv cc alert cv lsp-ping command in PW templates on both ends of the PW. When using the tracert vc command to locate a PW fault, you need to pay attention to the following:
l
S-PE devices do not support the command. The command is supported only on U-PE devices. This command can be used to tracert both a single-hop PW (SH-PW) and an MH-PW constructed in the LDP mode. When tracerting an MH-PW, besides specifying the local PW ID and PW type, you need to specify the remote PW ID. CX devices do not support this command.
The device that initiates tracert receives an MPLS Echo Reply packet from the Egress device. The TTL in the label of the previous MPLS Echo Request packet sent by the device that initiates tracert reaches the set or default maximum number of hops. The user enters Ctrl+C on the device that initiates tracert.
The source PE of PWE3 Tracert, by orderly sending MPLS Echo Request packets with the Timeto-Live (TTL) of the outer label being 1, 2, 3? and the TTL of the inner label being 1, collects
6-68 Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd. Issue 03 (2008-09-22)
6 PWE3 Configuration
the information about each LSR and egress PE that the PW passes through. If you don not want a device to send MPLS Echo Reply packets after receiving MPLS Echo Request packets from another device, run the following commands in the system view of the device. Action Disable response to MPLS Echo Request packets. Or enable filtering of the source addresses of MPLS Echo Request packets; filtering rules are specified in the ACL configuration. Command undo lspv mpls-lsp-ping echo enable lspv packet-filter acl-number
To view information about PWE3 Tracert of the current device, run the following commands on the device. Action View statistics on PWE3 Tracert. View the current configuration of PWE3 Tracert. Command display lspv statistics display lspv configuration
To clear statistics on PWE3 tracert, run the following command in the user view of the device. Action Clear statistics on PWE3 tracert. Command reset lspv statistics
CAUTION
Debugging affects the performance of the system. So, after debugging, run the undo debugging all command to disable it immediately. In the case of operational faults, run the debugging command in the user view to debug the PWE3 and locate the faults. For the procedure of outputting the debugging information, refer to the chapter "Maintenance and Debugging" in the Quidway NetEngine80E/40E Router Configuration Guide - System Management. Action Enable debugging of MPLS ping/tracert. Command debugging mpls lspc { all | error | event | packet }
Issue 03 (2008-09-22)
6-69
6 PWE3 Configuration
6 PWE3 Configuration
6.14.1 Example for Configuring Dynamic SH-PW (Using the LSP Tunnel)
Networking Requirements
As shown in Figure 6-16, CE1 and CE2 are connected to PE1 and PE2 through VLAN respectively. PE1 and PE2 are linked to each other through the MPLS backbone. You should set up a dynamic PW between PE1 and PE2 using the LSP tunnel. Figure 6-16 Networking diagram of dynamic SH-PW using the LSP tunnel MPLS Backbone Loopback0 192.2.2.2/32 POS2/0/0 10.1.1.1/24 PE1 GE1/0/0.1 VLAN1 GE1/0/0.1 100.1.1.1/24 POS1/0/0 10.1.1.2/24 P PW GE1/0/0.1 100.1.1.2/24 VLAN2 Loopback0 192.4.4.4/32 Loopback0 192.3.3.3/32 POS2/0/0 10.2.2.2/24 POS2/0/0 10.2.2.1/24 GE1/0/0.1 PE2
CE1
CE2
Configuring Roadmap
The configuration roadmap is as follows: 1. 2. 3. Run the IGP on routers of the backbone network. Enable MPLS for the backbone network and set up an LSP; set up MPLS LDP remote peer relationship between PEs. Create an MPLS L2VC on PEs.
Data Preparation
To complete the configuration, you need the following data.
l l l
L2VC ID (It must be identical at both ends of a PW.) MPLS LSR ID on each PE and P Remote peer address of PE
Configuration Procedure
1.
Issue 03 (2008-09-22)
Configure CE.
Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd. 6-71
6 PWE3 Configuration
# Configure CE1
<Quidway> system-view [Quidway] sysname CE1 [CE1] interface gigabitethernet 1/0/0 [CE1-GigabitEthernet1/0/0] undo shutdown [CE1-GigabitEthernet1/0/0] quit [CE1] interface gigabitethernet 1/0/0.1 [CE1-GigabitEthernet1/0/0.1] vlan-type dot1q 1 [CE1-GigabitEthernet1/0/0.1] ip address 100.1.1.1 24 [CE1-GigabitEthernet1/0/0.1] undo shutdown [CE1-GigabitEthernet1/0/0.1] quit
# Configure CE2
<Quidway> system-view [Quidway] sysname CE2 [CE2] interface gigabitethernet 1/0/0 [CE2-GigabitEthernet1/0/0] undo shutdown [CE2-GigabitEthernet1/0/0] quit [CE2] interface gigabitethernet 1/0/0.1 [CE2-GigabitEthernet1/0/0.1] vlan-type dot1q 2 [CE2-GigabitEthernet1/0/0.1] ip address 100.1.1.2 24 [CE2-GigabitEthernet1/0/0.1] undo shutdown [CE2-GigabitEthernet1/0/0.1] quit
2.
Configure the IGP for the MPLS backbone. Configure the IGP for the MPLS backbone. Take OSPF as an example. The configuration details are not mentioned here. After the configuration, PE1 and PE2 can learn the loopback 0 address of each other that is discovered by the OSPF protocol, and can ping through each other.
<PE1> display ip routing-table Route Flags: R - relied, D - download to fib -----------------------------------------------------------------------------Routing Tables: Public Destinations : 9 Routes : 9 Destination/Mask Proto Pre Cost Flags NextHop Interface 10.1.1.0/24 Direct 0 0 D 10.1.1.1 Pos2/0/0 10.1.1.1/32 Direct 0 0 D 127.0.0.1 InLoopBack0 10.1.1.2/32 Direct 0 0 D 10.1.1.2 Pos2/0/0 10.2.2.0/24 OSPF 10 2 D 10.1.1.2 Pos2/0/0 127.0.0.0/8 Direct 0 0 D 127.0.0.1 InLoopBack0 127.0.0.1/32 Direct 0 0 D 127.0.0.1 InLoopBack0 192.2.2.2/32 Direct 0 0 D 127.0.0.1 InLoopBack0 192.3.3.3/32 OSPF 10 3 D 10.1.1.2 Pos2/0/0 192.4.4.4/32 OSPF 10 2 D 10.1.1.2 Pos2/0/0 <PE1> ping 192.3.3.3 PING 192.3.3.3: 56 data bytes, press CTRL_C to break Reply from 192.3.3.3: bytes=56 Sequence=1 ttl=254 time=230 ms Reply from 192.3.3.3: bytes=56 Sequence=2 ttl=254 time=120 ms Reply from 192.3.3.3: bytes=56 Sequence=3 ttl=254 time=120 ms Reply from 192.3.3.3: bytes=56 Sequence=4 ttl=254 time=120 ms Reply from 192.3.3.3: bytes=56 Sequence=5 ttl=254 time=90 ms --- 192.3.3.3 ping statistics --5 packet(s) transmitted 5 packet(s) received 0.00% packet loss round-trip min/avg/max = 90/136/230 ms
3.
Enable MPLS and set up an LSP and an remote session between PEs. Enable MPLS in the MPLS backbone. Then set up an LSP tunnel and LDP remote sessions between PEs. The configuration details are not mentioned here. After the configuration, run the related command, and you can see that LDP sessions are set up between PEs, and between each pair of PE and P, and their status is Operational. Take the display of PE1 as an example.
6-72
Issue 03 (2008-09-22)
6 PWE3 Configuration
-----------------------------------------------------------------------------Peer-ID Status LAM SsnRole SsnAge KA-Sent/Rcv -----------------------------------------------------------------------------192.3.3.3:0 Operational DU Passive 000:00:04 18/18 192.4.4.4:0 Operational DU Passive 000:00:05 21/21 -----------------------------------------------------------------------------TOTAL: 2 session(s) Found. LAM : Label Advertisement Mode SsnAge Unit : DDD:HH:MM
4.
Create a VC connection. Enable MPLS L2VPN for PE1 and PE2, and create a VC connection between them.
NOTE
The PWE3 does not support P2MP. Therefore, if an MPLS L2VC is created on ATM sub-interfaces, ATM sub-interfaces must be of P2P type. You need not follow the preceding limitation in configuring the transparent ATM cell transport.
# Configure PE1
[PE1] mpls l2vpn [PE1-l2vpn] quit [PE1] interface gigabitethernet 1/0/0 [PE1-GigabitEthernet1/0/0] undo shutdown [PE1-GigabitEthernet1/0/0] quit [PE1] interface gigabitethernet 1/0/0.1 [PE1-GigabitEthernet1/0/0.1] vlan-type dot1q 1 [PE1-GigabitEthernet1/0/0.1] mpls l2vc 192.3.3.3 100 [PE1-GigabitEthernet1/0/0.1] undo shutdown [PE1-GigabitEthernet1/0/0.1] quit
# Configure PE2
[PE2] mpls l2vpn [PE2-l2vpn] quit [PE2] interface gigabitethernet 1/0/0 [PE2-GigabitEthernet1/0/0] undo shutdown [PE2-GigabitEthernet1/0/0] quit [PE2] interface gigabitethernet1/0/0.1 [PE2-GigabitEthernet1/0/0.1] vlan-type dot1q 2 [PE2-GigabitEthernet1/0/0.1] mpls l2vc 192.2.2.2 100 [PE2-GigabitEthernet1/0/0.1] undo shutdown [PE2-GigabitEthernet1/0/0.1] quit
5.
Verify the configuration. Check the connection information about L2VPN on PEs, and you can see that an L2VC has been set up, whose status is Up. Take the display of PE1 as an example:
<PE1> display mpls l2vc interface gigabitethernet 1/0/0.1 *client interface : GigabitEthernet1/0/0.1 is up session state : up AC state : up VC state : up VC ID : 100 VC type : VLAN destination : 192.3.3.3 local group ID : 0 remote group ID local VC label : 21504 remote VC label local AC OAM State : up local PSN State : up local forwarding state : forwarding remote AC OAM state : up remote PSN state : up remote forwarding state: forwarding
: 0 : 21504
Issue 03 (2008-09-22)
6-73
6 PWE3 Configuration
BFD for PW manual fault active state forwarding entry link state local VC MTU local VCCV remote VCCV local fragmentantion local control word tunnel policy traffic behavior PW template name primary or secondary VC tunnel/token info NO.0 TNL type : lsp create time up time last change time : : : : : : : : : : : : : : :
CE1 and CE2 can ping through each other. Take the display of CE1 as an example:
<CE1> ping 100.1.1.2 PING 100.1.1.2: 56 data bytes, press CTRL_C to break Reply from 100.1.1.2: bytes=56 Sequence=1 ttl=255 time=31 ms Reply from 100.1.1.2: bytes=56 Sequence=2 ttl=255 time=10 ms Reply from 100.1.1.2: bytes=56 Sequence=3 ttl=255 time=5 ms Reply from 100.1.1.2: bytes=56 Sequence=4 ttl=255 time=2 ms Reply from 100.1.1.2: bytes=56 Sequence=5 ttl=255 time=28 ms --- 100.1.1.2 ping statistics --5 packet(s) transmitted 5 packet(s) received 0.00% packet loss round-trip min/avg/max = 2/15/31 ms
Configuration Files
l
6-74
Issue 03 (2008-09-22)
6 PWE3 Configuration
Configuration file of P
# sysname P # mpls lsr-id 192.4.4.4 mpls # mpls ldp # interface Pos1/0/0 link-protocol ppp undo shutdown ip address 10.1.1.2 255.255.255.0 mpls mpls ldp # interface Pos2/0/0 link-protocol ppp undo shutdown ip address 10.2.2.1 255.255.255.0 mpls mpls ldp # interface LoopBack0 ip address 192.4.4.4 255.255.255.255 # ospf 1 area 0.0.0.0 network 192.4.4.4 0.0.0.0 network 10.1.1.0 0.0.0.255 network 10.2.2.0 0.0.0.255 # return
Issue 03 (2008-09-22)
6-75
6 PWE3 Configuration
interface Pos2/0/0 link-protocol ppp undo shutdown ip address 10.2.2.2 255.255.255.0 mpls mpls ldp # interface GigabitEthernet1/0/0 undo shutdown # interface GigabitEthernet 1/0/0.1 undo shutdown vlan-type dot1q 2 mpls l2vc 192.2.2.2 100 # interface LoopBack0 ip address 192.3.3.3 255.255.255.255 # ospf 1 area 0.0.0.0 network 192.3.3.3 0.0.0.0 network 10.2.2.0 0.0.0.255 # return l
6.14.2 Example for Configuring Dynamic SH-PW (Using the GRE Tunnel)
Networking Requirements
For the networking diagram, see Figure 6-17.CE1 and CE2 are connected to PE1 and PE2 through VLAN respectively. You should set up a dynamic PW between PE1 and PE2 using the GRE tunnel.
6-76
Issue 03 (2008-09-22)
6 PWE3 Configuration
Figure 6-17 Networking diagram of dynamic SH-PW using the GRE tunnel
Configuring Roadmap
The configuration roadmap is as follows: 1. 2. Configure the IGP protocol for the backbone network, so that devices in the backbone network can internetwork with each other. Configure basic MPLS functions for the backbone network, set up a GRE tunnel between PEs, and create tunnel policies. Set up MPLS LDP remote peer relationship between PEs on both ends of the PW. Create an MPLS L2VC connection on PEs and apply the tunnel policies to L2VC.
3.
Data Preparation
To complete the configuration, you need the following data.
l l l l l
L2VC ID (It must be identical at both ends of the PW.) MPLS LSR ID of PE-A and PE-B Remote peer address of PE Tunnel policy Source address, destination address, tunnel interface address of the GRE tunnel
Configuration Procedure
1. Configure CE. # Configure CE1
<Quidway> system-view [Quidway] sysname CE1 [CE1] interface gigabitethernet 1/0/0 [CE1-GigabitEthernet1/0/0] undo shutdown [CE1-GigabitEthernet1/0/0] quit [CE1] interface gigabitethernet 1/0/0.1 [CE1-GigabitEthernet1/0/0.1] vlan-type dot1q 1 [CE1-GigabitEthernet1/0/0.1] ip address 100.1.1.1 24
Issue 03 (2008-09-22)
6-77
6 PWE3 Configuration
[CE1-GigabitEthernet1/0/0.1] quit
# Configure CE2
<Quidway> system-view [Quidway] sysname CE2 [CE2] interface gigabitethernet 1/0/0 [CE2-GigabitEthernet1/0/0] undo shutdown [CE2-GigabitEthernet1/0/0] quit [CE2] interface gigabitethernet 1/0/0.1 [CE2-GigabitEthernet1/0/0.1] vlan-type dot1q 2 [CE2-GigabitEthernet1/0/0.1] ip address 100.1.1.2 24 [CE2-GigabitEthernet1/0/0.1] quit
2.
Configure the IGP for the MPLS backbone network. Configure the IGP for the MPLS backbone network. Take OSPF as an example. The detailed configuration is not mentioned here.
3.
Enable MPLS, and set up a GRE and remote LDP session. Enable MPLS on the PEs and set up the MPLS LDP remote session between the PEs. # Configure PE1.
[PE1] mpls lsr-id 192.2.2.2 [PE1] mpls [PE1-mpls] quit [PE1] mpls ldp [PE1-mpls-ldp] quit [PE1] mpls ldp remote-peer 192.3.3.3 [PE1-mpls-ldp-remote-192.3.3.3] remote-ip 192.3.3.3 [PE1-mpls-ldp-remote-192.3.3.3] quit
# Configure PE2.
[PE2] mpls lsr-id 192.3.3.3 [PE2] mpls [PE2-mpls] quit [PE2] mpls ldp [PE2-mpls-ldp] quit [PE2] mpls ldp remote-peer 192.2.2.2 [PE2-mpls-ldp-remote-192.2.2.2] remote-ip 192.2.2.2 [PE2-mpls-ldp-remote-192.2.2.2] quit
4.
Set up the GRE tunnel between the PEs and create a tunnel policy. # Configure PE1.
[PE1] interface loopback0 [PE1-LoopBack0] ip address 192.2.2.2 255.255.255.255 [PE1-LoopBack0] target-board 3 [PE1-LoopBack0] binding tunnel gre [PE1-LoopBack0] quit [PE1] interface tunnel 3/0/0 [PE1-Tunnel3/0/0] tunnel-protocol gre [PE1-Tunnel3/0/0] ip address 40.1.1.1 24 [PE1-Tunnel3/0/0] source loopback 0 [PE1-Tunnel3/0/0] destination 192.3.3.3 [PE1-Tunnel3/0/0] quit [PE1] tunnel-policy policy1 [PE1-Tunnel-policy-policy1] tunnel select-seq gre lsp load-balance-number 1 [PE1-Tunnel-policy-policy1] quit
# Configure PE2.
[PE2] interface loopback0 [PE2-LoopBack0] ip address 192.3.3.3 255.255.255.255 [PE2-LoopBack0] target-board 3 [PE2-LoopBack0] binding tunnel gre [PE2-LoopBack0] quit [PE2] interface tunnel 3/0/0 [PE2-Tunnel3/0/0] tunnel-protocol gre [PE2-Tunnel3/0/0] ip address 40.1.1.2 24 [PE2-Tunnel3/0/0] source loopback 0
6-78
Issue 03 (2008-09-22)
6 PWE3 Configuration
[PE2-Tunnel3/0/0] destinationn 192.2.2.2 [PE2-Tunnel3/0/0] quit [PE2] tunnel-policy policy1 [PE2-Tunnel-policy-policy1] tunnel select-seq gre lsp load-balance-number 1 [PE2-Tunnel-policy-policy1] quit
After the configuration, run the display this interface command, and you can see that a GRE tunnel has been successfully set up. That is, the value for Line protocol current state is UP.
[PE1] display interface tunnel 3/0/0 Tunnel3/0/0 current state : UP Line protocol current state : UP Last up time: 2007-11-13, 18:00:53 Description:HUAWEI, Quidway Series, Tunnel3/0/0 Interface Route Port,The Maximum Transmit Unit is 1500 Internet Address is 40.1.1.1/24 Encapsulation is TUNNEL, loopback not set Tunnel source 192.2.2.2 (LoopBack0), destination 192.3.3.3 Tunnel protocol/transport GRE/IP, key disabled keepalive disabled Checksumming of packets disabled QoS max-bandwidth : 64 Kbps 300 seconds input rate 0 bits/sec, 0 packets/sec 300 seconds output rate 0 bits/sec, 0 packets/sec 41 packets input, 4380 bytes 0 input error 107 packets output, 10988 bytes 11 output error
5.
Create a VC connection. Enable MPLS L2VPN for PE-A and PE-B, and create a VC-connection with the configured tunnel-policy.
NOTE
The PWE3 does not support P2MP. Therefore, if an MPLS L2VC is created on ATM sub-interfaces, ATM sub-interfaces must be of P2P type. ATM cell transport can be configured on both P2MP interfaces and P2P interfaces.
# Configure PE1.
[PE1] mpls l2vpn [PE1-l2vpn] quit [PE1] interface gigabitethernet 1/0/0 [PE1-GigabitEthernet1/0/0] undo shutdown [PE1-GigabitEthernet1/0/0] quit [PE1] interface gigabitethernet 1/0/0.1 [PE1-GigabitEthernet1/0/0.1] vlan-type dot1q 1 [PE1-GigabitEthernet1/0/0.1] mpls l2vc 192.3.3.3 100 tunnel-policy policy1 [PE1-GigabitEthernet1/0/0.1] quit
# Configure PE2.
[PE2] mpls l2vpn [PE2-l2vpn] quit [PE2] interface gigabitethernet 1/0/0 [PE2-GigabitEthernet1/0/0] undo shutdown [PE2-GigabitEthernet1/0/0] quit [PE2] interface gigabitethernet1/0/0.1 [PE2-GigabitEthernet1/0/0.1] vlan-type dot1q 2 [PE2-GigabitEthernet1/0/0.1] mpls l2vc 192.2.2.2 100 tunnel-policy policy1 [PE2-GigabitEthernet1/0/0.1] quit
6.
Verify the configuration. Check the connection information about L2VPN on PEs, and you can see that an L2VC has been set up, whose status is Up. Take the display of PE1 as an example:
<PE1> display mpls l2vc interface gigabitethernet 1/0/0.1
Issue 03 (2008-09-22)
6-79
6 PWE3 Configuration
CE1 and CE2 can ping through each other. Take the display of PE1 as an example:
<CE1> ping 100.1.1.2 PING 100.1.1.2: 56 data bytes, press CTRL_C to break Reply from 100.1.1.2: bytes=56 Sequence=1 ttl=255 time=31 ms Reply from 100.1.1.2: bytes=56 Sequence=2 ttl=255 time=10 ms Reply from 100.1.1.2: bytes=56 Sequence=3 ttl=255 time=5 ms Reply from 100.1.1.2: bytes=56 Sequence=4 ttl=255 time=2 ms Reply from 100.1.1.2: bytes=56 Sequence=5 ttl=255 time=28 ms --- 100.1.1.2 ping statistics --5 packet(s) transmitted 5 packet(s) received 0.00% packet loss round-trip min/avg/max = 2/15/31 ms
Configuration Files
l
6-80
Issue 03 (2008-09-22)
6 PWE3 Configuration
Configuration file of P
# sysname P # interface Pos1/0/0 undo shutdown link-protocol ppp ip address 10.1.1.2 255.255.255.0 # interface Pos2/0/0 undo shutdown link-protocol ppp ip address 10.2.2.1 255.255.255.0 # ospf 1 area 0.0.0.0 network 192.4.4.4 0.0.0.0 network 10.1.1.0 0.0.0.255 network 10.2.2.0 0.0.0.255 # return
Issue 03 (2008-09-22)
6-81
6 PWE3 Configuration
6 PWE3 Configuration
P1
S-PE
P2
POS2/0/0 30.1.1.1/24
tic Sta
Sta t
ic P W
POS2/0/0 10.1.1.1/24
U-PE1
CE1
CE2
Configuring Roadmap
The configuration roadmap is as follows: 1. 2. 3. 4. Run the IGP on routers of the backbone network. Enable MPLS for backbone network and set up an LSP between U-PE and the S-PE. Create static MPLS L2VCs on U-PEs. Create a PW switching on S-PE for MH-PW.
Data Preparation
To complete the configuration, you need the following data.
l l l l
L2VC IDs on U-PE1 and U-PE2 MPLS LSR IDs of U-PE1, S-PE, and U-PE2 PW template name and parameters on U-PEs VC label values needed for configuring the static PW (Pay attention to the relationship between the VC label values on both ends of the PW.) Encapsulation type for exchanging PWs on S-PE
Configuration Procedure
1. Configure CE. # Configure CE1.
<Quidway> system-view [Quidway] sysname CE1 [CE1] interface pos 1/0/0 [CE1-Pos1/0/0] ip address 100.1.1.1 24 [CE1-Pos1/0/0] undo shutdown [CE1-Pos1/0/0] quit
Issue 03 (2008-09-22)
6-83
6 PWE3 Configuration
# Configure CE2.
<Quidway> system-view [Quidway] sysname CE2 [CE2] interface pos 1/0/0 [CE2-Pos1/0/0] ip address 100.1.1.2 24 [CE2-Pos1/0/0] undo shutdown
[CE2-Pos1/0/0] quit 2. Configure the IGP for the MPLS backbone network Configure the IGP for the MPLS backbone network. In this example, use OSPF. Configure the IP addresses of the U-PEs, S-PEs and Ps as shown in Figure 6-18. While configuring OSPF, advertise 32-bit loopback address of all PEs. The detailed configuration is not mentioned here. 3. Configure MPLS for routers on the backbone network and set up a tunnel. Enable the MPLS for routers on the backbone network. Then set up an LSP between UPE1 and S-PE, and between the S-PE and U-PE2. The configuration details are omitted here. 4. Create a VC connection. Enable MPLS L2VPN for U-PE1, U-PE2 and the S-PE, and create a VC connection between U-PE1 and U-PE2.
NOTE
The PWE3 does not support P2MP. Therefore, if an MPLS L2VC is created on ATM sub-interfaces, ATM sub-interfaces must be of P2P type. For configuring transparent ATM cell transport, however, there is no such restriction.
# Configure U-PE1.
[U-PE1] pw-template pwt [U-PE1-pw-template-pwt] peer-address 3.3.3.9 [U-PE1-pw-template-pwt] quit [U-PE1] mpls l2vpn [U-PE1-l2vpn] quit [U-PE1] interface pos 1/0/0 [U-PE1-Pos1/0/0] mpls static-l2vc pw-template pwt 100 transmit-vpn-label 100 receive-vpn-label 100 [U-PE1-Pos1/0/0] undo shutdown [U-PE1-Pos1/0/0] quit
# Configure S-PE.
[S-PE] mpls l2vpn [S-PE-l2vpn] quit [S-PE] mpls switch-l2vc 5.5.5.9 100 trans 200 recv 200 between 1.1.1.9 100 trans 100 recv 100 encapsulation ppp
# Configure U-PE2.
[U-PE2] mpls l2vpn [U-PE2-l2vpn] quit [U-PE2] pw-template pwt [U-PE2-pw-template-pwt] peer-address 3.3.3.9 [U-PE2-pw-template-pwt] quit [U-PE2] interface pos 2/0/0 [U-PE2-Pos2/0/0] mpls static-l2vc pw-template pwt 100 transmit-vpn-label 200 receive-vpn-label 200 [U-PE2-Pos2/0/0] undo shutdown [U-PE2-Pos2/0/0] quit
NOTE
The transmit-vpn-labels configured on U-PEs must be consistent with the recv labels on the S-PE; the receive-vpn-labels configured on U-PEs must be consistent with the trans labels on the S-PE. Otherwise, CEs are unable to internetwork with each other.
6-84
Issue 03 (2008-09-22)
6 PWE3 Configuration
5.
Verify the configuration. Check the connection information about L2VPN on PEs, and you can see that an L2VC has been set up, whose status is Up. Take the display of U-PE1 and S-PE as an example:
<U-PE1> display mpls static-l2vc interface pos 1/0/0 *Client Interface : Pos1/0/0 is up AC Status : up VC State : up VC ID : 100 VC Type : PPP Destination : 3.3.3.9 Transmit VC Label : 100 Receive VC Label : 100 Control Word : Disable VCCV Capabilty : Disable Tunnel Policy : -PW Template Name : pwt Traffic Behavior : -Main or Secondary : Main VC tunnel/token info : 1 tunnels/tokens NO.0 TNL Type : lsp , TNL ID : 0x2002003 Create time : 0 days, 0 hours, 13 minutes, 7 seconds UP time : 0 days, 0 hours, 10 minutes, 23 seconds Last change time : 0 days, 0 hours, 10 minutes, 23 seconds <S-PE> display mpls switch-l2vc Total Switch VC : 1, 1 up, 0 down *Switch-l2vc type : SVC<---->SVC Peer IP Address : 5.5.5.9, 1.1.1.9 VC ID : 100, 100 VC Type : PPP VC State : up In/Out Label : 200/200, 100/100 Control Word : Disable, Disable VCCV Capability : Disable, Disable Switch-l2vc tunnel info : 1 tunnels for peer 5.5.5.9 NO.0 TNL Type : lsp , TNL ID : 0x2002006 1 tunnels for peer 1.1.1.9 NO.0 TNL Type : lsp , TNL ID : 0x1002000 Create time : 0 days, 0 hours, 12 minutes, 13 seconds UP time : 0 days, 0 hours, 5 minutes, 16 seconds Last change time : 0 days, 0 hours, 5 minutes, 16 seconds
CE1 and CE2 can ping through each other. Take the display of CE1 as an example:
<CE1> ping 100.1.1.2 PING 100.1.1.2: 56 data bytes, press CTRL_C to break Reply from 100.1.1.2: bytes=56 Sequence=1 ttl=255 time=188 Reply from 100.1.1.2: bytes=56 Sequence=2 ttl=255 time=187 Reply from 100.1.1.2: bytes=56 Sequence=3 ttl=255 time=187 Reply from 100.1.1.2: bytes=56 Sequence=4 ttl=255 time=188 Reply from 100.1.1.2: bytes=56 Sequence=5 ttl=255 time=188 --- 100.1.1.2 ping statistics --5 packet(s) transmitted 5 packet(s) received 0.00% packet loss round-trip min/avg/max = 187/187/188 ms ms ms ms ms ms
Configuration Files
l
Issue 03 (2008-09-22)
6-85
6 PWE3 Configuration
link-protocol ppp undo shutdown ip address 100.1.1.1 255.255.255.0 # return l
Configuration file of P1
# sysname P1 # mpls lsr-id 2.2.2.9 mpls # mpls ldp # interface Pos1/0/0 link-protocol ppp undo shutdown ip address 10.1.1.2 255.255.255.0 mpls mpls ldp # interface Pos2/0/0 link-protocol ppp undo shutdown ip address 20.1.1.1 255.255.255.0 mpls mpls ldp # interface LoopBack0
6-86
Issue 03 (2008-09-22)
6 PWE3 Configuration
Configuration file of P2
# sysname P2 # mpls lsr-id 4.4.4.9 mpls # mpls ldp # interface Pos1/0/0 link-protocol ppp undo shutdown ip address 30.1.1.2 255.255.255.0 mpls mpls ldp
Issue 03 (2008-09-22)
6-87
6 PWE3 Configuration
# interface Pos2/0/0 link-protocol ppp undo shutdown ip address 40.1.1.1 255.255.255.0 mpls mpls ldp # interface LoopBack0 ip address 4.4.4.9 255.255.255.255 # ospf 1 area 0.0.0.0 network 4.4.4.9 0.0.0.0 network 30.1.1.0 0.0.0.255 network 40.1.1.0 0.0.0.255 # return l
6-88
Issue 03 (2008-09-22)
6 PWE3 Configuration
Configuring Roadmap
The configuration roadmap is as follows: 1. 2. 3. 4. 5. Configure the IGP routing protocol for the backbone network, so that devices in the backbone can internetwork with each other. Configure basic MPLS functions for the backbone, and set up LSP tunnels. Set up MPLS LDP remote peer relationship between U-PE1 and S-PE, and between U-PE2 and S-PE. Create the PW template, and enable the CW and LSP ping functions. Set up an MPLS L2VC connection between U-PEs. Set up a PW switching on the switching node S-PE.
Data Preparation
To complete the configuration, you need the following data.
Issue 03 (2008-09-22) Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd. 6-89
6 PWE3 Configuration
l l l l l
L2VC ID (The one on U-PE1 differs from that on U-PE2.) MPLS LSR IDs Address of the PE remote peer Encapsulation type of the PW PW template name and parameters on U-PE
Configuration Procedure
1. Configure CE. # Configure CE1.
<Quidway> system-view [Quidway] sysname CE1 [CE1] interface pos 1/0/0 [CE1-Pos1/0/0] ip address 100.1.1.1 24 [CE1-Pos1/0/0] undo shutdown [CE1-Pos1/0/0] quit
# Configure CE2.
<Quidway> system-view [Quidway] sysname CE2 [CE2] interface pos 1/0/0 [CE2-Pos1/0/0] ip address 100.1.1.2 24 [CE2-Pos1/0/0] undo shutdown [CE2-Pos1/0/0] quit
2.
Configure the IGP for the MPLS backbone network. Configure the IGP for the MPLS backbone. Take OSPF as an example. Configure IP addresses for the interfaces of U-PEs, S-PE, and Ps. While configuring OSPF, advertise the 32-bit loopback addresses of U-PE1, S-PE, and U-PE2. Configure U-PE1.
[U-PE1] interface loopback 0 [U-PE1-LoopBack0] ip address 1.1.1.9 32 [U-PE1-LoopBack0] quit [U-PE1] interface pos 2/0/0 [U-PE1-Pos2/0/0] ip address 10.1.1.1 24 [U-PE1-Pos2/0/0] undo shutdown [U-PE1-Pos2/0/0] quit [U-PE1] ospf 1 [U-PE1-ospf-1] area 0.0.0.0 [U-PE1-ospf-1-area-0.0.0.0] network 10.1.1.0 0.0.0.255 [U-PE1-ospf-1-area-0.0.0.0] network 1.1.1.9 0.0.0.0 [U-PE1-ospf-1-area-0.0.0.0] quit [U-PE1-ospf-1] quit
Configure P1.
[P1] interface loopback 0 [P1-LoopBack0] ip address 2.2.2.9 32 [P1-LoopBack0] quit [P1] interface pos 1/0/0 [P1-Pos1/0/0] ip address 10.1.1.2 24 [P1-Pos1/0/0] undo shutdown [P1-Pos1/0/0] quit [P1] interface pos 2/0/0 [P1-Pos2/0/0] ip address 20.1.1.1 24 [P1-Pos2/0/0] undo shutdown [P1-Pos2/0/0] quit [P1] ospf 1 [P1-ospf-1] area 0.0.0.0 [P1-ospf-1-area-0.0.0.0] network 10.1.1.0 0.0.0.255 [P1-ospf-1-area-0.0.0.0] network 20.1.1.0 0.0.0.255 [P1-ospf-1-area-0.0.0.0] network 2.2.2.9 0.0.0.0
6-90
Issue 03 (2008-09-22)
6 PWE3 Configuration
# Configure S-PE.
[S-PE] interface loopback 0 [S-PE-LoopBack0] ip address 3.3.3.9 32 [S-PE-LoopBack0] quit [S-PE] interface pos 1/0/0 [S-PE-Pos1/0/0] ip address 20.1.1.2 24 [S-PE-Pos1/0/0] undo shutdown [S-PE-Pos1/0/0] quit [S-PE] interface pos 2/0/0 [S-PE-Pos2/0/0] ip address 30.1.1.1 24 [S-PE-Pos2/0/0] undo shutdown [S-PE-Pos2/0/0] quit [S-PE] ospf 1 [S-PE-ospf-1] area 0.0.0.0 [S-PE-ospf-1-area-0.0.0.0] network 20.1.1.0 0.0.0.255 [S-PE-ospf-1-area-0.0.0.0] network 30.1.1.0 0.0.0.255 [S-PE-ospf-1-area-0.0.0.0] network 3.3.3.9 0.0.0.0 [S-PE-ospf-1-area-0.0.0.0] quit [S-PE-ospf-1] quit
# Configure P2.
[P2] interface loopback 0 [P2-LoopBack0] ip address 4.4.4.9 32 [P2-LoopBack0] quit [P2] interface pos 1/0/0 [P2-Pos1/0/0] ip address 30.1.1.2 24 [P2-Pos1/0/0] undo shutdown [P2-Pos1/0/0] quit [P2] interface pos 2/0/0 [P2-Pos2/0/0] ip address 40.1.1.1 24 [P2-Pos2/0/0] undo shutdown [P2-Pos2/0/0] quit [P2] ospf 1 [P2-ospf-1] area 0.0.0.0 [P2-ospf-1-area-0.0.0.0] network 30.1.1.0 0.0.0.255 [P2-ospf-1-area-0.0.0.0] network 40.1.1.0 0.0.0.255 [P2-ospf-1-area-0.0.0.0] network 4.4.4.9 0.0.0.0 [P2-ospf-1-area-0.0.0.0] quit [P2-ospf-1] quit
# Configure U-PE2.
[U-PE2] interface loopback 0 [U-PE2-LoopBack0] ip address 5.5.5.9 32 [U-PE2-LoopBack0] quit [U-PE2] interface pos 1/0/0 [U-PE2-Pos1/0/0] ip address 40.1.1.2 24 [U-PE2-Pos1/0/0] undo shutdown [U-PE2-Pos1/0/0] quit [U-PE2] ospf 1 [U-PE2-ospf-1] area 0.0.0.0 [U-PE2-ospf-1-area-0.0.0.0] network 40.1.1.0 0.0.0.255 [U-PE2-ospf-1-area-0.0.0.0] network 1.1.1.9 0.0.0.0 [U-PE2-ospf-1-area-0.0.0.0] quit [U-PE2-ospf-1] quit
After the configuration, run the display ip routing-table command on U-PEs, Ps, or S-PE, and you can find that they have learned the path to each other's LSR ID. Take the display of S-PE as an example:
<S-PE> display ip routing-table Route Flags: R - relied, D - download to fib -----------------------------------------------------------------------------Routing Tables: Public Destinations : 15 Routes : 15 Destination/Mask Proto Pre Cost Flags NextHop Interface 1.1.1.9/32 OSPF 10 3 D 20.1.1.1 Pos1/0/0 2.2.2.9/32 OSPF 10 2 D 20.1.1.1 Pos1/0/0
Issue 03 (2008-09-22)
6-91
6 PWE3 Configuration
3.3.3.9/32 4.4.4.9/32 5.5.5.9/32 10.1.1.0/24 20.1.1.0/24 20.1.1.1/32 20.1.1.2/32 30.1.1.0/24 30.1.1.1/32 30.1.1.2/32 40.1.1.0/24 127.0.0.0/8 127.0.0.1/32 Direct OSPF OSPF OSPF Direct Direct Direct Direct Direct Direct OSPF Direct Direct 0 10 10 10 0 0 0 0 0 0 10 0 0 0 2 3 2 0 0 0 0 0 0 2 0 0
U-PEs can ping through each other. Take the display of U-PE1 as an example.
<U-PE1> ping 40.1.1.2 PING 40.1.1.2: 56 data bytes, press CTRL_C to break Reply from 40.1.1.2: bytes=56 Sequence=1 ttl=252 time=160 Reply from 40.1.1.2: bytes=56 Sequence=2 ttl=252 time=120 Reply from 40.1.1.2: bytes=56 Sequence=3 ttl=252 time=150 Reply from 40.1.1.2: bytes=56 Sequence=4 ttl=252 time=150 Reply from 40.1.1.2: bytes=56 Sequence=5 ttl=252 time=160 --- 40.1.1.2 ping statistics --5 packet(s) transmitted 5 packet(s) received 0.00% packet loss round-trip min/avg/max = 120/148/160 ms ms ms ms ms ms
3.
Enable MPLS, and set up an LSP and an remote MPLS LDP session. Configure basic MPLS functions for the backbone, set up tunnels between U-PE1 and SPE, and between U-PE2s, and create remote LDP sessions. Configure U-PE1.
[U-PE1] mpls lsr-id 1.1.1.9 [U-PE1] mpls [U-PE1-mpls] quit [U-PE1] mpls ldp [U-PE1-mpls-ldp] quit [U-PE1] interface pos 2/0/0 [U-PE1-Pos2/0/0] mpls [U-PE1-Pos2/0/0] mpls ldp [U-PE1-Pos2/0/0] quit [U-PE1] mpls ldp remote-peer 3.3.3.9 [U-PE1-mpls-ldp-remote-3.3.3.9] remote-ip 3.3.3.9 [U-PE1-mpls-ldp-remote-3.3.3.9] quit
Configure P1.
[P1] mpls lsr-id 2.2.2.9 [P1] mpls [P1-mpls] quit [P1] mpls ldp [P1-mpls-ldp] quit [P1] interface pos 1/0/0 [P1-Pos1/0/0] mpls [P1-Pos1/0/0] mpls ldp [P1-Pos1/0/0] quit [P1] interface pos 2/0/0 [P1-Pos2/0/0] mpls [P1-Pos2/0/0] mpls ldp [P1-Pos2/0/0] quit
# Configure S-PE.
[S-PE] mpls lsr-id 3.3.3.9 [S-PE] mpls [S-PE-mpls] quit [S-PE] mpls ldp [S-PE-mpls-ldp] quit [S-PE] interface pos 1/0/0 [S-PE-Pos1/0/0] mpls
6-92
Issue 03 (2008-09-22)
6 PWE3 Configuration
# Configure P2.
[P2] mpls lsr-id 4.4.4.9 [P2] mpls [P2-mpls] quit [P2] mpls ldp [P2-mpls-ldp] quit [P2] interface pos 1/0/0 [P2-Pos1/0/0] mpls [P2-Pos1/0/0] mpls ldp [P2-Pos1/0/0] quit [P2] interface pos 2/0/0 [P2-Pos2/0/0] mpls [P2-Pos2/0/0] mpls ldp [P2-Pos2/0/0] quit
# Configure U-PE2.
[U-PE2] mpls lsr-id 5.5.5.9 [U-PE2] mpls [U-PE2-mpls] quit [U-PE2] mpls ldp [U-PE2-mpls-ldp] quit [U-PE2] interface pos 1/0/0 [U-PE2-Pos1/0/0] mpls [U-PE2-Pos1/0/0] mpls ldp [U-PE2-Pos1/0/0] quit [U-PE2] mpls ldp remote-peer 3.3.3.9 [U-PE2-mpls-ldp-remote-3.3.3.9] remote-ip 3.3.3.9 [U-PE2-mpls-ldp-remote-3.3.3.9] quit
After the configuration, run the display mpls ldp session command on U-PEs, Ps, or SPE, and you can see that the Session State is Operational. Run the display mpls ldp peer command, and you can view how the LDP sessions and the peers have been constructed. Run the display mpls lsp command, and you can view how LSPs have been constructed. Take the display of S-PE as an example:
<S-PE> display mpls ldp session LDP Session(s) in Public Network -----------------------------------------------------------------------------Peer-ID Status LAM SsnRole SsnAge KA-Sent/Rcv -----------------------------------------------------------------------------1.1.1.9:0 Operational DU Active 000:00:14 57/57 2.2.2.9:0 Operational DU Active 000:00:14 56/56 4.4.4.9:0 Operational DU Passive 000:00:05 22/22 5.5.5.9:0 Operational DU Passive 000:00:12 52/52 -----------------------------------------------------------------------------TOTAL: 4 session(s) Found. LAM : Label Advertisement Mode SsnAge Unit : DDD:HH:MM <S-PE> display mpls ldp peer LDP Peer Information in Public network -----------------------------------------------------------------------------Peer-ID Transport-Address Discovery-Source
Issue 03 (2008-09-22)
6-93
6 PWE3 Configuration
-----------------------------------------------------------------------------1.1.1.9:0 1.1.1.9 Remote Peer : 1.1.1.9 2.2.2.9:0 2.2.2.9 Pos1/0/0 4.4.4.9:0 4.4.4.9 Pos2/0/0 5.5.5.9:0 5.5.5.9 Remote Peer : 5.5.5.9 -----------------------------------------------------------------------------TOTAL: 4 Peer(s) Found. <S-PE> display mpls lsp ---------------------------------------------------------------------LSP Information: LDP LSP ---------------------------------------------------------------------FEC In/Out Label In/Out IF Vrf Name 3.3.3.9/32 3/NULL -/1.1.1.9/32 NULL/1024 -/Pos1/0/0 1.1.1.9/32 1024/1024 -/Pos1/0/0 2.2.2.9/32 NULL/3 -/Pos1/0/0 2.2.2.9/32 1025/3 -/Pos1/0/0 4.4.4.9/32 NULL/3 -/Pos2/0/0 4.4.4.9/32 1027/3 -/Pos2/0/0 5.5.5.9/32 NULL/1027 -/Pos2/0/0 5.5.5.9/32 1026/1027 -/Pos2/0/0
4.
Create and configure a PW template. Create PW templates on U-PEs, and enable the CW and LSP ping functions. Configure U-PE1.
[U-PE1] pw-template pwt [U-PE1-pw-template-pwt] [U-PE1-pw-template-pwt] [U-PE1-pw-template-pwt] [U-PE1-pw-template-pwt] peer-address 3.3.3.9 control-word vccv cc cw cv lsp-ping quit
# Configure U-PE2.
[U-PE2] pw-template pwt [U-PE2-pw-template-pwt] [U-PE2-pw-template-pwt] [U-PE2-pw-template-pwt] [U-PE2-pw-template-pwt]
NOTE
You can configure a dynamic PW without using the PW template. If no PW template is used, you can neither check the connectivity of the PWs nor collect the information about the PW routes in Step 6 Verify the configuration. In other words, you cannot use the ping vc and tracert vc commands.
5.
Create a VC connection. Enable MPLS L2VPN for U-PE1, U-PE2 and the S-PE. Configure the dynamic PW on the U-PE and the dynamic PW switching is performed on the S-PE.
NOTE
The PWE3 does not support P2MP. Therefore, if MPLS L2VC is created on ATM sub-interfaces, ATM sub-interfaces must be of P2P type, You need not follow the preceding limitation in configuring the transparent ATM cell transport.
# Configure U-PE1.
[U-PE1] mpls l2vpn [U-PE1-l2vpn] quit [U-PE1] interface pos 1/0/0 [U-PE1-Pos1/0/0] mpls l2vc pw-template pwt 100 [U-PE1-Pos1/0/0] undo shutdown [U-PE1-Pos1/0/0] quit
# Configure S-PE.
[S-PE] mpls l2vpn
6-94
Issue 03 (2008-09-22)
6 PWE3 Configuration
[S-PE-l2vpn] quit [S-PE] mpls switch-l2vc 1.1.1.9 100 between 5.5.5.9 200 encapsulation ppp
# Configure U-PE2.
[U-PE2] mpls l2vpn [U-PE2-l2vpn] quit [U-PE2] interface pos 2/0/0 [U-PE2-Pos2/0/0] mpls l2vc pw-template pwt 200 [U-PE2-Pos2/0/0] undo shutdown [U-PE2-Pos2/0/0] quit
6.
Verify the configuration. (1) Check the connection information about PWE3. Check the connection information about L2VPN on U-PEs and S-PE, and you can see that an L2VC has been set up, whose status is Up. Take the display of U-PE1 as an example:
<U-PE1> display mpls l2vc interface pos 1/0/0 *client interface : Pos1/0/0 is up session state : up AC state : up VC state : up VC ID : 100 VC type : PPP destination : 3.3.3.9 local group ID : 0 remote group ID : 0 local VC label : 21504 remote VC label : 21505 local AC OAM State : up local PSN State : up local forwarding state : forwarding remote AC OAM state : up remote PSN state : up remote forwarding state: forwarding BFD for PW : unavailable manual fault : not set active state : active forwarding entry : exist link state : up local VC MTU : 4470 remote VC MTU : 4470 local VCCV : cw lsp-ping remote VCCV : cw lsp-ping local fragmentantion : disable remote fragmentantion: disable local control word : enable remote control word : enable tunnel policy : -traffic behavior : -PW template name : pwt primary or secondary : primary VC tunnel/token info : 1 tunnels/tokens NO.0 TNL type : lsp , TNL ID : 0x2002003 create time : 0 days, 0 hours, 15 minutes, 3 seconds up time : 0 days, 0 hours, 3 minutes, 15 seconds last change time : 0 days, 0 hours, 3 minutes, 15 seconds
Issue 03 (2008-09-22)
6-95
6 PWE3 Configuration
(2) Check the connectivity of the PW. Run the ping vc command on U-PEs, and you can see that the connectivity of the PW is normal. Take the display of U-PE1 as an example.
<U-PE1> ping vc ppp 100 control-word remote 200 Reply: bytes=100 Sequence=1 time = 740 ms Reply: bytes=100 Sequence=2 time = 90 ms Reply: bytes=100 Sequence=3 time = 160 ms Reply: bytes=100 Sequence=4 time = 130 ms Reply: bytes=100 Sequence=5 time = 160 ms --- FEC: FEC 128 PSEUDOWIRE (NEW). Type = ppp, ID = 100 ping statistics --5 packet(s) transmitted 5 packet(s) received 0.00% packet loss round-trip min/avg/max = 90/256/740 ms
(3) Collect the path information about PWs. Run the tracert vc command on U-PEs, and you can collect the information about each LSR and egress PE that the PW passes through. Take the display of U-PE1 as an example.
<U-PE1> TTL 0 1 2 3 4 <U-PE1> TTL 0 2 4 tracert vc ppp 100 control-word remote 200 full-lsp-path Replier Time Type Downstream Ingress 10.1.1.2/[1025 ] 10.1.1.2 100 ms Transit 20.1.1.2/[3 ] 20.1.1.2 60 ms Transit 30.1.1.2 80 ms Transit 40.1.1.2/[3 ] 40.1.1.2 150 ms Egress tracert vc ppp 100 control-word remote 200 Replier Time Type Downstream Ingress 10.1.1.2/[1025 ] 20.1.1.2 60 ms Transit 40.1.1.2 110 ms Egress
If response to MPLS Echo Request packets is disabled on S-PE devices, the configuration is as follows:
[S-PE] undo lspv mpls-lsp-ping echo enable
If you run the tracert vc command on U-PEs, when collecting the information about each LSR and egress PE that the PW passes through, U-PEs prompt timeout if it fails to receive Reply packets from S-PE. Take the display of U-PE1 as an example.
<U-PE1> tracert vc ppp 100 TTL Replier 0 1 10.1.1.2 2 Request time out 3 30.1.1.2 4 40.1.1.2 <U-PE1> tracert vc ppp 100 TTL Replier 0 2 Request time out 4 40.1.1.2 control-word remote 200 full-lsp-path Time Type Downstream Ingress 10.1.1.2/[1025 ] 130 ms Transit 20.1.1.2/[3 ] 80 ms Transit 40.1.1.2/[3 ] 100 ms Egress control-word remote 200 Time Type Downstream Ingress 10.1.1.2/[1025 ] 130 ms Egress
To avoid PWE3 tracert attacks, you can enable filtering of the source addresses of MPLS Echo Request packets on U-PEs. The filtering rules are specified in the ACL
6-96 Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd. Issue 03 (2008-09-22)
6 PWE3 Configuration
configuration. For example, you can configure an ACL on U-PE2 to prevent U-PE1 from obtaining information about the path from U-PE1 to U-PE2 with the tracert vc command. The detailed configuration is as follows.
[U-PE2] acl 3001 [U-PE2-acl-adv-3001] rule deny udp source 1.1.1.9 0 [U-PE2-acl-adv-3001] quit [U-PE2] lspv packet-filter 3001
If you run the tracert vc command on U-PE1, U-PE1 will be unable to collect information about egress PEs on the PWs. Take the display of U-PE1 as an example.
<U-PE1> tracert vc ppp 100 control-word remote 200 full-lsp-path TTL Replier Time Type Downstream 0 Ingress 10.1.1.2/[1025 ] 1 10.1.1.2 110 ms Transit 20.1.1.2/[3 ] 2 Request time out 3 30.1.1.2 60 ms Transit 40.1.1.2/[3 ] 4 Request time out 5 Request time out 6 Request time out 7 Request time out <U-PE1> tracert vc ppp 100 control-word remote 200 TTL Replier Time Type Downstream 0 Ingress 10.1.1.2/[1025 ] 2 Request time out 4 Request time out 5 Request time out 6 Request time out 7 Request time out
However, if you run the tracert vc command on U-PE2, U-PE2 will be able to collect information about each LSR and egress PE that the PW between U-PE2 and U-PE1 passes through.
[U-PE2] tracert vc ppp 200 TTL Replier 0 1 40.1.1.1 2 Request time out 3 20.1.1.1 4 10.1.1.1 [U-PE2] tracert vc ppp 200 TTL Replier 0 2 Request time out 4 10.1.1.1 control-word remote 100 full-lsp-path Time Type Downstream Ingress 40.1.1.1/[1026 ] 120 ms Transit 30.1.1.1/[3 ] 60 ms Transit 10.1.1.1/[3 ] 160 ms Egress control-word remote 100 Time Type Downstream Ingress 40.1.1.1/[1026 ] 120 ms Egress
Run the display lspv configuration command on U-PE2, and you can view the current configuration of PWE3 tracert.
<U-PE2> display lspv configuration lspv packet filter 3001
Run the display lspv statistics command on U-PEs, and you can view the statistics on PWE3 tracert. Take the display of U-PE2 as an example.
<U-PE2> display lspv statistics Total sent: 10 packet(s) Total received: 10 packet(s) MPLS echo request sent: 0 packet(s), received: 10 packet(s) MPLS echo reply sent: 10 packet(s), received: 0 packet(s)
Run the reset lspv statistics command on U-PE, and you can clear the statistics on PWE3 tracert. Take the display of U-PE2 as an example.
<U-PE2> reset lspv statistics <U-PE2> display lspv statistics Total sent: 0 packet(s) Total received: 0 packet(s) MPLS echo request sent: 0 packet(s), received: 0 packet(s) MPLS echo reply sent: 0 packet(s), received: 0 packet(s)
Issue 03 (2008-09-22)
6-97
6 PWE3 Configuration
(4) Check the connectivity between CEs and the information about the path between CEs. CE1 and CE2 can ping through each other.
<CE1> ping 100.1.1.2 PING 100.1.1.2: 56 data bytes, press CTRL_C to break Reply from 100.1.1.2: bytes=56 Sequence=1 ttl=255 time=180 Reply from 100.1.1.2: bytes=56 Sequence=2 ttl=255 time=120 Reply from 100.1.1.2: bytes=56 Sequence=3 ttl=255 time=160 Reply from 100.1.1.2: bytes=56 Sequence=4 ttl=255 time=160 Reply from 100.1.1.2: bytes=56 Sequence=5 ttl=255 time=130 --- 100.1.1.2 ping statistics --5 packet(s) transmitted 5 packet(s) received 0.00% packet loss round-trip min/avg/max = 120/150/180 ms ms ms ms ms ms
Configuration Files
l
6-98
Issue 03 (2008-09-22)
6 PWE3 Configuration
Configuration file of P1
# sysname P1 # mpls lsr-id 2.2.2.9 mpls # mpls ldp # interface Pos1/0/0 link-protocol ppp undo shutdown ip address 10.1.1.2 255.255.255.0 mpls mpls ldp # interface Pos2/0/0 link-protocol ppp undo shutdown ip address 20.1.1.1 255.255.255.0 mpls mpls ldp # interface LoopBack0 ip address 2.2.2.9 255.255.255.255 # ospf 1 area 0.0.0.0 network 2.2.2.9 0.0.0.0 network 10.1.1.0 0.0.0.255 network 20.1.1.0 0.0.0.255 # return
Issue 03 (2008-09-22)
6-99
6 PWE3 Configuration
ip address 30.1.1.1 255.255.255.0 mpls mpls ldp # interface LoopBack0 ip address 3.3.3.9 255.255.255.255 # ospf 1 area 0.0.0.0 network 3.3.3.9 0.0.0.0 network 20.1.1.0 0.0.0.255 network 30.1.1.0 0.0.0.255 # return l
Configuration file of P2
# sysname P2 # mpls lsr-id 4.4.4.9 mpls # mpls ldp # interface Pos1/0/0 link-protocol ppp undo shutdown ip address 30.1.1.2 255.255.255.0 mpls mpls ldp # interface Pos2/0/0 link-protocol ppp undo shutdown ip address 40.1.1.1 255.255.255.0 mpls mpls ldp # interface LoopBack0 ip address 4.4.4.9 255.255.255.255 # ospf 1 area 0.0.0.0 network 4.4.4.9 0.0.0.0 network 30.1.1.0 0.0.0.255 network 40.1.1.0 0.0.0.255 # return
6-100
Issue 03 (2008-09-22)
6 PWE3 Configuration
Issue 03 (2008-09-22)
6-101
6 PWE3 Configuration
P1
S-PE
P2
POS2/0/0 30.1.1.1/24
Sta t
ic P W2 00
POS2/0/0 10.1.1.1/24
U-PE1
CE1
CE2
Configuring Roadmap
The configuration roadmap is as follows: 1. 2. 3. 4. 5. Run the IGP on routers of the backbone network to implement IP connectivity. Enable MPLS on PEs and set up an LSP between each pair of PEs. Set up an MPLS LDP remote session between U-PE and the S-PE. Create a static or dynamic MPLS L2VC connection on U-PE. Create a PW switching on the S-PE.
Data Preparation
To complete the configuration, you need the following data.
l l l l l
L2VC ID (The one of U-PE1 differs from that of U-PE2.) MPLS LSR IDs of the U-PE, S-PE, and U-PE2 VC label needed in the configuration of the static PW on the U-PE2 Encapsulation type of PW PW template and its attributes on U-PE2
Configuration Procedure
1. Configure CE. # Configure CE1.
<Quidway> system-view [Quidway] sysname CE1 [CE1] interface pos 1/0/0 [CE1-Pos1/0/0] ip address 100.1.1.1 24 [CE1-Pos1/0/0] undo shutdown
6-102
Issue 03 (2008-09-22)
6 PWE3 Configuration
# Configure CE2.
<Quidway> system-view [Quidway] sysname CE2 [CE2] interface pos 1/0/0 [CE2-Pos1/0/0] ip address 100.1.1.2 24 [CE2-Pos1/0/0] undo shutdown [CE2-Pos1/0/0] quit
2.
Configure the IGP for the MPLS backbone network. Configure the IGP for the MPLS backbone network. In this example, use OSPF. Configure the IP addresses of the U-PEs, S-PEs and Ps as shown in Figure 6-20. While configuring OSPF, advertise 32-bit loopback addresses of all PE devices. The detailed configuration procedures are not mentioned here.
3.
Enable MPLS and set up an LSP and a remote LDP session. Enable the MPLS for MPLS backbone, and set up an LSP between each pair of PEs. Then set up an MPLS LDP session between U-PE1 and the S-PE. The configuration details are mentioned here.
4.
Create a VC connection. Enable the MPLS L2VPN for U-PE1, U-PE2 and the S-PE. Configure the dynamic VC on the U-PE1. Configure the static VC on the U-PE2. Configure the mixed PW switching on the S-PE.
NOTE
The PWE3 does not support P2MP. Therefore, if an MPLS L2VC is created on ATM sub-interfaces, ATM sub-interfaces must be of P2P type. For configuring transparent ATM cell transport, however, there is no such restriction.
# Configure U-PE1.
[U-PE1] mpls l2vpn [U-PE1] interface pos 1/0/0 [U-PE1-Pos1/0/0] mpls l2vc 3.3.3.9 100 [U-PE1-Pos1/0/0] mtu 1500 [U-PE1-Pos1/0/0] undo shutdown [U-PE1-Pos1/0/0] quit
NOTE
While configuring mixed PWs switching, note that ip-address vc-id before between in the command is of dynamic PW, while ip-address vc-id after between is of static PW. Both of them cannot be interchanged.
# Configure S-PE.
[S-PE] mpls l2vpn [S-PE-l2vpn] quit [S-PE] mpls switch-l2vc 1.1.1.9 100 between 5.5.5.9 200 trans 200 recv 100 encapsulation ppp
# Configure U-PE2.
[U-PE2] mpls l2vpn [U-PE2-l2vpn] quit [U-PE2] pw-template pwt [U-PE2-pw-template-pwt] peer-address 3.3.3.9 [U-PE2-pw-template-pwt] quit [U-PE2] interface pos 2/0/0 [U-PE2-Pos2/0/0] mpls static-l2vc pw-template pwt 200 transmit-vpn-label 100 receive-vpn-label 200 [U-PE2-Pos2/0/0] undo shutdown [U-PE2-Pos2/0/0] quit
5.
Issue 03 (2008-09-22)
6 PWE3 Configuration
Check the information about L2VPN connection on PE. In addition, you can find that the L2VC has been set up, and the VC state is up. Take the display of U-PE1 and the S-PE as example:
<U-PE1> display mpls l2vc interface pos 1/0/0 *client interface : Pos1/0/0 is up session state : up AC state : up VC state : up VC ID : 100 VC type : PPP destination : 3.3.3.9 local group ID : 0 remote group ID : 0 local VC label : 21504 remote VC label : 21504 local AC OAM State : up local PSN State : up local forwarding state : forwarding remote AC OAM state : up remote PSN state : up remote forwarding state: forwarding BFD for PW : unavailable manual fault : not set active state : active forwarding entry : exist link state : up local VC MTU : 1500 remote VC MTU : 1500 local VCCV : Disable remote VCCV : Disable local fragmentantion : disable remote fragmentantion: disable local control word : disable remote control word : disable tunnel policy : -traffic behavior : -PW template name : -primary or secondary : primary VC tunnel/token info : 1 tunnels/tokens NO.0 TNL type : lsp , TNL ID : 0x2002003 create time : 0 days, 13 hours, 3 minutes, 37 seconds up time : 0 days, 12 hours, 54 minutes, 46 seconds last change time : 0 days, 12 hours, 54 minutes, 46 seconds <S-PE> display mpls switch-l2vc Total Switch VC : 1, 1 up, 0 down *Switch-l2vc type : LDP<---->SVC Peer IP Address : 1.1.1.9, 5.5.5.9 VC ID : 100, 200 VC Type : PPP VC State : up Session State : up, None Local(In)/Remote(Out) Label : 21504/21504, 100/200 Local/Remote MTU : 1500/1500, 1500 Local/Remote Control Word : Disable/Disable, Disable Local/Remote VCCV Capability : Disable/Disable, Disable Local/Remote Frag Capability : Disable/Disable Switch-l2vc tunnel info : 1 tunnels for peer 1.1.1.9 NO.0 TNL Type : lsp , TNL ID : 0x1002000 1 tunnels for peer 5.5.5.9 NO.0 TNL Type : lsp , TNL ID : 0x2002006 Create time : 0 days, 13 hours, 1 minutes, 59 seconds UP time : 0 days, 12 hours, 55 minutes, 45 seconds Last change time : 0 days, 12 hours, 55 minutes, 45 seconds
CE1 and CE2 can ping through each other. Take the display of CE1 as an example:
<CE1> ping 100.1.1.2 PING 100.1.1.2: 56 data bytes, press CTRL_C to break Reply from 100.1.1.2: bytes=56 Sequence=1 ttl=255 time=270 ms Reply from 100.1.1.2: bytes=56 Sequence=2 ttl=255 time=220 ms Reply from 100.1.1.2: bytes=56 Sequence=3 ttl=255 time=190 ms
6-104
Issue 03 (2008-09-22)
6 PWE3 Configuration
Reply from 100.1.1.2: bytes=56 Sequence=4 ttl=255 time=190 ms Reply from 100.1.1.2: bytes=56 Sequence=5 ttl=255 time=160 ms --- 100.1.1.2 ping statistics --5 packet(s) transmitted 5 packet(s) received 0.00% packet loss round-trip min/avg/max = 160/206/270 ms
Configuration Files
l
Configuration file of P1
# sysname P1 # mpls lsr-id 2.2.2.9 mpls # mpls ldp # interface Pos1/0/0
Issue 03 (2008-09-22)
6-105
6 PWE3 Configuration
link-protocol ppp undo shutdown ip address 10.1.1.2 255.255.255.0 mpls mpls ldp # interface Pos2/0/0 link-protocol ppp undo shutdown ip address 20.1.1.1 255.255.255.0 mpls mpls ldp # interface LoopBack0 ip address 2.2.2.9 255.255.255.255 # ospf 1 area 0.0.0.0 network 10.1.1.0 0.0.0.255 network 20.1.1.0 0.0.0.255 network 2.2.2.9 0.0.0.0 # return l
Configuration file of P2
Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd. Issue 03 (2008-09-22)
6-106
6 PWE3 Configuration
Issue 03 (2008-09-22)
6-107
6 PWE3 Configuration
# return l
Configuring the static PW between the access devices and the convergence devices by using the access devices as the U-PEs and the convergence devices as the switching node S-PE of the LDP sessions Configuring the dynamic PW between the convergence devices
6-108
Issue 03 (2008-09-22)
6 PWE3 Configuration
POS1/0/0 POS1/0/0
POS1/0/0 POS1/0/0
Loopback0 POS2/0/0 Loopback0 POS1/0/0 POS2/0/0 P S-PE2 POS2/0/0 POS3/0/0 POS1/0/0 U-PE3
U-PE1
POS1/0/0 POS2/0/0
U-PE4
POS1/0/0
POS1/0/0
CE2
CE4
Device CE1 CE2 CE3 CE4 U-PE1 U-PE2 U-PE3 U-PE4 S-PE1
Interface POS1/0/0 POS1/0/0 POS1/0/0 POS1/0/0 Loopback 0 POS2/0/0 Loopback 0 POS2/0/0 Loopback 0 POS2/0/0 Loopback 0 POS1/0/0 Loopback 0 POS1/0/0 POS2/0/0 POS3/0/0
IP address 100.1.1.1/24 100.1.1.2/24 100.1.1.3/24 100.1.1.4/24 2.2.2.9/32 10.1.1.1/24 6.6.6.9/32 20.1.1.1/24 5.5.5.9/32 50.1.1.2/24 7.7.7.9/32 60.1.1.2/24 3.3.3.9/32 10.1.1.2/24 20.1.1.2/24 30.1.1.1/24 4.4.4.9/32 40.1.1.2/24 50.1.1.1/24 60.1.1.1/24 1.1.1.9/24 30.1.1.2/24 40.1.1.1/24
S-PE2
Issue 03 (2008-09-22)
6-109
6 PWE3 Configuration
Configuring Roadmap
The configuration roadmap is as follows: 1. 2. 3. Configure the static route on the routers between the access devices and the convergence devices and configure IS-IS on routers between the convergence devices. Configure the remote MPLS LDP peer relationship between the convergence devices when configuring MPLS. Configure the static PW between the access devices and the convergence devices and configure the dynamic PW between the convergence devices.
Data Preparation
To complete the configuration, you need the following data.
l l
IP addresses for the interfaces and data needed for running the network layer protocols Values of the LSP outbound labels and inbound labels for U-PEs and S-PE (Pay attention to the relationship between the values of these labels.) IP addresses of the remote MPLS LDP peers to the convergence devices. Values of the VC labels received or sent by a static PW on U-PEs (Pay attention to the relationship between the VC label values on both ends of the PW.)
l l
Configuration Procedure
Configuring U-PE2 and U-PE4 is similar to configuring U-PE1 and U-PE3. This is only an introduction on the procedure to configure U-PE1 and U-PE3. 1. Configuring the interface IP address of routers As shown in Figure 6-21, assign the IP address for interfaces of routers, and assign the loopback address for Ps, U-PEs and S-PEs. The detailed configuration procedures are not mentioned here. 2. Configuring protocols at network layer Configure network layer protocols for the routers on PSN backbone so that routers can ping each other. Configure static route on U-PEs and S-PEs to set up interconnection between them. Run the IS-IS protocol on S-PEs to set up interconnection between them. The detailed configuration procedures are not mentioned here. 3. Configuring static LSP Set up the static LSP between U-PE and the S-PE.
NOTE
The outbound LSP label value of U-PE should be identical with the inbound LSP label value of the S-PE. And inbound LSP label value of U-PE should be identical with the of outbound LSP label value on the S-PE.
Configuring U-PE3 and S-PE2 are similar to configuring U-PE1 and the S-PE1. This is only an introduction on the procedure to configure U-PE1 and the S-PE1. # Configure U-PE1.
<U-PE1> system-view [U-PE1] mpls lsr-id 2.2.2.9 [U-PE1] mpls [U-PE1-mpls] quit [U-PE1] interface pos2/0/0
6-110
Issue 03 (2008-09-22)
6 PWE3 Configuration
[U-PE1-Pos2/0/0] mpls [U-PE1-Pos2/0/0] quit [U-PE1] ip route-static 3.3.3.9 24 10.1.1.2 [U-PE1] static-lsp ingress pw-ing-lsp destination 3.3.3.9 32 nexthop 10.1.1.2 out-label 100 [U-PE1] static-lsp egress pw-eg-lsp incoming-interface pos2/0/0 in-label 200
# Configure S-PE1.
<S-PE1> system-view [S-PE1] mpls lsr-id 3.3.3.9 [S-PE1] mpls [S-PE1-mpls] quit [S-PE1] interface pos1/0/0 [S-PE1-Pos1/0/0] mpls [S-PE1-Pos1/0/0] quit [S-PE1] ip route-static 2.2.2.9 24 10.1.1.1 [S-PE1] static-lsp ingress pw-ing-lsp destination 2.2.2.9 32 nexthop 10.1.1.1 out-label 200 [S-PE1] static-lsp egress pw-eg-lsp incoming-interface pos1/0/0 in-label 100
4.
Configuring LSP dynamically Set up LSP dynamically between S-PE1 and S-PE2. # Configure S-PE1.
[S-PE1] mpls [S-PE1-mpls] label advertise non-null [S-PE1-mpls] quit [S-PE1] mpls ldp [S-PE1-mpls-ldp] quit [S-PE1] mpls ldp remote-peer 4.4.4.9 [S-PE1-mpls-ldp-remote-4.4.4.9] remote-ip 4.4.4.9 [S-PE1] interface pos 3/0/0 [S-PE1-Pos3/0/0] mpls [S-PE1-Pos3/0/0] mpls ldp [S-PE1-Pos3/0/0] quit
# Configure P.
[P] mpls lsr-id 1.1.1.9 [P] mpls [P-mpls] quit [P-mpls] mpls ldp [P] quit [P] interface pos1/0/0 [P-Pos1/0/0] mpls [P-Pos1/0/0] mpls ldp [P-Pos1/0/0] quit [P] interface pos2/0/0 [P-Pos2/0/0] mpls [P-Pos2/0/0] mpls ldp [P-Pos2/0/0] quit
# Configure S-PE2.
[S-PE2] mpls [S-PE2-mpls] label advertise non-null [S-PE2-mpls] quit [S-PE2] mpls ldp [S-PE2-mpls-ldp] quit [S-PE2] mpls ldp remote-peer 3.3.3.9 [S-PE2-mpls-ldp-remote-3.3.3.9] remote-ip 3.3.3.9 [S-PE2] interface pos1/0/0 [S-PE2-Pos1/0/0] mpls [S-PE2-Pos1/0/0] mpls ldp [S-PE2-Pos1/0/0] quit
After the configuration, it should be possible to create LDP sessions between S-PE1 and P, and between P and S-PE. The status is Operational. Take P as an example:
<P> display mpls ldp session
Issue 03 (2008-09-22)
6-111
6 PWE3 Configuration
5.
The PWE3 does not support P2MP. Therefore, if MPLS L2VC is created on ATM sub-interfaces, ATM sub-interfaces must be of P2P type. For configuring transparent ATM cell transport, however, there is no such restriction.
# Configure U-PE1.
[U-PE1] mpls l2vpn [U-PE1-l2vpn] quit [U-PE1] interface pos1/0/0 [U-PE1-Pos1/0/0] mpls static-l2vc destination 3.3.3.9 transmit-vpn-label 300 receive-vpn-label 300 [U-PE1-Pos1/0/0] undo shutdown [U-PE1-Pos1/0/0] quit
NOTE
While configuring mixed PWs switching, note that ip-address vc-id before between in the command is of dynamic PW, while ip-address vc-id after between is of static PW. Both of them cannot be interchanged.
# Configure S-PE1.
[S-PE1] mpls l2vpn [S-PE1-l2vpn] quit [S-PE1] mpls switch-l2vc 4.4.4.9 100 between 2.2.2.9 100 trans 300 recv 300 encapsulation ppp
# Configure S-PE2.
[S-PE2] mpls l2vpn [S-PE2-l2vpn] quit [S-PE2] mpls switch-l2vc 3.3.3.9 100 between 5.5.5.9 100 trans 300 recv 300 encapsulation ppp
# Configure U-PE3.
[U-PE3] mpls l2vpn [U-PE3-l2vpn] quit [U-PE3] interface pos1/0/0 [U-PE3-Pos1/0/0] mpls static-l2vc destination 4.4.4.9 transmit-vpn-label 300 receive-vpn-label 300 [U-PE3-Pos1/0/0] undo shutdown [U-PE3-Pos1/0/0] quit
6.
Verifying the configuration "VC State" of static L2VC on each U-PE should be "up", and "VC State" of switching L2VC on each S-PE should be "up" too. Take U-PE1 and S-PE1 as examples:
<U-PE1> display mpls static-l2vc interface pos 1/0/0 *Client Interface : Pos1/0/0 is up AC Status : up VC State : up VC ID : 0 VC Type : PPP Destination : 3.3.3.9
6-112
Issue 03 (2008-09-22)
6 PWE3 Configuration
Transmit VC Label : 300 Receive VC Label : 300 Control Word : Disable VCCV Capabilty : Disable Tunnel Policy : -PW Template Name : -Traffic Behavior : -Main or Secondary : Main VC tunnel/token info : 1 tunnels/tokens NO.0 TNL Type : lsp , TNL ID : 0x2002001 Create time : 0 days, 0 hours, 12 minutes, 6 seconds UP time : 0 days, 0 hours, 9 minutes, 5 seconds Last change time : 0 days, 0 hours, 9 minutes, 5 seconds <S-PE1> display mpls switch-l2vc Total Switch VC : 1, 1 up, 0 down *Switch-l2vc type : LDP<---->SVC Peer IP Address : 4.4.4.9, 2.2.2.9 VC ID : 100, 100 VC Type : PPP VC State : up Session State : up, None Local(In)/Remote(Out) Label : 21504/21504, 300/300 Local/Remote MTU : 1500/1500, 1500 Local/Remote Control Word : Disable/Disable, Disable Local/Remote VCCV Capability : Disable/Disable, Disable Local/Remote Frag Capability : Disable/Disable Switch-l2vc tunnel info : 1 tunnels for peer 4.4.4.9 NO.0 TNL Type : lsp , TNL ID : 0x3002002 1 tunnels for peer 2.2.2.9 NO.0 TNL Type : lsp , TNL ID : 0x1002000 Create time : 0 days, 0 hours, 10 minutes, 16 seconds UP time : 0 days, 0 hours, 4 minutes, 38 seconds Last change time : 0 days, 0 hours, 4 minutes, 38 seconds
Configuration Files
l
Issue 03 (2008-09-22)
6-113
6 PWE3 Configuration
6-114
Issue 03 (2008-09-22)
6 PWE3 Configuration
Configuration file of P
# sysname P # mpls lsr-id 1.1.1.9 mpls # mpls ldp # isis 1 network-entity 10.0000.0000.0003.00 # interface Pos1/0/0 link-protocol ppp undo shutdown ip address 30.1.1.2 255.255.255.0 isis enable 1 mpls mpls ldp # interface Pos2/0/0 link-protocol ppp undo shutdown ip address 40.1.1.1 255.255.255.0 isis enable 1 mpls mpls ldp # interface LoopBack0 ip address 1.1.1.9 255.255.255.255 isis enable 1 # return
Issue 03 (2008-09-22)
6-115
6 PWE3 Configuration
6-116
6 PWE3 Configuration
As shown in Figure 6-22, you should check the connectivity of the master PW and the backup PW using the BFD to ensure that if the master PW is faulty, services can be switched to the backup PW within 50ms. Figure 6-22 Networking diagram of configuring a static BFD that checks PWs
PW1
Loopback1 2.2.2.2/32 POS1/0/1 100.1.1.2/30 Loopback1 1.1.1.1/32 POS1/0/0 10.1.1.1/30 POS1/0/0 POS1/0/0 100.2.1.1/30 Loopback1 4.4.4.4/32 POS1/0/0
CE1
P1
POS1/0/1 100.1.1.1/30
CE2
PE1 POS1/0/2
200.1.1.1/30 POS1/0/1 200.1.1.2/30
Loopback1 3.3.3.3/32
P2
POS1/0/0 200.2.1.1/30
PE3
PW2
Configuration Roadmap
The configuration roadmap is as follows: 1. 2. 3. Configure the MPLS network to make the Network Layer reachable. On the AC interface of PE1, configure PW1 (from PE1 to PE2) and PW2 (from PE1 to PE3) that serve as the master and the backup PW respectively. Configure BFD sessions that check PW1 and PW2.
Data Preparation
To complete the configuration, you need the following data:
l l l
IP addresses for the interfaces VC IDs for PWs Name, the local discriminator, and the remote discriminator of the BFD session
Configuration Procedure
1. Configure an IP address for the interface through which a CE is connected to a PE. # Configure CE1.
Issue 03 (2008-09-22) Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd. 6-117
6 PWE3 Configuration
<Quidway> system-view [Quidway] sysname CE1 [CE1] interface pos 1/0/0 [CE1-Pos1/0/0] ip address 10.1.1.1 30 [CE1-Pos1/0/0] ip address 10.1.2.1 30 sub [CE1-Pos1/0/0] undo shutdown [CE1-Pos1/0/0] quit
# Configure CE2.
<Quidway> system-view [Quidway] sysname CE2 [CE2] interface pos 1/0/0 [CE2-Pos1/0/0] ip address 10.1.1.2 30 [CE2-Pos1/0/0] undo shutdown [CE2-Pos1/0/0] quit [CE2] interface pos 1/0/1 [CE2-Pos1/0/1] ip address 10.1.2.2 30 [CE2-Pos1/0/1] undo shutdown [CE2-Pos1/0/1] quit
2.
Configure the IGP protocol for the MPLS backbone so that PEs and Ps in the backbone can internetwork. # Configure PE1.
[PE1] interface loopback 1 [PE1-LoopBack1] ip address 1.1.1.1 32 [PE1-LoopBack1] quit [PE1] interface pos 1/0/1 [PE1-Pos1/0/1] ip address 100.1.1.1 30 [PE1-Pos1/0/1] undo shutdown [PE1-Pos1/0/1] quit [PE1] interface pos 1/0/2 [PE1-Pos1/0/2] ip address 200.1.1.1 30 [PE1-Pos1/0/2] undo shutdown [PE1-Pos1/0/2] quit [PE1] ospf 1 [PE1-ospf-1] area 0 [PE1-ospf-1-area-0.0.0.0] network 1.1.1.1 0.0.0.0 [PE1-ospf-1-area-0.0.0.0] network 100.1.1.0 0.0.0.3 [PE1-ospf-1-area-0.0.0.0] network 200.1.1.0 0.0.0.3
Configure P1.
[P1] interface loopback 1 [P1-LoopBack1] ip address 2.2.2.2 32 [P1-LoopBack1] quit [P1] interface pos 1/0/0 [P1-Pos1/0/1] ip address 100.2.1.1 30 [P1-Pos1/0/1] undo shutdown [P1-Pos1/0/1] quit [P1] interface pos 1/0/1 [P1-Pos1/0/1] ip address 100.1.1.2 30 [P1-Pos1/0/1] undo shutdown [P1-Pos1/0/1] quit [P1] ospf 1 [P1-ospf-1] area 0 [P1-ospf-1-area-0.0.0.0] network 2.2.2.2 0.0.0.0 [P1-ospf-1-area-0.0.0.0] network 100.1.1.0 0.0.0.3 [P1-ospf-1-area-0.0.0.0] network 100.2.1.0 0.0.0.3
# Configure P2.
[P2] interface loopback 1 [P2-LoopBack1] ip address 3.3.3.3 32 [P2-LoopBack1] quit [P2] interface pos 1/0/0 [P2-Pos1/0/1] ip address 200.2.1.1 30 [P2-Pos1/0/1] undo shutdown [P2-Pos1/0/1] quit [P2] interface pos 1/0/1 [P2-Pos1/0/1] ip address 200.1.1.2 30
6-118
Issue 03 (2008-09-22)
6 PWE3 Configuration
# Configure PE2.
[PE2] interface loopback 1 [PE2-LoopBack1] ip address 4.4.4.4 32 [PE2-LoopBack1] quit [PE2] interface pos 1/0/1 [PE2-Pos1/0/1] ip address 100.2.1.2 30 [PE2-Pos1/0/1] undo shutdown [PE2-Pos1/0/1] quit [PE2] ospf 1 [PE2-ospf-1] area 0 [PE2-ospf-1-area-0.0.0.0] network 4.4.4.4 0.0.0.0 [PE2-ospf-1-area-0.0.0.0] network 100.2.1.0 0.0.0.3
# Configure PE3.
[PE3] interface loopback 1 [PE3-LoopBack1] ip address 5.5.5.5 32 [PE3-LoopBack1] quit [PE3] interface pos1/0/0 [PE3-Pos1/0/0] ip address 200.2.1.2 30 [PE3-Pos1/0/0] undo shutdown [PE3-Pos1/0/0] quit [PE3] ospf 1 [PE3-ospf-1] area 0 [PE3-ospf-1-area-0.0.0.0] network 5.5.5.5 0.0.0.0 [PE3-ospf-1-area-0.0.0.0] network 200.2.1.0 0.0.0.3
After the configuration, run the display ip routing-table command on PEs, and you can see that PE1 and PE2, and PE1 and PE3 have learnt the loopback address of each other. Take the display of PE1 as an example:
<PE1> display ip routing-table Route Flags: R - relied, D - download to fib -----------------------------------------------------------------------------Routing Tables: Public Destinations : 15 Routes : 15 Destination/Mask Proto Pre Cost Flags NextHop Interface 1.1.1.1/32 Direct 0 0 D 127.0.0.1 InLoopBack0 2.2.2.2/32 OSPF 10 2 D 100.1.1.2 Pos1/0/1 3.3.3.3/32 OSPF 10 2 D 200.1.1.2 Pos1/0/2 4.4.4.4/32 OSPF 10 3 D 100.1.1.2 Pos1/0/1 5.5.5.5/32 OSPF 10 3 D 200.1.1.2 Pos1/0/2 100.1.1.0/30 Direct 0 0 D 100.1.1.1 Pos1/0/1 100.1.1.1/32 Direct 0 0 D 127.0.0.1 InLoopBack0 100.1.1.2/32 Direct 0 0 D 100.1.1.2 Pos1/0/1 100.2.1.0/30 OSPF 10 2 D 100.1.1.2 Pos1/0/1 127.0.0.0/8 Direct 0 0 D 127.0.0.1 InLoopBack0 127.0.0.1/32 Direct 0 0 D 127.0.0.1 InLoopBack0 200.1.1.0/30 Direct 0 0 D 200.1.1.1 Pos1/0/2 200.1.1.1/32 Direct 0 0 D 127.0.0.1 InLoopBack0 200.1.1.2/32 Direct 0 0 D 200.1.1.2 Pos1/0/2 200.2.1.0/30 OSPF 10 2 D 200.1.1.2 Pos1/0/2
3.
Configure basic MPLS functions for the MPLS backbone. # Enable MPLS, and specify LSR-ID as the IP address of loopback 1.Enable MPLS and MPLS LDP for the interfaces in the backbone. # Configure PE1.
[PE1] mpls lsr-id 1.1.1.1 [PE1] mpls [PE1-mpls] quit [PE1] mpls ldp
Issue 03 (2008-09-22)
6-119
6 PWE3 Configuration
[PE1-mpls-ldp] quit [PE1] interface pos1/0/1 [PE1-Pos1/0/1] mpls [PE1-Pos1/0/1] mpls ldp [PE1-Pos1/0/1] quit [PE1] interface pos1/0/2 [PE1-Pos1/0/2] mpls [PE1-Pos1/0/2] mpls ldp [PE1-Pos1/0/2] quit
Configure P1.
[P1] mpls lsr-id 2.2.2.2 [P1] mpls [P1-mpls] quit [P1] mpls ldp [P1-mpls-ldp] quit [P1] interface pos 1/0/0 [P1-Pos1/0/0] mpls [P1-Pos1/0/0] mpls ldp [P1-Pos1/0/0] quit [P1] interface pos 1/0/1 [P1-Pos1/0/1] mpls [P1-Pos1/0/1] mpls ldp [P1-Pos1/0/1] quit
# Configure P2.
[P2] mpls lsr-id 3.3.3.3 [P2] mpls [P2-mpls] quit [P2] mpls ldp [P2-mpls-ldp] quit [P2] interface pos 1/0/0 [P2-Pos1/0/0] mpls [P2-Pos1/0/0] mpls ldp [P2-Pos1/0/0] quit [P2] interface pos 1/0/1 [P2-Pos1/0/1] mpls [P2-Pos1/0/1] mpls ldp [P2-Pos1/0/1] quit
# Configure PE2.
[PE2] mpls lsr-id 4.4.4.4 [PE2] mpls [PE2-mpls] quit [PE2] mpls ldp [PE2-mpls-ldp] quit [PE2] interface pos 1/0/1 [PE2-Pos1/0/1] mpls [PE2-Pos1/0/1] mpls ldp [PE2-Pos1/0/1] quit
# Configure PE3.
[PE3] mpls lsr-id 5.5.5.5 [PE3] mpls [PE3-mpls] quit [PE3] mpls ldp [PE3-mpls-ldp] quit [PE3] interface pos 1/0/0 [PE3-Pos1/0/0] mpls [PE3-Pos1/0/0] mpls ldp [PE3-Pos1/0/0] quit
After the configuration, run the display tunnel-info all command on PEs, and you can see that there are MPLS LSP tunnels between PE1 and PE2, and PE1 and PE3. Take the display of PE1 as an example.
<PE1> display tunnel-info all * -> Allocated VC Token Tunnel ID Type Destination Token
6-120
Issue 03 (2008-09-22)
6 PWE3 Configuration
---------------------------------------------------------------------0x1002000 lsp 2.2.2.2 0 0x1002001 lsp -1 0x1002002 lsp 3.3.3.3 2 0x1002003 lsp -3 0x1002004 lsp 4.4.4.4 4 0x1002005 lsp -5 0x1002006 lsp 5.5.5.5 6 0x1002007 lsp -7
Run the display mpls ldp session command on PE, and you can see that the status of the LDP peer relationship between PEs and the adjacent Ps is Operational. Take the display of PE1 as an example:
<PE1> display mpls ldp session LDP Session(s) in Public Network -----------------------------------------------------------------------------Peer-ID Status LAM SsnRole SsnAge KA-Sent/Rcv -----------------------------------------------------------------------------2.2.2.2:0 Operational DU Passive 000:00:03 16/16 3.3.3.3:0 Operational DU Passive 000:00:03 13/13 -----------------------------------------------------------------------------TOTAL: 2 session(s) Found. LAM : Label Advertisement Mode SsnAge Unit : DDD:HH:MM
4.
Set up remote LDP sessions between PEs. # For a remote LDP session, the specified IP address is usually the IP address of the loopback interface of the remote LDP peer.
NOTE
If PEs are directly connected to each other, you do not have to manually configure remote LDP sessions for them.
# Configure PE1.
[PE1] mpls ldp remote-peer 4.4.4.4 [PE1-mpls-ldp-remote-4.4.4.4] remote-ip 4.4.4.4 [PE1-mpls-ldp-remote-4.4.4.4] quit [PE1] mpls ldp remote-peer 5.5.5.5 [PE1-mpls-ldp-remote-5.5.5.5] remote-ip 5.5.5.5 [PE1-mpls-ldp-remote-5.5.5.5] quit
# Configure PE2.
[PE2] mpls ldp remote-peer 1.1.1.1 [PE2-mpls-ldp-remote-1.1.1.1] remote-ip 1.1.1.1 [PE2-mpls-ldp-remote-1.1.1.1] quit
# Configure PE3.
[PE3] mpls ldp remote-peer 1.1.1.1 [PE3-mpls-ldp-remote-1.1.1.1] remote-ip 1.1.1.1 [PE3-mpls-ldp-remote-1.1.1.1] quit
After the configuration, run the display mpls ldp session command on PEs, and you can see that the status of the remote LDP peer relationship between PEs is Operational. That is, the remote peer relationship has been set up. Take the display of PE1 as an example:
<PE1> display mpls ldp session LDP Session(s) in Public Network -----------------------------------------------------------------------------Peer-ID Status LAM SsnRole SsnAge KA-Sent/Rcv -----------------------------------------------------------------------------2.2.2.2:0 Operational DU Passive 000:00:06 27/27
Issue 03 (2008-09-22)
6-121
6 PWE3 Configuration
3.3.3.3:0 4.4.4.4:0 5.5.5.5:0 Operational DU Operational DU Operational DU
-----------------------------------------------------------------------------TOTAL: 4 session(s) Found. LAM : Label Advertisement Mode SsnAge Unit : DDD:HH:MM
5.
# Configure PE2.
[PE2] mpls l2vpn [PE2-l2vpn] quit [PE2] pw-template 2to1 [PE2-pw-template-2to1] peer 1.1.1.1 [PE2-pw-template-2to1] control-word [PE2-pw-template-2to1] vccv cc cw cv bfd [PE2-pw-template-2to1] quit [PE2] interface pos 1/0/0 [PE2-Pos1/0/0] mpls l2vc pw-template 2to1 100 [PE2-Pos1/0/0] undo shutdown [PE2-Pos1/0/0] quit
# Configure PE3.
[PE3] mpls l2vpn [PE3-l2vpn] quit [PE3] pw-template 3to1 [PE3-pw-template-3to1] peer 1.1.1.1 [PE3-pw-template-3to1] control-word [PE3-pw-template-3to1] vccv cc cw cv bfd [PE3-pw-template-3to1] quit [PE3] interface pos 1/0/1 [PE3-Pos1/0/1] mpls l2vc pw-template 3to1 200 [PE3-Pos1/0/1] undo shutdown [PE3-Pos1/0/1] quit
After the configuration, run the display pw-template command on PEs, and you can view the configuration information about the PW template, with VCCV capacity being enabled on it. Take the display of PE1 as an example.
<PE1> display pw-template Total PW template number : 2 PW Template Name : 1to2 PeerIP : 4.4.4.4 Tnl Policy Name : -CtrlWord : Enable VCCV Capability : cw bfd Behavior Name : -Total PW : 1, Static PW : 0, LDP PW : 1, Rsvp PW : 0
6-122
Issue 03 (2008-09-22)
6 PWE3 Configuration
1to3 5.5.5.5 -Enable cw bfd -1, Static PW : 0, LDP PW : 1, Rsvp PW : 0
Check the L2VPN connection information on PEs by running the display mpls l2vc interface command, and you can see that PWs have been successfully set up, and are in the Active state. The BFD for PW function is enabled on neither the master PW nor the backup PW. Take the display of PE1 as an example.
<PE1> display mpls l2vc interface pos 1/0/0 *client interface : Pos1/0/0 is up session state : up AC state : up VC state : up VC ID : 100 VC type : PPP destination : 4.4.4.4 local group ID : 0 remote group ID : 0 local VC label : 21504 remote VC label : 21504 local AC OAM State : up local PSN State : up local forwarding state : forwarding remote AC OAM state : up remote PSN state : up remote forwarding state: forwarding BFD for PW : unavailable manual fault : not set active state : active forwarding entry : exist link state : up local VC MTU : 1500 remote VC MTU : 1500 local VCCV : cw bfd remote VCCV : cw bfd local fragmentantion : disable remote fragmentantion: disable local control word : enable remote control word : enable tunnel policy : -traffic behavior : -PW template name : 1to2 primary or secondary : primary VC tunnel/token info : 1 tunnels/tokens NO.0 TNL type : lsp , TNL ID : 0x1002004 create time : 0 days, 1 hours, 22 minutes, 22 seconds up time : 0 days, 1 hours, 21 minutes, 14 seconds last change time : 0 days, 1 hours, 21 minutes, 14 seconds *client interface : Pos1/0/0 is up session state : up AC state : up VC state : up VC ID : 200 VC type : PPP destination : 5.5.5.5 local group ID : 0 remote group ID : 0 local VC label : 21505 remote VC label : 21504 local AC OAM state : up local PSN state : up local forwarding state : forwarding remote AC OAM state : up remote PSN state : up remote forwarding state: forwarding BFD for PW : unavailable manual fault : not set active state : inactive forwarding entry : existent link state : up
Issue 03 (2008-09-22)
6-123
6 PWE3 Configuration
local VC MTU local VCCV remote VCCV local fragmentation local control word tunnel policy traffic behavior PW template name primary or secondary VC tunnel/token info NO.0 TNL type : lsp create time up time last change time reroute policy reason of last reroute time of last reroute delay timer ID resume timer ID : : : : : : : : : : : : : : : : : :
6.
The local discriminator and remote discriminator of a BFD session should correspond to each other, and cannot be modified after being configured.
# Configure PE1.
[PE1] bfd [PE1-bfd] quit [PE1] bfd 1to2 bind pw interface pos 1/0/0 [PE1-bfd-lsp-session-1to2] discriminator local 12 [PE1-bfd-lsp-session-1to2] discriminator remote 21 [PE1-bfd-lsp-session-1to2] commit [PE1-bfd-lsp-session-1to2] quit [PE1] bfd 1to3 bind pw interface pos 1/0/0 secondary [PE1-bfd-lsp-session-1to3] discriminator local 13 [PE1-bfd-lsp-session-1to3] discriminator remote 31 [PE1-bfd-lsp-session-1to3] commit [PE1-bfd-lsp-session-1to3] quit
# Configure PE2.
[PE2] bfd [PE2-bfd] quit [PE2] bfd 2to1 bind pw interface pos 1/0/0 [PE2-bfd-lsp-session-2to1] discriminator local 21 [PE2-bfd-lsp-session-2to1] discriminator remote 12 [PE2-bfd-lsp-session-2to1] commit [PE2-bfd-lsp-session-2to1] quit
# Configure PE3.
[PE3] bfd [PE3-bfd] quit [PE3] bfd 3to1 bind pw interface pos 1/0/1 [PE3-bfd-lsp-session-3to1] discriminator local 31 [PE3-bfd-lsp-session-3to1] discriminator remote 13 [PE3-bfd-lsp-session-3to1] commit [PE3-bfd-lsp-session-3to1] quit
After the configuration, BFD sessions are set up between PE1 and PE2, and PE1 and PE3.Run the display bfd session all command, and you can see the State is Up. Take the display of PE1 as an example.
<PE1> display bfd session all ------------------------------------------------------------------------------Local Remote PeerIpAddr InterfaceName State Type ------------------------------------------------------------------------------12 21 --.--.--.-Pos1/0/0 Up S_PW(M)
6-124
Issue 03 (2008-09-22)
6 PWE3 Configuration
Run the display bfd configuration all command, and you can view the configuration information about BFDs, and the status of Commit is True.
<PE1> display bfd configuration all ------------------------------------------------------------------------------CFG Name CFG Type LocalDiscr MIndex SessNum Commit AdminDown ------------------------------------------------------------------------------1to2 Static_PW(M) 12 256 1 True False 1to3 Static_PW(S) 13 257 1 True False ------------------------------------------------------------------------------Total Commit/Uncommit CFG Number : 2/0
7.
Verify the configuration. When the master PW is working properly, the master address of CE1 can ping through the address of CE2, which is 10.1.1.2.When the backup PW is not working, the backup address of CE1 cannot ping through the address of CE2, which is 10.1.2.2.
<CE1> ping 10.1.1.2 PING 10.1.1.2: 56 data bytes, press CTRL_C to break Reply from 10.1.1.2: bytes=56 Sequence=1 ttl=255 time=140 ms Reply from 10.1.1.2: bytes=56 Sequence=2 ttl=255 time=90 ms Reply from 10.1.1.2: bytes=56 Sequence=3 ttl=255 time=120 ms Reply from 10.1.1.2: bytes=56 Sequence=4 ttl=255 time=120 ms Reply from 10.1.1.2: bytes=56 Sequence=5 ttl=255 time=130 ms --- 10.1.1.2 ping statistics --5 packet(s) transmitted 5 packet(s) received 0.00% packet loss round-trip min/avg/max = 90/120/140 ms <CE1> ping 10.1.2.2 PING 10.1.2.2: 56 data bytes, press CTRL_C to break Request time out Request time out Request time out Request time out Request time out --- 10.1.2.2 ping statistics --5 packet(s) transmitted 0 packet(s) received 100.00% packet loss
# Run the display mpls l2vc interface command on PEs to view the statuses of PWs. You can see that the BFD for PW function is enabled on both the master PW and the backup PW, and that the BFD state is up.
<PE1> display mpls l2vc interface pos 1/0/0 *client interface : Pos1/0/0 is up session state : up AC state : up VC state : up VC ID : 100 VC type : PPP destination : 4.4.4.4 local group ID : 0 remote group ID local VC label : 21504 remote VC label local AC OAM State : up local PSN State : up local forwarding state : forwarding remote AC OAM state : up remote PSN state : up remote forwarding state: forwarding BFD for PW : available
: 0 : 21504
Issue 03 (2008-09-22)
6-125
6 PWE3 Configuration
BFD sessionIndex : manual fault : active state : forwarding entry : link state : local VC MTU : local VCCV : remote VCCV : local fragmentantion : local control word : tunnel policy : traffic behavior : PW template name : primary or secondary : VC tunnel/token info : NO.0 TNL type : lsp create time : up time : last change time : *client interface : session state : AC state : VC state : VC ID : VC type : destination : local group ID : local VC label : local AC OAM state : local PSN state : local forwarding state : remote AC OAM state : remote PSN state : remote forwarding state: BFD for PW : BFD sessionIndex : manual fault : active state : forwarding entry : link state : local VC MTU : local VCCV : remote VCCV : local fragmentation : local control word : tunnel policy : traffic behavior : PW template name : primary or secondary : VC tunnel/token info : NO.0 TNL type : lsp create time : up time : last change time : reroute policy : reason of last reroute : time of last reroute : delay timer ID : resume timer ID :
Simulate a failure of the master PW by shutting down the POS1/0/1 interface of PE1, and the master address of CE1 cannot ping through the address of CE2, which is 10.1.1.2.When the backup PW is working, the backup address of CE1 can ping through the address of CE2, which is 10.1.2.2.
<CE1> ping 10.1.1.2 PING 10.1.1.2: 56 data bytes, press CTRL_C to break Request time out Request time out Request time out
6-126
Issue 03 (2008-09-22)
6 PWE3 Configuration
Request time out Request time out --- 10.1.1.2 ping statistics --5 packet(s) transmitted 0 packet(s) received 100.00% packet loss <CE1> ping 10.1.2.2 PING 10.1.2.2: 56 data bytes, press CTRL_C to break Reply from 10.1.2.2: bytes=56 Sequence=1 ttl=255 time=140 Reply from 10.1.2.2: bytes=56 Sequence=2 ttl=255 time=160 Reply from 10.1.2.2: bytes=56 Sequence=3 ttl=255 time=160 Reply from 10.1.2.2: bytes=56 Sequence=4 ttl=255 time=160 Reply from 10.1.2.2: bytes=56 Sequence=5 ttl=255 time=160 --- 10.1.2.2 ping statistics --5 packet(s) transmitted 5 packet(s) received 0.00% packet loss round-trip min/avg/max = 140/156/160 ms
ms ms ms ms ms
# Run the display mpls l2vc interface command on PEs again to view the status of PWs. You can see that the VC status of the master PW is down, and BFD for PW is unavailable. The VC status of the backup PW is up, BFD for PW is available, and the BFD state is up.
<PE1> display mpls l2vc interface pos 1/0/0 *client interface : Pos1/0/0 is up session state : down AC state : up VC state : down VC ID : 100 VC type : PPP destination : 4.4.4.4 local group ID : 0 remote group ID : 0 local VC label : 21504 remote VC label : 0 local AC OAM State : up local PSN State : up local forwarding state : not forwarding BFD for PW : unavailable manual fault : not set active state : inactive forwarding entry : not exist link state : down local VC MTU : 1500 remote VC MTU : 0 local VCCV : cw bfd remote VCCV : none local fragmentantion : disable remote fragmentantion: none local control word : enable remote control word : none tunnel policy : -traffic behavior : -PW template name : 1to2 primary or secondary : primary VC tunnel/token info : 0 tunnels/tokens create time : 0 days, 0 hours, 30 minutes, 58 seconds up time : 0 days, 0 hours, 0 minutes, 0 seconds last change time : 0 days, 0 hours, 6 minutes, 46 seconds *client interface : Pos1/0/0 is up session state : up AC state : up VC state : up VC ID : 200 VC type : PPP destination : 5.5.5.5 local group ID : 0 remote group ID : 0 local VC label : 21505 remote VC label : 21504 local AC OAM state : up local PSN state : up local forwarding state : forwarding remote AC OAM state : up remote PSN state : up remote forwarding state: forwarding
Issue 03 (2008-09-22)
6-127
6 PWE3 Configuration
BFD for PW BFD sessionIndex manual fault active state forwarding entry link state local VC MTU local VCCV remote VCCV local fragmentation local control word tunnel policy traffic behavior PW template name primary or secondary VC tunnel/token info NO.0 TNL type : lsp create time up time last change time reroute policy reason of last reroute time of last reroute delay timer ID resume timer ID : : : : : : : : : : : : : : : : : : : : : : : :
Configuration File
l
6-128
Issue 03 (2008-09-22)
6 PWE3 Configuration
Configuration file of P1
# sysname P1 # mpls lsr-id 2.2.2.2 mpls # mpls ldp # interface Pos1/0/0 link-protocol ppp undo shutdown ip address 100.2.1.1 255.255.255.252 mpls mpls ldp # interface Pos1/0/1 link-protocol ppp undo shutdown ip address 100.1.1.2 255.255.255.252 mpls mpls ldp # interface LoopBack1 ip address 2.2.2.2 255.255.255.255 # ospf 1 area 0.0.0.0 network 2.2.2.2 0.0.0.0
Issue 03 (2008-09-22)
6-129
6 PWE3 Configuration
network 100.1.1.0 0.0.0.3 network 100.2.1.0 0.0.0.3 # return l
Configuration file of P2
# sysname P2 # mpls lsr-id 3.3.3.3 mpls # mpls ldp # interface Pos1/0/0 link-protocol ppp undo shutdown ip address 200.2.1.1 255.255.255.252 mpls mpls ldp # interface Pos1/0/1 link-protocol ppp undo shutdown ip address 200.1.1.2 255.255.255.252 mpls mpls ldp # interface LoopBack1 ip address 3.3.3.3 255.255.255.255 # ospf 1 area 0.0.0.0 network 3.3.3.3 0.0.0.0 network 200.1.1.0 0.0.0.3 network 200.2.1.0 0.0.0.3 # return
6-130
Issue 03 (2008-09-22)
6 PWE3 Configuration
Issue 03 (2008-09-22)
6-131
6 PWE3 Configuration
link-protocol ppp undo shutdown ip address 10.1.1.2 255.255.255.252 # interface Pos1/0/1 link-protocol ppp undo shutdown ip address 10.1.2.2 255.255.255.252 # return
CE1
CE2
Configuration Roadmap
The configuration roadmap is as follows: 1. 2. 3. Set up a Martini MPLS L2VPN between CE1 and CE2. Enable MPLS L2VPN on PE1 and PE2, and set up a VC connection. Configure basic BFD functions that trigger the dynamic creation of BFD for the PW on PEs.
Data Preparation
To complete the configuration, you need the following data:
l
6-132
6 PWE3 Configuration
Configuration Procedure
1. Configure an IP address for the interface through which a CE is connected to a PE. # Configure CE1.
<Quidway> system-view [Quidway] sysname CE1 [CE1] interface pos 1/0/0 [CE1-Pos1/0/0] ip address 10.1.1.1 30 [CE1-Pos1/0/0] undo shutdown [CE1-Pos1/0/0] quit
# Configure CE2.
<Quidway> system-view [Quidway] sysname CE2 [CE2] interface pos 1/0/0 [CE2-Pos1/0/0] ip address 10.1.1.2 30 [CE2-Pos1/0/0] undo shutdown [CE2-Pos1/0/0] quit
2.
Configure the IGP for MPLS backbone. Configure the IGP for the MPLS backbone. Take OSPF as an example. # Configure PE1.
[PE1] interface loopback 1 [PE1-LoopBack1] ip address 1.1.1.9 32 [PE1-LoopBack1] quit [PE1] interface pos 2/0/0 [PE1-Pos2/0/0] ip address 100.1.1.1 30 [PE1-Pos2/0/0] undo shutdown [PE1-Pos2/0/0] quit [PE1] ospf 1 [PE1-ospf-1] area 0 [PE1-ospf-1-area-0.0.0.0] network 1.1.1.9 0.0.0.0 [PE1-ospf-1-area-0.0.0.0] network 100.1.1.0 0.0.0.3
# Configure P.
[P] interface loopback 1 [P-LoopBack1] ip address 2.2.2.9 32 [P-LoopBack1] quit [P] interface pos 1/0/0 [P-Pos1/0/0] ip address 100.1.1.2 30 [P-Pos1/0/0] undo shutdown [P-Pos1/0/0] quit [P] interface pos 2/0/0 [P-Pos2/0/0] ip address 100.2.1.1 30 [P-Pos2/0/0] undo shutdown [P-Pos2/0/0] quit [P] ospf 1 [P-ospf-1] area 0 [P-ospf-1-area-0.0.0.0] network 2.2.2.9 0.0.0.0 [P-ospf-1-area-0.0.0.0] network 100.1.1.0 0.0.0.3 [P-ospf-1-area-0.0.0.0] network 100.2.1.0 0.0.0.3
# Configure PE2.
[PE2] interface loopback 1 [PE2-LoopBack1] ip address 3.3.3.9 32 [PE2-LoopBack1] quit [PE2] interface pos 2/0/0 [PE2-Pos2/0/0] ip address 100.2.1.2 30 [PE2-Pos2/0/0] undo shutdown [PE2-Pos2/0/0] quit
Issue 03 (2008-09-22)
6-133
6 PWE3 Configuration
After the configuration, run the display ip routing-table command on PEs, and you can see that PE1 and PE2 have learnt the loopback address of each other. Take the display of PE1 as an example:
<PE1> display ip routing-table Route Flags: R - relied, D - download to fib -----------------------------------------------------------------------------Routing Tables: Public Destinations : 9 Routes : 9 Destination/Mask Proto Pre Cost Flags NextHop Interface 1.1.1.9/32 Direct 0 0 D 127.0.0.1 InLoopBack0 2.2.2.9/32 OSPF 10 2 D 100.1.1.2 Pos2/0/0 3.3.3.9/32 OSPF 10 3 D 100.1.1.2 Pos2/0/0 100.1.1.0/30 Direct 0 0 D 100.1.1.1 Pos2/0/0 100.1.1.1/32 Direct 0 0 D 127.0.0.1 InLoopBack0 100.1.1.2/32 Direct 0 0 D 100.1.1.2 Pos2/0/0 100.2.1.0/30 OSPF 10 2 D 100.1.1.2 Pos2/0/0 127.0.0.0/8 Direct 0 0 D 127.0.0.1 InLoopBack0 127.0.0.1/32 Direct 0 0 D 127.0.0.1 InLoopBack0
3.
Configure basic MPLS functions for the MPLS backbone. # Enable MPLS, and specify LSR-ID as the IP address of loopback 1.Enable MPLS and MPLS LDP for the interfaces in the backbone. # Configure PE1.
[PE1] mpls lsr-id 1.1.1.9 [PE1] mpls [PE1-mpls] quit [PE1] mpls ldp [PE1-mpls-ldp] quit [PE1] interface pos2/0/0 [PE1-Pos2/0/0] mpls [PE1-Pos2/0/0] mpls ldp [PE1-Pos2/0/0] quit
# Configure P.
[P] mpls lsr-id 2.2.2.9 [P] mpls [P-mpls] quit [P] mpls ldp [P-mpls-ldp] quit [P] interface pos 1/0/0 [P-Pos1/0/0] mpls [P-Pos1/0/0] mpls ldp [P-Pos1/0/0] quit [P] interface pos 2/0/0 [P-Pos2/0/0] mpls [P-Pos2/0/0] mpls ldp [P-Pos2/0/0] quit
# Configure PE2.
[PE2] mpls lsr-id 3.3.3.9 [PE2] mpls [PE2-mpls] quit [PE2] mpls ldp [PE2-mpls-ldp] quit [PE2] interface pos 2/0/0 [PE2-Pos2/0/0] mpls [PE2-Pos2/0/0] mpls ldp [PE2-Pos2/0/0] quit
After the configuration, run the display tunnel-info all command on PEs, and you can see that there is an MPLS LSP tunnel between PE1 and PE2.
6-134 Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd. Issue 03 (2008-09-22)
6 PWE3 Configuration
Run the display mpls ldp session command on PEs, and you can see that the status of the LDP peer relationship between a PE and a P is Operational. Take the display of PE1 as an example:
<PE1> display mpls ldp session LDP Session(s) in Public Network -----------------------------------------------------------------------------Peer-ID Status LAM SsnRole SsnAge KA-Sent/Rcv -----------------------------------------------------------------------------2.2.2.9:0 Operational DU Passive 000:00:02 10/10 -----------------------------------------------------------------------------TOTAL: 1 session(s) Found. LAM : Label Advertisement Mode SsnAge Unit : DDD:HH:MM
4.
Set up remote LDP sessions between PEs. # For a remote LDP session, the specified IP address is usually the IP address of the loopback interface of the remote LDP peer.
NOTE
If PEs are directly connected to each other, you do not have to manually configure remote LDP sessions for them.
# Configure PE1.
[PE1] mpls ldp remote-peer 3.3.3.9 [PE1-mpls-ldp-remote-3.3.3.9] remote-ip 3.3.3.9 [PE1-mpls-ldp-remote-3.3.3.9] quit
# Configure PE2.
[PE2] mpls ldp remote-peer 1.1.1.9 [PE2-mpls-ldp-remote-1.1.1.1] remote-ip 1.1.1.9 [PE2-mpls-ldp-remote-1.1.1.1] quit
After the configuration, run the display mpls ldp session command on PEs, and you can see that the status of the remote LDP peers to PEs is Operational. That is, the remote peer relationship has been set up. Take the display of PE1 as an example.
<PE1> display mpls ldp session LDP Session(s) in Public Network -----------------------------------------------------------------------------Peer-ID Status LAM SsnRole SsnAge KA-Sent/Rcv -----------------------------------------------------------------------------2.2.2.9:0 Operational DU Passive 000:00:03 16/16 3.3.3.9:0 Operational DU Passive 000:00:00 2/2 -----------------------------------------------------------------------------TOTAL: 2 session(s) Found. LAM : Label Advertisement Mode SsnAge Unit : DDD:HH:MM
5.
Issue 03 (2008-09-22)
6-135
6 PWE3 Configuration
# Configure PE2.
[PE2] mpls l2vpn [PE2-l2vpn] quit [PE2] pw-template 2to1 [PE2-pw-template-2to1] peer 1.1.1.9 [PE2-pw-template-2to1] control-word [PE2-pw-template-2to1] vccv cc cw cv lsp-ping bfd [PE2-pw-template-2to1] quit [PE2] interface pos 1/0/0 [PE2-Pos1/0/0] mpls l2vc pw-template 2to1 100 [PE2-Pos1/0/0] undo shutdown [PE2-Pos1/0/0] quit
After the configuration, run the display pw-template command on PEs, and you can view the configuration information about the PW template, with VCCV capacity being enabled on it. Take the display of PE1 as an example.
<PE1> display pw-template Total PW template number : 1 PW Template Name : 1to2 PeerIP : 3.3.3.9 Tnl Policy Name : -CtrlWord : Enable VCCV Capability : cw lsp-ping bfd Behavior Name : -Total PW : 1, Static PW : 0, LDP PW : 1, Rsvp PW : 0
Check the L2VPN connection information on PEs, run the display mpls l2vc interface command, and you can see that PWs have been successfully set up, and are in the Active state. The BFD for PW function is disabled on PWs. Take the display of PE1 as an example.
<PE1> display mpls l2vc interface pos 1/0/0 *client interface : Pos1/0/0 is up session state : up AC state : up VC state : up VC ID : 100 VC type : PPP destination : 3.3.3.9 local group ID : 0 remote local VC label : 21504 remote local AC OAM State : up local PSN State : up local forwarding state : forwarding remote AC OAM state : up remote PSN state : up remote forwarding state: forwarding BFD for PW : available manual fault : not set active state : active forwarding entry : exist link state : up local VC MTU : 1500 remote local VCCV : cw lsp-ping bfd remote VCCV : cw lsp-ping bfd local fragmentantion : disable remote local control word : enable remote
group ID VC label
: 0 : 21504
VC MTU
: 1500
6-136
Issue 03 (2008-09-22)
6 PWE3 Configuration
--1to2 primary 1 tunnels/tokens , TNL ID : 0x2002001 : 0 days, 0 hours, 2 minutes, 9 seconds : 0 days, 0 hours, 1 minutes, 9 seconds : 0 days, 0 hours, 1 minutes, 9 seconds
6.
Configure dynamic BFDs between PEs that check the SH-PW. # Configure PE1.
[PE1] bfd [PE1-bfd] quit [PE1] interface pos1/0/0 [PE1-Pos1/0/0] mpls l2vpn pw bfd min-rx-interval 100 min-tx-interval 100 [PE1-Pos1/0/0] quit
# Configure PE2.
[PE2] bfd [PE2-bfd] quit [PE2] interface pos1/0/0 [PE2-Pos1/0/0] mpls l2vpn pw bfd min-rx-interval 100 min-tx-interval 100 [PE2-Pos1/0/0] quit
7.
Verify the configuration. # CE1 and CE2 can ping through each other.
<CE1> ping 10.1.1.2 PING 10.1.1.2: 56 data bytes, press CTRL_C to break Reply from 10.1.1.2: bytes=56 Sequence=1 ttl=255 time=360 ms Reply from 10.1.1.2: bytes=56 Sequence=2 ttl=255 time=60 ms Reply from 10.1.1.2: bytes=56 Sequence=3 ttl=255 time=160 ms Reply from 10.1.1.2: bytes=56 Sequence=4 ttl=255 time=90 ms Reply from 10.1.1.2: bytes=56 Sequence=5 ttl=255 time=160 ms --- 10.1.1.2 ping statistics --5 packet(s) transmitted 5 packet(s) received 0.00% packet loss round-trip min/avg/max = 60/166/360 ms
# Run the display mpls l2vc interface command on PEs to view the status of PWs. You can see that the BFD for PW function is enabled, and that the BFD state is up. Take the display of PE1 as an example.
<PE1> display mpls l2vc interface pos 1/0/0 *client interface : Pos1/0/0 is up session state : up AC state : up VC state : up VC ID : 100 VC type : PPP destination : 3.3.3.9 local group ID : 0 remote group ID local VC label : 21504 remote VC label local AC OAM State : up local PSN State : up local forwarding state : forwarding remote AC OAM state : up remote PSN state : up remote forwarding state: forwarding Dynamic BFD for PW : available Detect Multipier : 3 Min Transit Interval : 100 Max Receive Interval : 100 Dynamic BFD Session : built BFD for PW : available BFD sessionIndex : 256 BFD state : up manual fault : not set
: 0 : 21504
Issue 03 (2008-09-22)
6-137
6 PWE3 Configuration
active state forwarding entry link state local VC MTU local VCCV remote VCCV local fragmentantion local control word tunnel policy traffic behavior PW template name primary or secondary VC tunnel/token info NO.0 TNL type : lsp create time up time last change time : : : : : : : : : : : : :
# Run the display bfd session all verbose command on PEs to view the status of BFDs. You can see that the status of BFD sessions is up, the BFD bind type is PW, and that the PW session type is dynamic. Take the display of PE1 as an example.
<PE1> display bfd session all verbose ------------------------------------------------------------------------------Session MIndex : 256 (One Hop) State : Up Name : dyn_8192 ------------------------------------------------------------------------------Local Discriminator : 8192 Remote Discriminator : 8192 Session Detect Mode : Asynchronous Mode Without Echo Function BFD Bind Type : PW(Master) Bind Session Type : Dynamic Bind Peer Ip Address : --.--.--.-NextHop Ip Address : --.--.--.-Bind Interface : Pos1/0/0 FSM Board Id : 1 TOS-EXP : 6 Min Tx Interval (ms) : 100 Min Rx Interval (ms) : 100 Actual Tx Interval (ms): 100 Actual Rx Interval (ms): 100 Local Detect Multi : 3 Detect Interval (ms) : 300 Echo Passive : Disable Acl Number : -Proc interface status : Disable Process PST : Enable WTR Interval (ms) : -Local Demand Mode : Disable Active Multi : 3 Last Local Diagnostic : No Diagnostic Bind Application : L2VPN | OAM_MANAGER | MPLSFW Session TX TmrID : -Session Detect TmrID : -Session Init TmrID : -Session WTR TmrID : -Session Echo Tx TmrID : -PDT Index : FSM-0 | RCV-0 | IF-0 | TOKEN-0 Session Description : --------------------------------------------------------------------------------
Configuration File
l
6-138
6 PWE3 Configuration
Configuration file of P
# sysname P # mpls lsr-id 2.2.2.9 mpls # mpls ldp # interface Pos1/0/0 link-protocol ppp undo shutdown ip address 100.1.1.2 255.255.255.252 mpls mpls ldp # interface Pos2/0/0 link-protocol ppp undo shutdown ip address 100.2.1.1 255.255.255.252 mpls mpls ldp # interface LoopBack1 ip address 2.2.2.9 255.255.255.255 # ospf 1
Issue 03 (2008-09-22)
6-139
6 PWE3 Configuration
area 0.0.0.0 network 2.2.2.9 0.0.0.0 network 100.1.1.0 0.0.0.3 network 100.2.1.0 0.0.0.3 # return l
6-140
Issue 03 (2008-09-22)
6 PWE3 Configuration
Networking Requirements
As shown in Figure 6-24, CE1 and CE2 are connected to U-PE1 and U-PE2 respectively through PPP.U-PE1 and U-PE2 are linked to each other through the MPLS backbone. A dynamic MHPW is set up between U-PE1 and U-PE2, using the LSP tunnel, and using S-PE as the switching node. Dynamic BFD sessions are required to check the connectivity of the MH-PW between U-PE1 and U-PE2 to ensure the reliability of services on the link. Figure 6-24 Networking diagram of configuring dynamic BFDs that check MH-PW
Loopback0 2.2.2.9/32 Loopback0 3.3.3.9/32 POS1/0/0 20.1.1.2/24 POS2/0/0 20.1.1.1/24
100 PW
P1
S-PE
P2
POS2/0/0 30.1.1.1/24
PW 200
POS2/0/0 10.1.1.1/24
U-PE1
CE1
CE2
Configuration Roadmap
The configuration roadmap is as follows: 1. 2. 3. 4. 5. 6. Configure the IGP routing protocol for the backbone, so that devices in the backbone can internetwork with each other. Configure basic MPLS functions for the backbone, and set up LSP tunnels. Set up MPLS LDP remote peer relationship between U-PE1 and S-PE, and between U-PE2 and S-PE. Create the PW template, and enable the CW and LSP Ping functions. Set up an MPLS L2VC connection between U-PEs. Set up a switching PW on the switching node S-PE. Configure basic BFD functions that trigger the dynamic creation of BFD for PW on U-PEs.
Data Preparation
To complete the configuration, you need the following data:
l l
Issue 03 (2008-09-22)
6 PWE3 Configuration
l l
Configuration Procedure
1. Configure an IP address for the interface through which a CE is connected to a PE. # Configure CE1.
<Quidway> system-view [Quidway] sysname CE1 [CE1] interface pos 1/0/0 [CE1-Pos1/0/0] ip address 100.1.1.1 24 [CE1-Pos1/0/0] undo shutdown [CE1-Pos1/0/0] quit
# Configure CE2.
<Quidway> system-view [Quidway] sysname CE2 [CE2] interface pos 1/0/0 [CE2-Pos1/0/0] ip address 100.1.1.2 24 [CE2-Pos1/0/0] undo shutdown [CE2-Pos1/0/0] quit
2.
Configure the IGP for MPLS backbone. Configure the IGP for the MPLS backbone. Take OSPF as an example. Configure IP addresses for the interfaces of U-PEs, S-PE, and Ps. While configuring OSPF, advertise 32-bit loopback addresses of U-PE1, S-PE, and U-PE2. Configure U-PE1.
[U-PE1] interface loopback 0 [U-PE1-LoopBack0] ip address 1.1.1.9 32 [U-PE1-LoopBack0] quit [U-PE1] interface pos 2/0/0 [U-PE1-Pos2/0/0] ip address 10.1.1.1 24 [U-PE1-Pos2/0/0] undo shutdown [U-PE1-Pos2/0/0] quit [U-PE1] ospf 1 [U-PE1-ospf-1] area 0.0.0.0 [U-PE1-ospf-1-area-0.0.0.0] network 10.1.1.0 0.0.0.255 [U-PE1-ospf-1-area-0.0.0.0] network 1.1.1.9 0.0.0.0 [U-PE1-ospf-1-area-0.0.0.0] quit [U-PE1-ospf-1] quit
Configure P1.
[P1] interface loopback 0 [P1-LoopBack0] ip address 2.2.2.9 32 [P1-LoopBack0] quit [P1] interface pos 1/0/0 [P1-Pos1/0/0] ip address 10.1.1.2 24 [P1-Pos1/0/0] undo shutdown [P1-Pos1/0/0] quit [P1] interface pos 2/0/0 [P1-Pos2/0/0] ip address 20.1.1.1 24 [P1-Pos2/0/0] undo shutdown [P1-Pos2/0/0] quit [P1] ospf 1 [P1-ospf-1] area 0.0.0.0 [P1-ospf-1-area-0.0.0.0] network 10.1.1.0 0.0.0.255 [P1-ospf-1-area-0.0.0.0] network 20.1.1.0 0.0.0.255 [P1-ospf-1-area-0.0.0.0] network 2.2.2.9 0.0.0.0 [P1-ospf-1-area-0.0.0.0] quit [P1-ospf-1] quit
# Configure S-PE.
[S-PE] interface loopback 0
6-142
Issue 03 (2008-09-22)
6 PWE3 Configuration
# Configure P2.
[P2] interface loopback 0 [P2-LoopBack0] ip address 4.4.4.9 32 [P2-LoopBack0] quit [P2] interface pos 1/0/0 [P2-Pos1/0/0] ip address 30.1.1.2 24 [P2-Pos1/0/0] undo shutdown [P2-Pos1/0/0] quit [P2] interface pos 2/0/0 [P2-Pos2/0/0] ip address 40.1.1.1 24 [P2-Pos2/0/0] undo shutdown [P2-Pos2/0/0] quit [P2] ospf 1 [P2-ospf-1] area 0.0.0.0 [P2-ospf-1-area-0.0.0.0] network 30.1.1.0 0.0.0.255 [P2-ospf-1-area-0.0.0.0] network 40.1.1.0 0.0.0.255 [P2-ospf-1-area-0.0.0.0] network 4.4.4.9 0.0.0.0 [P2-ospf-1-area-0.0.0.0] quit [P2-ospf-1] quit
# Configure U-PE2.
[U-PE2] interface loopback 0 [U-PE2-LoopBack0] ip address 5.5.5.9 32 [U-PE2-LoopBack0] quit [U-PE2] interface pos 1/0/0 [U-PE2-Pos1/0/0] ip address 40.1.1.2 24 [U-PE2-Pos1/0/0] undo shutdown [U-PE2-Pos1/0/0] quit [U-PE2] ospf 1 [U-PE2-ospf-1] area 0.0.0.0 [U-PE2-ospf-1-area-0.0.0.0] network 40.1.1.0 0.0.0.255 [U-PE2-ospf-1-area-0.0.0.0] network 1.1.1.9 0.0.0.0 [U-PE2-ospf-1-area-0.0.0.0] quit [U-PE2-ospf-1] quit
After the configuration, run the display ip routing-table command on U-PEs, Ps, or S-PE, and you can find that they have learned the routes to each other's LSR ID. Take the display of S-PE as an example:
<S-PE> display ip routing-table Route Flags: R - relied, D - download to fib -----------------------------------------------------------------------------Routing Tables: Public Destinations : 15 Routes : 15 Destination/Mask Proto Pre Cost Flags NextHop Interface 1.1.1.9/32 OSPF 10 3 D 20.1.1.1 Pos1/0/0 2.2.2.9/32 OSPF 10 2 D 20.1.1.1 Pos1/0/0 3.3.3.9/32 Direct 0 0 D 127.0.0.1 InLoopBack0 4.4.4.9/32 OSPF 10 2 D 30.1.1.2 Pos2/0/0 5.5.5.9/32 OSPF 10 3 D 30.1.1.2 Pos2/0/0 10.1.1.0/24 OSPF 10 2 D 20.1.1.1 Pos1/0/0 20.1.1.0/24 Direct 0 0 D 20.1.1.2 Pos1/0/0
Issue 03 (2008-09-22)
6-143
6 PWE3 Configuration
20.1.1.1/32 20.1.1.2/32 30.1.1.0/24 30.1.1.1/32 30.1.1.2/32 40.1.1.0/24 127.0.0.0/8 127.0.0.1/32 Direct Direct Direct Direct Direct OSPF Direct Direct 0 0 0 0 0 10 0 0 0 0 0 0 0 2 0 0
U-PEs can ping through each other. Take the display of U-PE1 as an example.
<U-PE1> ping 40.1.1.2 PING 40.1.1.2: 56 data bytes, press CTRL_C to break Reply from 40.1.1.2: bytes=56 Sequence=1 ttl=252 time=160 Reply from 40.1.1.2: bytes=56 Sequence=2 ttl=252 time=120 Reply from 40.1.1.2: bytes=56 Sequence=3 ttl=252 time=150 Reply from 40.1.1.2: bytes=56 Sequence=4 ttl=252 time=150 Reply from 40.1.1.2: bytes=56 Sequence=5 ttl=252 time=160 --- 40.1.1.2 ping statistics --5 packet(s) transmitted 5 packet(s) received 0.00% packet loss round-trip min/avg/max = 120/148/160 ms ms ms ms ms ms
3.
Enable MPLS, and set up LSP tunnels and remote LDP sessions. Configure basic MPLS functions for the backbone, set up tunnels between U-PE1 and SPE, and between S-PE and U-PE2, and create remote LDP sessions. Configure U-PE1.
[U-PE1] mpls lsr-id 1.1.1.9 [U-PE1] mpls [U-PE1-mpls] quit [U-PE1] mpls ldp [U-PE1-mpls-ldp] quit [U-PE1] interface pos 2/0/0 [U-PE1-Pos2/0/0] mpls [U-PE1-Pos2/0/0] mpls ldp [U-PE1-Pos2/0/0] quit [U-PE1] mpls ldp remote-peer 3.3.3.9 [U-PE1-mpls-ldp-remote-3.3.3.9] remote-ip 3.3.3.9 [U-PE1-mpls-ldp-remote-3.3.3.9] quit
Configure P1.
[P1] mpls lsr-id 2.2.2.9 [P1] mpls [P1-mpls] quit [P1] mpls ldp [P1-mpls-ldp] quit [P1] interface pos 1/0/0 [P1-Pos1/0/0] mpls [P1-Pos1/0/0] mpls ldp [P1-Pos1/0/0] quit [P1] interface pos 2/0/0 [P1-Pos2/0/0] mpls [P1-Pos2/0/0] mpls ldp [P1-Pos2/0/0] quit
# Configure S-PE.
[S-PE] mpls lsr-id 3.3.3.9 [S-PE] mpls [S-PE-mpls] quit [S-PE] mpls ldp [S-PE-mpls-ldp] quit [S-PE] interface pos 1/0/0 [S-PE-Pos1/0/0] mpls [S-PE-Pos1/0/0] mpls ldp [S-PE-Pos1/0/0] quit [S-PE] interface pos 2/0/0 [S-PE-Pos2/0/0] mpls [S-PE-Pos2/0/0] mpls ldp
6-144
Issue 03 (2008-09-22)
6 PWE3 Configuration
# Configure P2.
[P2] mpls lsr-id 4.4.4.9 [P2] mpls [P2-mpls] quit [P2] mpls ldp [P2-mpls-ldp] quit [P2] interface pos 1/0/0 [P2-Pos1/0/0] mpls [P2-Pos1/0/0] mpls ldp [P2-Pos1/0/0] quit [P2] interface pos 2/0/0 [P2-Pos2/0/0] mpls [P2-Pos2/0/0] mpls ldp [P2-Pos2/0/0] quit
# Configure U-P2.
[U-PE2] mpls lsr-id 5.5.5.9 [U-PE2] mpls [U-PE2-mpls] quit [U-PE2] mpls ldp [U-PE2-mpls-ldp] quit [U-PE2] interface pos 1/0/0 [U-PE2-Pos1/0/0] mpls [U-PE2-Pos1/0/0] mpls ldp [U-PE2-Pos1/0/0] quit [U-PE2] mpls ldp remote-peer 3.3.3.9 [U-PE2-mpls-ldp-remote-3.3.3.9] remote-ip 3.3.3.9 [U-PE2-mpls-ldp-remote-3.3.3.9] quit
After the configuration, run the display mpls ldp session command on U-PEs, Ps, or SPE, and you can see that the Session State is Operational.Run the display mpls ldp peer command, and you can view how the LDP sessions and the peers have been constructed. Run the display mpls lsp, and you can view how LSPs have been constructed. Take the display of S-PE as an example:
<S-PE> display mpls ldp session LDP Session(s) in Public Network -----------------------------------------------------------------------------Peer-ID Status LAM SsnRole SsnAge KA-Sent/Rcv -----------------------------------------------------------------------------1.1.1.9:0 Operational DU Active 000:00:14 57/57 2.2.2.9:0 Operational DU Active 000:00:14 56/56 4.4.4.9:0 Operational DU Passive 000:00:05 22/22 5.5.5.9:0 Operational DU Passive 000:00:12 52/52 -----------------------------------------------------------------------------TOTAL: 4 session(s) Found. LAM : Label Advertisement Mode SsnAge Unit : DDD:HH:MM <S-PE> display mpls ldp peer LDP Peer Information in Public network -----------------------------------------------------------------------------Peer-ID Transport-Address Discovery-Source -----------------------------------------------------------------------------1.1.1.9:0 1.1.1.9 Remote Peer : 1.1.1.9 2.2.2.9:0 2.2.2.9 Pos1/0/0 4.4.4.9:0 4.4.4.9 Pos2/0/0 5.5.5.9:0 5.5.5.9 Remote Peer : 5.5.5.9
Issue 03 (2008-09-22)
6-145
6 PWE3 Configuration
-----------------------------------------------------------------------------TOTAL: 4 Peer(s) Found. <S-PE> display mpls lsp ---------------------------------------------------------------------LSP Information: LDP LSP ---------------------------------------------------------------------FEC In/Out Label In/Out IF Vrf Name 3.3.3.9/32 3/NULL -/1.1.1.9/32 NULL/1024 -/P1/0/0 1.1.1.9/32 1024/1024 -/P1/0/0 2.2.2.9/32 NULL/3 -/P1/0/0 2.2.2.9/32 1025/3 -/P1/0/0 4.4.4.9/32 NULL/3 -/P2/0/0 4.4.4.9/32 1027/3 -/P2/0/0 5.5.5.9/32 NULL/1027 -/P2/0/0 5.5.5.9/32 1026/1027 -/P2/0/0
4.
Create and configure a PW template. Create the PW template on U-PEs, and enable the CW and LSP Ping functions. Configure U-PE1.
[U-PE1] pw-template pwt [U-PE1-pw-template-pwt] [U-PE1-pw-template-pwt] [U-PE1-pw-template-pwt] [U-PE1-pw-template-pwt] peer-address 3.3.3.9 control-word vccv cc cw cv lsp-ping bfd quit
# Configure U-P2.
[U-PE2] pw-template pwt [U-PE2-pw-template-pwt] [U-PE2-pw-template-pwt] [U-PE2-pw-template-pwt] [U-PE2-pw-template-pwt] peer-address 3.3.3.9 control-word vccv cc cw cv lsp-ping bfd quit
After the configuration, run the display pw-template command on PEs, and you can view the configuration information about the PW template, with VCCV capacity being enabled on it. Take the display of U-PE1 as an example.
<U-PE1> display pw-template Total PW template number : 1 PW Template Name : pwt PeerIP : 3.3.3.9 Tnl Policy Name : -CtrlWord : Enable VCCV Capability : cw lsp-ping bfd Behavior Name : -Total PW : 1, Static PW : 0, LDP PW : 1, Rsvp PW : 0
5.
Set up a VC connection. Enable MPLS L2VPN on U-PE1, U-PE2, and S-PE. Configure a dynamic PW on U-PEs, and implement dynamic PW switching on S-PEs.
NOTE
PWE3 does not support P2MP. Therefore, if you want to set up MPLS L2VC on ATM subinterfaces, they must be of P2P type. For configuring transparent ATM cell transport, however, there is no such restriction.
# Configure U-PE1.
[U-PE1] mpls l2vpn [U-PE1-l2vpn] quit [U-PE1] interface pos 1/0/0 [U-PE1-Pos1/0/0] mpls l2vc pw-template pwt 100 [U-PE1-Pos1/0/0] undo shutdown [U-PE1-Pos1/0/0] quit
6-146
Issue 03 (2008-09-22)
6 PWE3 Configuration
# Configure S-PE.
[S-PE] mpls l2vpn [S-PE-l2vpn] quit [S-PE] mpls switch-l2vc 1.1.1.9 100 between 5.5.5.9 200 encapsulation ppp
# Configure U-PE2.
[U-PE2] mpls l2vpn [U-PE2-l2vpn] quit [U-PE2] interface pos 2/0/0 [U-PE2-Pos2/0/0] mpls l2vc pw-template pwt 200 [U-PE2-Pos2/0/0] undo shutdown [U-PE2-Pos2/0/0] quit
After the configuration, check the L2VPN connection information on PEs. Run the display mpls l2vc interface command, and you can see that PWs have been successfully set up, and are in the Active state. The BFD for PW function is disabled on PWs. Take the display of U-PE1 as an example.
<U-PE1> display mpls l2vc interface pos 1/0/0 *client interface : Pos1/0/0 is up session state : up AC state : up VC state : up VC ID : 100 VC type : PPP destination : 3.3.3.9 local group ID : 0 remote group ID : 0 local VC label : 21504 remote VC label : 21505 local AC OAM State : up local PSN State : up local forwarding state : forwarding remote AC OAM state : up remote PSN state : up remote forwarding state: forwarding BFD for PW : available manual fault : not set active state : active forwarding entry : exist link state : up local VC MTU : 1500 remote VC MTU : 1500 local VCCV : cw lsp-ping bfd remote VCCV : cw lsp-ping bfd local fragmentantion : disable remote fragmentantion: disable local control word : enable remote control word : enable tunnel policy : -traffic behavior : -PW template name : pwt primary or secondary : primary VC tunnel/token info : 1 tunnels/tokens NO.0 TNL type : lsp , TNL ID : 0x2002003 create time : 0 days, 0 hours, 2 minutes, 40 seconds up time : 0 days, 0 hours, 0 minutes, 59 seconds last change time : 0 days, 0 hours, 0 minutes, 59 seconds
6.
Configure dynamic BFDs between PEs that check the MH-PW. # Configure U-PE1.
[U-PE1] bfd [U-PE1-bfd] quit [U-PE1] interface pos1/0/0 [U-PE1-Pos1/0/0] mpls l2vpn pw bfd min-rx-interval 100 min-tx-interval 100 remote-vcid 200 [U-PE1-Pos1/0/0] quit
# Configure U-PE2.
[U-PE2] bfd [U-PE2-bfd] quit [U-PE2] interface pos2/0/0
Issue 03 (2008-09-22)
6-147
6 PWE3 Configuration
7.
Verify the configuration. # CE1 and CE2 can ping through each other.
<CE1> ping 100.1.1.2 PING 100.1.1.2: 56 data bytes, press CTRL_C to break Reply from 100.1.1.2: bytes=56 Sequence=1 ttl=255 time=600 Reply from 100.1.1.2: bytes=56 Sequence=2 ttl=255 time=160 Reply from 100.1.1.2: bytes=56 Sequence=3 ttl=255 time=220 Reply from 100.1.1.2: bytes=56 Sequence=4 ttl=255 time=210 Reply from 100.1.1.2: bytes=56 Sequence=5 ttl=255 time=220 --- 100.1.1.2 ping statistics --5 packet(s) transmitted 5 packet(s) received 0.00% packet loss round-trip min/avg/max = 160/282/600 ms ms ms ms ms ms
# Run the display mpls l2vc interface command on U-PEs to view the status of PWs. You can see that the dynamic BFD for PW function is enabled, and that the BFD state is up. Take the display of U-PE1 as an example.
<U-PE1> display mpls l2vc interface pos 1/0/0 *client interface : Pos1/0/0 is up session state : up AC state : up VC state : up VC ID : 100 VC type : PPP destination : 3.3.3.9 local group ID : 0 remote group ID : 0 local VC label : 21504 remote VC label : 21505 local AC OAM State : up local PSN State : up local forwarding state : forwarding remote AC OAM state : up remote PSN state : up remote forwarding state: forwarding Dynamic BFD for PW : available Detect Multipier : 3 Min Transit Interval : 100 Max Receive Interval : 100 Dynamic BFD Session : built BFD for PW : available BFD sessionIndex : 256 BFD state : up manual fault : not set active state : active forwarding entry : exist link state : up local VC MTU : 4470 remote VC MTU : 4470 local VCCV : cw lsp-ping bfd remote VCCV : cw lsp-ping bfd local fragmentantion : disable remote fragmentantion: disable local control word : enable remote control word : enable tunnel policy : -traffic behavior : -PW template name : pwt primary or secondary : primary VC tunnel/token info : 1 tunnels/tokens NO.0 TNL type : lsp , TNL ID : 0x2002003 create time : 0 days, 0 hours, 24 minutes, 0 seconds up time : 0 days, 0 hours, 15 minutes, 0 seconds last change time : 0 days, 0 hours, 15 minutes, 0 seconds
# Run the display bfd session all verbose command on U-PEs to view the status of BFDs. You can see that the status of the BFD sessions is Up, the BFD bind type is PW, and the PW session type is dynamic.
6-148 Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd. Issue 03 (2008-09-22)
6 PWE3 Configuration
Configuration File
l
Issue 03 (2008-09-22)
6-149
6 PWE3 Configuration
Configuration file of P1
# sysname P1 # mpls lsr-id 2.2.2.9 mpls # mpls ldp # interface Pos1/0/0 link-protocol ppp undo shutdown ip address 10.1.1.2 255.255.255.0 mpls mpls ldp # interface Pos2/0/0 link-protocol ppp undo shutdown ip address 20.1.1.1 255.255.255.0 mpls mpls ldp # interface LoopBack0 ip address 2.2.2.9 255.255.255.255 # ospf 1 area 0.0.0.0 network 2.2.2.9 0.0.0.0 network 10.1.1.0 0.0.0.255 network 20.1.1.0 0.0.0.255 # return
6-150
Issue 03 (2008-09-22)
6 PWE3 Configuration
Configuration file of P2
# sysname P2 # mpls lsr-id 4.4.4.9 mpls # mpls ldp # interface Pos1/0/0 link-protocol ppp undo shutdown ip address 30.1.1.2 255.255.255.0 mpls mpls ldp # interface Pos2/0/0 link-protocol ppp undo shutdown ip address 40.1.1.1 255.255.255.0 mpls mpls ldp # interface LoopBack0 ip address 4.4.4.9 255.255.255.255 # ospf 1 area 0.0.0.0 network 4.4.4.9 0.0.0.0 network 30.1.1.0 0.0.0.255 network 40.1.1.0 0.0.0.255 # return
Issue 03 (2008-09-22)
6-151
6 PWE3 Configuration
6.14.10 Example for Configuring PW FRR CEs Are Symmetrically Connected to PEs Through POS Links
Networking Requirements
As shown in Figure 6-25, CE1 and CE2 are dual-homed to PE2 and PE3 respectively. Specific requirements are as follows:
l l
CE1 and CE2 are connected to PEs by means of PPP. PWs are set up between PE1 and PE3, and between PE2 and PE4, and an MPLS LSP is used as the tunnel. When the path CE2PE3PPE1CE1 is faulty, the L2VPN traffic can be quickly switched to the backup path CE2PE4PE2CE1.
Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd. Issue 03 (2008-09-22)
6-152
6 PWE3 Configuration
When the path CE2PE3PPE1CE1 recovers, the L2VPN traffic can be switched back to the master path.
Figure 6-25 Networking diagram of PW FRR CEs are symmetrically connected to PEs through POS links
P
1 /0/ 30 / S2 PO .13.2 .1 0 10 1 /0/ 30 / S2 PO .13.1 0.1 0 1
Loopback1 1.1.1.1/32
Loopback1 5.5.5.5/32
PE1
POS1/0/0 10.1.1.2/30 Loopback1 2.2.2.2/32
LSP
PE3
POS1/0/0 10.1.1.1/30
PE2
POS1/0/0 10.1.2.2/30 POS1/0/0 10.1.1.1/30 POS1/0/1 10.1.2.1/30
POS2/0/0 100.1.24.1/30
PE4
LSP
CE1
POS1/0/2 10.1.3.1/24
CE2
Configuration Roadmap
The configuration roadmap is as follows: 1. 2. 3. 4. 5. 6. Configure OSPF for the backbone. Set up LSPs between PE1 and PE3, and PE2 and PE4. Set up MPLS LDP sessions between PE1 and PE3, and PE2 and PE4. Configure PWs on PEs by using the PW template. Set up BFD for PW sessions between PE1 and PE3, and PE2 and PE4. Configure the AC OAM detection and notify function on PEs, and enable the OAM Mapping function.
Data Preparation
To complete the configuration, you need the following data:
l l l l
The names of the remote MPLS LDP peers VC-IDs of the master PW and the backup PW PW template name The name of BFD for PW, the local discriminator, and the remote discriminator
Issue 03 (2008-09-22)
6-153
6 PWE3 Configuration
Configuration Procedure
1. Configure an IP address for the interface through which a CE is connected to a PE. # Configure CE1.
<Quidway> system-view [Quidway] sysname CE1 [CE1] interface pos 1/0/0 [CE1-Pos1/0/0] ip address 10.1.1.1 30 [CE1-Pos1/0/0] undo shutdown [CE1-Pos1/0/0] quit [CE1] interface pos 1/0/1 [CE1-Pos1/0/1] ip address 10.1.2.1 30 [CE1-Pos1/0/1] undo shutdown [CE1-Pos1/0/1] quit [CE1] interface pos 1/0/2 [CE1-Pos1/0/2] ip address 10.1.3.1 24 [CE1-Pos1/0/2] undo shutdown [CE1-Pos1/0/2] quit
# Configure CE2.
<Quidway> system-view [Quidway] sysname CE2 [CE2] interface pos 1/0/0 [CE2-Pos1/0/0] ip address 10.1.1.2 30 [CE2-Pos1/0/0] undo shutdown [CE2-Pos1/0/0] quit [CE2] interface pos 1/0/1 [CE2-Pos1/0/1] ip address 10.1.2.2 30 [CE2-Pos1/0/1] undo shutdown [CE2-Pos1/0/1] quit
2.
Configure IP addresses for the interfaces and the IGP protocol for the MPLS backbone so that PEs and P in the backbone can internetwork. # Configure PE1.
<Quidway> system-view [Quidway] sysname PE1 [PE1] interface loopback1 [PE1-LoopBack1] ip address 1.1.1.1 32 [PE1-LoopBack1] quit [PE1] interface pos 2/0/1 [PE1-Pos2/0/1] ip address 100.1.13.1 30 [PE1-Pos2/0/1] undo shutdown [PE1-Pos2/0/1] quit [PE1] ospf 1 [PE1-ospf-1] area 0 [PE1-ospf-1-area-0.0.0.0] network 1.1.1.1 0.0.0.0 [PE1-ospf-1-area-0.0.0.0] network 100.1.13.0 0.0.0.3
# Configure P.
[P] interface loopback1 [P-LoopBack1] ip address 5.5.5.5 32 [P-LoopBack1] quit [P] interface pos 2/0/1 [P-Pos2/0/1] ip address 100.1.13.2 30 [P-Pos2/0/1] undo shutdown [P-Pos2/0/1] quit [P] interface pos 2/0/2 [P-Pos2/0/2] ip address 100.1.31.1 30 [P-Pos2/0/2] undo shutdown [P-Pos2/0/2] quit [P] ospf 1 [P-ospf-1] area 0 [P-ospf-1-area-0.0.0.0] network 5.5.5.5 0.0.0.0 [P-ospf-1-area-0.0.0.0] network 100.1.13.0 0.0.0.3 [P-ospf-1-area-0.0.0.0] network 100.1.31.0 0.0.0.3
# Configure PE3.
6-154 Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd. Issue 03 (2008-09-22)
6 PWE3 Configuration
# Configure PE2.
[PE2] interface loopback1 [PE2-LoopBack1] ip address 2.2.2.2 32 [PE2-LoopBack1] quit [PE2] interface pos 2/0/0 [PE2-Pos2/0/0] ip address 100.1.24.1 30 [PE2-Pos2/0/0] undo shutdown [PE2-Pos2/0/0] quit [PE2] ospf 1 [PE2-ospf-1] area 0 [PE2-ospf-1-area-0.0.0.0] network 2.2.2.2 0.0.0.0 [PE2-ospf-1-area-0.0.0.0] network 100.1.24.0 0.0.0.3
# Configure PE4.
[PE4] interface loopback1 [PE4-LoopBack1] ip address 4.4.4.4 32 [PE4-LoopBack1] quit [PE4] interface pos 2/0/0 [PE4-Pos2/0/0] ip address 100.1.24.2 30 [PE4-Pos2/0/0] undo shutdown [PE4-Pos2/0/0] quit [PE4] ospf 1 [PE4-ospf-1] area 0 [PE4-ospf-1-area-0.0.0.0] network 4.4.4.4 0.0.0.0 [PE4-ospf-1-area-0.0.0.0] network 100.1.24.0 0.0.0.3
After the configuration, run the display ip routing-table command on PEs, and you can see that PE1 and PE2, and PE1 and PE3 have learnt the loopback 1 address of each other. Take the display of PE1 as an example:
<PE1> display ip routing-table Route Flags: R - relied, D - download to fib -----------------------------------------------------------------------------Routing Tables: Public Destinations : 9 Routes : 9 Destination/Mask Proto Pre Cost Flags NextHop Interface 1.1.1.1/32 Direct 0 0 D 127.0.0.1 InLoopBack0 3.3.3.3/32 OSPF 10 3 D 100.1.13.2 Pos2/0/1 5.5.5.5/32 OSPF 10 2 D 100.1.13.2 Pos2/0/1 100.1.13.0/30 Direct 0 0 D 100.1.13.1 Pos2/0/1 100.1.13.1/32 Direct 0 0 D 127.0.0.1 InLoopBack0 100.1.13.2/32 Direct 0 0 D 100.1.13.2 Pos2/0/1 100.1.31.0/30 OSPF 10 2 D 100.1.13.2 Pos2/0/1 127.0.0.0/8 Direct 0 0 D 127.0.0.1 InLoopBack0 127.0.0.1/32 Direct 0 0 D 127.0.0.1 InLoopBack0
3.
Configure basic MPLS functions for the MPLS backbone. # Enable MPLS, and specify LSR-ID as the IP address of loopback 1.Enable MPLS and MPLS LDP for the interfaces in the backbone. # Configure PE1.
[PE1] mpls lsr-id 1.1.1.1 [PE1] mpls [PE1-mpls] quit [PE1] mpls ldp [PE1-mpls-ldp] quit [PE1] interface pos2/0/1
Issue 03 (2008-09-22)
6-155
6 PWE3 Configuration
[PE1-Pos2/0/1] mpls [PE1-Pos2/0/1] mpls ldp [PE1-Pos2/0/1] quit
# Configure P.
[P] mpls lsr-id 5.5.5.5 [P] mpls [P-mpls] quit [P] mpls ldp [P-mpls-ldp] quit [P] interface pos2/0/1 [P-Pos2/0/1] mpls [P-Pos2/0/1] mpls ldp [P-Pos2/0/1] quit [P] interface pos 2/0/2 [P-Pos2/0/2] mpls [P-Pos2/0/2] mpls ldp [P-Pos2/0/2] quit
# Configure PE3.
[PE3] mpls lsr-id 3.3.3.3 [PE3] mpls [PE3-mpls] quit [PE3] mpls ldp [PE3-mpls-ldp] quit [PE3] interface pos 2/0/1 [PE3-Pos2/0/1] mpls [PE3-Pos2/0/1] mpls ldp [PE3-Pos2/0/1] quit
# Configure PE2.
[PE2] mpls lsr-id 2.2.2.2 [PE2] mpls [PE2-mpls] quit [PE2] mpls ldp [PE2-mpls-ldp] quit [PE2] interface pos 2/0/0 [PE2-Pos2/0/0] mpls [PE2-Pos2/0/0] mpls ldp [PE2-Pos2/0/0] quit
# Configure PE4.
[PE4] mpls lsr-id 4.4.4.4 [PE4] mpls [PE4-mpls] quit [PE4] mpls ldp [PE4-mpls-ldp] quit [PE4] interface pos 2/0/0 [PE4-Pos2/0/0] mpls [PE4-Pos2/0/0] mpls ldp [PE4-Pos2/0/0] quit
After the configuration, run the display tunnel-info all command on PEs, and you can see that there are MPLS LSP tunnels between PE1 and PE3, and PE2 and PE4. Take the display of PE1 and PE2 as an example. Take the display of PE1 and PE2 as an example.
<PE1> display tunnel-info all * -> Allocated VC Token Tunnel ID Type Destination Token ---------------------------------------------------------------------0x2002000 lsp 5.5.5.5 0 0x2002001 lsp 3.3.3.3 1 <PE2> display tunnel-info all * -> Allocated VC Token Tunnel ID Type Destination Token ---------------------------------------------------------------------0x2002000 lsp 4.4.4.4 0
6-156
Issue 03 (2008-09-22)
6 PWE3 Configuration
Run the display mpls ldp session command on PEs, and you can see that the status of the peer relationship between PE1 and P, P and PE3, and PE2 and PE4 is Operational. In other words, LDP sessions are set up. Take the display of PE1 as an example:
<PE1> display mpls ldp session LDP Session(s) in Public Network -----------------------------------------------------------------------------Peer-ID Status LAM SsnRole SsnAge KA-Sent/Rcv -----------------------------------------------------------------------------5.5.5.5:0 Operational DU Passive 000:00:04 20/20 -----------------------------------------------------------------------------TOTAL: 1 session(s) Found. LAM : Label Advertisement Mode SsnAge Unit : DDD:HH:MM
4.
Set up remote LDP sessions between PEs. # For a remote LDP session, the specified IP address is usually the IP address of the loopback interface of the remote LDP peer.
NOTE
In this example, PE2 and PE4 are directly connected to each other, and you do not have to manually configure remote LDP sessions for them.
# Configure PE1.
[PE1] mpls ldp remote-peer 3.3.3.3 [PE1-mpls-ldp-remote-3.3.3.3] remote-ip 3.3.3.3 [PE1-mpls-ldp-remote-3.3.3.3] quit
# Configure PE3.
[PE3] mpls ldp remote-peer 1.1.1.1 [PE3-mpls-ldp-remote-1.1.1.1] remote-ip 1.1.1.1 [PE3-mpls-ldp-remote-1.1.1.1] quit
After the configuration, run the display mpls ldp session command on PEs, and you can see that the status of the remote LDP peer relationship is Operational. That is, the remote peer relationship has been set up. Take the display of PE1 as an example:
<PE1> display mpls ldp session LDP Session(s) in Public Network -----------------------------------------------------------------------------Peer-ID Status LAM SsnRole SsnAge KA-Sent/Rcv -----------------------------------------------------------------------------3.3.3.3:0 Operational DU Passive 000:00:56 225/227 5.5.5.5:0 Operational DU Passive 000:00:13 56/56 -----------------------------------------------------------------------------TOTAL: 2 session(s) Found. LAM : Label Advertisement Mode SsnAge Unit : DDD:HH:MM
5.
Issue 03 (2008-09-22)
6-157
6 PWE3 Configuration
[PE1-Pos1/0/0] ip address 10.1.1.2 30 [PE1-Pos1/0/0] undo shutdown [PE1-Pos1/0/0] quit
# Configure PE3.
[PE3] mpls l2vpn [PE3-l2vpn] quit [PE3] pw-template 3to1 [PE3-pw-template-3to1] peer 1.1.1.1 [PE3-pw-template-3to1] control-word [PE3-pw-template-3to1] vccv cc cw cv bfd [PE3-pw-template-3to1] quit [PE3] interface pos 1/0/0 [PE3-Pos1/0/0] mpls l2vc pw-template 3to1 100 ip-interworking [PE3-Pos1/0/0] ip address 10.1.1.1 30 [PE3-Pos1/0/0] undo shutdown [PE3-Pos1/0/0] quit
# Configure PE2.
[PE2] mpls l2vpn [PE2-l2vpn] quit [PE2] pw-template 2to4 [PE2-pw-template-2to4] peer 4.4.4.4 [PE2-pw-template-2to4] control-word [PE2-pw-template-2to4] vccv cc cw cv bfd [PE2-pw-template-2to4] quit [PE2] interface pos 1/0/0 [PE2-Pos1/0/0] mpls l2vc pw-template 2to4 200 ip-interworking [PE2-Pos1/0/0] ip address 10.1.2.2 30 [PE2-Pos1/0/0] undo shutdown [PE2-Pos1/0/0] quit
# Configure PE4.
[PE4] mpls l2vpn [PE4-l2vpn] quit [PE4] pw-template 4to2 [PE4-pw-template-4to2] peer 2.2.2.2 [PE4-pw-template-4to2] control-word [PE4-pw-template-4to2] vccv cc cw cv bfd [PE4-pw-template-4to2] quit [PE4] interface pos 1/0/0 [PE4-Pos1/0/0] mpls l2vc pw-template 4to2 200 ip-interworking [PE4-Pos1/0/0] ip address 10.1.2.1 30 [PE4-Pos1/0/0] undo shutdown [PE4-Pos1/0/0] quit
After the configuration, run the display pw-template command on PEs, and you can view the configuration information about the PW template, with VCCV capacity being enabled on it. Take the display of PE1 as an example.
<PE1> display pw-template Total PW template number : 1 PW Template Name : 1to3 PeerIP : 3.3.3.3 Tnl Policy Name : -CtrlWord : Enable VCCV Capability : cw bfd Behavior Name : -Total PW : 1, Static PW : 0, LDP PW : 1, Rsvp PW : 0
Check the L2VPN connection information on PEs by running the display mpls l2vc interface command, and you can see that PWs have been successfully set up, and are in the Active state. Take the display of PE1 as an example.
<PE1> display mpls l2vc total LDP VC : 1 1 up 0 down *client interface : Pos1/0/0
6-158
Issue 03 (2008-09-22)
6 PWE3 Configuration
VC label
: 21504
VC MTU
: 1500
Run OSPF on CE1 and CE2, and CE1 advertises to CE2 the path to 10.1.3.0/24.To ensure that traffic goes through CE2PE3PPE1CE1, raise the OSPF cost of POS1/0/1 of CE1 and CE2 to a higher value. (For example, 10) # Configure CE1.
[CE1] ospf 1 [CE1-ospf-1] area 0.0.0.0 [CE1-ospf-1-area-0.0.0.0] network 10.1.1.0 0.0.0.3 [CE1-ospf-1-area-0.0.0.0] network 10.1.3.0 0.0.0.255 [CE1-ospf-1-area-0.0.0.0] quit [CE1-ospf-1] quit [CE1] interface pos1/0/1 [CE1-Pos1/0/1] ospf cost 10
# Configure CE2.
[CE2] ospf 1 [CE2-ospf-1] area 0.0.0.0 [CE2-ospf-1-area-0.0.0.0] network 10.1.1.0 0.0.0.3 [CE2-ospf-1-area-0.0.0.0] network 10.1.2.0 0.0.0.3 [CE2-ospf-1-area-0.0.0.0] quit [CE2-ospf-1] quit [CE2] interface pos1/0/1 [CE2-Pos1/0/1] ospf cost 10
Run the display ip routing-table command on CE2, and you can see that the outbound interface for the path from CE2 to 10.1.3.0/24 is POS 1/0/0.In other words, traffic goes through the master path.
<CE2> display ip routing-table Route Flags: R - relied, D - download to fib -----------------------------------------------------------------------------Routing Tables: Public Destinations : 8 Routes : 8 Destination/Mask Proto Pre Cost Flags NextHop Interface 10.1.1.0/30 Direct 0 0 D 10.1.1.2 Pos1/0/0 10.1.1.1/32 Direct 0 0 D 10.1.1.1 Pos1/0/0 10.1.1.2/32 Direct 0 0 D 127.0.0.1 InLoopBack0 10.1.2.0/30 Direct 0 0 D 10.1.2.2 Pos1/0/1 10.1.2.1/32 Direct 0 0 D 10.1.2.1 Pos1/0/1 10.1.2.2/32 Direct 0 0 D 127.0.0.1 InLoopBack0 10.1.3.1/32 OSPF 10 2 D 10.1.1.1 Pos1/0/0 127.0.0.0/8 Direct 0 0 D 127.0.0.1 InLoopBack0 127.0.0.1/32 Direct 0 0 D 127.0.0.1 InLoopBack0
Issue 03 (2008-09-22)
6-159
6 PWE3 Configuration
6.
l l
The local discriminator and remote discriminator of a BFD session should correspond to each other, and cannot be modified after being configured. This example uses static BFDs to check the PW.
# Configure PE1.
[PE1] bfd [PE1-bfd] quit [PE1] bfd 1to3 bind pw interface pos 1/0/0 [PE1-bfd-lsp-session-1to3] discriminator local 13 [PE1-bfd-lsp-session-1to3] discriminator remote 31 [PE1-bfd-lsp-session-1to3] commit [PE1-bfd-lsp-session-1to3] quit
# Configure PE3.
[PE3] bfd [PE3-bfd] quit [PE3] bfd 3to1 bind pw interface pos 1/0/0 [PE3-bfd-lsp-session-3to1] discriminator local 31 [PE3-bfd-lsp-session-3to1] discriminator remote 13 [PE3-bfd-lsp-session-3to1] commit [PE3-bfd-lsp-session-3to1] quit
# Configure PE2.
[PE2] bfd [PE2-bfd] quit [PE2] bfd 2to4 bind pw interface pos 1/0/0 [PE2-bfd-lsp-session-2to4] discriminator local 24 [PE2-bfd-lsp-session-2to4] discriminator remote 42 [PE2-bfd-lsp-session-2to4] commit [PE2-bfd-lsp-session-2to4] quit
# Configure PE4.
[PE4] bfd [PE4-bfd] quit [PE4] bfd 4to2 bind pw interface pos 1/0/0 [PE4-bfd-lsp-session-4to2] discriminator local 42 [PE4-bfd-lsp-session-4to2] discriminator remote 24 [PE4-bfd-lsp-session-4to2] commit [PE4-bfd-lsp-session-4to2] quitt
After the configuration, BFD sessions are set up between PE1 and PE2, and PE1 and PE3.Run the display bfd session all command, and you can see the State is Up. Take the display of PE1 as an example.
<PE1> display bfd session all ------------------------------------------------------------------------------Local Remote PeerIpAddr InterfaceName State Type ------------------------------------------------------------------------------13 31 --.--.--.-Pos1/0/0 Up S_PW (M) -------------------------------------------------------------------------------
6-160
Issue 03 (2008-09-22)
6 PWE3 Configuration
Run the display bfd configuration all command, and you can view the configuration information about BFD, and the status of Commit is True.
<PE1> display bfd configuration all ------------------------------------------------------------------------------CFG Name CFG Type LocalDiscr MIndex SessNum Commit AdminDown ------------------------------------------------------------------------------1to3 Static_PW(M) 13 256 1 True False ------------------------------------------------------------------------------Total Commit/Uncommit CFG Number : 1/0
7.
Enable the OAM Mapping function on PEs, which automatically enables AC OAM detection and notification. Take the configuration of PE1 as an example. Configurations of PE2, PE3, and PE4 are the same as that of PE1, and are not described here.
[PE1] interface pos 1/0/0 [PE1-Pos1/0/0] mpls l2vpn oam-mapping auto
Run the display mpls l2vc oam-mapping interface on PEs, and you can view information about OAM Mapping. The status of AC OAM is up, the status of BFD for PW is Enable, and the status of BFD is up. Take the display of PE1 as an example:
<PE1> display mpls l2vc oam-mapping interface pos1/0/0 AC OAM Info: ACFD Index : 0x800 Notify : Enable Detect : Enable AC OAM State : Up OAM-mapping : Enable PSN info: VC-ID : 100 VC status : Primary Active State : Active Link State : Up BFD for PW : Enable BFDSessionIndex:256 ,BFD State : up BFD for LSP : 0 TunnelNum: 1 PSN State : up
8.
Verify the configuration. If the configuration succeeds, run the display mpls l2vc interface command on PE1 or PE3, and you can see that the status of PW1 is up. Take the display of PE1 as an example:
<PE1> display mpls l2vc interface pos 1/0/0 *client interface : Pos1/0/0 is up session state : up AC state : up VC state : up VC ID : 100 VC type : IP-interworking destination : 3.3.3.3 local group ID : 0 remote group ID local VC label : 21504 remote VC label local AC OAM State : up local PSN State : up local forwarding state : forwarding remote AC OAM state : up remote PSN state : up remote forwarding state: forwarding BFD for PW : available BFD sessionIndex : 256 BFD state : up manual fault : not set active state : active
: 0 : 21504
Issue 03 (2008-09-22)
6-161
6 PWE3 Configuration
forwarding entry link state local VC MTU local VCCV remote VCCV local fragmentantion local control word tunnel policy traffic behavior PW template name primary or secondary VC tunnel/token info NO.0 TNL type : lsp create time up time last change time : : : : : : : : : : : :
Run the shutdown command on the POS 2/0/1 of PE3. Run the display bfd session all command on PE1 or PE3, and you can see that the BFD session for PW1 is Down. Take the display of PE1 as an example:
<PE1> display bfd session all ------------------------------------------------------------------------------Local Remote PeerIpAddr InterfaceName State Type ------------------------------------------------------------------------------13 31 --.--.--.-Pos1/0/0 Down S_PW (M) ------------------------------------------------------------------------------Total UP/DOWN Session Number : 0/1
Run the display mpls l2vc interface command on PE1 or PE3, and you can see that the status of PW1 is changed to Down. Take the display of PE1 as an example:
<PE1> display mpls l2vc interface pos 1/0/0 *client interface : Pos1/0/0 is up session state : down AC state : up VC state : down VC ID : 100 VC type : IP-interworking destination : 3.3.3.3 local group ID : 0 remote group ID : 0 local VC label : 21504 remote VC label : 0 local AC OAM State : up local PSN State : up local forwarding state : not forwarding BFD for PW : available BFD sessionIndex : 256 BFD state : down manual fault : not set active state : active forwarding entry : not exist link state : down local VC MTU : 1500 remote VC MTU : 0 local VCCV : cw bfd remote VCCV : none local fragmentantion : disable remote fragmentantion: none local control word : enable remote control word : none tunnel policy : -traffic behavior : -PW template name : 1to3 primary or secondary : primary VC tunnel/token info : 0 tunnels/tokens create time : 0 days, 1 hours, 33 minutes, 18 seconds up time : 0 days, 0 hours, 0 minutes, 0 seconds last change time : 0 days, 0 hours, 1 minutes, 11 seconds
6-162
Issue 03 (2008-09-22)
6 PWE3 Configuration
Check the routing table on CE2, and you can see that the outbound interface of 10.1.3.0 is changed to POS1/0/1.That is, the L2VPN traffic is switched to the backup path.
<CE2> display ip routing-table Route Flags: R - relied, D - download to fib -----------------------------------------------------------------------------Routing Tables: Public Destinations : 6 Routes : 6 Destination/Mask Proto Pre Cost Flags NextHop Interface 10.1.2.0/30 Direct 0 0 D 10.1.2.2 Pos1/0/1 10.1.2.1/32 Direct 0 0 D 10.1.2.1 Pos1/0/1 10.1.2.2/32 Direct 0 0 D 127.0.0.1 InLoopBack0 10.1.3.1/32 OSPF 10 11 D 10.1.2.1 Pos1/0/1 127.0.0.0/8 Direct 0 0 D 127.0.0.1 InLoopBack0 127.0.0.1/32 Direct 0 0 D 127.0.0.1 InLoopBack0
Run the undo shutdown command on the POS 2/0/1 on PE3. Check the routing table on CE2, and you can see that the outbound interface of 10.1.3.0 is changed to POS 1/0/0.That is, the L2VPN traffic is switched to the master path.
<CE2> display ip routing-table Route Flags: R - relied, D - download to fib -----------------------------------------------------------------------------Routing Tables: Public Destinations : 9 Routes : 9 Destination/Mask Proto Pre Cost Flags NextHop Interface 10.1.1.0/30 Direct 0 0 D 10.1.1.2 Pos1/0/0 10.1.1.1/32 Direct 0 0 D 10.1.1.1 Pos1/0/0 10.1.1.2/32 Direct 0 0 D 127.0.0.1 InLoopBack0 10.1.2.0/30 Direct 0 0 D 10.1.2.2 Pos1/0/1 10.1.2.1/32 Direct 0 0 D 10.1.2.1 Pos1/0/1 10.1.2.2/32 Direct 0 0 D 127.0.0.1 InLoopBack0 10.1.3.1/32 OSPF 10 2 D 10.1.1.1 Pos1/0/0 127.0.0.0/8 Direct 0 0 D 127.0.0.1 InLoopBack0 127.0.0.1/32 Direct 0 0 D 127.0.0.1 InLoopBack0
Configuration File
l
Issue 03 (2008-09-22)
6-163
6 PWE3 Configuration
# interface Pos1/0/0 link-protocol ppp undo shutdown ip address 10.1.1.2 255.255.255.252 # interface Pos1/0/1 link-protocol ppp undo shutdown ip address 10.1.2.2 255.255.255.252 ospf cost 10 # ospf 1 area 0.0.0.0 network 10.1.1.0 0.0.0.3 network 10.1.2.0 0.0.0.3 # return l
6-164
Issue 03 (2008-09-22)
6 PWE3 Configuration
Configuration file of P
# sysname P # mpls lsr-id 5.5.5.5 mpls # mpls ldp # interface Pos2/0/1 link-protocol ppp undo shutdown ip address 100.1.13.2 255.255.255.252 mpls mpls ldp # interface Pos2/0/2 link-protocol ppp undo shutdown ip address 100.1.31.1 255.255.255.252 mpls mpls ldp # interface LoopBack1 ip address 5.5.5.5 255.255.255.255 # ospf 1 area 0.0.0.0 network 5.5.5.5 0.0.0.0 network 100.1.13.0 0.0.0.3 network 100.1.31.0 0.0.0.3 # return
Issue 03 (2008-09-22)
6-165
6 PWE3 Configuration
# interface LoopBack1 ip address 3.3.3.3 255.255.255.255 # ospf 1 area 0.0.0.0 network 3.3.3.3 0.0.0.0 network 100.1.31.0 0.0.0.3 # # bfd 3to1 bind pw interface Pos1/0/0 discriminator local 31 discriminator remote 13 commit # return l
6-166
Issue 03 (2008-09-22)
6 PWE3 Configuration
6.14.11 Example for Configuring PW FRR CEs Are Asymmetrically Connected to PEs Through POS Links
Networking Requirements
As shown in Figure 6-26, CE1 is connected to PE1 through a single link. CE2 is dual-homed to PE2 and PE3 respectively. Specific requirements are as follows:
l l l l
Connect CE1 to PE1 through HDLC; connect CE2 to PE2 and PE3 through PPP. Set up a PW between PE1 and PE3. The PW is the master, using MPLS TE as tunnel. Set up a PW between PE1 and PE2. The PW is the backup, using MPLS LSP as tunnel. When the path CE2-PE3-P-PE1 is faulty, the L2VPN traffic can be quickly switched to the backup up path CE2-PE2-PE1. When the path CE2-PE3-P-PE1 recovers, the L2VPN traffic can be switched back to the original path.
Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd. 6-167
Issue 03 (2008-09-22)
6 PWE3 Configuration
Figure 6-26 Networking diagram of PW FRR CEs are asymmetrically connected to PEs through POS links
1 /0 / 0 S2 1.2/3 O . P 13 0. 10 1 /0 / /30 S2 PO 3.1.1 0.1 10
Loopback1 1.1.1.1/32
PE1
POS1/0/0 10.1.1.2/30
MPLS TE
PE3
PO 100 S2/0 /2 .1 2. 1.1/ 30
MPL
SL SP
PO 100 S2/0 /1 .1 2. 1.2/ 30
Loopback1 2.2.2.2/32
HDLC
POS1/0/0 10.1.1.1/30 10.1.2.1/30 sub
PPP
PE2 PPP
POS1/0/1 10.1.2.2/30 POS1/0/0 10.1.1.2/30
CE1
POS1/0/1 10.1.3.1/24
CE2
Configuration Roadmap
The configuration roadmap is as follows: 1. 2. 3. 4. 5. 6. Configure OSPF for the backbone. Set up an MPLS TE tunnel between PE1 and PE3; set up an LSP between PE1 and PE2. Set up MPLS LDP sessions between PE1 and PE2, and PE1 and PE3. Configure PWs on PEs by usingthe PW template. Because the master PW uses the MPLS TE tunnel, you need to use the tunnel policy when configuring the master PW. Set up BFD for PW sessions between PE1 and PE2, and PE1 and PE3. Enable the OAM Mapping function on PEs, which automatically enables AC OAM detection and notification.
Data Preparation
To complete the configuration, you need the following data:
l l l l l l
Tunnel policies Bandwidth of the MPLS TE tunnel Names of the remote MPLS LDP peers VC-IDs of the master PW and the backup PW PW template name Name of BFD for PW, the local discriminator, and the remote discriminator
6-168
Issue 03 (2008-09-22)
6 PWE3 Configuration
Configuration Procedure
1. Configure an IP address for the interface through which a CE is connected to a PE. # Configure CE1.
<Quidway> system-view [Quidway] sysname CE1 [CE1] interface pos 1/0/0 [CE1-Pos1/0/0] link-protocol hdlc [CE1-Pos1/0/0] ip address 10.1.1.1 30 [CE1-Pos1/0/0] ip address 10.1.2.1 30 sub [CE1-Pos1/0/0] undo shutdown [CE1-Pos1/0/0] quit [CE1] interface pos 1/0/1 [CE1-Pos1/0/1] link-protocol hdlc [CE1-Pos1/0/1] ip address 10.1.3.1 24 [CE1-Pos1/0/1] undo shutdown [CE1-Pos1/0/1] quit
# Configure CE2.
<Quidway> system-view [Quidway] sysname CE2 [CE2] interface pos 1/0/0 [CE2-Pos1/0/0] ip address 10.1.1.2 30 [CE2-Pos1/0/0] undo shutdown [CE2-Pos1/0/0] quit [CE2] interface pos 1/0/1 [CE2-Pos1/0/1] ip address 10.1.2.2 30 [CE2-Pos1/0/1] undo shutdown [CE2-Pos1/0/1] quit
2.
Configure the IGP protocol for the MPLS backbone so that PEs and Ps in the backbone can internetwork. # Configure PE1.
[PE1] interface loopback 1 [PE1-LoopBack1] ip address 1.1.1.1 32 [PE1-LoopBack1] quit [PE1] interface pos 2/0/1 [PE1-Pos2/0/1] ip address 100.13.1.1 30 [PE1-Pos2/0/1] undo shutdown [PE1-Pos2/0/1] quit [PE1] interface pos 2/0/2 [PE1-Pos2/0/2] ip address 100.12.1.1 30 [PE1-Pos2/0/2] undo shutdown [PE1-Pos2/0/2] quit [PE1] ospf 1 [PE1-ospf-1] area 0 [PE1-ospf-1-area-0.0.0.0] network 1.1.1.1 0.0.0.0 [PE1-ospf-1-area-0.0.0.0] network 100.13.1.0 0.0.0.3 [PE1-ospf-1-area-0.0.0.0] network 100.12.1.0 0.0.0.3
# Configure P.
[P] interface loopback 1 [P-LoopBack1] ip address 4.4.4.4 32 [P-LoopBack1] quit [P] interface pos 2/0/1 [P-Pos2/0/1] ip address 100.13.1.2 30 [P-Pos2/0/1] undo shutdown [P-Pos2/0/1] quit [P] interface pos 2/0/2 [P-Pos2/0/2] ip address 100.34.1.1 30 [P-Pos2/0/2] undo shutdown [P-Pos2/0/2] quit [P] ospf 1 [P-ospf-1] area 0 [P-ospf-1-area-0.0.0.0] network 4.4.4.4 0.0.0.0 [P-ospf-1-area-0.0.0.0] network 100.13.1.0 0.0.0.3 [P-ospf-1-area-0.0.0.0] network 100.34.1.0 0.0.0.3
Issue 03 (2008-09-22)
6-169
6 PWE3 Configuration
# Configure PE3.
[PE3] interface loopback 1 [PE3-LoopBack1] ip address 3.3.3.3 32 [PE3-LoopBack1] quit [PE3] interface pos2/0/1 [PE3-Pos2/0/1] ip address 100.34.1.2 30 [PE3-Pos2/0/1] undo shutdown [PE3-Pos2/0/1] quit [PE3] ospf 1 [PE3-ospf-1] area 0 [PE3-ospf-1-area-0.0.0.0] network 3.3.3.3 0.0.0.0 [PE3-ospf-1-area-0.0.0.0] network 100.34.1.0 0.0.0.3
# Configure PE2.
[PE2] interface loopback 1 [PE2-LoopBack1] ip address 2.2.2.2 32 [PE2-LoopBack1] quit [PE2] interface pos 2/0/1 [PE2-Pos2/0/1] ip address 100.12.1.2 30 [PE2-Pos2/0/1] undo shutdown [PE2-Pos2/0/1] quit [PE2] ospf 1 [PE2-ospf-1] area 0 [PE2-ospf-1-area-0.0.0.0] network 2.2.2.2 0.0.0.0 [PE2-ospf-1-area-0.0.0.0] network 100.12.1.0 0.0.0.3
After the configuration, run the display ip routing-table command on PEs, and you can see that PE1 and PE2, and PE1 and PE3 have learnt the loopback 1 address of each other. Take the display of PE1 as an example:
<PE1> display ip routing-table Route Flags: R - relied, D - download to fib -----------------------------------------------------------------------------Routing Tables: Public Destinations : 13 Routes : 13 Destination/Mask Proto Pre Cost Flags NextHop Interface 1.1.1.1/32 Direct 0 0 D 127.0.0.1 InLoopBack0 2.2.2.2/32 OSPF 10 2 D 100.12.1.2 Pos2/0/2 3.3.3.3/32 OSPF 10 3 D 100.13.1.2 Pos2/0/1 4.4.4.4/32 OSPF 10 2 D 100.13.1.2 Pos2/0/1 100.12.1.0/30 Direct 0 0 D 100.12.1.1 Pos2/0/2 100.12.1.1/32 Direct 0 0 D 127.0.0.1 InLoopBack0 100.12.1.2/32 Direct 0 0 D 100.12.1.2 Pos2/0/2 100.13.1.0/30 Direct 0 0 D 100.13.1.1 Pos2/0/1 100.13.1.1/32 Direct 0 0 D 127.0.0.1 InLoopBack0 100.13.1.2/32 Direct 0 0 D 100.13.1.2 Pos2/0/1 100.34.1.0/30 OSPF 10 2 D 100.13.1.2 Pos2/0/1 127.0.0.0/8 Direct 0 0 D 127.0.0.1 InLoopBack0 127.0.0.1/32 Direct 0 0 D 127.0.0.1 InLoopBack0Route Flags: R - relied, D - download to fib -----------------------------------------------------------------------------Routing Tables: Public Destinations : 13 Routes : 13 Destination/Mask Proto Pre Cost Flags NextHop Interface 1.1.1.1/32 Direct 0 0 D 127.0.0.1 InLoopBack0 2.2.2.2/32 OSPF 10 2 D 100.12.1.2 Pos2/0/2 3.3.3.3/32 OSPF 10 3 D 100.13.1.2 Pos2/0/1 4.4.4.4/32 OSPF 10 2 D 100.13.1.2 Pos2/0/1 100.12.1.0/30 Direct 0 0 D 100.12.1.1 Pos2/0/2 100.12.1.1/32 Direct 0 0 D 127.0.0.1 InLoopBack0 100.12.1.2/32 Direct 0 0 D 100.12.1.2 Pos2/0/2 100.13.1.0/30 Direct 0 0 D 100.13.1.1 Pos2/0/1 100.13.1.1/32 Direct 0 0 D 127.0.0.1 InLoopBack0 100.13.1.2/32 Direct 0 0 D 100.13.1.2 Pos2/0/1 100.34.1.0/30 OSPF 10 2 D 100.13.1.2 Pos2/0/1 127.0.0.0/8 Direct 0 0 D 127.0.0.1 InLoopBack0 127.0.0.1/32 Direct 0 0 D 127.0.0.1 InLoopBack0
3.
6-170
6 PWE3 Configuration
# Enable MPLS, and specify LSR-ID as the IP address of loopback 1. Enable MPLS for the interfaces in the backbone. # Configure PE1.
[PE1] mpls lsr-id 1.1.1.1 [PE1] mpls [PE1-mpls] quit [PE1] interface pos2/0/1 [PE1-Pos2/0/1] mpls [PE1-Pos2/0/1] quit [PE1] interface pos2/0/2 [PE1-Pos2/0/2] mpls [PE1-Pos2/0/2] quit
# Configure P.
[P] mpls lsr-id 4.4.4.4 [P] mpls [P-mpls] quit [P] interface pos2/0/1 [P-Pos2/0/1] mpls [P-Pos2/0/1] quit [P] interface pos 2/0/2 [P-Pos2/0/2] mpls [P-Pos2/0/2] quit
# Configure PE2.
[PE2] mpls lsr-id 2.2.2.2 [PE2] mpls [PE2-mpls] quit [PE2] interface pos 2/0/1 [PE2-Pos2/0/1] mpls [PE2-Pos2/0/1] quit
# Configure PE3.
[PE3] mpls lsr-id 3.3.3.3 [PE3] mpls [PE3-mpls] quit [PE3] interface pos 2/0/1 [PE3-Pos2/0/1] mpls [PE3-Pos2/0/1] quit
4.
Set up an MPLS TE tunnel between PE1 and PE3; set up an LSP between PE1 and PE2. # Configure PE1.
[PE1] mpls [PE1-mpls] mpls te [PE1-mpls] mpls rsvp-te [PE1-mpls] mpls te cspf [PE1-mpls] quit [PE1] interface pos2/0/1 [PE1-Pos2/0/1] mpls te [PE1-Pos2/0/1] mpls rsvp-te [PE1-Pos2/0/1] mpls te max-link-bandwidth 50 [PE1-Pos2/0/1] mpls te max-reservable-bandwidth 30 [PE1-Pos2/0/1] quit [PE1] interface tunnel2/0/0 [PE1-Tunnel2/0/0] ip address unnumbered interface loopback1 [PE1-Tunnel2/0/0] tunnel-protocol mpls te [PE1-Tunnel2/0/0] destination 3.3.3.3 [PE1-Tunnel2/0/0] mpls te tunnel-id 13 [PE1-Tunnel2/0/0] mpls te bandwidth bc0 20 [PE1-Tunnel2/0/0] mpls te commit [PE1-Tunnel2/0/0] quit [PE1] ospf 1 [PE1-ospf-1] opaque-capability enable [PE1-ospf-1] area 0 [PE1-ospf-1-area-0.0.0.0] mpls-te enable
# Configure P.
Issue 03 (2008-09-22) Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd. 6-171
6 PWE3 Configuration
# Configure PE3.
[PE3] mpls [PE3-mpls] mpls te [PE3-mpls] mpls rsvp-te [PE3-mpls] mpls te cspf [PE3-mpls] quit [PE3] interface pos2/0/1 [PE3-Pos2/0/1] mpls te [PE3-Pos2/0/1] mpls rsvp-te [PE3-Pos2/0/1] mpls te max-link-bandwidth 50 [PE3-Pos2/0/1] mpls te max-reservable-bandwidth 30 [PE3-Pos2/0/1] quit [PE3] interface tunnel2/0/0 [PE3-Tunnel2/0/0] ip address unnumbered interface LoopBack1 [PE3-Tunnel2/0/0] tunnel-protocol mpls te [PE3-Tunnel2/0/0] destination 1.1.1.1 [PE3-Tunnel2/0/0] mpls te tunnel-id 31 [PE3-Tunnel2/0/0] mpls te bandwidth bc0 20 [PE3-Tunnel2/0/0] mpls te commit [PE3-Tunnel2/0/0] quit [PE3] ospf 1 [PE3-ospf-1] opaque-capability enable [PE3-ospf-1] area0 [PE3-ospf-1-area-0.0.0.0] mpls-te enable
# Configure PE1.
[PE1] mpls ldp [PE1-mpls-ldp] quit [PE1] interface pos2/0/2 [PE1-Pos2/0/2] mpls ldp [PE1-Pos2/0/2] quit
# Configure PE2.
[PE2] mpls ldp [PE2-mpls-ldp] quit [PE2] interface pos2/0/12 [PE2-Pos2/0/12] mpls ldp [PE2-Pos2/0/12] quit
After the configuration, run the display tunnel-info all command on PEs, and you can see that an MPLS TE tunnel connects PE1 with PE3, and an MPLS LSP tunnel connects PE1 with PE2. Take the display of PE1 as an example.
<PE1> display tunnel-info all * -> Allocated VC Token Tunnel ID Type Destination Token ----------------------------------------------------------------------
6-172
Issue 03 (2008-09-22)
6 PWE3 Configuration
0x42002000 cr lsp 3.3.3.3 0 0x2002001 lsp 2.2.2.2 1* -> Allocated VC Token Tunnel ID Type Destination Token ---------------------------------------------------------------------0x51002000 local ifnet -0 0x51002001 local ifnet -1 0x42002002 cr lsp 3.3.3.3 2 0x2002003 lsp -3 0x2002004 lsp 2.2.2.2 4 0x2002005 lsp -5
5.
Set up LDP sessions between PEs. # For a remote LDP session, the specified IP address is usually the IP address of the loopback interface of the remote LDP peer.
NOTE
In this example, PE1 and PE2 are directly connected to each other, and you do not have to manually configure remote LDP sessions for them.
# Configure PE1.
[PE1] mpls ldp remote-peer 3.3.3.3pe3 [PE1-mpls-ldp-remote-3.3.3.3pe3] remote-ip 3.3.3.3
# Configure PE3.
[PE3] mpls ldp [PE3-mpls-ldp] quit [PE3] mpls ldp remote-peer 1.1.1.1pe1 [PE3-mpls-ldp-remote-1.1.1.1pe1] remote-ip 1.1.1.1
After the configuration, run the display mpls ldp session command on PEs, and you can see that the status of the remote LDP peer relationship is Operational. That is, the remote peer relationship has been set up. Take the display of PE1 as an example:
<PE1> display mpls ldp session LDP Session(s) in Public Network -----------------------------------------------------------------------------Peer-ID Status LAM SsnRole SsnAge KA-Sent/Rcv -----------------------------------------------------------------------------2.2.2.2:0 Operational DU Passive 000:00:03 16/16 3.3.3.3:0 Operational DU Passive 000:00:00 1/1 -----------------------------------------------------------------------------TOTAL: 2 session(s) Found. LAM : Label Advertisement Mode SsnAge Unit : DDD:HH:MM LDP Session(s) in Public Network -----------------------------------------------------------------------------Peer-ID Status LAM SsnRole SsnAge KA-Sent/Rcv -----------------------------------------------------------------------------2.2.2.2:0 Operational DU Passive 000:00:16 65/65 3.3.3.3:0 Operational DU Passive 000:00:20 81/81 -----------------------------------------------------------------------------TOTAL: 2 session(s) Found. LAM : Label Advertisement Mode SsnAge Unit : DDD:HH:MM
6.
# Configure PE3.
Issue 03 (2008-09-22) Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd. 6-173
6 PWE3 Configuration
[PE3] tunnel-policy p1 [PE3-tunnel-policy-p1] tunnel select-seq [PE3-tunnel-policy-p1] quit
cr-lsp load-balance-number 1
7.
Configure PWs on PEs through the PW template. # Configure a master PW and a backup PW on PE1.Set up a PW on PE2 and PE3 respectively. (It is the only PW on either PE2 or PE3, and does distinguish between the master and the backup.) # Configure PE1.
[PE1] mpls l2vpn [PE1-l2vpn] quit [PE1] pw-template 1to2 [PE1-pw-template-1to2] peer-address 2.2.2.2 [PE1-pw-template-1to2] control-word [PE1-pw-template-1to2] vccv cc cw cv lsp-ping [PE1-pw-template-1to2] quit [PE1] pw-template 1to3 [PE1-pw-template-1to3] peer-address 3.3.3.3 [PE1-pw-template-1to3] control-word [PE1-pw-template-1to3] vccv cc cw cv lsp-ping [PE1-pw-template-1to3] quit [PE1] interface pos1/0/0 [PE1-Pos1/0/0] link-protocol hdlc [PE1-Pos1/0/0] mpls l2vc pw-template 1to3 100 [PE1-Pos1/0/0] mpls l2vc pw-template 1to2 200 [PE1-Pos1/0/0] ip address 10.1.1.2 30 [PE1-Pos1/0/0] undo shutdown [PE1-Pos1/0/0] quit
bfdvccv cc cw cv bfd
bfdvccv cc cw cv bfd
# Configure PE2.
[PE2] mpls l2vpn [PE2-l2vpn] quit [PE2] pw-template 2to1 [PE2-pw-template-2to1] peer 1.1.1.1 [PE2-pw-template-2to1] control-word [PE2-pw-template-2to1] vccv cc cw cv lsp-ping bfdvccv cc cw cv bfd [PE2-pw-template-2to1] quit [PE2] interface pos 1/0/0 [PE2-Pos1/0/0] mpls l2vc pw-template 2to1 200 ip-interworking [PE2-Pos1/0/0] ip address 10.1.2.1 30 [PE2-Pos1/0/0] undo shutdown [PE2-Pos1/0/0] quit
# Configure PE3.
[PE3] mpls l2vpn [PE3-l2vpn] quit [PE3] pw-template 3to1 [PE3-pw-template-3to1] peer 1.1.1.1 [PE3-pw-template-3to1] control-word [PE3-pw-template-3to1] vccv cc cw cv lsp-ping bfdvccv cc cw cv bfd [PE3-pw-template-3to1] quit [PE3] interface pos 1/0/0 [PE3-Pos1/0/0] mpls l2vc pw-template 3to1 100 tunnel-policy p1 ip-interworking [PE3-Pos1/0/0] ip address 10.1.1.1 30 [PE3-Pos1/0/0] undo shutdown [PE3-Pos1/0/0] quit
After the configuration, check the L2VPN connection information on PEs by running the display mpls l2vc command, and you can see that both the master and backup PWs have been successfully set up, and are in the Up state. The master PW is Active, and the backup PW is InActive. Take the display of PE1 as an example:
<PE1> display mpls l2vc interface pos 1/0/0 *client interface : Pos1/0/0 is up session state : up AC state : up
6-174
Issue 03 (2008-09-22)
6 PWE3 Configuration
VC state : up VC ID : 100 VC type : IP-interworking destination : 3.3.3.3 local group ID : 0 remote group ID : 0 local VC label : 21504 remote VC label : 21504 local AC OAM State : up local PSN State : up local forwarding state : forwarding remote AC OAM state : up remote PSN state : up remote forwarding state: forwarding BFD for PW : unavailable manual fault : not set active state : active forwarding entry : exist link state : up local VC MTU : 1500 remote VC MTU : 1500 local VCCV : cw lsp-ping bfd remote VCCV : cw lsp-ping bfd local fragmentantion : disable remote fragmentantion: disable local control word : enable remote control word : enable tunnel policy : p1 traffic behavior : -PW template name : 1to3 primary or secondary : primary VC tunnel/token info : 1 tunnels/tokens NO.0 TNL type : cr lsp, TNL ID : 0x42002000 create time : 0 days, 0 hours, 23 minutes, 7 seconds up time : 0 days, 0 hours, 1 minutes, 21 seconds last change time : 0 days, 0 hours, 1 minutes, 21 seconds *client interface : Pos1/0/0 is up session state : up AC state : up VC state : up VC ID : 200 VC type : IP-interworking destination : 2.2.2.2 local group ID : 0 remote group ID : 0 local VC label : 21505 remote VC label : 21505 local AC OAM state : up local PSN state : up local forwarding state : forwarding remote AC OAM state : up remote PSN state : up remote forwarding state: forwarding BFD for PW : unavailable manual fault : not set active state : inactive forwarding entry : existent link state : up local VC MTU : 1500 remote VC MTU : 1500 local VCCV : cw lsp-ping bfd remote VCCV : cw lsp-ping bfd local fragmentation : disable remote fragmentation: disable local control word : enable remote control word : enable tunnel policy : -traffic behavior : -PW template name : 1to2 primary or secondary : secondary VC tunnel/token info : 1 tunnels/tokens NO.0 TNL type : lsp , TNL ID : 0x2002001 create time : 0 days, 0 hours, 22 minutes, 19 seconds up time : 0 days, 0 hours, 1 minutes, 32 seconds last change time : 0 days, 0 hours, 1 minutes, 32 seconds reroute policy : delay 30 s, resume 0 s reason of last reroute : New LDP mapping message was received time of last reroute : 0 days, 0 hours, 0 minutes, 50 seconds delay timer ID : -rest time :--
Issue 03 (2008-09-22)
6-175
6 PWE3 Configuration
resume timer ID up 0 down *client interface : session state : AC status : VC state : VC ID : VC type : destination : local VC label : control word : forwarding entry : local group ID : manual fault : active state : link state : local VC MTU : tunnel policy name : traffic behavior name: PW template name : primary or secondary : create time : up time : last change time : *client interface : session state : AC status : VC state : VC ID : VC type : destination : local VC label : control word : forwarding entry : local group ID : manual fault : active state : link state : local VC MTU : tunnel policy name : traffic behavior name: PW template name : primary or secondary : create time : up time : last change time : : --
Pos1/0/0 up up up 100 IP-interworking 3.3.3.3 21504 remote enable existent 0 not set active up 1500 remote p1 -1to3 primary 0 days, 0 hours, 51 0 days, 0 hours, 12 0 days, 0 hours, 12 Pos1/0/0 up up up 200 IP-interworking 2.2.2.2 21505 remote enable existent 0 not set inactive up 1500 remote --1to2 secondary 0 days, 0 hours, 51 0 days, 0 hours, 12 0 days, 0 hours, 12
VC label
: 21504
VC MTU
: 1500
VC label
: 21504
VC MTU
: 1500
Run OSPF on CE1 and CE2, and advertise to CE2 the path to 10.1.3.0/24. # Configure CE1.
[CE1] ospf 1 [CE1-ospf-1] area 0.0.0.0 [CE1-ospf-1-area-0.0.0.0] network 10.1.1.0 0.0.0.3 [CE1-ospf-1-area-0.0.0.0] network 10.1.2.0 0.0.0.3 [CE1-ospf-1-area-0.0.0.0] network 10.1.3.0 0.0.0.255
# Configure CE2.
[CE2] ospf 1 [CE2-ospf-1] area 0.0.0.0 [CE2-ospf-1-area-0.0.0.0] network 10.1.1.0 0.0.0.3 [CE2-ospf-1-area-0.0.0.0] network 10.1.2.0 0.0.0.3
Run the display ip routing-table command on CE2, and you can see that the outbound interface for the path from CE2 to 10.1.3.0/24 is POS 1/0/0.In other words, traffic goes through the master path. Take the display of CE2 as an example:
<CE2> display ip routing-table Route Flags: R - relied, D - download to fib
6-176
Issue 03 (2008-09-22)
6 PWE3 Configuration
-----------------------------------------------------------------------------Routing Tables: Public Destinations : 9 Routes : 9 Destination/Mask Proto Pre Cost Flags NextHop Interface 10.1.1.0/30 Direct 0 0 D 10.1.1.2 Pos1/0/0 10.1.1.1/32 Direct 0 0 D 10.1.1.1 Pos1/0/0 10.1.1.2/32 Direct 0 0 D 127.0.0.1 InLoopBack0 10.1.2.0/30 Direct 0 0 D 10.1.2.2 Pos1/0/1 10.1.2.1/32 Direct 0 0 D 10.1.2.1 Pos1/0/1 10.1.2.2/32 Direct 0 0 D 127.0.0.1 InLoopBack0 10.1.3.1/32 OSPF 10 2 D 10.1.1.1 Pos1/0/0 127.0.0.0/8 Direct 0 0 D 127.0.0.1 InLoopBack0 127.0.0.1/32 Direct 0 0 D 127.0.0.1 InLoopBack0Route Flags: R - relied, D - download to fib -----------------------------------------------------------------------------Routing Tables: Public Destinations : 8 Routes : 9 Destination/Mask Proto Pre Cost Flags NextHop Interface 10.1.1.0/30 Direct 0 0 D 10.1.1.2 Pos1/0/0 10.1.1.1/32 Direct 0 0 D 10.1.1.1 Pos1/0/0 Direct 0 0 D 10.1.1.1 Pos1/0/1 10.1.1.2/32 Direct 0 0 D 127.0.0.1 InLoopBack0 10.1.2.0/30 Direct 0 0 D 10.1.2.2 Pos1/0/1 10.1.2.2/32 Direct 0 0 D 127.0.0.1 InLoopBack0 10.1.3.1/32 OSPF 10 2 D 10.1.1.1 Pos1/0/0 127.0.0.0/8 Direct 0 0 D 127.0.0.1 InLoopBack0 127.0.0.1/32 Direct 0 0 D 127.0.0.1 InLoopBack0
8.
This example uses dynamic BFDs to check the PW. The local discriminator and remote discriminator of a BFD session should correspond to each other, and cannot be modified after being configured.
# Configure PE1.
[PE1] bfd [PE1-bfd] quit [PE1] bfd 1to3 bind pw interface pos 1/0/0 [PE1-bfd-lsp-session-1to3Pos1/0/0] mpls l2vpn pw bfd min-rx-interval 100 mintx-interval 100discriminator local 13 [PE1-bfd-lsp-session-1to3Pos1/0/0] discriminator remote 31mpls l2vpn pw bfd min-rx-interval 100 min-tx-interval 100 secondary [PE1-bfd-lsp-session-1to3] commit [PE1-bfd-lsp-session-1to3Pos1/0/0] quit [PE1] bfd 1to2 bind pw interface pos 1/0/0 secondary [PE1-bfd-lsp-session-1to2] discriminator local 12 [PE1-bfd-lsp-session-1to2] discriminator remote 21 [PE1-bfd-lsp-session-1to2] commit [PE1-bfd-lsp-session-1to2] quit
# Configure PE2.
[PE2] bfd [PE2-bfd] quit [PE2] bfd 2to1 bind pw interface pos 1/0/0 [PE2-bfd-lsp-session-2to1] discriminator local 21
Issue 03 (2008-09-22)
6-177
6 PWE3 Configuration
# Configure PE3.
[PE3] bfd [PE3-bfd] quit [PE3] bfd 3to1 bind pw interface pos 1/0/0 [PE3-bfd-lsp-session-3to1Pos1/0/0] mpls l2vpn pw bfd min-rx-interval 100 mintx-interval 100discriminator local 31 [PE3-bfd-lsp-session-3to1] discriminator remote 13 [PE3-bfd-lsp-session-3to1] commit [PE3-bfd-lsp-session-3to1Pos1/0/0] quit
After the configuration, BFD sessions are set up between PE1 and PE2, and PE1 and PE3.Run the display bfd session all command, and you can see State is Up. Take the display of PE1 as an example.
<PE1> display bfd session all ------------------------------------------------------------------------------Local Remote PeerIpAddr InterfaceName State Type ------------------------------------------------------------------------------8192 8192 --.--.--.-Pos1/0/0 Up D_PW(M) 8193 8192 --.--.--.-Pos1/0/0 Up D_PW(S) ------------------------------------------------------------------------------Total UP/DOWN Session Number : 2/0------------------------------------------------------------------------------Local Remote PeerIpAddr InterfaceName State Type ------------------------------------------------------------------------------12 21 --.--.--.-Pos1/0/0 Up S_PW (S) 13 31 --.--.--.-Pos1/0/0 Up S_PW (M) ------------------------------------------------------------------------------Total UP/DOWN Session Number : 2/0
Run the display bfd configuration all command, and you can view the configuration information about BFD. The status of Commit is True.
<PE1> display bfd configuration all ------------------------------------------------------------------------------CFG Name CFG Type LocalDiscr MIndex SessNum Commit AdminDown ------------------------------------------------------------------------------dyn_8192 Dynamic 8192 256 1 True False dyn_8193 Dynamic 8193 257 1 True False ------------------------------------------------------------------------------Total Commit/Uncommit CFG Number : 2/0------------------------------------------------------------------------------CFG Name CFG Type LocalDiscr MIndex SessNum Commit AdminDown ------------------------------------------------------------------------------1to2 Static_PW(S) 12 256 1 True False 1to3 Static_PW(M) 13 257 1 True False ------------------------------------------------------------------------------Total Commit/Uncommit CFG Number : 2/0
9.
Enable the OAM Mapping function on PEs, which automatically enables the AC OAM detection and notification.
Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd. Issue 03 (2008-09-22)
6-178
6 PWE3 Configuration
# Take the configuration of PE1 as an example. Configurations of PE2 and PE3 are the same as that of PE1, and are not described here.
[PE1] interface pos 1/0/0 [PE1-Pos1/0/0] mpls l2vpn oam-mapping auto [PE1-Pos1/0/0] quit
The statuses of AC OAM, Link, BFD, and PSN are all Up. Run the display mpls l2vc oam-mapping interface on PEs, and you can view information about OAM Mapping. The status of AC OAM is up, the status of BFD for PW is Enable, and the status of BFD is up. Take the display of PE1 as an example:
<PE1> display mpls l2vc oam-mapping interface pos1/0/0 AC OAM Info: ACFD Index : 0x800 Notify : Enable Detect : Enable AC OAM State : Up OAM-mapping : Enable PSN info: VC-ID : 100 VC status : Primary Active State : Active Link State : Up BFD for PW : Enable BFDSessionIndex:256 ,BFD State : up BFD for LSP : 0 TunnelNum: 1 PSN State : up VC-ID : 200 VC status : Secondary Active State : Inactive Link State : Up BFD for PW : Enable BFDSessionIndex:257 ,BFD State : up BFD for LSP : 0 TunnelNum: 1 PSN State : up
10. Verify the configuration. If the configuration succeeds, run the display mpls l2vc interface command on PE1, and you can see that the status of the master PW is Active, and the status of the backup PW is Inactive. The status of BFD for PW for both the master and backup PWs is available.
<PE1> display mpls l2vc interface pos 1/0/0 *client interface : Pos1/0/0 is up session state : up AC state : up VC state : up VC ID : 100 VC type : IP-interworking destination : 3.3.3.3 local group ID : 0 remote group ID local VC label : 21504 remote VC label local AC OAM State : up local PSN State : up local forwarding state : forwarding remote AC OAM state : up remote PSN state : up remote forwarding state: forwarding Dynamic BFD for PW : enable Detect Multipier : 3 Min Transit Interval : 100 Max Receive Interval : 100 Dynamic BFD Session : built BFD for PW : available BFD sessionIndex : 256 BFD state : up manual fault : not set active state : active forwarding entry : exist link state : up
: 0 : 21504
Issue 03 (2008-09-22)
6-179
6 PWE3 Configuration
6-180
Issue 03 (2008-09-22)
6 PWE3 Configuration
local PSN State : up local forwarding state : forwarding remote AC OAM state : up remote PSN state : up remote forwarding state: forwarding BFD for PW : available BFD sessionIndex : 257 BFD state : up manual fault : not set active state : active forwarding entry : exist link state : up local VC MTU : 1500 remote VC MTU : 1500 local VCCV : cw bfd remote VCCV : cw bfd local fragmentantion : disable remote fragmentantion: disable local control word : enable remote control word : enable tunnel policy : p1 traffic behavior : -PW template name : 1to3 primary or secondary : primary VC tunnel/token info : 1 tunnels/tokens NO.0 TNL type : cr lsp, TNL ID : 0x42002002 create time : 0 days, 0 hours, 56 minutes, 39 seconds up time : 0 days, 0 hours, 18 minutes, 2 seconds last change time : 0 days, 0 hours, 18 minutes, 2 seconds *client interface : Pos1/0/0 is up session state : up AC state : up VC state : up VC ID : 200 VC type : IP-interworking destination : 2.2.2.2 local group ID : 0 remote group ID : 0 local VC label : 21505 remote VC label : 21504 local AC OAM state : up local PSN state : up local forwarding state : forwarding remote AC OAM state : up remote PSN state : up remote forwarding state: forwarding BFD for PW : available BFD sessionIndex : 256 BFD state : up manual fault : not set active state : inactive forwarding entry : existent link state : up local VC MTU : 1500 remote VC MTU : 1500 local VCCV : cw bfd remote VCCV : cw bfd local fragmentation : disable remote fragmentation: disable local control word : enable remote control word : enable tunnel policy : -traffic behavior : -PW template name : 1to2 primary or secondary : secondary VC tunnel/token info : 1 tunnels/tokens NO.0 TNL type : lsp , TNL ID : 0x2002004 create time : 0 days, 0 hours, 56 minutes, 39 seconds up time : 0 days, 0 hours, 18 minutes, 2 seconds last change time : 0 days, 0 hours, 18 minutes, 2 seconds reroute policy : delay 30 s, resume 0 s reason of last reroute : Remote PSN fault time of last reroute : 0 days, 0 hours, 18 minutes, 2 seconds delay timer ID : -rest time :-resume timer ID : -rest time :--
Issue 03 (2008-09-22)
6-181
6 PWE3 Configuration
Run the display bfd session all command on PE1, and you can see that the BFD session for the master PW is Down.
<PE1> display bfd session all ------------------------------------------------------------------------------Local Remote PeerIpAddr InterfaceName State Type ------------------------------------------------------------------------------8192 8192 --.--.--.-Pos1/0/0 Down D_PW(M) 8193 8192 --.--.--.-Pos1/0/0 Up D_PW(S) ------------------------------------------------------------------------------Total UP/DOWN Session Number : 1/1 ------------------------------------------------------------------------------Local Remote PeerIpAddr InterfaceName State Type ------------------------------------------------------------------------------12 21 --.--.--.-Pos1/0/0 Up S_PW(S) 13 31 --.--.--.-Pos1/0/0 Down S_PW(M) ------------------------------------------------------------------------------Total UP/DOWN Session Number : 1/1
Run the display mpls l2vc interface command on PE1, and you can see that the master PW is changed to Inactive, and the backup PW is changed to Active.
<PE1> display mpls l2vc interface pos 1/0/0 *client interface : Pos1/0/0 is up session state : Down AC state : up VC state : Down VC ID : 100 VC type : IP-interworking destination : 3.3.3.3 local group ID : 0 remote group ID : 0 local VC label : 21504 remote VC label : 21504 local AC OAM State : up local PSN State : up local forwarding state : not forwarding remote AC OAM state : up remote PSN state : up remote forwarding state: forwarding Dynamic BFD for PW : enable Detect Multipier : 3 Min Transit Interval : 100 Max Receive Interval : 100 Dynamic BFD Session : built BFD for PW : available BFD sessionIndex : 256 BFD state : down manual fault : not set active state : inactive forwarding entry : not exist link state : down local VC MTU : 1500 remote VC MTU : 1500 local VCCV : cw lsp-ping bfd remote VCCV : cw lsp-ping bfd local fragmentantion : disable remote fragmentantion: disable local control word : enable remote control word : enable tunnel policy : p1 traffic behavior : -PW template name : 1to3 primary or secondary : primary VC tunnel/token info : 1 tunnels/tokens NO.0 TNL type : cr lsp, TNL ID : 0x42002000 create time : 0 days, 1 hours, 5 minutes, 19 seconds up time : 0 days, 0 hours, 43 minutes, 33 seconds last change time : 0 days, 0 hours, 43 minutes, 33 seconds *client interface : Pos1/0/0 is up
6-182
Issue 03 (2008-09-22)
6 PWE3 Configuration
up up up 200 IP-interworking 2.2.2.2 0 remote group ID : 0 21505 remote VC label : 21505 up up forwarding up up forwarding enable 3 100 100 built available 257 BFD state : up not set active existent up 1500 remote VC MTU : 1500 cw lsp-ping bfd cw lsp-ping bfd disable remote fragmentation: disable enable remote control word : enable --1to2 secondary 1 tunnels/tokens , TNL ID : 0x2002001 0 days, 1 hours, 4 minutes, 31 seconds 0 days, 0 hours, 43 minutes, 44 seconds 0 days, 0 hours, 43 minutes, 44 seconds delay 30 s, resume 0 s New LDP mapping message was received 0 days, 0 hours, 43 minutes, 2 seconds -rest time :--rest time :--*client interface down up down 100 IP-interworking 3.3.3.3 0 remote group ID : 21504 remote VC label : up up not forwarding available 257 BFD state : down not set inactive not exist down 1500 remote VC MTU : cw bfd none disable remote fragmentantion: enable remote control word : p1 --
0 0
0 none none
Issue 03 (2008-09-22)
6-183
6 PWE3 Configuration
PW template name : primary or secondary : VC tunnel/token info : create time : up time : last change time : *client interface : session state : AC state : VC state : VC ID : VC type : destination : local group ID : local VC label : local AC OAM state : local PSN state : local forwarding state : remote AC OAM state : remote PSN state : remote forwarding state: BFD for PW : BFD sessionIndex : manual fault : active state : forwarding entry : link state : local VC MTU : local VCCV : remote VCCV : local fragmentation : local control word : tunnel policy : traffic behavior : PW template name : primary or secondary : VC tunnel/token info : NO.0 TNL type : lsp create time : up time : last change time : reroute policy : reason of last reroute : time of last reroute : delay timer ID : resume timer ID :
Check the routing table on CE2, and you can see that the outbound interface of 10.1.3.0 is changed to POS1/0/1.That is, the L2VPN traffic is switched to the backup path.
<CE2> display ip routing-table Route Flags: R - relied, D - download to fib -----------------------------------------------------------------------------Routing Tables: Public Destinations : 7 Routes : 7 Destination/Mask Proto Pre Cost Flags NextHop Interface 10.1.1.0/30 OSPF 10 0 D 10.1.1.1 Pos1/0/1 10.1.1.1/32 Direct 0 0 D 10.1.1.1 Pos1/0/1 10.1.2.0/30 Direct 0 0 D 10.1.2.2 Pos1/0/1 10.1.2.2/32 Direct 0 0 D 127.0.0.1 InLoopBack0 10.1.3.1/32 OSPF 10 2 D 10.1.1.1 Pos1/0/1 127.0.0.0/8 Direct 0 0 D 127.0.0.1 InLoopBack0 127.0.0.1/32 Direct 0 0 D 127.0.0.1 InLoopBack0
Check the routing table on CE2, and you can see that the outbound interface of 10.1.3.0 is changed to POS 1/0/0.That is, the L2VPN traffic is switched back to the master path.
6-184 Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd. Issue 03 (2008-09-22)
6 PWE3 Configuration
<CE2> display ip routing-table Route Flags: R - relied, D - download to fib -----------------------------------------------------------------------------Routing Tables: Public Destinations : 8 Routes : 9 Destination/Mask Proto Pre Cost Flags NextHop Interface 10.1.1.0/30 Direct 0 0 D 10.1.1.2 Pos1/0/0 10.1.1.1/32 Direct 0 0 D 10.1.1.1 Pos1/0/0 Direct 0 0 D 10.1.1.1 Pos1/0/1 10.1.1.2/32 Direct 0 0 D 127.0.0.1 InLoopBack0 10.1.2.0/30 Direct 0 0 D 10.1.2.2 Pos1/0/1 10.1.2.2/32 Direct 0 0 D 127.0.0.1 InLoopBack0 10.1.3.1/32 OSPF 10 2 D 10.1.1.1 Pos1/0/0 127.0.0.0/8 Direct 0 0 D 127.0.0.1 InLoopBack0 127.0.0.1/32 Direct 0 0 D 127.0.0.1 InLoopBack0
Configuration File
l
Issue 03 (2008-09-22)
6-185
6 PWE3 Configuration
6-186
Issue 03 (2008-09-22)
6 PWE3 Configuration
Configuration file of P
# sysname P # mpls lsr-id 4.4.4.4 mpls mpls te mpls rsvp-te # interface Pos2/0/1 link-protocol ppp undo shutdown ip address 100.13.1.2 255.255.255.252 mpls mpls te mpls te max-link-bandwidth 50 mpls te max-reservable-bandwidth 30 mpls rsvp-te # interface Pos2/0/2 link-protocol ppp undo shutdown ip address 100.34.1.1 255.255.255.252 mpls mpls te mpls te max-link-bandwidth 50 mpls te max-reservable-bandwidth 30 mpls rsvp-te # interface LoopBack1 ip address 4.4.4.4 255.255.255.255 # ospf 1 opaque-capability enable area 0.0.0.0 network 100.13.1.0 0.0.0.3 network 100.34.1.0 0.0.0.3 network 4.4.4.4 0.0.0.0 mpls-te enable # return
Issue 03 (2008-09-22)
6-187
6 PWE3 Configuration
6-188
Issue 03 (2008-09-22)
6 PWE3 Configuration
6.14.12 Example for Configuring PW FRR - CEs Are Symmetrically Connected to PEs Through Ethernet Links, Dynamic BFD Is Used to Detect PWs, EFM Is Used to Detect ACs
Networking Requirements
As shown in Figure 6-27, CE1 is dual-homed to PE1 and PE2; CE2 is dual-homed to PE3 and PE4. The networking requirements are as follows:
l l
CE1 and CE2 are connected to PEs through Ethernet links. PWs are set up between PE1 and PE3, and between PE2 and PE4, using MPLS LSPs as tunnels. Fault detection between CEs and PEs is implemented according to the IEEE802.3ah protocol (EFM). The paths CE2 PE3 P PE1 CE1 and CE2 PE4 PE2 CE1 are mutually redundant. If one path -- the working line -- becomes faulty, the L2VPN traffic can be rapidly switched to the backup path -- the protection line. By default, CE2 PE3 P PE1 CE1 is used as the working line.
Issue 03 (2008-09-22)
6-189
6 PWE3 Configuration
Figure 6-27 Networking diagram of PW FRR CEs are symmetrically connected to PEs through Ethernet links, dynamic BFD is used to detect PWs, EFM is used to detect ACs
1 /0 / S2 .2/30 O P .13 0.1 10
Loopback1 1.1.1.1/32
Loopback1 5.5.5.5/32
PE1
GE1/0/0 Loopback1 2.2.2.2/32
LSP
PE3
GE1/0/0
PE2
GE1/0/0 GE1/0/0 20.1.1.1/30
POS2/0/0 100.1.24.1/30
PE4
GE1/0/0 GE1/0/0 20.1.1.2/30
LSP
CE1
GE1/0/2 10.1.1.2/24
GE1/0/1 30.1.1.1/30
CE2
Client1 10.1.1.1/24
Client2 10.2.1.1/24
Configuration Roadmap
The configuration roadmap is as follows: 1. 2. 3. 4. 5. 6. Configure IGP on the backbone network. Set up LSP and LDP sessions between PE1 and PE3, and between PE2 and PE4. Use PW templates to configure PWs on PEs. Set up BFD for PW sessions between PE1 and PE3, and between PE2 and PE4. On PEs and CEs, configure Ethernet OAM that complies with the IEEE802.3ah protocol. Configure AC OAM detection and notification on PEs, and enable the OAM Mapping function.
Data Preparation
To complete the configuration, you need the following data:
l l l
Name of the remote peer of MPLS LDP VC-ID of the PW Name of the PW template
Configuration Procedure
1.
6-190
Configure CEs.
Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd. Issue 03 (2008-09-22)
6 PWE3 Configuration
Configure the addresses of the interfaces of CE1 and CE2, as shown in Figure 6-27. The detailed configuration is not mentioned here. 2. On the MPLS backbone network, configure IP addresses for interfaces and IGP so that PEs and P on the backbone network can interwork . # Configure PE1.
<Quidway> system-view [Quidway] sysname PE1 [PE1] interface loopback1 [PE1-LoopBack1] ip address 1.1.1.1 32 [PE1-LoopBack1] quit [PE1] interface pos 2/0/1 [PE1-Pos2/0/1] ip address 100.1.13.1 30 [PE1-Pos2/0/1] undo shutdown [PE1-Pos2/0/1] quit [PE1] ospf 1 [PE1-ospf-1] area 0 [PE1-ospf-1-area-0.0.0.0] network 1.1.1.1 0.0.0.0 [PE1-ospf-1-area-0.0.0.0] network 100.1.13.0 0.0.0.3
# Configure PE3.
<Quidway> system-view [Quidway] sysname PE3 [PE3] interface loopback1 [PE3-LoopBack1] ip address 3.3.3.3 32 [PE3-LoopBack1] quit [PE3] interface pos2/0/1 [PE3-Pos2/0/1] ip address 100.1.31.2 30 [PE3-Pos2/0/1] undo shutdown [PE3-Pos2/0/1] quit [PE3] ospf 1 [PE3-ospf-1] area 0 [PE3-ospf-1-area-0.0.0.0] network 3.3.3.3 0.0.0.0 [PE3-ospf-1-area-0.0.0.0] network 100.1.31.0 0.0.0.3
# Configure PE2.
<Quidway> system-view [Quidway] sysname PE2 [PE2] interface loopback1 [PE2-LoopBack1] ip address 2.2.2.2 32 [PE2-LoopBack1] quit [PE2] interface pos 2/0/0 [PE2-Pos2/0/0] ip address 100.1.24.1 30 [PE2-Pos2/0/0] undo shutdown [PE2-Pos2/0/0] quit [PE2] ospf 1 [PE2-ospf-1] area 0 [PE2-ospf-1-area-0.0.0.0] network 2.2.2.2 0.0.0.0
Issue 03 (2008-09-22)
6-191
6 PWE3 Configuration
# Configure PE4.
<Quidway> system-view [Quidway] sysname PE4 [PE4] interface loopback1 [PE4-LoopBack1] ip address 4.4.4.4 32 [PE4-LoopBack1] quit [PE4] interface pos 2/0/0 [PE4-Pos2/0/0] ip address 100.1.24.2 30 [PE4-Pos2/0/0] undo shutdown [PE4-Pos2/0/0] quit [PE4] ospf 1 [PE4-ospf-1] area 0 [PE4-ospf-1-area-0.0.0.0] network 4.4.4.4 0.0.0.0 [PE4-ospf-1-area-0.0.0.0] network 100.1.24.0 0.0.0.3
After the configuration, run the display ip routing-table command on the PEs, and you can see that PE1 and PE2, and PE1 and PE3 have learned the routes on the Loopback1 interface of each other. Take the display on PE1 as an example.
<PE1> display ip routing-table Route Flags: R - relied, D - download to fib -----------------------------------------------------------------------------Routing Tables: Public Destinations : 9 Routes : 9 Destination/Mask Proto Pre Cost Flags NextHop Interface 1.1.1.1/32 Direct 0 0 D 127.0.0.1 InLoopBack0 3.3.3.3/32 OSPF 10 3 D 100.1.13.2 Pos2/0/1 5.5.5.5/32 OSPF 10 2 D 100.1.13.2 Pos2/0/1 100.1.13.0/30 Direct 0 0 D 100.1.13.1 Pos2/0/1 100.1.13.1/32 Direct 0 0 D 127.0.0.1 InLoopBack0 100.1.13.2/32 Direct 0 0 D 100.1.13.2 Pos2/0/1 100.1.31.0/30 OSPF 10 2 D 100.1.13.2 Pos2/0/1 127.0.0.0/8 Direct 0 0 D 127.0.0.1 InLoopBack0 127.0.0.1/32 Direct 0 0 D 127.0.0.1 InLoopBack0
3.
Configure the basic MPLS functions on the MPLS backbone network. # Enable MPLS, and set LSR-ID as the IP address of the Loopback1 interface. Enable MPLS and MPLS LDP on interfaces on the backbone network. # Configure PE1.
[PE1] mpls lsr-id 1.1.1.1 [PE1] mpls [PE1-mpls] quit [PE1] mpls ldp [PE1-mpls-ldp] quit [PE1] interface pos2/0/1 [PE1-Pos2/0/1] mpls [PE1-Pos2/0/1] mpls ldp [PE1-Pos2/0/1] quit
# Configure PE3.
6-192 Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd. Issue 03 (2008-09-22)
6 PWE3 Configuration
# Configure PE2.
[PE2] mpls lsr-id 2.2.2.2 [PE2] mpls [PE2-mpls] quit [PE2] mpls ldp [PE2-mpls-ldp] quit [PE2] interface pos 2/0/0 [PE2-Pos2/0/0] mpls [PE2-Pos2/0/0] mpls ldp [PE2-Pos2/0/0] quit
# Configure PE4.
[PE4] mpls lsr-id 4.4.4.4 [PE4] mpls [PE4-mpls] quit [PE4] mpls ldp [PE4-mpls-ldp] quit [PE4] interface pos 2/0/0 [PE4-Pos2/0/0] mpls [PE4-Pos2/0/0] mpls ldp [PE4-Pos2/0/0] quit
After the configuration, run the display tunnel-info all command on PEs. You can see that MPLS LSP tunnels are set up between PE1 and PE3, and between PE2 and PE4. Take the display on PE1 and PE2 as an example.
<PE1> display tunnel-info all * -> Allocated VC Token Tunnel ID Type Destination Token ---------------------------------------------------------------------0x2002000 lsp 5.5.5.5 0 0x2002001 lsp 3.3.3.3 1 <PE2> display tunnel-info all * -> Allocated VC Token Tunnel ID Type Destination Token ---------------------------------------------------------------------0x2002000 lsp 4.4.4.4 0
Run the display mpls ldp session command on PEs. You can see that the status of the peer relationship between PE1 and P, between PE3 and P, and between PE2 and PE4 is Operational. This indicates that LDP sessions are set up. Take the display on PE1 as an example.
<PE1> display mpls ldp session LDP Session(s) in Public Network -----------------------------------------------------------------------------Peer-ID Status LAM SsnRole SsnAge KA-Sent/Rcv -----------------------------------------------------------------------------5.5.5.5:0 Operational DU Passive 000:00:04 20/20 -----------------------------------------------------------------------------TOTAL: 1 session(s) Found. LAM : Label Advertisement Mode SsnAge Unit : DDD:HH:MM
4.
Set up remote LDP sessions between PEs. # Configure remote LDP sessions. Usually, addresses of the Loopback interfaces of the remote LDP peers are set as the IP addresses for remote LDP sessions.
Issue 03 (2008-09-22)
6-193
6 PWE3 Configuration
NOTE
In this example, PE2 and PE4 are directly connected and you do not need to manually configure remote LDP sessions between them.
# Configure PE1.
[PE1] mpls ldp remote-peer 3.3.3.3 [PE1-mpls-ldp-remote-3.3.3.3] remote-ip 3.3.3.3 [PE1-mpls-ldp-remote-3.3.3.3] quit
# Configure PE3.
[PE3] mpls ldp remote-peer 1.1.1.1 [PE3-mpls-ldp-remote-1.1.1.1] remote-ip 1.1.1.1 [PE3-mpls-ldp-remote-1.1.1.1] quit
After the configuration, run the display mpls ldp session on PEs. You can see that the status of the remote LDP peer relationship is Operational. This indicates that remote LDP sessions are set up. Take the display on PE1 as an example.
<PE1> display mpls ldp session LDP Session(s) in Public Network -----------------------------------------------------------------------------Peer-ID Status LAM SsnRole SsnAge KA-Sent/Rcv -----------------------------------------------------------------------------3.3.3.3:0 Operational DU Passive 000:00:56 225/227 5.5.5.5:0 Operational DU Passive 000:00:13 56/56 -----------------------------------------------------------------------------TOTAL: 2 session(s) Found. LAM : Label Advertisement Mode SsnAge Unit : DDD:HH:MM
5.
# Configure PE3.
[PE3] mpls l2vpn [PE3-l2vpn] quit [PE3] pw-template 3to1 [PE3-pw-template-3to1] peer-address 1.1.1.1 [PE3-pw-template-3to1] control-word [PE3-pw-template-3to1] vccv cc cw cv bfd lsp-ping [PE3-pw-template-3to1] quit [PE3] interface gigabitethernet 1/0/0 [PE3-GigabitEthernet1/0/0] mpls l2vc pw-template 3to1 100 [PE3-GigabitEthernet1/0/0] undo shutdown [PE3-GigabitEthernet1/0/0] quit
# Configure PE2.
[PE2] mpls l2vpn [PE2-l2vpn] quit [PE2] pw-template 2to4 [PE2-pw-template-2to4] peer-address 4.4.4.4 [PE2-pw-template-2to4] control-word [PE2-pw-template-2to4] vccv cc cw cv bfd lsp-ping
6-194
Issue 03 (2008-09-22)
6 PWE3 Configuration
# Configure PE4.
[PE4] mpls l2vpn [PE4-l2vpn] quit [PE4] pw-template 4to2 [PE4-pw-template-4to2] peer-address 2.2.2.2 [PE4-pw-template-4to2] control-word [PE4-pw-template-4to2] vccv cc cw cv bfd lsp-ping [PE4-pw-template-4to2] quit [PE4] interface gigabitethernet 1/0/0 [PE4-GigabitEthernet1/0/0] mpls l2vc pw-template 4to2 200 [PE4-GigabitEthernet1/0/0] undo shutdown [PE4-GigabitEthernet1/0/0] quit
After the configuration, run the display pw-template command on PEs. You can view the information about the configurations of PW templates, and you can see that VCCV is enabled. Take the display on PE1 as an example.
<PE1> display pw-template Total PW template number : 1 PW Template Name : 1to3 PeerIP : 3.3.3.3 Tnl Policy Name : -CtrlWord : Enable VCCV Capability : cw lsp-ping bfd Behavior Name : -Total PW : 1, Static PW : 0, LDP PW : 1, Rsvp PW : 0
After the configuration, run the display mpls l2vc command on PEs. You can see that PWs are set up and are in the Active state. Take the display on PE1 as an example.
<PE1> display mpls l2vc interface gigabitethernet1/0/0 total LDP VC : 1 1 up 0 down *client interface : GigabitEthernet1/0/0 session state : up AC status : up VC state : up VC ID : 100 VC type : Ethernet destination : 3.3.3.3 local group ID : 0 remote group ID local VC label : 21504 remote VC label : local AC OAM State : up local PSN State : up local forwarding state : forwarding remote AC OAM state : up remote PSN state : up remote forwarding state: forwarding BFD for PW : unavailable manual fault : not set active state : active forwarding entry : exist link state : up local VC MTU : 1500 remote VC MTU local VCCV : cw lsp-ping bfd remote VCCV : cw lsp-ping bfd local control word : enable remote control word tunnel policy : -traffic behavior : -PW template name : 1to3 primary or secondary : primary VC tunnel/token info : 1 tunnels/tokens
: 0 21504
: 1500 : enable
Issue 03 (2008-09-22)
6-195
6 PWE3 Configuration
6.
Configure IGP between CEs. Run OSPF on CE1 and CE2. To transmit traffic through the working line CE2 PE3 P PE1 CE1, set the OSPF cost of GE1/0/1 on CE1 and CE2 to a higher value, for example, 10. # Configure CE1.
[CE1] ospf 1 [CE1-ospf-1] area 0.0.0.0 [CE1-ospf-1-area-0.0.0.0] network 10.1.1.0 0.0.0.255 [CE1-ospf-1-area-0.0.0.0] network 20.1.3.0 0.0.0.3 [CE1-ospf-1-area-0.0.0.0] network 30.1.3.0 0.0.0.3 [CE1-ospf-1-area-0.0.0.0] quit [CE1-ospf-1] quit [CE1] interface gigabitethernet 1/0/1 [CE1-GigabitEthernet1/0/1] ospf cost 10
# Configure CE2.
[CE2] ospf 1 [CE2-ospf-1] area 0.0.0.0 [CE2-ospf-1-area-0.0.0.0] network 10.2.1.0 0.0.0.255 [CE2-ospf-1-area-0.0.0.0] network 20.1.1.0 0.0.0.3 [CE2-ospf-1-area-0.0.0.0] network 30.1.1.0 0.0.0.3 [CE2-ospf-1-area-0.0.0.0] quit [CE2-ospf-1] quit [CE2] interface gigabitethernet 1/0/1 [CE2-GigabitEthernet1/0/1] ospf cost 10
Run the display ip routing-table command on CE1. You can see that the outbound interface for the route from CE1 to 10.2.1.0/24 is GE1/0/0. That is, traffic is transmitted through the working line CE2 PE3 P PE1 CE1.
<CE1> display ip routing-table Route Flags: R - relied, D - download to fib -----------------------------------------------------------------------------Routing Tables: Public Destinations : 9 Routes : 9 Destination/Mask Proto Pre Cost Flags NextHop Interface 10.1.1.0/24 Direct 0 0 D 10.1.1.2 GigabitEthernet1/0/2 10.1.1.2/32 Direct 0 0 D 127.0.0.1 InLoopBack0 10.2.1.0/24 OSPF 10 2 D 20.1.1.2 GigabitEthernet1/0/0 20.1.1.0/30 Direct 0 0 D 20.1.1.1 GigabitEthernet1/0/0 20.1.1.1/32 Direct 0 0 D 127.0.0.1 InLoopBack0 30.1.1.0/30 Direct 0 0 D 30.1.1.1 GigabitEthernet1/0/1 30.1.1.1/32 Direct 0 0 D 127.0.0.1 InLoopBack0 127.0.0.0/8 Direct 0 0 D 127.0.0.1 InLoopBack0 127.0.0.1/32 Direct 0 0 D 127.0.0.1 InLoopBack0
After the default gateway is set as the interface that connects CEs to clients, clients can ping through each other. Take the display on Client1 as an example.
<Clinet1> ping 10.2.1.1 PING 10.2.1.1: 56 data bytes, press CTRL_C to break Reply from 10.2.1.1: bytes=56 Sequence=1 ttl=254 time=210 Reply from 10.2.1.1: bytes=56 Sequence=2 ttl=255 time=130 Reply from 10.2.1.1: bytes=56 Sequence=3 ttl=255 time=190 Reply from 10.2.1.1: bytes=56 Sequence=4 ttl=255 time=130 Reply from 10.2.1.1: bytes=56 Sequence=5 ttl=255 time=180 --- 10.2.1.1 ping statistics --5 packet(s) transmitted 5 packet(s) received 0.00% packet loss round-trip min/avg/max = 130/160/190 ms ms ms ms ms ms
7.
6-196
6 PWE3 Configuration
# Configure PE1.
[PE1] bfd [PE1-bfd] quit [PE1] interface gigabitethernet 1/0/0 [PE1-GigabitEthernet1/0/0] mpls l2vpn pw bfd [PE1-GigabitEthernet1/0/0] quit
# Configure PE3.
[PE3] bfd [PE3-bfd] quit [PE3] interface gigabitethernet 1/0/0 [PE3-GigabitEthernet1/0/0] mpls l2vpn pw bfd [PE3-GigabitEthernet1/0/0] quit
# Configure PE2.
[PE2] bfd [PE2-bfd] quit [PE2] interface gigabitethernet 1/0/0 [PE2-GigabitEthernet1/0/0] mpls l2vpn pw bfd [PE2-GigabitEthernet1/0/0] quit
# Configure PE4.
[PE4] bfd [PE4-bfd] quit [PE4] interface gigabitethernet 1/0/0 [PE4-GigabitEthernet1/0/0] mpls l2vpn pw bfd [PE4-GigabitEthernet1/0/0] quit
After the configuration, BFD sessions are set up between PE1 and PE3, and between PE2 and PE4. Run the display bfd session all command. You can see that the State is Up. Take the display on PE1 as an example.
<PE1> display bfd session all ------------------------------------------------------------------------------Local Remote PeerIpAddr InterfaceName State Type ------------------------------------------------------------------------------8192 8192 --.--.--.-GigabitEthernet1/0/0 Up D_PW(M) ------------------------------------------------------------------------------Total UP/DOWN Session Number : 1/0
Run the display bfd configuration all command. You can view the information about the BFD configuration, and the Commit field is True.
<PE1> display bfd configuration all ------------------------------------------------------------------------------CFG Name CFG Type LocalDiscr MIndex SessNum Commit AdminDown ------------------------------------------------------------------------------dyn_8192 Dynamic 8192 256 1 True False ------------------------------------------------------------------------------Total Commit/Uncommit CFG Number : 1/0
8.
l l
In this example, Ethernet OAM complies with the IEEE802.3ah protocol (EFM). To enable fast switchover on CEs, configure association between Ethermet OAM and the interfaces on the AC side of CEs.
# Configure CE1.
Issue 03 (2008-09-22) Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd. 6-197
6 PWE3 Configuration
# Configure CE2.
[CE2] efm enable [CE2] interface gigabitethernet 1/0/0 [CE2-GigabitEthernet1/0/0] efm enable [CE2-GigabitEthernet1/0/0] efm trigger if-down [CE2-GigabitEthernet1/0/0] quit [CE2] interface gigabitethernet 1/0/1 [CE2-GigabitEthernet1/0/1] efm enable [CE2-GigabitEthernet1/0/1] efm trigger if-down [CE2-GigabitEthernet1/0/1] quit
# Configure PE1.
[PE1] efm enable [PE1] interface gigabitethernet 1/0/0 [PE1-GigabitEthernet1/0/0] efm enable [PE1-GigabitEthernet1/0/0] quit
# Configure PE2.
[PE2] efm enable [PE2] interface gigabitethernet 1/0/0 [PE2-GigabitEthernet1/0/0] efm enable [PE2-GigabitEthernet1/0/0] quit
After the configuration ,run the display efm session all command on PEs or CEs. You can see the state of EFM is detect. Take the display on PE1 and CE1 as an example.
<PE1> display efm session all Interface EFM State Loopback Timeou ---------------------------------------------------------------------GigabitEthernet1/0/0 detect -<CE1> display efm session all Interface EFM State Loopback Timeou ---------------------------------------------------------------------GigabitEthernet1/0/0 detect -GigabitEthernet1/0/1 detect --
9.
Enable OAM Mapping on PEs. AC OAM detection and notification are then automatically enabled. # Take the configuration of PE1 as an example. Configurations on PE2, PE3, and PE4 are the same, and are not mentioned here.
[PE1] interface gigabitetherent 1/0/0 [PE1-Gigabitethernet1/0/0] mpls l2vpn oam-mapping 3ah [PE1-Gigabitethernet1/0/0] quit
Run the display mpls l2vc oam-mapping interface command on PEs to check information about OAM Mapping. You can see that AC OAM is Up, BFD for PW is Enable, and BFD is Up. Take the display on PE1 as an example.
[PE1] display mpls AC OAM Info: EOAM Type : AC OAM State : OAM-mapping : PSN info: VC-ID : l2vc oam-mapping interface gigabitethernet 1/0/0 802.3ah Up Enable 100
6-198
Issue 03 (2008-09-22)
6 PWE3 Configuration
Run the display mpls l2vc interface command on PE1 or PE3. If the configuration is successful, you can see that PW1 is Up. Take the display on PE1 as an example.
<PE1> display mpls l2vc interface gigabitethernet 1/0/0 *client interface : GigabitEthernet1/0/0 is up session state : up AC state : up VC state : up VC ID : 100 VC type : Ethernet destination : 3.3.3.3 local group ID : 0 remote group ID : 0 local VC label : 21504 remote VC label : 21504 local AC OAM State : up local PSN State : up local forwarding state : forwarding remote AC OAM state : up remote PSN state : up remote forwarding state: forwarding Dynamic BFD for PW : enable Detect Multipier : 3 Min Transit Interval : 1000 Max Receive Interval : 1000 Dynamic BFD Session : built BFD for PW : available BFD sessionIndex : 256 BFD state : up manual fault : not set active state : active forwarding entry : exist link state : up local VC MTU : 1500 remote VC MTU : 1500 local VCCV : cw lsp-ping bfd remote VCCV : cw lsp-ping bfd local control word : enable remote control word : enable tunnel policy : -traffic behavior : -PW template name : 1to3 primary or secondary : primary VC tunnel/token info : 1 tunnels/tokens NO.0 TNL type : lsp , TNL ID : 0x2002003 create time : 0 days, 0 hours, 38 minutes, 32 seconds up time : 0 days, 0 hours, 33 minutes, 11 seconds last change time : 0 days, 0 hours, 33 minutes, 11 seconds l
Verify the switchover between the working line and the protection line on CEs.
Run the display mpls l2vc interface command on PE1 or PE3. Then, PE1 identifies that OAM is Down on the remote AC, and PW is Down. Take the display on PE1 as an example.
<PE1> display mpls l2vc interface gigabitethernet 1/0/0 *client interface : GigabitEthernet1/0/0 is up session state : up AC state : up VC state : up VC ID : 100 VC type : Ethernet destination : 3.3.3.3
Issue 03 (2008-09-22)
6-199
6 PWE3 Configuration
local group ID : local VC label : local AC OAM State : local PSN State : local forwarding state : remote AC OAM state : remote PSN state : remote forwarding state: Dynamic BFD for PW : Detect Multipier : Min Transit Interval : Max Receive Interval : Dynamic BFD Session : BFD for PW : BFD sessionIndex : manual fault : active state : forwarding entry : link state : local VC MTU : local VCCV : remote VCCV : local control word : tunnel policy : traffic behavior : PW template name : primary or secondary : VC tunnel/token info : NO.0 TNL type : lsp create time : up time : last change time :
View the routing table on CE1. You can see that the outbound interface for the route from CE1 to 10.2.1.0/24 is GE1/0/1. That is, traffic is transmitted through the protection line CE2 PE4 PE2 CE1.
[CE1] display ip routing-table Route Flags: R - relied, D - download to fib -----------------------------------------------------------------------------Routing Tables: Public Destinations : 9 Routes : 9 Destination/Mask Proto Pre Cost Flags NextHop Interface 10.1.1.0/24 Direct 0 0 D 10.1.1.2 GigabitEthernet1/0/2 10.1.1.2/32 Direct 0 0 D 127.0.0.1 InLoopBack0 10.2.1.0/24 OSPF 10 11 D 30.1.1.2 GigabitEthernet1/0/1 20.1.1.0/30 Direct 0 0 D 20.1.1.1 GigabitEthernet1/0/0 20.1.1.1/32 Direct 0 0 D 127.0.0.1 InLoopBack0 30.1.1.0/30 Direct 0 0 D 30.1.1.1 GigabitEthernet1/0/1 30.1.1.1/32 Direct 0 0 D 127.0.0.1 InLoopBack0 127.0.0.0/8 Direct 0 0 D 127.0.0.1 InLoopBack0 127.0.0.1/32 Direct 0 0 D 127.0.0.1 InLoopBack0
Clients can still ping through each other. Take the display on Client1 as an example.
[Client1] ping 10.2.1.1 PING 10.2.1.1: 56 data bytes, press CTRL_C to break Reply from 10.2.1.1: bytes=56 Sequence=1 ttl=254 time=210 Reply from 10.2.1.1: bytes=56 Sequence=2 ttl=254 time=190 Reply from 10.2.1.1: bytes=56 Sequence=3 ttl=254 time=160 Reply from 10.2.1.1: bytes=56 Sequence=4 ttl=254 time=130 Reply from 10.2.1.1: bytes=56 Sequence=5 ttl=254 time=190 --- 10.2.1.1 ping statistics --5 packet(s) transmitted 5 packet(s) received 0.00% packet loss round-trip min/avg/max = 130/176/210 ms ms ms ms ms ms
Configure Ethernet OAM once again on GE1/0/0 of CE2, and disable the fault that is manually simulated.
[CE2] interface gigabitethernet 1/0/0
6-200
Issue 03 (2008-09-22)
6 PWE3 Configuration
View the routing table on CE1. You can see that the outbound interface for the route from CE1 to 10.2.1.0/24 is changed to GE1/0/0. That is, traffic is once again transmitted through the working line CE2 PE3 P PE1 CE1. That is, L2VPN traffic is switched back to the working line.
[CE1] display ip routing-table Route Flags: R - relied, D - download to fib -----------------------------------------------------------------------------Routing Tables: Public Destinations : 9 Routes : 9 Destination/Mask Proto Pre Cost Flags NextHop Interface 10.1.1.0/24 Direct 0 0 D 10.1.1.2 GigabitEthernet1/0/2 10.1.1.2/32 Direct 0 0 D 127.0.0.1 InLoopBack0 10.2.1.0/24 OSPF 10 11 D 30.1.1.2 GigabitEthernet1/0/0 20.1.1.0/30 Direct 0 0 D 20.1.1.1 GigabitEthernet1/0/0 20.1.1.1/32 Direct 0 0 D 127.0.0.1 InLoopBack0 30.1.1.0/30 Direct 0 0 D 30.1.1.1 GigabitEthernet1/0/1 30.1.1.1/32 Direct 0 0 D 127.0.0.1 InLoopBack0 127.0.0.0/8 Direct 0 0 D 127.0.0.1 InLoopBack0 127.0.0.1/32 Direct 0 0 D 127.0.0.1 InLoopBack0
Configuration Files
l
Issue 03 (2008-09-22)
6-201
6 PWE3 Configuration
# interface GigabitEthernet1/0/1 undo shutdown ip address 30.1.1.2 255.255.255.252 ospf cost 10 efm enable efm trigger if-down # interface GigabitEthernet1/0/2 undo shutdown ip address 10.2.1.2 255.255.255.252 # ospf 1 area 0.0.0.0 network 10.2.1.0 0.0.0.255 network 20.1.1.0 0.0.0.3 network 30.1.1.0 0.0.0.3 # return l
6-202
Issue 03 (2008-09-22)
6 PWE3 Configuration
Issue 03 (2008-09-22)
6-203
6 PWE3 Configuration
# ospf 1 area 0.0.0.0 network 3.3.3.3 0.0.0.0 network 100.1.31.0 0.0.0.3 # return l
6-204
Issue 03 (2008-09-22)
6 PWE3 Configuration
6.14.13 Example for Configuring PW FRR - CEs Are Unsymmetrically Connected to PEs Through Ethernet Links, Dynamic BFD Is Used to Detect PWs, EFM Is Used to Detect ACs
Networking Requirements
As shown in Figure 6-28, CE1 is single-homed to PE1. CE2 is dual-homed to PE2 and PE3. The networking requirements are as follows:
l l
CEs are connected to PEs through Ethernet links. A PW is set up between PE1 and PE3. This PW is the working PW, and uses the MPLS TE tunnel. A PW is set up between PE1 and PE2. This PW is the protection PW, and uses the MPLS LSP tunnel. Fault detection between CEs and PEs is implemented according to the IEEE802.3ah protocol (EFM). If the working line -- CE2 PE3 P PE1-- becomes faulty, the L2VPN traffic can be rapidly switched to the the protection line -- CE2 PE2 PE1. After the working line CE2 PE3 P PE1 recovers from the fault, the L2VPN traffic is switched back.
Issue 03 (2008-09-22)
6-205
6 PWE3 Configuration
Figure 6-28 Networking diagram of PW FRR CEs are unsymmetrically connected to PEs through Ethernet links, dynamic BFD is used to detect PWs, EFM is used to detect ACs
1 /0 / S2 /30 O P .1.2 3 0.1 0 1 1 /0 / /30 S2 3.1.1 O P 0.1 10
Loopback1 1.1.1.1/32
PE1
GE1/0/0
MPLS TE
PE3
PO 100 S2/0 / .1 2. 2 1.1/ 30
MP
LS
L SP
100 PO S2/0 .1 2. 1.2/ /1 30
Loopback1 2.2.2.2/32
GE1/0/0
GE1/0/0
PE2
GE1/0/1 GE1/0/0
GE1/0/0
CE1
GE1/0/1
CE2
GE1/0/2
Client1 10.1.1.1/24
Client2 10.1.1.2/24
Configuration Roadmap
The configuration roadmap is as follows: 1. 2. 3. 4. 5. 6. 7. Configure IGP on the backbone network. Set up MPLS TE tunnels between PE1 and PE3, and LSP tunnels between PE1 and PE2. Set up MPLS LDP sessions between PE1 and PE2, and between PE1 and PE3. Use PW templates to configure PWs on PEs. You need to use tunnel policies to configure the working PW because the working PW uses the MPLS TE tunnel. Set up BFD for PW sessions between PE1 and PE2, and between PE1 and PE3. On PEs and CEs, configure Ethernet OAM that complies with the IEEE802.3ah protocol. Enable OAM mapping on PEs. AC OAM detection and notification are then automatically enabled.
Data Preparation
To complete the configuration, you need the following data:
l l l l l
Tunnel policies Bandwidth for MPLS TE tunnels Name of the remote peer of MPLS LDP VC IDs of the working PW and the protection PW Name of the PW template
Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd. Issue 03 (2008-09-22)
6-206
6 PWE3 Configuration
Configuration Procedure
1. Add the interfaces on CEs to a same VLAN. # Configure CE1.
<Quidway> system-view [Quidway] sysname CE1 [CE1] portswitch batch gigabitethernet 1/0/0 to 1/0/1 [CE1] vlan 10 [CE1-vlan10] quit [CE1] interface gigabitethernet 1/0/0 [CE1-GigabitEthernet1/0/0] port default vlan 10 [CE1-GigabitEthernet1/0/0] undo shutdown [CE1-GigabitEthernet1/0/0] quit [CE1] interface gigabitethernet 1/0/1 [CE1-GigabitEthernet1/0/1] port default vlan 10 [CE1-GigabitEthernet1/0/1] undo shutdown [CE1-GigabitEthernet1/0/1] quit
# Configure CE2.
<Quidway> system-view [Quidway] sysname CE2 [CE2] portswitch batch gigabitethernet 1/0/0 [CE2] vlan 10 [CE2-vlan10] quit [CE2] interface gigabitethernet 1/0/0 [CE2-GigabitEthernet1/0/0] port default vlan [CE2-GigabitEthernet1/0/0] undo shutdown [CE2-GigabitEthernet1/0/0] quit [CE2] interface gigabitethernet 1/0/1 [CE2-GigabitEthernet1/0/1] port default vlan [CE2-GigabitEthernet1/0/1] undo shutdown [CE2-GigabitEthernet1/0/1] quit [CE2] interface gigabitethernet 1/0/2 [CE2-GigabitEthernet1/0/2] port default vlan [CE2-GigabitEthernet1/0/2] undo shutdown [CE2-GigabitEthernet1/0/2] quit
NOTE
to 1/0/1
10
10
10
After the configuration, run the display vlan command. You can see that all interfaces are added to VLAN 10 untagged, and the physical status of the interfaces is Up. Take the display on CE1 as an example.
[CE1] display vlan 10 VLAN ID Type Status MAC Learning Broadcast -------------------------------------------------------------------------10 common enable enable enable ---------------Untagged Port: GigabitEthernet1/0/0 GigabitEthernet1/0/1 ---------------Interface Physical GigabitEthernet1/0/0 UP GigabitEthernet1/0/1 UP
2.
Configure IGP on the MPLS backbone network so that PEs and Ps can interwork. # Configure PE1.
[PE1] interface loopback 1 [PE1-LoopBack1] ip address 1.1.1.1 32 [PE1-LoopBack1] quit [PE1] interface pos 2/0/1 [PE1-Pos2/0/1] ip address 100.13.1.1 30 [PE1-Pos2/0/1] undo shutdown [PE1-Pos2/0/1] quit [PE1] interface pos 2/0/2 [PE1-Pos2/0/2] ip address 100.12.1.1 30 [PE1-Pos2/0/2] undo shutdown
Issue 03 (2008-09-22)
6-207
6 PWE3 Configuration
[PE1-Pos2/0/2] quit [PE1] ospf 1 [PE1-ospf-1] area 0 [PE1-ospf-1-area-0.0.0.0] [PE1-ospf-1-area-0.0.0.0] [PE1-ospf-1-area-0.0.0.0] [PE1-ospf-1-area-0.0.0.0] [PE1-ospf-1] quit
network 1.1.1.1 0.0.0.0 network 100.13.1.0 0.0.0.3 network 100.12.1.0 0.0.0.3 quit
# Configure PE3.
[PE3] interface loopback 1 [PE3-LoopBack1] ip address 3.3.3.3 32 [PE3-LoopBack1] quit [PE3] interface pos2/0/1 [PE3-Pos2/0/1] ip address 100.34.1.2 30 [PE3-Pos2/0/1] undo shutdown [PE3-Pos2/0/1] quit [PE3] ospf 1 [PE3-ospf-1] area 0 [PE3-ospf-1-area-0.0.0.0] network 3.3.3.3 0.0.0.0 [PE3-ospf-1-area-0.0.0.0] network 100.34.1.0 0.0.0.3 [PE3-ospf-1-area-0.0.0.0] quit [PE3-ospf-1] quit
# Configure PE2.
[PE2] interface loopback 1 [PE2-LoopBack1] ip address 2.2.2.2 32 [PE2-LoopBack1] quit [PE2] interface pos 2/0/1 [PE2-Pos2/0/1] ip address 100.12.1.2 30 [PE2-Pos2/0/1] undo shutdown [PE2-Pos2/0/1] quit [PE2] ospf 1 [PE2-ospf-1] area 0 [PE2-ospf-1-area-0.0.0.0] network 2.2.2.2 0.0.0.0 [PE2-ospf-1-area-0.0.0.0] network 100.12.1.0 0.0.0.3 [PE2-ospf-1-area-0.0.0.0] quit [PE2-ospf-1] quit
After the configuration, run the display ip routing-table command on the PEs, and you can see that PE1 and PE2, and PE1 and PE3 have learned the routes on the Loopback1 interface of each other. Take the display on PE1 as an example.
<PE1> display ip routing-table Route Flags: R - relied, D - download to fib -----------------------------------------------------------------------------Routing Tables: Public Destinations : 13 Routes : 13
6-208
Issue 03 (2008-09-22)
6 PWE3 Configuration
Interface InLoopBack0 Pos2/0/2 Pos2/0/1 Pos2/0/1 Pos2/0/2 InLoopBack0 Pos2/0/2 Pos2/0/1 InLoopBack0 Pos2/0/1 Pos2/0/1 InLoopBack0 InLoopBack0
3.
Configure the basic MPLS functions on the MPLS backbone network. # Enable MPLS, and set LSR-ID as the IP address of the Loopback1 interface. Enable MPLS on interfaces of the backbone network. # Configure PE1.
[PE1] mpls lsr-id 1.1.1.1 [PE1] mpls [PE1-mpls] quit [PE1] interface pos2/0/1 [PE1-Pos2/0/1] mpls [PE1-Pos2/0/1] quit [PE1] interface pos2/0/2 [PE1-Pos2/0/2] mpls [PE1-Pos2/0/2] quit
# Configure PE2.
[PE2] mpls lsr-id 2.2.2.2 [PE2] mpls [PE2-mpls] quit [PE2] interface pos 2/0/1 [PE2-Pos2/0/1] mpls [PE2-Pos2/0/1] quit
# Configure PE3.
[PE3] mpls lsr-id 3.3.3.3 [PE3] mpls [PE3-mpls] quit [PE3] interface pos 2/0/1 [PE3-Pos2/0/1] mpls [PE3-Pos2/0/1] quit
4.
Set up MPLS TE tunnels between PE1 and PE3, and LSP tunnels between PE1 and PE2. # Configure PE1.
[PE1] mpls [PE1-mpls] mpls te [PE1-mpls] mpls rsvp-te [PE1-mpls] mpls te cspf [PE1-mpls] quit [PE1] interface pos2/0/1 [PE1-Pos2/0/1] mpls te [PE1-Pos2/0/1] mpls rsvp-te [PE1-Pos2/0/1] mpls te max-link-bandwidth 50
Issue 03 (2008-09-22)
6-209
6 PWE3 Configuration
# Configure PE3.
[PE3] mpls [PE3-mpls] mpls te [PE3-mpls] mpls rsvp-te [PE3-mpls] mpls te cspf [PE3-mpls] quit [PE3] interface pos2/0/1 [PE3-Pos2/0/1] mpls te [PE3-Pos2/0/1] mpls rsvp-te [PE3-Pos2/0/1] mpls te max-link-bandwidth 50 [PE3-Pos2/0/1] mpls te max-reservable-bandwidth 30 [PE3-Pos2/0/1] quit [PE3] interface tunnel2/0/0 [PE3-Tunnel2/0/0] ip address unnumbered interface LoopBack1 [PE3-Tunnel2/0/0] tunnel-protocol mpls te [PE3-Tunnel2/0/0] destination 1.1.1.1 [PE3-Tunnel2/0/0] mpls te tunnel-id 31 [PE3-Tunnel2/0/0] mpls te bandwidth bc0 20 [PE3-Tunnel2/0/0] mpls te commit [PE3-Tunnel2/0/0] quit [PE3] ospf 1 [PE3-ospf-1] opaque-capability enable [PE3-ospf-1] area0 [PE3-ospf-1-area-0.0.0.0] mpls-te enable
6-210
Issue 03 (2008-09-22)
6 PWE3 Configuration
# Configure PE2.
[PE2] mpls ldp [PE2-mpls-ldp] quit [PE2] interface pos2/0/1 [PE2-Pos2/0/1] mpls ldp [PE2-Pos2/0/1] quit
After the configuration, run the display tunnel-info all command on PEs. You can see that MPLS TE tunnels are set up between PE1 and PE3, and MPLS LSP tunnels are set up between PE1 and PE2. Take the display on PE1 as an example.
<PE1> display tunnel-info all * -> Allocated VC Token Tunnel ID Type Destination Token ---------------------------------------------------------------------0x42002000 cr lsp 3.3.3.3 0 0x2002001 lsp -1 0x2002002 lsp 2.2.2.2 2
5.
Set up remote LDP sessions between PEs. # Configure remote LDP sessions. Usually, addresses of the Loopback interfaces of the remote LDP peers are set as the IP addresses for remote LDP sessions.
NOTE
In this example, PE1 and PE2 are directly connected and you do not need to manually configure remote LDP sessions between them.
# Configure PE1.
[PE1] mpls ldp remote-peer 3.3.3.3 [PE1-mpls-ldp-remote-3.3.3.3] remote-ip 3.3.3.3
# Configure PE3.
[PE3] mpls ldp [PE3-mpls-ldp] quit [PE3] mpls ldp remote-peer 1.1.1.1 [PE3-mpls-ldp-remote-1.1.1.1] remote-ip 1.1.1.1
After the configuration, run the display mpls ldp session on PEs. You can see that the status of the remote LDP peer relationship is Operational. This indicates that remote LDP sessions are set up. Take the display on PE1 as an example.
<PE1> display mpls ldp session LDP Session(s) in Public Network -----------------------------------------------------------------------------Peer-ID Status LAM SsnRole SsnAge KA-Sent/Rcv -----------------------------------------------------------------------------2.2.2.2:0 Operational DU Passive 000:00:03 16/16 3.3.3.3:0 Operational DU Passive 000:00:00 1/1 -----------------------------------------------------------------------------TOTAL: 2 session(s) Found. LAM : Label Advertisement Mode SsnAge Unit : DDD:HH:MM
6.
# Configure PE3.
Issue 03 (2008-09-22) Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd. 6-211
6 PWE3 Configuration
7.
Configure PWs on PEs by using PW templates. # Configure a working PW and a protection PW on PE1. Configure PWs on PE2 and PE3. PE2 and PE3 have only one PW respectively, and there is no working-protection distinction. # Configure PE1.
[PE1] mpls l2vpn [PE1-l2vpn] quit [PE1] pw-template 1to2 [PE1-pw-template-1to2] peer-address 2.2.2.2 [PE1-pw-template-1to2] control-word [PE1-pw-template-1to2] vccv cc cw cv lsp-ping bfd [PE1-pw-template-1to2] quit [PE1] pw-template 1to3 [PE1-pw-template-1to3] peer-address 3.3.3.3 [PE1-pw-template-1to3] control-word [PE1-pw-template-1to3] vccv cc cw cv lsp-ping bfd [PE1-pw-template-1to3] quit [PE1] interface gigabitethernet 1/0/0 [PE1-GigabitEthernet1/0/0] mpls l2vc pw-template 1to3 100 tunnel-policy p1 [PE1-GigabitEthernet1/0/0] mpls l2vc pw-template 1to2 200 secondary [PE1-GigabitEthernet1/0/0] undo shutdown [PE1-GigabitEthernet1/0/0] quit
# Configure PE2.
[PE2] mpls l2vpn [PE2-l2vpn] quit [PE2] pw-template 2to1 [PE2-pw-template-2to1] peer-address 1.1.1.1 [PE2-pw-template-2to1] control-word [PE2-pw-template-2to1] vccv cc cw cv lsp-ping bfd [PE2-pw-template-2to1] quit [PE2] interface gigabitethernet 1/0/0 [PE2-GigabitEthernet1/0/0] mpls l2vc pw-template 2to1 200 [PE2-GigabitEthernet1/0/0] undo shutdown [PE2-GigabitEthernet1/0/0] quit
# Configure PE3.
[PE3] mpls l2vpn [PE3-l2vpn] quit [PE3] pw-template 3to1 [PE3-pw-template-3to1] peer-address 1.1.1.1 [PE3-pw-template-3to1] control-word [PE3-pw-template-3to1] vccv cc cw cv lsp-ping bfd [PE3-pw-template-3to1] quit [PE3] interface gigabitethernet 1/0/0 [PE3-GigabitEthernet1/0/0] mpls l2vc pw-template 3to1 100 tunnel-policy p1 [PE3-GigabitEthernet1/0/0] undo shutdown [PE3-GigabitEthernet1/0/0] quit
After the configuration, run the display pw-template command on PEs. You can view the information about the configurations of PW templates, and you can see that VCCV is enabled. Take the display on PE1 as an example.
[PE1] display pw-template Total PW template number : 2 PW Template Name : 1to2 PeerIP : 2.2.2.2 Tnl Policy Name : -CtrlWord : Enable VCCV Capability : cw lsp-ping bfd Behavior Name : -Total PW : 1, Static PW : 0, LDP PW : 1, Rsvp PW : 0 PW Template Name : 1to3
6-212
Issue 03 (2008-09-22)
6 PWE3 Configuration
3.3.3.3 -Enable cw lsp-ping bfd -1, Static PW : 0, LDP PW : 1, Rsvp PW : 0
After the configuration, run the display mpls l2vc interface command on PEs. You can see that the working PW and protection PW are set up and are Up. The working PW is Active, and the protection PW is InActive. Take the display on PE1 as an example.
<PE1> display mpls l2vc interface gigabitethernet 1/0/0 *client interface : GigabitEthernet1/0/0 is up session state : up AC state : up VC state : up VC ID : 100 VC type : Ethernet destination : 3.3.3.3 local group ID : 0 remote group ID : 0 local VC label : 21504 remote VC label : 21504 local AC OAM State : up local PSN State : up local forwarding state : forwarding remote AC OAM state : up remote PSN state : up remote forwarding state: forwarding BFD for PW : unavailable manual fault : not set active state : active forwarding entry : exist link state : up local VC MTU : 1500 remote VC MTU : 1500 local VCCV : cw lsp-ping bfd remote VCCV : cw lsp-ping bfd local control word : enable remote control word : enable tunnel policy : p1 traffic behavior : -PW template name : 1to3 primary or secondary : primary VC tunnel/token info : 1 tunnels/tokens NO.0 TNL type : cr lsp, TNL ID : 0x42002000 create time : 0 days, 0 hours, 23 minutes, 7 seconds up time : 0 days, 0 hours, 1 minutes, 21 seconds last change time : 0 days, 0 hours, 1 minutes, 21 seconds *client interface : GigabitEthernet1/0/0 is up session state : up AC state : up VC state : up VC ID : 200 VC type : Ethernet destination : 2.2.2.2 local group ID : 0 remote group ID : 0 local VC label : 21505 remote VC label : 21505 local AC OAM state : up local PSN state : up local forwarding state : forwarding remote AC OAM state : up remote PSN state : up remote forwarding state: forwarding BFD for PW : unavailable manual fault : not set active state : inactive forwarding entry : existent link state : up local VC MTU : 1500 remote VC MTU : 1500 local VCCV : cw lsp-ping bfd remote VCCV : cw lsp-ping bfd
Issue 03 (2008-09-22)
6-213
6 PWE3 Configuration
local control word tunnel policy traffic behavior PW template name primary or secondary VC tunnel/token info NO.0 TNL type : lsp create time up time last change time reroute policy reason of last reroute time of last reroute delay timer ID resume timer ID : : : : : : : : : : : : : :
Run the display mac-address dynamic command on CEs. Here, CE2 is taken as an example. You can see that GE1/0/0 and GE1/0/2 of CE2 have respectively learnt the MAC addresses of Client1 (00e0-413f-8401) and Client2 (00e0-c279-e10a 10). This indicates that the clients now use the working line CE2 PE3 P PE1 for data transmission between themselves.
[CE2] display mac-address dynamic 1 MAC Address VLAN/VSI PEVLAN CEVLAN Port Type Lsp ------------------------------------------------------------------------------00e0-413f-8401 10 GigabitEthernet1/0/0 dynamic 1/0 00e0-c279-e10a 10 GigabitEthernet1/0/2 dynamic 1/0 Total 2 ,2 printed
8.
# Configure PE1.
[PE1] bfd [PE1-bfd] quit [PE1] interface gigabitethernet 1/0/0 [PE1-GigabitEthernet1/0/0] mpls l2vpn pw bfd [PE1-GigabitEthernet1/0/0] mpls l2vpn pw bfd secondary [PE1-GigabitEthernet1/0/0] quit
# Configure PE2.
[PE2] bfd [PE2-bfd] quit [PE2] interface gigabitethernet 1/0/0 [PE2-GigabitEthernet1/0/0] mpls l2vpn pw bfd [PE2-GigabitEthernet1/0/0] quit
# Configure PE3.
[PE3] bfd [PE3-bfd] quit [PE3] interface gigabitethernet 1/0/0 [PE3-GigabitEthernet1/0/0] mpls l2vpn pw bfd
6-214
Issue 03 (2008-09-22)
6 PWE3 Configuration
After the configuration, BFD sessions are set up between PE1 and PE2, and between PE1 and PE3. Run the display bfd session all command. You can see that State is Up. Take the display on PE1 as an example.
<PE1> display bfd session all ------------------------------------------------------------------------------Local Remote PeerIpAddr InterfaceName State Type ------------------------------------------------------------------------------8192 8192 --.--.--.-GigabitEthernet1/0/0 Up D_PW(M) 8193 8192 --.--.--.-GigabitEthernet1/0/0 Up D_PW(S) ------------------------------------------------------------------------------Total UP/DOWN Session Number : 2/0
Run the display bfd configuration all command. You can view the information about the BFD configuration, and the Commit field is True.
<PE1> display bfd configuration all ------------------------------------------------------------------------------CFG Name CFG Type LocalDiscr MIndex SessNum Commit AdminDown ------------------------------------------------------------------------------dyn_8192 Dynamic 8192 256 1 True False dyn_8193 Dynamic 8193 257 1 True False ------------------------------------------------------------------------------Total Commit/Uncommit CFG Number : 2/0
9.
In this example, Ethernet OAM complies with the IEEE802.3ah protocol (EFM).
# Configure CE1.
[CE1] efm enable [CE1] interface gigabitethernet 1/0/0 [CE1-GigabitEthernet1/0/0] efm enable [CE1-GigabitEthernet1/0/0] quit
# Configure CE2.
[CE2] efm enable [CE2] interface gigabitethernet 1/0/0 [CE2-GigabitEthernet1/0/0] efm enable [CE2-GigabitEthernet1/0/0] quit [CE2] interface gigabitethernet 1/0/1 [CE2-GigabitEthernet1/0/1] efm enable [CE2-GigabitEthernet1/0/1] quit
# Configure PE1.
[PE1] efm enable [PE1] interface gigabitethernet 1/0/0 [PE1-GigabitEthernet1/0/0] efm enable [PE1-GigabitEthernet1/0/0] quit
# Configure PE2.
[PE2] efm enable [PE2] interface gigabitethernet 1/0/0 [PE2-GigabitEthernet1/0/0] efm enable [PE2-GigabitEthernet1/0/0] quit
# Configure PE3.
[PE3] efm enable [PE3] interface gigabitethernet 1/0/0 [PE3-GigabitEthernet1/0/0] efm enable
Issue 03 (2008-09-22)
6-215
6 PWE3 Configuration
[PE3-GigabitEthernet1/0/0] quit
After the configuration ,run the display efm session all command on PEs or CEs. You can see the state of EFM is detect. Take the display on PE1 and CE1 as an example.
<PE1> display efm session all Interface EFM State Loopback Timeou ---------------------------------------------------------------------GigabitEthernet1/0/0 detect -<CE1> display efm session all Interface EFM State Loopback Timeou ---------------------------------------------------------------------GigabitEthernet1/0/0 detect --
10. Enable OAM Mapping on PEs. AC OAM detection and notification are then automatically enabled. # Take the configuration of PE1 as an example. Configurations on PE2 and PE3 are the same, and are not mentioned here.
[PE1] interface gigabitethernet 1/0/0 [PE1-GigabitEthernet1/0/0] mpls l2vpn oam-mapping 3ah [PE1-GigabitEthernet1/0/0] quit
Run the display mpls l2vc oam-mapping interface command on PEs to check information about OAM Mapping. You can see that AC OAM is Up, BFD for PW is Enable, and BFD is Up. Take the display on PE1 as an example.
<PE1> display mpls l2vc oam-mapping interface gigabitethernet 1/0/0 AC OAM Info: ACFD Index : 802.3ah Notify : Enable Detect : Enable AC OAM State : Up OAM-mapping : Enable PSN info: VC-ID : 100 VC status : Primary Active State : Active Link State : Up BFD for PW : Enable BFDSessionIndex:256 ,BFD State : up BFD for LSP : 0 TunnelNum: 1 PSN State : up VC-ID : 200 VC status : Secondary Active State : Inactive Link State : Up BFD for PW : Enable BFDSessionIndex:257 ,BFD State : up BFD for LSP : 0 TunnelNum: 1 PSN State : up
Run the display mpls l2vc interface command on PE1. If the configuration is successful, you can see that the working PW is Active, the protection PW is InActive, and BFD for PW for the working and protection PWs is available.
<PE1> display mpls l2vc interface gigabitethernet 1/0/0 *client interface : GigabitEthernet1/0/0 is up session state : up AC state : up VC state : up VC ID : 100 VC type : Ethernet destination : 3.3.3.3 local group ID : 0 remote group ID
: 0
6-216
Issue 03 (2008-09-22)
6 PWE3 Configuration
local VC label : 21504 remote VC label : 21504 local AC OAM State : up local PSN State : up local forwarding state : forwarding remote AC OAM state : up remote PSN state : up remote forwarding state: forwarding Dynamic BFD for PW : enable Detect Multipier : 3 Min Transit Interval : 1000 Max Receive Interval : 1000 Dynamic BFD Session : built BFD for PW : available BFD sessionIndex : 256 BFD state : up manual fault : not set active state : active forwarding entry : exist link state : up local VC MTU : 1500 remote VC MTU : 1500 local VCCV : cw lsp-ping bfd remote VCCV : cw lsp-ping bfd local control word : enable remote control word : enable tunnel policy : p1 traffic behavior : -PW template name : 1to3 primary or secondary : primary VC tunnel/token info : 1 tunnels/tokens NO.0 TNL type : cr lsp, TNL ID : 0x42002000 create time : 0 days, 1 hours, 5 minutes, 19 seconds up time : 0 days, 0 hours, 43 minutes, 33 seconds last change time : 0 days, 0 hours, 43 minutes, 33 seconds *client interface : GigabitEthernet1/0/0 is up session state : up AC state : up VC state : up VC ID : 200 VC type : Ethernet destination : 2.2.2.2 local group ID : 0 remote group ID : 0 local VC label : 21505 remote VC label : 21505 local AC OAM state : up local PSN state : up local forwarding state : forwarding remote AC OAM state : up remote PSN state : up remote forwarding state: forwarding Dynamic BFD for PW : enable Detect Multipier : 3 Min Transit Interval : 100 Max Receive Interval : 100 Dynamic BFD Session : built BFD for PW : available BFD sessionIndex : 257 BFD state : up manual fault : not set active state : inactive forwarding entry : existent link state : up local VC MTU : 1500 remote VC MTU : 1500 local VCCV : cw lsp-ping bfd remote VCCV : cw lsp-ping bfd local control word : enable remote control word : enable tunnel policy : -traffic behavior : -PW template name : 1to2 primary or secondary : secondary VC tunnel/token info : 1 tunnels/tokens NO.0 TNL type : lsp , TNL ID : 0x2002001 create time : 0 days, 1 hours, 4 minutes, 31 seconds up time : 0 days, 0 hours, 43 minutes, 44 seconds
Issue 03 (2008-09-22)
6-217
6 PWE3 Configuration
last change time reroute policy reason of last reroute time of last reroute delay timer ID resume timer ID l : : : : : :
Run the display mpls l2vc interface command on PE1. Then, PE1 identifies that OAM is Down on the remote AC. Working-protection switchover of PWs is carried out on PE1: the working PW changes to InActive, and the protection PW changes to Active.
<PE1> display mpls l2vc interface gigabitethernet 1/0/0 *client interface : GigabitEthernet1/0/0 is up session state : up AC state : up VC state : up VC ID : 100 VC type : Ethernet destination : 3.3.3.3 local group ID : 0 remote group ID : 0 local VC label : 21504 remote VC label : 21504 local AC OAM State : up local PSN State : up local forwarding state : forwarding remote AC OAM state : down remote PSN state : up remote forwarding state: forwarding Dynamic BFD for PW : enable Detect Multipier : 3 Min Transit Interval : 1000 Max Receive Interval : 1000 Dynamic BFD Session : built BFD for PW : available BFD sessionIndex : 256 BFD state : up manual fault : not set active state : inactive forwarding entry : exist link state : up local VC MTU : 1500 remote VC MTU : 1500 local VCCV : cw lsp-ping bfd remote VCCV : cw lsp-ping bfd local control word : enable remote control word : enable tunnel policy : p1 traffic behavior : -PW template name : 1to3 primary or secondary : primary VC tunnel/token info : 1 tunnels/tokens NO.0 TNL type : cr lsp, TNL ID : 0x42002000 create time : 0 days, 1 hours, 5 minutes, 19 seconds up time : 0 days, 0 hours, 43 minutes, 33 seconds last change time : 0 days, 0 hours, 43 minutes, 33 seconds *client interface : GigabitEthernet1/0/0 is up session state : up AC state : up VC state : up VC ID : 200 VC type : Ethernet destination : 2.2.2.2 local group ID : 0 remote group ID : 0 local VC label : 21505 remote VC label : 21505 local AC OAM state : up local PSN state : up local forwarding state : forwarding remote AC OAM state : up
6-218
Issue 03 (2008-09-22)
6 PWE3 Configuration
up forwarding enable 3 100 100 built available 257 BFD state : up not set active existent up 1500 remote VC MTU : 1500 cw lsp-ping bfd cw lsp-ping bfd enable remote control word : enable --1to2 secondary 1 tunnels/tokens , TNL ID : 0x2002001 0 days, 1 hours, 6 minutes, 30 seconds 0 days, 0 hours, 1 minutes, 0 seconds 0 days, 0 hours, 1 minutes, 0 seconds delay 30 s, resume 0 s New LDP mapping message was received 0 days, 0 hours, 18 minutes, 37 seconds -rest time :--rest time :--
Run the display mac-address dynamic command once again on CEs. Here, CE2 is taken as an example. You can see that GE1/0/1 and GE1/0/2 of CE2 have once again learnt the MAC addresses of Client1 (00e0-413f-8401) and Client2 (00e0-c279-e10a 10). This indicates that the clients now use the protection line CE2 PE2 PE1 for data transmission between themselves.
[CE2] display mac-address dynamic 1 MAC Address VLAN/VSI PEVLAN CEVLAN Port Type Lsp ------------------------------------------------------------------------------00e0-413f-8401 10 GigabitEthernet1/0/1 dynamic 1/0 00e0-c279-e10a 10 GigabitEthernet1/0/2 dynamic 1/0 Total 2 ,2 printed
Configure Ethernet OAM once again on GE1/0/0 of CE2, and disable the fault that is manually simulated.
[CE2] interface gigabitethernet 1/0/0 [CE2-GigabitEthernet1/0/1] efm enable
Run the display mpls l2vc interface command on PE1. Then, PE1 identifies that OAM is Up on the remote AC, and that the fault has been rectified. The working-protection switchover of PWs is carried out on PE1, the working PW changes back to Active, and the protection PW changes back to InActive.
Issue 03 (2008-09-22) Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd. 6-219
6 PWE3 Configuration
6-220
Issue 03 (2008-09-22)
6 PWE3 Configuration
enable remote control word : enable --1to2 secondary 1 tunnels/tokens , TNL ID : 0x2002001 0 days, 1 hours, 16 minutes, 30 seconds 0 days, 0 hours, 1 minutes, 0 seconds 0 days, 0 hours, 1 minutes, 0 seconds delay 30 s, resume 0 s New LDP mapping message was received 0 days, 0 hours, 18 minutes, 37 seconds -rest time :--rest time :--
Run the display mac-address dynamic command on CEs. Here, CE2 is taken as an example. You can see that GE1/0/0 and GE1/0/2 of CE2 have once again learnt the MAC addresses of Client1 (00e0-413f-8401) and Client2 (00e0-c279-e10a). This indicates that the clients once again use the working line CE2 PE3 P PE1 for data transmission between themselves.
[CE2] display mac-address dynamic 1 MAC Address VLAN/VSI PEVLAN CEVLAN Port Type Lsp ------------------------------------------------------------------------------00e0-413f-8401 10 GigabitEthernet1/0/1 dynamic 1/0 00e0-c279-e10a 10 GigabitEthernet1/0/2 dynamic 1/0 Total 2 ,2 printed
Configuration Files
l
Issue 03 (2008-09-22)
6 PWE3 Configuration
# sysname CE2 # vlan batch 10 # efm enable # interface GigabitEthernet1/0/0 undo shutdown portswitch port default vlan 10 efm enable # interface GigabitEthernet1/0/1 undo shutdown portswitch port default vlan 10 efm enable # interface GigabitEthernet1/0/2 undo shutdown portswitch port default vlan 10 # return l
6-222
Issue 03 (2008-09-22)
6 PWE3 Configuration
Issue 03 (2008-09-22)
6-223
6 PWE3 Configuration
opaque-capability enable area 0.0.0.0 network 100.13.1.0 0.0.0.3 network 100.34.1.0 0.0.0.3 network 4.4.4.4 0.0.0.0 mpls-te enable # return l
6-224
Issue 03 (2008-09-22)
6 PWE3 Configuration
cr-lsp load-balance-number 1
6.14.14 Example for Configuring PW FRR - CEs Are Unsymmetrically Connected to PEs Through Ethernet Links, Dynamic BFD Is Used to Detect PWs, CFM Is Used to Detect ACs
Networking Requirements
As shown in Figure 6-29, CE1 is single-homed to PE1. CE2 is dual-homed to PE2 and PE3. The networking requirements are as follows:
l l
CEs are connected to PEs through Ethernet links. A PW is set up between PE1 and PE3. This PW is the working PW, and uses the MPLS TE tunnel.
Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd. 6-225
Issue 03 (2008-09-22)
6 PWE3 Configuration
l
A PW is set up between PE1 and PE2. This PW is the protection PW, and uses the MPLS LSP tunnel. Fault detection between CEs and PEs is implemented according to the IEEE802.1ag protocol (CFM). If the working line -- CE2 PE3 P PE1-- becomes faulty, the L2VPN traffic can be rapidly switched to the the protection line -- CE2 PE2 PE1. After the working line CE2 PE3 P PE1 recovers from the fault, the L2VPN traffic is switched back.
Figure 6-29 Networking diagram of PW FRR CEs are unsymmetrically connected to PEs through Ethernet links, dynamic BFD is used to detect PWs, CFM is used to detect ACs
1 /0 / S2 /30 O P .1.2 3 0.1 0 1 1 /0 / /30 S2 3.1.1 O P 0.1 10
Loopback1 1.1.1.1/32
PE1
GE1/0/0
MPLS TE
PE3
PO 100 S2/0 / .1 2. 2 1.1/ 30
MP
LS
L SP
100 PO S2/0 .1 2. 1.2/ /1 30
Loopback1 2.2.2.2/32
GE1/0/0
GE1/0/0
PE2
GE1/0/1 GE1/0/0
GE1/0/0
CE1
GE1/0/1
CE2
GE1/0/2
Client1 10.1.1.1/24
Client2 10.1.1.2/24
Configuration Roadmap
The configuration roadmap is as follows: 1. 2. 3. 4. 5. 6. 7. Configure IGP on the backbone network. Set up MPLS TE tunnels between PE1 and PE3, and LSP tunnels between PE1 and PE2. Set up MPLS LDP sessions between PE1 and PE2, and between PE1 and PE3. Use PW templates to configure PWs on PEs. You need to use tunnel policies to configure the working PW because the working PW uses the MPLS TE tunnel. Set up BFD for PW sessions between PE1 and PE2, and between PE1 and PE3. On PEs and CEs, configure Ethernet OAM that complies with the IEEE802.1ag protocol. Enable OAM mapping on PEs. AC OAM detection and notification are then automatically enabled.
6-226
Issue 03 (2008-09-22)
6 PWE3 Configuration
Data Preparation
To complete the configuration, you need the following data:
l l l l l
Tunnel policies Bandwidth for MPLS TE tunnels Name of the remote peer of MPLS LDP VC IDs of the working PW and the protection PW Name of the PW template
Configuration Procedure
1. Add the interfaces on CEs to a same VLAN. # Configure CE1.
<Quidway> system-view [Quidway] sysname CE1 [CE1] portswitch batch gigabitethernet 1/0/0 to 1/0/1 [CE1] vlan 10 [CE1-vlan10] quit [CE1] interface gigabitethernet 1/0/0 [CE1-GigabitEthernet1/0/0] port trunk allow-pass vlan 10 [CE1-GigabitEthernet1/0/0] undo shutdown [CE1-GigabitEthernet1/0/0] quit [CE1] interface gigabitethernet 1/0/1 [CE1-GigabitEthernet1/0/1] port default vlan 10 [CE1-GigabitEthernet1/0/1] undo shutdown [CE1-GigabitEthernet1/0/1] quit
# Configure CE2.
<Quidway> system-view [Quidway] sysname CE2 [CE2] portswitch batch gigabitethernet 1/0/0 to 1/0/1 [CE2] vlan 10 [CE2-vlan10] quit [CE2] interface gigabitethernet 1/0/0 [CE2-GigabitEthernet1/0/0] port trunk allow-pass vlan 10 [CE2-GigabitEthernet1/0/0] undo shutdown [CE2-GigabitEthernet1/0/0] quit [CE2] interface gigabitethernet 1/0/1 [CE2-GigabitEthernet1/0/1] port trunk allow-pass vlan 10 [CE2-GigabitEthernet1/0/1] undo shutdown [CE2-GigabitEthernet1/0/1] quit [CE2] interface gigabitethernet 1/0/2 [CE2-GigabitEthernet1/0/2] port default vlan 10 [CE2-GigabitEthernet1/0/2] undo shutdown [CE2-GigabitEthernet1/0/2] quit
NOTE
After the configuration, run the display vlan command. You can see that all interfaces are added to VLAN 10, and the physical status of the interfaces is Up. Take the display on CE1 as an example.
[CE1] display vlan 10 VLAN ID Type Status MAC Learning Broadcast/Multicast/Unicast Property -------------------------------------------------------------------------10 common enable enable forward forward forward default ---------------Untagged Port: GigabitEthernet1/0/1 ---------------Tagged Port: GigabitEthernet1/0/0 ----------------
Issue 03 (2008-09-22)
6-227
6 PWE3 Configuration
Interface GigabitEthernet1/0/0 GigabitEthernet1/0/1 Physical UP UP
2.
Configure IGP on the MPLS backbone network so that PEs and Ps can interwork. # Configure PE1.
[PE1] interface loopback 1 [PE1-LoopBack1] ip address 1.1.1.1 32 [PE1-LoopBack1] quit [PE1] interface pos 2/0/1 [PE1-Pos2/0/1] ip address 100.13.1.1 30 [PE1-Pos2/0/1] undo shutdown [PE1-Pos2/0/1] quit [PE1] interface pos 2/0/2 [PE1-Pos2/0/2] ip address 100.12.1.1 30 [PE1-Pos2/0/2] undo shutdown [PE1-Pos2/0/2] quit [PE1] ospf 1 [PE1-ospf-1] area 0 [PE1-ospf-1-area-0.0.0.0] network 1.1.1.1 0.0.0.0 [PE1-ospf-1-area-0.0.0.0] network 100.13.1.0 0.0.0.3 [PE1-ospf-1-area-0.0.0.0] network 100.12.1.0 0.0.0.3 [PE1-ospf-1-area-0.0.0.0] quit [PE1-ospf-1] quit
# Configure PE3.
[PE3] interface loopback 1 [PE3-LoopBack1] ip address 3.3.3.3 32 [PE3-LoopBack1] quit [PE3] interface pos2/0/1 [PE3-Pos2/0/1] ip address 100.34.1.2 30 [PE3-Pos2/0/1] undo shutdown [PE3-Pos2/0/1] quit [PE3] ospf 1 [PE3-ospf-1] area 0 [PE3-ospf-1-area-0.0.0.0] network 3.3.3.3 0.0.0.0 [PE3-ospf-1-area-0.0.0.0] network 100.34.1.0 0.0.0.3 [PE3-ospf-1-area-0.0.0.0] quit [PE3-ospf-1] quit
# Configure PE2.
[PE2] interface loopback 1 [PE2-LoopBack1] ip address 2.2.2.2 32 [PE2-LoopBack1] quit [PE2] interface pos 2/0/1 [PE2-Pos2/0/1] ip address 100.12.1.2 30 [PE2-Pos2/0/1] undo shutdown [PE2-Pos2/0/1] quit [PE2] ospf 1
6-228
Issue 03 (2008-09-22)
6 PWE3 Configuration
After the configuration, run the display ip routing-table command on the PEs, and you can see that PE1 and PE2, and PE1 and PE3 have learned the routes on the Loopback1 interface of each other. Take the display on PE1 as an example.
<PE1> display ip routing-table Route Flags: R - relied, D - download to fib -----------------------------------------------------------------------------Routing Tables: Public Destinations : 13 Routes : 13 Destination/Mask Proto Pre Cost Flags NextHop Interface 1.1.1.1/32 Direct 0 0 D 127.0.0.1 InLoopBack0 2.2.2.2/32 OSPF 10 2 D 100.12.1.2 Pos2/0/2 3.3.3.3/32 OSPF 10 3 D 100.13.1.2 Pos2/0/1 4.4.4.4/32 OSPF 10 2 D 100.13.1.2 Pos2/0/1 100.12.1.0/30 Direct 0 0 D 100.12.1.1 Pos2/0/2 100.12.1.1/32 Direct 0 0 D 127.0.0.1 InLoopBack0 100.12.1.2/32 Direct 0 0 D 100.12.1.2 Pos2/0/2 100.13.1.0/30 Direct 0 0 D 100.13.1.1 Pos2/0/1 100.13.1.1/32 Direct 0 0 D 127.0.0.1 InLoopBack0 100.13.1.2/32 Direct 0 0 D 100.13.1.2 Pos2/0/1 100.34.1.0/30 OSPF 10 2 D 100.13.1.2 Pos2/0/1 127.0.0.0/8 Direct 0 0 D 127.0.0.1 InLoopBack0 127.0.0.1/32 Direct 0 0 D 127.0.0.1 InLoopBack0
3.
Configure the basic MPLS functions on the MPLS backbone network. # Enable MPLS, and set LSR-ID as the IP address of the Loopback1 interface. Enable MPLS on interfaces of the backbone network. # Configure PE1.
[PE1] mpls lsr-id 1.1.1.1 [PE1] mpls [PE1-mpls] quit [PE1] interface pos2/0/1 [PE1-Pos2/0/1] mpls [PE1-Pos2/0/1] quit [PE1] interface pos2/0/2 [PE1-Pos2/0/2] mpls [PE1-Pos2/0/2] quit
# Configure PE2.
[PE2] mpls lsr-id 2.2.2.2 [PE2] mpls [PE2-mpls] quit [PE2] interface pos 2/0/1 [PE2-Pos2/0/1] mpls [PE2-Pos2/0/1] quit
# Configure PE3.
[PE3] mpls lsr-id 3.3.3.3 [PE3] mpls
Issue 03 (2008-09-22)
6-229
6 PWE3 Configuration
[PE3-mpls] quit [PE3] interface pos 2/0/1 [PE3-Pos2/0/1] mpls [PE3-Pos2/0/1] quit
4.
Set up MPLS TE tunnels between PE1 and PE3, and LSP tunnels between PE1 and PE2. # Configure PE1.
[PE1] mpls [PE1-mpls] mpls te [PE1-mpls] mpls rsvp-te [PE1-mpls] mpls te cspf [PE1-mpls] quit [PE1] interface pos2/0/1 [PE1-Pos2/0/1] mpls te [PE1-Pos2/0/1] mpls rsvp-te [PE1-Pos2/0/1] mpls te max-link-bandwidth 50 [PE1-Pos2/0/1] mpls te max-reservable-bandwidth 30 [PE1-Pos2/0/1] quit [PE1] mpls ldp [PE1-mpls-ldp] quit [PE1] interface pos2/0/2 [PE1-Pos2/0/2] mpls ldp [PE1-Pos2/0/2] quit [PE1] interface tunnel2/0/0 [PE1-Tunnel2/0/0] ip address unnumbered interface loopback1 [PE1-Tunnel2/0/0] tunnel-protocol mpls te [PE1-Tunnel2/0/0] destination 3.3.3.3 [PE1-Tunnel2/0/0] mpls te tunnel-id 13 [PE1-Tunnel2/0/0] mpls te bandwidth bc0 20 [PE1-Tunnel2/0/0] mpls te commit [PE1-Tunnel2/0/0] quit [PE1] ospf 1 [PE1-ospf-1] opaque-capability enable [PE1-ospf-1] area 0 [PE1-ospf-1-area-0.0.0.0] mpls-te enable [PE1-ospf-1-area-0.0.0.0] quit [PE1-ospf-1] quit
# Configure PE3.
[PE3] mpls [PE3-mpls] mpls [PE3-mpls] mpls [PE3-mpls] mpls [PE3-mpls] quit [PE3] interface te rsvp-te te cspf pos2/0/1
6-230
Issue 03 (2008-09-22)
6 PWE3 Configuration
# Configure PE2.
[PE2] mpls ldp [PE2-mpls-ldp] quit [PE2] interface pos2/0/1 [PE2-Pos2/0/1] mpls ldp [PE2-Pos2/0/1] quit
After the configuration, run the display tunnel-info all command on PEs. You can see that MPLS TE tunnels are set up between PE1 and PE3, and MPLS LSP tunnels are set up between PE1 and PE2. Take the display on PE1 as an example.
<PE1> display tunnel-info all * -> Allocated VC Token Tunnel ID Type Destination Token ---------------------------------------------------------------------0x42002000 cr lsp 3.3.3.3 0 0x2002001 lsp -1 0x2002002 lsp 2.2.2.2 2
5.
Set up remote LDP sessions between PEs. # Configure remote LDP sessions. Usually, addresses of the Loopback interfaces of the remote LDP peers are set as the IP addresses for remote LDP sessions.
NOTE
In this example, PE1 and PE2 are directly connected and you do not need to manually configure remote LDP sessions between them.
# Configure PE1.
[PE1] mpls ldp remote-peer 3.3.3.3 [PE1-mpls-ldp-remote-3.3.3.3] remote-ip 3.3.3.3
# Configure PE3.
[PE3] mpls ldp [PE3-mpls-ldp] quit [PE3] mpls ldp remote-peer 1.1.1.1 [PE3-mpls-ldp-remote-1.1.1.1] remote-ip 1.1.1.1
After the configuration, run the display mpls ldp session on PEs. You can see that the status of the remote LDP peer relationship is Operational. This indicates that remote LDP sessions are set up. Take the display on PE1 as an example.
<PE1> display mpls ldp session LDP Session(s) in Public Network ------------------------------------------------------------------------------
Issue 03 (2008-09-22)
6-231
6 PWE3 Configuration
Peer-ID Status LAM
-----------------------------------------------------------------------------2.2.2.2:0 Operational DU Passive 000:00:03 16/16 3.3.3.3:0 Operational DU Passive 000:00:00 1/1 -----------------------------------------------------------------------------TOTAL: 2 session(s) Found. LAM : Label Advertisement Mode SsnAge Unit : DDD:HH:MM
6.
# Configure PE3.
[PE3] tunnel-policy p1 [PE3-tunnel-policy-p1] tunnel select-seq cr-lsp load-balance-number 1 [PE3-tunnel-policy-p1] quit
7.
Configure PWs on PEs by using PW templates. # Configure a working PW and a protection PW on PE1. Configure PWs on PE2 and PE3. PE2 and PE3 have only one PW respectively, and there is no working-protection distinction. # Configure PE1.
[PE1] mpls l2vpn [PE1-l2vpn] quit [PE1] pw-template 1to2 [PE1-pw-template-1to2] peer-address 2.2.2.2 [PE1-pw-template-1to2] control-word [PE1-pw-template-1to2] vccv cc cw cv lsp-ping bfd [PE1-pw-template-1to2] quit [PE1] pw-template 1to3 [PE1-pw-template-1to3] peer-address 3.3.3.3 [PE1-pw-template-1to3] control-word [PE1-pw-template-1to3] vccv cc cw cv lsp-ping bfd [PE1-pw-template-1to3] quit [PE1] interface gigabitethernet 1/0/0.1 [PE1-GigabitEthernet1/0/0.1] vlan-type dot1q 10 [PE1-GigabitEthernet1/0/0.1] mpls l2vc pw-template 1to3 100 tunnel-policy p1 [PE1-GigabitEthernet1/0/0.1] mpls l2vc pw-template 1to2 200 secondary [PE1-GigabitEthernet1/0/0.1] undo shutdown [PE1-GigabitEthernet1/0/0.1] quit
# Configure PE2.
[PE2] mpls l2vpn [PE2-l2vpn] quit [PE2] pw-template 2to1 [PE2-pw-template-2to1] peer-address 1.1.1.1 [PE2-pw-template-2to1] control-word [PE2-pw-template-2to1] vccv cc cw cv lsp-ping bfd [PE2-pw-template-2to1] quit [PE2] interface gigabitethernet 1/0/0.1 [PE2-GigabitEthernet1/0/0.1] vlan-type dot1q 10 [PE2-GigabitEthernet1/0/0.1] mpls l2vc pw-template 2to1 200 [PE2-GigabitEthernet1/0/0.1] undo shutdown [PE2-GigabitEthernet1/0/0.1] quit
# Configure PE3.
[PE3] mpls l2vpn [PE3-l2vpn] quit [PE3] pw-template 3to1 [PE3-pw-template-3to1] peer-address 1.1.1.1 [PE3-pw-template-3to1] control-word [PE3-pw-template-3to1] vccv cc cw cv lsp-ping bfd [PE3-pw-template-3to1] quit [PE3] interface gigabitethernet 1/0/0.1
6-232
Issue 03 (2008-09-22)
6 PWE3 Configuration
vlan-type dot1q 10 mpls l2vc pw-template 3to1 100 tunnel-policy p1 undo shutdown quit
After the configuration, run the display pw-template command on PEs. You can view the information about the configurations of PW templates, and you can see that VCCV is enabled. Take the display on PE1 as an example.
[PE1] display pw-template Total PW template number : 2 PW Template Name : 1to2 PeerIP : 2.2.2.2 Tnl Policy Name : -CtrlWord : Enable VCCV Capability : cw lsp-ping bfd Behavior Name : -Total PW : 1, Static PW : 0, LDP PW : 1, Rsvp PW : 0 PW Template Name : 1to3 PeerIP : 3.3.3.3 Tnl Policy Name : -CtrlWord : Enable VCCV Capability : cw lsp-ping bfd Behavior Name : -Total PW : 1, Static PW : 0, LDP PW : 1, Rsvp PW : 0
After the configuration, run the display mpls l2vc interface command on PEs. You can see that the working PW and protection PW are set up and are Up. The working PW is Active, and the protection PW is InActive. Take the display on PE1 as an example.
<PE1> display mpls l2vc interface gigabitethernet 1/0/0.1 *client interface : GigabitEthernet1/0/0.1 is up session state : up AC state : up VC state : up VC ID : 100 VC type : vlan destination : 3.3.3.3 local group ID : 0 remote group ID : 0 local VC label : 21504 remote VC label : 21504 local AC OAM State : up local PSN State : up local forwarding state : forwarding remote AC OAM state : up remote PSN state : up remote forwarding state: forwarding BFD for PW : unavailable manual fault : not set active state : active forwarding entry : exist link state : up local VC MTU : 1500 remote VC MTU : 1500 local VCCV : cw lsp-ping bfd remote VCCV : cw lsp-ping bfd local control word : enable remote control word : enable tunnel policy : p1 traffic behavior : -PW template name : 1to3 primary or secondary : primary VC tunnel/token info : 1 tunnels/tokens NO.0 TNL type : cr lsp, TNL ID : 0x42002000 create time : 0 days, 0 hours, 23 minutes, 7 seconds up time : 0 days, 0 hours, 1 minutes, 21 seconds last change time : 0 days, 0 hours, 1 minutes, 21 seconds *client interface : GigabitEthernet1/0/0.1 is up session state : up AC state : up
Issue 03 (2008-09-22)
6-233
6 PWE3 Configuration
VC state : VC ID : VC type : destination : local group ID : local VC label : local AC OAM state : local PSN state : local forwarding state : remote AC OAM state : remote PSN state : remote forwarding state: BFD for PW : manual fault : active state : forwarding entry : link state : local VC MTU : local VCCV : remote VCCV : local control word : tunnel policy : traffic behavior : PW template name : primary or secondary : VC tunnel/token info : NO.0 TNL type : lsp create time : up time : last change time : reroute policy : reason of last reroute : time of last reroute : delay timer ID : resume timer ID :
Run the display mac-address dynamic command on CEs. Here, CE2 is taken as an example. You can see that GE1/0/0 and GE1/0/2 of CE2 have respectively learnt the MAC addresses of Client1 (00e0-413f-8401) and Client2 (00e0-c279-e10a 10). This indicates that the clients now use the working line CE2 PE3 P PE1 for data transmission between themselves.
[CE2] display mac-address dynamic 1 MAC Address VLAN/VSI PEVLAN CEVLAN Port Type Lsp ------------------------------------------------------------------------------00e0-413f-8401 10 GigabitEthernet1/0/0 dynamic 1/0 00e0-c279-e10a 10 GigabitEthernet1/0/2 dynamic 1/0 Total 2 ,2 printed
8.
# Configure PE1.
6-234 Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd. Issue 03 (2008-09-22)
6 PWE3 Configuration
# Configure PE2.
[PE2] bfd [PE2-bfd] quit [PE2] interface gigabitethernet 1/0/0.1 [PE2-GigabitEthernet1/0/0.1] mpls l2vpn pw bfd [PE2-GigabitEthernet1/0/0.1] quit
# Configure PE3.
[PE3] bfd [PE3-bfd] quit [PE3] interface gigabitethernet 1/0/0.1 [PE3-GigabitEthernet1/0/0.1] mpls l2vpn pw bfd [PE3-GigabitEthernet1/0/0.1] quit
After the configuration, BFD sessions are set up between PE1 and PE2, and between PE1 and PE3. Run the display bfd session all command. You can see that State is Up. Take the display on PE1 as an example.
<PE1> display bfd session all ------------------------------------------------------------------------------Local Remote PeerIpAddr InterfaceName State Type ------------------------------------------------------------------------------8192 8192 --.--.--.-GigabitEthernet1/0/0.1 Up D_PW(M) 8193 8192 --.--.--.-GigabitEthernet1/0/0.1 Up D_PW(S) ------------------------------------------------------------------------------Total UP/DOWN Session Number : 2/0
Run the display bfd configuration all command. You can view the information about the BFD configuration, and the Commit field is True.
<PE1> display bfd configuration all ------------------------------------------------------------------------------CFG Name CFG Type LocalDiscr MIndex SessNum Commit AdminDown ------------------------------------------------------------------------------dyn_8192 Dynamic 8192 256 1 True False dyn_8193 Dynamic 8193 257 1 True False ------------------------------------------------------------------------------Total Commit/Uncommit CFG Number : 2/0
9.
In this example, Ethernet OAM complies with the IEEE802.1ag protocol (CFM).
# Configure CE2.
[CE2] cfm enable [CE2] cfm trigger vlan 10 mac-renew [CE2] cfm md md1 level 0 [CE2-md-md1] ma ma1 [CE2-md-md1-ma-ma1] map vlan 10 [CE2-md-md1-ma-ma1] mep mep-id 30 interface gigabitethernet 1/0/0 outward [CE2-md-md1-ma-ma1] remote-mep mep-id 31 [CE2-md-md1-ma-ma1] mep ccm-send enable [CE2-md-md1-ma-ma1] remote-mep ccm-receive enable [CE2-md-md1-ma-ma1] quit [CE2-md-md1] ma ma2 [CE2-md-md1-ma-ma1] map vlan 10
Issue 03 (2008-09-22)
6-235
6 PWE3 Configuration
[CE2-md-md1-ma-ma1] [CE2-md-md1-ma-ma1] [CE2-md-md1-ma-ma1] [CE2-md-md1-ma-ma1] [CE2-md-md1-ma-ma1] [CE2-md-md1] quit
# Configure PE2.
[PE2] cfm enable [PE2] cfm md md1 level 0 [PE2-md-md1] ma ma1 [PE2-md-md1-ma-ma1] map vlan 10 [PE2-md-md1-ma-ma1] mep mep-id 41 interface gigabitethernet 1/0/0.1 outward [PE2-md-md1-ma-ma1] remote-mep mep-id 40 [PE2-md-md1-ma-ma1] mep ccm-send enable [PE2-md-md1-ma-ma1] remote-mep ccm-receive enable [PE2-md-md1-ma-ma1] quit [PE2-md-md1] quit
# Configure PE3.
[PE3] cfm enable [PE3] cfm md md1 level 0 [PE3-md-md1] ma ma1 [PE3-md-md1-ma-ma1] map vlan 10 [PE3-md-md1-ma-ma1] mep mep-id 31 interface gigabitethernet 1/0/0.1 outward [PE3-md-md1-ma-ma1] remote-mep mep-id 30 [PE3-md-md1-ma-ma1] mep ccm-send enable [PE3-md-md1-ma-ma1] remote-mep ccm-receive enable [PE3-md-md1-ma-ma1] quit [PE3-md-md1] quit
After the configuration, run the display cfm remote-mep command on PE2, PE3, or CE2. You can see that CFM is Up. Take the display on PE3 as an example.
[PE3] display cfm remote-mep The total number of RMEPs is : 1 ---------------------------------------------------------------------GigabitEthernet1/0/0 detect -<CE1> display efm session all Interface EFM State Loopback Timeou -------------------------------------------------MD Name : md1 Level : 0 MA Name : ma1 RMEP ID : 30 Vlan ID : 10 VSI Name : -MAC : -CCM Receive : enabled Trigger-If-Down : disabled CFM Status : up
10. Enable OAM Mapping on PEs. AC OAM detection and notification are then automatically enabled. # Take the configuration of PE2 as an example. Configuration on PE3 is the same, and is not mentioned here.
[PE2] interface gigabitethernet 1/0/0 [PE2-GigabitEthernet1/0/0] mpls l2vpn oam-mapping 1ag md md1 ma ma1 [PE2-GigabitEthernet1/0/0] quit
Run the display mpls l2vc oam-mapping interface command on PEs to check information about OAM Mapping. You can see that AC OAM is Up, BFD for PW is Enable, and BFD is Up. Take the display on PE2 as an example.
<PE2> display mpls l2vc oam-mapping interface gigabitethernet 1/0/0.1 AC OAM Info:
6-236
Issue 03 (2008-09-22)
6 PWE3 Configuration
: up 1 PSN State : up
: up 1 PSN State : up
Run the display mpls l2vc interface command on PE1. If the configuration is successful, you can see that the working PW is Active, the protection PW is InActive, and BFD for PW for the working and protection PWs is available.
<PE1> display mpls l2vc interface gigabitethernet 1/0/0.1 *client interface : GigabitEthernet1/0/0.1 is up session state : up AC state : up VC state : up VC ID : 100 VC type : vlan destination : 3.3.3.3 local group ID : 0 remote group ID : 0 local VC label : 21504 remote VC label : 21504 local AC OAM State : up local PSN State : up local forwarding state : forwarding remote AC OAM state : up remote PSN state : up remote forwarding state: forwarding Dynamic BFD for PW : enable Detect Multipier : 3 Min Transit Interval : 1000 Max Receive Interval : 1000 Dynamic BFD Session : built BFD for PW : available BFD sessionIndex : 256 BFD state : up manual fault : not set active state : active forwarding entry : exist link state : up local VC MTU : 1500 remote VC MTU : 1500 local VCCV : cw lsp-ping bfd remote VCCV : cw lsp-ping bfd local control word : enable remote control word : enable tunnel policy : p1 traffic behavior : -PW template name : 1to3 primary or secondary : primary VC tunnel/token info : 1 tunnels/tokens NO.0 TNL type : cr lsp, TNL ID : 0x42002000 create time : 0 days, 1 hours, 5 minutes, 19 seconds up time : 0 days, 0 hours, 43 minutes, 33 seconds last change time : 0 days, 0 hours, 43 minutes, 33 seconds *client interface : GigabitEthernet1/0/0.1 is up session state : up
Issue 03 (2008-09-22)
6-237
6 PWE3 Configuration
AC state : VC state : VC ID : VC type : destination : local group ID : local VC label : local AC OAM state : local PSN state : local forwarding state : remote AC OAM state : remote PSN state : remote forwarding state: Dynamic BFD for PW : Detect Multipier : Min Transit Interval : Max Receive Interval : Dynamic BFD Session : BFD for PW : BFD sessionIndex : manual fault : active state : forwarding entry : link state : local VC MTU : local VCCV : remote VCCV : local control word : tunnel policy : traffic behavior : PW template name : primary or secondary : VC tunnel/token info : NO.0 TNL type : lsp create time : up time : last change time : reroute policy : reason of last reroute : time of last reroute : delay timer ID : resume timer ID : l
Run the display mpls l2vc interface command on PE1. Then, PE1 identifies that OAM is Down on the remote AC. Working-protection switchover of PWs is carried out on PE1: the working PW changes to InActive, and the protection PW changes to Active.
<PE1> display mpls l2vc interface gigabitethernet 1/0/0.1 *client interface : GigabitEthernet1/0/0.1 is up session state : up AC state : up VC state : up VC ID : 100 VC type : vlan destination : 3.3.3.3 local group ID : 0 remote group ID local VC label : 21504 remote VC label local AC OAM State : up local PSN State : up local forwarding state : forwarding
: 0 : 21504
6-238
Issue 03 (2008-09-22)
6 PWE3 Configuration
remote AC OAM state : down remote PSN state : up remote forwarding state: forwarding Dynamic BFD for PW : enable Detect Multipier : 3 Min Transit Interval : 1000 Max Receive Interval : 1000 Dynamic BFD Session : built BFD for PW : available BFD sessionIndex : 256 BFD state : up manual fault : not set active state : inactive forwarding entry : exist link state : up local VC MTU : 1500 remote VC MTU : 1500 local VCCV : cw lsp-ping bfd remote VCCV : cw lsp-ping bfd local control word : enable remote control word : enable tunnel policy : p1 traffic behavior : -PW template name : 1to3 primary or secondary : primary VC tunnel/token info : 1 tunnels/tokens NO.0 TNL type : cr lsp, TNL ID : 0x42002000 create time : 0 days, 1 hours, 5 minutes, 19 seconds up time : 0 days, 0 hours, 43 minutes, 33 seconds last change time : 0 days, 0 hours, 43 minutes, 33 seconds *client interface : GigabitEthernet1/0/0.1 is up session state : up AC state : up VC state : up VC ID : 200 VC type : vlan destination : 2.2.2.2 local group ID : 0 remote group ID : 0 local VC label : 21505 remote VC label : 21505 local AC OAM state : up local PSN state : up local forwarding state : forwarding remote AC OAM state : up remote PSN state : up remote forwarding state: forwarding Dynamic BFD for PW : enable Detect Multipier : 3 Min Transit Interval : 100 Max Receive Interval : 100 Dynamic BFD Session : built BFD for PW : available BFD sessionIndex : 257 BFD state : up manual fault : not set active state : active forwarding entry : existent link state : up local VC MTU : 1500 remote VC MTU : 1500 local VCCV : cw lsp-ping bfd remote VCCV : cw lsp-ping bfd local control word : enable remote control word : enable tunnel policy : -traffic behavior : -PW template name : 1to2 primary or secondary : secondary VC tunnel/token info : 1 tunnels/tokens NO.0 TNL type : lsp , TNL ID : 0x2002001 create time : 0 days, 1 hours, 6 minutes, 30 seconds up time : 0 days, 0 hours, 1 minutes, 0 seconds last change time : 0 days, 0 hours, 1 minutes, 0 seconds reroute policy : delay 30 s, resume 0 s reason of last reroute : New LDP mapping message was received time of last reroute : 0 days, 0 hours, 18 minutes, 37 seconds
Issue 03 (2008-09-22)
6-239
6 PWE3 Configuration
delay timer ID resume timer ID : -: --
Run the display mac-address dynamic command once again on CEs. Here, CE2 is taken as an example. You can see that GE1/0/1 and GE1/0/2 of CE2 have once again learnt the MAC addresses of Client1 (00e0-413f-8401) and Client2 (00e0-c279-e10a 10). This indicates that the clients now use the protection line CE2 PE2 PE1 for data transmission between themselves.
[CE2] display mac-address dynamic 1 MAC Address VLAN/VSI PEVLAN CEVLAN Port Type Lsp ------------------------------------------------------------------------------00e0-413f-8401 10 GigabitEthernet1/0/1 dynamic 1/0 00e0-c279-e10a 10 GigabitEthernet1/0/2 dynamic 1/0 Total 2 ,2 printed
Configure Ethernet OAM once again on GE1/0/0 of CE2, and disable the fault that is manually simulated.
[CE2] cfm md md1 [CE2-md-md1] ma ma1 [CE2-md-md1-ma-ma1] mep ccm-send enable [CE2-md-md1-ma-ma1] remote-mep ccm-receive enable [CE2-md-md1-ma-ma1] quit [CE2-md-md1] quit
Run the display mpls l2vc interface command on PE1. Then, PE1 identifies that OAM is Up on the remote AC, and that the fault has been rectified. The working-protection switchover of PWs is carried out on PE1, the working PW changes back to Active, and the protection PW changes back to InActive.
[PE1] display mpls l2vc interface gigabitethernet 1/0/0.1 *client interface : GigabitEthernet1/0/0.1 is up session state : up AC state : up VC state : up VC ID : 100 VC type : vlan destination : 3.3.3.3 local group ID : 0 remote group ID local VC label : 21504 remote VC label local AC OAM State : up local PSN State : up local forwarding state : forwarding remote AC OAM state : up remote PSN state : up remote forwarding state: forwarding Dynamic BFD for PW : enable Detect Multipier : 3 Min Transit Interval : 1000 Max Receive Interval : 1000 Dynamic BFD Session : built BFD for PW : available BFD sessionIndex : 256 BFD state : up manual fault : not set
: 0 : 21504
6-240
Issue 03 (2008-09-22)
6 PWE3 Configuration
active state : active forwarding entry : exist link state : up local VC MTU : 1500 remote VC MTU : 1500 local VCCV : cw lsp-ping bfd remote VCCV : cw lsp-ping bfd local control word : enable remote control word : enable tunnel policy : p1 traffic behavior : -PW template name : 1to3 primary or secondary : primary VC tunnel/token info : 1 tunnels/tokens NO.0 TNL type : cr lsp, TNL ID : 0x42002000 create time : 0 days, 1 hours, 15 minutes, 40 seconds up time : 0 days, 0 hours, 43 minutes, 33 seconds last change time : 0 days, 0 hours, 43 minutes, 33 seconds *client interface : GigabitEthernet1/0/0.1 is up session state : up AC state : up VC state : up VC ID : 200 VC type : vlan destination : 2.2.2.2 local group ID : 0 remote group ID : 0 local VC label : 21505 remote VC label : 21505 local AC OAM state : up local PSN state : up local forwarding state : forwarding remote AC OAM state : up remote PSN state : up remote forwarding state: forwarding Dynamic BFD for PW : enable Detect Multipier : 3 Min Transit Interval : 100 Max Receive Interval : 100 Dynamic BFD Session : built BFD for PW : available BFD sessionIndex : 257 BFD state : up manual fault : not set active state : inactive forwarding entry : existent link state : up local VC MTU : 1500 remote VC MTU : 1500 local VCCV : cw lsp-ping bfd remote VCCV : cw lsp-ping bfd local control word : enable remote control word : enable tunnel policy : -traffic behavior : -PW template name : 1to2 primary or secondary : secondary VC tunnel/token info : 1 tunnels/tokens NO.0 TNL type : lsp , TNL ID : 0x2002001 create time : 0 days, 1 hours, 16 minutes, 30 seconds up time : 0 days, 0 hours, 1 minutes, 0 seconds last change time : 0 days, 0 hours, 1 minutes, 0 seconds reroute policy : delay 30 s, resume 0 s reason of last reroute : New LDP mapping message was received time of last reroute : 0 days, 0 hours, 18 minutes, 37 seconds delay timer ID : -rest time :-resume timer ID : -rest time :--
Issue 03 (2008-09-22)
6-241
6 PWE3 Configuration
5 packet(s) transmitted 5 packet(s) received 0.00% packet loss round-trip min/avg/max = 130/176/210 ms
Run the display mac-address dynamic command on CEs. Here, CE2 is taken as an example. You can see that GE1/0/0 and GE1/0/2 of CE2 have once again learnt the MAC addresses of Client1 (00e0-413f-8401) and Client2 (00e0-c279-e10a). This indicates that the clients once again use the working line CE2 PE3 P PE1 for data transmission between themselves.
[CE2] display mac-address dynamic 1 MAC Address VLAN/VSI PEVLAN CEVLAN Port Type Lsp ------------------------------------------------------------------------------00e0-413f-8401 10 GigabitEthernet1/0/1 dynamic 1/0 00e0-c279-e10a 10 GigabitEthernet1/0/2 dynamic 1/0 Total 2 ,2 printed
Configuration Files
l
6-242
Issue 03 (2008-09-22)
6 PWE3 Configuration
Issue 03 (2008-09-22)
6-243
6 PWE3 Configuration
6-244
Issue 03 (2008-09-22)
6 PWE3 Configuration
Issue 03 (2008-09-22)
6-245
6 PWE3 Configuration
6.14.15 Example for Configuring PW FRR - CEs Are Unsymmetrically Connected to PEs Through Ethernet Links, Static BFD Is Used to Detect PWs, CFM Is Used to Detect ACs
Networking Requirements
As shown in Figure 6-30, CE1 is single-homed to PE1. CE2 is dual-homed to PE2 and PE3. The networking requirements are as follows:
l
6-246
Issue 03 (2008-09-22)
6 PWE3 Configuration
A PW is set up between PE1 and PE3. This PW is the working PW, and uses the MPLS TE tunnel. A PW is set up between PE1 and PE2. This PW is the protection PW, and uses the MPLS LSP tunnel. Fault detection between CEs and PEs is implemented according to the IEEE802.1ag protocol (CFM). If the working line -- CE2 PE3 P PE1-- becomes faulty, the L2VPN traffic can be rapidly switched to the the protection line -- CE2 PE2 PE1. After the working line CE2 PE3 P PE1 recovers from the fault, the L2VPN traffic is switched back.
Figure 6-30 Networking diagram of PW FRR CEs are unsymmetrically connected to PEs through Ethernet links, static BFD is used to detect PWs, CFM is used to detect ACs
1 /0 / S2 /30 O P .1.2 3 0.1 0 1 1 /0 / /30 S2 3.1.1 O P 0.1 10
Loopback1 1.1.1.1/32
PE1
GE1/0/0
MPLS TE
PE3
PO 100 S2/0 / .1 2. 2 1.1/ 30
MP
LS
L SP
100 PO S2/0 .1 2. 1.2/ /1 30
Loopback1 2.2.2.2/32
GE1/0/0
GE1/0/0
PE2
GE1/0/1 GE1/0/0
GE1/0/0
CE1
GE1/0/1
CE2
GE1/0/2
Client1 10.1.1.1/24
Client2 10.1.1.2/24
Configuration Roadmap
The configuration roadmap is as follows: 1. 2. 3. 4. 5. 6. 7.
Issue 03 (2008-09-22)
Configure IGP on the backbone network. Set up MPLS TE tunnels between PE1 and PE3, and LSP tunnels between PE1 and PE2. Set up MPLS LDP sessions between PE1 and PE2, and between PE1 and PE3. Use PW templates to configure PWs on PEs. You need to use tunnel policies to configure the working PW because the working PW uses the MPLS TE tunnel. Set up BFD for PW sessions between PE1 and PE2, and between PE1 and PE3. On PEs and CEs, configure Ethernet OAM that complies with the IEEE802.1ag protocol. Enable association between Ethernet OAM and BFD on PEs.
Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd. 6-247
6 PWE3 Configuration
Data Preparation
To complete the configuration, you need the following data:
l l l l l
Tunnel policies Bandwidth for MPLS TE tunnels Name of the remote peer of MPLS LDP VC IDs of the working PW and the protection PW Name of the PW template
Configuration Procedure
1. Add the interfaces on CEs to a same VLAN. # Configure CE1.
<Quidway> system-view [Quidway] sysname CE1 [CE1] portswitch batch gigabitethernet 1/0/0 to 1/0/1 [CE1] vlan 10 [CE1-vlan10] quit [CE1] interface gigabitethernet 1/0/0 [CE1-GigabitEthernet1/0/0] port trunk allow-pass vlan 10 [CE1-GigabitEthernet1/0/0] undo shutdown [CE1-GigabitEthernet1/0/0] quit [CE1] interface gigabitethernet 1/0/1 [CE1-GigabitEthernet1/0/1] port default vlan 10 [CE1-GigabitEthernet1/0/1] undo shutdown [CE1-GigabitEthernet1/0/1] quit
# Configure CE2.
<Quidway> system-view [Quidway] sysname CE2 [CE2] portswitch batch gigabitethernet 1/0/0 to 1/0/1 [CE2] vlan 10 [CE2-vlan10] quit [CE2] interface gigabitethernet 1/0/0 [CE2-GigabitEthernet1/0/0] port trunk allow-pass vlan 10 [CE2-GigabitEthernet1/0/0] undo shutdown [CE2-GigabitEthernet1/0/0] quit [CE2] interface gigabitethernet 1/0/1 [CE2-GigabitEthernet1/0/1] port trunk allow-pass vlan 10 [CE2-GigabitEthernet1/0/1] undo shutdown [CE2-GigabitEthernet1/0/1] quit [CE2] interface gigabitethernet 1/0/2 [CE2-GigabitEthernet1/0/2] port default vlan 10 [CE2-GigabitEthernet1/0/2] undo shutdown [CE2-GigabitEthernet1/0/2] quit
NOTE
After the configuration, run the display vlan command. You can see that all interfaces are added to VLAN 10, and the physical status of the interfaces is Up. Take the display on CE1 as an example.
[CE1] display vlan 10 VLAN ID Type Status MAC Learning Broadcast/Multicast/Unicast Property -------------------------------------------------------------------------10 common enable enable forward forward forward default ---------------Untagged Port: GigabitEthernet1/0/1 ---------------Tagged Port: GigabitEthernet1/0/0 ----------------
6-248
Issue 03 (2008-09-22)
6 PWE3 Configuration
2.
Configure IGP on the MPLS backbone network so that PEs and Ps can interwork. # Configure PE1.
[PE1] interface loopback 1 [PE1-LoopBack1] ip address 1.1.1.1 32 [PE1-LoopBack1] quit [PE1] interface pos 2/0/1 [PE1-Pos2/0/1] ip address 100.13.1.1 30 [PE1-Pos2/0/1] undo shutdown [PE1-Pos2/0/1] quit [PE1] interface pos 2/0/2 [PE1-Pos2/0/2] ip address 100.12.1.1 30 [PE1-Pos2/0/2] undo shutdown [PE1-Pos2/0/2] quit [PE1] ospf 1 [PE1-ospf-1] area 0 [PE1-ospf-1-area-0.0.0.0] network 1.1.1.1 0.0.0.0 [PE1-ospf-1-area-0.0.0.0] network 100.13.1.0 0.0.0.3 [PE1-ospf-1-area-0.0.0.0] network 100.12.1.0 0.0.0.3 [PE1-ospf-1-area-0.0.0.0] quit [PE1-ospf-1] quit
# Configure PE3.
[PE3] interface loopback 1 [PE3-LoopBack1] ip address 3.3.3.3 32 [PE3-LoopBack1] quit [PE3] interface pos2/0/1 [PE3-Pos2/0/1] ip address 100.34.1.2 30 [PE3-Pos2/0/1] undo shutdown [PE3-Pos2/0/1] quit [PE3] ospf 1 [PE3-ospf-1] area 0 [PE3-ospf-1-area-0.0.0.0] network 3.3.3.3 0.0.0.0 [PE3-ospf-1-area-0.0.0.0] network 100.34.1.0 0.0.0.3 [PE3-ospf-1-area-0.0.0.0] quit [PE3-ospf-1] quit
# Configure PE2.
[PE2] interface loopback 1 [PE2-LoopBack1] ip address 2.2.2.2 32 [PE2-LoopBack1] quit [PE2] interface pos 2/0/1 [PE2-Pos2/0/1] ip address 100.12.1.2 30 [PE2-Pos2/0/1] undo shutdown [PE2-Pos2/0/1] quit [PE2] ospf 1
Issue 03 (2008-09-22)
6-249
6 PWE3 Configuration
After the configuration, run the display ip routing-table command on the PEs, and you can see that PE1 and PE2, and PE1 and PE3 have learned the routes on the Loopback1 interface of each other. Take the display on PE1 as an example.
<PE1> display ip routing-table Route Flags: R - relied, D - download to fib -----------------------------------------------------------------------------Routing Tables: Public Destinations : 13 Routes : 13 Destination/Mask Proto Pre Cost Flags NextHop Interface 1.1.1.1/32 Direct 0 0 D 127.0.0.1 InLoopBack0 2.2.2.2/32 OSPF 10 2 D 100.12.1.2 Pos2/0/2 3.3.3.3/32 OSPF 10 3 D 100.13.1.2 Pos2/0/1 4.4.4.4/32 OSPF 10 2 D 100.13.1.2 Pos2/0/1 100.12.1.0/30 Direct 0 0 D 100.12.1.1 Pos2/0/2 100.12.1.1/32 Direct 0 0 D 127.0.0.1 InLoopBack0 100.12.1.2/32 Direct 0 0 D 100.12.1.2 Pos2/0/2 100.13.1.0/30 Direct 0 0 D 100.13.1.1 Pos2/0/1 100.13.1.1/32 Direct 0 0 D 127.0.0.1 InLoopBack0 100.13.1.2/32 Direct 0 0 D 100.13.1.2 Pos2/0/1 100.34.1.0/30 OSPF 10 2 D 100.13.1.2 Pos2/0/1 127.0.0.0/8 Direct 0 0 D 127.0.0.1 InLoopBack0 127.0.0.1/32 Direct 0 0 D 127.0.0.1 InLoopBack0
3.
Configure the basic MPLS functions on the MPLS backbone network. # Enable MPLS, and set LSR-ID as the IP address of the Loopback1 interface. Enable MPLS on interfaces of the backbone network. # Configure PE1.
[PE1] mpls lsr-id 1.1.1.1 [PE1] mpls [PE1-mpls] quit [PE1] interface pos2/0/1 [PE1-Pos2/0/1] mpls [PE1-Pos2/0/1] quit [PE1] interface pos2/0/2 [PE1-Pos2/0/2] mpls [PE1-Pos2/0/2] quit
# Configure PE2.
[PE2] mpls lsr-id 2.2.2.2 [PE2] mpls [PE2-mpls] quit [PE2] interface pos 2/0/1 [PE2-Pos2/0/1] mpls [PE2-Pos2/0/1] quit
# Configure PE3.
[PE3] mpls lsr-id 3.3.3.3 [PE3] mpls
6-250
Issue 03 (2008-09-22)
6 PWE3 Configuration
4.
Set up MPLS TE tunnels between PE1 and PE3, and LSP tunnels between PE1 and PE2. # Configure PE1.
[PE1] mpls [PE1-mpls] mpls te [PE1-mpls] mpls rsvp-te [PE1-mpls] mpls te cspf [PE1-mpls] quit [PE1] interface pos2/0/1 [PE1-Pos2/0/1] mpls te [PE1-Pos2/0/1] mpls rsvp-te [PE1-Pos2/0/1] mpls te max-link-bandwidth 50 [PE1-Pos2/0/1] mpls te max-reservable-bandwidth 30 [PE1-Pos2/0/1] quit [PE1] mpls ldp [PE1-mpls-ldp] quit [PE1] interface pos2/0/2 [PE1-Pos2/0/2] mpls ldp [PE1-Pos2/0/2] quit [PE1] interface tunnel2/0/0 [PE1-Tunnel2/0/0] ip address unnumbered interface loopback1 [PE1-Tunnel2/0/0] tunnel-protocol mpls te [PE1-Tunnel2/0/0] destination 3.3.3.3 [PE1-Tunnel2/0/0] mpls te tunnel-id 13 [PE1-Tunnel2/0/0] mpls te bandwidth bc0 20 [PE1-Tunnel2/0/0] mpls te commit [PE1-Tunnel2/0/0] quit [PE1] ospf 1 [PE1-ospf-1] opaque-capability enable [PE1-ospf-1] area 0 [PE1-ospf-1-area-0.0.0.0] mpls-te enable [PE1-ospf-1-area-0.0.0.0] quit [PE1-ospf-1] quit
# Configure PE3.
[PE3] mpls [PE3-mpls] mpls [PE3-mpls] mpls [PE3-mpls] mpls [PE3-mpls] quit [PE3] interface te rsvp-te te cspf pos2/0/1
Issue 03 (2008-09-22)
6-251
6 PWE3 Configuration
# Configure PE2.
[PE2] mpls ldp [PE2-mpls-ldp] quit [PE2] interface pos2/0/1 [PE2-Pos2/0/1] mpls ldp [PE2-Pos2/0/1] quit
After the configuration, run the display tunnel-info all command on PEs. You can see that MPLS TE tunnels are set up between PE1 and PE3, and MPLS LSP tunnels are set up between PE1 and PE2. Take the display on PE1 as an example.
<PE1> display tunnel-info all * -> Allocated VC Token Tunnel ID Type Destination Token ---------------------------------------------------------------------0x42002000 cr lsp 3.3.3.3 0 0x2002001 lsp -1 0x2002002 lsp 2.2.2.2 2
5.
Set up remote LDP sessions between PEs. # Configure remote LDP sessions. Usually, addresses of the Loopback interfaces of the remote LDP peers are set as the IP addresses for remote LDP sessions.
NOTE
In this example, PE1 and PE2 are directly connected and you do not need to manually configure remote LDP sessions between them.
# Configure PE1.
[PE1] mpls ldp remote-peer 3.3.3.3 [PE1-mpls-ldp-remote-3.3.3.3] remote-ip 3.3.3.3
# Configure PE3.
[PE3] mpls ldp [PE3-mpls-ldp] quit [PE3] mpls ldp remote-peer 1.1.1.1 [PE3-mpls-ldp-remote-1.1.1.1] remote-ip 1.1.1.1
After the configuration, run the display mpls ldp session on PEs. You can see that the status of the remote LDP peer relationship is Operational. This indicates that remote LDP sessions are set up. Take the display on PE1 as an example.
<PE1> display mpls ldp session LDP Session(s) in Public Network ------------------------------------------------------------------------------
6-252
Issue 03 (2008-09-22)
6 PWE3 Configuration
KA-Sent/Rcv
-----------------------------------------------------------------------------2.2.2.2:0 Operational DU Passive 000:00:03 16/16 3.3.3.3:0 Operational DU Passive 000:00:00 1/1 -----------------------------------------------------------------------------TOTAL: 2 session(s) Found. LAM : Label Advertisement Mode SsnAge Unit : DDD:HH:MM
6.
# Configure PE3.
[PE3] tunnel-policy p1 [PE3-tunnel-policy-p1] tunnel select-seq cr-lsp load-balance-number 1 [PE3-tunnel-policy-p1] quit
7.
Configure PWs on PEs by using PW templates. # Configure a working PW and a protection PW on PE1. Configure a PW on PE2 and PE3 respectively. The two PWs are both working PWs. # Configure PE1.
[PE1] mpls l2vpn [PE1-l2vpn] quit [PE1] pw-template 1to2 [PE1-pw-template-1to2] peer-address 2.2.2.2 [PE1-pw-template-1to2] control-word [PE1-pw-template-1to2] vccv cc cw cv lsp-ping bfd [PE1-pw-template-1to2] quit [PE1] pw-template 1to3 [PE1-pw-template-1to3] peer-address 3.3.3.3 [PE1-pw-template-1to3] control-word [PE1-pw-template-1to3] vccv cc cw cv lsp-ping bfd [PE1-pw-template-1to3] quit [PE1] interface gigabitethernet 1/0/0.1 [PE1-GigabitEthernet1/0/0.1] vlan-type dot1q 10 [PE1-GigabitEthernet1/0/0.1] mpls l2vc pw-template 1to3 100 tunnel-policy p1 [PE1-GigabitEthernet1/0/0.1] mpls l2vc pw-template 1to2 200 secondary [PE1-GigabitEthernet1/0/0.1] undo shutdown [PE1-GigabitEthernet1/0/0.1] quit
# Configure PE2.
[PE2] mpls l2vpn [PE2-l2vpn] quit [PE2] pw-template 2to1 [PE2-pw-template-2to1] peer-address 1.1.1.1 [PE2-pw-template-2to1] control-word [PE2-pw-template-2to1] vccv cc cw cv lsp-ping bfd [PE2-pw-template-2to1] quit [PE2] interface gigabitethernet 1/0/0.1 [PE2-GigabitEthernet1/0/0.1] vlan-type dot1q 10 [PE2-GigabitEthernet1/0/0.1] mpls l2vc pw-template 2to1 200 [PE2-GigabitEthernet1/0/0.1] undo shutdown [PE2-GigabitEthernet1/0/0.1] quit
# Configure PE3.
[PE3] mpls l2vpn [PE3-l2vpn] quit [PE3] pw-template 3to1 [PE3-pw-template-3to1] peer-address 1.1.1.1 [PE3-pw-template-3to1] control-word [PE3-pw-template-3to1] vccv cc cw cv lsp-ping bfd [PE3-pw-template-3to1] quit [PE3] interface gigabitethernet 1/0/0.1
Issue 03 (2008-09-22)
6-253
6 PWE3 Configuration
[PE3-GigabitEthernet1/0/0.1] [PE3-GigabitEthernet1/0/0.1] [PE3-GigabitEthernet1/0/0.1] [PE3-GigabitEthernet1/0/0.1]
After the configuration, run the display pw-template command on PEs. You can view the information about the configurations of PW templates, and you can see that VCCV is enabled. Take the display on PE1 as an example.
[PE1] display pw-template Total PW template number : 2 PW Template Name : 1to2 PeerIP : 2.2.2.2 Tnl Policy Name : -CtrlWord : Enable VCCV Capability : cw lsp-ping bfd Behavior Name : -Total PW : 1, Static PW : 0, LDP PW : 1, Rsvp PW : 0 PW Template Name : 1to3 PeerIP : 3.3.3.3 Tnl Policy Name : -CtrlWord : Enable VCCV Capability : cw lsp-ping bfd Behavior Name : -Total PW : 1, Static PW : 0, LDP PW : 1, Rsvp PW : 0
After the configuration, run the display mpls l2vc interface command on PEs. You can see that the working PW and protection PW are set up and are Up. The working PW is Active, and the protection PW is InActive. Take the display on PE1 as an example.
<PE1> display mpls l2vc interface gigabitethernet 1/0/0.1 *client interface : GigabitEthernet1/0/0.1 is up session state : up AC state : up VC state : up VC ID : 100 VC type : vlan destination : 3.3.3.3 local group ID : 0 remote group ID : 0 local VC label : 21504 remote VC label : 21504 local AC OAM State : up local PSN State : up local forwarding state : forwarding remote AC OAM state : up remote PSN state : up remote forwarding state: forwarding BFD for PW : unavailable manual fault : not set active state : active forwarding entry : exist link state : up local VC MTU : 1500 remote VC MTU : 1500 local VCCV : cw lsp-ping bfd remote VCCV : cw lsp-ping bfd local control word : enable remote control word : enable tunnel policy : p1 traffic behavior : -PW template name : 1to3 primary or secondary : primary VC tunnel/token info : 1 tunnels/tokens NO.0 TNL type : cr lsp, TNL ID : 0x42002000 create time : 0 days, 0 hours, 23 minutes, 7 seconds up time : 0 days, 0 hours, 1 minutes, 21 seconds last change time : 0 days, 0 hours, 1 minutes, 21 seconds *client interface : GigabitEthernet1/0/0.1 is up session state : up AC state : up
6-254
Issue 03 (2008-09-22)
6 PWE3 Configuration
up 200 vlan 2.2.2.2 0 remote group ID : 0 21505 remote VC label : 21505 up up forwarding up up forwarding unavailable not set inactive existent up 1500 remote VC MTU : 1500 cw lsp-ping bfd cw lsp-ping bfd enable remote control word : enable --1to2 secondary 1 tunnels/tokens , TNL ID : 0x2002001 0 days, 0 hours, 22 minutes, 19 seconds 0 days, 0 hours, 1 minutes, 32 seconds 0 days, 0 hours, 1 minutes, 32 seconds delay 30 s, resume 0 s New LDP mapping message was received 0 days, 0 hours, 0 minutes, 50 seconds -rest time :--rest time :--
Run the display mac-address dynamic command on CEs. Here, CE2 is taken as an example. You can see that GE1/0/0 and GE1/0/2 of CE2 have respectively learnt the MAC addresses of Client1 (00e0-413f-8401) and Client2 (00e0-c279-e10a 10). This indicates that the clients now use the working line CE2 PE3 P PE1 for data transmission between themselves.
[CE2] display mac-address dynamic 1 MAC Address VLAN/VSI PEVLAN CEVLAN Port Type Lsp ------------------------------------------------------------------------------00e0-413f-8401 10 GigabitEthernet1/0/0 dynamic 1/0 00e0-c279-e10a 10 GigabitEthernet1/0/2 dynamic 1/0 Total 2 ,2 printed
8.
# Configure PE1.
Issue 03 (2008-09-22) Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd. 6-255
6 PWE3 Configuration
# Configure PE2.
[PE2] bfd [PE2-bfd] quit [PE2] bfd 2to1 bind pw interface gigabitethernet 1/0/0.1 [PE2-bfd-lsp-session-2to1] discriminator local 21 [PE2-bfd-lsp-session-2to1] discriminator local 12 [PE2-bfd-lsp-session-2to1] commit [PE2-bfd-lsp-session-2to1] quit
# Configure PE3.
[PE3] bfd [PE3-bfd] quit [PE3] bfd 3to1 bind pw interface gigabitethernet 1/0/0.1 [PE3-bfd-lsp-session-3to1] discriminator local 31 [PE3-bfd-lsp-session-3to1] discriminator local 13 [PE3-bfd-lsp-session-3to1] commit [PE3-bfd-lsp-session-3to1] quit
After the configuration, BFD sessions are set up between PE1 and PE2, and between PE1 and PE3. Run the display bfd session all command. You can see that State is Up. Take the display on PE1 as an example.
<PE1> display bfd session all ------------------------------------------------------------------------------Local Remote PeerIpAddr InterfaceName State Type ------------------------------------------------------------------------------13 31 --.--.--.-GigabitEthernet1/0/0.1 Up D_PW(M) 12 21 --.--.--.-GigabitEthernet1/0/0.1 Up D_PW(S) ------------------------------------------------------------------------------Total UP/DOWN Session Number : 2/0
9.
In this example, Ethernet OAM complies with the IEEE802.1ag protocol (CFM).
# Configure CE2.
[CE2] cfm enable [CE2] cfm trigger vlan 10 mac-renew [CE2] cfm md md1 level 0 [CE2-md-md1] ma ma1 [CE2-md-md1-ma-ma1] map vlan 10 [CE2-md-md1-ma-ma1] mep mep-id 30 interface gigabitethernet 1/0/0 outward [CE2-md-md1-ma-ma1] remote-mep mep-id 31 [CE2-md-md1-ma-ma1] mep ccm-send enable [CE2-md-md1-ma-ma1] remote-mep ccm-receive enable [CE2-md-md1-ma-ma1] quit [CE2-md-md1] ma ma2 [CE2-md-md1-ma-ma1] map vlan 10 [CE2-md-md1-ma-ma1] mep mep-id 40 interface gigabitethernet 1/0/1 outward [CE2-md-md1-ma-ma1] remote-mep mep-id 41 [CE2-md-md1-ma-ma1] mep ccm-send enable [CE2-md-md1-ma-ma1] remote-mep ccm-receive enable
6-256
Issue 03 (2008-09-22)
6 PWE3 Configuration
# Configure PE2.
[PE2] cfm enable [PE2] cfm md md1 level 0 [PE2-md-md1] ma ma1 [PE2-md-md1-ma-ma1] map vlan 10 [PE2-md-md1-ma-ma1] mep mep-id 41 interface gigabitethernet 1/0/0.1 outward [PE2-md-md1-ma-ma1] remote-mep mep-id 40 [PE2-md-md1-ma-ma1] mep ccm-send enable [PE2-md-md1-ma-ma1] remote-mep ccm-receive enable [PE2-md-md1-ma-ma1] quit [PE2-md-md1] quit
# Configure PE3.
[PE3] cfm enable [PE3] cfm md md1 level 0 [PE3-md-md1] ma ma1 [PE3-md-md1-ma-ma1] map vlan 10 [PE3-md-md1-ma-ma1] mep mep-id 31 interface gigabitethernet 1/0/0.1 outward [PE3-md-md1-ma-ma1] remote-mep mep-id 30 [PE3-md-md1-ma-ma1] mep ccm-send enable [PE3-md-md1-ma-ma1] remote-mep ccm-receive enable [PE3-md-md1-ma-ma1] quit [PE3-md-md1] quit
After the configuration, run the display cfm remote-mep command on PE2, PE3, or CE2. You can see that CFM is Up. Take the display on PE3 as an example.
[PE3] display cfm remote-mep The total number of RMEPs is : 1 ---------------------------------------------------------------------GigabitEthernet1/0/0 detect -<CE1> display efm session all Interface EFM State Loopback Timeou -------------------------------------------------MD Name : md1 Level : 0 MA Name : ma1 RMEP ID : 30 Vlan ID : 10 VSI Name : -MAC : -CCM Receive : enabled Trigger-If-Down : disabled CFM Status : up
10. Configure association between Eth OAM and BFD on PEs. # Take the configuration of PE2 as an example. Configuration on PE3 is the same, and is not mentioned here.
[PE2] oam-mgr [PE2-oam-mgr] oam-bind cfm md md1 ma ma1 bfd-session 21 [PE2-oam-mgr] quit
Run the display mpls l2vc interface command on PE1. If the configuration is successful, you can see that the working PW is Active, the protection PW is InActive, and BFD for PW for the working and protection PWs is available.
<PE1> display mpls l2vc interface gigabitethernet 1/0/0.1 *client interface : GigabitEthernet1/0/0.1 is up session state : up AC state : up VC state : up
Issue 03 (2008-09-22)
6-257
6 PWE3 Configuration
6-258
Issue 03 (2008-09-22)
6 PWE3 Configuration
: 1 tunnels/tokens , TNL ID : 0x2002001 : 0 days, 1 hours, 4 minutes, 31 seconds : 0 days, 0 hours, 43 minutes, 44 seconds : 0 days, 0 hours, 43 minutes, 44 seconds : delay 30 s, resume 0 s : New LDP mapping message was received : 0 days, 0 hours, 43 minutes, 2 seconds : -rest time :-: -rest time :--
Run the display mpls l2vc interface command on PE1. Then, PE1 identifies that OAM is Down on the remote AC. Working-protection switchover of PWs is carried out on PE1: the working PW changes to InActive, and the protection PW changes to Active.
<PE1> display mpls l2vc interface gigabitethernet 1/0/0.1 *client interface : GigabitEthernet1/0/0.1 is up session state : up AC state : up VC state : up VC ID : 100 VC type : vlan destination : 3.3.3.3 local group ID : 0 remote group ID : 0 local VC label : 21504 remote VC label : 21504 local AC OAM State : up local PSN State : up local forwarding state : forwarding remote AC OAM state : down remote PSN state : up remote forwarding state: forwarding Dynamic BFD for PW : enable Detect Multipier : 3 Min Transit Interval : 1000 Max Receive Interval : 1000 Dynamic BFD Session : built BFD for PW : available BFD sessionIndex : 256 BFD state : up manual fault : not set active state : inactive forwarding entry : exist link state : up local VC MTU : 1500 remote VC MTU : 1500 local VCCV : cw lsp-ping bfd remote VCCV : cw lsp-ping bfd local control word : enable remote control word : enable tunnel policy : p1 traffic behavior : -PW template name : 1to3 primary or secondary : primary VC tunnel/token info : 1 tunnels/tokens NO.0 TNL type : cr lsp, TNL ID : 0x42002000 create time : 0 days, 1 hours, 5 minutes, 19 seconds up time : 0 days, 0 hours, 43 minutes, 33 seconds last change time : 0 days, 0 hours, 43 minutes, 33 seconds *client interface : GigabitEthernet1/0/0.1 is up session state : up AC state : up VC state : up VC ID : 200
Issue 03 (2008-09-22)
6-259
6 PWE3 Configuration
VC type : destination : local group ID : local VC label : local AC OAM state : local PSN state : local forwarding state : remote AC OAM state : remote PSN state : remote forwarding state: Dynamic BFD for PW : Detect Multipier : Min Transit Interval : Max Receive Interval : Dynamic BFD Session : BFD for PW : BFD sessionIndex : manual fault : active state : forwarding entry : link state : local VC MTU : local VCCV : remote VCCV : local control word : tunnel policy : traffic behavior : PW template name : primary or secondary : VC tunnel/token info : NO.0 TNL type : lsp create time : up time : last change time : reroute policy : reason of last reroute : time of last reroute : delay timer ID : resume timer ID :
Run the display mac-address dynamic command once again on CEs. Here, CE2 is taken as an example. You can see that GE1/0/1 and GE1/0/2 of CE2 have once again learnt the MAC addresses of Client1 (00e0-413f-8401) and Client2 (00e0-c279-e10a 10). This indicates that the clients now use the protection line CE2 PE2 PE1 for data transmission between themselves.
[CE2] display mac-address dynamic 1 MAC Address VLAN/VSI PEVLAN CEVLAN Port Type Lsp ------------------------------------------------------------------------------00e0-413f-8401 10 GigabitEthernet1/0/1 dynamic 1/0 00e0-c279-e10a 10 GigabitEthernet1/0/2 dynamic 1/0 Total 2 ,2 printed
6-260
Issue 03 (2008-09-22)
6 PWE3 Configuration
Configure Ethernet OAM once again on GE1/0/0 of CE2, and disable the fault that is manually simulated.
[CE2] cfm md md1 [CE2-md-md1] ma ma1 [CE2-md-md1-ma-ma1] mep ccm-send enable [CE2-md-md1-ma-ma1] remote-mep ccm-receive enable [CE2-md-md1-ma-ma1] quit [CE2-md-md1] quit
Run the display mpls l2vc interface command on PE1. Then, PE1 identifies that OAM is Up on the remote AC, which indicates that the fault has been rectified. The workingprotection switchover of PWs is carried out on PE1, the working PW changes back to Active, and the protection PW changes back to InActive.
[PE1] display mpls l2vc interface gigabitethernet 1/0/0.1 *client interface : GigabitEthernet1/0/0.1 is up session state : up AC state : up VC state : up VC ID : 100 VC type : vlan destination : 3.3.3.3 local group ID : 0 remote group ID : 0 local VC label : 21504 remote VC label : 21504 local AC OAM State : up local PSN State : up local forwarding state : forwarding remote AC OAM state : up remote PSN state : up remote forwarding state: forwarding Dynamic BFD for PW : enable Detect Multipier : 3 Min Transit Interval : 1000 Max Receive Interval : 1000 Dynamic BFD Session : built BFD for PW : available BFD sessionIndex : 256 BFD state : up manual fault : not set active state : active forwarding entry : exist link state : up local VC MTU : 1500 remote VC MTU : 1500 local VCCV : cw lsp-ping bfd remote VCCV : cw lsp-ping bfd local control word : enable remote control word : enable tunnel policy : p1 traffic behavior : -PW template name : 1to3 primary or secondary : primary VC tunnel/token info : 1 tunnels/tokens NO.0 TNL type : cr lsp, TNL ID : 0x42002000 create time : 0 days, 1 hours, 15 minutes, 40 seconds up time : 0 days, 0 hours, 43 minutes, 33 seconds last change time : 0 days, 0 hours, 43 minutes, 33 seconds *client interface : GigabitEthernet1/0/0.1 is up session state : up AC state : up VC state : up VC ID : 200 VC type : vlan destination : 2.2.2.2 local group ID : 0 remote group ID : 0 local VC label : 21505 remote VC label : 21505 local AC OAM state : up local PSN state : up local forwarding state : forwarding remote AC OAM state : up remote PSN state : up remote forwarding state: forwarding
Issue 03 (2008-09-22)
6-261
6 PWE3 Configuration
Dynamic BFD for PW Detect Multipier Min Transit Interval Max Receive Interval Dynamic BFD Session BFD for PW BFD sessionIndex manual fault active state forwarding entry link state local VC MTU local VCCV remote VCCV local control word tunnel policy traffic behavior PW template name primary or secondary VC tunnel/token info NO.0 TNL type : lsp create time up time last change time reroute policy reason of last reroute time of last reroute delay timer ID resume timer ID : : : : : : : : : : : : : : : : : : : : : : : : : : : :
Run the display mac-address dynamic command on CEs. Here, CE2 is taken as an example. You can see that GE1/0/0 and GE1/0/2 of CE2 have once again learnt the MAC addresses of Client1 (00e0-413f-8401) and Client2 (00e0-c279-e10a). This indicates that the clients once again use the working line CE2 PE3 P PE1 for data transmission between themselves.
[CE2] display mac-address dynamic 1 MAC Address VLAN/VSI PEVLAN CEVLAN Port Type Lsp ------------------------------------------------------------------------------00e0-413f-8401 10 GigabitEthernet1/0/1 dynamic 1/0 00e0-c279-e10a 10 GigabitEthernet1/0/2 dynamic 1/0 Total 2 ,2 printed
Configuration Files
l
6-262
Issue 03 (2008-09-22)
6 PWE3 Configuration
Issue 03 (2008-09-22)
6-263
6 PWE3 Configuration
6-264
Issue 03 (2008-09-22)
6 PWE3 Configuration
Issue 03 (2008-09-22)
6-265
6 PWE3 Configuration
6-266
Issue 03 (2008-09-22)
6 PWE3 Configuration
Issue 03 (2008-09-22)
6-267
6 PWE3 Configuration
MPLS Backbone
POS1/0/0 10.1.1.2/24
PE2
GE2/0/0 100.1.1.1/24 GE1/0/0 100.1.1.2/24
PE1
ATM1/0/0 100.1.1.1/24
PW100
CE1
CE2
Configuring Roadmap
The configuration roadmap is as follows: 1. 2. 3. 4. 5. 6. Configure the IGP protocol on routers of the PSN backbone network. Enable MPLS on the PE. Set up the tunnel according to the tunnel policy. Create the static or dynamic MPLS L2VC connection on the PE. Create a PVC and configure IPoA mapping of PVC. Configure local-ce mac or local-ce ip on PE2 since the AC is Ethernet.
Data Preparation
To complete the configuration, you need the following data.
l l l
MPLS LSR ID L2VC IDs at both ends of PW (They are the same.) VPI/VCI value of PVC on AM 1/0/0 of PE1 and that of CE1 (They are the same.)
Configuration Procedure
1. Configure IP address for the interfaces and VC for ATM.
NOTE
l l
VPI/VCI of both ends of Virtual Chunnel must be consistent. When configuring the PWE3 internetworking on PE, the IP address of the interface connected to AC must be configured as the IP address of the interface of destination CE, which is also connected to AC. This is shown in Figure 6-31.
# Configure CE1.
<Quidway> system-view [Quidway] sysname CE1 [CE1] interface atm1/0/0 [CE1-Atm1/0/0] ip address 100.1.1.1 24 [CE1-Atm1/0/0] pvc 100/200 [CE1-atm-pvc-Atm1/0/0-100/200] map ip 100.1.1.2 [CE1-atm-pvc-Atm1/0/0-100/200] quit [CE1-Atm1/0/0] undo shutdown
6-268
Issue 03 (2008-09-22)
6 PWE3 Configuration
# Configure PE1.
<Quidway> system-view [Quidway] sysname PE1 [PE1] interface atm1/0/0 [PE1-Atm1/0/0] pvc 100/200 [PE1-atm-pvc-Atm1/0/0-100/200] quit [PE1-Atm1/0/0] undo shutdown [PE1-Atm1/0/0] quit [PE1] interface pos 2/0/0 [PE1-Pos2/0/0] ip address 10.1.1.1 24 [PE1-Pos2/0/0] undo shutdown [PE1-Pos2/0/0] quit [PE1] interface loopback 1 [PE1-LoopBack1] ip address 1.1.1.1 32 [PE1-LoopBack1] quit
# Configure PE2.
<Quidway> system-view [Quidway] sysname PE2 [PE2] interface pos1/0/0 [PE2-Pos1/0/0] ip address 10.1.1.2 24 [PE2-Pos1/0/0] undo shutdown [PE2-Pos1/0/0] quit [PE2] interface loopback 1 [PE2-LoopBack1] ip address 2.2.2.2 32 [PE2-LoopBack1] quit [PE2] interface gigabitethernet2/0/0 [PE2-GigabitEthernet2/0/0] local-ce ip 100.1.1.2 [PE2-GigabitEthernet2/0/0] shutdown [PE2-GigabitEthernet2/0/0] undo shutdown [PE2-GigabitEthernet2/0/0] quit
# Configure CE2.
<Quidway> system-view [Quidway] sysname CE2 [CE2] interface gigabitethernet 1/0/0 [CE2-GigabitEthernet1/0/0] ip address 100.1.1.2 24 [CE2-GigabitEthernet1/0/0] undo shutdown [CE2-GigabitEthernet1/0/0] quit
The interfaces on both ends of each network segment can ping through each other. 2. Configuring protocols at network layer Configure the network layer protocol to ensure the PEs of the backbone can communicate. In this example, OSPF is adopted. The configuration procedure is not mentioned here. # Configure PE1.
[PE1] ospf 1 [PE1-ospf-1] area 0 [PE1-ospf-1-area-0.0.0.0] network 1.1.1.1 0.0.0.0 [PE1-ospf-1-area-0.0.0.0] network 10.1.1.0 0.0.0.255
# Configure PE2.
[PE2] ospf 1 [PE2-ospf-1] area 0 [PE2-ospf-1-area-0.0.0.0] network 2.2.2.2 0.0.0.0 [PE2-ospf-1-area-0.0.0.0] network 10.1.1.0 0.0.0.255
After the configuration, run the display ip routing-table command on PEs, and you can see that PE1 and PE2 have learnt the loopback address of each other. Take the display of PE1 as an example:
<PE1> display ip routing-table Route Flags: R - relied, D - download to fib -----------------------------------------------------------------------------Routing Tables: Public Destinations : 7 Routes : 7
Issue 03 (2008-09-22)
6-269
6 PWE3 Configuration
Destination/Mask 1.1.1.1/32 2.2.2.2/32 10.1.1.0/24 10.1.1.1/32 10.1.1.2/32 127.0.0.0/8 127.0.0.1/32 Proto Direct OSPF Direct Direct Direct Direct Direct Pre 0 10 0 0 0 0 0 Cost 0 2 0 0 0 0 0
3.
Configure MPLS for PSN backbone and set up the tunnel. # Enable MPLS, and specify LSR ID as the IP address of loopback 1.Enable MPLS and MPLS LDP for the interfaces in the backbone. # Configure PE1.
[PE1] mpls lsr-id 1.1.1.1 [PE1] mpls [PE1-mpls] quit [PE1] mpls ldp [PE1-mpls-ldp] quit [PE1] interface pos2/0/0 [PE1-Pos2/0/0] mpls [PE1-Pos2/0/0] mpls ldp [PE1-Pos2/0/0] quit
# Configure PE2.
[PE2] mpls lsr-id 2.2.2.2 [PE2] mpls [PE2-mpls] quit [PE2] mpls ldp [PE2-mpls-ldp] quit [PE2] interface pos 1/0/0 [PE2-Pos1/0/0] mpls [PE2-Pos1/0/0] mpls ldp [PE2-Pos1/0/0] quit
After the configuration, run the display tunnel-info all command on PEs, and you can see that there is an MPLS LSP tunnel between PE1 and PE2. Take the display of PE1 as an example.
<PE1> display tunnel-info all * -> Allocated VC Token Tunnel ID Type Destination Token ---------------------------------------------------------------------0x2002000 lsp 2.2.2.2 0
Run the display mpls ldp session command on PEs, and you can see that the status of the LDP peer relationship between PE1 and PE2 is Operational. Take the display of PE1 as an example:
<PE1> display mpls ldp session LDP Session(s) in Public Network -----------------------------------------------------------------------------Peer-ID Status LAM SsnRole SsnAge KA-Sent/Rcv -----------------------------------------------------------------------------2.2.2.2:0 Operational DU Passive 000:00:01 6/6 -----------------------------------------------------------------------------TOTAL: 1 session(s) Found. LAM : Label Advertisement Mode SsnAge Unit : DDD:HH:MM
4.
Enable MPLS L2VPN and configure the L2VC connection. # Configure PE1.
[PE1] mpls l2vpn [PE1-l2vpn] quit [PE1] interface atm 1/0/0 [PE1-Atm1/0/0] mpls l2vc 2.2.2.2 100 ip-interworking
6-270
Issue 03 (2008-09-22)
6 PWE3 Configuration
# Configure PE2.
[PE2] mpls l2vpn [PE2-l2vpn] quit [PE2] interface gigabitethernet 2/0/0 [PE1-GigabitEthernet2/0/0] mpls l2vc 1.1.1.1 100 ip-interworking [PE1-GigabitEthernet2/0/0] quit
5.
Verify the configuration. After the above configuration, a PW has been set up between each pair of PEs. Execute the display mpls l2vc command on PE. You can find that the "VC state" in displayed is "up". Take PE1 as an example:
<PE1> display mpls l2vc interface atm 1/0/0 *client interface : Atm1/0/0 is up session state : up AC state : up VC state : up VC ID : 100 VC type : IP-interworking destination : 2.2.2.2 local group ID : 0 remote group ID : 0 local VC label : 21504 remote VC label : 21504 local AC OAM State : up local PSN State : up local forwarding state : forwarding remote AC OAM state : up remote PSN state : up remote forwarding state: forwarding BFD for PW : unavailable manual fault : not set active state : active forwarding entry : exist link state : up local VC MTU : 1500 remote VC MTU : 1500 local VCCV : Disable remote VCCV : Disable local fragmentantion : disable remote fragmentantion: disable local control word : disable remote control word : disable tunnel policy : -traffic behavior : -PW template name : -primary or secondary : primary VC tunnel/token info : 1 tunnels/tokens NO.0 TNL type : lsp , TNL ID : 0x2002000 create time : 0 days, 0 hours, 4 minutes, 29 seconds up time : 0 days, 0 hours, 3 minutes, 54 seconds last change time : 0 days, 0 hours, 3 minutes, 54 seconds
CEs can ping through each other. Take CE2 pinging CE1 as an example.
<CE2> ping 100.1.1.1 PING 100.1.1.1: 56 data bytes, press CTRL_C to break Reply from 100.1.1.1: bytes=56 Sequence=1 ttl=254 time=125 Reply from 100.1.1.1: bytes=56 Sequence=2 ttl=254 time=125 Reply from 100.1.1.1: bytes=56 Sequence=3 ttl=254 time=125 Reply from 100.1.1.1: bytes=56 Sequence=4 ttl=254 time=125 Reply from 100.1.1.1: bytes=56 Sequence=5 ttl=254 time=125 ms ms ms ms ms
Configuration Files
l
Issue 03 (2008-09-22)
6-271
6 PWE3 Configuration
undo shutdown ip address 100.1.1.1 255.255.255.0 pvc 100/200 map ip 100.1.1.2 # return l
6-272
Issue 03 (2008-09-22)
6 PWE3 Configuration
PE1
ASBR -PE1
ASBR -PE2
PE2
POS1/0/0 100.1.1.1/24
POS1/0/0 100.1.1.2/24
CE1
CE2
The MPLS backbone networks within the same AS use IS-IS as the IGP protocol.
Configuration Roadmap
The configuration roadmap is as follows: 1. 2. Configure the IGP for the backbone. Configure the basic MPLS functions on the backbone and set up dynamic LSP tunnel between the PE and the ASBR-PE of the same AS. Set up the LDP remote session if the PE and the ASBR-PE are not directly connected. Create the MPLS L2VC connection between a PE and an ASBR PE in an AS.
3.
Issue 03 (2008-09-22)
6-273
6 PWE3 Configuration
Data Preparation
To complete the configuration, you need the following data:
l l
Data for configuring IS-IS. IP addresses of the remote peers. (The specified IP address for a remote peer is usually the IP address of its loopback interface.) MPLS LSR-IDs of PEs and ASBR-PEs. The specified MPLS LSR-ID of PE or ASBR-PE is the IP address of the local loopback interface. L2VC-ID
Configuration Procedure
1. Configure the IGP on the MPLS backbone. Configure the IGP protocol for the MPLS backbone so that PEs and ASBR-PEs in the backbone can internetwork. Take IS-IS for an example. The configuration details are not mentioned here. After the configuration, the IS-IS neighbor relationship should have been set up between ASBR-PEs and PEs in the local ASs. Run the display isis peer command, and you can see the status of the neighbor relationship is Up. Take the display of ASBR-PE1 as an example.
<ASBR-PE1> display isis peer Peer information for ISIS(1) ---------------------------System Id Interface Circuit Id State HoldTime Type 0000.0000.0001 P1/0/0 0000000002 Up 28s L1L2 Total Peer(s): 1
PRI --
Run the display ip routing-table command, and you can see that PEs and ASBR-PEs in each corresponding AS have learnt the loopback addresses of each other. Take the display of ASBR-PE1 as an example.
<ASBR-PE1> display ip routing-table Route Flags: R - relied, D - download to fib -----------------------------------------------------------------------------Routing Tables: Public Destinations : 7 Routes : 7 Destination/Mask Proto Pre Cost Flags NextHop Interface 1.1.1.9/32 ISIS 15 10 D 10.1.1.1 Pos1/0/0 2.2.2.9/32 Direct 0 0 D 127.0.0.1 InLoopBack0 10.1.1.0/24 Direct 0 0 D 10.1.1.2 Pos1/0/0 10.1.1.1/32 Direct 0 0 D 10.1.1.1 Pos1/0/0 10.1.1.2/32 Direct 0 0 D 127.0.0.1 InLoopBack0 127.0.0.0/8 Direct 0 0 D 127.0.0.1 InLoopBack0 127.0.0.1/32 Direct 0 0 D 127.0.0.1 InLoopBack0
An ASBR-PE and a PE in the local AS can ping each other successfully. 2. Enable MPLS, configure the dynamic LSP, and set up MPLS LDP remote session. Configure basic MPLS functions for the MPLS backbone. Set up dynamic LDP LSP between a PE and an ASBR-PE in the same AS. After the configuration, an LSP tunnel is set up between each PE and ASBR-PE in the same AS. Take ASBR-PE1 as an example:
<ASBR-PE1> display mpls ldp session LDP Session(s) in Public Network ------------------------------------------------------------------------------
6-274
Issue 03 (2008-09-22)
6 PWE3 Configuration
KA-Sent/Rcv
-----------------------------------------------------------------------------1.1.1.9:0 Operational DU Active 000:00:19 79/79 -----------------------------------------------------------------------------TOTAL: 1 session(s) Found. LAM : Label Advertisement Mode SsnAge Unit : DDD:HH:MM
3.
Configure the MPLS L2VC connection. Configure the L2VC connection between the PE and the ASBR PE.
NOTE
PWE3 does not support P2MP. If the MPLS L2VC is created on an ATM sub-interface, the ATM sub-interface must be a P2P interface. For configuring transparent ATM cell transport, however, there is no such restriction.
# Configure PE1.
[PE1] mpls l2vpn [PE1-l2vpn] quit [PE1] interface pos1/0/0 [PE1-Pos1/0/0] mpls l2vc 2.2.2.9 100 [PE1-Pos1/0/0] undo shutdown [PE1-Pos1/0/0] quit
# Configure ASBR-PE1.
[ASBR-PE1] mpls l2vpn [ASBR-PE1-l2vpn] quit [ASBR-PE1] interface pos2/0/0 [ASBR-PE1-Pos2/0/0] mpls l2vc 1.1.1.9 100 [ASBR-PE1-Pos2/0/0] undo shutdown [ASBR-PE1-Pos2/0/0] quit
# Configure ASBR-PE2.
[ASBR-PE2] mpls l2vpn [ASBR-PE2-l2vpn] quit [ASBR-PE2] interface pos1/0/0 [ASBR-PE2-Pos1/0/0] mpls l2vc 4.4.4.9 100 [ASBR-PE2-Pos1/0/0] undo shutdown [ASBR-PE2-Pos1/0/0] quit
# Configure PE2.
[PE2] mpls l2vpn [PE2-l2vpn] quit [PE2] interface pos2/0/0 [PE2-Pos2/0/0] mpls l2vc 3.3.3.9 100 [PE2-Pos2/0/0] undo shutdown [PE2-Pos2/0/0] quit
# Configure CE1.
[CE1] interface pos1/0/0 [CE1-Pos1/0/0] ip address 100.1.1.1 255.255.255.0 [CE1-Pos1/0/0] undo shutdown [CE1-Pos1/0/0] quit
# Configure CE2.
[CE2] interface pos1/0/0 [CE2-Pos1/0/0] ip address 100.1.1.2 255.255.255.0 [CE2-Pos1/0/0] undo shutdown [CE2-Pos1/0/0] quit
4.
Verify the configuration. Check information about the L2VPN connection on the PE. You can view that an L2VC is set up and the VC status is Up. Take PE1 as an example:
<PE1> display mpls l2vc interface pos 1/0/0
Issue 03 (2008-09-22)
6-275
6 PWE3 Configuration
6-276
Issue 03 (2008-09-22)
6 PWE3 Configuration
CE1 and CE2 can ping through each other. Take the display of CE1 as an example:
<CE1> ping 100.1.1.2 PING 100.1.1.2: 56 data bytes, press CTRL_C to break Reply from 100.1.1.2: bytes=56 Sequence=1 ttl=255 time=430 Reply from 100.1.1.2: bytes=56 Sequence=2 ttl=255 time=220 Reply from 100.1.1.2: bytes=56 Sequence=3 ttl=255 time=190 Reply from 100.1.1.2: bytes=56 Sequence=4 ttl=255 time=190 Reply from 100.1.1.2: bytes=56 Sequence=5 ttl=255 time=190 --- 100.1.1.2 ping statistics --5 packet(s) transmitted 5 packet(s) received 0.00% packet loss round-trip min/avg/max = 190/244/430 ms ms ms ms ms ms
Configuration Files
l
Issue 03 (2008-09-22)
6-277
6 PWE3 Configuration
# mpls l2vpn # mpls ldp # isis 1 network-entity 10.0000.0000.0002.00 # interface Pos1/0/0 link-protocol ppp undo shutdown ip address 10.1.1.2 255.255.255.0 isis enable 1 mpls mpls ldp # interface Pos2/0/0 link-protocol ppp undo shutdown mpls l2vc 1.1.1.9 100 # interface LoopBack0 ip address 2.2.2.9 255.255.255.255 isis enable 1 # return l
6-278
Issue 03 (2008-09-22)
6 PWE3 Configuration
Issue 03 (2008-09-22)
6-279
6 PWE3 Configuration
PE1
ASBR -PE1
ASBR -PE2
PE2
POS1/0/0 100.1.1.1/24
POS1/0/0 100.1.1.2/24
CE1
CE2
Configuration Roadmap
The configuration roadmap is as follows: 1. 2. 3. 4. 5. 6. Run the same IGP on routers of the same AS on the PSN backbone to realize interconnectivity of routers of the same AS. Configure MPLS on routers in PSN backbone and set up a dynamic LSP between PE and ASBR-PE of the same AS. Establish IBGP peer relationship between PE and ASBR-PE of the same AS and establish EBGP peer relationship between each pair of ASBR-PEs. Configure the routing policy on each ASBR-PE and enable the labeled routing. Set up MPLS LDP remote peer relationship between PE1and PE2. Create the MPLS L2VC connection between PE1 and PE2.
Data Preparation
To complete the configuration, you need the following data.
l l
Data for IS-IS IP addresses of the remote peers. (The specified IP address for a remote peer is usually the IP address of its loopback interface.) MPLS LSR-IDs of PE and ASBR-PE. (The specified MPLS LSR-ID of PE or ASBR-PE is the IP address of the local loopback interface.) L2VC-ID Route policy on ASBR-PE
l l
Configuration Procedure
1. Configure the IGP protocol for the backbone. Configure the IGP protocol for the MPLS backbone so that PEs and Ps in the backbone can internetwork. Take IS-IS for an example.
6-280 Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd. Issue 03 (2008-09-22)
6 PWE3 Configuration
The configuration details are not mentioned here. Make sure that IS-IS is also enable on loopback 0. After the configuration, the IS-IS neighbor relationship should have been set up between each PE and ASBR-PE in the same AS. Run the display isis peer command, and you can see the status of the neighbor relationship is Up. Take the display of PE1 as an example:
<PE1> display isis peer Peer information for ISIS(1) ---------------------------System Id Interface Circuit Id State HoldTime Type 0000.0000.0002 P2/0/0 0000000002 Up 24s L1L2 Total Peer(s): 1 PRI --
Run the display ip routing-table command, and you can see that PEs and ASBR-PEs in each corresponding zone have learnt the loopback addresses of each other. Take the display of PE1 as an example:
<PE1> display ip routing-table Route Flags: R - relied, D - download to fib -----------------------------------------------------------------------------Routing Tables: Public Destinations : 7 Routes : 7 Destination/Mask Proto Pre Cost Flags NextHop Interface 1.1.1.9/32 Direct 0 0 D 127.0.0.1 InLoopBack0 2.2.2.9/32 ISIS 15 10 D 10.1.1.2 Pos2/0/0 10.1.1.0/24 Direct 0 0 D 10.1.1.1 Pos2/0/0 10.1.1.1/32 Direct 0 0 D 127.0.0.1 InLoopBack0 10.1.1.2/32 Direct 0 0 D 10.1.1.2 Pos2/0/0 127.0.0.0/8 Direct 0 0 D 127.0.0.1 InLoopBack0 127.0.0.1/32 Direct 0 0 D 127.0.0.1 InLoopBack0
ASBR-PEs and PEs in the same AS can ping through the loopback 0 interface of each other.Take ASBR-PE1 as an example:
<ASBR-PE1> ping 1.1.1.9 PING 1.1.1.9: 56 data bytes, press CTRL_C to break Reply from 1.1.1.9: bytes=56 Sequence=1 ttl=255 time=47 Reply from 1.1.1.9: bytes=56 Sequence=2 ttl=255 time=31 Reply from 1.1.1.9: bytes=56 Sequence=3 ttl=255 time=31 Reply from 1.1.1.9: bytes=56 Sequence=4 ttl=255 time=31 Reply from 1.1.1.9: bytes=56 Sequence=5 ttl=255 time=31 --- 1.1.1.9 ping statistics --5 packet(s) transmitted 5 packet(s) received 0.00% packet loss round-trip min/avg/max = 31/34/47 ms ms ms ms ms ms
2.
Enable MPLS and set up LSP tunnels. Enable MPLS on PEs and ASBR-PEs in the same AS, and set up LDP LSPs. The configuration details are not mentioned here. After the configuration, the LDP neighbor relationship should have been set up between each PE and ASBR-PE in the same AS zone. Run the display mpls ldp session command on PEs and ASBR-PEs, and you can see that the Session State is Operational. Take PE1 as an example:
<PE1> display mpls ldp session LDP Session(s) in Public Network --------------------------------------------------------------------Peer-ID Status LAM SsnRole SsnAge KA-Sent/Rcv ---------------------------------------------------------------------2.2.2.9:0 Operational DU Passive 000:00:00 2/2 ---------------------------------------------------------------------TOTAL: 1 session(s) Found LAM : Label Advertisement Mode SsnAge Unit : DDD:HH:MM
Issue 03 (2008-09-22)
6-281
6 PWE3 Configuration
3.
Configure MP-BGP. Configure MP-IBGP between PE1 and ASBR-PE1, and PE2 and ASBR-PE2.Configure MP-IBGP between ASBR-PE1 and ASBR-PE2. Make sure that loopback 0 route of PEs in the local AS are advertised to the peer ASBRPEs.
NOTE
If the link between ASBR-PEs is not of P2P type, ASBR-PEs should advertise to the peer ASBRPEs the network segments between them.
# Configure PE1.
[PE1] bgp [PE1-bgp] [PE1-bgp] [PE1-bgp] [PE1-bgp] 100 peer 2.2.2.9 as-number 100 peer 2.2.2.9 label-route-capability peer 2.2.2.9 connect-interface loopback0 quit
# Configure ASBR-PE1. When advertising the routes received from PEs in the local AS to the peer ASBR PEs, the local ASBR PE allocates MPLS labels to the routes. If the routes advertised to PEs in the local AS are labeled IPv4 routes, the local ASBR PE allocates MPLS labels to them.
[ASBR-PE1] interface pos 2/0/0 [ASBR-PE1-Pos2/0/0] mpls [ASBR-PE1-Pos2/0/0] undo shutdown [ASBR-PE1-Pos2/0/0] quit [ASBR-PE1] route-policy policy1 permit node 1 [ASBR-PE1-route-policy] if-match mpls-label [ASBR-PE1-route-policy] apply mpls-label [ASBR-PE1-route-policy] quit [ASBR-PE1] route-policy policy2 permit node 1 [ASBR-PE1-route-policy] apply mpls-label [ASBR-PE1-route-policy] quit [ASBR-PE1] bgp 100 [ASBR-PE1-bgp] network 1.1.1.9 32 [ASBR-PE1-bgp] peer 1.1.1.9 as-number 100 [ASBR-PE1-bgp] peer 1.1.1.9 route-policy policy1 export [ASBR-PE1-bgp] peer 1.1.1.9 label-route-capability [ASBR-PE1-bgp] peer 1.1.1.9 connect-interface loopback0 [ASBR-PE1-bgp] peer 20.1.1.2 as-number 200 [ASBR-PE1-bgp] peer 20.1.1.2 route-policy policy2 export [ASBR-PE1-bgp] peer 20.1.1.2 label-route-capability [ASBR-PE1-bgp] peer 20.1.1.2 connect-interface pos2/0/0 [ASBR-PE1-bgp] quit
# Configure ASBR-PE2. When advertising the routes received from PEs in the local ASs to the peer ASBR PEs, the local ASBR PE allocates MPLS labels to the routes. If the routes advertised to PEs in the local ASs are labeled IPv4 routes, the local ASBR PE allocates MPLS labels to them.
[ASBR-PE2] interface pos 1/0/0 [ASBR-PE2-Pos1/0/0] mpls [ASBR-PE2-Pos1/0/0] undo shutdown [ASBR-PE2-Pos1/0/0] quit [ASBR-PE2] route-policy policy1 permit node 1 [ASBR-PE2-route-policy] if-match mpls-label [ASBR-PE2-route-policy] apply mpls-label [ASBR-PE2-route-policy] quit [ASBR-PE2] route-policy policy2 permit node 1 [ASBR-PE2-route-policy] apply mpls-label [ASBR-PE2-route-policy] quit [ASBR-PE2-bgp] bgp 200 [ASBR-PE2-bgp] network 4.4.4.9 32 [ASBR-PE2-bgp] peer 20.1.1.1 as-number 100 [ASBR-PE2-bgp] peer 20.1.1.1 route-policy policy2 export [ASBR-PE2-bgp] peer 20.1.1.1 label-route-capability
6-282
Issue 03 (2008-09-22)
6 PWE3 Configuration
# Configure PE2.
[PE2] bgp [PE2-bgp] [PE2-bgp] [PE2-bgp] [PE2-bgp] 200 peer 3.3.3.9 as-number 200 peer 3.3.3.9 label-route-capability peer 3.3.3.9 connect-interface loopback0 quit
After the configuration, run the display bgp peer command on ASBRs, and you can see that the status of IBGP sessions between PEs and ASBR PEs of the same AS is Established; the status of EBGP sessions between and ASBR PEs is also Established.
<ASBR-PE1> display bgp peer BGP local router ID : 2.2.2.9 Local AS number : 100 Total number of peers : 2 Peer V AS MsgRcvd 1.1.1.9 4 100 14 20.1.1.2 4 200 16
MsgSent 17 18
Peers in established state : 2 OutQ Up/Down State PrefRcv 0 00:12:49 Established 0 0 00:12:57 Established 1
Run the display ip routing command on PEs, and you can see that PEs have the BGP routes to the loopback interfaces of the peer PEs. Take the display of PE1 as an example.
<PE1> display ip routing-table Route Flags: R - relied, D - download to fib -----------------------------------------------------------------------------Routing Tables: Public Destinations : 8 Routes : 8 Destination/Mask Proto Pre Cost Flags NextHop Interface 1.1.1.9/32 Direct 0 0 D 127.0.0.1 InLoopBack0 2.2.2.9/32 ISIS 15 10 D 10.1.1.2 Pos2/0/0 4.4.4.9/32 BGP 255 10 RD 2.2.2.9 Pos2/0/0 10.1.1.0/24 Direct 0 0 D 10.1.1.1 Pos2/0/0 10.1.1.1/32 Direct 0 0 D 127.0.0.1 InLoopBack0 10.1.1.2/32 Direct 0 0 D 10.1.1.2 Pos2/0/0 127.0.0.0/8 Direct 0 0 D 127.0.0.1 InLoopBack0 127.0.0.1/32 Direct 0 0 D 127.0.0.1 InLoopBack0
4.
Set up the remote LDP session between PE1 and PE2. # Configure PE1.
[PE1] mpls ldp remote-peer 4.4.4.9 [PE1-mpls-ldp-remote-4.4.4.9] remote-ip 4.4.4.9 [PE1-mpls-ldp-remote-4.4.4.9] quit
# Configure PE2.
[PE2] mpls ldp remote-peer 1.1.1.9 [PE2-mpls-ldp-remote-1.1.1.9] remote-ip 1.1.1.9 [PE2-mpls-ldp-remote-1.1.1.9] quit
After the configuration, the LDP neighbor relationship should have been set up between PEs in different ASs. Run the display mpls ldp session command on PEs, and you can see that the Session State is Operational. Take PE1 as an example:
<PE1> display mpls ldp session LDP Session(s) in Public Network -----------------------------------------------------------------------------Peer-ID Status LAM SsnRole SsnAge KA-Sent/Rcv -----------------------------------------------------------------------------2.2.2.9:0 Operational DU Passive 000:00:21 87/87 4.4.4.9:0 Operational DU Passive 000:00:18 75/75
Issue 03 (2008-09-22)
6-283
6 PWE3 Configuration
-----------------------------------------------------------------------------TOTAL: 2 session(s) Found. LAM : Label Advertisement Mode SsnAge Unit : DDD:HH:MM
5.
The PWE3 does not support P2MP. Therefore, if MPLS L2VC is created on ATM sub-interfaces, ATM sub-interfaces must be of P2P type. For configuring transparent ATM cell transport, however, there is no such restriction.
# Configure PE1.
[PE1] mpls l2vpn [PE1-l2vpn] quit [PE1] interface pos 1/0/0 [PE1-Pos1/0/0] mpls l2vc 4.4.4.9 100 [PE1-Pos1/0/0] undo shutdown [PE1-Pos1/0/0] quit
# Configure PE2.
[PE2] mpls l2vpn [PE2-l2vpn] quit [PE2] interface pos 2/0/0 [PE2-Pos2/0/0] mpls l2vc 1.1.1.9 100 [PE2-Pos2/0/0] undo shutdown [PE2-Pos2/0/0] quit
# Configure CE1.
[CE-1] interface pos 1/0/0 [CE-1-Pos1/0/0] ip address 100.1.1.1 255.255.255.0 [CE-1-Pos1/0/0] undo shutdown [CE-1-Pos1/0/0] quit
# Configure CE2.
[CE-2] interface pos 1/0/0 [CE-2-Pos1/0/0] ip address 100.1.1.2 255.255.255.0 [CE-2-Pos1/0/0] undo shutdown [CE-2-Pos1/0/0] quit
6.
Verify the configuration. Check the information about L2VPN on PE1. You can find that an L2VC has been established, and the "VC state" is "up". Take PE1 as an example:
<PE1> display mpls l2vc interface pos 1/0/0 *client interface : Pos1/0/0 is up session state : up AC state : up VC state : up VC ID : 100 VC type : PPP destination : 4.4.4.9 local group ID : 0 remote group ID local VC label : 21505 remote VC label local AC OAM State : up local PSN State : up local forwarding state : forwarding remote AC OAM state : up remote PSN state : up remote forwarding state: forwarding BFD for PW : unavailable manual fault : not set active state : active forwarding entry : exist link state : up
: 0 : 21505
6-284
Issue 03 (2008-09-22)
6 PWE3 Configuration
4470 remote VC MTU : 4470 Disable Disable disable remote fragmentantion: disable disable remote control word : disable ---primary 1 tunnels/tokens , TNL ID : 0x2002002 : 0 days, 0 hours, 10 minutes, 24 seconds : 0 days, 0 hours, 6 minutes, 10 seconds : 0 days, 0 hours, 6 minutes, 10 seconds
CE1 and CE2 should have the path to each other, and can ping through each other. Take CE1 as an example:
<CE1> display ip routing-table Route Flags: R - relied, D - download to fib -----------------------------------------------------------------------------Routing Tables: Public Destinations : 5 Routes : 5 Destination/Mask Proto Pre Cost Flags NextHop Interface 100.1.1.0/24 Direct 0 0 D 100.1.1.1 Pos1/0/0 100.1.1.1/32 Direct 0 0 D 127.0.0.1 InLoopBack0 100.1.1.2/32 Direct 0 0 D 100.1.1.2 Pos1/0/0 127.0.0.0/8 Direct 0 0 D 127.0.0.1 InLoopBack0 127.0.0.1/32 Direct 0 0 D 127.0.0.1 InLoopBack0 <CE1> ping 100.1.1.2 PING 100.1.1.2: 56 data bytes, press CTRL_C to break Reply from 100.1.1.2: bytes=56 Sequence=1 ttl=255 time=310 ms Reply from 100.1.1.2: bytes=56 Sequence=2 ttl=255 time=130 ms Reply from 100.1.1.2: bytes=56 Sequence=3 ttl=255 time=190 ms Reply from 100.1.1.2: bytes=56 Sequence=4 ttl=255 time=190 ms Reply from 100.1.1.2: bytes=56 Sequence=5 ttl=255 time=150 ms --- 100.1.1.2 ping statistics --5 packet(s) transmitted 5 packet(s) received 0.00% packet loss round-trip min/avg/max = 130/194/310 ms
Configuration Files
l
Issue 03 (2008-09-22)
6-285
6 PWE3 Configuration
isis 1 network-entity 10.0000.0000.0001.00 # interface Pos1/0/0 link-protocol ppp undo shutdown mpls l2vc 4.4.4.9 100 # interface Pos2/0/0 link-protocol ppp undo shutdown ip address 10.1.1.1 255.255.255.0 isis enable 1 mpls mpls ldp # interface LoopBack0 ip address 1.1.1.9 255.255.255.255 isis enable 1 # bgp 100 peer 2.2.2.9 as-number 100 peer 2.2.2.9 connect-interface LoopBack0 # ipv4-family unicast undo synchronization peer 2.2.2.9 enable peer 2.2.2.9 label-route-capability # return l
6-286
Issue 03 (2008-09-22)
6 PWE3 Configuration
# route-policy policy1 permit node 1 if-match mpls-label apply mpls-label # route-policy policy2 permit node 1 apply mpls-label # return l
Issue 03 (2008-09-22)
6-287
6 PWE3 Configuration
return l
6-288
Issue 03 (2008-09-22)
6 PWE3 Configuration
Networking Requirement
Figure 6-34 Networking diagram for interface-based remote ATM transparent cell transport
Loopback1 1.1.1.9/32 Loopback1 2.2.2.9/32 Loopback1 3.3.3.9/32 POS1/0/0 100.1.2.2/24 P POS2/0/0 100.1.2.1/24
PE1 ATM2/0/0
PE2 ATM2/0/0
ATM1/0/0.1 ATM1/0/0.2 PVC1:1/100 PVC1:2/200 10.1.1.1/24 10.1.2.1/24 CE1 ATM Netw ork
ATM1/0/0.1 ATM1/0/0.2 PVC1:1/100 PVC1:2/200 10.1.1.2/24 10.1.2.2/24 CE2 ATM Netw ork
The ATM interfaces of the local router CE1 access the MPLS network through PE1 and connected with CE2 through PE2. CE1 and CE2 set up a VC that crosses the MPLS network. As shown in Figure 6-34, PE1, P, and PE2 emulate the leased line between the ATM interfaces of the two remote CEs and the PW connects the ATM interfaces of CE1 and CE2, cells need not be processed on the VPC/VCC. All the ATM cells on CE1 interfaces are transparently transported to the ATM interfaces of CE2 through the ISP network.
Configuration Roadmap
The configuration roadmap is as follows: 1. 2. 3. 4. 5. Configure a routing policy on the devices (PEs and Ps) of the backbone and enable MPLS. Adopt the default tunnel policy and set up the LSP as the tunnel to transmit user data. Enable MPLS L2VPN on the PE and set up the VC connection. Enable the ATM interfaces on the CE and configure the IPoA mapping. Enable the whole port ATM cell transport on the ATM interfaces that connect the PE and the CE.
Data Preparation
To complete the configuration, you need the following data:
l l l l
Data for configuring OSPF Name of the remote PE peer VC ID VPI/VCI value of the CE
Issue 03 (2008-09-22)
6-289
6 PWE3 Configuration
Configuration Procedure
1. Enable the ATM interfaces on the CEs. # Configure CE1.
<Quidway> system-view [Quidway] sysname CE1 [CE1] interface atm 1/0/0 [CE1-Atm1/0/0] undo shutdown [CE1-Atm1/0/0] quit [CE1] interface atm 1/0/0.1 [CE1-Atm1/0/0.1] ip address 10.1.1.1 24 [CE1-Atm1/0/0.1] pvc 1/100 [CE1-atm-pvc-Atm1/0/0.1-1/100] map ip 10.1.1.2 [CE1-atm-pvc-Atm1/0/0.1-1/100] quit [CE1-Atm1/0/0.1] undo shutdown [CE1-Atm1/0/0.1] quit [CE1] interface atm 1/0/0.2 [CE1-Atm1/0/0.2] ip address 10.1.2.1 24 [CE1-Atm1/0/0.2] pvc 2/200 [CE1-atm-pvc-Atm1/0/0.2-2/200] map ip 10.1.2.2 [CE1-atm-pvc-Atm1/0/0.2-2/200] quit [CE1-Atm1/0/0.2] undo shutdown [CE1-Atm1/0/0.2] quit
# Configure CE2.
<Quidway> system-view [Quidway] sysname CE2 [CE2] interface atm 1/0/0 [CE2-Atm1/0/0] undo shutdown [CE2-Atm1/0/0] quit [CE2] interface atm 1/0/0.1 [CE2-Atm1/0/0.1] ip address 10.1.1.2 24 [CE2-Atm1/0/0.1] pvc 1/100 [CE2-atm-pvc-Atm1/0/0.1-1/100] map ip 10.1.1.1 [CE2-atm-pvc-Atm1/0/0.1-1/100] quit [CE2-Atm1/0/0.1] undo shutdown [CE2-Atm1/0/0.1] quit [CE2] interface atm 1/0/0.2 [CE2-Atm1/0/0.2] ip address 10.1.2.2 24 [CE2-Atm1/0/0.2] pvc 2/200 [CE2-atm-pvc-Atm1/0/0.2-2/200] map ip 10.1.2.1 [CE2-atm-pvc-Atm1/0/0.2-2/200] quit [CE2-Atm1/0/0.2] undo shutdown [CE2-Atm1/0/0.2] quit
2.
Configure the IGP on the MPLS backbone network. Configure the IGP for the MPLS backbone. Take OSPF as an example. # Configure PE1.
[PE1] interface loopback 1 [PE1-LoopBack1] ip address 1.1.1.9 32 [PE1-LoopBack1] quit [PE1] interface pos 1/0/0 [PE1-Pos1/0/0] ip address 100.1.1.1 24 [PE1-Pos1/0/0] undo shutdown [PE1-Pos1/0/0] quit [PE1] ospf 1 [PE1-ospf-1] area 0 [PE1-ospf-1-area-0.0.0.0] network 1.1.1.9 0.0.0.0 [PE1-ospf-1-area-0.0.0.0] network 100.1.1.0 0.0.0.255
# Configure P.
[P] interface loopback 1 [P-LoopBack1] ip address 2.2.2.9 32 [P-LoopBack1] quit [P] interface pos 1/0/0 [P-Pos1/0/0] ip address 100.1.1.2 24
6-290
Issue 03 (2008-09-22)
6 PWE3 Configuration
# Configure PE2.
[PE2] interface loopback 1 [PE2-LoopBack1] ip address 3.3.3.9 32 [PE2-LoopBack1] quit [PE2] interface pos 1/0/0 [PE2-Pos1/0/0] ip address 100.1.2.2 30 [PE2-Pos1/0/0] undo shutdown [PE2-Pos1/0/0] quit [PE2] ospf 1 [PE2-ospf-1] area 0 [PE2-ospf-1-area-0.0.0.0] network 3.3.3.9 0.0.0.0 [PE2-ospf-1-area-0.0.0.0] network 100.1.2.0 0.0.0.255
After the configuration, run the display ip routing-table command on PEs, and you can see that PE1 and PE2 have learnt the loopback address of each other. Take the display of PE1 as an example:
<PE1> display ip routing-table Route Flags: R - relied, D - download to fib -----------------------------------------------------------------------------Routing Tables: Public Destinations : 9 Routes : 9 Destination/Mask Proto Pre Cost Flags NextHop Interface 1.1.1.9/32 Direct 0 0 D 127.0.0.1 InLoopBack0 2.2.2.9/32 OSPF 10 2 D 100.1.1.2 Pos1/0/0 3.3.3.9/32 OSPF 10 3 D 100.1.1.2 Pos1/0/0 100.1.1.0/24 Direct 0 0 D 100.1.1.1 Pos1/0/0 100.1.1.1/32 Direct 0 0 D 127.0.0.1 InLoopBack0 100.1.1.2/32 Direct 0 0 D 100.1.1.2 Pos1/0/0 100.1.2.0/24 OSPF 10 2 D 100.1.1.2 Pos1/0/0 127.0.0.0/8 Direct 0 0 D 127.0.0.1 InLoopBack0 127.0.0.1/32 Direct 0 0 D 127.0.0.1 InLoopBack0
3.
Configure the basic MPLS functions and LDP on the MPLS backbone network. # Configure PE1.
[PE1] mpls lsr-id 1.1.1.9 [PE1] mpls [PE1-mpls] quit [PE1] mpls ldp [PE1-mpls-ldp] quit [PE1] interface pos 1/0/0 [PE1-Pos1/0/0] mpls [PE1-Pos1/0/0] mpls ldp [PE1-Pos1/0/0] quit
# Configure P.
[P] mpls lsr-id 2.2.2.9 [P] mpls [P-mpls] quit [P] mpls ldp [P-mpls-ldp] quit [P] interface pos 1/0/0 [P-Pos1/0/0] mpls [P-Pos1/0/0] mpls ldp [P-Pos1/0/0] quit [P] interface pos 2/0/0 [P-Pos2/0/0] mpls
Issue 03 (2008-09-22)
6-291
6 PWE3 Configuration
[P-Pos2/0/0] mpls ldp [P-Pos2/0/0] quit
# Configure PE2.
[PE2] mpls lsr-id 3.3.3.9 [PE2] mpls [PE2-mpls] quit [PE2] mpls ldp [PE2-mpls-ldp] quit [PE2] interface pos 1/0/0 [PE2-Pos1/0/0] mpls [PE2-Pos1/0/0] mpls ldp [PE2-Pos1/0/0] quit
4.
Set up the remote LDP session between the PEs. # Configure PE1.
[PE1] mpls ldp remote-peer 3.3.3.9 [PE1-mpls-ldp-remote-3.3.3.9] remote-ip 3.3.3.9 [PE1-mpls-ldp-remote-3.3.3.9] quit
# Configure PE2.
[PE2] mpls ldp remote-peer 1.1.1.9 [PE2-mpls-ldp-remote-1.1.1.9] remote-ip 1.1.1.9 [PE2-mpls-ldp-remote-1.1.1.9] quit
After the configuration, run the display mpls ldp session command on PEs, and you can see that the status of the remote LDP peer relationship between PEs is Operational. That is, the remote peer relationship has been set up. Take the display of PE1 as an example.
<PE1> display mpls ldp session LDP Session(s) in Public Network -----------------------------------------------------------------------------Peer-ID Status LAM SsnRole SsnAge KA-Sent/Rcv -----------------------------------------------------------------------------2.2.2.9:0 Operational DU Passive 000:00:05 24/24 3.3.3.9:0 Operational DU Passive 000:00:05 22/22 -----------------------------------------------------------------------------TOTAL: 2 session(s) Found. LAM : Label Advertisement Mode SsnAge Unit : DDD:HH:MM
5.
Enable MPLS L2VPN on the PEs and configure the interface-based remote transparent ATM cell transport function. # Configure PE1.
[PE1] mpls l2vpn [PE1-l2vpn] quit [PE1] interface atm2/0/0 [PE1-Atm2/0/0] atm cell transfer [PE1-Atm2/0/0] mpls l2vc 3.3.3.9 101 [PE1-Atm2/0/0] undo shutdown [PE1-Atm2/0/0] quit
# Configure PE2.
[PE2] mpls l2vpn [PE2-l2vpn] quit [PE2] interface atm2/0/0 [PE2-Atm2/0/0] atm cell transfer [PE2-Atm2/0/0] mpls l2vc 1.1.1.9 101 [PE2-Atm2/0/0] undo shutdown [PE2-Atm2/0/0] quit
6.
Verify the configuration. Check information about the L2VPN connection on the PE. You can view that an L2VC is set up and the VC status is Up.
6-292
Issue 03 (2008-09-22)
6 PWE3 Configuration
CE1 and CE2 can ping through each other. Take the display of CE1 as an example:
<CE1> ping 10.1.1.2 PING 10.1.1.2: 56 data bytes, press CTRL_C to break Reply from 10.1.1.2: bytes=56 Sequence=1 ttl=255 time=31 ms Reply from 10.1.1.2: bytes=56 Sequence=2 ttl=255 time=10 ms Reply from 10.1.1.2: bytes=56 Sequence=3 ttl=255 time=5 ms Reply from 10.1.1.2: bytes=56 Sequence=4 ttl=255 time=2 ms Reply from 10.1.1.2: bytes=56 Sequence=5 ttl=255 time=28 ms --- 10.1.1.2 ping statistics --5 packet(s) transmitted 5 packet(s) received 0.00% packet loss round-trip min/avg/max = 2/15/31 ms <CE1> ping 10.1.2.2 PING 10.1.2.2: 56 data bytes, press CTRL_C to break Reply from 10.1.2.2: bytes=56 Sequence=1 ttl=255 time=31 ms Reply from 10.1.2.2: bytes=56 Sequence=2 ttl=255 time=10 ms Reply from 10.1.2.2: bytes=56 Sequence=3 ttl=255 time=5 ms Reply from 10.1.2.2: bytes=56 Sequence=4 ttl=255 time=2 ms Reply from 10.1.2.2: bytes=56 Sequence=5 ttl=255 time=28 ms --- 10.1.2.2 ping statistics --5 packet(s) transmitted 5 packet(s) received 0.00% packet loss round-trip min/avg/max = 2/15/31 ms
Configuration Files
l
Issue 03 (2008-09-22)
6 PWE3 Configuration
# sysname CE1 # interface Atm1/0/0.1 undo shutdown ip address 10.1.1.1 255.255.255.0 pvc 1/100 map ip 10.1.1.2 # interface Atm1/0/0.2 undo shutdown ip address 10.1.2.1 255.255.255.0 pvc 2/200 map ip 10.1.2.2 # return l
Configuration file of P
# sysname P # mpls lsr-id 2.2.2.9 mpls # mpls ldp # interface Pos1/0/0 link-protocol ppp undo shutdown ip address 100.1.1.2 255.255.255.0 mpls mpls ldp # interface Pos2/0/0
6-294
Issue 03 (2008-09-22)
6 PWE3 Configuration
Issue 03 (2008-09-22)
6-295
6 PWE3 Configuration
return
PE2 ATM2/0/0
The ATM interfaces of the local router CE1 access the MPLS network through PE1 and connected with CE2 through PE2. CE1 and CE2 set up a VC that crosses the MPLS network. CE1 and CE2 access PE1 and PE2 through the ATM link. Figure 6-35 shows the PVC values and IP addresses. It is required that the PW between PE1, P, and PE2 carries cells of only one ATM VCC between CE1 and CE2. ATM cells between CE1 and CE2 can be transparently transmitted through the ISP network.
Configuration Roadmap
The configuration roadmap is as follows: 1. 2. 3. 4. 5. Configure a routing policy on the devices (PEs and Ps) of the backbone and enable MPLS. Adopt the default tunnel policy and set up the LSP as the tunnel to transmit user data. Enable MPLS L2VPN on the PE and set up the VC connection. Enable the ATM interfaces on the CE and configure the IPoA mapping. On each PE, enable the 1-to-1 VCC ATM cell transport on the ATM sub-interfaces that connect the PE and the CE.
Data Preparation
To complete the configuration, you need the following data:
l l
6-296
6 PWE3 Configuration
Configuration Procedure
1. Enable the ATM interfaces on the CEs. # Configure CE1.
<Quidway> system-view [Quidway] sysname CE1 [CE1] interface atm 1/0/0 [CE1-Atm1/0/0] undo shutdown [CE1-Atm1/0/0] quit [CE1] interface atm 1/0/0.1 [CE1-Atm1/0/0.1] ip address 100.1.1.1 24 [CE1-Atm1/0/0.1] pvc 1/100 [CE1-atm-pvc-Atm1/0/0.1-1/100] map ip 100.1.1.2 [CE1-atm-pvc-Atm1/0/0.1-1/100] quit [CE1-Atm1/0/0.1] undo shutdown [CE1-Atm1/0/0.1] quit
# Configure CE2.
<Quidway> system-view [Quidway] sysname CE2 [CE2] interface atm 1/0/0 [CE2-Atm1/0/0] undo shutdown [CE2-Atm1/0/0] quit [CE2] interface atm 1/0/0.1 [CE2-Atm1/0/0.1] ip address 100.1.1.2 24 [CE2-Atm1/0/0.1] pvc 1/100 [CE2-atm-pvc-Atm1/0/0.1-1/100] map ip 100.1.1.1 [CE2-atm-pvc-Atm1/0/0.1-1/100] quit [CE2-Atm1/0/0.1] undo shutdown [CE2-Atm1/0/0.1] quit
2.
Configure the IGP on the MPLS backbone. Configure IP addresses for the interfaces of PEs and P. For details, see Figure 6-35. Configure the IGP for the MPLS backbone. Take OSPF as an example. While configuring OSPF, advertise the 32-bit loopback addresses of PE1, P, and PE2. For configuration details, see "Example for Configuring Interface-based Remote ATM Cell Transport."
3.
Configure the basic MPLS functions and LDP on the MPLS backbone network. For configuration details, see "Example for Configuring Interface-based Remote ATM Cell Transport."
4.
Set up the remote LDP session between the PEs. For configuration details, see "Example for Configuring Interface-based Remote ATM Cell Transport."
5.
Enable MPLS L2VPN on the PEs and configure the interface-based remote transparent ATM cell transport function. # Configure PE1.
[PE1] mpls l2vpn [PE1-l2vpn] quit [PE1] interface atm 2/0/0 [PE1-Atm2/0/0] undo shutdown [PE1-Atm2/0/0] quit [PE1] interface atm2/0/0.1 p2p [PE1-Atm2/0/0.1] atm cell transfer [PE1-Atm2/0/0.1] pvc 1/100 [PE1-atm-pvc-Atm2/0/0.1-1/100] quit
Issue 03 (2008-09-22)
6-297
6 PWE3 Configuration
[PE1-Atm2/0/0.1] mpls l2vc 3.3.3.9 101 [PE1-Atm2/0/0.1] undo shutdown [PE1-Atm2/0/0.1] quit
# Configure PE2.
[PE2] mpls l2vpn [PE2-l2vpn] quit [PE2] interface atm 2/0/0 [PE2-Atm2/0/0] undo shutdown [PE2-Atm2/0/0] quit [PE2] interface atm2/0/0.1 p2p [PE2-Atm2/0/0.1] atm cell transfer [PE2-Atm2/0/0.1] pvc 1/100 [PE2-atm-pvc-Atm2/0/0.1-1/100] quit [PE2-Atm2/0/0.1] mpls l2vc 1.1.1.9 101 [PE2-Atm1/0/0.1] undo shutdown [PE2-Atm1/0/0.1] quit
6.
Verify the configuration. Check information about the L2VPN connection on the PE. You can view that an L2VC is set up and the VC status is Up. Take PE1 as an example:
<PE1> display mpls l2vc interface atm 2/0/0.1 *client interface : Atm2/0/0.1 is up session state : up AC state : up VC state : up VC ID : 101 VC type : ATM 1to1 VCC destination : 3.3.3.9 local group ID : 0 remote group ID : 0 local VC label : 140288 remote VC label : 140288 local AC OAM State : up local PSN State : up local forwarding state : forwarding remote AC OAM state : up remote PSN state : up remote forwarding state: forwarding BFD for PW : unavailable manual fault : not set active state : active forwarding entry : exist link state : up local VC MTU : 1500 remote VC MTU : 0 local VCCV : Disable remote VCCV : Disable local fragmentantion : disable remote fragmentantion: disable local control word : enable remote control word : enable tunnel policy : -traffic behavior : -PW template name : -primary or secondary : primary VC tunnel/token info : 1 tunnels/tokens NO.0 TNL type : lsp , TNL ID : 0x208000 create time : 0 days, 0 hours, 1 minutes, 5 seconds up time : 0 days, 0 hours, 0 minutes, 21 seconds last change time : 0 days, 0 hours, 0 minutes, 21 seconds
CE1 and CE2 can ping through each other. Take the display of CE1 as an example:
<CE1> ping 10.1.1.2 PING 10.1.1.2: 56 data bytes, press CTRL_C to break Reply from 10.1.1.2: bytes=56 Sequence=1 ttl=255 time=31 ms Reply from 10.1.1.2: bytes=56 Sequence=2 ttl=255 time=10 ms Reply from 10.1.1.2: bytes=56 Sequence=3 ttl=255 time=5 ms Reply from 10.1.1.2: bytes=56 Sequence=4 ttl=255 time=2 ms Reply from 10.1.1.2: bytes=56 Sequence=5 ttl=255 time=28 ms
6-298
Issue 03 (2008-09-22)
6 PWE3 Configuration
Configuration Files
l
Configuration file of P
# sysname P # mpls lsr-id 2.2.2.9
Issue 03 (2008-09-22)
6-299
6 PWE3 Configuration
mpls # mpls ldp # interface Pos1/0/0 link-protocol ppp undo shutdown ip address 100.1.1.2 255.255.255.0 mpls mpls ldp # interface Pos2/0/0 link-protocol ppp undo shutdown ip address 100.1.2.1 255.255.255.0 mpls mpls ldp # interface LoopBack1 ip address 2.2.2.9 255.255.255.255 # ospf 1 area 0.0.0.0 network 2.2.2.9 0.0.0.0 network 100.1.1.0 0.0.0.255 network 100.1.2.0 0.0.0.255 # return l
6-300
6 PWE3 Configuration
PE1 ATM2/0/0
PE2 ATM2/0/0
ATM1/0/0.1 ATM1/0/0.2 VC1:1/100 VC2:2/200 10.1.1.1/24 10.1.2.1/24 CE1 ATM Netw ork
ATM1/0/0.1 ATM1/0/0.2 VC1:1/100 VC2:2/200 10.1.1.2/24 10.1.2.2/24 CE2 ATM Netw ork
The ATM interfaces of the local router CE1 access the MPLS network through PE1 and connected with CE2 through PE2. CE1 and CE2 set up two VCs that cross the MPLS network. CE1 and CE2 access PE1 and PE2 through the ATM link. Figure 6-36 shows the PVC values and IP addresses. It is required that the two PWs between PE1, P, and PE2 carry cells of the two ATM VCCs between CE1 and CE2. ATM cells between CE1 and CE2 can be transparently transmitted through the ISP network.
Configuration Roadmap
The configuration roadmap is as follows: 1. 2. 3. 4.
Issue 03 (2008-09-22)
Configure a routing policy on the devices (PEs and Ps) of the backbone and enable MPLS. Adopt the default tunnel policy and set up the LSP as the tunnel to transmit user data. Enable MPLS L2VPN on the PE and set up the VC connection. Enable the ATM interfaces on the CE and configure the IPoA mapping.
Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd. 6-301
6 PWE3 Configuration
5.
On each PE, enable the N-to-1 VCC ATM cell transport on the ATM sub-interfaces that connect the PE and the CE.
Data Preparation
To complete the configuration, you need the following data:
l l l l
Data for configuring OSPF Name of the remote PE peer VC ID VPI/VCI value of the CE
Configuration Procedure
1. Enable the ATM interfaces on the CEs. # Configure CE1.
<Quidway> system-view [Quidway] sysname CE1 [CE1] interface atm 1/0/0 [CE1-Atm1/0/0] undo shutdown [CE1-Atm1/0/0] quit [CE1] interface atm 1/0/0.1 [CE1-Atm1/0/0.1] ip address 100.1.1.1 24 [CE1-Atm1/0/0.1] pvc 1/100 [CE1-atm-pvc-Atm1/0/0.1-1/100] map ip 100.1.1.2 [CE1-atm-pvc-Atm1/0/0.1-1/100] quit [CE1-Atm1/0/0.1] undo shutdown [CE1-Atm1/0/0.1] quit [CE1] interface atm 1/0/0.2 [CE1-Atm1/0/0.2] interface atm 1/0/0.2 [CE1-Atm1/0/0.2] ip address 100.1.2.1 24 [CE1-Atm1/0/0.2] pvc 2/200 [CE1-atm-pvc-Atm1/0/0.2-2/200] map ip 100.1.2.2 [CE1-atm-pvc-Atm1/0/0.2-2/200] quit [CE1-Atm1/0/0.2] undo shutdown [CE1-Atm1/0/0.2] quit
# Configure CE2.
<Quidway> system-view [Quidway] sysname CE2 [CE2] interface atm 1/0/0 [CE2-Atm1/0/0] undo shutdown [CE2-Atm1/0/0] quit [CE2] interface atm 1/0/0.1 [CE2-Atm1/0/0.1] ip address 100.1.1.2 [CE2-Atm1/0/0.1] pvc 1/100 [CE2-atm-pvc-Atm1/0/0.1-1/100] map ip [CE2-atm-pvc-Atm1/0/0.1-1/100] quit [CE2-Atm1/0/0.1] undo shutdown [CE2-Atm1/0/0.1] quit [CE2] interface atm 1/0/0.2 [CE2-Atm1/0/0.2] ip address 100.1.2.2 [CE2-Atm1/0/0.2] pvc 2/200 [CE2-atm-pvc-Atm1/0/0.2-2/200] map ip [CE2-atm-pvc-Atm1/0/0.2-2/200] quit [CE2-Atm1/0/0.2] undo shutdown [CE2-Atm1/0/0.2] quit
24 100.1.1.1
24 100.1.2.1
2.
Configure the IGP on the MPLS backbone. Configure IP addresses for the interfaces of PEs and P. For details, see Figure 6-36. Configure the IGP for the MPLS backbone. Take OSPF as an example. While configuring OSPF, advertise the 32-bit loopback addresses of PE1, P, and PE2.
6-302
Issue 03 (2008-09-22)
6 PWE3 Configuration
For configuration details, see "Example for Configuring Interface-based Remote ATM Cell Transport." 3. Configure the basic MPLS functions and LDP on the MPLS backbone network. For configuration details, see "Example for Configuring Interface-based Remote ATM Cell Transport." 4. Set up the remote LDP session between the PEs. For configuration details, see "Example for Configuring Interface-based Remote ATM Cell Transport." 5. Enable MPLS L2VPN on the PEs and configure the interface-based remote transparent ATM cell transport function. # Configure PE1.
[PE1] mpls l2vpn [PE1-l2vpn] quit [PE1] interface atm 2/0/0 [PE1-Atm2/0/0] undo shutdown [PE1-Atm2/0/0] quit [PE1] interface atm2/0/0.1 [PE1-Atm2/0/0.1] atm cell transfer [PE1-Atm2/0/0.1] pvc 1/100 [PE1-atm-pvc-Atm2/0/0.1-1/100] quit [PE1-Atm2/0/0.1] pvc 2/200 [PE1-atm-pvc-Atm2/0/0.1-2/200] quit [PE1-Atm2/0/0.1] mpls l2vc 3.3.3.9 101 [PE1-Atm2/0/0.1] undo shutdown [PE1-Atm2/0/0.1] quit
# Configure PE2.
[PE2] mpls l2vpn [PE2-l2vpn] quit [PE2] interface atm 2/0/0 [PE2-Atm2/0/0] undo shutdown [PE2-Atm2/0/0] quit [PE2] interface atm2/0/0.1 [PE2-Atm2/0/0.1] atm cell transfer [PE2-Atm2/0/0.1] pvc 1/100 [PE2-atm-pvc-Atm2/0/0.1-1/100] quit [PE2-Atm2/0/0.1] pvc 2/200 [PE2-atm-pvc-Atm2/0/0.1-2/200] quit [PE2-Atm2/0/0.1] mpls l2vc 1.1.1.9 101 [PE2-Atm2/0/0.1] undo shutdown [PE2-Atm2/0/0.1] quit
6.
Verify the configuration. Run the display mpls l2vc interface command on PEs to view the status of PWs, and you can see the status is up. Take the display of PE1 as an example.
<PE1> display mpls l2vc interface atm 2/0/0.1 *client interface : Atm2/0/0.1 is up session state : up AC state : up VC state : up VC ID : 101 VC type : ATM Nto1 VCC destination : 3.3.3.9 local group ID : 0 remote group ID local VC label : 140289 remote VC label local AC OAM State : up local PSN State : up local forwarding state : forwarding remote AC OAM state : up remote PSN state : up remote forwarding state: forwarding
: 0 : 140289
Issue 03 (2008-09-22)
6-303
6 PWE3 Configuration
BFD for PW manual fault active state forwarding entry link state local ATM cells local VCCV remote VCCV local fragmentantion local control word tunnel policy traffic behavior PW template name primary or secondary VC tunnel/token info NO.0 TNL type : lsp create time up time last change time : : : : : : : : : : : : : : :
CE1 and CE2 can ping through each other. Take the display of CE1 as an example:
<CE1> ping 10.1.1.2 PING 10.1.1.2: 56 data bytes, press CTRL_C to break Reply from 10.1.1.2: bytes=56 Sequence=1 ttl=255 time=31 ms Reply from 10.1.1.2: bytes=56 Sequence=2 ttl=255 time=10 ms Reply from 10.1.1.2: bytes=56 Sequence=3 ttl=255 time=5 ms Reply from 10.1.1.2: bytes=56 Sequence=4 ttl=255 time=2 ms Reply from 10.1.1.2: bytes=56 Sequence=5 ttl=255 time=28 ms --- 10.1.1.2 ping statistics --5 packet(s) transmitted 5 packet(s) received 0.00% packet loss round-trip min/avg/max = 2/15/31 ms <CE1> ping 10.1.2.2 PING 10.1.2.2: 56 data bytes, press CTRL_C to break Reply from 10.1.2.2: bytes=56 Sequence=1 ttl=255 time=31 ms Reply from 10.1.2.2: bytes=56 Sequence=2 ttl=255 time=10 ms Reply from 10.1.2.2: bytes=56 Sequence=3 ttl=255 time=5 ms Reply from 10.1.2.2: bytes=56 Sequence=4 ttl=255 time=2 ms Reply from 10.1.2.2: bytes=56 Sequence=5 ttl=255 time=28 ms --- 10.1.2.2 ping statistics --5 packet(s) transmitted 5 packet(s) received 0.00% packet loss round-trip min/avg/max = 2/15/31 ms
Configuration Files
l
6-304
Issue 03 (2008-09-22)
6 PWE3 Configuration
Configuration file of P
# sysname P # mpls lsr-id 2.2.2.9 mpls # mpls ldp # interface Pos1/0/0 link-protocol ppp undo shutdown ip address 100.1.1.2 255.255.255.0 mpls mpls ldp # interface Pos2/0/0 link-protocol ppp undo shutdown ip address 100.1.2.1 255.255.255.0 mpls mpls ldp # interface LoopBack1 ip address 2.2.2.9 255.255.255.255 # ospf 1
Issue 03 (2008-09-22)
6-305
6 PWE3 Configuration
area 0.0.0.0 network 2.2.2.9 0.0.0.0 network 100.1.1.0 0.0.0.255 network 100.1.2.0 0.0.0.255 # return l
6-306
Issue 03 (2008-09-22)
6 PWE3 Configuration
6.14.22 Example for Configuring N-to-1 VCC ATM Cell Transport with VPI/VCI Mapping
Networking Requirements
Figure 6-37 Networking diagram for N-to-1 VCC ATM cell transport with VPI/VCI mapping
Loopback1 1.1.1.9/32 Loopback1 2.2.2.9/32 Loopbakc1 3.3.3.9/32 POS1/0/0 100.1.2.2/24 P POS2/0/0 100.1.2.1/24
PE1 ATM2/0/0
PE2 ATM2/0/0
ATM1/0/0.1 ATM1/0/0.2 VC1:1/100 VC2:2/200 10.1.1.1/24 10.1.2.1/24 CE1 ATM Netw ork
ATM1/0/0.1 ATM1/0/0.2 VC1:3/300 VC2:4/400 10.1.1.2/24 10.1.2.2/24 CE2 ATM Netw ork
The ATM interfaces of the local router CE1 access the MPLS network through PE1 and connected with CE2 through PE2. CE1 and CE2 set up two VCs that cross the MPLS network. CE1 and CE2 access PE1 and PE2 through the ATM link. Figure 6-37 shows the PVC values and IP addresses. It is required that the two PWs between PE1, P, and PE2 carry cells of the two ATM VCCs (VC1 and VC2) between CE1 and CE2. The VC1 and VC2 values of CE1 are different from those of CE2. Through the configuration of the VPI/VCI mapping, ATM cells between CE1 and CE2 can be transparently transmitted through the ISP network.
Configuration Roadmap
The configuration roadmap is as follows: 1. 2. 3. 4. 5. Configure a routing policy on the devices (PEs and Ps) of the backbone and enable MPLS. Adopt the default tunnel policy and set up the LSP as the tunnel to transmit user data. Enable MPLS L2VPN on the PE and set up the VC connection. Enable the ATM interfaces on the CE and configure the IPoA mapping. On each PE, enable the N-to-1 VCC ATM cell transport with VPI/VCI mapping on the ATM sub-interfaces that connect the PE and the CE.
Data Preparation
To complete the configuration, you need the following data:
l
Issue 03 (2008-09-22)
6 PWE3 Configuration
l l l
Configuration Procedure
1. Enable the ATM interfaces on the CEs. # Configure CE1.
<Quidway> system-view [Quidway] sysname CE1 [CE1] interface atm 1/0/0 [CE1-Atm1/0/0] undo shutdown [CE1-Atm1/0/0] quit [CE1] interface atm 1/0/0.1 [CE1-Atm1/0/0.1] ip address 100.1.1.1 [CE1-atm-pvc-Atm1/0/0.1] pvc 1/100 [CE1-atm-pvc-Atm1/0/0.1-1/100] map ip [CE1-Atm1/0/0.1-1/100] quit [CE1-Atm1/0/0.1] undo shutdown [CE1-Atm1/0/0.1] quit [CE1] interface atm 1/0/0.2 [CE1-Atm1/0/0.2] ip address 100.1.2.1 [CE1-Atm1/0/0.2] pvc 2/200 [CE1-atm-pvc-Atm1/0/0.2-2/200] map ip [CE1-atm-pvc-Atm1/0/0.2-2/200] quit [CE1-Atm1/0/0.2] undo shutdown [CE1-Atm1/0/0.2] quit
24 100.1.1.2
24 100.1.2.2
# Configure CE2.
<Quidway> system-view [Quidway] sysname CE2 [CE2] interface atm 1/0/0 [CE2-Atm1/0/0] undo shutdown [CE2-Atm1/0/0] quit [CE2] interface atm 1/0/0.1 [CE2-Atm1/0/0.1] ip address 100.1.1.2 [CE2-Atm1/0/0.1] pvc 3/300 [CE2-atm-pvc-Atm1/0/0.1-3/300] map ip [CE2-atm-pvc-Atm1/0/0.1-3/300] quit [CE2-Atm1/0/0.1] undo shutdown [CE2-Atm1/0/0.1] quit [CE2] interface atm 1/0/0.2 [CE2-Atm1/0/0.2] ip address 100.1.2.2 [CE2-atm-pvc-Atm1/0/0.2] pvc 4/400 [CE2-atm-pvc-Atm1/0/0.2-4/400] map ip [CE2-atm-pvc-Atm1/0/0.2-4/400] quit [CE2-Atm1/0/0.2] undo shutdown [CE2-Atm1/0/0.2] quit
24 100.1.1.1
24 100.1.2.1
2.
Configure the IGP on the MPLS backbone. Configure IP addresses for the interfaces of PEs and P. For details, see Figure 6-37. Configure the IGP for the MPLS backbone. Take OSPF as an example. While configuring OSPF, advertise the 32-bit loopback addresses of PE1, P, and PE2. For configuration details, see "Example for Configuring Interface-based Remote ATM Cell Transport."
3.
Configure the basic MPLS functions and LDP on the MPLS backbone network. For configuration details, see "Example for Configuring Interface-based Remote ATM Cell Transport."
4.
6-308
6 PWE3 Configuration
For configuration details, see "Example for Configuring Interface-based Remote ATM Cell Transport." 5. Enable MPLS L2VPN on the PEs and configure the interface-based remote transparent ATM cell transport function. # Configure PE1.
[PE1] mpls l2vpn [PE1-l2vpn] quit [PE1] interface atm 2/0/0 [PE1-Atm2/0/0] undo shutdown [PE1-Atm2/0/0] quit [PE1] interface atm2/0/0.1 [PE1-Atm2/0/0.1] atm cell transfer [PE1-Atm2/0/0.1] pvc 1/100 [PE1-atm-pvc-Atm2/0/0.1-1/100] quit [PE1-Atm2/0/0.1] pvc 2/200 [PE1-atm-pvc-Atm2/0/0.1-2/200] quit [PE1-Atm2/0/0.1] mpls l2vc 3.3.3.9 101 [PE1-Atm2/0/0.1] undo shutdown [PE1-Atm2/0/0.1] quit
# Configure PE2.
[PE2] mpls l2vpn [PE2-l2vpn] quit [PE2] interface atm 2/0/0 [PE2-Atm2/0/0] undo shutdown [PE2-Atm2/0/0] quit [PE2] interface atm2/0/0.1 [PE2-Atm2/0/0.1] atm cell transfer [PE2-Atm2/0/0.1] pvc 3/300 [PE2-atm-pvc-Atm2/0/0.1-3/300] quit [PE2-Atm2/0/0.1] pvc 4/400 [PE2-atm-pvc-Atm2/0/0.1-4/400] quit [PE2-Atm2/0/0.1] mpls l2vc 1.1.1.9 101 [PE2-Atm2/0/0.1] undo shutdown [PE2-Atm2/0/0.1] quit
6.
# Configure PE2.
[PE2] interface atm 2/0/0.1 [PE2-Atm2/0/0.1] pvc 3/300 [PE2-atm-pvc-Atm2/0/0.1-3/300] [PE2-atm-pvc-Atm2/0/0.1-3/300] [PE2-Atm2/0/0.1] pvc 4/400 [PE2-atm-pvc-Atm2/0/0.1-4/400] [PE2-atm-pvc-Atm2/0/0.1-4/400] map pvc 1/100 quit map pvc 2/200 quit
7.
Verify the configuration. Run the display mpls l2vc interface command on PEs to view the status of PWs, and you can see the status is up. Take the display of PE1 as an example.
<PE1> display mpls l2vc interface atm 2/0/0.1 *client interface : Atm2/0/0.1 is up session state : up AC state : up VC state : up
Issue 03 (2008-09-22)
6-309
6 PWE3 Configuration
VC ID : VC type : destination : local group ID : local VC label : local AC OAM State : local PSN State : local forwarding state : remote AC OAM state : remote PSN state : remote forwarding state: BFD for PW : manual fault : active state : forwarding entry : link state : local ATM cells : local VCCV : remote VCCV : local fragmentantion : local control word : tunnel policy : traffic behavior : PW template name : primary or secondary : VC tunnel/token info : NO.0 TNL type : lsp create time : up time : last change time :
CE1 and CE2 can ping through each other. Take the display of CE1 as an example:
<CE1> ping 10.1.1.2 PING 10.1.1.2: 56 data bytes, press CTRL_C to break Reply from 10.1.1.2: bytes=56 Sequence=1 ttl=255 time=31 ms Reply from 10.1.1.2: bytes=56 Sequence=2 ttl=255 time=10 ms Reply from 10.1.1.2: bytes=56 Sequence=3 ttl=255 time=5 ms Reply from 10.1.1.2: bytes=56 Sequence=4 ttl=255 time=2 ms Reply from 10.1.1.2: bytes=56 Sequence=5 ttl=255 time=28 ms --- 10.1.1.2 ping statistics --5 packet(s) transmitted 5 packet(s) received 0.00% packet loss round-trip min/avg/max = 2/15/31 ms <CE1> ping 10.1.2.2 PING 10.1.2.2: 56 data bytes, press CTRL_C to break Reply from 10.1.2.2: bytes=56 Sequence=1 ttl=255 time=31 ms Reply from 10.1.2.2: bytes=56 Sequence=2 ttl=255 time=10 ms Reply from 10.1.2.2: bytes=56 Sequence=3 ttl=255 time=5 ms Reply from 10.1.2.2: bytes=56 Sequence=4 ttl=255 time=2 ms Reply from 10.1.2.2: bytes=56 Sequence=5 ttl=255 time=28 ms --- 10.1.2.2 ping statistics --5 packet(s) transmitted 5 packet(s) received 0.00% packet loss round-trip min/avg/max = 2/15/31 ms
Configuration Files
l
6-310
Issue 03 (2008-09-22)
6 PWE3 Configuration
Configuration file of P
# sysname P # mpls lsr-id 2.2.2.9 mpls # mpls ldp # interface Pos1/0/0 link-protocol ppp undo shutdown ip address 100.1.1.2 255.255.255.0 mpls
Issue 03 (2008-09-22)
6-311
6 PWE3 Configuration
mpls ldp # interface Pos2/0/0 link-protocol ppp undo shutdown ip address 100.1.2.1 255.255.255.0 mpls mpls ldp # interface LoopBack1 ip address 2.2.2.9 255.255.255.255 # ospf 1 area 0.0.0.0 network 2.2.2.9 0.0.0.0 network 100.1.1.0 0.0.0.255 network 100.1.2.0 0.0.0.255 # return l
6-312
Issue 03 (2008-09-22)
6 PWE3 Configuration
PE2 ATM2/0/0
The ATM interfaces of the local router CE1 access the MPLS network through PE1 and connected with CE2 through PE2. CE1 and CE2 set up a VP that crosses the MPLS network. CE1 and CE2 access PE1 and PE2 through the ATM link. Figure 6-38 shows the PVC values and IP addresses. It is required that a PW between PE1, P, and PE2 carries cells of only one ATM VPC between CE1 and CE2. ATM cells between CE1 and CE2 can be transparently transmitted through the ISP network.
Configuration Roadmap
The configuration roadmap is as follows: 1. 2. 3. 4.
Issue 03 (2008-09-22)
Configure a routing policy on the devices (PEs and Ps) of the backbone and enable MPLS. Adopt the default tunnel policy and set up the LSP as the tunnel to transmit user data. Enable MPLS L2VPN on the PE and set up the VC connection. Enable the ATM interfaces on the CE and configure the IPoA mapping.
Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd. 6-313
6 PWE3 Configuration
5.
On each PE, enable the 1-to-1 VPC ATM cell transport on the ATM sub-interfaces that connect the PE and the CE.
Data Preparation
To complete the configuration, you need the following data:
l l l l
Data for configuring OSPF Name of the remote PE peer VC ID VPI/VCI value of the CE
Configuration Procedure
1. Enable the ATM interfaces on the CEs. # Configure CE1.
<Quidway> system-view [Quidway] sysname CE1 [CE1] interface atm 1/0/0 [CE1-Atm1/0/0] undo shutdown [CE1-Atm1/0/0] quit [CE1] interface atm 1/0/0.1 [CE1-Atm1/0/0.1] ip address 100.1.1.1 24 [CE1-Atm1/0/0.1] pvc 1/100 [CE1-atm-pvc-Atm1/0/0.1-1/100] map ip 100.1.1.2 [CE1-atm-pvc-Atm1/0/0.1-1/100] quit [CE1-Atm1/0/0.1] undo shutdown [CE1-Atm1/0/0.1] quit
# Configure CE2.
<Quidway> system-view [Quidway] sysname CE2 [CE2] interface atm 1/0/0 [CE2-Atm1/0/0] undo shutdown [CE2-Atm1/0/0] quit [CE2] interface atm 1/0/0.1 [CE2-Atm1/0/0.1] ip address 100.1.1.2 24 [CE2-Atm1/0/0.1] pvc 1/100 [CE2-atm-pvc-Atm1/0/0.1-1/100] map ip 100.1.1.1 [CE2-atm-pvc-Atm1/0/0.1-1/100] quit [CE2-Atm1/0/0.1] undo shutdown [CE2-Atm1/0/0.1] quit
2.
Configure the IGP on the MPLS backbone. Configure IP addresses for the interfaces of PEs and P. For details, see Figure 6-38. Configure the IGP for the MPLS backbone. Take OSPF as an example. While configuring OSPF, advertise the 32-bit loopback addresses of PE1, P, and PE2. For configuration details, see "Example for Configuring Interface-based Remote ATM Cell Transport."
3.
Configure the basic MPLS functions and LDP on the MPLS backbone network. For configuration details, see "Example for Configuring Interface-based Remote ATM Cell Transport."
4.
Set up the remote LDP session between the PEs. For configuration details, see "Example for Configuring Interface-based Remote ATM Cell Transport."
5.
Enable MPLS L2VPN on the PEs and configure the interface-based remote transparent ATM cell transport function.
Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd. Issue 03 (2008-09-22)
6-314
6 PWE3 Configuration
# Configure PE1.
[PE1] mpls l2vpn [PE1-l2vpn] quit [PE1] interface atm 2/0/0 [PE1-Atm2/0/0] undo shutdown [PE1-Atm2/0/0] quit [PE1] interface atm2/0/0.1 p2p [PE1-Atm2/0/0.1] atm cell transfer [PE1-Atm2/0/0.1] pvp 1 [PE1-atm-pvp-Atm2/0/0.1-1] quit [PE1-Atm2/0/0.1] mpls l2vc 3.3.3.9 101 [PE1-Atm2/0/0.1] undo shutdown [PE1-Atm2/0/0.1] quit
# Configure PE2.
[PE2] mpls l2vpn [PE2-l2vpn] quit [PE2] interface atm 2/0/0 [PE2-Atm2/0/0] undo shutdown [PE2-Atm2/0/0] quit [PE2] interface atm2/0/0.1 p2p [PE2-Atm2/0/0.1] atm cell transfer [PE2-Atm2/0/0.1] pvp 1 [PE2-atm-pvp-Atm2/0/0.1-1] quit [PE2-Atm2/0/0.1] mpls l2vc 1.1.1.9 101 [PE2-Atm2/0/0.1] undo shutdown [PE2-Atm2/0/0.1] quit
6.
Verify the configuration. Run the display mpls l2vc interface command on PEs to view the status of PWs, and you can see the status is up. Take the display of PE1 as an example:
<PE1> display mpls l2vc interface atm 2/0/0.1 *client interface : Atm2/0/0.1 is up session state : up AC state : up VC state : up VC ID : 101 VC type : ATM 1to1 VPC destination : 3.3.3.9 local group ID : 0 remote group ID : 0 local VC label : 140288 remote VC label : 140288 local AC OAM State : up local PSN State : up local forwarding state : forwarding remote AC OAM state : up remote PSN state : up remote forwarding state: forwarding BFD for PW : unavailable manual fault : not set active state : active forwarding entry : exist link state : up local VC MTU : 0 remote VC MTU : 0 local VCCV : Disable remote VCCV : Disable local fragmentantion : disable remote fragmentantion: disable local control word : enable remote control word : enable tunnel policy : -traffic behavior : -PW template name : -primary or secondary : primary VC tunnel/token info : 1 tunnels/tokens NO.0 TNL type : lsp , TNL ID : 0x208000 create time : 0 days, 0 hours, 1 minutes, 10 seconds up time : 0 days, 0 hours, 0 minutes, 21 seconds last change time : 0 days, 0 hours, 0 minutes, 21 seconds
Issue 03 (2008-09-22)
6-315
6 PWE3 Configuration
CE1 and CE2 can ping through each other. Take the display of CE1 as an example.
<CE1> ping 10.1.1.2 PING 10.1.1.2: 56 data bytes, press CTRL_C to break Reply from 10.1.1.2: bytes=56 Sequence=1 ttl=255 time=31 ms Reply from 10.1.1.2: bytes=56 Sequence=2 ttl=255 time=10 ms Reply from 10.1.1.2: bytes=56 Sequence=3 ttl=255 time=5 ms Reply from 10.1.1.2: bytes=56 Sequence=4 ttl=255 time=2 ms Reply from 10.1.1.2: bytes=56 Sequence=5 ttl=255 time=28 ms --- 10.1.1.2 ping statistics --5 packet(s) transmitted 5 packet(s) received 0.00% packet loss round-trip min/avg/max = 2/15/31 ms
Configuration Files
l
6-316
Issue 03 (2008-09-22)
6 PWE3 Configuration
Configuration file of P
# sysname P # mpls lsr-id 2.2.2.9 mpls # mpls ldp # interface Pos1/0/0 link-protocol ppp undo shutdown ip address 100.1.1.2 255.255.255.0 mpls mpls ldp # interface Pos2/0/0 link-protocol ppp undo shutdown ip address 100.1.2.1 255.255.255.0 mpls mpls ldp # interface LoopBack1 ip address 2.2.2.9 255.255.255.255 # ospf 1 area 0.0.0.0 network 2.2.2.9 0.0.0.0 network 100.1.1.0 0.0.0.255 network 100.1.2.0 0.0.0.255 # return
Issue 03 (2008-09-22)
6-317
6 PWE3 Configuration
ip address 3.3.3.9 255.255.255.255 # ospf 1 area 0.0.0.0 network 3.3.3.9 0.0.0.0 network 100.1.2.0 0.0.0.255 # return l
PE1 ATM2/0/0
PE2 ATM2/0/0
ATM1/0/0.1 ATM1/0/0.2 VC1:1/100 VC2:2/200 10.1.1.1/24 10.1.2.1/24 CE1 ATM Netw ork
ATM1/0/0.1 ATM1/0/0.2 VC1:1/100 VC2:2/200 10.1.1.2/24 10.1.2.2/24 CE2 ATM Netw ork
The ATM interfaces of the local router CE1 access the MPLS network through PE1 and connected with CE2 through PE2. CE1 and CE2 set up two VPs that cross the MPLS network. CE1 and CE2 access PE1 and PE2 through the ATM link. Figure 6-39 shows the PVC values and IP addresses. It is required that the two PWs between PE1, P, and PE2 carry cells of the two ATM VPCs between CE1 and CE2. ATM cells between CE1 and CE2 can be transparently transmitted through the ISP network.
6-318
Issue 03 (2008-09-22)
6 PWE3 Configuration
Configuration Roadmap
The configuration roadmap is as follows: 1. 2. 3. 4. 5. Configure a routing policy on the devices (PEs and Ps) of the backbone and enable MPLS. Adopt the default tunnel policy and set up the LSP as the tunnel to transmit user data. Enable MPLS L2VPN on the PE and set up the VC connection. Enable the ATM interfaces on the CE and configure the IPoA mapping. On each PE, enable the N-to-1 VPC ATM cell transport on the ATM sub-interfaces that connect the PE and the CE.
Data Preparation
To complete the configuration, you need the following data:
l l l l
Data for configuring OSPF Name of the remote PE peer VC ID VPI/VCI value of the CE
Configuration Procedure
1. Enable the ATM interfaces on the CEs. # Configure CE1.
<Quidway> system-view [Quidway] sysname CE1 [CE1] interface atm 1/0/0 [CE1-Atm1/0/0] undo shutdown [CE1-Atm1/0/0] quit [CE1] interface atm 1/0/0.1 [CE1-Atm1/0/0.1] ip address 100.1.1.1 24 [CE1-Atm1/0/0.1] pvc 1/100 [CE1-atm-pvc-Atm1/0/0.1-1/100] map ip 100.1.1.2 [CE1-atm-pvc-Atm1/0/0.1-1/100] quit [CE1-Atm1/0/0.1] undo shutdown [CE1-Atm1/0/0.1] quit [CE1] interface atm 1/0/0.2 [CE1-Atm1/0/0.2] interface atm 1/0/0.2 [CE1-Atm1/0/0.2] ip address 100.1.2.1 24 [CE1-Atm1/0/0.2] pvc 2/200 [CE1-atm-pvc-Atm1/0/0.2-2/200] map ip 100.1.2.2 [CE1-atm-pvc-Atm1/0/0.2-2/200] quit [CE1-Atm1/0/0.2] undo shutdown [CE1-Atm1/0/0.2] quit
# Configure CE2.
<Quidway> system-view [Quidway] sysname CE2 [CE2] interface atm 1/0/0 [CE2-Atm1/0/0] undo shutdown [CE2-Atm1/0/0] quit [CE2] interface atm 1/0/0.1 [CE2-Atm1/0/0.1] ip address 100.1.1.2 24 [CE2-Atm1/0/0.1] pvc 1/100 [CE2-atm-pvc-Atm1/0/0.1-1/100] map ip 100.1.1.1 [CE2-atm-pvc-Atm1/0/0.1-1/100] quit [CE2-Atm1/0/0.1] undo shutdown [CE2-Atm1/0/0.1] quit [CE2] interface atm 1/0/0.2
Issue 03 (2008-09-22)
6-319
6 PWE3 Configuration
2.
Configure the IGP on the MPLS backbone. Configure IP addresses for the interfaces of PEs and P. For details, see Figure 6-39. Configure the IGP for the MPLS backbone. Take OSPF as an example. While configuring OSPF, advertise the 32-bit loopback addresses of PE1, P, and PE2. For configuration details, see "Example for Configuring Interface-based Remote ATM Cell Transport."
3.
Configure the basic MPLS functions and LDP on the MPLS backbone network. For configuration details, see "Example for Configuring Interface-based Remote ATM Cell Transport."
4.
Set up the remote LDP session between the PEs. For configuration details, see "Example for Configuring Interface-based Remote ATM Cell Transport."
5.
Enable MPLS L2VPN on the PEs and configure the interface-based remote transparent ATM cell transport function. # Configure PE1.
[PE1] mpls l2vpn [PE1-l2vpn] quit [PE1] interface atm 2/0/0 [PE1-Atm2/0/0] undo shutdown [PE1-Atm2/0/0] quit [PE1] interface atm2/0/0.1 [PE1-Atm2/0/0.1] atm cell transfer [PE1-Atm2/0/0.1] pvp 1 [PE1-atm-pvp-Atm2/0/0.1-1] quit [PE1-Atm2/0/0.1] pvp 2 [PE1-atm-pvp-Atm2/0/0.1-2] quit [PE1-Atm2/0/0.1] mpls l2vc 3.3.3.9 101 [PE1-Atm2/0/0.1] undo shutdown [PE1-Atm2/0/0.1] quit
# Configure PE2.
[PE2] mpls l2vpn [PE2-l2vpn] quit [PE2] interface atm 2/0/0 [PE2-Atm2/0/0] undo shutdown [PE2-Atm2/0/0] quit [PE2] interface atm2/0/0.1 [PE2-Atm2/0/0.1] atm cell transfer [PE2-Atm2/0/0.1] pvp 1 [PE2-atm-pvp-Atm2/0/0.1-1] quit [PE2-Atm2/0/0.1] pvp 2 [PE2-atm-pvp-Atm2/0/0.1-2] quit [PE2-Atm2/0/0.1] mpls l2vc 1.1.1.9 101 [PE2-Atm2/0/0.1] undo shutdown [PE2-Atm2/0/0.1] quit
6.
Verify the configuration. Run the display mpls l2vc interface command on PEs to view the status of PWs, and you can see the status is up. Take the display of PE1 as an example:
<PE1> display mpls l2vc interface atm 2/0/0.1 *client interface : Atm2/0/0.1 is up session state : up
6-320
Issue 03 (2008-09-22)
6 PWE3 Configuration
up up 101 ATM Nto1 VPC 3.3.3.9 0 remote group ID : 0 140288 remote VC label : 140288 up up forwarding up up forwarding unavailable not set active exist up 1 remote ATM cells : 1 Disable Disable disable remote fragmentantion: disable disable remote control word : disable ---primary 1 tunnels/tokens , TNL ID : 0x208000 0 days, 0 hours, 1 minutes, 3 seconds 0 days, 0 hours, 0 minutes, 38 seconds 0 days, 0 hours, 0 minutes, 38 seconds
CE1 and CE2 can ping through each other. Take the display of CE1 as an example.
<CE1> ping 10.1.1.2 PING 10.1.1.2: 56 data bytes, press CTRL_C to break Reply from 10.1.1.2: bytes=56 Sequence=1 ttl=255 time=31 ms Reply from 10.1.1.2: bytes=56 Sequence=2 ttl=255 time=10 ms Reply from 10.1.1.2: bytes=56 Sequence=3 ttl=255 time=5 ms Reply from 10.1.1.2: bytes=56 Sequence=4 ttl=255 time=2 ms Reply from 10.1.1.2: bytes=56 Sequence=5 ttl=255 time=28 ms --- 10.1.1.2 ping statistics --5 packet(s) transmitted 5 packet(s) received 0.00% packet loss round-trip min/avg/max = 2/15/31 ms <CE1> ping 10.1.2.2 PING 10.1.2.2: 56 data bytes, press CTRL_C to break Reply from 10.1.2.2: bytes=56 Sequence=1 ttl=255 time=31 ms Reply from 10.1.2.2: bytes=56 Sequence=2 ttl=255 time=10 ms Reply from 10.1.2.2: bytes=56 Sequence=3 ttl=255 time=5 ms Reply from 10.1.2.2: bytes=56 Sequence=4 ttl=255 time=2 ms Reply from 10.1.2.2: bytes=56 Sequence=5 ttl=255 time=28 ms --- 10.1.2.2 ping statistics --5 packet(s) transmitted 5 packet(s) received 0.00% packet loss round-trip min/avg/max = 2/15/31 ms
Configuration Files
l
Issue 03 (2008-09-22)
6-321
6 PWE3 Configuration
# interface Atm1/0/0.1 undo shutdown ip address 10.1.1.1 255.255.255.0 pvc 1/100 map ip 10.1.1.2 # interface Atm1/0/0.2 undo shutdown ip address 10.1.2.1 255.255.255.0 pvc 2/200 map ip 10.1.2.2 # return l
Configuration file of P
# sysname P # mpls lsr-id 2.2.2.9 mpls # mpls ldp # interface Pos1/0/0 link-protocol ppp undo shutdown ip address 100.1.1.2 255.255.255.0 mpls
6-322
Issue 03 (2008-09-22)
6 PWE3 Configuration
Issue 03 (2008-09-22)
6-323
6 PWE3 Configuration
ip address 10.1.1.2 255.255.255.0 pvc 1/100 map ip 10.1.1.1 # interface Atm1/0/0.2 undo shutdown ip address 10.1.2.2 255.255.255.0 pvc 2/200 map ip 10.1.2.1 # return
6.14.25 Example for Configuring N-to-1 VPC ATM Cell Transport with VPI Mapping
Networking Requirements
In Figure 6-40, the ATM interface of CE1 accesses the MPLS network through PE1, and is connected to CE2 through PE2.Two VCs are set up between CE1 and CE2 across the MPLS network. CE1 and CE2 access PE1 and PE2 respectively through the ATM links. The PVC values and the IP addresses of CE1 and CE2 are shown in Figure 6-40. The PW between PE1 and P and the PW between PE2 and P are required to bear the cells of the two ATM VPCs (VC1 and VC2) of CE1 and CE2. The VPI value of CE1 and that of CE2 are different, and the VCI value of CE1 and that of CE2 are the same. After the configuration of the VPI mapping, the ATM cells between the CEs can be transparently transmitted through the ISP network. Figure 6-40 Networking diagram of N-to-1 VPC ATM cell transport with the VPI mapping
Loopback1 1.1.1.9/32 Loopback1 2.2.2.9/32 Loopback1 3.3.3.9/32 POS1/0/0 100.1.2.2/24 P POS2/0/0 100.1.2.1/24
PE1 ATM2/0/0
PE2 ATM2/0/0
ATM1/0/0.1 ATM1/0/0.2 VC1:1/100 VC2:2/200 10.1.1.1/24 10.1.2.1/24 CE1 ATM Netw ork
ATM1/0/0.1 ATM1/0/0.2 VC1:3/100 VC2:4/200 10.1.1.2/24 10.1.2.2/24 CE2 ATM Netw ork
Configuration Roadmap
The configuration roadmap is as follows: 1. 2. 3.
6-324
Configure routing protocols on the backbone devices (PEs and P) and enable MPLS. Use the default tunnel policy and establish LSPs to transmit data. Enable MPLS L2VPN on the PEs and establish VCs.
Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd. Issue 03 (2008-09-22)
6 PWE3 Configuration
4. 5.
Enable the ATM interface on the CEs and configure the IPoA mapping. Configure N-to-1 VPC ATM cell transport with the VPI mapping on the PE ATM subinterfaces connected to the CEs.
Data Preparation
To complete the configuration, you need the following data:
l l l l
Data required for configuring OSPF Names of the remote peers of the PEs VC ID VPI/VCI values of the CEs
Configuration Procedure
1. Enable the ATM sub-interface of the CEs. # Configure CE1.
<Quidway> system-view [Quidway] sysname CE1 [CE1] interface atm 1/0/0 [CE1-Atm1/0/0] undo shutdown [CE1-Atm1/0/0] quit [CE1] interface atm 1/0/0.1 [CE1-Atm1/0/0.1] ip address 100.1.1.1 [CE1-atm-pvc-Atm1/0/0.1] pvc 1/100 [CE1-atm-pvc-Atm1/0/0.1-1/100] map ip [CE1-Atm1/0/0.1-1/100] quit [CE1-Atm1/0/0.1] undo shutdown [CE1-Atm1/0/0.1] quit [CE1] interface atm 1/0/0.2 [CE1-Atm1/0/0.2] ip address 100.1.2.1 [CE1-Atm1/0/0.2] pvc 2/200 [CE1-atm-pvc-Atm1/0/0.2-2/200] map ip [CE1-atm-pvc-Atm1/0/0.2-2/200] quit [CE1-Atm1/0/0.2] undo shutdown [CE1-Atm1/0/0.2] quit
24 100.1.1.2
24 100.1.2.2
# Configure CE2.
<Quidway> system-view [Quidway] sysname CE2 [CE2] interface atm 1/0/0 [CE2-Atm1/0/0] undo shutdown [CE2-Atm1/0/0] quit [CE2] interface atm 1/0/0.1 [CE2-Atm1/0/0.1] ip address 100.1.1.2 [CE2-Atm1/0/0.1] pvc 3/100 [CE2-atm-pvc-Atm1/0/0.1-3/100] map ip [CE2-atm-pvc-Atm1/0/0.1-3/100] quit [CE2-Atm1/0/0.1] undo shutdown [CE2-Atm1/0/0.1] quit [CE2] interface atm 1/0/0.2 [CE2-Atm1/0/0.2] ip address 100.1.2.2 [CE2-atm-pvc-Atm1/0/0.2] pvc 4/200 [CE2-atm-pvc-Atm1/0/0.2-4/200] map ip [CE2-atm-pvc-Atm1/0/0.2-4/200] quit [CE2-Atm1/0/0.2] undo shutdown [CE2-Atm1/0/0.2] quit
24 100.1.1.1
24 100.1.2.1
2.
Configure the IGP on the MPLS backbone network. OSPF is used as the IGP protocol in this example.
Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd. 6-325
Issue 03 (2008-09-22)
6 PWE3 Configuration
Configure IP addresses for the interfaces of PEs and P. For details, see Figure 6-40.Configure the IGP for the MPLS backbone. Take OSPF as an example. While configuring OSPF, advertise the 32-bit loopback addresses of PE1, P, and PE2. For configuration details, see "Example for Configuring Interface-based Remote ATM Cell Transport." 3. Configure the basic MPLS functions and LDP on the MPLS backbone network. For configuration details, see "Example for Configuring Interface-based Remote ATM Cell Transport." 4. Establish remote LDP sessions between the PEs. For configuration details, see "Example for Configuring Interface-based Remote ATM Cell Transport." 5. Enable MPLS L2VPN and configure the VPC ATM cell transport on the PEs. # Configure PE1.
[PE1] mpls l2vpn [PE1-l2vpn] quit [PE1] interface atm 2/0/0 [PE1-Atm2/0/0] undo shutdown [PE1-Atm2/0/0] quit [PE1] interface atm2/0/0.1 p2mp [PE1-Atm2/0/0.1] atm cell transfer [PE1-Atm2/0/0.1] mpls l2vc 3.3.3.9 101 [PE1-Atm2/0/0.1] undo shutdown [PE1-Atm2/0/0.1] quit
# Configure PE2.
[PE2] mpls l2vpn [PE2-l2vpn] quit [PE2] interface atm 2/0/0 [PE2-Atm2/0/0] undo shutdown [PE2-Atm2/0/0] quit [PE2] interface atm2/0/0.1 p2mp [PE2-Atm2/0/0.1] atm cell transfer [PE2-Atm2/0/0.1] mpls l2vc 1.1.1.9 101 [PE2-Atm2/0/0.1] undo shutdown [PE2-Atm2/0/0.1] quit
6.
# Configure PE2.
[PE2] interface atm2/0/0.1 [PE2-Atm2/0/0.1] pvp 3 [PE2-atm-pvp-Atm2/0/0.1-3] [PE2-atm-pvp-Atm2/0/0.1-3] [PE2-Atm2/0/0.1] pvp 4 [PE2-atm-pvp-Atm2/0/0.1-4] [PE2-atm-pvp-Atm2/0/0.1-4] [PE2-Atm2/0/0.1] quit map pvp 1 quit map pvp 2 quit
7.
Verify the configuration. Run the display mpls l2vc interface command on PEs to view the status of PWs, and you can see the status is up.
6-326
Issue 03 (2008-09-22)
6 PWE3 Configuration
CE1 and CE2 can ping through each other. Take the display of CE1 as an example:
<CE1> ping 10.1.1.2 PING 10.1.1.2: 56 data bytes, press CTRL_C to break Reply from 10.1.1.2: bytes=56 Sequence=1 ttl=255 time=31 ms Reply from 10.1.1.2: bytes=56 Sequence=2 ttl=255 time=10 ms Reply from 10.1.1.2: bytes=56 Sequence=3 ttl=255 time=5 ms Reply from 10.1.1.2: bytes=56 Sequence=4 ttl=255 time=2 ms Reply from 10.1.1.2: bytes=56 Sequence=5 ttl=255 time=28 ms --- 10.1.1.2 ping statistics --5 packet(s) transmitted 5 packet(s) received 0.00% packet loss round-trip min/avg/max = 2/15/31 ms <CE1> ping 10.1.2.2 PING 10.1.2.2: 56 data bytes, press CTRL_C to break Reply from 10.1.2.2: bytes=56 Sequence=1 ttl=255 time=31 ms Reply from 10.1.2.2: bytes=56 Sequence=2 ttl=255 time=10 ms Reply from 10.1.2.2: bytes=56 Sequence=3 ttl=255 time=5 ms Reply from 10.1.2.2: bytes=56 Sequence=4 ttl=255 time=2 ms Reply from 10.1.2.2: bytes=56 Sequence=5 ttl=255 time=28 ms --- 10.1.2.2 ping statistics --5 packet(s) transmitted 5 packet(s) received 0.00% packet loss round-trip min/avg/max = 2/15/31 ms
Configuration Files
l
Issue 03 (2008-09-22)
6 PWE3 Configuration
# sysname CE1 # interface Atm1/0/0 undo shutdown # interface Atm1/0/0.1 undo shutdown ip address 10.1.1.1 255.255.255.0 pvc 1/100 map ip 10.1.1.2 # interface Atm1/0/0.2 ip address 10.1.2.1 255.255.255.0 pvc 2/200 map ip 10.1.2.2 # return l
Configuration file of P
# sysname P # mpls lsr-id 2.2.2.9 mpls # mpls ldp
6-328
Issue 03 (2008-09-22)
6 PWE3 Configuration
Issue 03 (2008-09-22)
6 PWE3 Configuration
# sysname CE2 # interface Atm1/0/0 undo shutdown # interface Atm1/0/0.1 undo shutdown ip address 100.1.1.2 255.255.255.0 pvc 3/100 map ip 100.1.1.1 # interface Atm1/0/0.2 undo shutdown ip address 100.1.2.2 255.255.255.0 pvc 4/200 map ip 100.1.2.1 # return
PE2 ATM2/0/0
The ATM interfaces of the local router CE1 access the MPLS network through PE1 and connected with CE2 through PE2. CE1 and CE2 set up a VC that crosses the MPLS network. CE1 and CE2 access PE1 and PE2 through the ATM link. Figure 6-41 shows the PVC values and IP addresses. It is required that a PW between PE1, P, and PE2 carry cells of only one ATM VCC between CE1 and CE2. ATM cells between CE1 and CE2 can be transparently transmitted through the ISP network.
Configuration Roadmap
The configuration roadmap is as follows:
6-330 Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd. Issue 03 (2008-09-22)
6 PWE3 Configuration
1. 2. 3. 4. 5.
Configure a routing policy on the devices (PEs and Ps) of the backbone and enable MPLS. Adopt the default tunnel policy and set up the LSP as the tunnel to transmit user data. Enable MPLS L2VPN on the PE and set up the VC connection. Enable the ATM interfaces on the CE and configure the IPoA mapping. On each PE, enable the ATM AAL5 SDU transport on the ATM sub-interfaces that connect the PE and the CE.
Data Preparation
To complete the configuration, you need the following data:
l l l l
Data for configuring OSPF Name of the remote PE peer VC ID VPI/VCI value of the CE
Configuration Procedure
1. Enable the ATM interfaces on the CEs. # Configure CE1.
<Quidway> system-view [Quidway] sysname CE1 [CE1] interface atm 1/0/0 [CE1-Atm1/0/0] undo shutdown [CE1-Atm1/0/0] quit [CE1] interface atm 1/0/0.1 [CE1-Atm1/0/0.1] ip address 100.1.1.1 24 [CE1-Atm1/0/0.1] pvc 1/100 [CE1-atm-pvc-Atm1/0/0.1-1/100] map ip 100.1.1.2 [CE1-atm-pvc-Atm1/0/0.1-1/100] quit [CE1-Atm1/0/0.1] undo shutdown [CE1-Atm1/0/0.1] quit
# Configure CE2.
<Quidway> system-view [Quidway] sysname CE2 [CE1] interface atm 1/0/0 [CE1-Atm1/0/0] undo shutdown [CE1-Atm1/0/0] quit [CE2] interface atm 1/0/0.1 [CE2-Atm1/0/0.1] ip address 100.1.1.2 24 [CE2-Atm1/0/0.1] pvc 1/100 [CE2-atm-pvc-Atm1/0/0.1-1/100] map ip 100.1.1.1 [CE2-atm-pvc-Atm1/0/0.1-1/100] quit [CE2-Atm1/0/0.1] undo shutdown [CE2-Atm1/0/0.1] quit
2.
Configure the IGP on the MPLS backbone. Configure IP addresses for the interfaces of PEs and P. For details, see Figure 6-41. Configure the IGP for the MPLS backbone. Take OSPF as an example. While configuring OSPF, advertise the 32-bit loopback addresses of PE1, P, and PE2. For configuration details, see "Example for Configuring Interface-based Remote ATM Cell Transport."
3.
Configure the basic MPLS functions and LDP on the MPLS backbone network. For configuration details, see "Example for Configuring Interface-based Remote ATM Cell Transport."
Issue 03 (2008-09-22)
6-331
6 PWE3 Configuration
4.
Set up the remote LDP session between the PEs. For configuration details, see "Example for Configuring Interface-based Remote ATM Cell Transport."
5.
Enable MPLS L2VPN on the PEs and configure the interface-based remote transparent ATM cell transport function. # Configure PE1.
[PE1] mpls l2vpn [PE1-l2vpn] quit [pE1] interface atm 2/0/0 [PE1-Atm2/0/0] undo shutdown [PE1-Atm2/0/0] quit [PE1] interface atm2/0/0.1 p2p [PE1-Atm2/0/0.1] pvc 1/100 [PE1-atm-pvc-Atm2/0/0.1-1/100] quit [PE1-Atm2/0/0.1] mpls l2vc 3.3.3.9 101 [PE1-Atm2/0/0.1] undo shutdown [PE1-Atm2/0/0.1] quit
# Configure PE2.
[PE2] mpls l2vpn [PE2-l2vpn] quit [PE2] interface atm 2/0/0 [PE2-Atm2/0/0] undo shutdown [PE2-Atm2/0/0] quit [PE2] interface atm2/0/0.1 p2p [PE2-Atm2/0/0.1] pvc 1/100 [PE2-atm-pvc-Atm2/0/0.1-1/100] quit [PE2-Atm2/0/0.1] mpls l2vc 1.1.1.9 101 [PE2-Atm2/0/0.1] undo shutdown [PE2-Atm2/0/0.1] quit
6.
Verify the configuration. Run the display mpls l2vc interface command on PEs to view the status of PWs, and you can see the status is up. Take the display of PE1 as an example:
<PE1> display mpls l2vc interface atm 2/0/0.1 *client interface : Atm2/0/0.1 is up session state : up AC state : up VC state : up VC ID : 101 VC type : ATM AAL5 SDU destination : 3.3.3.9 local group ID : 0 remote local VC label : 140288 remote local AC OAM State : up local PSN State : up local forwarding state : forwarding remote AC OAM state : up remote PSN state : up remote forwarding state: forwarding BFD for PW : unavailable manual fault : not set active state : active forwarding entry : exist link state : up local VC MTU : 1500 remote local VCCV : Disable remote VCCV : Disable local fragmentantion : disable remote local control word : enable remote tunnel policy : -traffic behavior : -PW template name : --
group ID VC label
: 0 : 140288
VC MTU
: 1500
6-332
Issue 03 (2008-09-22)
6 PWE3 Configuration
: primary : 1 tunnels/tokens , TNL ID : 0x208000 : 0 days, 0 hours, 0 minutes, 54 seconds : 0 days, 0 hours, 0 minutes, 15 seconds : 0 days, 0 hours, 0 minutes, 15 seconds
CE1 and CE2 can ping through each other. Take the display of CE1 as an example:
<CE1> ping 10.1.1.2 PING 10.1.1.2: 56 data bytes, press CTRL_C to break Reply from 10.1.1.2: bytes=56 Sequence=1 ttl=255 time=31 ms Reply from 10.1.1.2: bytes=56 Sequence=2 ttl=255 time=10 ms Reply from 10.1.1.2: bytes=56 Sequence=3 ttl=255 time=5 ms Reply from 10.1.1.2: bytes=56 Sequence=4 ttl=255 time=2 ms Reply from 10.1.1.2: bytes=56 Sequence=5 ttl=255 time=28 ms --- 10.1.1.2 ping statistics --5 packet(s) transmitted 5 packet(s) received 0.00% packet loss round-trip min/avg/max = 2/15/31 ms
Configuration Files
l
Issue 03 (2008-09-22)
6-333
6 PWE3 Configuration
interface LoopBack1 ip address 1.1.1.9 255.255.255.255 # ospf 1 area 0.0.0.0 network 1.1.1.9 0.0.0.0 network 100.1.1.0 0.0.0.255 # return l
Configuration file of P
# sysname P # mpls lsr-id 2.2.2.9 mpls # mpls ldp # interface Pos1/0/0 link-protocol ppp undo shutdown ip address 100.1.1.2 255.255.255.0 mpls mpls ldp # interface Pos2/0/0 link-protocol ppp undo shutdown ip address 100.1.2.1 255.255.255.0 mpls mpls ldp # interface LoopBack1 ip address 2.2.2.9 255.255.255.255 # ospf 1 area 0.0.0.0 network 2.2.2.9 0.0.0.0 network 100.1.1.0 0.0.0.255 network 100.1.2.0 0.0.0.255 # return
6-334
Issue 03 (2008-09-22)
6 PWE3 Configuration
Issue 03 (2008-09-22)
6-335
7 VPLS Configuration
7
About This Chapter
VPLS Configuration
This chapter describes the principle, application and configuration for VPLS. 7.1 Introduction This section describes the principles of VPLS. 7.2 Configuring Kompella VPLS This section describes how to configure Kompella VPLS. 7.3 Configuring Martini VPLS This section describes how to configure Martini VPLS. 7.4 Configuring LDP HVPLS This section describes how to configure HVPLS in LDP mode. 7.5 Configuring Loop Detection of ACs in a VPLS Network This section describes how to configure loop detection of attachment circuits (ACs) in a VPLS network. 7.6 Configuring a VLL to Access the VPLS This section describes how to configure a VLL to access a VPLS network. 7.7 Configuring the Static VLL to Access the VPLS Network in Dual-homed Mode This section describes how to configure the static VLL to access the VPLS network in dualhomed mode. 7.8 Configuring Inter-AS Kompella VPLS This section describes how to configure the inter-AS Kompella VPLS. 7.9 Configuring Inter-AS Martini VPLS This section describes how to configure the inter-AS Martini VPLS. 7.10 Configuring Dual-homed Kompella VPLS This section describes how to configure the dual-homed Kompella VPLS. 7.11 Configuring Related Parameters of a VSI This section describes how to configure related parameters of a VSI. 7.12 Maintaining VPLS
Issue 03 (2008-09-22) Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd. 7-1
7 VPLS Configuration
This section describes how to maintain VPLS. 7.13 Configuration Examples This section provides several configuration examples of VPLS.
7-2
Issue 03 (2008-09-22)
7 VPLS Configuration
7.1 Introduction
This section describes the principles of VPLS. 7.1.1 VPLS 7.1.2 VPLS Features Supported by the NE80E/40E
7.1.1 VPLS
With the development of Ethernet technology, Ethernet has become a crucial LAN technology. As an access technology, it is widely applied to Metropolitan Area Network (MAN) and Wide Area Network (WAN). Virtual Private LAN Service (VPLS) is used to connect more than one Ethernet LAN segment through the PSN and make them operate in an environment similar to a LAN. The VPLS is also called Transparent LAN Service (TLS) or Virtual Private Switched Network Service, and differs from the point-to-point service of the common L2VPN. With the VPLS technology, the service provider offers Ethernet-based multi-point service to clients through the MPLS backbone network. In a simple case, a VPLS contains multiple sites connected to the Provider Edge Device (PE) to implement emulated LAN. Figure 7-1 VPLS architecture
CE site1 VPLS- A VPLS -B CE site2 PE CE site4 PE PE VPLS- A VPLS -B CE
site3
Emulated LAN
VPLS- A CE site5
In VPLS, the PSN simulates network bridge devices and forwards packets based on MAC addresses, or MAC addresses and VLAN tags. The following lists basic concepts of VPLS:
Issue 03 (2008-09-22) Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd. 7-3
7 VPLS Configuration
l
PW The Pseudo Wire (PW) is a virtual connection used to transmit frames between two PEs. The PE establishes and maintains PWs through signaling and the two PEs on both ends of a PW maintain the PW status.
VSI The Every Virtual Switch Instance (VSI) offers separate VPLS service. The VSI implements Ethernet bridge function and terminates PW.
VC The Virtual Circuit (VC) is a logical unidirectional circuit between two nodes. Two opposite directional VCs constitute a PW. A VC can be used as a unidirectional PW.
AC The CE accesses the PE through the Attachment Circuit (AC) . The AC can be either a physical link or a logical link. The AC transmits frames between the CE and the PE.
The PE implements VPLS forwarding by using the VSIs. Ethernet frames are forwarded between the PEs through the fully-connected PW. Figure 7-2 shows the VPLS forwarding model. Figure 7-2 VPLS forwarding model
CE VLAN1
CE VLAN2
VSI 1
VSI 2
CE VLAN2
PE
CE VLAN1
CE VLAN2
In a VPLS, a connection, namely a PW, must be established between any two PEs. The packets can be directly transmitted from the ingress PE to the egress PE, without going through the intermediate PEs. Loop, therefore, cannot occur between the PEs, and the protocols such as Spanning Tree Protocol (STP), Multiple Spanning Tree Protocol (MSTP), and Rapid Ring Protection Protocol (RRPP) that prevent loop are not needed.
7 VPLS Configuration
Member discovery: To find all the other PEs in the same VPLS, implement it by manually configuring or by automatically running certain protocols. Automatically running the protocols is called "automatic discovery". Signaling mechanism: The signaling protocol establishes, maintains and removes the PW between the PEs in the same VPLS.
Encapsulation: After receiving Ethernet frames from a CE, a PE sends them to the PSN after encapsulation. Forwarding: The mode in which forward packets depends on the interface that receives the packets and the destination MAC addresses of the packets. Decapsulation: After receiving Ethernet frames from a packet switched network, a PE decapsulates the frames, and then forwards the frames to CEs.
The NE80E/40E supports the implementation of the VPLS functions of the control plane in the BGP or the LDP signaling mode, called Kompella VPLS and Martini VPLS, respectively.
l
Kompella VPLS: adopts BGP as signaling. Automatic member discovery of VPLS is implemented by configuring VPN targets. If you want to add or delete a PE, only the operations on one of its peer PEs are needed. Kompella VPLS has better expansibility. Martini VPLS: adopts LDP as signaling. The PE peer must be manually specified because the PEs are fully connected in a VPLS. When adding a new PE, you must modify the configuration on all the related PEs. Since PW is a point-to-point link, the LDP mode establishes, maintains and removes the PWs more effectively.
Qualified: The PE identifies the MAC addresses according to the MAC addresses of the Ethernet packets and the VLAN tags, that is, based on every VLAN of every VSI. In this mode, every VLAN has its broadcast domain and independent MAC address range. Unqualified: The PE identifies the MAC addresses according to MAC addresses of the Ethernet packets, that is, based on every VSI. In this mode, all VLANs share a broadcast domain and a MAC address range. The MAC address of a VLAN must be unique, and must not have an overlapped address.
NOTE
If the PE receives broadcast traffic sent by the local customer, the PE forwards it to all the other ports and to the PEs of the same VPLS.
Issue 03 (2008-09-22) Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd. 7-5
7 VPLS Configuration
If the PE receives the broadcast traffic sent by the remote PE, the PE forwards it to the directlyconnected customer devices of the same VPLS, instead of other PEs. For the packet whose destination MAC address is a non-broadcast address, if the PE does not identify this type of MAC address, then the PE broadcasts this packet.
Flooding
The Ethernet broadcasts the packets with unknown addresses. Therefore, in VPLS, the received packets with unknown unicast addresses, broadcast addresses, or multicast addresses are flooded to all the other ports. If multicast needs to be used, PEs need to adopt other methods such as Internet Group Management Protocol (IGMP) snooping and Protocol Independent Multicast (PIM) snooping.
Packet Encapsulation
After the PE discovers its neighbors, two unidirectional VCs going to the opposite direction are established between a pair of PEs. These two VCs form one bidirectional PW. There are two modes of encapsulation for packets on a VC:
l
Ethernet: The packet encapsulated in the Ethernet mode does not carry the VLAN tag when they are transmitted on the public network. VLAN: The packet encapsulated in the VLAN mode carries the VLAN tag when they are transmitted on the public network.
Access Mode
l
VLAN interface of the switch or router The VLAN interface can be one of the following types:
Terminal VLAN interface: reuses a physical interface. For example, you can divide an Ethernet interface into multiple sub interfaces, and take every sub interface as a VLAN interface. Switched VLAN interface: is a logical interface, and not a sub interface of a physical interface. A VLAN interface contains more than one physical interface, that is, the VLAN packets are received from multiple physical interfaces.
The physical interface configured as the switching interface can send VLAN traffic in the following modes:
Access mode: allows only the packets with the default VLAN ID to pass. Trunk mode: allows only the packets with the VLAN ID of this interface to pass. QinQ mode: adds the default VLAN ID to original packets, and allows only the packets with default VLAN ID to pass.
NOTE
l l l
In the QinQ mode, the packet with two tags is transmitted in the tunnel. After the packet reaches the destination PE, the PE removes the outside tag and then forwards the packet to the CE. By using the QinQ mode, you can deploy the Hierarchical Virtual Private LAN Service (HVPLS).
1483B bridge The Virtual-Ethernet of the NE80E/40E supports ATM 1483B, and can also forward VLAN packets.
7-6
Issue 03 (2008-09-22)
7 VPLS Configuration
HVPLS
The above mentioned VPLS requires that the PE devices forward the Ethernet frame through the fully-connected Ethernet PW. Thus, each PE must set up connections with the other PEs in the same VPLS. If a VPLS has the PE devices of the number N, the VPLS will possess the connection of N x (N 1)/2. When the number of PEs increases, the VPLS connection increases by squares of N. The introduction of the Hierarchical Virtual Private LAN Service (HVPLS) resolves the problem caused by excessive connections. Figure 7-3 shows the HVPLS basic model. Figure 7-3 HVPLS model
CE basic VPLS full mesh
AC
SPE SPE
PW PW PW
UPE
PW AC
SPE
CE
In the HVPLS model, PEs falls into the following two types:
l
Underlayer PE (UPE) It refers to the user aggregation device. It is directly connected with the CE. It is only necessary for the UPE to set up the connection with a PE in the VPLS fully-connected network. The UPE supports the routing and the MPLS encapsulation.If the UPE is connected with multiple CEs and possesses the bridge function, the frame forwarding can be performed on the UPE. Thus, the load on the SPE can be relieved.
Superstratum PE (SPE) The SPE refers to the core device that is connected with the UPE and located in the VPLS fully-connected network. The SPE sets up the connection with all the other devices within the VPLS fully-connected network. The UPE connected with the SPE is like a CE to the SPE. The PW set up between the UPE and the SPE works as the AC of the SPE. The SPE needs to learn the MAC addresses of all the sites on the UPE side and that of the UPE interface connected with the SPE.
7 VPLS Configuration
Figure 7-4 Networking diagram of user network accessing to a single PE through redundant links
PE1 PE2
VPLS network
Switch
CE2
CE1
Figure 7-5 The user network accesses the VPLS network through dual-homing links
Switch
CE
In the preceding situations, you can configure loop detection on Attachment Circuit (AC) interfaces of a PE, without the deployment of a user network. In this manner, the PE can determine whether a loop occurs by sending Layer 2 detection packets. This effectively avoids loops on the carrier network without any impact on the access of users.
7 VPLS Configuration
In practical networks, such as MAN access networks, virtual leased lines (VLLs) set up between Underlayer Provider Edges (UPEs) and SPEs can connect the Customer Edges (CEs) to the backbone VPLS network. In certain networking environment, if a UPE does not support the dynamic VLL, the UPE needs to access SPEs through the static VLL. A UPE and an SPE generally set up a static virtual circuit (SVC) between each other to create a VLL. Figure 7-6 Networking diagram of the VLL accessing the VPLS
VPLS Network
PW
SPE1
SPE2
UPE1
VL L
VL L
UPE2
CE1
CE2
CE3
CE4
The UPEs add double MPLS labels to the packets sent by the CEs. The outer layer is the LSP label and is switched when a packet passes through the devices on the access network. The inner label is the VC label that identifies the VC. The inner label remains unchanged when a packet is transmitted along the LSP. The packets received by the SPEs contain double labels. The outer label, which is a public network label, is popped up. The inner label decides which VSI the VLL accesses.
Issue 03 (2008-09-22)
7-9
7 VPLS Configuration
Figure 7-7 Networking diagram of the static VLL accessing the VPLS network in dual-homed mode
SPE1 SPE3
UPE1
x
SPE2 SPE4
UPE2
CE1
CE2
LDP Message
As shown in Figure 7-7, if a fault occurs on the LSP between the UPE1 and the SPE1, SPE1 detects the fault and asks the other SPEs to delete the related MAC addresses by sending LDP messages. The UPEs detect the LSP status through MPLS Operation Administration & Maintenance (OAM). If a fault is found, the traffic switchover is performed. After the switchover, the related VSIs on the SPEs learn the MAC addresses afresh; thus, the traffic can return through the new SPEs. Before other SPEs learn the MAC addresses, the traffic must be broadcast. After the fault is removed, the UPE receives double VLL broadcast traffic: one from the SPEs before the switchover, the other from the SPEs after the switchover. The UPE decides which broadcast traffic to be thrown away. After the faulty VLL restores the normal state, the VPLS traffic will be not switched to the VLL.
Inter-AS VPLS
Martini and Kompella VPLSs can realize the inter-AS Option A. In the inter-AS L2VPN network, the link type between Autonomous System Boundary Routers (ASBRs) must be the same as the VC type. In inter-AS Option A, each ASBR must reserve a sub-interface for each inter-AS VC. If the number of inter-AS VCs is small, Option A can be used. VPLS adopting inter-AS Option A consumes more resources and requires more configurations, and thus it is not recommended. Option C is a better solution. The devices on the SP network need only to set up the outer tunnel on PEs in different ASs. The ASBR does not need to maintain information about the inter-AS VPLS or reserve interfaces for the inter-AS VPLS. VSI information of VPLS is exchanged only between PEs. Thus, resources consumption decreases and configurations do not increase.
7 VPLS Configuration
7.2.4 (Optional) Configuring Huawei Devices to Communicate with Non-Huawei Devices 7.2.5 Binding the VSI to the Interface Connected with CE 7.2.6 (Optional) Configuring Route Reflection for BGP VPLS 7.2.7 Checking the Configuration
Pre-configuration Tasks
Before configuring Kompella VPLS, complete the following tasks:
l l l
Configuring the LSR ID on the PE and the P and enabling MPLS Enabling MPLS L2VPN on the PE Establishing the tunnel between the PEs to transmit user data
Data Preparation
To configure Kompella VPLS, you need the following data. No. 1 2 3 4 5 Data BGP peer to exchange VPLS information VSI name RD and VPN target of VSI CE ID of the site, the number of CEs allowed to access VPLS, and default offset value of the CE ID Binding interface of the VSI
For details of commands in BGP VPLS address family view, refer to the chapter "IP Routing Commands" in the Quidway NetEngine80E/40E Router Command Reference.
7 VPLS Configuration
Procedure
Step 1 Run:
system-view
To improve reliability, on the PE, the local loopback interface is generally specified as the interface to set up the TCP connection.
Step 5 Run:
vpls-family
The BGP VPLS shares a TCP session with the common BGP protocol. Most configurations of the BGP VPLS network are the same as the configurations of the BGP protocol. To exchange information about the VPLS label block, you need to enable peers to exchange the VPLS block label in the BGP VPLS subaddress family view.
----End
A VSI can set up the VSI connection with multiple VSIs with the same site number and the same VPN target of other PEs. Among those VSIs, a VSI is the primary VSI, and the others are backup VSIs. This backup scheme is not recommended. Multiple VSIs with the same site number and the same VPN target are allocated with the same label, and they are actually the same VSI. A VSI can set up only one VSI connection with multiple VSIs with the same site number and the same VPN target.
7 VPLS Configuration
Procedure
Step 1 Run:
system-view
A VSI is created and automatic member discovery mechanism is configured. The Kompella VPLS does not directly deal with the connection between the CEs. It numbers the CEs and creates a VSI on the PE for each CE. Step 3 Run:
pwsignal bgp
The PW signaling protocol is configured as BGP and the VSI-BGP view is displayed. Step 4 Run:
route-distinguisher route-distinguisher
The RD of the VSI is configured. After the PW signaling protocol is configured as BGP, configure the RD to make the VSI take effect.
NOTE
For a PE, different VSIs have different RDs. For the same VSI on different PEs:
l l
If a CE accesses two PEs, RDs of the VSI must be different. If a CE accesses a PE, RDs of the VSI can be either the same or different.
Step 5 Run:
vpn-target vpn-target&<1-16> [ both | export-extcommunity | import-extcommunity ]
The VPN target of the VSI is configured. When using this command, note the mapping between the VPN target attribute at the local end and the VPN target at the remote end. That is,
l
export-extcommunity of the local end must be consistent with import-extcommunity of the peer. import-extcommunity of the local end must be consistent with export-extcommunity of the peer.
Traffic can be normally transmitted in bidirectional way only if the preceding two conditions are satisfied. If only one condition is met, the traffic can be transmitted only in unidirectional way. For convenience of configuration, the four values are generally configured to be the same. Step 6 Run:
site site-id [ range site-range ] [ default-offset { 0 | 1 } ]
The site is configured. The two ends of the VSI cannot be configured with the same site ID. The value of the local site ID cannot be greater than the sum of the site-range and default-offset of the remote end. The
Issue 03 (2008-09-22) Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd. 7-13
7 VPLS Configuration
value of the local site ID, however, must be larger than the value of the default-offset of the remote end.
NOTE
All Kompella L2VPN instances and VPLS VSI instances of one device share one label block; therefore, the sum of the ranges of all Kompella L2VPN instances and VPLS VSI instances cannot be greater than the label block. Otherwise, the system prompts that the labels cannot be obtained because the required labels exceed the upper limit; thus, allocation of a site ID to a VSI or creation of a CE fails.
----End
When Huawei devices need to communicate with non-Huawei devices with the VPLS encapsulation type carried by BGP extended community attributes as 19, you need to perform this configuration.
NOTE
The vpls bgp encapsulation { ethernet | vlan } and ignore-mtu-match commands must be used together on Huawei devices so that Huawei devices can communicate with non-Huawei devices.
Procedure
Step 1 Run:
system-view
The global encapsulation type of Kompella VPLS is configured. After this command is used and the VPLS packet with encapsulation type 19 is received, the system re-encapsulates this packet according to the user configuration and then performs other processing related to VPLS. When this command is not used, the system re-encapsulates the received VPLS packet with encapsulation type 19 in VLAN mode. Step 3 Run:
vsi vsi-name
The MTU matching check is ignored and the sent VPLS packet is re-encapsulated. By default, the MTU in the VSI view is 1500. If the MTUs of the same VSI on two PEs are different, the two PEs cannot exchange information or establish a connection.
7-14 Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd. Issue 03 (2008-09-22)
7 VPLS Configuration
The equipment of some manufacturers cannot perform the MTU matching check in the VSI. When a Huawei device communicates with a non-Huawei device in Kompella mode, you need to run the ignore-mtu-match command on the Huawei data communication device using the NE80E/40E to ignore the MTU matching check. This ensures that the VC link is Up. In addition, after the ignore-mtu-match command is used, the VPLS packet sent by the device adopts the standard encapsulation type 19. ----End
Binding the VSI with the Ethernet interface or GE interface when the PE and the CE are connected through the Ethernet interface Binding the VSI with the Ethernet sub-interface or GE sub-interface when the PE and the CE are connected through the Ethernet sub-interface or GE sub-interface Binding the VSI with the VLAN interface when the PE and the CE are connected through the VLAN interface Binding the VSI with the VE interface when the PE and the CE are connected through the VE interface Binding the VSI with the Eth-Trunk when the PE and the CE are connected through the Eth-Trunk interface Binding the VSI with the Eth-Trunk sub-interface when the PE and the CE are connected through the Eth-Trunk sub-interface Binding the VSI to a sub-interface for QinQ VLAN tag termination. For details, refer to the Quidway NetEngine80E/40E Router Configuration Guide - LAN Access & MAN Access.
NOTE
In VPLS applications, different CEs are transparently connected to each other on the same LAN network segment through VSIs; therefore, the CEs cannot be configured with the same IP address. In addition, PE interfaces connected with CEs cannot be configured with the l2 binding command and the ip address command at the same time. That is, if PE interfaces connected with CEs have been configured with IP addresses, the interfaces cannot be bound to VSI instances; if the interfaces have been bound to VSI instances, the interfaces cannot be configured with IP addresses.
Procedure
l Binding VSI with the Ethernet interface 1. Do as follows on the PEs of the two ends of the PW, and run:
system-view
Run:
Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd. 7-15
7 VPLS Configuration
l2 binding vsi vsi-name
The VSI is bound with the Ethernet interface. l Binding VSI to an Ethernet sub-interface 1. Do as follows on the PEs of the two ends of the PW, and run:
system-view
The VSI is bound with the Ethernet sub-interface. l Binding the VSI to a VLANIF interface 1. Do as follows on the PEs of the two ends of the PW, and run:
system-view
The VLANIF interface is bound to the VSI. l Binding the VSI to a VE interface 1. Do as follows on the PEs of the two ends of the PW, create a VE interface, and then configure the mapping of the 1483B service. (1) Run the system-view command to enter the system view. (2) Run the interface virtual-ethernet interface-number command to create a VE interface and enter the VE interface view. (3) Run the quit command to return to the system view. (4) Run the interface atm tunnel-number command to enter the ATM interface view. (5) Run the pvc vpi/vci command to create a PVC.
7-16 Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd. Issue 03 (2008-09-22)
7 VPLS Configuration
(6) Runt the map bridge virtual-ethernet interface-number command to configure the mapping of the 1483B service. (7) Run the quit command to return to the ATM interface view. (8) Run the quit command to return to the system view. 2. Switch the VE interface to a Layer 2 interface and add the VE interface to the specified VLAN. (1) Run the interface virtual-ethernet interface-number command to enter the VE interface view. (2) Run the portswich command to switch the VE interface to a Layer 2 interface. (3) Run the quit command to return to the system view. (4) Run the vlan vlan-id command to create a VLAN and enter the VLAN view. (5) Run the port virtual-ethernet interface-number command to add the Layer 2 VE interface to the specified VLAN. (6) Run the quit command to return to the system view. 3. Bind the VLANIF interface to the VSI. (1) Run the interface vlanif vlan-id command to create a VLANIF interface. (2) Run the l2 binding vsi vsi-name command to bind the VLANIF interface to the VSI. l Binding the VSI to an Eth-Trunk interface 1. Do as follows on the PEs of the two ends of the PW, and run:
system-view
The view of the interface to be added into the Eth-Trunk is displayed. An Eth-Trunk member interface cannot be configured with a static MAC address.
NOTE
5.
Run:
eth-trunk trunk-id
The interface is added into the Eth-Trunk. Before adding an interface into an Eth-Trunk, ensure the interface is not configured with any Layer 3 attributes such as IP address and any services. An Ethernet interface can join only one Eth-Trunk interface. To join another EthTrunk interface, the Ethernet interface must quit from the original one.
Issue 03 (2008-09-22) Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd. 7-17
7 VPLS Configuration
Member interfaces of an Eth-Trunk interface must be of the same type. That is, FE interfaces and GE interfaces cannot join an Eth-Trunk interface. 6. Run:
quit
The Eth-Trunk interface is bound with the VSI. l Binding the VSI with an Eth-Trunk sub-interface 1. Do as follows on the PEs of the two ends of the PW, and run:
system-view
The view of the interface to be added into the Eth-Trunk is displayed. An Eth-Trunk member interface cannot be configured with a static MAC address.
NOTE
5.
Run:
eth-trunk trunk-id
The interface is added into the Eth-Trunk. Before adding an interface into an Eth-Trunk, ensure the interface is not configured with any Layer 3 attributes such as IP address and any services. An Ethernet interface can join only one Eth-Trunk interface. To join another EthTrunk interface, the Ethernet interface must quit from the original one. Member interfaces of an Eth-Trunk interface must be of the same type. That is, FE interfaces and GE interfaces cannot join an Eth-Trunk interface. 6. Run:
quit
7-18
Issue 03 (2008-09-22)
7 VPLS Configuration
Procedure
Step 1 Run:
system-view
The route reflector (RR) and its client are configured. Step 5 Run:
undo policy vpn-target
The filtering of VPLS label blocks based on VPN targets is disabled. Step 6 (Optional) Run:
rr-filter extended-list-number
Issue 03 (2008-09-22)
7-19
7 VPLS Configuration
Run the display vsi [ name vsi-name ] [ verbose ] command. You can view that the item "VSI State" is displayed as "up". If verbose is selected, the item "Signaling" is displayed as "bgp" and the item "VC State" is displayed as "up". This means that the configuration succeeds. For example:
<Quidway> display vsi name ***VSI Name Administrator VSI Isolate Spoken VSI Index PW Signaling Member Discovery Style PW MAC Learn Style Encapsulation Type MTU Mode Service Class Color DomainId Domain Name VSI State BGP RD SiteID/Range/Offset Import vpn target Export vpn target Remote Label Block Local Label Block Interface Name State **PW Information: *Peer Ip Address PW State Local VC Label Remote VC Label PW Type Tunnel ID bgp1 verbose : bgp1 : no : disable : 0 : bgp : auto : unqualify : vlan : 1500 : uniform : -: -: 0 : : up : 168.1.1.1:1 : 1/5/0 : 100:1, : 100:1, : 25600/5/0, : 25600/5/0, : GigabitEthernet1/0/0.1 : up : : : : : : 3.3.3.9 up 25602 25601 label 0x2002001,
Run the display vsi remote bgp [ nexthop nexthop-address [ export-vpn-target vpn-target ] | route-distinguisher route-distinguisher ] command. If information about the remote VSI established through BGP is displayed, it means that the configuration succeeds. For example:
7-20 Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd. Issue 03 (2008-09-22)
7 VPLS Configuration
Number
: 1
Run the display vpls connection [ bgp | vsi vsi-name ] [ down | up ] [ verbose ] command. You can view that the item "VC State" is displayed as "up". If verbose is selected, the item "Signaling" is displayed as "bgp", the item "VC State" is displayed as "up", and label allocation is complete. For example:
<Quidway> display vpls VSI Name: v1 **Remote Site ID VC State RD Encapsulation MTU Peer Ip Address PW Type Local VC Label Remote VC Label Tunnel Policy Tunnel ID Remote Label Block Export vpn target connection bgp verbose Signaling: bgp : 2 : up : 200:1 : vlan : 1500 : 4.4.4.4 : label : 25602 : 25601 : -: 0x2002001, : 25600/5/0 : 1:1,
Pre-configuration Tasks
Before configuring Martini VPLS, complete the following tasks:
l l l
Configuring the LSR ID and enabling MPLS and MPLS LDP Enabling the MPLS L2VPN on the PEs Establishing the tunnel used to transmit the user data between PEs
Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd. 7-21
Issue 03 (2008-09-22)
7 VPLS Configuration
l
Establishing a remote LDP session between the PEs if they are connected indirectly
Data Preparation
To configure Martini VPLS, you need the following data. No. 1 2 3 4 Data VSI name VSI ID IP address of the peer and tunnel policy to establish the peer Binding interface of the VSI
Procedure
Step 1 Run:
system-view
A VSI is created and static member discovery mechanism is adopted. Step 3 Run:
pwsignal ldp
The PW signaling protocol is specified as LDP and the VSI-LDP view is displayed. Step 4 Run:
vsi-id vsi-id
The two ends of the VSI must agree on the same VSI ID.
The VSI exists only on the PE. One PE can have multiple VSIs. One VPLS on a PE has only one VSI. Step 5 Run:
peer peer-address [ negotiation-vc-id vc-id ] [ tnl-policy policy-name ]
7 VPLS Configuration
When you take the LDP as PW signaling, you must configure VSI ID for the VSI to take effect. The VSI ID varies with the VSI, and you can use these VSI IDs in the stage of PW signaling negotiation. The LDP does not support the automatic discovery of the VPLS PE. You must manually specify the peer PE of the VPLS. ----End
Binding the VSI with the Ethernet interface or GE interface when the PE and the CE are connected through the Ethernet interface Binding the VSI with the Ethernet sub-interface or GE sub-interface when the PE and the CE are connected through the Ethernet sub-interface or GE sub-interface Binding the VSI with the VLAN interface when the PE and the CE are connected through the VLAN interface Binding the VSI with the VE interface when the PE and the CE are connected through the VE interface Binding the VSI with the Eth-Trunk when the PE and the CE are connected through the Eth-Trunk interface Binding the VSI with the Eth-Trunk sub-interface when the PE and the CE are connected through the Eth-Trunk sub-interface Binding the VSI to a sub-interface for QinQ VLAN tag termination. For details, refer to the Quidway NetEngine80E/40E Router Configuration Guide - LAN Access & MAN Access.
NOTE
In VPLS applications, different CEs are transparently connected to each other on the same LAN network segment through VSIs; therefore, the CEs cannot be configured with the same IP address. In addition, PE interfaces connected with CEs cannot be configured with the l2 binding command and the ip address command at the same time. That is, if PE interfaces connected with CEs have been configured with IP addresses, the interfaces cannot be bound to VSI instances; if the interfaces have been bound to VSI instances, the interfaces cannot be configured with IP addresses.
Procedure
l Binding VSI with the Ethernet interface 1. Do as follows on the PEs of the two ends of the PW, and run:
system-view
Issue 03 (2008-09-22)
7-23
7 VPLS Configuration
The VSI is bound with the Ethernet interface. l Binding VSI to an Ethernet sub-interface 1. Do as follows on the PEs of the two ends of the PW, and run:
system-view
The VSI is bound with the Ethernet sub-interface. l Binding the VSI to a VLANIF interface 1. Do as follows on the PEs of the two ends of the PW, and run:
system-view
The VLANIF interface is bound to the VSI. l Binding the VSI to a VE interface 1. Do as follows on the PEs of the two ends of the PW, create a VE interface, and then configure the mapping of the 1483B service. (1) Run the system-view command to enter the system view. (2) Run the interface virtual-ethernet interface-number command to create a VE interface and enter the VE interface view. (3) Run the quit command to return to the system view. (4) Run the interface atm tunnel-number command to enter the ATM interface view. (5) Run the pvc vpi/vci command to create a PVC.
7-24 Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd. Issue 03 (2008-09-22)
7 VPLS Configuration
(6) Runt the map bridge virtual-ethernet interface-number command to configure the mapping of the 1483B service. (7) Run the quit command to return to the ATM interface view. (8) Run the quit command to return to the system view. 2. Switch the VE interface to a Layer 2 interface and add the VE interface to the specified VLAN. (1) Run the interface virtual-ethernet interface-number command to enter the VE interface view. (2) Run the portswich command to switch the VE interface to a Layer 2 interface. (3) Run the quit command to return to the system view. (4) Run the vlan vlan-id command to create a VLAN and enter the VLAN view. (5) Run the port virtual-ethernet interface-number command to add the Layer 2 VE interface to the specified VLAN. (6) Run the quit command to return to the system view. 3. Bind the VLANIF interface to the VSI. (1) Run the interface vlanif vlan-id command to create a VLANIF interface. (2) Run the l2 binding vsi vsi-name command to bind the VLANIF interface to the VSI. l Binding the VSI to an Eth-Trunk interface 1. Do as follows on the PEs of the two ends of the PW, and run:
system-view
The view of the interface to be added into the Eth-Trunk is displayed. An Eth-Trunk member interface cannot be configured with a static MAC address.
NOTE
5.
Run:
eth-trunk trunk-id
The interface is added into the Eth-Trunk. Before adding an interface into an Eth-Trunk, ensure the interface is not configured with any Layer 3 attributes such as IP address and any services. An Ethernet interface can join only one Eth-Trunk interface. To join another EthTrunk interface, the Ethernet interface must quit from the original one.
Issue 03 (2008-09-22) Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd. 7-25
7 VPLS Configuration
Member interfaces of an Eth-Trunk interface must be of the same type. That is, FE interfaces and GE interfaces cannot join an Eth-Trunk interface. 6. Run:
quit
The Eth-Trunk interface is bound with the VSI. l Binding the VSI with an Eth-Trunk sub-interface 1. Do as follows on the PEs of the two ends of the PW, and run:
system-view
The view of the interface to be added into the Eth-Trunk is displayed. An Eth-Trunk member interface cannot be configured with a static MAC address.
NOTE
5.
Run:
eth-trunk trunk-id
The interface is added into the Eth-Trunk. Before adding an interface into an Eth-Trunk, ensure the interface is not configured with any Layer 3 attributes such as IP address and any services. An Ethernet interface can join only one Eth-Trunk interface. To join another EthTrunk interface, the Ethernet interface must quit from the original one. Member interfaces of an Eth-Trunk interface must be of the same type. That is, FE interfaces and GE interfaces cannot join an Eth-Trunk interface. 6. Run:
quit
7-26
Issue 03 (2008-09-22)
7 VPLS Configuration
Run the display vsi [ name vsi-name ] [ verbose ] command. You can view that the item "VSI State" is displayed as "up". If verbose is selected, the item "Signaling" is displayed as "ldp" and the item "VC State" is displayed as "up". This means that the configuration succeeds. For example:
<Quidway> display vsi name ***VSI Name Administrator VSI Isolate Spoken VSI Index PW Signaling Member Discovery Style PW MAC Learn Style Encapsulation Type MTU Mode a2 verbose : a2 : no : disable : 0 : ldp : static : unqualify : vlan : 1500 : uniform
Issue 03 (2008-09-22)
7-27
7 VPLS Configuration
Service Class Color DomainId Domain Name VSI State VSI ID *Peer Router ID VC Label Peer Type Session Tunnel ID Interface Name State **PW Information: *Peer Ip Address PW State Local VC Label Remote VC Label PW Type Tunnel ID : : : : : : : : : : : : : : : : : : : --0
up 2 3.3.3.9 23552 dynamic up 0x2002001, GigabitEthernet1/0/0.1 up 3.3.3.9 up 23552 23552 label 0x2002001,
Run the display vsi remote ldp [ router-id ip-address ] [ pw-id pw-id ] command. If information about the remote VSI established through LDP is displayed, it means that the configuration succeeds. For example:
<Quidway> display vsi remote ldp Vsi Peer VC ID RouterID Label 2 3.3.3.9 23552 Group ID 0 Encap Type vlan MTU Value 1500 Vsi Index 0
Run the display vpls connection [ ldp | vsi vsi-name ] [ down | up ] [ verbose ] command. You can view that the item "VC State" is displayed as "up". If verbose is selected, the item "Signaling" is displayed as "ldp", the item "VC State" is displayed as "up", and label allocation is complete. For example:
<Quidway> display vpls connection ldp verbose VSI Name: a2 Signaling: ldp **Remote Vsi ID : 2 VC State : up Encapsulation : vlan Group ID : 0 MTU : 1500 Peer Ip Address : 3.3.3.9 PW Type : label Local VC Label : 23552 Remote VC Label : 23552 Tunnel Policy : -Tunnel ID : 0x2002002,
7 VPLS Configuration
Applicable Environment
If the VPLS possess excessive PEs, you can adopt the HVPLS to reduce the performance requirement of the PE devices.
Pre-configuration Tasks
Before configuring the HVPLS, complete the following tasks:
l l l l l
Complete the task of Configuring Martini VPLS between the SPE and the PE Set up the MPLS LDP peer between the UPE and the SPE Create the VSI instance on the SPE and specify the UPE as its PE of lower layer Create the VSI instance on the UPE and specify the SPE as the VSI peer Configure the CE1 and the CE2 to access the UPE, and configure the CE3 to access the PE
NOTE
The Kompella VPLS uses BGP as the signaling. The configuration of the route reflector can solve the problem of excessive connections caused by the VPLS fully connection. Therefore, the NE80E/40E supports only the Martini HVPLS.
Data Preparation
To configure the HVPLS, you need the following data. No. 1 2 3 4 Data Corresponding relationship between the UPE and the SPE IP address of the peer VSI name, VSI ID, and the interface bound with VSI Tunnel policy
Procedure
Step 1 Run
system-view
The VSI and is created and the static member discovery mechanism is adopted.
Issue 03 (2008-09-22) Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd. 7-29
7 VPLS Configuration
Step 3 Run:
pwsignal ldp
The PW signaling protocol is specified as the LDP and the VSI-LDP view is displayed. Step 4 Run:
vsi-id vsi-id
The VSI peer between the SPE and the UPE is configured. ----End
Run the display vsi [ name vsi-name ] [ verbose ] command. You can view that the item "VSI State" is displayed as "up". If verbose is selected, the item "Signaling" is displayed as "ldp" and the item "VSI State" is displayed as "up". This means that the configuration succeeds. For example:
<Quidway> display vsi name vsi123 verbose ***VSI Name : v123 Administrator VSI : no Isolate Spoken : disable VSI Index : 0
7-30
Issue 03 (2008-09-22)
7 VPLS Configuration
Run the display vsi remote ldp [ router-id ip-address ] [ pw-id pw-id ] command. If information about the remote VSI established through LDP is displayed, it means that the configuration succeeds. For example:
<Quidway> display vsi remote ldp Vsi Peer VC ID RouterID Label 123 2.2.2.9 23553 Group ID 0 Encap Type vlan MTU Value 1500 Vsi Index 0
Issue 03 (2008-09-22)
7-31
7 VPLS Configuration
Applicable Environment
If the VPLS network that CE devices access has redundant links, configure loop detection for the AC interface of PE to protect the network from broadcast storm.
Pre-configuration Tasks
Before configuring loop detection of ACs in a VPLS network, complete the following task: Deploying the VPLS in network, and making CE devices interact
Data Preparation
To configure loop detection of ACs in a VPLS network, prepare the following data. No. 1 Data Recovery time of the backup link when the active link is faulty
Procedure
Step 1 Run:
system-view
Procedure
Step 1 Run:
system-view
7-32
Issue 03 (2008-09-22)
7 VPLS Configuration
The Ethernet sub-interface view is displayed. The interface must be already associated with the AC interface of a VSI.
NOTE
Step 3 Run:
loop-detect enable
The AC interface is set to blocking the interface when a loop is detected, and the delay for interface recovery after the loop elimination is set. ----End
Run the display interface { ethernet | gigabitethernet } interface-number.subinterfacenumber command. If the current State in the display result of the AC interface is up, it means the interface is blocked. For example:
<Quidway> display interface gigabitethernet 1/0/0.1 GigabitEthernet1/0/0.1 current state : UP (interface is blocked) Line protocol current state : DOWN Description : HUAWEI, Quidway Series, GigabitEthernet1/0/0.1 Interface, Route Po rt The Maximum Transmit Unit is 1500 bytes Internet protocol processing : disabled IP Sending Frames' Format is PKTFMT_ETHNT_2, Hardware address is 00e0-fc5b-8101 Encapsulation dot1q Virtual LAN, The number of Vlan is 1 The Vendor PN is HFBR-5710L Port BW: 1G, Transceiver max BW: 1G, Transceiver Mode: MultiMode WaveLength: 850nm, Transmission Distance: 550m Loopback:none, full-duplex mode, negotiation: disable, Pause Flowcontrol:Send a nd Receive Enable Last 300 seconds input rate 0 bytes/sec, 0 packets/sec Last 300 seconds output rate 0 bytes/sec, 0 packets/sec Input: 0 packets,0 bytes, 0 unicast,0 broadcast,0 multicasts 0 errors,0 drops,0 unknowprotocol Output:0 packets,0 bytes, 0 unicast,0 broadcast,0 multicasts
Issue 03 (2008-09-22)
7-33
7 VPLS Configuration
0 errors,0 drops
Pre-configuration Tasks
Before configuring a VLL to access the VPLS, complete the following tasks:
l
Configuring an IGP protocol on the SPE and P devices in the MPLS backbone network to ensure the IP connectivity Realizing the connectivity between the SPE devices in the VPLS meshed network Setting up a dynamic LSP or a static LSP between the UPE and the SPE devices Enabling MPLS L2VPN on the interfaces connected the UPE and the SPE devices Configuring the tunnel policy
l l l l
Data Preparation
To configure a VLL to access the VPLS, you need the following data. No. 1 2 3 4 5 6 7 Data Mappings between the UPE and the SPE devices IP address of the peer VSI name, VSI ID, the interface bound with the VSI Destination IP address of the L2VC and VC ID ID of the destination LSR of the static VLL Transmit and receive labels of the static VLL Tunnel policy of the static VLL
7-34
Issue 03 (2008-09-22)
7 VPLS Configuration
A Martini VLL is created. The VC ID of the VLL must be the same with the VSI ID of the VPLS to be accessed. The tunnel policy for the Martini VLL defaults to LSPs and only one LSP is used for load balancing. If a tunnel of other types is needed, you can specify tunnel-policy policy-name to obtain the tunnel policy. Because VPLS packets can adopt Ethernet encapsulation and VLAN encapsulation only, VC interfaces of the VLL must be Ethernet interfaces. In addition, the VC type of the VLL must be consistent with the encapsulation type of the VPLS. If they are inconsistent, you can specify tagged or raw to change the VC type to VLAN encapsulation or Ethernet encapsulation to make them consistent.
NOTE
An interface cannot be used as the AC interface of a VLL and the AC interface of an L3VPN at the same time. When an interface is bound to a VLL, the Layer 3 features such as the IP address and routing protocol configured on this interface become invalid. If an interface is bound to a VLL and an L3VPN at the same time, only the VLL is available. After the VLL is deleted, the bound L3VPN can become available.
Issue 03 (2008-09-22)
7-35
7 VPLS Configuration
1.
Run:
system-view
The view of the VSI is displayed and the static member discovery mechanism is adopted. 3. Run:
pwsignal ldp
The ID of the VSI is set. The VSI ID of the VPLS and the VC ID of the VLL must be the same. 5. Run:
peer peer-address [ negotiation-vc-id vc-id ] [ tnl-policy policy-name ] upe
A peer is configured for the VSI. When the VSI ID of the VPLS and the VC ID of the VLL are inconsistent, you can specify negotiate-vc-id vc-id, and vc-id must be the same as the VC ID of the VLL. In this case, vc-id cannot be the same as other configured local VSI IDs and other local VC IDs specified by negotiate-vc-id. The tunnel policy for the Martini VPLS defaults to LSPs and only one LSP is used for load balancing. If a tunnel of other types is needed, you can specify tnl-policy policy-name to obtain the tunnel policy. ----End
The system view is displayed. 2. Enter the interface view. Run the interface { ethernet | gigabitethernet } interface-number.subinterfacenumber command to enter the Ethernet interface view. Run the vlan-type dot1q vlan-id command to add the Ethernet sub-interface to the VLAN and specify the VLAN encapsulation type. 3.
7-36
Run:
Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd. Issue 03 (2008-09-22)
7 VPLS Configuration
mpls static-l2vc destination dest-ip-addr transmit-vpn-label transmitlabel-value receive-vpn-label receive-label-value [ tunnel-policy tnlpolicy-name | [ control-word | no-control-word ] | [ raw | tagged | ipinterworking ] ] *
A static VC is created between the UPE and the SPE devices. l Binding the VSI of the SPE to the Static VLL Do as follows on the SPE devices. 1. Run:
system-view
The LDP is specified as the PW signaling protocol and the VSI LDP view is displayed. 4. Run:
vsi-id vsi-id
After the configuration, when an AC fault or a UPE fault occurs and the VSI remains Up, the local MAC address is deleted and all the remote peers are informed of the deletion. 6. Run:
peer peer-address [ negotiation-vc-id vc-id ] [ tunnel-policy policyname ]
The transmit and receive labels between the SPE and the static UPE are configured. The label trans here must be the same as the label receive-vpn-label that is configured on UPE. In addition, the label recv must be the same as the label transmit-vpnlabel that is configured on UPE. ----End
Issue 03 (2008-09-22)
7-37
7 VPLS Configuration
Action Check information about the VLL connection in Martini mode. Check information about the VLL connection in SVC mode. Check information about the SVC interface in the Up state. Check information about the VSI of the VPLS. Check information about the remote VSI. Check information about the VPLS connection. Check the dynamic MAC address entries.
Command display mpls l2vc [ vc-id | interface interface-type interface-number ] display mpls static-l2vc [ interface interface-type interface-number ] display l2vpn ccc-interface vc-type static-vc up display vsi [ name vsi-name ] [ verbose ] display vsi remote ldp [ route-id ip-address ] [ pw-id pw-id ] display vpls connection [ ldp | vsi vsi-name ] [ down | up ] [ verbose ] display mac-address dynamic slot-id
Run the display mpls l2vc command. If the destination is the peer IP address of the specified VC and the VC is in the Up state, it means that the configuration succeeds. For example:
<Quidway> display mpls l2vc total LDP VC : 1 1 up 0 down *client interface : GigabitEthernet1/0/0.1 session state : up AC status : up VC state : up VC ID : 101 VC type : VLAN destination : 3.3.3.9 local VC label : 21504 remote VC label : 21504 control word : disable forwarding entry : existent local group ID : 0 manual fault : not set active state : active link state : up local VC MTU : 1500 remote VC MTU : 1500 tunnel policy name : -traffic behavior name: -PW template name : -primary or secondary : primary create time : 0 days, 0 hours, 7 minutes, 55 seconds up time : 0 days, 0 hours, 4 minutes, 58 seconds last change time : 0 days, 0 hours, 4 minutes, 58 seconds
Run the display mpls static-l2vc command. You can view that the VC status is Up. For example:
<Quidway> display mpls static-l2vc interface gigabitethernet 2/0/0.1 *Client Interface : GigabitEthernet2/0/0.1 is up AC Status : up VC State : up VC ID : 0 VC Type : VLAN Destination : 1.1.1.9 Transmit VC Label : 100 Receive VC Label : 100
7-38
Issue 03 (2008-09-22)
7 VPLS Configuration
Disable Disable ---Main : 1 tunnels/tokens , TNL ID : 0x1002000 : 0 days, 0 hours, 10 minutes, 45 seconds : 0 days, 0 hours, 10 minutes, 45 seconds : 0 days, 0 hours, 10 minutes, 45 seconds
Run the display l2vpn ccc-interface vc-type static-vc up command. You can view that the VC type is SVC and the status is Up. For example:
<Quidway> display l2vpn ccc-interface vc-type static-vc up Total ccc-interface of CCC VC: 1 up (1), down (0) Interface Encap Type State VC Type GigabitEthernet1/0/0 vlan up SVC
Run the display vsi [ name vsi-name ] [ verbose ] command. You can find the item "VSI State" is displayed as "up". If verbose is selected, the item "Signaling" is displayed as "ldp" and the item "VC State" is "up". This means that the configuration succeeds. For example:
<Quidway> display vsi name ***VSI Name Administrator VSI Isolate Spoken VSI Index PW Signaling Member Discovery Style PW MAC Learn Style Encapsulation Type MTU Mode Service Class Color DomainId Domain Name VSI State VSI ID *Peer Router ID VC Label Peer Type Session Tunnel ID *Peer Router ID VC Label Peer Type Tunnel ID **PW Information: *Peer Ip Address PW State Local VC Label Remote VC Label PW Type Tunnel ID *Peer Ip Address PW State Local VC Label Remote VC Label PW Type Tunnel ID v100 verbose : v100 : no : disable : 0 : ldp : static : unqualify : vlan : 1500 : uniform : -: -: 0 : : up : 100 : 3.3.3.9 : 23552 : dynamic : up : 0x1002001, : 4.4.4.9 : 100 : static : 0x2002004, : : : : : : : : : : : : 4.4.4.9 up 100 100 MEHVPLS 0x2002004, 3.3.3.9 up 23552 23552 label 0x1002001,
Run the display vsi remote ldp [ router-id ip-address ] [ pw-id pw-id ] command. If information about the remote VSI established through LDP is displayed, it means that the configuration succeeds. For example:
Issue 03 (2008-09-22) Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd. 7-39
7 VPLS Configuration
<Quidway> display vsi remote ldp Vsi Peer VC ID RouterID Label 123 3.3.3.9 17408
Group ID 0
Vsi Index 1
Run the display mac-address dynamic slot-id command. You can view the MAC address learned by the corresponding interface. For example:
<Quidway> display mac-address dynamic 1 MAC Address VLAN/VSI PEVLAN CEVLAN Port Type Lsp -------------------------------------------------------------------------------0000-c101-0202 100 123 12 GigabitEthernet1/0/0 dynamic 3/4137 0000-c101-0102 100 123 12 GigabitEthernet1/0/1 dynamic 3/3366 Total 2 ,2 printed
7.7 Configuring the Static VLL to Access the VPLS Network in Dual-homed Mode
This section describes how to configure the static VLL to access the VPLS network in dualhomed mode. 7.7.1 Establishing the Configuration Task 7.7.2 Configuring L2VPN and OAM to Detect PSN Tunnels 7.7.3 Configuring Static LSPs Between the UPE and the SPE 7.7.4 Configuring the Primary Tunnel, Protection Tunnel, and Reverse LSP of MPLS TE 7.7.5 Configuring the Tunnel Policy 7.7.6 Configuring UPEs to Access SPEs Through Static VLLs 7.7.7 Configuring MPLS OAM 7.7.8 Configuring HVPLS for the SPE 7.7.9 Checking the Configuration
Pre-configuration Tasks
Before configuring the static VLL to access the VPLS network, complete the following tasks:
7-40 Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd. Issue 03 (2008-09-22)
7 VPLS Configuration
Configuring IGP on the SPE and P devices in the MPLS backbone network to ensure the IP connectivity Realizing the connectivity between the UPE and the SPE devices in the VPLS meshed network Enabling MPLS L2VPN on the interfaces connected the UPE and the SPE devices Configuring the tunnel policy of the SPE devices
l l
Data Preparation
To configure the static VLL to access the VPLS network in dual-homed mode, you need the following data. No. 1 2 3 4 5 6 7 8 Data Mappings between the UPE and the SPE devices IP address of the peer VSI name, VSI ID, the interface bound with the VSI ID of the destination LSR of the static VLL Sent and received label value of the static VLL between the SPE and the UPE devices Tunnel policy of the static VLL Interval for sending MPLS OAM FFD packets Name of the reverse LSP of the MPLS TE tunnel
Procedure
Step 1 Run:
system-view
7 VPLS Configuration
7.7.3 Configuring Static LSPs Between the UPE and the SPE
Context
Do as follows on the SPE and the UPE:
Procedure
Step 1 Run:
system-view
7.7.4 Configuring the Primary Tunnel, Protection Tunnel, and Reverse LSP of MPLS TE
Context
Do as follows on the SPE and the UPE:
Procedure
Step 1 Run:
system-view
7-42
Issue 03 (2008-09-22)
7 VPLS Configuration
The tunnel protocol is configured as MPLS TE, and an MPLS TE tunnel is created. Step 5 Run:
mpls te signal-protocol static
The tunnel protocol is configured as the static LSP protocols. Step 6 Run:
destination ip-address
The protection tunnel of the primary tunnel is configured. You need to run this command in the primary tunnel view rather than the protection tunnel view of the UPE nor the tunnel view of the SPE. Step 9 Run:
mpls te reverse-lsp lsp-name lsp-name
The reverse LSP of the tunnel interface is configured. This reverse LSP and the positive LSP on the tunnel interface form a bidirectional LSP. Step 10 Run:
mpls te reserved-for-binding
Procedure
Step 1 Run:
system-view
7 VPLS Configuration
tunnel-policy policy-name
The specified tunnel is bound to the destination IP address. After the binding, this tunnel can be used to transmit only specific VPN services. ----End
Procedure
Step 1 Run:
system-view
The static VC is created between the UPE and the SPE. ----End
Procedure
Step 1 Run:
system-view
7-44
Issue 03 (2008-09-22)
7 VPLS Configuration
MPLS OAM parameters are configured for the ingress. By default, note the following:
l
The detection packet is a connectivity verification (CV) packet. The interval for sending CV packets is 1 second. The shared reverse channel (share) is used. The priority of sending detection packets is 0, which is the highest priority.
l l
Step 6 Run:
mpls oam ingress enable { all | tunnel tunnel-number }
OAM parameters are configured for the egress when OAM automatic protocol extension is disabled. Step 8 Run:
mpls oam egress enable { all | lsp-name lsp-name | lsr-id ingress-lsr-id tunnel-id tunnel-id }
7 VPLS Configuration
Procedure
Step 1 Run:
system-view
The VSI view is created and the static member discovery mechanism is adopted. Step 3 Run:
pwsignal ldp
LDP is configured as the PW signaling protocol and the VSI LDP view is displayed. Step 4 Run:
vsi-id vsi-id
After the configuration, when the AC or UPE fails and the VSI remains Up, the VSI can delete the local MAC address and notify all remote peers of the fault. Step 6 Run:
peer peer-address
The local label and the remote label are configured between the SPE and the UPE. ----End
Command display mpls static-l2vc [ interface interface-type interface-number ] display l2vpn ccc-interface vc-type static-vc up
Issue 03 (2008-09-22)
7 VPLS Configuration
Action Check information about the remote VSI. Check dynamic MAC address entries. Check the LSP status and configuration of the OAM ingress. Check the LSP status and configuration of the OAM egress. Check information about the specified tunnel and its protection tunnel.
Command display vsi remote ldp [ router-id ip-address ] [ pw-id pw-id ] display mac-address dynamic slot-id display mpls oam ingress { all | tunnel tunnelnumber } [ slot slot-id | verbose ] display mpls oam egress { all | lsp-name lspname | lsr-id ingress-lsr-id tunnel-id tunnel-id } [ slot slot-id | verbose ] display mpls te protection tunnel { all | tunnelid } [ verbose ]
Run the display mpls static-l2vc command. You can view that the VC status is Up. For example:
<Quidway> display mpls static-l2vc interface gigabitethernet 2/0/0.1 *Client Interface : GigabitEthernet2/0/0.1 is up AC Status : up VC State : up VC ID : 0 VC Type : VLAN Destination : 1.1.1.9 Transmit VC Label : 100 Receive VC Label : 100 Control Word : Disable VCCV Capabilty : Disable Tunnel Policy : -PW Template Name : -Traffic Behavior : -Main or Secondary : Main VC tunnel/token info : 1 tunnels/tokens NO.0 TNL Type : lsp , TNL ID : 0x1002000 Create time : 0 days, 0 hours, 10 minutes, 45 seconds UP time : 0 days, 0 hours, 10 minutes, 45 seconds Last change time : 0 days, 0 hours, 10 minutes, 45 seconds
Run the display l2vpn ccc-interface vc-type static-vc up command. You can view that the VC type is SVC and the status is Up. For example:
<Quidway> display l2vpn ccc-interface vc-type static-vc up Total ccc-interface of CCC VC: 1 up (1), down (0) Interface Encap Type State VC Type GigabitEthernet1/0/0 vlan up SVC
Run the display vsi [ name vsi-name ] [ verbose ] command. You can find the item "VSI State" is displayed as "up". If verbose is selected, the item "Signaling" is displayed as "ldp" and the item "VSI State" is "up". This means that the configuration succeeds. For example:
<Quidway> display vsi name ***VSI Name Administrator VSI Isolate Spoken VSI Index PW Signaling Member Discovery Style PW MAC Learn Style Encapsulation Type v100 verbose : v100 : no : disable : 0 : ldp : static : unqualify : vlan
Issue 03 (2008-09-22)
7-47
7 VPLS Configuration
MTU Mode Service Class Color DomainId Domain Name VSI State VSI ID *Peer Router ID VC Label Peer Type Session Tunnel ID *Peer Router ID VC Label Peer Type Tunnel ID **PW Information: *Peer Ip Address PW State Local VC Label Remote VC Label PW Type Tunnel ID *Peer Ip Address PW State Local VC Label Remote VC Label PW Type Tunnel ID : : : : : : : : : : : : : : : : : : : : : : : : : : : : : 1500 uniform --0 up 100 3.3.3.9 23552 dynamic up 0x1002001, 4.4.4.9 100 static 0x2002004, 4.4.4.9 up 100 100 MEHVPLS 0x2002004, 3.3.3.9 up 23552 23552 label 0x1002001,
Run the display vsi remote ldp [ router-id ip-address ] [ pw-id pw-id ] command. If information about the VSI established through LDP is displayed, it means that the configuration succeeds. For example:
<Quidway> display vsi remote ldp Vsi Peer VC ID RouterID Label 123 3.3.3.9 17408 Group ID 0 Vsi Type vlan MTU Value 1500 Vsi Index 1
Run the display mac-address dynamic slot-id command. You can view the MAC address learned by the corresponding interface. For example:
<Quidway> display mac-address dynamic 1 MAC Address VLAN/VSI Port Type Lsp ---------------------------------------------------------------------------00eo-fc01-0202 100 GigabitEthernet1/0/0 dynamic 3/4137 00e0-fc01-0102 100 GigabitEthernet1/0/1 dynamic 3/3366 Total matching items displayed = 2
After the configuration, run the display mpls oam ingress all command, and you can view that the detection status of the OAM ingress is "Start/Non-defect". For example:
<Quidway> display mpls oam ingress all -------------------------------------------------------------------------------No. Tunnel-name Ttsi Type Frequency Status -------------------------------------------------------------------------------1 Tunnel2/0/0 5.5.5.9 : 1 FFD 100 ms Start/Non-defect 2 Tunnel1/0/0 5.5.5.9 : 11 FFD 100 ms Start/Non-defect -------------------------------------------------------------------------------Total Oam Num: 2 Total Start Oam Num: 0 Total Defect Oam Num: 0
After the configuration, run the display mpls oam ingress all command, and you can view that the detection status of the OAM egress is "Non-defect". For example:
<Quidway> display mpls oam egress all --------------------------------------------------------------------------------
7-48
Issue 03 (2008-09-22)
7 VPLS Configuration
No. Lsp-name Ttsi Type Frequency Status -------------------------------------------------------------------------------1 b1 2.2.2.9 : 2 None -Start/Non-defect
Run the display mpls te protection tunnel command. You can check the status of the tunnel protection group. For example:
<Quidway> display mpls te protection tunnel all verbose ---------------------------------------------------------------Verbose information about the 1th proteciton-group ---------------------------------------------------------------Work-tunnel id : 2 Protect-tunnel id : 21 Work-tunnel name : Tunnel2/0/0 Protect-tunnel name : Tunnel1/0/0 Work-tunnel reverse-lsp name : b1 Protect-tunnel reverse-lsp name : b21 switch result : work-tunnel work-tunnel defect state : non-defect protect-tunnel defect state : non-defect work-tunnel reverse-lsp defect state : non-defect protect-tunnel reverse-lsp defect state : non-defect HoldOff : 0ms WTR : 60s Mode : revertive
Pre-configuration Tasks
Before configuring the Kompella VPLS, complete the following tasks:
Issue 03 (2008-09-22) Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd. 7-49
7 VPLS Configuration
l
Configuring IGP for MPLS backbone networks in each AS to ensure IP connectivity within an AS Configuring the basic MPLS functions for MPLS backbone networks in each AS Configuring the VSI on the PE connected with the CE and binding the VSI to the AC interface Configuring the IP address on the CE interface that accesses the PE Establishing the tunnel between the PE and the ASBR PE in the same AS (Option A) Configuring MPLS LDP and establishing LSP between the PE and the ASBR PE in the same AS (Option C) Configuring IBGP peer relationship between the PE and the ASBR PE in the same AS (Option C)
l l
l l l
Data Preparation
To configure the Kompella VPLS, you need the following data. No. 1 Data To configure the VSI on the PE and the ASBR PE, you need the following data:
l l l l
VSI name and RD (Optional) Description of the VSI VPN target (Optional) Routing policy that controls sending and receiving of information about VPLS label blocks (Optional) Tunnel policy (Optional) Permitted maximum number of label blocks saved in a VSI
l l
2 3 4 5 6 7
CE ID of the site, number of permitted CEs that access the VPLS network, CE ID and default CE offset PE interfaces that bound to VSIs AS number of the PEs IP addresses and interfaces used to establish the IBGP peers between the PEs and the ASBR PEs IP addresses of the interfaces that connect ASBR PEs (Option C) Routing policy on the ASBR PEs (Option C)
According to the actual scenario, choose either Configuring Inter-AS Kompella VPLS Option A or Configuring Inter-AS Kompella VPLS Option C.
7 VPLS Configuration
Configuring the Kompella VPLS for each AS Configuring ASBR PE by considering the peer ASBR PE as its CE Configuring the VSIs on the PE and the ASBR PE respectively and binding the VSIs to the AC interfaces (The PE provides the access service for the CE; the ASBR PE accesses the peer ASBR-PEs)
NOTE
In inter-AS VPLS Option A, for the same VPLS network, the VPN target of the VSI on the ASBR PE and that on the PE in the same AS must be matched. The VPN target of the VSI on the ASBR PE and that on the PE in different ASs need not be matched.
The capability of exchanging labeled IPv4 routes with the ASBR PE in the local AS is enabled. l Enabling the Capability of Exchanging Labeled IPv4 Routes on ASBR PEs 1. Run:
system-view
The view of the ASBR PE interface that connects the peer is displayed. 3. Run:
ip address ip-address { mask | mask-length }
Issue 03 (2008-09-22)
7-51
7 VPLS Configuration
The capability of exchanging labeled IPv4 routes with the PE in the local AS is enabled. In Option C, an inter-AS VPN LSP must be set up. The public routes advertised between the related PEs and the ASBR PEs carry MPLS label information. If an ASBR PE and its peer ASBR PE set up the EBGP peer relationship, the labeled IPv4 routes can be exchanged. The public routes carrying the MPLS label are advertised by MP BGP. According to RFC 3107 (Carrying Label Information in BGP-4), label mapping information of a route can be carried in the BGP route update. The feature is realized through the BGP extended attribute. BGP peers must be capable of processing labeled IPv4 routes. By default, a BGP peer cannot process labeled IPv4 routes. 8. Run:
peer peer-address as-number as-number
The capability of exchanging labeled IPv4 routes with the peer ASBR PE is enabled. l Configuring the Routing Policy to Control Label Allocation By configuring routing policies on ASBR PEs, you can control the label allocation for IPv4 routes. After the configuration, ASBR PEs allocate MPLS labels only to the routes that satisfy certain conditions. The routes that do not meet the conditions are non-labeled routes. By default, IPv4 routes do not carry MPLS labels. 1. Run:
system-view
The routing policy applied to the local PE is created. For the labeled IPv4 routes advertised to the PE in the local AS, MPLS labels are reassigned to the routes. 3. Run:
if-match mpls-label
7-52
Issue 03 (2008-09-22)
7 VPLS Configuration
The routing policy applied to the peer ASBR PE is created. For the routes received from the PE in the local AS, MPLS labels are allocated to the routes when they are advertised to the peer ASBR PE. 7. Run:
apply mpls-label
The routing policy applied when the routes are advertised to the local PE is configured. 12. Run:
peer peer-address route-policy policy-name2 export
The routing policy applied when the routes are advertised to the peer ASBR PE is configured. l Establishing MP EBGP VPLS Peer Relationship on ASBR PEs On ASBR PEs, configure the advertisement of the PE loopback interface addresses used in BGP sessions to the peer ASBR PEs, and then to the PEs in other ASs. 1. Run:
system-view
The local PE loopback interface address used in BGP sessions is advertised to the peer ASBR PE. l Establishing MP EBGP VPLS Peer Relationship on PEs 1.
Issue 03 (2008-09-22)
7 VPLS Configuration
system-view
The maximum number of permitted hops in setting up the EBGP peer is configured. PEs of different ASs are generally not directly connected. Therefore, to set up the EBGP peer relationship between the PEs of different ASs, you need to configure the permitted maximum hops between the PEs and ensure that the PEs are reachable. 5. Run:
vpls-family
The capability of exchanging information about VPLS label blocks with the peer PE is enabled. 7. Run:
peer peer-address next-hop-invariable
The next hop is specified to be unchanged when information about VPLS label blocks is sent to the EBGP peer. ----End
7-54
Issue 03 (2008-09-22)
7 VPLS Configuration
After the configurations, run the display bgp vpls peer command on the PE or the ASBR PE. You can view that the status of the BGP VPLS peer between the PE and the ASBR PE in the same AS is "Established". For example:
<Quidway> display bgp vpls peer BGP local router ID : 1.1.1.1 Local AS number : 100 Total number of peers : 1 Peer V AS MsgRcvd 4.4.4.4 4 200 5
MsgSent 8
Run the display bgp vpls all command on the PE or ASBR PE. You can view information about the VPLS label block on the ASBR PE. For example:
<Quidway> display bgp vpls all BGP Local Router ID : 1.1.1.1, Local AS Number : 100 Status codes : * - active, > - best BGP.VPLS : 2 Label Blocks -------------------------------------------------------------------------------Route Distinguisher: 100:1 SiteID Offset NextHop Range LabBase TunnelID FromPeer MHPref -------------------------------------------------------------------------------> 1 0 0.0.0.0 5 25600 0x0 0.0.0.0 0 -------------------------------------------------------------------------------Route Distinguisher: 200:1 SiteID Offset NextHop Range LabBase TunnelID FromPeer MHPref -------------------------------------------------------------------------------*> 2 0 4.4.4.4 5 25600 0x0 4.4.4.4 0
Run the display vpls connection command on the PE or the ASBR PE. You can view that the status of the VPLS connection on the PE or the ASBR PE is "up". For example:
<Quidway> display vpls connection 1 total connections, connections: 1 up, 0 down, 0 ldp, 1 bgp VSI Name: v1 SiteID RD PeerAddr 2 200:1 4.4.4.4
OutLabel 25601
VCState up
Run the display bgp routing-table label command on the PE or ASBR PE. You can view information about the labeled IPv4 routes. For example:
<Quidway> display bgp routing-table label Total Number of Routes: 1 BGP Local router ID is 1.1.1.1 Status codes: * - valid, > - best, d - damped, h - history, i - internal, s - suppressed, S - Stale Origin : i - IGP, e - EGP, ? - incomplete Network NextHop In/Out Label *>i 4.4.4.4 2.2.2.2 NULL/15361
7 VPLS Configuration
Inter-AS Option A: This solution can be easily implemented. When the number of interAS Martini VPLS routes on ASBRs is small, Option A is recommended. Inter-AS Option C: In this solution, ASBRs need not to create or maintain VCs. When each AS has a large number of Martini L2VPN routes to be exchanged, Option C can be used to prevent the ASBR from hindering the network extension.
Pre-configuration Tasks
Before configuring inter-AS Martini VPLS, complete the following tasks:
l
Configuring static routes or the IGP protocol on the PE or P devices in the MPLS backbone network of ASs to implement the IP connectivity of the backbone network devices in the same AS Configuring the basic MPLS capability on the MPLS backbone network of each AS Configuring MPLS LDP and establishing LDP LSP for the MPLS backbone of each AS Establishing the IBGP peer relationship between the PE and ASBR in the same AS and the EBGP peer relationship between two ASBRs in different ASs (for Option C)
l l l
Data Preparation
To configure the inter-AS Martini L2VPN, you need the following data. No. 1 2 3 4 Data Mode of the inter-AS VPN Number of each AS IP addresses of the interfaces between ASBRs (for Option C) Routing policy (for Option C)
Configuring Martini VPLS for each AS Configuring the ASBR by regarding the peer ASBR as the local CE
NOTE
No inter-AS-related configuration needs to be performed on the ASBR. No IP address needs to be configured for the interfaces between ASBRs. The configuration procedure is not mentioned.
7-56
Issue 03 (2008-09-22)
7 VPLS Configuration
The capability of exchanging labeled IPv4 routes with the PEs in the local AS is enabled. l Configuring ASBRs to Exchange Labeled IPv4 Routes 1. Do as follows on ASBR PEs, run:
system-view
The view of the interface that is connected to the peer ASBR PE is displayed. 3. Run:
ip address ip-address { mask | mask-length }
The capability of exchanging labeled IPv4 routes with the PE in the local AS is enabled. 8. Run:
peer peer-address as-number as-number
7 VPLS Configuration
9.
Run:
peer peer-address label-route-capability
The capability of exchanging labeled IPv4 routes with the peer ASBR PE is enabled. In the VPLS using Option C, you must establish an inter-AS LSP. The public network routes advertised between related PEs and ASBRs carry the MPLS labels. The ASBR establishes the EBGP peer relationship with the peer ASBR to exchange the labeled IPv4 routes. The public network routes carrying the MPLS labels are advertised through MP-BGP. According to RFC 3107 (Carrying Label Information in BGP-4), the label mapping information about a route is contained in the BGP Update message (piggyback). This feature is implemented through the BGP extension attribute, which requires BGP peers to process the labeled IPv4 routes. By default, the BGP peers cannot process the labeled IPv4 routes. l Creating a Routing Policy 1. Do as follows on ASBR PEs, run:
system-view
Labels are allocated to IPv4 routes. l Applying a Routing Policy 1. Do as follows on ASBR PEs, run:
system-view
7-58
Issue 03 (2008-09-22)
7 VPLS Configuration
The routing policy applied when routes are advertised to the local PE is configured. 4. Run:
peer peer-address route-policy policy-name2 export
The routing policy applied when routes are advertised to the peer ASBR PE is configured. After the routing policy is applied to the ASBR, the following situations occur:
For the routes received from the PE in the local AS and advertised to the peer ASBR, the ASBR allocates MPLS labels to the routes. For the labeled IPv4 routes advertised to the PE in the local AS, the ASBR allocates new MPLS labels to the routes.
MPLS label allocation is controlled by a routing policy. Labels are allocated to eligible IPv4 routes. By default, IPv4 routes do not carry MPLS labels. l Establishing Remote MPLS LDP Sessions Between PEs 1. Do as follows on the PEs, run:
system-view
The name of the remote LDP session is specified. To exchange PW information between PEs, you must establish MPLS LDP sessions between the PEs. 3. Run:
remote-ip ip-address
The peer IP address of the remote LDP session is specified. l Configuring VPLS Connections Configure VC connections on PEs. For the configuration procedure, see Configuring Martini VPLS. ----End
7-59
7 VPLS Configuration
Action Check information about the remote VSI. Check information about the VPLS connection.
Command display vsi remote ldp [ router-id ip-address ] [ pw-id pw-id ] display vpls connection [ ldp | vsi vsi-name ] [ down | up ] [ verbose ]
Run the display vsi [ name vsi-name ] [ verbose ] command. You can view that the item "VSI State" is displayed as "up". If verbose is selected, the item "Signaling" is displayed as "ldp" and the item "VSI State" is displayed as "up". This means that the configuration succeeds. For example:
<Quidway> display vsi name *** VSI Name VSI Index PW Signaling Member Discovery Style PW MAC Learn Style Encapulation Type MTU VSI State VSI ID *Peer Router ID VC Label Session Tunnel ID Interface Name State *Peer Ip Address PW State Local VC Label Remote VC Label PW Type Tunnel ID vsi1 verbose : vsi1 : 0 : ldp : static : unqualify : vlan : 1500 : up : 2 : 3.3.3.9 : 17408 : up : 0x6002001, : GigabitEthernet1/0/0.1 : up : 3.3.3.9 : up : 17408 : 17408 : label : 0x6002001,
Run the display vsi remote ldp [ router-id ip-address ] [ pw-id pw-id ] command. If information about the remote VSI established through LDP is displayed, it means that the configuration succeeds. For example:
<Quidway> display vsi remote ldp Vsi Peer VC ID RouterID Label 123 3.3.3.9 17408 Group ID 0 Vsi Type vlan MTU Value 1500 Vsi Index 1
Run the display vpls connection [ ldp | vsi vsi-name ] [ down | up ] [ verbose ] command. You can view that the item "VC State" is displayed as "up". If verbose is selected, the item "Signaling" is displayed as "ldp", the item "VC State" is displayed as "up", and label allocation is complete. For example:
<Quidway> display vpls connection 2 total connections, connections: 2 up, 0 down, 1 ldp, 1 bgp VSI Name: a2 VsiID EncapType 2 vlan VSI Name: bgp1 SiteID RD 1 168.1.1.1:1 PeerAddr 1.1.1.1 PeerAddr 1.1.1.1 Signaling: ldp InLabel OutLabel VCState 17408 17409 up Signaling: bgp InLabel OutLabel VCState 19457 19458 up
7-60
Issue 03 (2008-09-22)
7 VPLS Configuration
Pre-configuration Tasks
Before configuring dual-homed Kompella VPLS, complete the following tasks:
l l l l
Configuring LSR IDs and enabling MPLS on PEs and Ps Enabling MPLS L2VPN on PEs Establishing the tunnels between PEs to transmit user data Establishing BGP VPLS peer relationship between PEs
Data Preparation
To configure dual-homed Kompella VPLS, you need the following data. No. 1 2 3 4 5 Data BGP peers used to exchange VPLS information Name of the VSI RDs and VPN Targets of the VSI CE ID of the site, maximum number of permitted CEs that access the VPLS network, and default CE offset Interface bound to the VSI
7 VPLS Configuration
Context
Configure two VSIs with the same attributes on two dual-homed PEs. Do as follows on the PEs:
Procedure
Step 1 Run:
system-view
VSIs are created and the automatic member discovery mechanism is adopted. The Kompella VPLS does not directly operate on the connection between CEs. Each CE has a globally unique number. On a PE, a VSI is created for each CE that is directly connected to this PE device. Step 3 Run:
pwsignal bgp
BGP is configured as the PW signaling protocol and the VSI BGP view is displayed. Step 4 Run:
route-distinguisher route-distinguisher
The RD is configured for the VSI. After configuring BGP as the PW signaling protocol, you must configure the RD of the VSI to validate the VSI. Step 5 Run:
vpn-target vpn-target&<1-16> [ both | export-extcommunity | import-extcommunity ]
The VPN Target is configured for the VSI. When configuring the VPN Target of the VSI, ensure that the VPN target of exportextcommunity is the same as that of import-extcommunity. Step 6 Run:
site site-id [ range site-range ] [ default-offset { 0 | 1 } ]
Information about the sites of the VSI is configured. The site ID of the local end cannot be greater than the sum of the site-range value and defaultoffset value on the peer end. The site ID of the local end must be greater than the defaultoffset value of the peer end.
NOTE
At present, the VSIs of the two dual-homed PEs can be configured with only one label block. To enlarge the range, use the undo site command to delete all the original sites and then configure a larger range. In addition, the VSIs of the two dual-homed PEs can be configured with only one AC.
Step 7 Run:
quit
7-62
Issue 03 (2008-09-22)
7 VPLS Configuration
The encapsulation type is configured for the VPLS. Step 9 is configured only when the PE communicates with non-Huawei devices. Before performing Step 9, check the encapsulation type of the VSI on the peer PE. The local VSI and peer VSI can communicate only when the VSI encapsulation type of the peer PE is the same as that configured for the local PE. In VPLS BGP mode, the default encapsulation type of VPLS packets is VLAN.
NOTE
The signaling protocol, RD, default-offset, site ID, and encapsulation type of the VSIs on the two PEs that a CE accesses must be the same.
----End
Procedure
Step 1 Run:
system-view
The multi-homed preference is configured for a VSI. When the VSIs of the two PEs that a CE accesses are Up, the PE with the higher preference serves as the active PE, and the PE with the lower preference works as the standby PE. In addition, both PEs need be configured with different preferences to realize a smooth active/standby negotiation. The active PE is responsible for forwarding the traffic of the CE; the standby PE is only responsible for checking whether the VSI of the active PE is Up. After a PE is selected as the standby PE, the status of the VSI of the standby PE is set to Down. After the VSI of the active PE becomes Down, the standby PE becomes the new active PE.
Issue 03 (2008-09-22) Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd. 7-63
7 VPLS Configuration
After the BGP session between the two PEs that a CE accesses becomes Down, the PW of the PE with the lower preference becomes Up, and the PW between the two PEs becomes Up. ----End
After the configurations, run the display bgp vpls peer command on the PE or the ASBR PE. You can view that the status of the BGP VPLS peer relationship between PEs is "Established". For example:
<Quidway> display bgp vpls peer BGP local router ID : 1.1.1.1 Local AS number : 100 Total number of peers : 1 Peer V AS MsgRcvd 4.4.4.4 4 200 5
MsgSent 8
Run the display bgp vpls all command on the PE. You can view information about the VPLS label block on the PE. For example:
<Quidway> display bgp vpls all BGP Local Router ID : 1.1.1.1, Local AS Number : 100 Status codes : * - active, > - best BGP.VPLS : 2 Label Blocks -------------------------------------------------------------------------------Route Distinguisher: 100:1 SiteID Offset NextHop Range LabBase TunnelID FromPeer MHPref -------------------------------------------------------------------------------> 1 0 0.0.0.0 5 25600 0x0 0.0.0.0 0 -------------------------------------------------------------------------------Route Distinguisher: 200:1 SiteID Offset NextHop Range LabBase TunnelID FromPeer MHPref -------------------------------------------------------------------------------*> 2 0 4.4.4.4 5 25600 0x0 4.4.4.4 0
Run the display vpls connection command on the PE. You can view that the status of the VPLS connection on the PE is "up". For example:
<Quidway> display vpls connection 1 total connections,
7-64
Issue 03 (2008-09-22)
7 VPLS Configuration
OutLabel 25601
VCState up
Pre-configuration Tasks
Before configuring related parameters of the VSI, complete the following tasks:
l l
Data Preparation
To configure basic VPLS capability, you need the following data. No. 1 2 3 Data Encapsulation type of the VSI MAC address learning mode and MAC address entry Descriptive information of the VSI
7 VPLS Configuration
Procedure
Step 1 Run:
system-view
The VPLS encapsulation mode is configured for the VSI. Step 4 (Optional) Run:
description text
Procedure
Step 1 Run:
system-view
The aging time of MAC address entries for the VPLS is configured. Step 3 Run:
mac-address static mac-address interface-type interface-number [ vlanif interfacenumber ] vsi vsi-name
7 VPLS Configuration
Step 5 Run:
vsi vsi-name
Procedure
Step 1 Run:
system-view
Postrequisite
In the case of a multi-homed CE, the vpls pw-down-delay command needs not to be run on the PEs. That is, the default value 0 is adopted. In the case of a non-multi-homed CE, it is recommended to run the vpls pw-down-delay command on the PEs to set the number of times for VPLS PW Down delay to a non-zero value (the value 5 is recommended). This can greatly improve the convergence performance of the VPLS.
Issue 03 (2008-09-22) Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd. 7-67
7 VPLS Configuration
After the vpls pw-down-delay command is run, the delay for the system to process the event PW Down is determined by the number of PWs and the number of times for delay set on the device.
If a carrier needs to establish a model of the traffic between IP MANs and between MPLS core MANs for the reference of Diff-serv TE deployment and maintenance, or the carrier needs to charge the subscribers who do not use the monthly paid service by traffic, you can collect the statistics of the traffic on the specified PW.
Procedure
Step 1 Run:
system-view
The VSI view is displayed. Step 3 Choose one of the following commands to enable the function of collecting the statistics of the traffic.
l
Kompella VPL
Run the pwsignal bgp command. The PW signaling protocol is configured as BGP and the VSI-BGP view is displayed. To enable the function of collecting the statistics of the traffic on the public network of the specified Kompella VPLS PW, run the traffic-statistics peer peer-ip-address remote-site site-id enable command.
Martini VPLS
Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd. Issue 03 (2008-09-22)
7-68
7 VPLS Configuration
Run the pwsignal ldp command. The PW signaling protocol is configured as LDP and the VSI-LDP view is displayed. To enable the function of collecting the statistics of the traffic on the public network of the specified Martini VPLS PW, run the traffic-statistics peer peer-ip-address [ negotiation-vc-id vc-id ] enable command.
----End
If a PW becomes Down in five minutes, the traffic calculated before the PW becomes Down is not used to calculate the 5-minute traffic rate.
After the traffic on a VPLS PW is set, you can run the following commands in any view to view the running status of the traffic on a VPLS PW. Action Check the statistics of the traffic on the public network of the specified Kompella VPLS PW in the specified VSI. Check the statistics of the traffic on the public network of the specified LDP VPLS PW in the specified VSI. Command display traffic-statistics vsi vsi-name peer peer-address remote-site site-id display traffic-statistics vsi vsi-name peer peer-address [ negotiation-vc-id vc-id ]
Issue 03 (2008-09-22)
7-69
7 VPLS Configuration
CAUTION
Debugging affects the system performance. So, after debugging, run the undo debugging all command to disable it immediately. When a fault occurs, run the debugging commands in the user view to check the debugging information and locate the fault. For the detailed procedure of outputting debugging information, refer to the chapter "Maintenance and Debugging" in the Quidway NetEngine80E/40E Router Configuration Guide - System Management. Action Enable MPLS L2VPN debugging. Enable VPLS debugging. Enable the MPLS packet debugging. Enable the LDP debugging. Command debugging mpls l2vpn { advertisement | all | connections interface [ interface-type interface-number ] | error | event | timer } debugging mpls l2vpn { vpls_fib | vpls_mid } debugging mpls packet [ error ] [ acl acl-number ] [ inlabel outer-in-label [ inner-in-label ] ] [ l2vpn-in-interface interfacetype interface-number ] debugging mpls ldp { advertisement | all | error | main | notification | pdu | session | socket | timer } [ interface interface-type interface-number ]debugging mpls ldp { hsb | remote-peer remote-peer-name }
Regarding requirements of service management such as service debugging and service suspension, you can temporarily shut down the VSI, and then add, delete or adjust the VSI function. The shutdown command affects the PW connection. The AC is Down, and the Layer 2 forwarding table is deleted.
7 VPLS Configuration
CAUTION
After the MAC address entries are cleared, the entries cannot be restored. So, confirm the action before you clear the entries. After confirming the MAC address entries to be cleared, run the following commands in the system view. Action Clear the MAC address entries of the VSI. Clear the dynamic, static, blackhole, or all the MAC address entries. Command undo mac-address mac-address vsi vsi-name undo mac-address { dynamic | static | blackhole | all }
Issue 03 (2008-09-22)
7-71
7 VPLS Configuration
Networking Requirements
As shown in Figure 7-8, two routers, PE1 and PE2, are PE routers enabled with the VPLS function. CE1 is connected with PE1, while CE2 is connected with PE2. CE1 and CE2 belong to the same VPLS. In the network, construct a VPLS for CE1 and CE2 and adopt BGP as the VPLS signaling to establish the PW. Figure 7-8 Kompella VPLS
Loopback1 1.1.1.9/32 POS2/0/0 168.1.1.1/24 POS1/0/0 168.1.1.2/24 Loopback1 2.2.2.9/32 POS2/0/0 169.1.1.1/24 Loopback1 3.3.3.9/32
PE1
GE1/0/0.1 GE1/0/0.1 10.1.1.1/24
PE2
GE2/0/0.1 GE1/0/0.1 10.1.1.2/24
POS1/0/0 169.1.1.2/24
CE1
CE2
Configuration Roadmap
The configuration roadmap is as follows: 1. 2. 3. 4. 5. 6. Configure the routing protocol on the backbone network and the MPLS basic capability. Set up the LSP tunnel between PEs. Enable the MPLS L2VPN on the PE. On the PE, enable the BGP peer to exchange the VPLS information. Create the VSI on the PE. Specify the signaling protocol as BGP. Specify the RD, VPN target, and site. Bind the AC interface with the VSI.
Data Preparation
To complete the configuration, you need the following data:
l l l l l
IP address of the peer Name of the VSI on the PE1 and the PE2 BGP AS number of the PE1 and the PE2 Signaling mode, namely BGP RD and VPN-target of the VSI on the PE and the number of the site to which the VSI belongs Interface bound with the VSI and the VLAN ID encapsulated on the interface
7-72
Issue 03 (2008-09-22)
7 VPLS Configuration
Configuration Procedure
1. Configure OSPF. Configure the IP addresses of the PE and P as shown in Figure 7-8. When configuring OSPF, configure OSPF to advertise the 32-bit address of the loopback interface of the PE1, P and PE2. After the configuration, run the display ip routing-table command on the PE1, P, and PE2, and you can view that the routing information is learnt by one another. For the details on the configuration of the OSPF in this instance, see the following Configuration Files. 2. Configure basic MPLS basic capability and LDP. For details on the configuration procedure, see the following Configuration Files. After the configuration, run the display mpls ldp peer command on PE1, P and PE2, and you find that the peer relationship is established between PE1 and P, between PE2 and P. Run the display mpls ldp session command on PE1 and PE2, to find that the LDP session is established between the peers. Run the display mpls lsp command, to see the information of the LSPs established. 3. Enable BGP peers to exchange the VPLS information. # Configure PE1.
[PE1] bgp 100 [PE1-bgp] peer 3.3.3.9 as-number 100 [PE1-bgp] peer 3.3.3.9 connect-interface loopback1 [PE1-bgp] vpls-family [PE1-bgp-af-vpls] peer 3.3.3.9 enable [PE1-bgp-af-vpls] quit
# Configure PE2.
[PE2] bgp 100 [PE2-bgp] peer 1.1.1.9 as-number 100 [PE2-bgp] peer 1.1.1.9 connect-interface loopback1 [PE2-bgp] vpls-family [PE2-bgp-af-vpls] peer 1.1.1.9 enable [PE2-bgp-af-vpls] quit
4.
# Configure PE2.
[PE2] mpls l2vpn
5.
The ID of the site on both ends of the VSI should not be the same.
# Configure PE1.
[PE1] vsi bgp1 auto [PE1-vsi-bgp1] pwsignal bgp [PE1-vsi-bgp1-bgp] route-distinguisher 168.1.1.1:1 [PE1-vsi-bgp1-bgp] vpn-target 100:1 import-extcommunity [PE1-vsi-bgp1-bgp] vpn-target 100:1 export-extcommunity [PE1-vsi-bgp1-bgp] site 1 range 5 default-offset 0
# Configure PE2.
[PE2] vsi bgp1 auto [PE2-vsi-bgp1] pwsignal bgp [PE2-vsi-bgp1-bgp] route-distinguisher 169.1.1.2:1 [PE2-vsi-bgp1-bgp] vpn-target 100:1 import-extcommunity
Issue 03 (2008-09-22)
7-73
7 VPLS Configuration
6.
Bind the VSI with the AC interface on PE. # Create a sub interface on PE1, allow it to receive packets of VLAN 10, and bind it with the VSI.
[PE1] interface gigabitethernet1/0/0.1 [PE1-GigabitEthernet1/0/0.1] shutdown [PE1-GigabitEthernet1/0/0.1] vlan-type dot1q 10 [PE1-GigabitEthernet1/0/0.1] l2 binding vsi bgp1 [PE1-GigabitEthernet1/0/0.1] undo shutdown
# Create a sub interface on PE2, allow it to receive packets of VLAN 10, and bind it with the VSI.
[PE2] interface gigabitethernet2/0/0.1 [PE2-GigabitEthernet2/0/0.1] shutdown [PE2-GigabitEthernet2/0/0.1] vlan-type dot1q 10 [PE2-GigabitEthernet2/0/0.1] l2 binding vsi bgp1 [PE2-GigabitEthernet2/0/0.1] undo shutdown
7.
# Configure CE2.
<Quidway> sysname CE2 [CE2] interface gigabitethernet1/0/0.1 [CE2-GigabitEthernet1/0/0.1] shutdown [CE2-GigabitEthernet1/0/0.1] vlan-type dot1q 10 [CE2-GigabitEthernet1/0/0.1] ip address 10.1.1.2 255.255.255.0 [CE2-GigabitEthernet1/0/0.1] undo shutdown
8.
Verify the configuration. After the configuration, run the display vsi bgp1 verbose command on PE1, and you can see that VSI named "bgp1" establishes a PW to PE2 and the VSI state is "up".
<PE1> display vsi name bgp1 verbose ***VSI Name : bgp1 Administrator VSI : no Isolate Spoken : disable VSI Index : 0 PW Signaling : bgp Member Discovery Style : auto PW MAC Learn Style : unqualify Encapsulation Type : vlan MTU : 1500 Mode : uniform Service Class : -Color : -DomainId : 0 Domain Name : VSI State : up BGP RD : 168.1.1.1:1 SiteID/Range/Offset : 1/5/0 Import vpn target : 100:1, Export vpn target : 100:1, Remote Label Block : 25600/5/0, Local Label Block : 25600/5/0, Interface Name : GigabitEthernet1/0/0.1 State : up **PW Information: *Peer Ip Address : 3.3.3.9
7-74
Issue 03 (2008-09-22)
7 VPLS Configuration
Configuration Files
l
Issue 03 (2008-09-22)
7-75
7 VPLS Configuration
link-protocol ppp undo shutdown ip address 168.1.1.1 255.255.255.0 mpls mpls ldp # interface LoopBack1 ip address 1.1.1.9 255.255.255.255 # bgp 100 peer 3.3.3.9 as-number 100 peer 3.3.3.9 connect-interface LoopBack1 # vpls-family policy vpn-target peer 3.3.3.9 enable # ospf 1 area 0.0.0.0 network 1.1.1.9 0.0.0.0 network 168.1.1.0 0.0.0.255 # return l
Configuration file of P
# sysname P # mpls lsr-id 2.2.2.9 mpls # mpls ldp # interface Pos1/0/0 link-protocol ppp undo shutdown ip address 168.1.1.2 255.255.255.0 mpls mpls ldp # interface Pos2/0/0 link-protocol ppp undo shutdown ip address 169.1.1.1 255.255.255.0 mpls mpls ldp # interface LoopBack1 ip address 2.2.2.9 255.255.255.255 # ospf 1 area 0.0.0.0 network 168.1.1.0 0.0.0.255 network 169.1.1.0 0.0.0.255 network 2.2.2.9 0.0.0.0 # return
7-76
Issue 03 (2008-09-22)
7 VPLS Configuration
PE1
GE1/0/0.1 GE1/0/0.1 10.1.1.1/24
PE2
GE2/0/0.1 GE1/0/0.1 10.1.1.2/24
POS1/0/0 169.1.1.2/24
CE1
CE2
Issue 03 (2008-09-22)
7-77
7 VPLS Configuration
Configuration Roadmap
The configuration roadmap is as follows: 1. 2. 3. 4. 5. Configure the routing protocol on the backbone network. Set up the remote LDP session between PEs. Set up the tunnel used to transmit the user data between PEs. Enable the MPLS L2VPN on the PE. Create the VSI on the PE. Specify the signaling as LDP and then bind the VSI with the AC interface.
Data Preparation
To configure the Martini VPLS, you need the following data:
l l l
VSI name and VSI ID IP address and tunnel policy used in setting up the peer Interface bound to the VSI
Configuration Procedure
1. Configure OSPF. Configure the IP addresses of the PE and P as shown in Figure 7-9. When configuring OSPF, configure OSPF to advertise the 32-bit address of the loopback interface (LSR-ID) of the PE1, P and PE2. After the configuration, run the display ip routing-table command on PE1, P and PE2. The output shows that PE1 and PE2 know each others routing information. For the details on the configuration of the OSPF in this instance, see the following Configuration Files. 2. Configure basic MPLS capability and LDP. For the detailed procedure of the configuration, see the following Configuration Files. Run the display mpls ldp session command on PE1 and PE2, and you can see that LDP sessions are established between the peers. Run the display mpls lsp command, and you can see the information of established LSPs. 3. Configure remote session of LDP. # Configure PE1.
[PE1] mpls ldp [PE1-mpls-ldp-remote-pe2] remote-ip 3.3.3.9 [PE1-mpls-ldp-remote-pe2] quit
# Configure PE2.
[PE2] mpls ldp [PE2-mpls-ldp-remote-pe1] remote-ip 1.1.1.9 [PE2-mpls-ldp-remote-pe1] quit
After the configuration, run the display mpls ldp session command on PE1 or PE2, and you can find the status of the peers PE1 and PE2 is "operational". That is, the remote peer relationship is set up. 4. Enable MPLS L2VPN on PEs. # Configure PE1.
[PE1] mpls l2vpn
7-78
Issue 03 (2008-09-22)
7 VPLS Configuration
# Configure PE2.
[PE2] mpls l2vpn
5.
# Configure PE2.
[PE2] vsi a2 static [PE2-vsi-v] pwsignal ldp [PE2-vsi-v-ldp] vsi-id 2 [PE2-vsi-v-ldp] peer 1.1.1.9
6.
# Configure PE2.
[PE2] interface gigabitethernet2/0/0.1 [PE2-GigabitEthernet2/0/0.1] shutdown [PE2-GigabitEthernet2/0/0.1] vlan-type dot1q 10 [PE2-GigabitEthernet2/0/0.1] l2 binding vsi a2 [PE2-GigabitEthernet2/0/0.1] undo shutdown
7.
# Configure CE2.
<Quidway> sysname CE2 [CE2] interface gigabitethernet1/0/0.1 [CE2-GigabitEthernet1/0/0.1] shutdown [CE2-GigabitEthernet1/0/0.1] vlan-type dot1q 10 [CE2-GigabitEthernet1/0/0.1] ip address 10.1.1.2 255.255.255.0 [CE2-GigabitEthernet1/0/0.1] undo shutdown
8.
Verify the configuration. After the configuration, run the display vsi name a2 verbose command on PE1, and you can see that VSI named a2 establishes a PW to PE2 and the VSI is Up.
<PE1> display vsi name a2 verbose ***VSI Name : a2 Administrator VSI : no Isolate Spoken : disable VSI Index : 0 PW Signaling : ldp Member Discovery Style : static PW MAC Learn Style : unqualify Encapsulation Type : vlan MTU : 1500 Mode : uniform Service Class : -Color : -DomainId : 0
Issue 03 (2008-09-22)
7-79
7 VPLS Configuration
Domain Name VSI State VSI ID *Peer Router ID VC Label Peer Type Session Tunnel ID Interface Name State **PW Information: *Peer Ip Address PW State Local VC Label Remote VC Label PW Type Tunnel ID : : : : : : : : : : : : : : : :
up 2 3.3.3.9 23552 dynamic up 0x2002001, GigabitEthernet1/0/0.1 up 3.3.3.9 up 23552 23552 label 0x2002001,
Configuration Files
l
7-80
Issue 03 (2008-09-22)
7 VPLS Configuration
Configuration file of P
# sysname P # mpls lsr-id 2.2.2.9 mpls # mpls ldp # interface Pos1/0/0 link-protocol ppp undo shutdown ip address 168.1.1.2 255.255.255.0 mpls mpls ldp # interface Pos2/0/0 link-protocol ppp undo shutdown ip address 169.1.1.1 255.255.255.0 mpls mpls ldp # interface LoopBack1 ip address 2.2.2.9 255.255.255.255 # ospf 1 area 0.0.0.0 network 168.1.1.0 0.0.0.255 network 169.1.1.0 0.0.0.255 network 2.2.2.9 0.0.0.0 # return
Issue 03 (2008-09-22)
7-81
7 VPLS Configuration
mpls l2vpn # vsi a2 static pwsignal ldp vsi-id 2 peer 1.1.1.9 # mpls ldp # mpls ldp remote-peer 1.1.1.9 remote-ip 1.1.1.9 # interface Pos1/0/0 link-protocol ppp undo shutdown ip address 169.1.1.2 255.255.255.0 mpls mpls ldp # interface GigabitEthernet2/0/0.1 undo shutdown vlan-type dot1q 10 l2 binding vsi a2 # interface LoopBack1 ip address 3.3.3.9 255.255.255.255 # ospf 1 area 0.0.0.0 network 3.3.3.9 0.0.0.0 network 169.1.1.0 0.0.0.255 # return
P POS2/0/0
PE1
GE2/0/0.1
PE2
GE2/0/0.1
MPLS TE Tunnel
GE1/0/0.1 10.1.1.1/24
GE1/0/0.1 10.1.1.2/24
CE1
CE2
As shown in Figure 7-10, CE1 and CE2 are in the same VPLS network. They access the MPLS core network through PE1 and PE2 respectively. In the MPLS core network, OSPF is adopted as the IGP protocol.
7-82 Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd. Issue 03 (2008-09-22)
7 VPLS Configuration
Martini VPLS is required and the dynamic signaling protocol RSVP-TE is used to establish the MPLS TE tunnel between PE1 and PE2 to bear the VPLS service.
Configuration Roadmap
The configuration roadmap is as follows: 1. 2. Configure routing protocols on the core network devices (PE and P) to implement network interworking and enable MPLS. Establish the MPLS TE tunnel and configure the tunnel policy. For the details of establishing the MPLS TE tunnel, refer to the chapter "MPLS TE Configuration" in the Quidway NetEngine80E/40E Router Configuration Guide - MPLS. Enable MPLS L2VPN on the PE. Create the VSI on the PE, specify the signaling protocol as LDP, and bind the VSI and the AC interface. Configure the VSI to use the MPLS TE tunnel.
3. 4. 5.
Data Preparation
To complete the configuration, you need the following data:
l l l l
OSPF area that is enabled with TE VSI name and VSI ID Peer IP address and tunnel policy Interface bound with the VSI
Configuration Procedure
1. 2. Configure the IP address for each interface and configure OSPF in the core network. The detailed configurations are not mentioned here. Enable MPLS, MPLS TE, MPLS RSVP-TE, and MPLS CSPF. Enable MPLS, MPLS TE, and MPLS RSVP-TE in the system view and the interface view of each node along the tunnel, and enable MPLS TE CSPF in the system view of the ingress of the tunnel. # Configure PE1.
[PE1] mpls lsr-id 1.1.1.9 [PE1] mpls [PE1-mpls] mpls te [PE1-mpls] mpls rsvp-te [PE1-mpls] mpls te cspf [PE1-mpls] quit [PE1] interface pos1/0/0 [PE1-Pos1/0/0] mpls [PE1-Pos1/0/0] mpls te [PE1-Pos1/0/0] mpls rsvp-te [PE1-Pos1/0/0] quit
# Configure P.
[P] mpls lsr-id 2.2.2.9 [P] mpls [P-mpls] mpls te [P-mpls] mpls rsvp-te [P-mpls] quit [P] interface pos1/0/0
Issue 03 (2008-09-22)
7-83
7 VPLS Configuration
[P-Pos1/0/0] mpls [P-Pos1/0/0] mpls te [P-Pos1/0/0] mpls rsvp-te [P-Pos1/0/0] quit [P] interface pos2/0/0 [P-Pos2/0/0] mpls [P-Pos2/0/0] mpls te [P-Pos2/0/0] mpls rsvp-te [P-Pos2/0/0] quit
# Configure PE2.
[PE2] mpls lsr-id 1.1.1.9 [PE2] mpls [PE2-mpls] mpls te [PE2-mpls] mpls rsvp-te [PE2-mpls] mpls te cspf [PE2-mpls] quit [PE2] interface pos1/0/0 [PE2-Pos1/0/0] mpls [PE2-Pos1/0/0] mpls te [PE2-Pos1/0/0] mpls rsvp-te [PE2-Pos1/0/0] quit
3.
# Configure P.
[P] ospf [P-ospf-1] opaque-capability enable [P-ospf-1] area 0.0.0.0 [P-ospf-1-area-0.0.0.0] network 2.2.2.9 0.0.0.0 [P-ospf-1-area-0.0.0.0] network 100.1.1.0 0.0.0.255 [P-ospf-1-area-0.0.0.0] network 100.2.1.0 0.0.0.255 [P-ospf-1-area-0.0.0.0] mpls-te enable
# Configure PE2.
[PE2] ospf [PE2-ospf-1] opaque-capability enable [PE2-ospf-1] area 0.0.0.0 [PE2-ospf-1-area-0.0.0.0] network 3.3.3.9 0.0.0.0 [PE2-ospf-1-area-0.0.0.0] network 100.2.1.0 0.0.0.255 [PE2-ospf-1-area-0.0.0.0] mpls-te enable
4.
Configure the tunnel interface. # Create the tunnel interface on the PE, and specify the tunnel protocol as MPLS TE and the signaling protocol as RSVP-TE. # Configure PE1.
[PE1] interface tunnel 1/0/0 [PE1-Tunnel1/0/0] ip address unnumbered interface loopback1 [PE1-Tunnel1/0/0] tunnel-protocol mpls te [PE1-Tunnel1/0/0] destination 3.3.3.9 [PE1-Tunnel1/0/0] mpls te tunnel-id 100 [PE1-Tunnel1/0/0] mpls te reserved-for-binding [PE1-Tunnel1/0/0] mpls te commit
# Configure PE2.
[PE2] interface tunnel 1/0/0 [PE2-Tunnel1/0/0] ip address unnumbered interface loopback1 [PE2-Tunnel1/0/0] tunnel-protocol mpls te [PE2-Tunnel1/0/0] destination 1.1.1.9 [PE2-Tunnel1/0/0] mpls te tunnel-id 100
7-84
Issue 03 (2008-09-22)
7 VPLS Configuration
After the preceding configuration, running the display this interface command in the tunnel interface view, you can view that the MPLS TE tunnel is established successfully. That is, Line protocol current state displays UP. Take PE1 as an example:
[PE1-Tunnel1/0/0] display this interface Tunnel1/0/0 current state : UP Line protocol current state : UP Description : HUAWEI, Quidway Series, Tunnel1/0/0 Interface, Route Port The Maximum Transmit Unit is 1500 bytes Internet Address is unnumbered, using address of LoopBack1(1.1.1.9/32) Encapsulation is TUNNEL, loopback not set Tunnel destination 3.3.3.9 Tunnel protocol/transport MPLS/MPLS, ILM is available, primary tunnel id is 0x1002003, secondary tunnel id is 0x0 5 minutes output rate 0 bytes/sec, 0 packets/sec 0 packets output, 0 bytes 0 output error
Running the display tunnel-info all command in the system view, you can view that the TE tunnel with the destination address as the peer MPLS LSR ID exists between PEs. Take PE1 as an example:
<PE1> display tunnel-info all * -> Allocated VC Token Tunnel ID Type Destination Token ---------------------------------------------------------------------0x41002000 cr lsp 3.3.3.9 0 0x1002001 lsp -1 0x1002002 lsp(*) -2
5.
Configure the LDP remote session. Establish a remote peer session between PE1 and PE2. # Configure PE1.
[PE1] mpls ldp [PE1-mpls-ldp] quit [PE1] mpls ldp remote-peer 3.3.3.9 [PE1-mpls-ldp-remote-3.3.3.9] remote-ip 3.3.3.9 [PE1-mpls-ldp-remote-3.3.3.9] quit
# Configure PE2.
[PE2] mpls ldp [PE2-mpls-ldp] quit [PE2] mpls ldp remote-peer 1.1.1.9 [PE2-mpls-ldp-remote-1.1.1.9] remote-ip 1.1.1.9 [PE2-mpls-ldp-remote-1.1.1.9] quit
After the configuration, an LDP session is established between PEs. Take PE1 as an example:
[PE1] display mpls ldp session LDP Session(s) in Public Network ---------------------------------------------------------------------Peer-ID Status LAM SsnRole SsnAge KA-Sent/Rcv ---------------------------------------------------------------------3.3.3.9:0 Operational DU Passive 000:00:06 26/26 ---------------------------------------------------------------------TOTAL: 1 session(s) Found. LAM : Label Advertisement Mode SsnAge Unit : DDD:HH:MM
6.
# Configure PE2.
Issue 03 (2008-09-22) Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd. 7-85
7 VPLS Configuration
7.
# Configure PE2.
[PE2] mpls l2vpn
# Configure ASBR-PE1. 8. Create the VSI on the PEs and configure the tunnel policy. # Configure PE1.
[PE1] vsi a2 static [PE1-vsi-a2] pwsignal ldp [PE1-vsi-a2-ldp] vsi-id 2 [PE1-vsi-a2-ldp] peer 3.3.3.9 tnl-policy policy1 [PE1-vsi-a2-ldp] quit
# Configure PE2.
[PE2] vsi a2 static [PE2-vsi-a2] pwsignal ldp [PE2-vsi-a2-ldp] vsi-id 2 [PE2-vsi-a2-ldp] peer 1.1.1.9 tnl-policy policy1 [PE2-vsi-a2-ldp] quit
9.
Bind the VSI and the interface on the PEs. # Configure PE1.
[PE1] interface gigabitethernet2/0/0.1 [PE1-GigabitEthernet2/0/0.1] shutdown [PE1-GigabitEthernet2/0/0.1] vlan-type dot1q 10 [PE1-GigabitEthernet2/0/0.1] l2 binding vsi a2 [PE1-GigabitEthernet2/0/0.1] undo shutdown
# Configure PE2.
[PE2] interface gigabitethernet2/0/0.1 [PE2-GigabitEthernet2/0/0.1] shutdown [PE2-GigabitEthernet2/0/0.1] vlan-type dot1q 10 [PE2-GigabitEthernet2/0/0.1] l2 binding vsi a2 [PE2-GigabitEthernet2/0/0.1] undo shutdown
# Configure CE1.
[CE1] interface gigabitethernet1/0/0.1 [CE1-GigabitEthernet1/0/0.1] shutdown [CE1-GigabitEthernet1/0/0.1] vlan-type dot1q 10 [CE1-GigabitEthernet1/0/0.1] ip address 10.1.1.1 255.255.255.0 [CE1-GigabitEthernet1/0/0.1] undo shutdown
# Configure CE2.
[CE2] interface gigabitethernet1/0/0.1 [CE2-GigabitEthernet1/0/0.1] shutdown [CE2-GigabitEthernet1/0/0.1] vlan-type dot1q 10 [CE2-GigabitEthernet1/0/0.1] ip address 10.1.1.2 255.255.255.0 [CE2-GigabitEthernet1/0/0.1] undo shutdown
10. Verify the configuration. After the preceding configuration, running the display vsi name verbose command on PE1, you can view that the VSI named a2 establishes a PW to PE2. The status of the VSI is Up.
<PE1> display vsi name a2 verbose ***VSI Name : a2 Administrator VSI : no Isolate Spoken : disable
7-86
Issue 03 (2008-09-22)
7 VPLS Configuration
Run the display mpls lsp include 3.3.3.9 32 verbose command on PE1, and you can view the information about the LSP destined to 3.3.3.9/32.
<PE1> display mpls lsp include 3.3.3.3 32 verbose -----------------------------------------------------------------------------LSP Information: RSVP LSP -----------------------------------------------------------------------------No SessionID IngressLsrID LocalLspID Tunnel-Interface Fec Nexthop In-Label Out-Label In-Interface Out-Interface LspIndex Token LsrType Bypass In Use Bypass Tunnel Id BypassTunnel Mpls-Mtu TimeStamp Bfd-State : : : : : : : : : : : : : : : : : : : : 1 100 1.1.1.1 1 Tunnel1/0/0 3.3.3.9/32 100.1.1.2 NULL 13312 ---------POS1/0/0 4096 0x3008000 Ingress Not Exists 0x0 Tunnel Index[---] 1500 2040sec ---
Run the display vsi pw out-interface vsi a2 command on PE1, you can find that the MPLS TE tunnel established between 1.1.1.9 and 3.3.3.9 has the outgoing interface as Tunnel1/0/0, but the actual outgoing interface is POS1/0/0.
<PE1> display vsi pw out-interface vsi a2 Total: 1 ------------------------------------------------------------------------------Vsi Name peer vcid interface ------------------------------------------------------------------------------a2 3.3.3.9 100 Tunnel1/0/0 POS1/0/0
Issue 03 (2008-09-22)
7-87
7 VPLS Configuration
After CE1 pings through CE2, run the display interface tunnel command on the PE to view the tunnel interface information, and you can view that the number of data packets passing through the interface increases. Take PE1 as an example:
Output queue : (Urgent queue : Size/Length/Discards) 0/50/0 Output queue : (Protocol queue : Size/Length/Discards) 0/1000/0 Output queue : (FIFO queuing : Size/Length/Discards) 0/75/0 5 minutes output rate 0 bytes/sec, 0 packets/sec 1249 packets output, 21526 bytes 0 output error
Configuration Files
l
7-88
Issue 03 (2008-09-22)
7 VPLS Configuration
Configuration file of P
# sysname P # mpls lsr-id 2.2.2.9 mpls mpls te mpls rsvp-te # interface Pos1/0/0 link-protocol ppp undo shutdown ip address 100.1.1.2 255.255.255.0 ospf cost 1 mpls mpls te mpls rsvp-te # interface Pos2/0/0 link-protocol ppp undo shutdown ip address 100.2.1.1 255.255.255.0 ospf cost 1 mpls mpls te mpls rsvp-te # interface LoopBack1 ip address 2.2.2.9 255.255.255.255 # ospf 1 opaque-capability enable area 0.0.0.0 network 2.2.2.9 0.0.0.0 network 100.1.1.0 0.0.0.255 network 100.2.1.0 0.0.0.255 mpls-te enable # return
Issue 03 (2008-09-22)
7-89
7 VPLS Configuration
7-90
Issue 03 (2008-09-22)
7 VPLS Configuration
Site1, Site2, and Site3 belong to the same VPLS. CE1 and CE2 access the basic VPLS fully-connected network through UPE while CE3 through PE.
SPE
POS3/0/0 100.1.1.1/24
POS2/0/0 100.2.1.1/24
PE
GE2/0/0.1
UPE
GE1/0/0.1
GE1/0/0.1 10.1.1.3/24
CE3
GE1/0/0.1 10.1.1.1/24 Site3
CE1
Site1 Site2
CE2
Configuration Roadmap
The configuration roadmap is as follows: 1. 2. 3. 4. 5. Complete the task of Configuring Martini VPLS between the SPE and the PE. Set up the MPLS LDP peer between the UPE and the SPE. Create the VSI instance on the SPE and specify the UPE as its PE of lower layer. Create the VSI instance on the UPE and specify the SPE as the VSI peer. Configure the CE1 and the CE2 to access the UPE, and configure the CE3 to access the PE.
Data Preparation
To configure the HVPLS, you need the following data:
l l l
VSI name and VSI ID MPLS LSR ID (as the IP address of the peer) of the UPE, SPE, and PE Routing protocol
Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd. 7-91
Issue 03 (2008-09-22)
7 VPLS Configuration
Configuration Procedure
1. Configure IGP. This example adopts OSPF. For the detailed configuration, see the following Configuration Files. After the configuration, executing the display ip routing-table command, you can see that the UPE, SPE and PE have learned the address of the loopback interface of each other. 2. Configure the basic MPLS capability and LDP. For the detailed configuration, see the following Configuration Files. After the configuration, executing the display mpls ldp session command, you can see that the status of the peer between UPE and SPE or that between PE and SPE is "Operational". That means the peer is set up. Executing the display mpls lsp command, you can see information about the LSP. 3. Enable MPLS L2VPN and configure VSI. # Configure the UPE.
<UPE> system-view [UPE] mpls l2vpn [UPE] vsi v123 static [UPE-vsi-v123] pwsignal ldp [UPE-vsi-v123-ldp] vsi-id 123 [UPE-vsi-v123-ldp] peer 2.2.2.9
4.
Bind the VSI with the interface on the UPE and the PE. # Configure the UPE.
[UPE] interface gigabitethernet1/0/0.1 [UPE-GigabitEthernet1/0/0.1] shutdown [UPE-GigabitEthernet1/0/0.1] vlan-type dot1q 10 [UPE-GigabitEthernet1/0/0.1] l2 binding vsi v123 [UPE-GigabitEthernet1/0/0.1] undo shutdown [UPE-GigabitEthernet1/0/0.1] quit [UPE] interface gigabitethernet2/0/0.1 [UPE-GigabitEthernet2/0/0.1] shutdown [UPE-GigabitEthernet2/0/0.1] vlan-type dot1q 10 [UPE-GigabitEthernet2/0/0.1] l2 binding vsi v123 [UPE-GigabitEthernet2/0/0.1] undo shutdonw
5.
7-92
7 VPLS Configuration
After the configuration, executing the display vsi v123 verbose command on the SPE, you can see that the status of the VSI with the name v123 is Up and the PW status is Up.
<SPE> display vsi name v123 verbose ***VSI Name : v123 Administrator VSI : no Isolate Spoken : disable VSI Index : 0 PW Signaling : ldp Member Discovery Style : static PW MAC Learn Style : unqualify Encapsulation Type : vlan MTU : 1500 Mode : uniform Service Class : -Color : -DomainId : 0 Domain Name : VSI State : up VSI ID : 123 *Peer Router ID : 3.3.3.9 VC Label : 23552 Peer Type : dynamic Session : up Tunnel ID : 0x2002002, *Peer Router ID : 1.1.1.9 VC Label : 23553 Peer Type : dynamic Session : up Tunnel ID : 0x1002000, **PW Information: *Peer Ip Address : 1.1.1.9 PW State : up Local VC Label : 23553 Remote VC Label : 23552 PW Type : MEHVPLS Tunnel ID : 0x1002000, *Peer Ip Address : 3.3.3.9 PW State : up Local VC Label : 23552 Remote VC Label : 23552 PW Type : label Tunnel ID : 0x2002002,
CE1, CE2 and CE3 can ping each other. After the shutdown command is run on GE 2/0/0.1 bound with the VSI on the UPE or the PE, CE2 and CE3 cannot ping through each other. It indicates that the user data is transmitted through the PW of the VSI.
Configuration Files
l
Issue 03 (2008-09-22)
7-93
7 VPLS Configuration
vlan-type dot1q 10 l2 binding vsi v123 # interface GigabitEthernet2/0/0.1 undo shutdown vlan-type dot1q 10 l2 binding vsi v123 # interface Pos3/0/0 link-protocol ppp undo shutdown ip address 100.1.1.1 255.255.255.0 mpls mpls ldp # interface LoopBack1 ip address 1.1.1.9 255.255.255.255 # ospf 1 area 0.0.0.0 network 1.1.1.9 0.0.0.0 network 100.1.1.0 0.0.0.255 # return l
Configuration file of PE
# sysname PE
7-94
Issue 03 (2008-09-22)
7 VPLS Configuration
Issue 03 (2008-09-22)
7-95
7 VPLS Configuration
PE1
GE1/0/0.1
PE2
GE2/0/0.1 GE2/0/0.1 10.1.1.2/24
GE1/0/0
GE1/0/1
Switch
GE1/0/2 GE1/0/0 10.1.1.1/24
CE2
CE1
Configuration Roadmap
The configuration roadmap is as follows: 1. 2. 3. 4. 5. 6. Configure routing protocols on the backbone network for communication. Establish the remote LDP sessions between PEs. Establish a tunnel for data transmission of users between PEs. Enable MPLS L2VPN on PE. Create a VSI on PE, and use LDP as signaling; bind the VSI to the AC interface. Configure loop detection on the AC interface that has redundant links.
Data Preparation
To complete the configuration, you need the following data:
l
7-96
7 VPLS Configuration
IP address of the peer and the tunnel used to set up the peer Interface bound to the VSI Time interval for block-to-recovery by loop detection
Configuration Procedure
1. 2. Configure the IP addresses of interfaces. The detailed configurations are not mentioned here. Configure IGP, and the example uses OSPF.
NOTE
When enabling OSPF, advertise the 32-bit address for the loopback interface of PE.
# Configure PE1.
[PE1] ospf 1 [PE1-ospf-1] area 0 [PE1-ospf-1-area-0.0.0.0] network 1.1.1.9 0.0.0.0 [PE1-ospf-1-area-0.0.0.0] network 100.1.1.0 0.0.0.3 [PE1-ospf-1-area-0.0.0.0] quit [PE1-ospf-1] quit
# Configure the P.
[P] ospf 1 [P-ospf-1] area 0 [P-ospf-1-area-0.0.0.0] [P-ospf-1-area-0.0.0.0] [P-ospf-1-area-0.0.0.0] [P-ospf-1-area-0.0.0.0] [P-ospf-1] quit network 2.2.2.9 0.0.0.0 network 100.1.1.0 0.0.0.3 network 100.2.1.0 0.0.0.3 quit
# Configure PE2.
[PE2] ospf 1 [PE2-ospf-1] area 0 [PE2-ospf-1-area-0.0.0.0] network 3.3.3.9 0.0.0.0 [PE2-ospf-1-area-0.0.0.0] network 100.2.1.0 0.0.0.3 [PE2-ospf-1-area-0.0.0.0] quit [PE2-ospf-1] quit
After this step, PE1, PE2, and PE3 discover the IP routes of each other through OSPF. # Take PE1 as an example.
[PE1] display ip routing-table Route Flags: R - relied, D - download to fib -----------------------------------------------------------------------------Routing Tables: Public Destinations : 8 Routes : 8 Destination/Mask Proto Pre Cost Flags NextHop Interface 1.1.1.9/32 Direct 0 0 D 127.0.0.1 InLoopBack0 2.2.2.9/32 OSPF 10 2 D 100.1.1.2 GigabitEthernet2/0/0 3.3.3.9/32 OSPF 10 3 D 100.1.1.2 GigabitEthernet2/0/0 100.1.1.0/30 Direct 0 0 D 100.1.1.1 GigabitEthernet2/0/0 100.1.1.1/32 Direct 0 0 D 127.0.0.1 InLoopBack0 100.2.1.0/30 OSPF 10 2 D 100.1.1.2 GigabitEthernet2/0/0 127.0.0.0/8 Direct 0 0 D 127.0.0.1 InLoopBack0 127.0.0.1/32 Direct 0 0 D 127.0.0.1 InLoopBack0
3.
Configure the basic MPLS functions and the LDP. # Configure PE1.
[PE1] mpls lsr-id 1.1.1.9 [PE1] mpls [PE1-mpls] quit [PE1] mpls ldp [PE1-mpls-ldp] quit [PE1] interface gigabitethernet 2/0/0
Issue 03 (2008-09-22)
7-97
7 VPLS Configuration
[PE1-GigabitEthernet2/0/0] mpls [PE1-GigabitEthernet2/0/0] mpls ldp [PE1-GigabitEthernet2/0/0] quit
# Configure the P.
[P] mpls lsr-id 2.2.2.9 [P] mpls [P-mpls] quit [P] mpls ldp [P-mpls-ldp] quit [P] interface gigabitethernet [P-GigabitEthernet1/0/0] mpls [P-GigabitEthernet1/0/0] mpls [P-GigabitEthernet1/0/0] quit [P] interface gigabitethernet [P-GigabitEthernet2/0/0] mpls [P-GigabitEthernet2/0/0] mpls [P-GigabitEthernet2/0/0] quit
# Configure PE2.
[PE2] mpls lsr-id 3.3.3.9 [PE2] mpls [PE2-mpls] quit [PE2] mpls ldp [PE2-mpls-ldp] quit [PE2] interface gigabitethernet2/0/0 [PE2-GigabitEthernet2/0/0] mpls [PE2-GigabitEthernet2/0/0] mpls ldp [PE2-GigabitEthernet2/0/0] quit
After the configurations above, PE and the P set up the LDP session. Run the display mpls ldp session command. You van view the Status in the displayed information is Operational. # Take PE1 as an example.
[PE1] display mpls ldp session LDP Session(s) in Public Network -----------------------------------------------------------------------------Peer-ID Status LAM SsnRole SsnAge KA-Sent/Rcv -----------------------------------------------------------------------------2.2.2.9:0 Operational DU Passive 000:00:02 10/10 -----------------------------------------------------------------------------TOTAL: 1 session(s) Found. LAM : Label Advertisement Mode SsnAge Unit : DDD:HH:MM
4.
# Configure PE2.
[PE2] mpls ldp remote-peer pe1 [PE2-mpls-ldp-remote-pe1] remote-ip 1.1.1.9 [PE2-mpls-ldp-remote-pe1] quit
After the configurations above, run the display mpls ldp session command on either PE1 or PE2. If the status of the peers for PE1 and PE2 is Operational, it means the remote peer relationship has been set up. # Take PE1 as an example.
[PE1] display mpls ldp session LDP Session(s) in Public Network -----------------------------------------------------------------------------Peer-ID Status LAM SsnRole SsnAge KA-Sent/Rcv
7-98
Issue 03 (2008-09-22)
7 VPLS Configuration
-----------------------------------------------------------------------------2.2.2.9:0 Operational DU Passive 000:00:02 10/10 3.3.3.9:0 Operational DU Passive 000:00:02 9/9 -----------------------------------------------------------------------------TOTAL: 2 session(s) Found. LAM : Label Advertisement Mode SsnAge Unit : DDD:HH:MM
5.
# Configure PE2.
[PE2] mpls l2vpn [PE2-l2vpn] quit
6.
# Configure PE2.
[PE2] vsi a2 static [PE2-vsi-a2] pwsignal ldp [PE2-vsi-a2-ldp] vsi-id 2 [PE2-vsi-a2-ldp] peer 1.1.1.9 [PE2-vsi-a2-ldp] quit [PE2-vsi-a2] quit
7.
# Configure PE2.
[PE2] interface gigabitethernet2/0/0 [PE2-GigabitEthernet2/0/0] undo shutdown [PE2-GigabitEthernet2/0/0] quit [PE2] interface gigabitethernet2/0/0.1 [PE2-GigabitEthernet2/0/0.1] vlan-type dot1q 10 [PE2-GigabitEthernet2/0/0.1] l2 binding vsi a2 [PE2-GigabitEthernet2/0/0.1] quit
8.
Issue 03 (2008-09-22)
7-99
7 VPLS Configuration
[Switch-vlan10] quit [Switch] interface gigabitethernet [Switch-GigabitEthernet1/0/0] port [Switch-GigabitEthernet1/0/0] quit [Switch] interface gigabitethernet [Switch-GigabitEthernet1/0/1] port [Switch-GigabitEthernet1/0/1] quit [Switch] interface gigabitethernet [Switch-GigabitEthernet1/0/2] port [Switch-GigabitEthernet1/0/2] port [Switch-GigabitEthernet1/0/2] quit
1/0/0 trunk allow-pass vlan 10 1/0/1 trunk allow-pass vlan 10 1/0/2 link-type access default vlan 10
# Configure CE1.
<Quidway> sysname CE1 [CE1] interface gigabitethernet1/0/0 [CE1-GigabitEthernet1/0/0] ip address 10.1.1.1 255.255.255.0 [CE1-GigabitEthernet1/0/0] undo shutdown [CE1-GigabitEthernet1/0/0] quit
# Configure CE2.
<Quidway> sysname CE2 [CE2] interface gigabitethernet1/0/0 [CE2-GigabitEthernet1/0/0] undo shutdown [CE2-GigabitEthernet1/0/0] quit [CE2] interface gigabitethernet1/0/0.1 [CE2-GigabitEthernet1/0/0.1] vlan-type dot1q 10 [CE2-GigabitEthernet1/0/0.1] ip address 10.1.1.2 255.255.255.0 [CE2-GigabitEthernet1/0/0.1] quit
9.
After the configurations above, run the display interface command on PE1. You can view that one of the AC interfaces of PE1 is blocked.
[PE1] display interface gigabitethernet 1/0/0.1 GigabitEthernet1/0/0.1 current state : UP (interface is blocked) Line protocol current state : UP Description : HUAWEI, Quidway Series, GigabitEthernet1/0/0.1 Interface, Route Po rt The Maximum Transmit Unit is 1500 bytes Internet protocol processing : disabled IP Sending Frames' Format is PKTFMT_ETHNT_2, Hardware address is 00e0-fc7d-a498 Encapsulation dot1q Virtual LAN, The number of Vlan is 1 The Vendor PN is HFBR-5710L Port BW: 1G, Transceiver max BW: 1G, Transceiver Mode: MultiMode WaveLength: 850nm, Transmission Distance: 550m Loopback:none, full-duplex mode, negotiation: disable, Pause Flowcontrol:Send a nd Receive Enable Last 300 seconds input rate 0 bytes/sec, 0 packets/sec Last 300 seconds output rate 0 bytes/sec, 0 packets/sec Input: 0 packets,0 bytes, 0 unicast,0 broadcast,0 multicasts 0 errors,0 drops,0 unknowprotocol Output:0 packets,0 bytes, 0 unicast,0 broadcast,0 multicasts 0 errors,0 drops [PE1] display interface gigabitethernet 1/0/1.1
7-100
Issue 03 (2008-09-22)
7 VPLS Configuration
GigabitEthernet1/0/1.1 current state : UP Line protocol current state : UP Description : HUAWEI, Quidway Series, GigabitEthernet1/0/1.1 Interface, Route Po rt The Maximum Transmit Unit is 1500 bytes Internet protocol processing : disabled IP Sending Frames' Format is PKTFMT_ETHNT_2, Hardware address is 00e0-fc7d-a499 Encapsulation dot1q Virtual LAN, The number of Vlan is 1 The Vendor PN is HFBR-5710L Port BW: 1G, Transceiver max BW: 1G, Transceiver Mode: MultiMode WaveLength: 850nm, Transmission Distance: 550m Loopback:none, full-duplex mode, negotiation: disable, Pause Flowcontrol:Send a nd Receive Enable Last 300 seconds input rate 0 bytes/sec, 0 packets/sec Last 300 seconds output rate 0 bytes/sec, 0 packets/sec Input: 0 packets,0 bytes, 0 unicast,0 broadcast,0 multicasts 0 errors,0 drops,0 unknowprotocol Output:0 packets,0 bytes, 0 unicast,0 broadcast,0 multicasts 0 errors,0 drops
10. Verify the configuration. After the configuration above, run the display vsi name a2 verbose command on PE1. You can view that the VSI named a2 sets up a PW to PE2, and VSI is Up.
[PE1] display vsi name a2 verbose *** VSI Name : a2 VSI Index : 0 PW Signaling : ldp Member Discovery Style : static PW MAC Learn Style : unqualify Encapulation Type : vlan MTU : 1500 VSI State : up VSI ID : 2 *Peer Router ID : 3.3.3.9 VC Label : 17408 Peer Type : dynamic Session : up Tunnel ID : 0x6002001, Interface Name : GigabitEthernet1/0/0.1 State : down Interface Name : GigabitEthernet1/0/1.1 State : up *Peer Ip Address : 3.3.3.9 PW State : up Local VC Label : 17408 Remote VC Label : 17408 PW Type : label Tunnel ID : 0x6002001,
Issue 03 (2008-09-22)
7-101
7 VPLS Configuration
Configuration Files
l
7-102
Issue 03 (2008-09-22)
7 VPLS Configuration
Issue 03 (2008-09-22)
7-103
7 VPLS Configuration
mpls ldp remote-peer pe1 remote-ip 1.1.1.9 # interface GigabitEthernet1/0/0 undo shutdown ip address 100.2.1.2 255.255.255.0 mpls mpls ldp # interface GigabitEthernet2/0/0 undo shutdown # interface GigabitEthernet2/0/0.1 vlan-type dot1q 10 l2 binding vsi a2 loop-detect enable loop-detect block 3 # interface LoopBack1 ip address 3.3.3.9 255.255.255.255 # ospf 1 area 0.0.0.0 network 3.3.3.9 0.0.0.0 network 100.2.1.0 0.0.0.3 # return
SPE1
SPE2
Loopback1 5.5.5.9/32
Loopback1 4.4.4.9/32
UPE1
GE2/0/0.1 GE1/0/0.1 10.1.1.1/24
UPE2
GE2/0/0.1 GE1/0/0.1 10.1.1.2/24
CE1
CE2
Configuration Roadmap
The configuration roadmap is as follows: 1.
7-104
7 VPLS Configuration
2. 3. 4.
Configure the basic MPLS L2VPN capability on the UPE and the SPE devices Configure the dynamic VLL and VSI on the SPE devices and enable the MAC withdraw function of the VSI. Configure the dynamic VLL on the UPE devices to access the SPE devices.
Data Preparation
To complete the configuration, you need the following data:
l l l l
VSI name and VSI ID VC ID of the L2VC MPLS LSR ID (IP address of the peer) of the UPE and the SPE devices Routing protocol
Configuration Procedure
1. Configure the IP addresses. As shown in Figure 7-13, configure the IP addresses and masks for the interfaces including loopback interfaces. Run the undo shutdown command to turn all the physical interfaces to Up.
NOTE
If all the UPE interfaces are Layer 2 GE interfaces, they cannot be configured with the IP addresses. The IP addresses can be configured only after those interfaces join the VLAN and become the VLANIF interfaces. For detailed configuration, refer to the chapter "VLAN Configuration" in the Quidway NetEngine80E/40E Router Configuration Guide - LAN Access and MAN Access.
2.
Configure IGP. Configure OSPF on the SPE and P devices and advertise the network segment address and the LSR IP address. # Configure SPE1.
[SPE1] ospf [SPE1-ospf-1] area 0 [SPE1-ospf-1-area-0.0.0.0] [SPE1-ospf-1-area-0.0.0.0] [SPE1-ospf-1-area-0.0.0.0] [SPE1-ospf-1-area-0.0.0.0] [SPE1-ospf-1] quit network 1.1.1.9 0.0.0.0 network 100.1.1.0 0.0.0.255 network 100.1.3.0 0.0.0.255 quit
# Configure P.
[P] ospf [P-ospf-1] area 0 [P-ospf-1-area-0.0.0.0] [P-ospf-1-area-0.0.0.0] [P-ospf-1-area-0.0.0.0] [P-ospf-1-area-0.0.0.0] [P-ospf-1] quit network 2.2.2.9 0.0.0.0 network 100.1.1.0 0.0.0.255 network 100.1.2.0 0.0.0.255 quit
# Configure SPE2.
[SPE2] ospf [SPE2-ospf-1] area 0 [SPE2-ospf-1-area-0.0.0.0] [SPE2-ospf-1-area-0.0.0.0] [SPE2-ospf-1-area-0.0.0.0] [SPE2-ospf-1-area-0.0.0.0] [SPE2-ospf-1] quit network 3.3.3.9 0.0.0.0 network 100.1.2.0 0.0.0.255 network 100.1.4.0 0.0.0.255 quit
# Configure UPE1.
Issue 03 (2008-09-22) Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd. 7-105
7 VPLS Configuration
# Configure UPE2.
[UPE2] ospf [UPE2-ospf-1] area 0 [UPE2-ospf-1-area-0.0.0.0] network 5.5.5.9 0.0.0.0 [UPE2-ospf-1-area-0.0.0.0] network 100.1.4.0 0.0.0.255 [UPE2-ospf-1-area-0.0.0.0] quit [UPE2-ospf-1] quit
3.
# Configure P.
[P] mpls lsr-id 2.2.2.9 [P] mpls [P-mpls] quit [P] mpls ldp [P-mpls-ldp] quit [P] interface pos 1/0/0 [P-Pos1/0/0] mpls [P-Pos1/0/0] mpls ldp [P-Pos1/0/0] quit [P] interface gigabitethernet 2/0/0 [P-GigabitEthernet2/0/0] mpls [P-GigabitEthernet2/0/0] mpls ldp [P-GigabitEthernet2/0/0] quit
# Configure SPE2.
[SPE2] mpls lsr-id 3.3.3.9 [SPE2] mpls [SPE2-mpls] quit [SPE2] mpls ldp [SPE2-mpls-ldp] quit [SPE2] interface pos 1/0/0 [SPE2-Pos1/0/0] mpls [SPE2-Pos1/0/0] mpls ldp [SPE2-Pos1/0/0] quit [SPE2] interface gigabitethernet 2/0/0 [SPE2-GigabitEthernet2/0/0] mpls [SPE2-GigabitEthernet2/0/0] mpls ldp [SPE2-GigabitEthernet2/0/0] quit
# Configure UPE1.
[UPE1] mpls lsr-id 4.4.4.9 [UPE1] mpls [UPE1-mpls] quit [UPE1] mpls ldp [UPE1-mpls-ldp] quit [UPE1] interface gigabitethernet 1/0/0 [UPE1-GigabitEthernet1/0/0] mpls
7-106
Issue 03 (2008-09-22)
7 VPLS Configuration
# Configure UPE2.
[UPE2] mpls lsr-id 5.5.5.9 [UPE2] mpls [UPE2-mpls] quit [UPE2] mpls ldp [UPE2-mpls-ldp] quit [UPE2] interface gigabitethernet 1/0/0 [UPE2-GigabitEthernet1/0/0] mpls [UPE2-GigabitEthernet1/0/0] mpls ldp [UPE2-GigabitEthernet1/0/0] quit
After the configuration, run the display mpls ldp session command on the UPE, P and SPE. You can find the "Status" is "Operational". It means the peer between the UPE and SPE or the peer between the SPE and P is set up. Running the display mpls lsp command, you can view information about the LSP setup. 4. Establish the remote LDP session between the SPE devices. # Configure SPE1.
[SPE1] mpls ldp remote-peer 1 [SPE1-mpls-ldp-remote-1] remote-ip 3.3.3.9 [SPE1-mpls-ldp-remote-1] quit
# Configure SPE2.
[SPE2] mpls ldp remote-peer 1 [SPE2-mpls-ldp-remote-1] remote-ip 1.1.1.9 [SPE2-mpls-ldp-remote-1] quit
5.
Enable the MPLS L2VPN fucntion of the UPE devices and configure the UPE devices to access the SPE devices through the Martini VLL. # Configure UPE1.
[UPE1] mpls l2vpn [UPE1-l2vpn] quit [UPE1] interface gigabitethernet 2/0/0.1 [UPE1-GigabitEthernet2/0/0.1] vlan-type dot1q 1 [UPE1-GigabitEthernet2/0/0.1] mpls l2vc 1.1.1.9 100 [UPE1-GigabitEthernet2/0/0.1] quit
# Configure UPE2.
[UPE2] mpls l2vpn [UPE2-l2vpn] quit [UPE2] interface gigabitethernet 2/0/0.1 [UPE2-GigabitEthernet2/0/0.1] vlan-type dot1q 1 [UPE2-GigabitEthernet2/0/0.1] mpls l2vc 3.3.3.9 100 [UPE2-GigabitEthernet2/0/0.1] quit
6.
Enable the MPLS L2VPN function of the SPE devices and create VSIs. # Configure SPE1.
[SPE1] mpls l2vpn [SPE1-l2vpn] quit [SPE1] vsi V100 static [SPE1-vsi-v100] pwsignal ldp [SPE1-vsi-v100-ldp] vsi-id 100 [SPE1-vsi-v100-ldp] peer 3.3.3.9 [SPE1-vsi-v100-ldp] peer 4.4.4.9 upe [SPE1-vsi-v100-ldp] quit
# Configure SPE2.
[SPE2] mpls l2vpn [SPE2-l2vpn] quit [SPE2] vsi V100 static [SPE2-vsi-v100] pwsignal ldp [SPE2-vsi-v100-ldp] vsi-id 100 [SPE2-vsi-v100-ldp] peer 1.1.1.9
Issue 03 (2008-09-22)
7-107
7 VPLS Configuration
[SPE2-vsi-v100-ldp] peer 5.5.5.9 upe [SPE2-vsi-v100-ldp] quit
7.
Verify the configuration. After the previous configuration, run the display mpls l2vc command on the UPE devices. You can find that the Martini VLL is established and the VC status is Up. Take the UPE1 as an example:
[UPE1] display mpls l2vc total LDP VC : 1 1 up 0 down *client interface : GigabitEthernet2/0/0.1 session state : up AC status : up VC state : up VC ID : 100 VC type : VLAN destination : 1.1.1.9 local VC label : 21504 remote VC label : 21504 control word : disable forwarding entry : existent local group ID : 0 manual fault : not set active state : active link state : up local VC MTU : 1500 remote VC MTU : 1500 tunnel policy name : -traffic behavior name: -PW template name : -primary or secondary : primary create time : 0 days, 0 hours, 7 minutes, 55 seconds up time : 0 days, 0 hours, 4 minutes, 58 seconds last change time : 0 days, 0 hours, 4 minutes, 58 seconds
Run the display vsi v100 command on the SPE devices. You can find the status of the VSI named v100 is Up, and the corresponding PW status is also Up. Take the SPE1 as an example:
<SPE1> display vsi v100 Vsi Mem PW Mac Encap Name Disc Type Learn Type v100 static ldp unqualify vlan Mtu Vsi Value State 1500 up
The CE1 and CE2 on the same network segment can successfully ping each other. Before GE 2/0/0 of the SPE1 is shutdown, view the MAC address table on the SPE2 as follows:
[SPE2] display mac-address dynamic 2 MAC Address VLAN/VSI Port Type Lsp ---------------------------------------------------------------------------0000-c101-0102 100 GigabitEthernet2/0/0 dynamic 3/3366 Total matching items displayed = 2
After GE 2/0/0 of the SPE1 is shutdown, the VSI bound with the static VLL is informed that the interface is Down. Check the MAC address table learned by the VSI on the SPE2. You can find the MAC address learned from GE 2/0/0 is deleted.
[SPE2] display mac-address dynamic 2 MAC Address VLAN/VSI Port Type Lsp ---------------------------------------------------------------------------Total matching items displayed = 0
Configuration Files
l
7-108
Issue 03 (2008-09-22)
7 VPLS Configuration
Issue 03 (2008-09-22)
7-109
7 VPLS Configuration
mpls ldp # mpls ldp remote-peer 1 remote-ip 3.3.3.9 # interface GigabitEthernet2/0/0 undo shutdown ip address 100.1.3.1 255.255.255.0 mpls mpls ldp # interface Pos1/0/0 undo shutdown link-protocol ppp ip address 100.1.1.1 255.255.255.0 mpls mpls ldp # interface LoopBack1 ip address 1.1.1.9 255.255.255.255 # ospf 1 area 0.0.0.0 network 1.1.1.9 0.0.0.0 network 100.1.1.0 0.0.0.255 network 100.1.3.0 0.0.0.255 # return l
7-110
Issue 03 (2008-09-22)
7 VPLS Configuration
Issue 03 (2008-09-22)
7-111
7 VPLS Configuration
return
7.13.7 Example for Configuring the Static VLL to Access the VPLS Network
Networking Requirements
As shown in Figure 7-14, the UPE devices do not support the dynamic VLL. Thus, the UPE devices have to access the SPE devices through the static VLL. It is required that the VLL in SVC mode is created between the UPE and the SPE devices, and the CE1 and CE2 access the VPLS meshed network through the UPE devices. Figure 7-14 Networking diagram of configuring static VLL to access the VPLS network
Loopback1 1.1.1.9/32 POS1/0/0 100.1.1.1/24 GE2/0/0 100.1.3.1/24 GE1/0/0 100.1.3.2/24 UPE1 GE2/0/0.1 GE1/0/0.1 10.1.1.1/24 POS1/0/0 100.1.1.2/24 P Loopback1 2.2.2.9/32 Loopback1 3.3.3.9/32
SPE1
POS1/0/0 100.1.2.2/24 POS2/0/0 100.1.2.1/24 GE2/0/0 100.1.4.1/24 GE1/0/0 100.1.4.2/24 UPE2 GE2/0/0.1 GE1/0/0.1 10.1.1.2/24
SPE2
Loopback1 4.4.4.9/32
Loopback1 5.5.5.9/32
CE1
CE2
Configuration Roadmap
The configuration roadmap is as follows: 1. 2. 3. 4. Complete the task of Configuring Martini VPLS between the SPE devices Configure the basic MPLS L2VPN capability on the UPE and the SPE devices Configure the static VLL and VSI on the SPE devices and enable the MAC withdraw function of the VSI. Configure the static VLL on the UPE devices to access the SPE devices.
Data Preparation
To complete the configuration, you need the following data:
l l l l
VSI name and VSI ID MPLS LSR ID (IP address of the peer) of the UPE and the SPE device Routing protocol Received and sent label of the static LSP of the UPE and the SPE devices
Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd. Issue 03 (2008-09-22)
7-112
7 VPLS Configuration
Configuration Procedure
1. Configure the IP addresses. As shown in Figure 7-14, configure the IP addresses and masks for the interfaces including loopback interfaces.
NOTE
If all the UPE interfaces are Layer 2 GE interfaces, they cannot be configured with the IP addresses. The IP addresses can be configured only after those interfaces join the VLAN and become the VLANIF interfaces. For detailed configuration, refer to the chapter "VLAN Configuration" in the Quidway NetEngine80E/40E Router Configuration Guide - LAN Access & MAN Access.
2.
Configure IGP. Configure OSPF on the SPE and P routers and advertise the network segment address and the LSR IP address. # Configure SPE1.
<SPE1> system-view [SPE1] ospf [SPE1-ospf-1] area 0 [SPE1-ospf-1-area-0.0.0.0] [SPE1-ospf-1-area-0.0.0.0] [SPE1-ospf-1-area-0.0.0.0] [SPE1-ospf-1-area-0.0.0.0] [SPE1-ospf-1] quit
network 1.1.1.9 0.0.0.0 network 100.1.1.0 0.0.0.255 network 100.1.3.0 0.0.0.255 quit
# Configure P.
<P> system-view [P] ospf [P-ospf-1] area 0 [P-ospf-1-area-0.0.0.0] [P-ospf-1-area-0.0.0.0] [P-ospf-1-area-0.0.0.0] [P-ospf-1-area-0.0.0.0] [P-ospf-1] quit
network 2.2.2.9 0.0.0.0 network 100.1.1.0 0.0.0.255 network 100.1.2.0 0.0.0.255 quit
# Configure SPE2.
<SPE2> system-view [SPE2] ospf [SPE2-ospf-1] area 0 [SPE2-ospf-1-area-0.0.0.0] [SPE2-ospf-1-area-0.0.0.0] [SPE2-ospf-1-area-0.0.0.0] [SPE2-ospf-1-area-0.0.0.0] [SPE2-ospf-1] quit
network 3.3.3.9 0.0.0.0 network 100.1.2.0 0.0.0.255 network 100.1.4.0 0.0.0.255 quit
# Configure UPE1.
<UPE1> system-view [UPE1] ospf [UPE1-ospf-1] area 0 [UPE1-ospf-1-area-0.0.0.0] network 4.4.4.9 0.0.0.0 [UPE1-ospf-1-area-0.0.0.0] network 100.1.3.0 0.0.0.255 [UPE1-ospf-1-area-0.0.0.0] quit [UPE1-ospf-1] quit
# Configure UPE2.
<UPE2> system-view [UPE2] ospf [UPE2-ospf-1] area 0 [UPE2-ospf-1-area-0.0.0.0] network 5.5.5.9 0.0.0.0 [UPE2-ospf-1-area-0.0.0.0] network 100.1.4.0 0.0.0.255 [UPE2-ospf-1-area-0.0.0.0] quit [UPE2-ospf-1] quit
3.
Issue 03 (2008-09-22)
7-113
7 VPLS Configuration
[SPE1] mpls lsr-id 1.1.1.9 [SPE1] mpls [SPE1-mpls] quit [SPE1] quit [SPE1] mpls ldp [SPE1-mpls-ldp] quit [SPE1] interface pos 1/0/0 [SPE1-Pos1/0/0] mpls [SPE1-Pos1/0/0] mpls ldp [SPE1-Pos1/0/0] quit [SPE1] interface gigabitethernet 2/0/0 [SPE1-GigabitEthernet2/0/0] mpls [SPE1-GigabitEthernet2/0/0] quit
# Configure P.
[P] mpls lsr-id 2.2.2.9 [P] mpls [P-mpls] quit [P] quit [P] mpls ldp [P-mpls-ldp] quit [P] interface pos 1/0/0 [P-Pos1/0/0] mpls [P-Pos1/0/0] mpls ldp [P-Pos1/0/0] quit [P] interface pos 2/0/0 [P-Pos2/0/0] mpls [P-Pos2/0/0] mpls ldp [P-Pos2/0/0] quit
# Configure SPE2.
[SPE2] mpls lsr-id 3.3.3.9 [SPE2] mpls [SPE2-mpls] quit [SPE2] quit [SPE2] mpls ldp [SPE2-mpls-ldp] quit [SPE2] interface pos 1/0/0 [SPE2-Pos1/0/0] mpls [SPE2-Pos1/0/0] mpls ldp [SPE2-Pos1/0/0] quit [SPE2] interface gigabitethernet 2/0/0 [SPE2-GigabitEthernet2/0/0] mpls [SPE2-GigabitEthernet2/0/0] quit
After the configuration, run the display mpls ldp session command on the SPE1, P, and SPE2. You can find the "Status" is "Operational". It means the peer between the SPE1 and P or the peer between the SPE2 and P is set up. Running the display mpls lsp command, you can view information about the LSP setup. Take SPE1 as an example:
<SPE1> display mpls ldp session LDP Session(s) in Public Network -----------------------------------------------------------------------------Peer-ID Status LAM SsnRole SsnAge KA-Sent/Rcv -----------------------------------------------------------------------------2.2.2.9:0 Operational DU Passive 000:00:01 7/7 -----------------------------------------------------------------------------TOTAL: 1 session(s) Found. LAM : Label Advertisement Mode SsnAge Unit : DDD:HH:MM <SPE1> display mpls lsp ---------------------------------------------------------------------LSP Information: LDP LSP ---------------------------------------------------------------------FEC In/Out Label In/Out IF Vrf Name 2.2.2.9/32 NULL/3 -/Pos1/0/0
7-114
Issue 03 (2008-09-22)
7 VPLS Configuration
4.
Establish the remote LDP session between the SPE devices. # Configure SPE1.
[SPE1] mpls ldp remote-peer 1 [SPE1-mpls-ldp-remote-1] remote-ip 3.3.3.9 [SPE1-mpls-ldp-remote-1] quit
# Configure SPE2.
[SPE2] mpls ldp remote-peer 1 [SPE2-mpls-ldp-remote-1] remote-ip 1.1.1.9 [SPE2-mpls-ldp-remote-1] quit
After the configuration, run the display mpls ldp session command on SPE1 or SPE2. You can view that the status of the peers between SPE1 and SPE2 is "Operational". That is, the peer relationship is established. Take SPE1 as an example:
<SPE1> display mpls ldp session LDP Session(s) in Public Network -----------------------------------------------------------------------------Peer-ID Status LAM SsnRole SsnAge KA-Sent/Rcv -----------------------------------------------------------------------------2.2.2.9:0 Operational DU Passive 000:00:05 24/24 3.3.3.9:0 Operational DU Passive 000:00:01 5/5 -----------------------------------------------------------------------------TOTAL: 2 session(s) Found. LAM : Label Advertisement Mode SsnAge Unit : DDD:HH:MM
5.
Configure the static LSP between the UPE and the SPE devices. # Configure UPE1.
[UPE1] mpls lsr-id 4.4.4.9 [UPE1] mpls [UPE1-mpls] quit [UPE1] interface gigabitethernet 1/0/0 [UPE1-GigabitEthernet1/0/0] mpls [UPE1-GigabitEthernet1/0/0] quit [UPE1] static-lsp ingress UPE1toSPE1 destination 1.1.1.9 32 nexthop 100.1.3.1 out-label 20 [UPE1] static-lsp egress SPE1toUPE1 incoming-interface gigabitethernet 1/0/0 in-label 30
# Configure UPE2.
[UPE2] mpls lsr-id 5.5.5.9 [UPE2] mpls [UPE2-mpls] quit [UPE2] interface gigabitethernet 1/0/0 [UPE2-GigabitEthernet1/0/0] mpls [UPE2-GigabitEthernet1/0/0] quit [UPE2] static-lsp ingress UPE2toSPE2 destination 3.3.3.9 32 nexthop 100.1.4.1 out-label 40 [UPE2] static-lsp egress SPE2toUPE2 incoming-interface gigabitethernet 1/0/0 in-label 50
# Configure SPE1.
[SPE1] static-lsp ingress SPE1toUPE1 destination 4.4.4.9 32 nexthop 100.1.3.2 out-label 30 [SPE1] static-lsp egress UPE1toSPE1 incoming-interface gigabitethernet 2/0/0 in-label 20
# Configure SPE2.
[SPE2] static-lsp ingress SPE2toUPE2 destination 5.5.5.9 32 nexthop 100.1.4.2 out-label 50
Issue 03 (2008-09-22)
7-115
7 VPLS Configuration
6.
Enable the MPLS L2VPN fucntion of the UPE devices and configure the UPE devices to access the SPE devices through the static VLL. # Configure UPE1.
<UPE1> system-view [UPE1] mpls l2vpn [UPE1-l2vpn] quit [UPE1] interface gigabitethernet 2/0/0.1 [UPE1-GigabitEthernet2/0/0.1] shutdown [UPE1-GigabitEthernet2/0/0.1] vlan-type dot1q 1 [UPE1-GigabitEthernet2/0/0.1] mpls static-l2vc destination 1.1.1.9 transmitvpn-label 100 receive-vpn-label 100 [UPE1-GigabitEthernet2/0/0.1] undo shutdown [UPE1-GigabitEthernet2/0/0.1] quit
# Configure UPE2.
<UPE2> system-view [UPE2] mpls l2vpn [UPE2-l2vpn] quit [UPE2] interface gigabitethernet 2/0/0.1 [UPE2-GigabitEthernet2/0/0.1] shutdown [UPE2-GigabitEthernet2/0/0.1] vlan-type dot1q 1 [UPE2-GigabitEthernet2/0/0.1] mpls static-l2vc destination 3.3.3.9 transmitvpn-label 100 receive-vpn-label 100 [UPE2-GigabitEthernet2/0/0.1] undo shutdown [UPE2-GigabitEthernet2/0/0.1] quit
7.
Enable the MPLS L2VPN function of the SPE devices and bind the VSI with the UPE. # Configure SPE1.
<SPE1> system-view [SPE1] mpls l2vpn [SPE1] vsi V100 static [SPE1-vsi-v100] pwsignal ldp [SPE1-vsi-v100-ldp] vsi-id 100 [SPE1-vsi-v100-ldp] mac-withdraw enable [SPE1-vsi-v100-ldp] peer 3.3.3.9 [SPE1-vsi-v100-ldp] peer 4.4.4.9 static-upe trans 100 recv 100 [SPE1-vsi-v100-ldp] quit
# Configure SPE2.
<SPE2> system-view [SPE2] mpls l2vpn [SPE2] vsi V100 static [SPE2-vsi-v100] pwsignal ldp [SPE2-vsi-v100-ldp] vsi-id 100 [SPE2-vsi-v100-ldp] mac-withdraw enable [SPE2-vsi-v100-ldp] peer 1.1.1.9 [SPE2-vsi-v100-ldp] peer 5.5.5.9 static-upe trans 100 recv 100 [SPE2-vsi-v100-ldp] quit
8.
Verify the configuration. After the previous configuration, run the display mpls static-l2vc command on the UPE devices. You can find the static VLL is established and the VC status is Up. Take UPE1 as an example:
<UPE1> display mpls static-l2vc interface gigabitethernet 2/0/0.1 *Client Interface : GigabitEthernet2/0/0.1 is up AC Status : up VC State : up VC ID : 0 VC Type : VLAN Destination : 1.1.1.9 Transmit VC Label : 100 Receive VC Label : 100 Control Word : Disable
7-116
Issue 03 (2008-09-22)
7 VPLS Configuration
Disable ---Main : 1 tunnels/tokens , TNL ID : 0x1002000 : 0 days, 0 hours, 10 minutes, 45 seconds : 0 days, 0 hours, 10 minutes, 45 seconds : 0 days, 0 hours, 10 minutes, 45 seconds
Run the display vsi name v100 command on SPEs. You can view that the VSI named v100 is Up and the corresponding PW is also Up. Take SPE1 as an example:
<SPE1> display vsi name v100 ***VSI Name : Administrator VSI : Isolate Spoken : VSI Index : PW Signaling : Member Discovery Style : PW MAC Learn Style : Encapsulation Type : MTU : Mode : Service Class : Color : DomainId : Domain Name : VSI State : VSI ID : *Peer Router ID : VC Label : Peer Type : Session : Tunnel ID : *Peer Router ID : VC Label : Peer Type : Tunnel ID : **PW Information: *Peer Ip Address : PW State : Local VC Label : Remote VC Label : PW Type : Tunnel ID : *Peer Ip Address : PW State : Local VC Label : Remote VC Label : PW Type : Tunnel ID : verbose v100 no disable 0 ldp static unqualify vlan 1500 uniform --0 up 100 3.3.3.9 23552 dynamic up 0x1002001, 4.4.4.9 100 static 0x2002004, 4.4.4.9 up 100 100 MEHVPLS 0x2002004, 3.3.3.9 up 23552 23552 label 0x1002001,
CE1 and CE2, which reside in the same network segment, can ping through each other. After you run the shutdown command on GE 2/0/0.1 (bound to the VSI) of the UPE or PE, CE1 and CE2 cannot ping through each other. This indicates that user data is transmitted through the PW of this VSI. Before GE 2/0/0 of SPE1 is shut down, check the MAC addresses learnt by the VSI on SPE2.
<SPE2> display mac-address dynamic MAC Address VLAN/VSI Port Type Lsp ---------------------------------------------------------------------------0000-c101-0102 100 GigabitEthernet2/0/0 dynamic 3/3366 Total matching items displayed = 2
Issue 03 (2008-09-22)
7-117
7 VPLS Configuration
After GE 2/0/0 of SPE1 is shut down, the VSI bound to the static VLL becomes Down. Check the MAC addresses learnt by the VSI on SPE2, and you can view that one MAC address learnt from GE 2/0/0 is deleted.
<SPE2> display mac-address dynamic MAC Address VLAN/VSI Port Type Lsp -------------------------------------------------------------------Total matching items displayed = 0
Configuration Files
l
7-118
Issue 03 (2008-09-22)
7 VPLS Configuration
network 100.1.3.0 0.0.0.255 # static-lsp ingress UPE1toSPE1 destination 1.1.1.9 32 nexthop 100.1.3.1 outlabel 20 static-lsp egress SPE1toUPE1 incoming-interface GigabitEthernet1/0/0 in-label 30 # return l
Configuration file of P
# sysname P # mpls lsr-id 2.2.2.9 mpls # mpls ldp # interface Pos1/0/0 link-protocol ppp undo shutdown ip address 100.1.1.2 255.255.255.0 mpls
Issue 03 (2008-09-22)
7-119
7 VPLS Configuration
mpls ldp # interface Pos2/0/0 link-protocol ppp undo shutdown ip address 100.1.2.1 255.255.255.0 mpls mpls ldp # interface LoopBack1 ip address 2.2.2.9 255.255.255.255 # ospf 1 area 0.0.0.0 network 2.2.2.9 0.0.0.0 network 100.1.1.0 0.0.0.255 network 100.1.2.0 0.0.0.255 # return l
7-120
Issue 03 (2008-09-22)
7 VPLS Configuration
sysname UPE2 # mpls lsr-id 5.5.5.9 mpls # mpls l2vpn # interface GigabitEthernet1/0/0 undo shutdown ip address 100.1.4.2 255.255.255.0 mpls # interface GigabitEthernet2/0/0 undo shutdown # interface GigabitEthernet2/0/0.1 undo shutdown vlan-type dot1q 1 mpls static-l2vc destination 3.3.3.9 transmit-vpn-label 100 receive-vpn-label 100 # interface LoopBack1 ip address 5.5.5.9 255.255.255.255 # ospf 1 area 0.0.0.0 network 5.5.5.9 0.0.0.0 network 100.1.4.0 0.0.0.255 # static-lsp ingress UPE2toSPE2 destination 3.3.3.9 32 nexthop 100.1.4.1 outlabel 40 static-lsp egress SPE2toUPE2 incoming-interface GigabitEthernet1/0/0 in-label 50 # return
7.13.8 Example for Configuring the Static VLL to Access the VPLS Network in Dual-homed Mode
Networking Requirements
As shown in Figure 7-15, the UPE devices do not support the dynamic VLL. The UPE devices need to access the SPE devices through the static VLL in dual-homed mode. Between the UPE and the SPE devices, the active and standby PWs are adopted. After the MPLS TE and the MPLS OAM function are configured, if a PW fails, data traffic is switched to another PW. It is required that the VLL in SVC mode is created between the UPE and the SPE devices, and the CE1 and CE2 access the basic VPLS meshed network through the UPE devices.
Issue 03 (2008-09-22)
7-121
7 VPLS Configuration
Figure 7-15 Networking diagram of configuring the static VLL to access the VPLS network in dual-homed mode
Loopback1 1.1.1.9/32 Loopback1 5.5.5.9/32
UPE1 GE3/0/0 100.1.5.1/24
Loopback1 3.3.3.9/32
GE3/0/0 100.1.7.1/24
Loopback1 6.6.6.9/32
UPE2
SPE1 POS2/0/0 GE1/0/0 100.1.4.2/24 100.1.5.2/24 GE2/0/0 100.1.6.2/24 POS2/0/0 SPE2 100.1.4.1/24 GE3/0/0 100.1.6.1/24
POS2/0/0 SPE3 100.1.2.1/24 GE1/0/0 100.1.7.2/24 GE2/0/0 100.1.8.2/24 POS2/0/0 100.1.2.2/24 SPE4 GE3/0/0 100.1.8.1/24
CE1
Loopback1 2.2.2.9/32
Loopback1 4.4.4.9/32
CE2
Configuration Roadmap
The configuration roadmap is as follows: 1. 2. 3. 4. 5. Configure IGP, MPLS, MPLS LDP, MPLS TE, and MPLS L2VPN functions on UPEs and SPEs. Configure active and standby MPLS TE tunnels and static LSPs between UPEs and SPEs. Enable MPLS OAM on SPEs to check tunnels. Configure UPEs to access SPEs through static VLLs. Configure HVPLSs on SPEs and enable MAC address withdraw in the VSI.
Data Preparation
To complete the configuration, you need the following data:
l
VSI name, VSI ID, MPLS LSR IDs (peer IP addresses) of UPEs and SPEs, and routing protocol running on the network Names of active and standby PWs and interfaces between UPEs and SPEs, and name of the reverse LSP of the MPLS TE tunnel Interval for sending FFD packets of MPLS OAM Inbound and outbound labels on the static LSPs between UPEs and SPEs
l l
Configuration Procedure
1. 2. Configure the IGP functions. Configure the IP addresses. As shown in Figure 7-15, configure the IP addresses and masks for the interfaces including loopback interfaces.
7-122
Issue 03 (2008-09-22)
7 VPLS Configuration
If all the UPE interfaces are Layer 2 GE interfaces, they cannot be configured with the IP addresses. The IP addresses can be configured only after those interfaces join the VLAN and become the VLANIF interfaces. For detailed configuration, refer to the chapter "VLAN Configuration" in the Quidway NetEngine80E/40E Router Configuration Guide - LAN Access and MAN Access.
3.
Configure IGP. Configure OSPF on SPEs and UPEs to advertise the network segment and the host routes of LSR IDs. # Configure SPE1.
<SPE1> system-view [SPE1] ospf [SPE1-ospf-1] area 0 [SPE1-ospf-1-area-0.0.0.0] [SPE1-ospf-1-area-0.0.0.0] [SPE1-ospf-1-area-0.0.0.0] [SPE1-ospf-1-area-0.0.0.0] [SPE1-ospf-1-area-0.0.0.0] [SPE1-ospf-1] quit
# Configure SPE2.
<SPE2> system-view [SPE2] ospf [SPE2-ospf-1] area 0 [SPE2-ospf-1-area-0.0.0.0] [SPE2-ospf-1-area-0.0.0.0] [SPE2-ospf-1-area-0.0.0.0] [SPE2-ospf-1-area-0.0.0.0] [SPE2-ospf-1-area-0.0.0.0] [SPE2-ospf-1] quit
# Configure SPE3.
<SPE3> system-view [SPE3] ospf [SPE3-ospf-1] area 0 [SPE3-ospf-1-area-0.0.0.0] [SPE3-ospf-1-area-0.0.0.0] [SPE3-ospf-1-area-0.0.0.0] [SPE3-ospf-1-area-0.0.0.0] [SPE3-ospf-1-area-0.0.0.0] [SPE3-ospf-1] quit
# Configure SPE4.
<SPE4> system-view [SPE4] ospf [SPE4-ospf-1] area 0 [SPE4-ospf-1-area-0.0.0.0] [SPE4-ospf-1-area-0.0.0.0] [SPE4-ospf-1-area-0.0.0.0] [SPE4-ospf-1-area-0.0.0.0] [SPE4-ospf-1-area-0.0.0.0] [SPE4-ospf-1] quit
# Configure UPE1.
<UPE1> system-view [UPE1] ospf [UPE1-ospf-1] area 0 [UPE1-ospf-1-area-0.0.0.0] [UPE1-ospf-1-area-0.0.0.0] [UPE1-ospf-1-area-0.0.0.0] [UPE1-ospf-1-area-0.0.0.0] [UPE1-ospf-1] quit
network 5.5.5.9 0.0.0.0 network 100.1.5.0 0.0.0.255 network 100.1.6.0 0.0.0.255 quit
# Configure UPE2.
<UPE2> system-view [UPE2] ospf
Issue 03 (2008-09-22)
7-123
7 VPLS Configuration
[UPE2-ospf-1] area 0 [UPE2-ospf-1-area-0.0.0.0] [UPE2-ospf-1-area-0.0.0.0] [UPE2-ospf-1-area-0.0.0.0] [UPE2-ospf-1-area-0.0.0.0] [UPE2-ospf-1] quit
network 6.6.6.9 0.0.0.0 network 100.1.7.0 0.0.0.255 network 100.1.8.0 0.0.0.255 quit
After the configuration, run the display ip routing-table command on SPEs or UPEs. You can view that the routers have learnt routes from each other. Take SPE1 as an example:
<SPE1> display ip routing-table Route Flags: R - relied, D - download to fib -----------------------------------------------------------------------------Routing Tables: Public Destinations : 21 Routes : 24 Destination/Mask Proto Pre Cost Flags NextHop Interface 1.1.1.9/32 Direct 0 0 D 127.0.0.1 InLoopBack0 2.2.2.9/32 OSPF 10 2 D 100.1.4.1 Pos2/0/0 3.3.3.9/32 OSPF 10 2 D 100.1.1.2 Pos1/0/0 4.4.4.9/32 OSPF 10 3 D 100.1.4.1 Pos2/0/0 OSPF 10 3 D 100.1.1.2 Pos1/0/0 5.5.5.9/32 OSPF 10 2 D 100.1.5.2 GigabitEthernet3/0/0 6.6.6.9/32 OSPF 10 3 D 100.1.1.2 Pos1/0/0 100.1.1.0/24 Direct 0 0 D 100.1.1.1 Pos1/0/0 100.1.1.1/32 Direct 0 0 D 127.0.0.1 InLoopBack0 100.1.1.2/32 Direct 0 0 D 100.1.1.2 Pos1/0/0 100.1.2.0/24 OSPF 10 2 D 100.1.1.2 Pos1/0/0 100.1.3.0/24 OSPF 10 2 D 100.1.4.1 Pos2/0/0 100.1.4.0/24 Direct 0 0 D 100.1.4.2 Pos2/0/0 100.1.4.1/32 Direct 0 0 D 100.1.4.1 Pos2/0/0 100.1.4.2/32 Direct 0 0 D 127.0.0.1 InLoopBack0 100.1.5.0/24 Direct 0 0 D 100.1.5.1 GigabitEthernet3/0/0 100.1.5.1/32 Direct 0 0 D 127.0.0.1 InLoopBack0 100.1.6.0/24 OSPF 10 2 D 100.1.5.2 GigabitEthernet3/0/0 OSPF 10 2 D 100.1.4.1 Pos2/0/0 100.1.7.0/24 OSPF 10 2 D 100.1.1.2 Pos1/0/0 100.1.8.0/24 OSPF 10 3 D 100.1.1.2 Pos1/0/0 OSPF 10 3 D 100.1.4.1 Pos2/0/0 127.0.0.0/8 Direct 0 0 D 127.0.0.1 InLoopBack0 127.0.0.1/32 Direct 0 0 D 127.0.0.1 InLoopBack0
4. 5.
Configure MPLS functions. Configure the basic MPLS capability and MPLS LDP. # Configure SPE1.
[SPE1] mpls lsr-id 1.1.1.9 [SPE1] mpls [SPE1-mpls] mpls te [SPE1-mpls] mpls rsvp-te [SPE1-mpls] quit [SPE1] mpls ldp [SPE1-mpls-ldp] quit [SPE1] interface pos 1/0/0 [SPE1-Pos1/0/0] mpls [SPE1-Pos1/0/0] mpls ldp [SPE1-Pos1/0/0] quit [SPE1] interface pos 2/0/0 [SPE1-Pos2/0/0] mpls [SPE1-Pos2/0/0] mpls ldp [SPE1-Pos2/0/0] quit [SPE1] interface gigabitethernet 3/0/0 [SPE1-GigabitEthernet3/0/0] mpls [SPE1-GigabitEthernet3/0/0] mpls te [SPE1-GigabitEthernet3/0/0] mpls rsvp-te [SPE1-GigabitEthernet3/0/0] quit
# Configure SPE2.
[SPE2] mpls lsr-id 2.2.2.9
7-124
Issue 03 (2008-09-22)
7 VPLS Configuration
# Configure SPE3.
[SPE3] mpls lsr-id 3.3.3.9 [SPE3] mpls [SPE3-mpls] mpls te [SPE3-mpls] mpls rsvp-te [SPE3-mpls] quit [SPE3] mpls ldp [SPE3-mpls-ldp] quit [SPE2] interface pos 1/0/0 [SPE3-Pos1/0/0] mpls [SPE3-Pos1/0/0] mpls ldp [SPE3-Pos1/0/0] quit [SPE3] interface pos 2/0/0 [SPE3-Pos2/0/0] mpls [SPE3-Pos2/0/0] mpls ldp [SPE3-Pos2/0/0] quit [SPE3] interface gigabitethernet 3/0/0 [SPE3-GigabitEthernet3/0/0] mpls [SPE3-GigabitEthernet3/0/0] mpls te [SPE3-GigabitEthernet3/0/0] mpls rsvp-te [SPE3-GigabitEthernet3/0/0] quit
# Configure SPE4.
[SPE4] mpls lsr-id 4.4.4.9 [SPE4] mpls [SPE4-mpls] mpls te [SPE4-mpls] mpls rsvp-te [SPE4-mpls] quit [SPE4] mpls ldp [SPE4-mpls-ldp] quit [SPE4] interface pos 1/0/0 [SPE4-Pos1/0/0] mpls [SPE4-Pos1/0/0] mpls ldp [SPE4-Pos1/0/0] quit [SPE4] interface pos 2/0/0 [SPE4-Pos2/0/0] mpls [SPE4-Pos2/0/0] mpls ldp [SPE4-Pos2/0/0] quit [SPE4] interface gigabitethernet 3/0/0 [SPE4-GigabitEthernet3/0/0] mpls [SPE4-GigabitEthernet3/0/0] mpls te [SPE4-GigabitEthernet3/0/0] mpls rsvp-te [SPE4-GigabitEthernet3/0/0] quit
After the configuration, run the display mpls ldp session command on SPE1, SPE2, SPE3, and SPE4, and you can view that the status of the peers between the adjacent SPEs is "Operational". That is, the peer relationship is established. Run the display mpls lsp command, and you can view information about the establishment of LSPs.
Issue 03 (2008-09-22) Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd. 7-125
7 VPLS Configuration
# Configure UPE1.
[UPE1] mpls lsr-id 5.5.5.9 [UPE1] mpls [UPE1-mpls] mpls te [UPE1-mpls] mpls rsvp-te [UPE1-mpls] quit [UPE1] interface gigabitethernet [UPE1-GigabitEthernet1/0/0] mpls [UPE1-GigabitEthernet1/0/0] mpls [UPE1-GigabitEthernet1/0/0] mpls [UPE1-GigabitEthernet1/0/0] quit [UPE1] interface gigabitethernet [UPE1-GigabitEthernet2/0/0] mpls [UPE1-GigabitEthernet2/0/0] mpls [UPE1-GigabitEthernet2/0/0] mpls [UPE1-GigabitEthernet2/0/0] quit
# Configure UPE2.
[UPE2] mpls lsr-id 6.6.6.9 [UPE2] mpls [UPE2-mpls] mpls te [UPE2-mpls] mpls rsvp-te [UPE2-mpls] quit [UPE2] interface gigabitethernet [UPE2-GigabitEthernet1/0/0] mpls [UPE2-GigabitEthernet1/0/0] mpls [UPE2-GigabitEthernet1/0/0] mpls [UPE2-GigabitEthernet1/0/0] quit [UPE2] interface gigabitethernet [UPE2-GigabitEthernet2/0/0] mpls [UPE2-GigabitEthernet2/0/0] mpls [UPE2-GigabitEthernet2/0/0] mpls [UPE2-GigabitEthernet2/0/0] quit
6.
# Configure SPE2.
7-126 Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd. Issue 03 (2008-09-22)
7 VPLS Configuration
# Configure SPE3.
[SPE3] mpls ldp remote-peer 2.2.2.9 [SPE3-mpls-ldp-remote-2.2.2.9] remote-ip 2.2.2.9 [SPE3-mpls-ldp-remote-2.2.2.9] quit
# Configure SPE4.
[SPE4] mpls ldp remote-peer 1.1.1.9 [SPE4-mpls-ldp-remote-1.1.1.9] remote-ip 1.1.1.9 [SPE4-mpls-ldp-remote-1.1.1.9] quit
After the configuration, run the display mpls ldp session command on SPE1, SPE2, SPE3, and SPE4, and you can view that the status of the peers between the local and adjacent SPEs and between the local and remote SPEs are "Operational". That is, the peer relationship is established. Run the display mpls lsp command, and you can view information about the establishment of LSPs. Take SPE1 as an example:
<SPE1> display mpls ldp session LDP Session(s) in Public Network -----------------------------------------------------------------------------Peer-ID Status LAM SsnRole SsnAge KA-Sent/Rcv -----------------------------------------------------------------------------2.2.2.9:0 Operational DU Passive 000:00:08 33/33 3.3.3.9:0 Operational DU Passive 000:00:07 29/29 4.4.4.9:0 Operational DU Passive 000:00:00 1/1 -----------------------------------------------------------------------------TOTAL: 3 session(s) Found. LAM : Label Advertisement Mode SsnAge Unit : DDD:HH:MM <SPE1> display mpls lsp ---------------------------------------------------------------------LSP Information: LDP LSP ---------------------------------------------------------------------FEC In/Out Label In/Out IF Vrf Name 1.1.1.9/32 3/NULL -/2.2.2.9/32 NULL/3 -/S2/0/0 2.2.2.9/32 1024/3 -/S2/0/0 3.3.3.9/32 NULL/3 -/S1/0/0 3.3.3.9/32 1025/3 -/S1/0/0 4.4.4.9/32 NULL/1026 -/S2/0/0 4.4.4.9/32 NULL/1026 -/S1/0/0 4.4.4.9/32 1026/1026 -/S2/0/0 4.4.4.9/32 1026/1026 -/S1/0/0
7.
# Configure UPE2.
[UPE2] mpls l2vpn
# Configure SPE1.
[SPE1] mpls l2vpn
# Configure SPE2.
[SPE2] mpls l2vpn
# Configure SPE3.
[SPE3] mpls l2vpn
# Configure SPE4.
Issue 03 (2008-09-22) Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd. 7-127
7 VPLS Configuration
[SPE4] mpls l2vpn
8. 9.
Configure TE tunnels and tunnel policies. Configure active MPLS TE tunnels, standby tunnels, and reverse LSPs between SPEs and UPEs. Static LSP tunnels are used to establish the TE tunnels. # Configure UPE1.
[UPE1] interface tunnel 2/0/0 [UPE1-Tunnel2/0/0] ip address unnumbered interface loopback 1 [UPE1-Tunnel2/0/0] tunnel-protocol mpls te [UPE1-Tunnel2/0/0] destination 2.2.2.9 [UPE1-Tunnel2/0/0] mpls te tunnel-id 1 [UPE1-Tunnel2/0/0] mpls te signal-protocol static [UPE1-Tunnel2/0/0] mpls te protection tunnel 11 mode revertive wtr 2 [UPE1-Tunnel2/0/0] mpls te reverse-lsp lsp-name b1 [UPE1-Tunnel2/0/0] mpls te reserved-for-binding [UPE1-Tunnel2/0/0] mpls te commit [UPE1-Tunnel2/0/0] quit [UPE1] interface tunnel 1/0/0 [UPE1-Tunnel1/0/0] ip address unnumbered interface loopback 1 [UPE1-Tunnel1/0/0] tunnel-protocol mpls te [UPE1-Tunnel1/0/0] destination 1.1.1.9 [UPE1-Tunnel1/0/0] mpls te tunnel-id 11 [UPE1-Tunnel1/0/0] mpls te signal-protocol static [UPE1-Tunnel1/0/0] mpls te reverse-lsp lsp-name b11 [UPE1-Tunnel1/0/0] mpls te commit [UPE1-Tunnel1/0/0] quit
# Configure UPE2.
[UPE2] interface tunnel 2/0/0 [UPE2-Tunnel2/0/0] ip address unnumbered interface loopback 1 [UPE2-Tunnel2/0/0] tunnel-protocol mpls te [UPE2-Tunnel2/0/0] destination 4.4.4.9 [UPE2-Tunnel2/0/0] mpls te tunnel-id 3 [UPE2-Tunnel2/0/0] mpls te signal-protocol static [UPE2-Tunnel2/0/0] mpls te protection tunnel 31 mode revertive wtr 2 [UPE2-Tunnel2/0/0] mpls te reverse-lsp lsp-name b3 [UPE2-Tunnel2/0/0] mpls te reserved-for-binding [UPE2-Tunnel2/0/0] mpls te commit [UPE2-Tunnel2/0/0] quit [UPE2] interface tunnel 1/0/0 [UPE2-Tunnel1/0/0] ip address unnumbered interface loopback 1 [UPE2-Tunnel1/0/0] tunnel-protocol mpls te [UPE2-Tunnel1/0/0] destination 3.3.3.9 [UPE2-Tunnel1/0/0] mpls te tunnel-id 31 [UPE2-Tunnel1/0/0] mpls te signal-protocol static [UPE2-Tunnel1/0/0] mpls te reverse-lsp lsp-name b31 [UPE2-Tunnel1/0/0] mpls te commit [UPE2-Tunnel1/0/0] quit
# Configure SPE1.
[SPE1] interface tunnel 3/0/0 [SPE1-Tunnel3/0/0] ip address unnumbered interface loopback 1 [SPE1-Tunnel3/0/0] tunnel-protocol mpls te [SPE1-Tunnel3/0/0] destination 5.5.5.9 [SPE1-Tunnel3/0/0] mpls te tunnel-id 21 [SPE1-Tunnel3/0/0] mpls te signal-protocol static [SPE1-Tunnel3/0/0] mpls te reverse-lsp lsp-name b21 [SPE1-Tunnel3/0/0] mpls te reserved-for-binding [SPE1-Tunnel3/0/0] mpls te commit [SPE1-Tunnel3/0/0] quit
# Configure SPE2.
[SPE2] interface tunnel 3/0/0 [SPE2-Tunnel3/0/0] ip address unnumbered interface loopback 1 [SPE2-Tunnel3/0/0] tunnel-protocol mpls te [SPE2-Tunnel3/0/0] destination 5.5.5.9 [SPE2-Tunnel3/0/0] mpls te tunnel-id 2 [SPE2-Tunnel3/0/0] mpls te signal-protocol static
7-128
Issue 03 (2008-09-22)
7 VPLS Configuration
# Configure SPE3.
[SPE3] interface tunnel 3/0/0 [SPE3-Tunnel3/0/0] ip address unnumbered interface loopback 1 [SPE3-Tunnel3/0/0] tunnel-protocol mpls te [SPE3-Tunnel3/0/0] destination 6.6.6.9 [SPE3-Tunnel3/0/0] mpls te tunnel-id 41 [SPE3-Tunnel3/0/0] mpls te signal-protocol static [SPE3-Tunnel3/0/0] mpls te reverse-lsp lsp-name b41 [SPE3-Tunnel3/0/0] mpls te reserved-for-binding [SPE3-Tunnel3/0/0] mpls te commit [SPE3-Tunnel3/0/0] quit
# Configure SPE4.
[SPE4] interface tunnel 3/0/0 [SPE4-Tunnel3/0/0] ip address unnumbered interface loopback 1 [SPE4-Tunnel3/0/0] tunnel-protocol mpls te [SPE4-Tunnel3/0/0] destination 6.6.6.9 [SPE4-Tunnel3/0/0] mpls te tunnel-id 4 [SPE4-Tunnel3/0/0] mpls te signal-protocol static [SPE4-Tunnel3/0/0] mpls te reverse-lsp lsp-name b4 [SPE4-Tunnel3/0/0] mpls te reserved-for-binding [SPE4-Tunnel3/0/0] mpls te commit [SPE4-Tunnel3/0/0] quit
10. Configure tunnel policies applied to UPEs and SPEs. # Configure UPE1.
[UPE1] tunnel-policy vll [UPE1-tunnel-policy-vll] tunnel binding destination 2.2.2.9 te tunnel 2/0/0
# Configure UPE2.
[UPE2] tunnel-policy vll [UPE2-tunnel-policy-vll] tunnel binding destination 4.4.4.9 te tunnel 2/0/0
# Configure SPE1.
[SPE1] tunnel-policy vsi [SPE1-tunnel-policy-vsi] tunnel binding destination 5.5.5.9 te tunnel 3/0/0
# Configure SPE2.
[SPE2] tunnel-policy vsi [SPE2-tunnel-policy-vsi] tunnel binding destination 5.5.5.9 te tunnel 3/0/0
# Configure SPE3.
[SPE3] tunnel-policy vsi [SPE3-tunnel-policy-vsi] tunnel binding destination 6.6.6.9 te tunnel 3/0/0
# Configure SPE4.
[SPE4] tunnel-policy vsi [SPE4-tunnel-policy-vsi] tunnel binding destination 6.6.6.9 te tunnel 3/0/0
11. Configure MPLS OAM functions on SPEs and UPEs. # Configure UPE1.
[UPE1] mpls [UPE1-mpls] [UPE1-mpls] [UPE1] mpls [UPE1] mpls [UPE1] mpls [UPE1] mpls [UPE1] mpls [UPE1] mpls mpls oam quit oam egress lsp-name b1 oam egress lsp-name b11 oam ingress tunnel 1/0/0 type ffd frequency 100 oam ingress enable tunnel 1/0/0 oam ingress tunnel 2/0/0 type ffd frequency 100 oam ingress enable tunnel 2/0/0
# Configure UPE2.
Issue 03 (2008-09-22) Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd. 7-129
7 VPLS Configuration
[UPE2] mpls [UPE2-mpls] [UPE2-mpls] [UPE2] mpls [UPE2] mpls [UPE2] mpls [UPE2] mpls [UPE2] mpls [UPE2] mpls
mpls oam quit oam egress lsp-name b3 oam egress lsp-name b31 oam ingress tunnel 1/0/0 type ffd frequency 100 oam ingress enable tunnel 1/0/0 oam ingress tunnel 2/0/0 type ffd frequency 100 oam ingress enable tunnel 2/0/0
# Configure SPE1.
[SPE1] mpls [SPE1-mpls] [SPE1-mpls] [SPE1] mpls [SPE1] mpls [SPE1] mpls mpls oam quit oam egress lsp-name b21 oam ingress tunnel 3/0/0 type ffd frequency 100 oam ingress enable tunnel 3/0/0
# Configure SPE2.
[SPE2] mpls [SPE2-mpls] [SPE2-mpls] [SPE2] mpls [SPE2] mpls [SPE2] mpls mpls oam quit oam egress lsp-name b2 oam ingress tunnel 3/0/0 type ffd frequency 100 oam ingress enable tunnel 3/0/0
# Configure SPE3.
[SPE3] mpls [SPE3-mpls] [SPE3-mpls] [SPE3] mpls [SPE3] mpls [SPE3] mpls mpls oam quit oam egress lsp-name b41 oam ingress tunnel 3/0/0 type ffd frequency 100 oam ingress enable tunnel 3/0/0
# Configure SPE4.
[SPE4] mpls [SPE4-mpls] [SPE4-mpls] [SPE4] mpls [SPE4] mpls [SPE4] mpls mpls oam quit oam egress lsp-name b4 oam ingress tunnel 3/0/0 type ffd frequency 100 oam ingress enable tunnel 3/0/0
12. Configure routers to access the VPLS network through static VLLs. 13. Establish static LSPs between UPEs and SPEs. # Configure a static LSP from UPE1 to SPE1.
[UPE1] static-lsp nexthop 100.1.5.1 [UPE1] static-lsp 201 lsrid 1.1.1.9 ingress tunnel-interface tunnel 1/0/0 destination 1.1.1.9 out-label 200 egress b11 incoming-interface gigabitethernet 1/0/0 in-label tunnel-id 21
7-130
Issue 03 (2008-09-22)
7 VPLS Configuration
14. Configure UPEs to access SPEs through static VLLs. # Configure UPE1.
[UPE1] interface gigabitethernet 3/0/0.1 [UPE1-GigabitEthernet3/0/0.1] shutdown [UPE1-GigabitEthernet3/0/0.1] vlan-type dot1q 10 [UPE1-GigabitEthernet3/0/0.1] mpls static-l2vc destination 2.2.2.9 transmitvpn-label 500 receive-vpn-label 500 tunnel-policy vll [UPE1-GigabitEthernet3/0/0.1] undo shutdown [UPE1-GigabitEthernet3/0/0.1] quit
# Configure UPE2.
[UPE2] interface gigabitethernet 3/0/0.1 [UPE2-GigabitEthernet3/0/0.1] shutdown [UPE2-GigabitEthernet3/0/0.1] vlan-type dot1q 10 [UPE2-GigabitEthernet3/0/0.1] mpls static-l2vc destination 4.4.4.9 transmitvpn-label 600 receive-vpn-label 600 tunnel-policy vll [UPE2-GigabitEthernet3/0/0.1] undo shutdown [UPE2-GigabitEthernet3/0/0.1] quit
15. Configure HVPLSs on SPEs and enable MAC address withdraw in the VSI. # Configure SPE1.
[SPE1] vsi v100 static [SPE1-vsi-v100] pwsignal ldp [SPE1-vsi-v100-ldp] vsi-id 100 [SPE1-vsi-v100-ldp] mac-withdraw enable [SPE1-vsi-v100-ldp] peer 2.2.2.9 [SPE1-vsi-v100-ldp] peer 3.3.3.9 [SPE1-vsi-v100-ldp] peer 4.4.4.9 [SPE1-vsi-v100-ldp] peer 5.5.5.9 tnl-policy vsi static-upe trans 500 recv 500 [SPE1-vsi-v100-ldp] quit
# Configure SPE2.
[SPE2] vsi v100 static [SPE2-vsi-v100] pwsignal ldp [SPE2-vsi-v100-ldp] vsi-id 100 [SPE2-vsi-v100-ldp] mac-withdraw enable [SPE2-vsi-v100-ldp] peer 1.1.1.9 [SPE2-vsi-v100-ldp] peer 3.3.3.9 [SPE2-vsi-v100-ldp] peer 4.4.4.9 [SPE2-vsi-v100-ldp] peer 5.5.5.9 tnl-policy vsi static-upe trans 500 recv 500 [SPE2-vsi-v100-ldp] quit
# Configure SPE3.
Issue 03 (2008-09-22) Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd. 7-131
7 VPLS Configuration
# Configure SPE4.
[SPE4] vsi v100 static [SPE4-vsi-v100] pwsignal ldp [SPE4-vsi-v100-ldp] vsi-id 100 [SPE4-vsi-v100-ldp] mac-withdraw enable [SPE4-vsi-v100-ldp] peer 1.1.1.9 [SPE4-vsi-v100-ldp] peer 2.2.2.9 [SPE4-vsi-v100-ldp] peer 3.3.3.9 [SPE4-vsi-v100-ldp] peer 6.6.6.9 tnl-policy vsi static-upe trans 600 recv 600 [SPE4-vsi-v100-ldp] quit
16. Verify the configuration After the configuration, run the display mpls oam ingress all command on UPEs, and you can view that the detection status of the OAM ingress is "Non-defect". Take UPE1 as an example:
<UPE1> display mpls oam ingress all ------------------------------------------------------------------------------No. Tunnel-name Ttsi Type Frequency Status ------------------------------------------------------------------------------1 Tunnel2/0/0 5.5.5.9 : 1 FFD 100 ms Start/Non-defect 2 Tunnel1/0/0 5.5.5.9 : 11 FFD 100 ms Start/Non-defect ------------------------------------------------------------------------------Total Oam Num: 2 Total Start Oam Num: 0 Total Defect Oam Num: 0
Run the display mpls oam egress all command on UPEs, and you can view that the detection status of the OAM egress is "Non-defect". Take UPE1 as an example:
<UPE1> display mpls oam egress all ------------------------------------------------------------------------------No. Lsp-name Ttsi Type Frequency Status ------------------------------------------------------------------------------1 b1 2.2.2.9 : 2 None -Start/Non-defect
Run the shutdown command on GE 1/0/0 on UPE1, and then run the display mpls te protection tunnel command. You can view that the status of the primary tunnel is "in defect".
<UPE1> display mpls te protection tunnel all verbose ---------------------------------------------------------------Verbose information about the 1th proteciton-group ---------------------------------------------------------------Work-tunnel id : 2 Protect-tunnel id : 21 Work-tunnel name : Tunnel2/0/0 Protect-tunnel name : Tunnel1/0/0 Work-tunnel reverse-lsp name : b1 Protect-tunnel reverse-lsp name : b21 switch result : work-tunnel work-tunnel defect state : non-defect protect-tunnel defect state : non-defect work-tunnel reverse-lsp defect state : non-defect protect-tunnel reverse-lsp defect state : non-defect
7-132
Issue 03 (2008-09-22)
7 VPLS Configuration
Run the display mpls static-l2vc on UPEs, and you can view that static VLLs are established and the VC status is Up. Take UPE1 as an example:
<UPE1> display mpls static-l2vc interface gigabitethernet 3/0/0.1 *Client Interface : GigabitEthernet3/0/0.1 is up AC Status : up VC State : up VC ID : 0 VC Type : VLAN Destination : 2.2.2.9 Transmit VC Label : 500 Receive VC Label : 500 Control Word : Disable VCCV Capabilty : Disable Tunnel Policy : vll PW Template Name : -Traffic Behavior : -Main or Secondary : Main VC tunnel/token info : 1 tunnels/tokens NO.0 TNL Type : cr lsp, TNL ID : 0x42002000 Create time : 0 days, 0 hours, 7 minutes, 56 seconds UP time : 0 days, 0 hours, 7 minutes, 55 seconds Last change time : 0 days, 0 hours, 7 minutes, 55 seconds
Run the display vsi name v100 verbose command on SPEs, and you can view that the VSI named v100 is Up and the corresponding PW is also Up. Take SPE1 as an example:
<SPE1> display vsi name v100 ***VSI Name : Administrator VSI : Isolate Spoken : VSI Index : PW Signaling : Member Discovery Style : PW MAC Learn Style : Encapsulation Type : MTU : Mode : Service Class : Color : DomainId : Domain Name : VSI State : VSI ID : *Peer Router ID : VC Label : Peer Type : Session : Tunnel ID : *Peer Router ID : VC Label : Peer Type : Session : Tunnel ID : *Peer Router ID : VC Label : Peer Type : Session : Tunnel ID : *Peer Router ID : VC Label : Peer Type : Tunnel ID : Tunnel Policy Name : **PW Information: *Peer Ip Address : PW State : verbose v100 no disable 0 ldp static unqualify vlan 1500 uniform --0 up 100 2.2.2.9 23552 dynamic up 0x2002000, 3.3.3.9 23553 dynamic up 0x1002002, 4.4.4.9 23554 dynamic up 0x2002004, 5.5.5.9 500 static 0x43002008, vsi 5.5.5.9 up
Issue 03 (2008-09-22)
7-133
7 VPLS Configuration
Local VC Label Remote VC Label PW Type Tunnel ID *Peer Ip Address PW State Local VC Label Remote VC Label PW Type Tunnel ID *Peer Ip Address PW State Local VC Label Remote VC Label PW Type Tunnel ID *Peer Ip Address PW State Local VC Label Remote VC Label PW Type Tunnel ID : : : : : : : : : : : : : : : : : : : : : : 500 500 MEHVPLS 0x43002008, 2.2.2.9 up 23552 23552 label 0x2002000, 3.3.3.9 up 23553 23552 label 0x1002002, 4.4.4.9 up 23554 23552 label 0x2002004,
CE1 and CE2, which reside in the same network segment, can ping through each other. After you run the shutdown command on the interface bound to the VSI on a UPE or an SPE, CE1 and CE2 cannot ping through each other. This indicates that user data is transmitted through the PW of this VSI. Before GE 1/0/0 of SPE1 is shut down, view the MAC addresses learnt by the VSI on SPE3.
<SPE3> display mac-address dynamic 3 MAC Address VLAN/VSI Port Type Lsp ---------------------------------------------------------------------------00e0-fc01-0202 v100 Tunnel3/0/0 dynamic 3/4137 Total matching items displayed = 1
After GE 1/0/0 of SPE1 is shut down, the VSI bound to the static VLL becomes Down. Check the MAC addresses learnt by the VSI, and you can view that SPE3 has learned a new MAC address.
<SPE3> display mac-address dynamic MAC Address VLAN/VSI Port Type Lsp ---------------------------------------------------------------------------00e0-fc01-0515 v100 Tunnel3/0/0 dynamic 3/4137 Total matching items displayed = 0
Configuration Files
l
7-134
Issue 03 (2008-09-22)
7 VPLS Configuration
Issue 03 (2008-09-22)
7-135
7 VPLS Configuration
network 5.5.5.9 0.0.0.0 network 100.1.5.0 0.0.0.255 network 100.1.6.0 0.0.0.255
# static-lsp ingress tunnel-interface Tunnel1/0/0 destination 1.1.1.9 nexthop 10 0.1.5.1 out-label 200 static-lsp egress b11 incoming-interface GigabitEthernet1/0/0 in-label 201 lsrid 1.1.1 .9 tunnel-id 21 static-lsp ingress tunnel-interface Tunnel2/0/0 destination 2.2.2.9 nexthop 10 0.1.6.1 out-label 100 static-lsp egress b1 incoming-interface GigabitEthernet2/0/0 in-label 101 lsrid 2.2.2. 9 tunnel-id 2 # mpls oam egress lsp-name b1 mpls oam egress lsp-name b11 mpls oam ingress Tunnel2/0/0 type ffd frequency 100 mpls oam ingress enable Tunnel2/0/0 mpls oam ingress Tunnel1/0/0 type ffd frequency 100 mpls oam ingress enable Tunnel1/0/0 # tunnel-policy vll tunnel binding destination 2.2.2.9 te Tunnel2/0/0 # return l
7-136
Issue 03 (2008-09-22)
7 VPLS Configuration
mpls te signal-protocol static mpls te tunnel-id 31 mpls te reverse-lsp b31 mpls te commit # interface Tunnel2/0/0 ip address unnumbered interface LoopBack1 tunnel-protocol mpls te destination 4.4.4.9 mpls te signal-protocol static mpls te tunnel-id 3 mpls te protection tunnel 31 mode revertive wtr 2 mpls te reverse-lsp b3 mpls te reserved-for-binding mpls te commit # ospf 1 area 0.0.0.0 network 6.6.6.9 0.0.0.0 network 100.1.7.0 0.0.0.255 network 100.1.8.0 0.0.0.255 # static-lsp ingress tunnel-interface Tunnel1/0/0 destination 3.3.3.9 nexthop 10 0.1.7.1 out-label 400 static-lsp egress b31 incoming-interface GigabitEthernet1/0/0 in-label 401 lsrid 3.3.3 .9 tunnel-id 41 static-lsp ingress tunnel-interface Tunnel2/0/0 destination 4.4.4.9 nexthop 10 0.1.8.1 out-label 300 static-lsp egress b3 incoming-interface GigabitEthernet2/0/0 in-label 301 lsrid 4.4.4. 9 tunnel-id 4 # mpls oam egress lsp-name b3 mpls oam egress lsp-name b31 mpls oam ingress Tunnel1/0/0 type ffd frequency 100 mpls oam ingress enable Tunnel1/0/0 mpls oam ingress Tunnel2/0/0 type ffd frequency 100 mpls oam ingress enable Tunnel2/0/0 # tunnel-policy vll tunnel binding destination 4.4.4.9 te Tunnel2/0/0 # return l
Issue 03 (2008-09-22)
7-137
7 VPLS Configuration
7-138
Issue 03 (2008-09-22)
7 VPLS Configuration
mpls oam # mpls l2vpn # vsi v100 static pwsignal ldp vsi-id 100 peer 1.1.1.9 peer 3.3.3.9 peer 4.4.4.9 peer 5.5.5.9 tnl-policy vsi static-upe tran 500 recv 500 # mpls ldp # mpls ldp remote-peer 3.3.3.9 remote-ip 3.3.3.9 # interface GigabitEthernet3/0/0 undo shutdown ip address 100.1.6.1 255.255.255.0 ospf cost 1 mpls mpls te mpls rsvp-te # interface Pos1/0/0 link-protocol ppp undo shutdown ip address 100.1.3.2 255.255.255.0 ospf cost 1 mpls mpls ldp # interface Pos2/0/0 link-protocol ppp undo shutdown ip address 100.1.4.1 255.255.255.0 ospf cost 1 mpls mpls ldp # interface LoopBack1 ip address 2.2.2.9 255.255.255.255 # interface Tunnel3/0/0 ip address unnumbered interface LoopBack1 tunnel-protocol mpls te destination 5.5.5.9 mpls te signal-protocol static mpls te tunnel-id 2 mpls te reverse-lsp b2 mpls te reserved-for-binding mpls te commit # ospf 1 area 0.0.0.0 network 2.2.2.9 0.0.0.0 network 100.1.3.0 0.0.0.255 network 100.1.4.0 0.0.0.255 network 100.1.6.0 0.0.0.255 # static-lsp ingress tunnel-interface Tunnel3/0/0 destination 5.5.5.9 nexthop 10 0.1.6.2 out-label 101 static-lsp egress b2 incoming-interface GigabitEthernet3/0/0 in-label 100 lsrid 5.5.5. 9 tunnel-id 1 # mpls oam egress lsp-name b2
Issue 03 (2008-09-22)
7-139
7 VPLS Configuration
7-140
Issue 03 (2008-09-22)
7 VPLS Configuration
ospf 1 area 0.0.0.0 network 3.3.3.9 0.0.0.0 network 100.1.1.0 0.0.0.255 network 100.1.2.0 0.0.0.255 network 100.1.7.0 0.0.0.255 # static-lsp ingress tunnel-interface Tunnel3/0/0 destination 6.6.6.9 nexthop 10 0.1.7.2 out-label 401 static-lsp egress b41 incoming-interface GigabitEthernet3/0/0 in-label 400 lsrid 6.6.6 .9 tunnel-id 31 # mpls oam egress lsp-name b41 mpls oam ingress Tunnel3/0/0 type ffd frequency 100 mpls oam ingress enable Tunnel3/0/0 # tunnel-policy vsi tunnel binding destination 6.6.6.9 te Tunnel3/0/0 # return l
Issue 03 (2008-09-22)
7-141
7 VPLS Configuration
7-142
Issue 03 (2008-09-22)
7 VPLS Configuration
PE1
ASBR -PE1
ASBR -PE2
PE2
VLAN10
GE1/0/0.1 10.1.1.1/24
VLAN10
GE1/0/0.1 10.1.1.2/24
CE1
CE2
Configuration Roadmap
The configuration roadmap is as follows: 1. 2. 3. Configure IGP on the backbone network to ensure connectivity between ASBR-PEs and PEs. Establish MP IBGP peer relationship between the PEs and the ASBR-PEs in the same AS. Configure the VSIs on PE1, ASBR-PE1, ASBR-PE2, and PE2 and bind the VSIs to the AC interfaces.
Data Preparation
To complete the configuration, you need the following data:
l l
Data required for configuring IS-IS MPLS LSR IDs (configured as the IP addresses of the local loopback interfaces) of the PEs and the ASBR-PEs CE IDs and CE ranges IP addresses of the CE interfaces that access the PEs
l l
Configuration Procedure
1. Configure IGP for the backbone network. Configure IGP for the MPLS backbone network to implement connectivity between routers in the backbone network. In this example, IS-IS is configured. The detailed configurations are not mentioned here. Note that Loopback 1 must be enabled with IS-IS. After the configuration, the ASBR-PEs and the PEs in the same AS can establish IS-IS neighbor relationship. Run the display isis peer command, and you can view that the neighbor status is Up. In addition, the ASBR-PEs and the PEs can learn the loopback addresses from each other.
Issue 03 (2008-09-22) Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd. 7-143
7 VPLS Configuration
The ASBR-PEs and the PEs in the same AS can successfully ping Loopbakck1 interfaces of each other. Take ASBR-PE1 as an example:
<ASBR-PE1> ping 1.1.1.1 PING 1.1.1.1: 56 data bytes, press CTRL_C to break Reply from 1.1.1.1: bytes=56 Sequence=1 ttl=255 time=47 Reply from 1.1.1.1: bytes=56 Sequence=2 ttl=255 time=31 Reply from 1.1.1.1: bytes=56 Sequence=3 ttl=255 time=31 Reply from 1.1.1.1: bytes=56 Sequence=4 ttl=255 time=31 Reply from 1.1.1.1: bytes=56 Sequence=5 ttl=255 time=31 --- 1.1.1.1 ping statistics --5 packet(s) transmitted 5 packet(s) received 0.00% packet loss round-trip min/avg/max = 31/34/47 ms ms ms ms ms ms
2.
Enable MPLS and MPLS LDP and establish LSPs. Enable MPLS and MPLS LDP on the PEs and the ASBR-PEs in the same AS and establish LDP LSPs. The detailed configurations are not mentioned here. After the configuration, run the display mpls lsp command on each device, and you can view that LSPs are successfully set up between the PEs and the ASBR-PEs in the same AS. Take PE1 as an example:
<PE1> display mpls lsp ---------------------------------------------------------------------LSP Information: LDP LSP ---------------------------------------------------------------------FEC In/Out Label In/Out IF Vrf Name 1.1.1.1/32 3/NULL -/2.2.2.2/32 NULL/3 -/Pos2/0/0
3.
Configure the MP IBGP connection within the AS. # Establish the MP IBGP connection and enable BGP VPLS. # Configure PE1.
<PE1> system-view [PE1] bgp 100 [PE1-bgp] peer 2.2.2.2 as-number 100 [PE1-bgp] peer 2.2.2.2 connect-interface loopback 1 [PE1-bgp] vpls-family [PE1-bgp-af-vpls] peer 2.2.2.2 enable
# Configure ASBR-PE1.
<ASBR-PE1> system-view [ASBR-PE1] bgp 100
7-144
Issue 03 (2008-09-22)
7 VPLS Configuration
The configurations of AS200 are similar to those of AS100, and thus are not mentioned here.
After this step, run the display bgp vpls peer command on the PEs or the ASBR-PEs, and you can find that the status of the MP IBGP peer is "Established". Take PE1 as an example:
[PE1] display bgp vpls peer BGP local router ID : 1.1.1.1 Local AS number : 100 Total number of peers : 1 Peer V AS MsgRcvd 2.2.2.2 4 100 10 0
MsgSent
4.
Enable MPLS L2VPN on the PEs and the ASBR-PEs. # Configure PE1.
[PE1] mpls l2vpn
# Configure ASBR-PE1.
[ASBR-PE1] mpls l2vpn
# Configure ASBR-PE2.
[ASBR-PE2] mpls l2vpn
# Configure PE2.
[PE2] mpls l2vpn
5.
Configure VSIs on the PEs and the ASBR-PEs and bind the VSIs to the AC interfaces. # Configure PE1.
[PE1] vsi v1 auto [PE1-vsi-v1] pwsignal bgp [PE1-vsi-v1-bgp] route-distinguisher 100:1 [PE1-vsi-v1-bgp] vpn-target 1:1 import-extcommunity [PE1-vsi-v1-bgp] vpn-target 1:1 export-extcommunity [PE1-vsi-v1-bgp] site 1 range 5 default-offset 0 [PE1-vsi-v1-bgp] quit [PE1-vsi-v1] quit [PE1] interface gigabitethernet1/0/0.1 [PE1-GigabitEthernet1/0/0.1] shutdown [PE1-GigabitEthernet1/0/0.1] vlan-type dot1q 10 [PE1-GigabitEthernet1/0/0.1] l2 binding vsi v1 [PE1-GigabitEthernet1/0/0.1] undo shutdown [PE1-GigabitEthernet1/0/0.1] quit
# Configure ASBR-PE1.
[ASBR-PE1] vsi v1 auto [ASBR-PE1-vsi-v1] pwsignal bgp [ASBR-PE1-vsi-v1-bgp] route-distinguisher 100:2 [ASBR-PE1-vsi-v1-bgp] vpn-target 1:1 import-extcommunity [ASBR-PE1-vsi-v1-bgp] vpn-target 1:1 export-extcommunity [ASBR-PE1-vsi-v1-bgp] site 2 range 5 default-offset 0 [ASBR-PE1-vsi-v1-bgp] quit [ASBR-PE1-vsi-v1] quit [ASBR-PE1] interface gigabitethernet2/0/0.1 [ASBR-PE1-GigabitEthernet2/0/0.1] shutdown [ASBR-PE1-GigabitEthernet2/0/0.1] vlan-type dot1q 10 [ASBR-PE1-GigabitEthernet2/0/0.1] l2 binding vsi v1 [ASBR-PE1-GigabitEthernet2/0/0.1] undo shudown [ASBR-PE1-GigabitEthernet2/0/0.1] quit
# Configure ASBR-PE2.
Issue 03 (2008-09-22) Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd. 7-145
7 VPLS Configuration
# Configure PE2.
[PE2] vsi v1 auto [PE2-vsi-v1] pwsignal bgp [PE2-vsi-v1-bgp] route-distinguisher 200:2 [PE2-vsi-v1-bgp] vpn-target 1:1 import-extcommunity [PE2-vsi-v1-bgp] vpn-target 1:1 export-extcommunity [PE2-vsi-v1-bgp] site 2 range 5 default-offset 0 [PE2-vsi-v1-bgp] quit [PE2-vsi-v1] quit [PE2] interface gigabitethernet2/0/0.1 [PE2-GigabitEthernet2/0/0.1] shutdown [PE2-GigabitEthernet2/0/0.1] vlan-type dot1q 10 [PE2-GigabitEthernet2/0/0.1] l2 binding vsi v1 [PE2-GigabitEthernet2/0/0.1] undo shutdown [PE2-GigabitEthernet2/0/0.1] quit
6.
# Configure CE2.
[CE2] interface gigabitethernet1/0/0.1 [CE2-GigabitEthernet1/0/0.1] shutdown [CE2-GigabitEthernet1/0/0.1] vlan-type dot1q 10 [CE2-GigabitEthernet1/0/0.1] ip address 10.1.1.2 24 [CE2-GigabitEthernet1/0/0.1] undo shutdown [CE2-GigabitEthernet1/0/0.1] quit
7.
Verify the configuration. Run the display vpls connection bgp command on a PE, and you can view that the status of the VSI is Up. Take PE1 as an example:
<PE1> display vpls connection bgp verbose VSI Name: v1 **Remote Site ID : 2 VC State : up RD : 100:2 Encapsulation : vlan MTU : 1500 Peer Ip Address : 2.2.2.2 PW Type : label Local VC Label : 25602 Remote VC Label : 25601 Tunnel Policy : -Tunnel ID : 0x2002000, Remote Label Block : 25600/5/0 Export vpn target : 1:1, Signaling: bgp
7-146
Issue 03 (2008-09-22)
7 VPLS Configuration
Run the display bgp vpls all command on a PE or an ASBR PE, and you can view information about the VPLS label block of BGP. Take ASBR-PE1 as an example:
<ASBR-PE1> display bgp vpls all BGP Local Router ID : 2.2.2.2, Local AS Number : 100 Status codes : * - active, > - best BGP.VPLS : 2 Label Blocks ------------------------------------------------------------------------------Route Distinguisher: 100:1 SiteID Offset NextHop Range LabBase TunnelID FromPeer MHPref ------------------------------------------------------------------------------*> 1 0 1.1.1.1 5 25600 0x0 1.1.1.1 0 ------------------------------------------------------------------------------Route Distinguisher: 100:2 SiteID Offset NextHop Range LabBase TunnelID FromPeer MHPref ------------------------------------------------------------------------------> 2 0 0.0.0.0 5 25600 0x0 0.0.0.0 0
Configuration Files
l
Issue 03 (2008-09-22)
7-147
7 VPLS Configuration
# mpls ldp # isis 1 network-entity 10.0000.0000.0001.00 # interface GigabitEthernet1/0/0 undo shutdown # interface GigabitEthernet1/0/0.1 undo shutdown vlan-type dot1q 10 l2 binding vsi v1 # interface Pos2/0/0 link-protocol ppp undo shutdown ip address 100.1.1.1 255.255.255.252 isis enable 1 mpls mpls ldp # interface LoopBack1 ip address 1.1.1.1 255.255.255.255 isis enable 1 # bgp 100 peer 2.2.2.2 as-number 100 peer 2.2.2.2 connect-interface LoopBack1 # ipv4-family unicast undo synchronization peer 2.2.2.2 enable # vpls-family policy vpn-target peer 2.2.2.2 enable # return l
7-148
Issue 03 (2008-09-22)
7 VPLS Configuration
Issue 03 (2008-09-22)
7-149
7 VPLS Configuration
ipv4-family unicast undo synchronization peer 4.4.4.4 enable # vpls-family policy vpn-target peer 4.4.4.4 enable # return l
7-150
Issue 03 (2008-09-22)
7 VPLS Configuration
The ASBRs do not maintain information about VPLS label blocks. The PEs directly exchange information about VPLS label blocks.
PE1
ASBR -PE1
ASBR -PE2
PE2
VLAN10
GE1/0/0.1 10.1.1.1/24
VLAN10
GE1/0/0.1 10.1.1.2/24
CE1
CE2
Configuration Roadmap
The configuration roadmap is as follows: 1. 2. 3. 4. Run IGP on the backbone network to ensure the connectivity between routers in the same AS. Enable MPLS on the backbone network and establish dynamic LSPs between the PEs and the ASBR-PEs. Enable MPLS on the interfaces that connect the ASBRs. Establish IBGP peer relationship between the PEs and the ASBR PEs in the same AS. Run EBGP between the ASBR-PEs, configure the routing policy on the ASBR-PEs, and enable the capability of label allocation. Establish MP EBGP peer relationship between PE1 and PE2.
Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd. 7-151
Issue 03 (2008-09-22)
7 VPLS Configuration
5.
Create VSIs between PE1 and PE2 and configure CEs to access the VSIs on the PEs.
Data Preparation
To complete the configuration, you need the following data:
l l l l l
Data required for configuring IS-IS MPLS LSR ID of the PEs and the ASBR-PEs Name of the VSIs, RD and VPN target on the PEs AC interfaces on the PE that are bound to VSIs Routing policy on the ASBR PEs
Configuration Procedure
1. Configure IGP for the backbone network. Configure IGP on the MPLS backbone network to interconnect the PEs and the Ps on the backbone network. In this example, IS-IS is configured. The detailed configurations are not mentioned here. Note that Loopback 1 must be enabled with IS-IS. After the configuration, the ASBR-PEs and the PEs in the same AS can establish IS-IS neighbor relationship. Run the display isis peer command, and you can view that the neighbor status is Up. In addition, the ASBR-PEs and the PEs can learn the loopback addresses from each other. 2. Enable MPLS and MPLS LDP and establish LSPs. Enable MPLS and MPLS LDP on the PEs and the ASBR-PEs in the same AS and establish LDP LSPs. The detailed configurations are not mentioned here. After the configuration, run the display mpls lsp command on each router, and you can view that LSPs are successfully set up between the PEs and the ASBR-PEs in the same AS. Take PE1 as an example:
<PE1> display mpls lsp ---------------------------------------------------------------------LSP Information: LDP LSP ---------------------------------------------------------------------FEC In/Out Label In/Out IF Vrf Name 1.1.1.1/32 3/NULL -/2.2.2.2/32 NULL/3 -/Pos2/0/0
3.
Configure MP-BGP. Configure MP IBGP between PE1 and ASBR-PE1, and between PE2 and ASBR-PE2. Configure MP EBGP between ASBR-PE1 and ASBR-PE2. Advertise the route of the interface Loopback1 on the PE in the local AS to the peer ASBRPE.
NOTE
If the links between the ASBR-PEs are non-P2P links, the routes of the network segment between the ASBR-PEs must be advertised on the local ASBR-PE to the peer ASBR-PE.
# Configure PE1.
<PE1> system-view [PE1] bgp 100 [PE1-bgp] peer 2.2.2.2 as-number 100 [PE1-bgp] peer 2.2.2.2 label-route-capability
7-152
Issue 03 (2008-09-22)
7 VPLS Configuration
# Configure ASBR-PE1. For the routes received from the PE in the same AS and advertised to the peer ASBR PE, the ASBR PE allocates MPLS labels to the routes. For the labeled IPv4 routes advertised to the PE in the same AS, the ASBR PE allocates new MPLS labels to the routes.
<ASBR-PE1> system-view [ASBR-PE1] interface pos 2/0/0 [ASBR-PE1-Pos2/0/0] shutdown [ASBR-PE1-Pos2/0/0] mpls [ASBR-PE1-Pos2/0/0] undo shutdown [ASBR-PE1-Pos2/0/0] quit [ASBR-PE1] route-policy policy1 permit node 1 [ASBR-PE1-route-policy] apply mpls-label [ASBR-PE1-route-policy] quit [ASBR-PE1] route-policy policy2 permit node 1 [ASBR-PE1-route-policy] if-match mpls-label [ASBR-PE1-route-policy] apply mpls-label [ASBR-PE1-route-policy] quit [ASBR-PE1] bgp 100 [ASBR-PE1-bgp] network 1.1.1.1 32 [ASBR-PE1-bgp] peer 1.1.1.1 as-number 100 [ASBR-PE1-bgp] peer 1.1.1.1 route-policy policy2 export [ASBR-PE1-bgp] peer 1.1.1.1 label-route-capability [ASBR-PE1-bgp] peer 1.1.1.1 connect-interface loopback 1 [ASBR-PE1-bgp] peer 100.2.1.2 as-number 200 [ASBR-PE1-bgp] peer 100.2.1.2 route-policy policy1 export [ASBR-PE1-bgp] peer 100.2.1.2 label-route-capability
# Configure ASBR-PE2.
<ASBR-PE1> system-view [ASBR-PE2] interface pos 1/0/0 [ASBR-PE2-Pos1/0/0] shutdown [ASBR-PE2-Pos1/0/0] mpls [ASBR-PE2-Pos1/0/0] undo shutdown [ASBR-PE2-Pos1/0/0] quit [ASBR-PE2] route-policy policy1 permit node 1 [ASBR-PE2-route-policy] apply mpls-label [ASBR-PE2-route-policy] quit [ASBR-PE2] route-policy policy2 permit node 1 [ASBR-PE2-route-policy] if-match mpls-label [ASBR-PE2-route-policy] apply mpls-label [ASBR-PE2-route-policy] quit [ASBR-PE2] bgp 200 [ASBR-PE2-bgp] network 4.4.4.4 32 [ASBR-PE2-bgp] peer 100.2.1.1 as-number 100 [ASBR-PE2-bgp] peer 100.2.1.1 route-policy policy1 export [ASBR-PE2-bgp] peer 100.2.1.1 label-route-capability [ASBR-PE2-bgp] peer 4.4.4.4 as-number 200 [ASBR-PE2-bgp] peer 4.4.4.4 route-policy policy2 export [ASBR-PE2-bgp] peer 4.4.4.4 label-route-capability [ASBR-PE2-bgp] peer 4.4.4.4 connect-interface loopback 1
# Configure PE2.
[PE2] bgp [PE2-bgp] [PE2-bgp] [PE2-bgp] 200 peer 3.3.3.3 as-number 200 peer 3.3.3.3 label-route-capability peer 3.3.3.3 connect-interface loopback 1
After the configuration, run the display bgp peer command on the ASBR. You can view that the status of the IBGP sessions between the PE and the ASBR PE in the same AS and the status of the EBGP sessions between the ASBR PEs are "Established".
<ASBR-PE1> display bgp peer BGP local router ID : 2.2.2.2 Local AS number : 100 Total number of peers : 2 Peers in established state : 2 Peer V AS MsgRcvd MsgSent OutQ Up/Down State PrefRcv 1.1.1.1 4 100 111 128 0 00:34:24 Established 0
Issue 03 (2008-09-22)
7-153
7 VPLS Configuration
100.2.1.2 4 200 75 89
Run the display tunnel-info all command on the ASBR-PEs, and you can view that the tunnel with the type as "mpls local ifnet" is established. Take ASBR-PE1 as an example:
<ASBR-PE1> display tunnel-info all * -> Allocated VC Token Tunnel ID Type Destination Token ---------------------------------------------------------------------0x66002001 mpls local ifnet -1 0x6002007 lsp 1.1.1.1 7
4.
Establish EBGP peer relationship between PE1 and PE2. To exchange information about VPLS label blocks between PE1 and PE2, enable the BGP peer in the BGP VPLS address family view. # Configure PE1.
[PE1] bgp 100 [PE1-bgp] peer 4.4.4.4 [PE1-bgp] peer 4.4.4.4 [PE1-bgp] peer 4.4.4.4 [PE1-bgp] vpls-family [PE1-bgp-af-vpls] peer as-number 200 ebgp-max-hop 255 connect-interface loopback 1 4.4.4.4 enable
# Configure PE2.
[PE2] bgp 200 [PE2-bgp] peer 1.1.1.1 [PE2-bgp] peer 1.1.1.1 [PE2-bgp] peer 1.1.1.1 [PE2-bgp] vpls-family [PE2-bgp-af-vpls] peer as-number 100 ebgp-max-hop 255 connect-interface loopback 1 1.1.1.1 enable
After the configuration, run the display bgp vpls peer command on PE1 or PE2, and you can view that the status of the EBGP peer relationship is "Established". Take PE1 as an example:
<PE1> display bgp vpls peer BGP local router ID : 1.1.1.1 Local AS number : 100 Total number of peers : 1 Peer V AS MsgRcvd 4.4.4.4 4 200 74
MsgSent 66
Peers in established state : 1 OutQ Up/Down State PrefRcv 0 00: 46:06 Established 1
Run the display tunnel-info all command on the PEs, and you can view that an inter-AS tunnel is established. Take PE1 as an example:
<PE1> display tunnel-info all * -> Allocated VC Token Tunnel ID Type Destination Token ---------------------------------------------------------------------0x6002015 lsp 2.2.2.2 21 0x6002024 lsp 4.4.4.4 36
5.
Configure VSIs on the PEs and configure the CEs to access the VISs. Enable MPLS L2VPN on the PEs, configure VSIs on the PEs, and bind the VSIs to the AC interfaces. Configure the IP addresses of the same network segment on the CE1 access interfaces and the CE2 access interfaces. # Configure PE1.
[PE1] vsi v1 auto [PE1-vsi-v1] pwsignal bgp [PE1-vsi-v1-bgp] route-distinguisher 100:1 [PE1-vsi-v1-bgp] vpn-target 1:1 import-extcommunity [PE1-vsi-v1-bgp] vpn-target 1:1 export-extcommunity [PE1-vsi-v1-bgp] site 1 range 5 default-offset 0 [PE1-vsi-v1-bgp] quit
7-154
Issue 03 (2008-09-22)
7 VPLS Configuration
# Configure PE2.
[PE2] vsi v1 auto [PE2-vsi-v1] pwsignal bgp [PE2-vsi-v1-bgp] route-distinguisher 200:1 [PE2-vsi-v1-bgp] vpn-target 1:1 import-extcommunity [PE2-vsi-v1-bgp] vpn-target 1:1 export-extcommunity [PE2-vsi-v1-bgp] site 2 range 5 default-offset 0 [PE2-vsi-v1-bgp] quit [PE2-vsi-v1] quit [PE2] interface gigabitethernet2/0/0.1 [PE2-GigabitEthernet2/0/0.1] shutdown [PE2-GigabitEthernet2/0/0.1] vlan-type dot1q 10 [PE2-GigabitEthernet2/0/0.1] l2 binding vsi v1 [PE2-GigabitEthernet2/0/0.1] undo shutdown [PE2-GigabitEthernet2/0/0.1] quit
# Configure CE1.
[CE1] interface gigabitethernet1/0/0.1 [CE1-GigabitEthernet1/0/0.1] shutdown [CE1-GigabitEthernet1/0/0.1] vlan-type dot1q 10 [CE1-GigabitEthernet1/0/0.1] ip address 10.1.1.1 24 [CE1-GigabitEthernet1/0/0.1] undo shutdown [CE1-GigabitEthernet1/0/0.1] quit
# Configure CE2.
[CE2] interface gigabitethernet1/0/0.1 [CE2-GigabitEthernet1/0/0.1] shutdown [CE2-GigabitEthernet1/0/0.1] vlan-type dot1q 10 [CE2-GigabitEthernet1/0/0.1] ip address 10.1.1.2 24 [CE2-GigabitEthernet1/0/0.1] undo shutdown [CE2-GigabitEthernet1/0/0.1] quit
6.
Verify the configuration. Run the display vsi verbose command on the PEs, and you can view that the VSI status is Up, the status of the PW to the peer PE is Up, and the tunnel of the PW is the established inter-AS LSP. Take PE1 as an example:
<PE1> display vsi name v1 verbose ***VSI Name : v1 Administrator VSI : no Isolate Spoken : disable VSI Index : 0 PW Signaling : bgp Member Discovery Style : auto PW MAC Learn Style : unqualify Encapsulation Type : vlan MTU : 1500 Mode : uniform Service Class : -Color : -DomainId : 0 Domain Name : VSI State : up BGP RD : 100:1 SiteID/Range/Offset : 1/5/0 Import vpn target : 1:1, Export vpn target : 1:1, Remote Label Block : 25600/5/0, Local Label Block : 25600/5/0,
Issue 03 (2008-09-22)
7-155
7 VPLS Configuration
Interface Name State **PW Information: *Peer Ip Address PW State Local VC Label Remote VC Label PW Type Tunnel ID
Run the display vpls connection bgp command on a PE, and you can view that the VC status of the BGP VPLS is Up.
<PE1> display vpls connection bgp verbose VSI Name: v1 **Remote Site ID : 2 VC State : up RD : 200:1 Encapsulation : vlan MTU : 1500 Peer Ip Address : 4.4.4.4 PW Type : label Local VC Label : 25602 Remote VC Label : 25601 Tunnel Policy : -Tunnel ID : 0x2002001, Remote Label Block : 25600/5/0 Export vpn target : 1:1, Signaling: bgp
Configuration Files
l
7-156
Issue 03 (2008-09-22)
7 VPLS Configuration
Issue 03 (2008-09-22)
7-157
7 VPLS Configuration
7-158
Issue 03 (2008-09-22)
7 VPLS Configuration
Issue 03 (2008-09-22)
7-159
7 VPLS Configuration
peer 3.3.3.3 enable peer 3.3.3.3 label-route-capability # vpls-family policy vpn-target peer 1.1.1.1 enable # return l
AS 100
Loopback1 1.1.1.9/32 POS2/0/0 100.1.1.1/24 Loopback1 2.2.2.9/32 Loopback1 3.3.3.9/32 GE2/0/0.1 GE1/0/0.1
AS 200
Loopback1 4.4.4.9/32
PE1
ASBR -PE1
ASBR -PE2
PE2
GE1/0/0.1 10.1.1.1/24
GE1/0/0.1 10.1.1.2/24
CE1
CE2
Configuration Roadmap
The configuration roadmap is as follows:
7-160 Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd. Issue 03 (2008-09-22)
7 VPLS Configuration
1. 2.
Run an IGP protocol on the MPLS backbone network so that the routers in the same AS can communicate with each other. Configure the MPLS capability on the backbone network and establish dynamic LSPs between PEs and ASBR-PEs in the same AS. Establish a remote LDP session if PEs and ASBR PEs are not directly connected. Establish VPLS connections between PEs and ASBR PEs in the same AS.
3.
Data Preparation
To complete the configuration, you need the following data:
l l l l
IS-IS data IP address of the remote peer MPLS LSR IDs on PEs and ASBR PEs VSI ID
Configuration Procedure
1. Configure IGP on the MPLS backbone network. PEs and ASBR PEs on the backbone network can communicate with each other by using IGP. In this example, IS-IS is used as IGP and the configuration procedure is not mentioned. After the configuration, IS-IS neighbor relationship is established between ASBR PEs and PEs in the same AS. Run the display isis peer command, and you can view that the status of IS-IS neighbors is Up, and the PEs can learn loopback addresses from each other. Take PE1 as an example:
<PE1> display isis peer Peer information for ISIS(1) ---------------------------System Id Interface Circuit Id State HoldTime Type 0000.0000.0002 P2/0/0 0000000002 Up 23s L1L2 Total Peer(s): 1 PRI --
ASBR PEs and PEs in the same AS can ping through each other. Take PE1 as an example:
<PE1> ping 2.2.2.9 PING 2.2.2.9: 56 data bytes, press CTRL_C to break Reply from 2.2.2.9: bytes=56 Sequence=1 ttl=255 time=180 ms Reply from 2.2.2.9: bytes=56 Sequence=2 ttl=255 time=90 ms Reply from 2.2.2.9: bytes=56 Sequence=3 ttl=255 time=60 ms Reply from 2.2.2.9: bytes=56 Sequence=4 ttl=255 time=60 ms Reply from 2.2.2.9: bytes=56 Sequence=5 ttl=255 time=100 ms --- 2.2.2.9 ping statistics --5 packet(s) transmitted 5 packet(s) received 0.00% packet loss round-trip min/avg/max = 60/98/180 ms
2.
Enable MPLS and configure dynamic LSPs. Configure the MPLS capability on the MPLS backbone network. Establish a dynamic LDP LSP between the PE and ASBR PE in the same AS. After this step, an LSP tunnel is established between the PE and ASBR PE in the same AS. Take ASBR-PE1 as an example:
<ASBR-PE1> display mpls ldp session
Issue 03 (2008-09-22)
7-161
7 VPLS Configuration
3.
# Configure PE2.
[PE2] mpls l2vpn
# Configure ASBR-PE1.
[ASBR-PE1] mpls l2vpn
# Configure ASBR-PE2.
[ASBR-PE2] mpls l2vpn
4.
Bind VSIs to related interfaces. Configure VSIs on PEs and ASBR PEs respectively and bind the VSIs to the related interfaces. # Configure PE1.
[PE1] vsi a1 static [PE1-vsi-a1] pwsignal ldp [PE1-vsi-a1-ldp] vsi-id 2 [PE1-vsi-a1-ldp] peer 2.2.2.9 [PE1-vsi-a1-ldp] quit [PE1-vsi-a1] quit [PE1] interface gigabitethernet 1/0/0.1 [PE1-GigabitEthernet1/0/0.1] shutdown [PE1-GigabitEthernet1/0/0.1] vlan-type dot1q 10 [PE1-GigabitEthernet1/0/0.1] l2 binding vsi a1 [PE1-GigabitEthernet1/0/0.1] undo shutdown [PE1-GigabitEthernet1/0/0.1] quit
# Configure ASBR-PE1.
[ASBR-PE1] vsi a1 static [ASBR-PE1-vsi-a1] pwsignal ldp [ASBR-PE1-vsi-a1-ldp] vsi-id 2 [ASBR-PE1-vsi-a1-ldp] peer 1.1.1.9 [ASBR-PE1-vsi-a1-ldp] quit [ASBR-PE1-vsi-a1] quit [ASBR-PE1] interface gigabitethernet 2/0/0.1 [ASBR-PE1-GigabitEthernet2/0/0.1] shutdown [ASBR-PE1-GigabitEthernet2/0/0.1] vlan-type dot1q 10 [ASBR-PE1-GigabitEthernet2/0/0.1] l2 binding vsi a1 [ASBR-PE1-GigabitEthernet2/0/0.1] undo shutdown [ASBR-PE1-GigabitEthernet2/0/0.1] quit
# Configure ASBR-PE2.
[ASBR-PE2] vsi a1 static [ASBR-PE2-vsi-a1] pwsignal ldp [ASBR-PE2-vsi-a1-ldp] vsi-id 3 [ASBR-PE2-vsi-a1-ldp] peer 4.4.4.9 [ASBR-PE2-vsi-a1-ldp] quit [ASBR-PE2-vsi-a1] quit [ASBR-PE2] interface gigabitethernet 1/0/0.1 [ASBR-PE2-GigabitEthernet1/0/0.1] shutdown [ASBR-PE2-GigabitEthernet1/0/0.1] vlan-type dot1q 10
7-162
Issue 03 (2008-09-22)
7 VPLS Configuration
# Configure PE2.
[PE2] vsi a1 static [PE2-vsi-a1] pwsignal ldp [PE2-vsi-a1-ldp] vsi-id 3 [PE2-vsi-a1-ldp] peer 3.3.3.9 [PE2-vsi-a1-ldp] quit [PE2-vsi-a1] quit [PE2] interface gigabitethernet 2/0/0.1 [PE2-GigabitEthernet2/0/0.1] shutdown [PE2-GigabitEthernet2/0/0.1] vlan-type dot1q 10 [PE2-GigabitEthernet2/0/0.1] l2 binding vsi a1 [PE2-GigabitEthernet2/0/0.1] undo shutdown [PE2-GigabitEthernet2/0/0.1] quit
5.
# Configure CE2.
[CE2] interface gigabitethernet 1/0/0.1 [CE2-GigabitEthernet1/0/0.1] shutdown [CE2-GigabitEthernet1/0/0.1] vlan-type dot1q 10 [CE2-GigabitEthernet1/0/0.1] ip address 10.1.1.2 24 [CE2-GigabitEthernet1/0/0.1] undo shutdown [CE2-GigabitEthernet1/0/0.1] quit
6.
Verify the configuration. After the configuration, run the display vsi name verbose command on PE1. You can view that the VSI named a1 establishes a PW to PE2 and the VSI status is Up.
<PE1> display vsi name a1 verbose ***VSI Name : a1 Administrator VSI : no Isolate Spoken : disable VSI Index : 0 PW Signaling : ldp Member Discovery Style : static PW MAC Learn Style : unqualify Encapsulation Type : vlan MTU : 1500 Mode : uniform Service Class : -Color : -DomainId : 0 Domain Name : VSI State : up VSI ID : 2 *Peer Router ID : 2.2.2.9 VC Label : 23552 Peer Type : dynamic Session : up Tunnel ID : 0x2002000, Interface Name : GigabitEthernet1/0/0.1 State : up **PW Information: *Peer Ip Address : 2.2.2.9 PW State : up Local VC Label : 23552 Remote VC Label : 23552 PW Type : label
Issue 03 (2008-09-22)
7-163
7 VPLS Configuration
Tunnel ID : 0x2002000,
CE1 and CE2 can ping through each other. Take CE1 as an example:
<CE1> ping 10.1.1.2 PING 10.1.1.2: 56 data bytes, press CTRL_C to break Reply from 10.1.1.2: bytes=56 Sequence=1 ttl=255 time=172 Reply from 10.1.1.2: bytes=56 Sequence=2 ttl=255 time=156 Reply from 10.1.1.2: bytes=56 Sequence=3 ttl=255 time=156 Reply from 10.1.1.2: bytes=56 Sequence=4 ttl=255 time=156 Reply from 10.1.1.2: bytes=56 Sequence=5 ttl=255 time=156 --- 10.1.1.2 ping statistics --5 packet(s) transmitted 5 packet(s) received 0.00% packet loss round-trip min/avg/max = 156/159/172 ms ms ms ms ms ms
Configuration Files
l
7-164
Issue 03 (2008-09-22)
7 VPLS Configuration
Issue 03 (2008-09-22)
7-165
7 VPLS Configuration
interface GigabitEthernet1/0/0.1 undo shutdown vlan-type dot1q 10 l2 binding vsi a1 # interface Pos2/0/0 link-protocol ppp undo shutdown ip address 200.1.1.1 255.255.255.0 isis enable 1 mpls mpls ldp # interface LoopBack1 ip address 3.3.3.9 255.255.255.255 isis enable 1 # return l
7-166
Issue 03 (2008-09-22)
7 VPLS Configuration
PE1
ASBR -PE1
ASBR -PE2
PE2
GE1/0/0.1 10.1.1.1/24
GE1/0/0.1 10.1.1.2/24
CE1
CE2
Configuration Roadmap
The configuration roadmap is as follows: 1. 2. 3. 4. 5. 6. Run an IGP protocol on the MPLS backbone network so that the routers in the same AS can communicate with each other. Enable MPLS on the backbone network and establish a dynamic LSP tunnel between the PE and the ASBR. Establish IBGP peers between PEs and ASBRs in the same AS and configure the EBGP protocol between ASBR PEs. Configure routing policies on ASBR PEs and enable the labeled route function. Establish MPLS LDP remote peers between PE1 and PE2. Establish a VPLS connection between PE1 and PE2.
Data Preparation
To complete the configuration, you need the following data:
Issue 03 (2008-09-22) Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd. 7-167
7 VPLS Configuration
l l l
IS-IS data IP addresses of peers (IP addresses of the loopback interfaces on the peers) MPLS LSR IDs of the PE and the ASBR PE (IP addresses of the loopback interfaces on the local device) VSI ID Routing policies applied to ASBR PEs IP addresses of the interfaces through which CEs access PEs (IP addresses of the interfaces through which PEs access CEs are not required.)
l l l
Configuration Procedure
1. Configure IGP on the MPLS backbone network. PEs and Ps on the backbone network can communicate with each other by using IGP. The IS-IS protocol is used as IGP in this example. The configuration procedure is not mentioned here. Note that IS-IS must be enabled on the loopback interfaces. After the configuration, IS-IS peers are established between ASBR PEs and PEs in the same AS. Run the display isis peer command, and you can view that the status of the peers is Up. ASBRs and PEs can learn the loopback addresses of each other. Take PE1 as an example:
<PE1> display isis peer Peer information for ISIS(1) ---------------------------System Id Interface Circuit Id State HoldTime Type PRI 0000.0000.0002 P2/0/0 0000000002 Up 25s L1L2 -Total Peer(s): 1 <PE1> display ip routing-table Route Flags: R - relied, D - download to fib -----------------------------------------------------------------------------Routing Tables: Public Destinations : 7 Routes : 7 Destination/Mask Proto Pre Cost Flags NextHop Interface 1.1.1.9/32 Direct 0 0 D 127.0.0.1 InLoopBack0 2.2.2.9/32 ISIS 15 10 D 100.1.1.2 Pos2/0/0 100.1.1.0/24 Direct 0 0 D 100.1.1.1 Pos2/0/0 100.1.1.1/32 Direct 0 0 D 127.0.0.1 InLoopBack0 100.1.1.2/32 Direct 0 0 D 100.1.1.2 Pos2/0/0 127.0.0.0/8 Direct 0 0 D 127.0.0.1 InLoopBack0 127.0.0.1/32 Direct 0 0 D 127.0.0.1 InLoopBack0
The ASBR and the PE in the same AS can ping through each other's Loopback1 address. Take ASBR-PE1 as an example:
<ASBR-PE1> ping 1.1.1.9 PING 1.1.1.9: 56 data bytes, press CTRL_C to break Reply from 1.1.1.9: bytes=56 Sequence=1 ttl=255 time=47 Reply from 1.1.1.9: bytes=56 Sequence=2 ttl=255 time=31 Reply from 1.1.1.9: bytes=56 Sequence=3 ttl=255 time=31 Reply from 1.1.1.9: bytes=56 Sequence=4 ttl=255 time=31 Reply from 1.1.1.9: bytes=56 Sequence=5 ttl=255 time=31 --- 1.1.1.9 ping statistics --5 packet(s) transmitted 5 packet(s) received 0.00% packet loss round-trip min/avg/max = 31/34/47 ms ms ms ms ms ms
2.
Enable MPLS and establish LSPs. Enable MPLS and establish LDP LSPs on ASBR PEs and PEs in the same AS. The configuration procedure is not mentioned here.
7-168
Issue 03 (2008-09-22)
7 VPLS Configuration
After the configuration, LDP peers are established between PEs and ASBR PEs in the same AS. Run the display mpls ldp session command, and you can view that the item "Session State" is displayed as "Operational". Take PE1 as an example:
<PE1> display mpls ldp session LDP Session(s) in Public Network -----------------------------------------------------------------------------Peer-ID Status LAM SsnRole SsnAge KA-Sent/Rcv -----------------------------------------------------------------------------2.2.2.9:0 Operational DU Passive 000:00:01 7/7 -----------------------------------------------------------------------------TOTAL: 1 session(s) Found. LAM : Label Advertisement Mode SsnAge Unit : DDD:HH:MM
3.
Configure MP-BGP. Configure MP-IBGP between PE1 and ASBR-PE1, and between PE2 and ASBR-PE2. Configure MP-EBGP between ASBR-PE1 and ASBR-PE2. Loopback1 route of the PE in the same AS must be advertised to the peer ASBR PE. # Configure PE1.
[PE1] bgp [PE1-bgp] [PE1-bgp] [PE1-bgp] [PE1-bgp] 100 peer 2.2.2.9 as-number 100 peer 2.2.2.9 label-route-capability peer 2.2.2.9 connect-interface LoopBack1 quit
# Configure ASBR-PE1. For the routes received from the PE in the same AS and advertised to the peer ASBR PE, the ASBR PE allocates MPLS labels to the routes. For the labeled IPv4 routes advertised to the PE in the same AS, the ASBR PE allocates new MPLS labels to the routes.
[ASBR-PE1] interface pos 2/0/0 [ASBR-PE1-Pos2/0/0] shutdown [ASBR-PE1-Pos2/0/0] mpls [ASBR-PE1-Pos2/0/0] undo shutdown [ASBR-PE1-Pos2/0/0] quit [ASBR-PE1] route-policy policy1 permit node 1 [ASBR-PE1-route-policy] if-match mpls-label [ASBR-PE1-route-policy] apply mpls-label [ASBR-PE1-route-policy] quit [ASBR-PE1] route-policy policy2 permit node 1 [ASBR-PE1-route-policy] apply mpls-label [ASBR-PE1-route-policy] quit [ASBR-PE1] bgp 100 [ASBR-PE1-bgp] network 1.1.1.9 32 [ASBR-PE1-bgp] peer 1.1.1.9 as-number 100 [ASBR-PE1-bgp] peer 1.1.1.9 route-policy policy1 export [ASBR-PE1-bgp] peer 1.1.1.9 label-route-capability [ASBR-PE1-bgp] peer 1.1.1.9 connect-interface loopback1 [ASBR-PE1-bgp] peer 100.1.2.2 as-number 200 [ASBR-PE1-bgp] peer 100.1.2.2 route-policy policy2 export [ASBR-PE1-bgp] peer 100.1.2.2 label-route-capability [ASBR-PE1-bgp] quit
# Configure ASBR-PE2. For the routes received from the PE in the same AS and advertised to the peer ASBR PE, the ASBR PE allocates MPLS labels to the routes. For the labeled IPv4 routes advertised to the PE in the same AS, the ASBR PE allocates new MPLS labels to the routes.
[ASBR-PE2] interface pos 1/0/0 [ASBR-PE2-Pos1/0/0] shutdown [ASBR-PE2-Pos1/0/0] mpls
Issue 03 (2008-09-22)
7-169
7 VPLS Configuration
# Configure PE2.
[PE2] bgp [PE2-bgp] [PE2-bgp] [PE2-bgp] [PE2-bgp] 200 peer 3.3.3.9 as-number 200 peer 3.3.3.9 label-route-capability peer 3.3.3.9 connect-interface loopback1 quit
After the configuration, run the display bgp peer command on the ASBR. You can view that the status of the IBGP sessions between the PE and the ASBR PE in the same AS and the status of the EBGP sessions between the ASBR PEs are "Established". Take ASBRPE1 as an example:
<ASBR-PE1> display bgp peer BGP local router ID : 2.2.2.9 Local AS number : 100 Total number of peers : 2 Peer V AS MsgRcvd 1.1.1.9 4 100 10 100.1.2.2 4 200 3 <ASBR-PE1>
MsgSent 11 4
Peers in established state : 2 OutQ Up/Down State PrefRcv 0 00:06:51 Established 0 0 00:00:43 Established 1
4.
Establish remote LDP sessions between PE1 and PE2. # Configure PE1.
[PE1] mpls ldp remote-peer 4.4.4.9 [PE1-mpls-ldp-remote-4.4.4.9] remote-ip 4.4.4.9 [PE1-mpls-ldp-remote-4.4.4.9] quit
# Configure PE2.
[PE2] mpls ldp remote-peer 1.1.1.9 [PE2-mpls-ldp-remote-1.1.1.9] remote-ip 1.1.1.9 [PE2-mpls-ldp-remote-1.1.1.9] quit
After the configuration, LDP peers are established between the PE and the ASBR in different ASs. Run the display mpls ldp session command on a PE, and you can view that the item "Session State" is displayed as "Operational". Take PE1 as an example:
<PE1> display mpls ldp session LDP Session(s) in Public Network -----------------------------------------------------------------------------Peer-ID Status LAM SsnRole SsnAge KA-Sent/Rcv -----------------------------------------------------------------------------2.2.2.9:0 Operational DU Passive 000:00:31 125/125 4.4.4.9:0 Operational DU Passive 000:00:05 21/21 ------------------------------------------------------------------------------
7-170
Issue 03 (2008-09-22)
7 VPLS Configuration
5.
# Configure PE2.
[PE2] mpls l2vpn
6.
Bind VSIs to related interfaces. Configure VSIs on PEs and bind the VSIs to the related interfaces. # Configure PE1.
[PE1] vsi a1 static [PE1-vsi-a1] pwsignal ldp [PE1-vsi-a1-ldp] vsi-id 2 [PE1-vsi-a1-ldp] peer 4.4.4.9 [PE1-vsi-a1-ldp] quit [PE1-vsi-a1] quit [PE1] interface gigabitethernet 1/0/0.1 [PE1-GigabitEthernet1/0/0.1] shutdown [PE1-GigabitEthernet1/0/0.1] vlan-type dot1q 10 [PE1-GigabitEthernet1/0/0.1] l2 binding vsi a1 [PE1-GigabitEthernet1/0/0.1] undo shutdown [PE1-GigabitEthernet1/0/0.1] quit
# Configure PE2.
[PE2] vsi a1 static [PE2-vsi-a1] pwsignal ldp [PE2-vsi-a1-ldp] vsi-id 2 [PE2-vsi-a1-ldp] peer 1.1.1.9 [PE2-vsi-a1-ldp] quit [PE2-vsi-a1] quit [PE2] interface gigabitethernet 2/0/0.1 [PE2-GigabitEthernet2/0/0.1] shutdown [PE2-GigabitEthernet2/0/0.1] vlan-type dot1q 10 [PE2-GigabitEthernet2/0/0.1] l2 binding vsi a1 [PE2-GigabitEthernet2/0/0.1] undo shutdown [PE2-GigabitEthernet2/0/0.1] quit
7.
# Configure CE2.
[CE2] interface gigabitethernet 1/0/0.1 [CE2-GigabitEthernet1/0/0.1] shutdown [CE2-GigabitEthernet1/0/0.1] vlan-type dot1q 10 [CE2-GigabitEthernet1/0/0.1] ip address 10.1.1.2 24 [CE2-GigabitEthernet1/0/0.1] undo shutdown [CE2-GigabitEthernet1/0/0.1] quit
8.
Verify the configuration. After the configuration, run the display vsi name verbose command on PE1. You can view that the VSI named a1 establishes a PW to PE2 and the VSI status is Up.
<PE1> display vsi name a1 verbose ***VSI Name : a1 Administrator VSI : no Isolate Spoken : disable VSI Index : 0
Issue 03 (2008-09-22)
7-171
7 VPLS Configuration
PW Signaling Member Discovery Style PW MAC Learn Style Encapsulation Type MTU Mode Service Class Color DomainId Domain Name VSI State VSI ID *Peer Router ID VC Label Peer Type Session Tunnel ID Interface Name State **PW Information: *Peer Ip Address PW State Local VC Label Remote VC Label PW Type Tunnel ID : : : : : : : : : : : : : : : : : : : : : : : : : ldp static unqualify vlan 1500 uniform --0
up 2 4.4.4.9 23552 dynamic up 0x2002001, GigabitEthernet1/0/0.1 up 4.4.4.9 up 23552 23552 label 0x2002001,
CE1 and CE2 can ping through each other. Take CE1 as an example:
<CE1> ping 10.1.1.2 PING 10.1.1.2: 56 data bytes, press CTRL_C to break Reply from 10.1.1.2: bytes=56 Sequence=1 ttl=255 time=172 Reply from 10.1.1.2: bytes=56 Sequence=2 ttl=255 time=156 Reply from 10.1.1.2: bytes=56 Sequence=3 ttl=255 time=156 Reply from 10.1.1.2: bytes=56 Sequence=4 ttl=255 time=156 Reply from 10.1.1.2: bytes=56 Sequence=5 ttl=255 time=156 --- 10.1.1.2 ping statistics --5 packet(s) transmitted 5 packet(s) received 0.00% packet loss round-trip min/avg/max = 156/159/172 ms ms ms ms ms ms
Configuration Files
l
7-172
Issue 03 (2008-09-22)
7 VPLS Configuration
Issue 03 (2008-09-22)
7-173
7 VPLS Configuration
7-174
Issue 03 (2008-09-22)
7 VPLS Configuration
Issue 03 (2008-09-22)
7-175
7 VPLS Configuration
undo shutdown vlan-type dot1q 10 ip address 10.1.1.2 255.255.255.0 # return
PE1
GE1/0/0
PE2
RR
GE2/0/0
VLAN10 VLAN10
Vlanif10 10.1.1.1/24 GE1/0/0 GE2/0/0 GE1/0/0 10.1.1.2/24
CE2 CE1
Configuration Roadmap
The configuration roadmap is as follows: 1. 2. 3. 4. 5. Run IGP on the backbone network to enable PE1, RR, and PE2 to communicate. Establish an LSP tunnel between PE1 and PE2, and between RR and PE2 respectively. Establish MP IBGP peer relationship between PE1 and RR, and between PE2 and RR respectively. Configure route reflection on RR. Configure VSIs on PE1, RR, and PE2 and bind the VSIs to the interfaces on the AC side. Increase the multi-homed preference of the VSI on PE1 to enable BGP to preferentially select the label block of this VSI.
Data Preparation
To complete the configuration, you need the following data:
7-176 Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd. Issue 03 (2008-09-22)
7 VPLS Configuration
IS-IS data MPLS LSR IDs of PE1, RR, and PE2 (IP addresses of the loopback interfaces on the local device) CE ID and CE range IP addresses of the AC interfaces on CEs (IP addresses of the AC interfaces on PEs are not required.)
l l
Configuration Procedure
1. Configure IGP on the MPLS backbone network. PE1, RR, and PE2 on the backbone network can communicate by using IGP. The IS-IS protocol is used as IGP in this example. The configuration procedure is not mentioned here. Note that IS-IS must be enabled on Loopback1. After the configuration, PE1, RR, and PE2 can learn loopback addresses from each other. Take PE1 as an example:
<PE1> display ip routing-table Route Flags: R - relied, D - download to fib -----------------------------------------------------------------------------Routing Tables: Public Destinations : 9 Routes : 9 Destination/Mask Proto Pre Cost Flags NextHop Interface 1.1.1.1/32 Direct 0 0 D 127.0.0.1 InLoopBack0 2.2.2.2/32 ISIS 15 10 D 100.1.1.2 Pos2/0/0 3.3.3.3/32 ISIS 15 20 D 100.1.1.2 Pos2/0/0 100.1.1.0/30 Direct 0 0 D 100.1.1.1 Pos2/0/0 100.1.1.1/32 Direct 0 0 D 127.0.0.1 InLoopBack0 100.1.1.2/32 Direct 0 0 D 100.1.1.2 Pos2/0/0 100.2.1.0/30 ISIS 15 20 D 100.1.1.2 Pos2/0/0 127.0.0.0/8 Direct 0 0 D 127.0.0.1 InLoopBack0 127.0.0.1/32 Direct 0 0 D 127.0.0.1 InLoopBack0
PE1, RR, and PE2 can ping through each other's Loopback1 address. 2. Enable MPLS and MPLS LDP, and establish tunnels. Enable MPLS and MPLS LDP on PE1, RR, PE2, the interfaces through which PE1 is connected to RR, and the interfaces through which RR is connected to PE2 to establish LSPs. The configuration procedure is not mentioned here. After the configuration, run the display mpls lsp command on each device. You can view that LSPs exist between each pair of routers. Take PE1 as an example:
<PE1> display mpls lsp ---------------------------------------------------------------------LSP Information: LDP LSP ---------------------------------------------------------------------FEC In/Out Label In/Out IF Vrf Name 1.1.1.1/32 3/NULL -/2.2.2.2/32 NULL/3 -/P2/0/0 3.3.3.3/32 NULL/1025 -/P2/0/0
3.
Configure MP EBGP connections. # Establish the MP IBGP connection and enable BGP VPLS. # Configure PE1.
<PE1> system-view [PE1] bgp 100
Issue 03 (2008-09-22)
7-177
7 VPLS Configuration
# Configure RR.
<RR> system-view [RR] bgp 100 [RR-bgp] peer 1.1.1.1 [RR-bgp] peer 3.3.3.3 [RR-bgp] peer 1.1.1.1 [RR-bgp] peer 3.3.3.3 [RR-bgp] vpls-family [RR-bgp-af-vpls] peer [RR-bgp-af-vpls] peer as-number 100 as-number 100 connect-interface loopback 1 connect-interface loopback 1 1.1.1.1 enable 3.3.3.3 enable
# Configure PE2.
<PE2> system-view [PE2] bgp 100 [PE2-bgp] peer 2.2.2.2 as-number 100 [PE2-bgp] peer 2.2.2.2 connect-interface loopback 1 [PE2-bgp] vpls-family [PE2-bgp-af-vpls] peer 2.2.2.2 enable
After this step, run the display bgp vpls peer command on the PEs or RR. You can view that the status of the MP IBGP peers is "Established". Take RR as an example:
<RR> display bgp vpls peer BGP local router ID : 2.2.2.2 Local AS number : 100 Total number of peers : 2 Peer V AS MsgRcvd 1.1.1.1 4 100 8 3.3.3.3 4 100 7
MsgSent 8 8
Peers in established state : 2 OutQ Up/Down State PrefRcv 0 00:05:30 Established 0 0 00:04:13 Established 0
4.
5.
# Configure RR.
[RR] mpls l2vpn
# Configure PE2.
[PE2] mpls l2vpn
6.
Configure VSIs on PE1, RR, and PE2 and bind the VSIs to VLANIF interfaces. # Configure PE1.
[PE1] vsi v1 auto [PE1-vsi-v1] pwsignal bgp [PE1-vsi-v1-bgp] route-distinguisher 100:1 [PE1-vsi-v1-bgp] vpn-target 1:1 import-extcommunity [PE1-vsi-v1-bgp] vpn-target 1:1 export-extcommunity [PE1-vsi-v1-bgp] site 1 range 5 default-offset 0 [PE1-vsi-v1-bgp] quit [PE1-vsi-v1] quit [PE1] interface gigabitethernet1/0/0 [PE1-GigabitEthernet1/0/0] shutdown
7-178
Issue 03 (2008-09-22)
7 VPLS Configuration
# Configure RR.
[RR] vsi v1 auto [RR-vsi-v1] pwsignal bgp [RR-vsi-v1-bgp] route-distinguisher 100:1 [RR-vsi-v1-bgp] vpn-target 1:1 import-extcommunity [RR-vsi-v1-bgp] vpn-target 1:1 export-extcommunity [RR-vsi-v1-bgp] site 1 range 5 default-offset 0 [RR-vsi-v1-bgp] quit [RR-vsi-v1] quit [RR] interface gigabitethernet3/0/0 [RR-GigabitEthernet3/0/0] shutdown [RR-GigabitEthernet3/0/0] portswitch [RR-GigabitEthernet3/0/0] undo shutdown [RR-GigabitEthernet3/0/0] quit [RR] vlan 10 [RR-vlan10] port gigabitethernet3/0/0 [RR-vlan10] quit [RR] interface vlanif 10 [RR-Vlanif10] shutdown [RR-Vlanif10] l2 binding vsi v1 [RR-Vlanif10] undo shutdown [RR-Vlanif10] quit
# Configure PE2.
[PE2] vsi v1 auto [PE2-vsi-v1] pwsignal bgp [PE2-vsi-v1-bgp] route-distinguisher 100:2 [PE2-vsi-v1-bgp] vpn-target 1:1 import-extcommunity [PE2-vsi-v1-bgp] vpn-target 1:1 export-extcommunity [PE2-vsi-v1-bgp] site 2 range 5 default-offset 0 [PE2-vsi-v1-bgp] quit [PE2-vsi-v1] quit [PE2] interface gigabitethernet2/0/0 [PE2-GigabitEthernet2/0/0] shutdown [PE2-GigabitEthernet2/0/0] portswitch [PE2-GigabitEthernet2/0/0] undo shutdown [PE2-GigabitEthernet2/0/0] quit [PE2] vlan 10 [PE2-vlan10] port gigabitethernet2/0/0 [PE2-vlan10] quit [PE2] interface vlanif 10 [PE2-Vlanif10] shutdown [PE2-Vlanif10] l2 binding vsi v1 [PE2-Vlanif10] undo shutdown [PE2-Vlanif10] quit
After the configuration, run the display bgp vpls all command on PEs or RR. You can view information about the local and remote label blocks of the VPLS. RR preferentially selects the local label block.
<RR> display bgp vpls all BGP Local Router ID : 2.2.2.2, Local AS Number : 100 Status codes : * - active, > - best BGP.VPLS : 3 Label Blocks ------------------------------------------------------------------------------Route Distinguisher: 100:1 SiteID Offset NextHop Range LabBase TunnelID FromPeer MHPref
Issue 03 (2008-09-22)
7-179
7 VPLS Configuration
7.
Modify the multi-homed preference of the VSI. # Increase the multi-homed preference of the VSI on PE1 to enable BGP to preferentially select the label block advertised by PE1.
[PE1] vsi v1 [PE1-vsi-v1] multi-homing-preference 10
After the configuration, run the display bgp vpls all command on RR. You can view that RR preferentially selects the label block advertised by PE1.
<RR> display bgp vpls all BGP Local Router ID : 2.2.2.2, Local AS Number : 100 Status codes : * - active, > - best BGP.VPLS : 3 Label Blocks ------------------------------------------------------------------------------Route Distinguisher: 100:1 SiteID Offset NextHop Range LabBase TunnelID FromPeer MHPref ------------------------------------------------------------------------------1 0 0.0.0.0 5 25600 0x0 0.0.0.0 0 *> 1 0 1.1.1.1 5 25600 0x0 1.1.1.1 10 ------------------------------------------------------------------------------Route Distinguisher: 100:2 SiteID Offset NextHop Range LabBase TunnelID FromPeer MHPref ------------------------------------------------------------------------------*> 2 0 3.3.3.3 5 25600 0x0 3.3.3.3 0
Run the display bgp vpls all command on PE2, and you can view that the remote label block of PE2 is advertised by PE1.
<PE2> display bgp vpls all BGP Local Router ID : 3.3.3.3, Local AS Number : 100 Status codes : * - active, > - best BGP.VPLS : 2 Label Blocks ------------------------------------------------------------------------------Route Distinguisher: 100:1 SiteID Offset NextHop Range LabBase TunnelID FromPeer MHPref ------------------------------------------------------------------------------*> 1 0 1.1.1.1 5 25600 0x0 2.2.2.2 10 ------------------------------------------------------------------------------Route Distinguisher: 100:2 SiteID Offset NextHop Range LabBase TunnelID FromPeer MHPref ------------------------------------------------------------------------------> 2 0 0.0.0.0 5 25600 0x0 0.0.0.0 0
8.
7-180
Issue 03 (2008-09-22)
7 VPLS Configuration
# Configure CE2.
[CE2] interface gigabitethernet1/0/0 [CE2-GigabitEthernet1/0/0] shutdown [CE2-GigabitEthernet1/0/0] portswitch [CE2-GigabitEthernet1/0/0] undo shutdown [CE2-GigabitEthernet1/0/0] quit [CE2] vlan 10 [CE2-vlan10] port gigabitethernet1/0/0 [CE2-vlan10] quit [CE2] interface vlanif 10 [CE2-Vlanif10] shutdown [CE2-Vlanif10] ip address 10.1.1.1 24 [CE2-Vlanif10] undo shutdown [CE2-Vlanif10] quit
9.
Verify the configuration. Run the display vpls connection bgp command on PE1 and RR to view information about VPLS connections, and you can view that the VC status on PE1 is Up.
<PE1> display vpls connection bgp verbose VSI Name: v1 **Remote Site ID : 2 VC State : up RD : 100:2 Encapsulation : vlan MTU : 1500 Peer Ip Address : 3.3.3.3 PW Type : label Local VC Label : 25602 Remote VC Label : 25601 Tunnel Policy : -Tunnel ID : 0x2002001, Remote Label Block : 25600/5/0 Export vpn target : 1:1, Signaling: bgp
This indicates that PE1 is the active PE and RR is the standby PE. Run the ping command on CEs, and you can find that CE1 and CE2 can ping through each other.
<CE1> ping 10.1.1.2 PING 10.1.1.2: 56 data bytes, press CTRL_C to break Reply from 10.1.1.2: bytes=56 Sequence=1 ttl=255 time=90 Reply from 10.1.1.2: bytes=56 Sequence=2 ttl=255 time=77 Reply from 10.1.1.2: bytes=56 Sequence=3 ttl=255 time=34 Reply from 10.1.1.2: bytes=56 Sequence=4 ttl=255 time=46 Reply from 10.1.1.2: bytes=56 Sequence=5 ttl=255 time=94 --- 10.1.1.2 ping statistics --5 packet(s) transmitted 5 packet(s) received 0.00% packet loss ms ms ms ms ms
Issue 03 (2008-09-22)
7-181
7 VPLS Configuration
round-trip min/avg/max = 34/68/94 ms
Configuration Files
l
7-182
Issue 03 (2008-09-22)
7 VPLS Configuration
Configuration file of RR
# sysname RR # vlan batch 10 # mpls lsr-id 2.2.2.2 mpls # mpls l2vpn # vsi v1 auto pwsignal bgp route-distinguisher 100:1 vpn-target 1:1 import-extcommunity vpn-target 1:1 export-extcommunity site 1 range 5 default-offset 0 # mpls ldp # isis 1 network-entity 10.0000.0000.0002.00 # interface Vlanif10 undo shutdown l2 binding vsi v1 # interface GigabitEthernet3/0/0 undo shutdown portswitch port default vlan 10 # interface Pos1/0/0 link-protocol ppp undo shutdown ip address 100.1.1.2 255.255.255.252 isis enable 1 mpls mpls ldp # interface Pos2/0/0 link-protocol ppp undo shutdown ip address 100.2.1.1 255.255.255.252 isis enable 1 mpls mpls ldp # interface LoopBack1 ip address 2.2.2.2 255.255.255.255 isis enable 1 # bgp 100 peer 1.1.1.1 as-number 100
Issue 03 (2008-09-22)
7-183
7 VPLS Configuration
peer 3.3.3.3 as-number 100 peer 1.1.1.1 connect-interface LoopBack1 peer 3.3.3.3 connect-interface LoopBack1 # ipv4-family unicast undo synchronization peer 1.1.1.1 enable peer 3.3.3.3 enable # vpls-family undo policy vpn-target reflector cluster-id 100 peer 1.1.1.1 reflect-client peer 1.1.1.1 enable peer 3.3.3.3 reflect-client peer 3.3.3.3 enable # return l
7-184
Issue 03 (2008-09-22)
7 VPLS Configuration
POS3/0/0 100.2.4.1/30
POS3/0/0 100.1.3.2/30
POS3/0/0 100.1.3.1/30
PE1
PE2
CE1
CE2
Issue 03 (2008-09-22)
7-185
7 VPLS Configuration
Configuration Roadmap
The configuration roadmap is as follows: 1. 2. 3. 4. 5. Use MPLS LSPs as public network tunnels. Establish MP IBGP connections between PEs and RRs (no MP IBGP connection needs to be established between PEs). RR1 and RR2 back up each other. Configure the same reflector ID for RR1 and RR2. RR1 and RR2 need to store information about all the VPLS labels to advertise it to PEs. Thus, configure RR1 and RR2 not to filter VPLS label blocks based on VPN targets. Configure VSIs on PEs and connect the PEs to CEs.
NOTE
In the VPLS with two reflectors, the two reflection paths cannot share the same network segment or node (excluding the PE nodes on both ends); otherwise, it is meaningless to configure two reflectors.
Data Preparation
To complete the configuration, you need the following data:
l l
Names, RDs, and VPN targets of the VPN instances created on PE1 and PE2 VSI names
Configuration Procedure
1. Configure IGP on the MPLS backbone network to enable the devices on LSPs to communicate with each other. In this example, IS-IS is used as IGP and the configuration procedure is not mentioned.
NOTE
After the configuration, the devices along the LSP can learn loopback interface addresses from each other. Take PE1 as an example:
<PE1> display ip routing-table Routing Tables: Public Destinations : 14 Destination/Mask Proto Pre 1.1.1.9/32 Direct 0 2.2.2.9/32 ISIS 15 3.3.3.9/32 ISIS 15 4.4.4.9/32 ISIS 15 ISIS 15 100.1.2.0/24 Direct 0 100.1.2.1/32 Direct 0 100.1.2.2/32 Direct 0 100.1.3.0/24 Direct 0 100.1.3.1/32 Direct 0 100.1.3.2/32 Direct 0 100.2.4.0/24 ISIS 15 100.3.4.0/24 ISIS 15 127.0.0.0/8 Direct 0 127.0.0.1/32 Direct 0 Routes : 15 Cost NextHop 0 127.0.0.1 20 100.1.2.2 20 100.1.3.2 30 100.1.3.2 30 100.1.2.2 0 100.1.2.1 0 127.0.0.1 0 100.1.2.2 0 100.1.3.1 0 127.0.0.1 0 100.1.3.2 20 100.1.2.2 20 100.1.3.2 0 127.0.0.1 0 127.0.0.1
Interface InLoopBack0 Pos1/0/0 Pos3/0/0 Pos3/0/0 Pos1/0/0 Pos1/0/0 InLoopBack0 Pos1/0/0 Pos3/0/0 InLoopBack0 Pos3/0/0 Pos1/0/0 Pos3/0/0 InLoopBack0 InLoopBack0
2.
Establish LSPs on the MPLS backbone network. Enable MPLS and MPLS LDP on the devices and interfaces, which LSPs pass through. The configuration procedure is not mentioned here.
7-186
Issue 03 (2008-09-22)
7 VPLS Configuration
After the configuration, run the display mpls lsp command on each PE and RR. You can view the LSPs of each PE and RR. Take PE1 and RR1 as an example:
<PE1> display mpls lsp ---------------------------------------------------------------------LSP Information: LDP LSP ---------------------------------------------------------------------FEC In/Out Label In/Out IF Vrf Name 1.1.1.9/32 3/NULL -/2.2.2.9/32 NULL/3 -/P1/0/0 4.4.4.9/32 NULL/1025 -/P1/0/0 2.2.2.9/32 1024/3 -/P1/0/0 3.3.3.9/32 1028/3 -/P3/0/0 3.3.3.9/32 NULL/3 -/P3/0/0 4.4.4.9/32 NULL/1027 -/P3/0/0 <RR1> display mpls lsp ---------------------------------------------------------------------LSP Information: LDP LSP ---------------------------------------------------------------------FEC In/Out Label In/Out IF Vrf Name 1.1.1.9/32 NULL/3 -/P1/0/0 2.2.2.9/32 3/NULL -/3.3.3.9/32 NULL/1028 -/P1/0/0 1.1.1.9/32 1024/3 -/P1/0/0 4.4.4.9/32 1025/3 -/P3/0/0 4.4.4.9/32 NULL/3 -/P3/0/0 3.3.3.9/32 NULL/1026 -/P3/0/0
3.
Establish MP IBGP peer relationship between PEs and RRs. # Establish the MP IBGP connection and enable BGP VPLS. # Configure PE1.
<PE1> system-view [PE1] bgp 100 [PE1-bgp] peer 2.2.2.9 [PE1-bgp] peer 2.2.2.9 [PE1-bgp] peer 3.3.3.9 [PE1-bgp] peer 3.3.3.9 [PE1-bgp] vpls-family [PE1-bgp-af-vpls] peer [PE1-bgp-af-vpls] peer as-number 100 connect-interface loopback 1 as-number 100 connect-interface loopback 1 2.2.2.9 enable 3.3.3.9 enable
# Configure RR1.
<RR1> system-view [RR1] bgp 100 [RR1-bgp] group rr1 internal [RR1-bgp] peer rr1 connect-interface loopback 1 [RR1-bgp] vpls-family [RR1-bgp-af-vpls] peer rr1 enable [RR1-bgp-af-vpls] peer 1.1.1.9 group rr1 [RR1-bgp-af-vpls] peer 4.4.4.9 group rr1
# Configure RR2.
<RR2> system-view [RR2] bgp 100 [RR2-bgp] group rr2 internal [RR2-bgp] peer rr2 connect-interface loopback 1 [RR2-bgp] vpls-family [RR2-bgp-af-vpls] peer rr2 enable [RR2-bgp-af-vpls] peer 1.1.1.9 group rr2 [RR2-bgp-af-vpls] peer 4.4.4.9 group rr2
# Configure PE2.
<PE22> system-view [PE2] bgp 100 [PE2-bgp] peer 2.2.2.9 as-number 100 [PE2-bgp] peer 2.2.2.9 connect-interface loopback 1
Issue 03 (2008-09-22)
7-187
7 VPLS Configuration
[PE2-bgp] peer 3.3.3.9 [PE2-bgp] peer 3.3.3.9 [PE2-bgp] vpls-family [PE2-bgp-af-vpls] peer [PE2-bgp-af-vpls] peer
After this step, run the display bgp vpls peer command on PEs or run the display bgp vpls group group-name command on RRs. You can view that MP BGP connections are established between PEs and RRs. Take PE1 and RR1 as an example:
<PE1> display bgp vpls peer BGP local router ID : 1.1.1.9 Local AS number : 100 Total number of peers : 2 Peers in established state : 2 Peer V AS MsgRcvd MsgSent OutQ Up/Down State PrefRcv 2.2.2.9 4 100 6 6 0 00:03:50 Established 0 3.3.3.9 4 100 4 5 0 00:01:05 Established 0 <RR1> display bgp vpls group rr1 BGP peer-group: rr1 Remote AS 100 Type : internal Configured hold timer value: 180 Keepalive timer value: 60 Minimum route advertisement interval is 15 seconds Connect-interface has been configured PeerSession Members: NONE It's route-reflector-client Peer Preferred Value: 0 No routing policy is configured Peer Members: Peer V AS MsgRcvd MsgSent OutQ Up/Down State PrefRcv 1.1.1.9 4 100 7 8 0 00:04:33 Established 0 4.4.4.9 4 100 3 3 0 00:00:52 Established 0
4.
Configure route reflection on RR1 and RR2. # Reflectors need to store information about all L2VPN labels to advertise it to clients. Thus, configure RR1 and RR2 not to filter L2VPN label blocks based on VPN targets. # Configure RR1.
[RR1] bgp 100 [RR1-bgp] vpls-family [RR1-bgp-af-vpls] reflector cluster-id 100 [RR1-bgp-af-vpls] peer rr1 reflect-client [RR1-bgp-af-vpls] undo policy vpn-target
# Configure RR2.
[RR2] bgp 100 [RR2-bgp] vpls-family [RR2-bgp-af-vpls] reflector cluster-id 100 [RR2-bgp-af-vpls] peer rr2 reflect-client [RR2-bgp-af-vpls] undo policy vpn-target
5.
Configure VSIs on PEs and bind the VSIs to the interfaces on the AC side. On CE1 and CE2, configure IP addresses in the same network segment for the interfaces through which CE1 and CE2 access the PEs. # Configure PE1.
[PE1] vsi v1 auto [PE1-vsi-v1] pwsignal bgp [PE1-vsi-v1-bgp] route-distinguisher 100:1 [PE1-vsi-v1-bgp] vpn-target 1:1 import-extcommunity [PE1-vsi-v1-bgp] vpn-target 1:1 export-extcommunity [PE1-vsi-v1-bgp] site 1 range 5 default-offset 0 [PE1-vsi-v1-bgp] quit [PE1-vsi-v1] quit [PE1] interface gigabitethernet2/0/0.1
7-188
Issue 03 (2008-09-22)
7 VPLS Configuration
# Configure PE2.
[PE2] vsi v1 auto [PE2-vsi-v1] pwsignal bgp [PE2-vsi-v1-bgp] route-distinguisher 100:2 [PE2-vsi-v1-bgp] vpn-target 1:1 import-extcommunity [PE2-vsi-v1-bgp] vpn-target 1:1 export-extcommunity [PE2-vsi-v1-bgp] site 2 range 5 default-offset 0 [PE2-vsi-v1-bgp] quit [PE2-vsi-v1] quit [PE2] interface gigabitethernet2/0/0.1 [PE2-GigabitEthernet2/0/0.1] shutdown [PE2-GigabitEthernet2/0/0.1] vlan-type dot1q 10 [PE2-GigabitEthernet2/0/0.1] l2 binding vsi v1 [PE2-GigabitEthernet2/0/0.1] undo shutdown [PE2-GigabitEthernet2/0/0.1] quit
# Configure CE1.
[CE1] interface gigabitethernet1/0/0.1 [CE1-GigabitEthernet1/0/0.1] shutdown [CE1-GigabitEthernet1/0/0.1] vlan-type dot1q 10 [CE1-GigabitEthernet1/0/0.1] ip address 10.1.1.1 24 [CE1-GigabitEthernet1/0/0.1] undo shutdown
# Configure CE2.
[CE2] interface gigabitethernet1/0/0.1 [CE2-GigabitEthernet1/0/0.1] shutdown [CE2-GigabitEthernet1/0/0.1] vlan-type dot1q 10 [CE2-GigabitEthernet1/0/0.1] ip address 10.1.1.2 24 [CE2-GigabitEthernet1/0/0.1] undo shutdown [CE2-GigabitEthernet1/0/0.1] quit
6.
Verify the configuration. Check VSI information on PE1, and you can view that the VSI status is Up. The PW to the remote PE is also Up. Take PE1 as an example:
<PE1> display vsi name v1 verbose ***VSI Name : v1 Administrator VSI : no Isolate Spoken : disable VSI Index : 0 PW Signaling : bgp Member Discovery Style : auto PW MAC Learn Style : unqualify Encapsulation Type : vlan MTU : 1500 Mode : uniform Service Class : -Color : -DomainId : 0 Domain Name : VSI State : up BGP RD : 100:1 SiteID/Range/Offset : 1/5/0 Import vpn target : 1:1, Export vpn target : 1:1, Remote Label Block : 25600/5/0, Local Label Block : 25600/5/0, Interface Name : GigabitEthernet2/0/0.1 State : up **PW Information: *Peer Ip Address : 4.4.4.9 PW State : up
Issue 03 (2008-09-22)
7-189
7 VPLS Configuration
Local VC Label Remote VC Label PW Type Tunnel ID : : : : 25602 25601 label 0x3002004,
CE1 and CE2 can ping through each other. This indicates that reflectors are successfully configured.
<CE1> ping 10.1.1.2 PING 10.1.1.2: 56 data bytes, press CTRL_C to break Reply from 10.1.1.2: bytes=56 Sequence=1 ttl=255 time=90 Reply from 10.1.1.2: bytes=56 Sequence=2 ttl=255 time=77 Reply from 10.1.1.2: bytes=56 Sequence=3 ttl=255 time=34 Reply from 10.1.1.2: bytes=56 Sequence=4 ttl=255 time=46 Reply from 10.1.1.2: bytes=56 Sequence=5 ttl=255 time=94 --- 10.1.1.2 ping statistics --5 packet(s) transmitted 5 packet(s) received 0.00% packet loss round-trip min/avg/max = 34/68/94 ms ms ms ms ms ms
After the shutdown command is run in the view of POS 3/0/0 on PE1 or POS 3/0/0 on PE2, CE1 and CE2 still can ping through each other. This indicates that the two reflectors are successfully configured. Run the display bgp vpls route-distinguisher route-distinguisher site-id site-id labeloffset default- offset command on PEs or RRs, and you can view the BGP attributes of label blocks, such as the AS-path attribute. Take PE1 as an example:
<PE1> display bgp vpls route-distinguisher 100:1 site-id 1 label-offset 0 BGP Local Router ID : 1.1.1.9, Local AS Number : 100 Status codes: * - active, > - best BGP VPLS Label Block Information of 100:1(RD)/1(SiteID)/0(Offset) ------------------------------------------------------------------------------Basic Info: NextHop=0.0.0.0, Range=5, (*)Best Label Base=25600(Received)/0(Applied), Tunnel ID=0x0 Advertise Info: FromPeer=0.0.0.0, Last Message Type=UNREACH RibOutNum=0, InTobeUpdateNum=0 Layer-2 Encap Info: MTU=1500, EncapType=VLAN, CtrlFlag=0x0, Reserved=0 Path Attribute Info: Pointer=0x7a138f0, RefCount=1, Attribute Flag=0x0 MED=0, LocalPref=0 Origin=0, OriginatorID=0x0 -------------------------------------------------------------------------------
Configuration Files
l
7-190
Issue 03 (2008-09-22)
7 VPLS Configuration
Issue 03 (2008-09-22)
7-191
7 VPLS Configuration
undo shutdown ip address 100.2.4.1 255.255.255.252 mpls mpls ldp # interface LoopBack1 ip address 2.2.2.9 255.255.255.255 # bgp 100 peer 4.4.4.9 as-number 100 peer 1.1.1.9 as-number 100 group rr1 internal peer rr1 connect-interface LoopBack1 # ipv4-family unicast undo synchronization undo peer 4.4.4.9 enable undo peer 1.1.1.9 enable peer rr1 enable # vpls-family reflector cluster-id 100 undo policy vpn-target peer rr1 enable peer rr1 reflect-client peer 1.1.1.9 enable peer 1.1.1.9 group rr1 peer 4.4.4.9 enable peer 4.4.4.9 group rr1 # ospf 1 area 0.0.0.0 network 100.1.2.0 0.0.0.3 network 100.2.4.0 0.0.0.3 network 2.2.2.9 0.0.0.0 # return l
7-192
Issue 03 (2008-09-22)
7 VPLS Configuration
Issue 03 (2008-09-22)
7-193
7 VPLS Configuration
peer 3.3.3.9 as-number 100 peer 3.3.3.9 connect-interface LoopBack1 # ipv4-family unicast undo synchronization peer 2.2.2.9 enable peer 3.3.3.9 enable # vpls-family policy vpn-target peer 2.2.2.9 enable peer 3.3.3.9 enable # ospf 1 area 0.0.0.0 network 4.4.4.9 0.0.0.0 network 100.3.4.0 0.0.0.3 network 100.2.4.0 0.0.0.3 # return l
7-194
Issue 03 (2008-09-22)
Issue 03 (2008-09-22)
8-1
8.1 Overview
This section describes the background and scenarios of the access of L2VPN to L3VPN. 8.1.1 L2VPN to L3VPN 8.1.2 Access of L2VPN to L3VPN Implemented on the NE80E/40E
CE1
CE2
In a traditional network, a Provider Edge Aggregation (PE-AGG) and a Network Provider Edge (NPE) are required to connect the access network to the bearer network. Then, L2VPN can access the public network or L3VPN. As shown in Figure 8-1, the User Provider Edge (UPE) devices are responsible for accessing user sites by creating an L2VPN tunnel between the access network and PE-AGG. The PE-AGG terminates L2VPN and connects to the other NPE. L3VPN is set up between the NPE and other common PEs on the bearer network of the carrier. As a CE of L2VPN, NPE connects to the PEAGG. For the L3VPN on the bearer network, CE1 accesses the L3VPN through the leased line emulated by L2VPN.
8-2
Issue 03 (2008-09-22)
Figure 8-2 Networking diagram of connection from L2VPN to L3VPN supported by the
Bearer network Access network
N
NPE L3VPN
PE
UPE
VP L2
CE1
CE2
If an NPE device can provide the functions of both PE-AGG and NPE devices, it helps lower the networking cost and simplify the network. As shown in Figure 8-2, the NE80E/40E functions as an NPE, and it is connected to and terminates the L2VPN and L3VPN on a same device by creating a Virtual Ethernet group (VE-group). Therefore, the NE80E/40E realizes the functionalities of both PE-AGG and NPE devices on traditional network. In a VE-group, the VE interface used to terminate L2VPN is called Layer 2 Virtual Ethernet (L2VE), and that used to terminate L3VPN is called Layer 3 Virtual Ethernet (L3VE).
Issue 03 (2008-09-22)
8-3
Configuring an L2VPN to Access Multiple L3VPNs Through Sub-interfaces for QinQ VLAN Tag Termination
QinQ is an IEEE 802.1Q-based Layer 2 tunnel protocol, and packets transmitted through QinQ have two layers of 802.1Q tag headers. QinQ helps distinguish diverse services of different users. For the NE80E/40E, the data of different users is sent to the desired L2VPN according to the outer VLAN tags. When the packets with two layers of tags reach L3VE through L2VPN, the carrier can use the L3VE sub-interface to terminate the QinQ user packets with specified inner tags. Therefore, services of different types can access their target L3VPN on bearer network through different L3VE sub-interfaces. In this manner, carriers provide appropriate quality for different services on the bearer network, and make full use of the network resources. Users can obtain Differentiated Services (DS).
8-4
Issue 03 (2008-09-22)
UPE
UPE
CE
Pre-configuration Tasks
Before configuring a VLL to access an L3VPN, complete the following tasks:
l
Connecting the interfaces and configuring their physical parameters so as to make their physical layer Up Enabling IGP on the MPLS access network to implement IP connectivity Enabling MPLS L2VPN on UPEs and NPEs Creating L2VPN tunnels between UPEs and NPEs Creating LDP sessions between NPEs and UPEs Creating remote LDP sessions if NPEs and UPEs are not connected directly Enabling an IGP on the MPLS bearer network to realize IP connectivity Configuring the basic functions of L3VPN on NPEs
l l l l l l l
Data Preparation
To configure a VLL to access an L3VPN, you need the following data. No. 1 2 3 Data VE interface number VE-group number Destination IP address of the L2VC, VC ID and VC Type
Issue 03 (2008-09-22)
8-5
Procedure
Step 1 Run:
system-view
A VE1 interface is created and the VE1 interface view is displayed. Step 3 Run:
ve-group ve-group-id l2-terminate
The VE1 interface is set to an L2VE interface that terminates VLL, and it is bound to a VEgroup. ----End
Procedure
Step 1 Run:
system-view
A VE 2 interface is created and the VE2 interface view is displayed. Step 3 Run:
ve-group ve-group-id l3-access
The VE2 interface is set to an L3VE interface that accesses the MPLS L3VPN, and it is bound to a VE-Group.
NOTE
A VLL cannot function well unless the L3VE and the L2VE interfaces are bound to the same VE-group. In addition, the L2VE and L3VE interfaces in a VE-group cannot be on different boards.
----End
8-6 Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd. Issue 03 (2008-09-22)
Procedure
Step 1 Run:
system-view
A Martini VLL is created. The tunnel policy for a Martini VLL defaults to LSPs and only one LSP is used for load balancing. If a tunnel of other types is needed, you can specify tunnel-policy policy-name to obtain the tunnel policy. To create a Martini VLL, you need to specify the IP address and VC ID of the destination PE. The VC IDs of PEs at both ends of the VC must be consistent. The VC type of the VLL for VE interfaces defaults to Ethernet. If the AC interfaces on the peer PE are Ethernet sub-interfaces, you need to specify tagged to change the local VC type to VLAN, or specify raw on the Ethernet sub-interfaces of the peer PE to change the peer VC type to Ethernet. The VC types for PEs at both ends of the VLL must be consistent. When the AC interfaces on the peer PE are of other types, you can specify ip-interworking on the local PE to enable IP-interworking of Martini VLLs. ----End
Procedure
l
Issue 03 (2008-09-22)
1.
Run:
system-view
An IP address is configured for the L3VE interface. Configure a routing protocol on the NPEs to exchange routes with the CE device on the MPLS L2VPN network. For more information, refer to the Quidway NetEngine80E/40E Router Configuration Guide - IP Routing. l Configuring a User to Access the MPLS L3VPN Network 1. Run:
system-view
----End
Run the display virtual-ethernet ve-group command. You can view the VE interfaces in a VEgroup. For example:
8-8 Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd. Issue 03 (2008-09-22)
<Quidway> display virtual-ethernet ve-group Ve-groupID L2VE L3VE 1 Virtual-Ethernet2/0/0 Virtual-Ethernet2/0/1 Total 1, 1 printed
Run the display mpls l2vc command for the Martini VLL. You can view that the VC State is up and the "Client Interface" is a VE interface. For example:
<Quidway> display mpls l2vc Total ldp vc : 1 1 up 0 down *Client Interface : Virtual-ethernet2/0/0 Session State : up AC Status : up VC State : up VC ID : 101 VC Type : ethernet Destination : 3.3.3.9 local VC label : 140288 remote VC label : 140292 control word : disable forwarding entry : not exist local group ID : 0 manual fault : not set active state : active link state : up local VC MTU : 1500 remote VC MTU : 1500 tunnel policy name : lsp traffic behavior name: -PW template name : -primary or secondary : primary create time : 0 days, 0 hours, 30 minutes, 18 seconds up time : 0 days, 0 hours, 0 minutes, 0 seconds last change time : 0 days, 0 hours, 30 minutes, 18 seconds
network 2 in Figure 8-4. The NPE works as PE at upper layer and UPEs as PE at lower layer. Therefore, the logical connections between PEs are reduced. Figure 8-4 Networking diagram of VPLS accessing L3VPN
CE CE
CE
Pre-configuration Tasks
Before configuring a VPLS to access an L3VPN, complete the following tasks:
l
Connecting the interfaces and configuring their physical parameters so as to make their physical layer Up Enabling IGP on the MPLS access network to realize IP connectivity Creating full-mesh VPLS between UPEs and NPEs Enabling IGP on the MPLS bearer network to realize IP connectivity Configuring the basic functions of L3VPN on NPEs
l l l l
Data Preparation
To configure a VPLS to access an L3VPN, you need the following data. No. 1 2 3
8-10
No. 4
Procedure
Step 1 Run:
system-view
A VE1 interface is created and the VE1 interface view is displayed. Step 3 Run:
ve-group ve-group-id l2-terminate
The VE1 interface is set to an L2VE interface that terminates VLL, and it is bound to a VEgroup. ----End
Procedure
Step 1 Run:
system-view
A VE 2 interface is created and the VE2 interface view is displayed. Step 3 Run:
ve-group ve-group-id l3-access
The VE2 interface is set to an L3VE interface that accesses the MPLS L3VPN, and it is bound to a VE-Group.
Issue 03 (2008-09-22) Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd. 8-11
A VLL cannot function well unless the L3VE and the L2VE interfaces are bound to the same VE-group. In addition, the L2VE and L3VE interfaces in a VE-group cannot be on different boards.
----End
Procedure
Step 1 Run:
system-view
The product supports the binding of L2VE interface to a VSI instance of Martini VPLS. For more on configurations of Martini VPLS, see "VPLS Configurations".
----End
Procedure
l Configuring the Users to Access the Public Network Do as follows on NPEs. 1. Run:
system-view
8-12
Issue 03 (2008-09-22)
The IP address is configured. Configure the routing protocol on the NPEs to exchange routes with the CE device on the MPLS L2VPN network. For details, refer to the Quidway NetEngine80E/ 40E Router Configuration Guide - IP Route. l Configuring the Users to Access an MPLS L3VPN Do as follows on NPEs. 1. Run:
system-view
----End
Run the display virtual-ethernet ve-group command. You can view the VE interfaces in the VE-group. For example:
<Quidway> display virtual-ethernet ve-group Ve-groupID L2VE L3VE 1 Virtual-Ethernet2/0/0 Virtual-Ethernet2/0/1 Total 1, 1 printed
Issue 03 (2008-09-22)
8-13
Run the display vsi [ name vsi-name ] [ verbose ] command. You can view that the "VSI State" is Up; if the parameter is verbose, the "Interface Name" is "Virtual-Ethernet". For example:
<Quidway> display vsi name *** VSI Name Administrator VSI Isolate Spoken VSI Index PW Signaling Member Discovery Style PW MAC Learn Style Encapulation Type MTU Diffserv Mode Service Class Color DomainId Domain Name VSI State VSI ID *Peer Router ID VC Label Session Tunnel ID Interface Name State *Peer Ip Address PW State Local VC Label Remote VC Label PW Type Tunnel ID vsi1 verbose : vsi1 : no : disable : 0 : ldp : static : unqualify : ethernet : 1500 : uniform : -: -: 255 : : up : 2 : 3.3.3.9 : 17408 : up : 0x6002001, : Virtual-Ethernet2/0/0 : up : 3.3.3.9 : up : 17408 : 17408 : label : 0x6002001,
8.4 Configuring an L2VPN to Access Multiple L3VPNs Through Sub-interfaces for QinQ VLAN Tag Termination
This section describes how to configure the access of L2VPN to L3VPN through terminating L3VE sub-interfaces by QinQ; that is, the inner VLAN tag is used to identify the packets of users, and to send the packets to the desired L3VPN. 8.4.1 Establishing the Configuration Task 8.4.2 Creating an L2VE Interface 8.4.3 Creating an L3VE Interface 8.4.4 Setting the L3VE Interface to User Termination Mode 8.4.5 Creating the L3VE Sub-interface Terminated by QinQ 8.4.6 Associating the L3VE Sub-interface Terminated by QinQ with an L3VPN Instance 8.4.7 Binding the L2VE to VLL or VPLS 8.4.8 Checking the Configuration
and proper outer VLAN tags for different users. The inner and outer VLAN tags of different types help services access the relevant MPLS L3VPNs on the bearer network through the L2VPN on the access network, so the carrier can allocate the network resources on the bearer network according to service types. This gives full play to the network resources of the carrier, and proper QoS can be guaranteed for different services. Figure 8-5 Networking diagram of configuring an L2VPN to access multiple L3VPNs through sub-interfaces for QinQ VLAN tag termination
CE3 NPE Bearer network MPLS L3VPN CE4 VPN2 PE VPN1
Access network
UPE
VLAN100
VLAN10 CE1
VLAN20 CE2
Logical link between CE and NPE VLL tunnel L3VPN tunnel VPN1 VPN2
Pre-configuration Task
To configure an L2VPN to access multiple L3VPNs through sub-interfaces for QinQ VLAN tag termination, complete the following tasks:
l
Connecting the interfaces and configuring their physical parameters so as to make their physical layer Up Enabling IGP on the MPLS access network to realize IP connectivity Creating VPLS or VLL between UPEs and NPEs Enabling IGP on the MPLS bearer network to realize IP connectivity Configuring the basic functions of L3VPN on NPEs
l l l l
Data Preparations
To configure an L2VPN to access multiple L3VPNs through sub-interfaces for QinQ VLAN tag termination, you need the following data.
Issue 03 (2008-09-22) Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd. 8-15
No. 1 2 3
Data VE interface number VE-group number Value range of the inner tag in the QinQ packet terminated at the VE sub-interface
Procedure
Step 1 Run:
system-view
A VE1 interface is created and the VE1 interface view is displayed. Step 3 Run:
ve-group ve-group-id l2-terminate
The VE1 interface is set to an L2VE interface that terminates VLL, and it is bound to a VEgroup. ----End
Procedure
Step 1 Run:
system-view
Step 3 Run:
ve-group ve-group-id l3-access
The VE2 interface is set to an L3VE interface that accesses the MPLS L3VPN, and it is bound to a VE-Group.
NOTE
A VLL cannot function well unless the L3VE and the L2VE interfaces are bound to the same VE-group. In addition, the L2VE and L3VE interfaces in a VE-group cannot be on different boards.
----End
Procedure
Step 1 Run:
system-view
The L3VE interface is set to user termination mode. Bind the VE interfaces to a VE-group and set them to L3VE before configuring the user termination mode. ----End
Procedure
Step 1 Run:
system-view
Issue 03 (2008-09-22)
8-17
A L3VE sub-interface is created the sub-interface view is displayed. You can create sub-interfaces only on the L3VE interface that operates in user termination mode. Step 3 Run:
qinq termination ce-vid low-ce-vid [ to high-ce-vid ] [ vlan-group group-id ]
The QinQ termination is configured for the L3VE sub-interface. When the L3VE sub-interface receives packets with double tags from users, it will terminate the packets whose inner tag is in the range specified by the CE-vid. Step 4 Run:
arp broadcast enable
The ARP broadcast function is enabled for the sub-interface for QinQ VLAN tag termination. When you enable or disable the ARP broadcast function on a termination sub-interface, the routing status of the sub-interface becomes Down and then Up. This may result in a flapping of routes on the entire network, affecting the normal operation of services. ----End
8.4.6 Associating the L3VE Sub-interface Terminated by QinQ with an L3VPN Instance
Context
Do as follows on NPEs.
Procedure
Step 1 Run:
system-view
----End
8-18 Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd. Issue 03 (2008-09-22)
Run the display virtual-ethernet ve-group command. You can view the VE interfaces in a VEgroup. For example:
<Quidway> display virtual-ethernet ve-group Ve-groupID L2VE L3VE 1 Virtual-Ethernet2/0/0 Virtual-Ethernet2/0/1 Total 1, 1 printed
Run the display qinq information termination command. You can view the detailed information terminated by QinQ on VE sub-interfaces. For example:
<Quidway> display qinq information termination Virtual-Ethernet5/0/9.1 L3VPN binded Total QINQ Num: 1 qinq termination pe-vid 2 ce-vid 20 to 30 Total vlan-group Num: 0 control-vid 1 qinq-termination
8.5.4 Example for Configuring the Dual-homing Access of Dynamic Master/Backup VPLS to an L3VPN 8.5.5 Example for Configuring an L2VPN to Access Multiple L3VPNs Through Sub-interfaces for QinQ VLAN Tag Termination
The PPP link is used between CE1 and the UPE. The VLL is in Martini mode (internetworking). VPN1 is the VPN instance of MPLS L3VPN; the route-distinguisher is 200:1; the vpntarget is 111:1. The backbone network belongs to AS 100. The NPE exchanges the VPN routing information with the PE (PE2) at the peer of MPLS L3VPN through IBGP. CE1 exchanges the VPN routing information with the NPE through EBGP; CE1 belongs to AS 65010. CE1 exchanges the VPN routing information through EBGP with PE2; CE2 belongs to AS 65020.
8-20
Issue 03 (2008-09-22)
Figure 8-6 Networking diagram of the access of Martini VLL to MPLS L3VPN
IP/MPLS core network Loopback1 3.3.3.9/32 NPE POS 1/0/0 10.3.3.1/24 Loopback1 4.4.4.9/32 POS 2/0/0 10.3.3.2/24 GE 1/0/0 100.2.1.1/24 GE 1/0/0 100.2.1.2/24 POS 1/0/0 10.2.2.1/24 PE2
POS 2/0/0 10.2.2.2/24 Access network Loopback1 1.1.1.9/32 UPE POS 2/0/0 P 10.2.1.2/24 POS 2/0/0 10.2.1.1/24
VPN1
CE2
POS 1/0/0
CE1
Configuration Roadmap
The configuration roadmap is as follows: 1. 2. 3. Configure the MPLS L3VPN backbone network. Create the L2VE interface on the NPE to terminate the VLL, and the L3VE interface to access L3VPN. Bind them to the same VE-group. Configure the Martini VLL:
l
Configure routing protocols for the devices including the UPE, P, and the NPE on access network to make them communicate, and enable MPLS. The default tunnel policy is used in the example; that is, establish LSPs to transmit user data. Enable MPLS L2VPN on the UPE and NPE, and establish VCs.
4.
Configure the access of CE devices to L3VPN. EBGP is used to exchange VPN routing information between CE1 and the NPE.
Data Preparations
To complete the configuration, you need the following data:
Issue 03 (2008-09-22) Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd. 8-21
VE-group number IP addresses of VE interfaces Names of VPN instances for MPLS L3VPN
Configuration Procedure
1. Configure an IP address for each interface. The configuration details are not mentioned here. Configure the IP addresses for physical interfaces and the loopback interface according to the configurations in Figure 8-6. The configuration details are not mentioned here. 2. Create VE 2/0/0 and VE 2/0/1 on the NPE, and bind them to the same VE-group. # Create VE 2/0/0 to terminate the MPLS L2VPN.
<Quidway> system-view [Quidway] sysname NPE [NPE] interface virtual-ethernet2/0/0 [NPE-Virtual-Ethernet2/0/0] ve-group 1 l2-terminate [NPE-Virtual-Ethernet2/0/0] quit
After the configuration is complete, run the display virtual-ethernet ve-group command. You can view the binding relationship between VE interfaces and a VE-group.
[NPE] display virtual-ethernet ve-group Ve-groupID L2VE 1 Virtual-Ethernet2/0/0 Total 1, 1 printed L3VE Virtual-Ethernet2/0/1
3.
Run an IGP on the VLL access network. OSPF is used in the example. The configuration details are not mentioned here. When configuring OSPF, advertise the 32-bit Loopback interface addresses of the UPE, the P, and the NPE. For more configurations, see "Configuration Files."
4.
Configure basic MPLS functions and LDP on the VLL access network. # Configure the UPE.
<Quidway> system-view [Quidway] sysname UPE [UPE] mpls lsr-id 1.1.1.9 [UPE] mpls [UPE-mpls] quit [UPE] mpls ldp [UPE-mpls-ldp] quit [UPE] interface pos 2/0/0 [UPE-Pos2/0/0] mpls [UPE-Pos2/0/0] mpls ldp [UPE-Pos2/0/0] undo shutdown [UPE-Pos2/0/0] quit
# Configure the P.
<Quidway> system-view [Quidway] sysname P [P] mpls lsr-id 2.2.2.9 [P] mpls [P-mpls] quit [P] mpls ldp [P-mpls-ldp] quit [P] interface pos 1/0/0
8-22
Issue 03 (2008-09-22)
5.
Establish remote LDP sessions between the NPE and the UPE. # Configure the UPE.
[UPE] mpls ldp remote-peer 1 [UPE-mpls-ldp-remote-1] remote-ip 3.3.3.9 [UPE-mpls-ldp-remote-1] quit
6.
Enable MPLS L2VPN on the PE, and establish VCs. # Configure the UPE.
[UPE] mpls l2vpn [UPE-l2vpn] mpls l2vpn default martini [UPE-l2vpn] quit [UPE] interface pos 1/0/0 [UPE-Pos1/0/0] mtu 1500 [UPE-Pos1/0/0] mpls l2vc 3.3.3.9 101 ip-interworking [UPE-Pos1/0/0] ip address 100.1.1.2 24 [UPE-Pos1/0/0] undo shutdown [UPE-Pos1/0/0] quit
After the configuration is complete, check the VLL connections on the UPE and NPE. You can view one static L2VC. Take the NPE as an example.
[NPE] display mpls l2vc Total ldp vc : 1 1 up 0 down *Client Interface : Virtual-Ethernet2/0/0 Session State : up AC Status : up VC State : up VC ID : 101 VC Type : ip-interworking Destination : 1.1.1.9 local VC label : 140288 remote VC label
: 140292
Issue 03 (2008-09-22)
8-23
7.
Run an IGP on the MPLS backbone network. IS-IS is used as the IGP protocol in this example. The configuration details are not mentioned here. When configuring IS-IS, advertise the 32-bit loopback interface addresses of the PE2 and the NPE. For more configurations, see "Configuration Files."
8.
Create VPN instances, and configure CEs to access the instances. # Configure the NPE.
[NPE] ip vpn-instance VPN1 [NPE-vpn-instance-VPN1] route-distinguisher 200:1 [NPE-vpn-instance-VPN1] vpn-target 111:1 both [NPE-vpn-instance-VPN1] quit [NPE] interface virtual-ethernet2/0/1 [NPE-Virtual-Ethernet2/0/1] ip binding vpn-instance VPN1 [NPE-Virtual-Ethernet2/0/1] ip address 100.1.1.2 24 [NPE-Virtual-Ethernet2/0/1] quit
# Configure CE1.
<Quidway> system-view [Quidway] sysname CE1 [CE1] interface pos 1/0/0 [CE1-Pos1/0/0] mtu 1500 [CE1-Pos1/0/0] ip address 100.1.1.1 24 [CE1-Pos1/0/0] undo shutdown [CE1-Pos1/0/0] quit
# Configure PE2.
<Quidway> system-view [Quidway] sysname PE2 [PE2] ip vpn-instance VPN1 [PE2-vpn-instance-VPN1] route-distinguisher 200:1 [PE2-vpn-instance-VPN1] vpn-target 111:1 both [PE2-vpn-instance-VPN1] quit [PE2] interface gigabitethernet1/0/0 [PE2-GigabitEthernet1/0/0] ip binding vpn-instance VPN1 [PE2-GigabitEthernet1/0/0] ip address 100.2.1.1 24 [PE2-GigabitEthernet1/0/0] undo shutdown [PE2-GigabitEthernet1/0/0] quit
# Configure CE2.
<Quidway> system-view [Quidway] sysname CE2 [CE2] interface gigabitethernet1/0/0 [CE2-GigabitEthernet1/0/0] ip address 100.2.1.2 24 [CE2-GigabitEthernet1/0/0] undo shutdown [CE2-GigabitEthernet1/0/0] quit
After the configuration is complete, run the display ip vpn-instance verbose command on the NPE and PE2. You can view the configurations of the VPN instance. The NPE and PE can ping through the CE devices that they are connected to.
8-24 Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd. Issue 03 (2008-09-22)
If the PE has multiple interfaces bound to the same VPN, and the ping -vpn-instance command is used to ping the CE device that the peer PE accesses, specify the source IP address; that is, specify the -a source-ip-address in the ping -vpn-instance vpn-instance-name -a source-ip-address dest-ipaddress command; otherwise, the ping command fails.
9.
Set up EBGP peer relationships between PEs and CEs, and import the VPN routes. # Configure CE1.
[CE1] bgp 65010 [CE1-bgp] peer 100.1.1.2 as-number 100 [CE1-bgp] import-route direct
# Configure CE2.
[CE2] bgp 65020 [CE2-bgp] peer 100.2.1.1 as-number 100 [CE2-bgp] import-route direct
# Configure PE2.
[PE2] bgp 100 [PE2-bgp] ipv4-family vpn-instance VPN1 [PE2-bgp-VPN1] peer 100.2.1.2 as-number 65020 [PE2-bgp-VPN1] import-route direct [PE2-bgp-VPN1] quit
10. Set up MP-IBGP peer relationships between the NPE and PE2. # Configure the NPE.
[NPE] bgp 100 [NPE-bgp] peer 4.4.4.9 as-number 100 [NPE-bgp] peer 4.4.4.9 connect-interface loopback 1 [NPE-bgp] ipv4-family vpnv4 [NPE-bgp-af-vpnv4] peer 4.4.4.9 enable [NPE-bgp-af-vpnv4] quit
# Configure PE2.
Issue 03 (2008-09-22) Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd. 8-25
[PE2] bgp 100 [PE2-bgp] peer 3.3.3.9 as-number 100 [PE2-bgp] peer 3.3.3.9 connect-interface loopback 1 [PE2-bgp] ipv4-family vpnv4 [PE2-bgp-af-vpnv4] peer 3.3.3.9 enable [PE2-bgp-af-vpnv4] quit
11. Verify the configuration. CE1 and CE2 can ping through each other. Take CE1 as example:
[CE1] ping 100.2.1.2 PING 100.2.1.2: 56 data bytes, press CTRL_C to break Reply from 100.2.1.2: bytes=56 Sequence=1 ttl=255 time=31 ms Reply from 100.2.1.2: bytes=56 Sequence=2 ttl=255 time=10 ms Reply from 100.2.1.2: bytes=56 Sequence=3 ttl=255 time=5 ms Reply from 100.2.1.2: bytes=56 Sequence=4 ttl=255 time=2 ms Reply from 100.2.1.2: bytes=56 Sequence=5 ttl=255 time=28 ms --- 100.2.1.2 ping statistics --5 packet(s) transmitted 5 packet(s) received 0.00% packet loss round-trip min/avg/max = 2/15/31 ms
Configuration Files
l
Configuration file of P
# sysname P # mpls lsr-id 2.2.2.9
8-26
Issue 03 (2008-09-22)
Issue 03 (2008-09-22)
8-27
8-28
Issue 03 (2008-09-22)
peer 3.3.3.9 connect-interface LoopBack1 # ipv4-family unicast undo synchronization peer 3.3.3.9 enable # ipv4-family vpnv4 policy vpn-target peer 3.3.3.9 enable # ipv4-family vpn-instance VPN1 peer 100.2.1.2 as-number 65020 import-route direct # return l
8.5.2 Example for Configuring the Access of Martini VLL to the Public Network
Networking Requirements
As shown in Figure 8-7, the Martini VLL access network consists of the UPE, the P, and the NPE. The CE accesses the public network through the VLL.
l
Create VE 2/0/0 and VE 2/0/1 on the NPE. VE 2/0/0 serves as the L2VE to terminate the VLL, and VE 2/0/1 serves as the L3VE to access the public network.
Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd. 8-29
Issue 03 (2008-09-22)
OSPF is used to advertise the public network routes, and the OPSF process ID is 2.
Figure 8-7 Networking diagram of configuring the Martini VLL to public network
Loopback1 1.1.1.9/32 POS 2/0/0 10.2.1.2/24 POS 2/0/0 10.2.1.1/24 P Loopback1 2.2.2.9/32 POS 1/0/0 10.2.2.1/24 POS 2/0/0 10.2.2.2/24 VE 2/0/0 NPE Loopback1 3.3.3.9/32
UPE GE 1/0/0.1
Internet
VE 2/0/1 100.1.1.2/24
CE
Configuration Roadmap
The configuration roadmap is as follows: 1. 2. Create L2VE and L3VE interfaces on the NPE. Bind them to the same VE-group. Configure the Martini VLL:
l
Configure routing protocols for the devices (UPE, P, and NPE) on access network to make the devices communicate, and enable MPLS. The default tunnel policy is used in the example. LSPs are created to transmit user data. Enable MPLS L2VPN on PEs and establish VCs.
l l
3.
Data Preparation
To complete the configuration, you need the following data:
l l
Configuration Procedure
1. Create two VE interfaces on the NPE, and bind them to the same VE-group. # Create VE 2/0/0 to terminate the MPLS L2VPN.
<Quidway> system-view [Quidway] sysname NPE [NPE] interface virtual-ethernet2/0/0 [NPE-Virtual-Ethernet2/0/0] ve-group 1 l2-terminate [NPE-Virtual-Ethernet2/0/0] quit
8-30
Issue 03 (2008-09-22)
After the configuration is complete, run the display virtual-ethernet ve-group command. You can view the binding relationship between VE interfaces and a VE-group.
[NPE] display virtual-ethernet ve-group Ve-groupID L2VE 1 Virtual-Ethernet2/0/0 Total 1, 1 printed L3VE Virtual-Ethernet2/0/1
2.
Run an IGP on the VLL access network. OSPF is used in the example. The configuration details are not mentioned here. Configure the addresses for the interfaces of the UPE, the P, and the NPE according to Figure 8-7. When configuring OSPF, advertise the 32-bit loopback interface addresses of the UPE, the P, and the NPE. For more configurations, see "Configuration Files."
3.
Configure basic MPLS functions and LDP on the access network. # Configure the UPE.
<Quidway> system-view [Quidway] sysname UPE [UPE] mpls lsr-id 1.1.1.9 [UPE] mpls [UPE-mpls] quit [UPE] mpls ldp [UPE-mpls-ldp] quit [UPE] interface pos 2/0/0 [UPE-Pos2/0/0] mpls [UPE-Pos2/0/0] mpls ldp [UPE-Pos2/0/0] quit
# Configure the P.
<Quidway> system-view [Quidway] sysname P [P] mpls lsr-id 2.2.2.9 [P] mpls [P-mpls] quit [P] mpls ldp [P-mpls-ldp] quit [P] interface pos 1/0/0 [P-Pos1/0/0] mpls [P-Pos1/0/0] mpls ldp [P-Pos1/0/0] quit [P] interface pos 2/0/0 [P-Pos2/0/0] mpls [P-Pos2/0/0] mpls ldp [P-Pos2/0/0] quit
4.
Establish a remote LDP session between the UPE and the NPE. # Configure the UPE.
[UPE] mpls ldp remote-peer 1 [UPE-mpls-ldp-remote-1] remote-ip 3.3.3.9 [UPE-mpls-ldp-remote-1] quit
Issue 03 (2008-09-22)
8-31
5.
Enable MPLS L2VPN on the UPE and the NPE, and establish VCs.
NOTE
The default VC type of a VLL on a VE interface is Ethernet. Therefore, when creating an L2VC on the UPE, you need to specify raw to change the VC type to Ethernet so that the encapsulation types at both ends of a VC are the same.
6.
Verify the configuration. Check the L2VPN connection on the PE. You can view that an L2VC in the Up state is set up. Take the NPE as an example.
[NPE] display mpls l2vc Total ldp vc : 1 1 up 0 down *Client Interface : Virtual-Ethernet2/0/0 Session State : up AC Status : up VC State : up VC ID : 101 VC Type : ethernet Destination : 1.1.1.9 local VC label : 140288 remote VC label : 140292 control word : disable forwarding entry : not exist local group ID : 0 manual fault : not set active state : active link state : up local VC MTU : 1500 remote VC MTU : 1500 tunnel policy name : lsp traffic behavior name: -PW template name : -primary or secondary : primary create time : 0 days, 0 hours, 30 minutes, 18 seconds up time : 0 days, 0 hours, 0 minutes, 0 seconds last change time : 0 days, 0 hours, 30 minutes, 18 seconds
7.
8-32
Issue 03 (2008-09-22)
Configure CE.
<Quidway> system-view [Quidway] sysname CE [CE] interface gigabitethernet1/0/0.1 [CE-GigabitEthernet1/0/0.1] vlan-type dot1q 10 [CE-GigabitEthernet1/0/0.1] ip address 100.1.1.1 24 [CE-GigabitEthernet1/0/0.1] quit [CE] ospf 2 [CE-ospf-2] area 0 [CE-ospf-2-area-0.0.0.0] network 100.1.1.0 0.0.0.255 [CE-ospf-2-area-0.0.0.0] quit [CE-ospf-2] quit
8.
Verify the configuration. # The CE and NPE can ping through each other through VE 2/0/1. Take CE as example:
[CE] ping 100.1.1.2 PING 100.1.1.2: 56 data bytes, press CTRL_C to break Reply from 100.1.1.2: bytes=56 Sequence=1 ttl=255 time=31 ms Reply from 100.1.1.2: bytes=56 Sequence=2 ttl=255 time=10 ms Reply from 100.1.1.2: bytes=56 Sequence=3 ttl=255 time=5 ms Reply from 100.1.1.2: bytes=56 Sequence=4 ttl=255 time=2 ms Reply from 100.1.1.2: bytes=56 Sequence=5 ttl=255 time=28 ms --- 100.1.1.2 ping statistics --5 packet(s) transmitted 5 packet(s) received 0.00% packet loss round-trip min/avg/max = 2/15/31 ms
Configuration Files
l
Issue 03 (2008-09-22)
8-33
8-34
Issue 03 (2008-09-22)
LDP is used as the signaling protocol of VPLS. HVPLS is set up between UPE1, UPE2, and the NPE; UPE1 and UPE2 serve as the lower layer PE. VPN1 serves as the VPN instance of MPLS L3VPN; the route-distinguisher is 200:1; the vpn-target is 111:1. The backbone network belongs to AS 100. The NPE exchanges the VPN routing information with the peer PE (PE3) at MPLS L3VPN through IBGP. CE1, CE2, and the NPE exchange the VPN routing information through OSPF. CE3 and PE3 exchange the VPN routing information through OSPF.
l l
Issue 03 (2008-09-22)
8-35
Figure 8-8 Networking diagram of configuring the access of Martini VPLS to L3VPN
IP/MPLS core network
Loopback1 4.4.4.9/32
NPE
PE3
GE1/0/0.1 200.1.1.1/24
Access network
Loopback1 3.3.3.9/32
POS1/0/0 30.1.1.1/24
GE1/0/0.1 200.1.1.2/24
P
POS2/0/0 10.1.1.2/24 Loopback1 1.1.1.9/32 POS2/0/0 10.1.1.1/24 POS2/0/0 20.1.1.1/24 POS3/0/0 20.1.1.2/24 Loopback1 2.2.2.9/32
CE3
UPE1
GE1/0/0.1
UPE2
GE1/0/0.1
GE1/0/0.1 100.1.1.1/24
GE1/0/0.1 100.1.1.2/24
CE1
CE2
Configuration Roadmap
The configuration roadmap is as follows: 1. 2. 3. Configure the MPLS L3VPN backbone network. Create the L2VE interface on NPE to terminate the VPLS, and the L3VE interface to access L3VPN. Bind them to the same VE-group. To configure Martini HVPLS, perform the following procedures:
l
Configure routing protocols for the devices on the access network including the UPE, the P, and the NPE to make them communicate, and enable MPLS. Create a VSI instance on the NPE, and specify the lower layer PE to be the UPE of the VSI. Create a VSI instance on one UPE, and specify the NPE as the peer of the VSI.
4.
Configure the access of CE devices to L3VPN. OSPF is used to exchange VPN routing information between CE1, CE2 and the NPE.
Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd. Issue 03 (2008-09-22)
8-36
Data Preparation
To complete the configuration, you need the following data:
l l l
VE-group number IP addresses of VE interfaces Names of VPN instances for MPLS L3VPN
Configuration Procedure
1. Configure an IP address for each interface. The configuration details are not mentioned here. Configure the IP addresses for physical interfaces and the loopback interface according to Figure 8-8. The configuration details are not mentioned here. 2. Create VE 2/0/0 and VE 2/0/1 on the NPE, and bind them to the same VE-group. # Create VE 2/0/0 to terminate the MPLS L2VPN.
<Quidway> system-view [Quidway] sysname NPE [NPE] interface virtual-ethernet2/0/0 [NPE-Virtual-Ethernet2/0/0] ve-group 1 l2-terminate [NPE-Virtual-Ethernet2/0/0] quit
After the configuration is complete, run the display virtual-ethernet ve-group command on the NPE. You can view the binding relationship between VE interfaces and a VE-group.
[NPE] display virtual-ethernet ve-group Ve-groupID L2VE 1 Virtual-Ethernet2/0/0 Total 1, 1 printed L3VE Virtual-Ethernet2/0/1
3.
Run an IGP on the VPLS access network. OSPF is used in the example. The configuration details are not mentioned here. When configuring OSPF, advertise the 32-bit loopback interface addresses of the UPE, the P, and the NPE. For more configurations, see "Configuration Files."
4.
Configure basic MPLS functions and LDP on the VPLS access network. # Configure UPE1.
<Quidway> system-view [Quidway] sysname UPE1 [UPE1] mpls lsr-id 1.1.1.9 [UPE1] mpls [UPE1-mpls] quit [UPE1] mpls ldp [UPE1-mpls-ldp] quit [UPE1] interface pos 2/0/0 [UPE1-Pos2/0/0] mpls [UPE1-Pos2/0/0] mpls ldp [UPE1-Pos2/0/0] undo shutdown [UPE1-Pos2/0/0] quit
# Configure UPE2.
<Quidway> system-view [Quidway] sysname UPE2 [UPE2] mpls lsr-id 2.2.2.9 [UPE2] mpls
Issue 03 (2008-09-22)
8-37
# Configure the P.
<Quidway> system-view [Quidway] sysname P [P] mpls lsr-id 3.3.3.9 [P] mpls [P-mpls] quit [P] mpls ldp [P-mpls-ldp] quit [P] interface pos 1/0/0 [P-Pos1/0/0] mpls [P-Pos1/0/0] mpls ldp [P-Pos1/0/0] undo shutdown [P-Pos1/0/0] quit [P] interface pos 2/0/0 [P-Pos2/0/0] mpls [P-Pos2/0/0] mpls ldp [P-Pos2/0/0] undo shutdown [P-Pos2/0/0] quit [P] interface pos 3/0/0 [P-Pos3/0/0] mpls [P-Pos3/0/0] mpls ldp [P-Pos3/0/0] undo shutdown [P-Pos3/0/0] quit
5.
Establish remote LDP sessions between the NPE and UPE. # Configure UPE1.
[UPE1] mpls ldp remote-peer npe [UPE1-mpls-ldp-remote-npe] remote-ip 4.4.4.9 [UPE1-mpls-ldp-remote-npe] quit
# Configure UPE2.
[UPE2] mpls ldp remote-peer npe [UPE2-mpls-ldp-remote-npe] remote-ip 4.4.4.9 [UPE2-mpls-ldp-remote-npe] quit
6.
8-38
Issue 03 (2008-09-22)
[UPE1] vsi a2 static [UPE1-vsi-a2] pwsignal ldp [UPE1-vsi-a2-ldp] vsi-id 2 [UPE1-vsi-a2-ldp] peer 4.4.4.9 [UPE1-vsi-a2-ldp] quit [UPE1-vsi-a2] quit [UPE1] interface gigabitethernet 1/0/0.1 [UPE1-GigabitEthernet1/0/0.1] shutdown [UPE1-GigabitEthernet1/0/0.1] vlan-type dot1q 10 [UPE1-GigabitEthernet1/0/0.1] l2 binding vsi a2 [UPE1-GigabitEthernet1/0/0.1] undo shutdown [UPE1-GigabitEthernet1/0/0.1] quit
# Configure UPE2.
[UPE2] mpls l2vpn [UPE2-l2vpn] quit [UPE2] vsi a2 static [UPE2-vsi-a2] pwsignal ldp [UPE2-vsi-a2-ldp] vsi-id 2 [UPE2-vsi-a2-ldp] peer 4.4.4.9 [UPE2-vsi-a2-ldp] quit [UPE2-vsi-a2] quit [UPE2] interface gigabitethernet 1/0/0.1 [UPE2-GigabitEthernet1/0/0.1] shutdown [UPE2-GigabitEthernet1/0/0.1] vlan-type dot1q 10 [UPE2-GigabitEthernet1/0/0.1] l2 binding vsi a2 [UPE2-GigabitEthernet1/0/0.1] undo shutdown [UPE2-GigabitEthernet1/0/0.1] quit
After the configuration is complete, check the VSI connections on the NPE. You can view that two PWs are set up. Take the NPE as an example.
[NPE] display vsi name a2 verbose ***VSI Name : a2 Administrator VSI : no Isolate Spoken : disable VSI Index : 0 PW Signaling : ldp Member Discovery Style : static PW MAC Learn Style : unqualify Encapsulation Type : vlan MTU : 1500 Diffserv Mode : uniform Service Class : -Color : -DomainId : 255 Domain Name : VSI State : up VSI ID : 2 *Peer Router ID : 1.1.1.9 VC Label : 23552 Peer Type : dynamic Session : up Tunnel ID : 0x1002000, *Peer Router ID : 2.2.2.9
Issue 03 (2008-09-22)
8-39
7.
Run the IGP on the MPLS backbone network. IS-IS is used as the IGP protocol in this example. When configuring the IS-IS, advertise the 32-bit loopback interface addresses of PE3 and the NPE. For more configurations, see "Configuration Files."
8.
Create VPN instances, and configure the CEs to access the instances. # Configure the NPE.
[NPE] ip vpn-instance VPN1 [NPE-vpn-instance-VPN1] route-distinguisher 200:1 [NPE-vpn-instance-VPN1] vpn-target 111:1 both [NPE-vpn-instance-VPN1] quit [NPE] interface virtual-ethernet2/0/1 [NPE-Virtual-Ethernet2/0/1] ip binding vpn-instance VPN1 [NPE-Virtual-Ethernet2/0/1] ip address 100.1.1.3 24 [NPE-Virtual-Ethernet2/0/1] quit
# Configure CE1.
<Quidway> system-view [Quidway] sysname CE1 [CE1] interface gigabitethernet1/0/0.1 [CE1-GigabitEthernet1/0/0.1] vlan-type dot1q 10 [CE1-GigabitEthernet1/0/0.1] ip address 100.1.1.1 24 [CE1-GigabitEthernet1/0/0.1] quit
# Configure CE2.
<Quidway> system-view [Quidway] sysname CE2 [CE2] interface gigabitethernet1/0/0.1 [CE2-GigabitEthernet1/0/0.1] vlan-type dot1q 10 [CE2-GigabitEthernet1/0/0.1] ip address 100.1.1.2 24 [CE2-GigabitEthernet1/0/0.1] quit
# Configure PE3.
<Quidway> system-view [Quidway] sysname PE3 [PE3] ip vpn-instance VPN1 [PE3-vpn-instance-VPN1] route-distinguisher 200:1 [PE3-vpn-instance-VPN1] vpn-target 111:1 both [PE3-vpn-instance-VPN1] quit [PE3] interface gigabitethernet1/0/0.1 [PE3-GigabitEthernet1/0/0.1] vlan-type dot1q 10 [PE3-GigabitEthernet1/0/0.1] ip binding vpn-instance VPN1 [PE3-GigabitEthernet1/0/0.1] ip address 200.1.1.1 24 [PE3-GigabitEthernet1/0/0.1] quit
# Configure CE3.
8-40 Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd. Issue 03 (2008-09-22)
<Quidway> system-view [Quidway] sysname CE3 [CE3] interface gigabitethernet1/0/0.1 [CE3-GigabitEthernet1/0/0.1] vlan-type dot1q 10 [CE3-GigabitEthernet1/0/0.1] ip address 200.1.1.2 24 [CE3-GigabitEthernet1/0/0.1] quit
9.
Configure OSPF between the PE and CE devices, and import the VPN routes. # Configure the NPE.
[NPE] ospf 100 vpn-instance VPN1 [NPE-ospf-100] domain-id 10 [NPE-ospf-100] import-route bgp [NPE-ospf-100] area 0 [NPE-ospf-100-area-0.0.0.0] network 100.1.1.0 0.0.0.255 [NPE-ospf-100-area-0.0.0.0] quit [NPE-ospf-100] quit [NPE] bgp 100 [NPE-bgp] ipv4-family vpn-instance VPN1 [NPE-bgp-VPN1] import-route direct [NPE-bgp-VPN1] import-route ospf 100 [NPE-bgp-VPN1] quit [NPE-bgp] quit
# Configure CE1.
[CE1] ospf 100 [CE1-ospf-100] area 0 [CE1-ospf-100-area-0.0.0.0] network 100.1.1.0 0.0.0.255 [CE1-ospf-100-area-0.0.0.0] quit [CE1-ospf-100] quit
# Configure CE2.
[CE2] ospf 100 [CE2-ospf-100] area 0 [CE2-ospf-100-area-0.0.0.0] network 100.1.1.0 0.0.0.255 [CE2-ospf-100-area-0.0.0.0] quit [CE2-ospf-100] quit
# Configure PE3.
[PE3] ospf 100 vpn-instance VPN1 [PE3-ospf-100] domain-id 10 [PE3-ospf-100] import-route bgp [PE3-ospf-100] area 0 [PE3-ospf-100-area-0.0.0.0] network 200.1.1.0 0.0.0.255 [PE3-ospf-100-area-0.0.0.0] quit [PE3-ospf-100] quit [PE3] bgp 100 [PE3-bgp] ipv4-family vpn-instance VPN1 [PE3-bgp-VPN1] import-route direct [PE3-bgp-VPN1] import-route ospf 100 [PE3-bgp-VPN1] quit [PE3-bgp] quit
# Configure CE3.
[CE3] ospf 100 [CE3-ospf-100] area 0 [CE3-ospf-100-area-0.0.0.0] network 200.1.1.0 0.0.0.255 [CE3-ospf-100-area-0.0.0.0] quit [CE3-ospf-100] quit
10. Set up MP-IBGP peer relationships between the NPE and PE3. # Configure the NPE.
[NPE] bgp 100 [NPE-bgp] peer 5.5.5.9 as-number 100 [NPE-bgp] peer 5.5.5.9 connect-interface loopback 1 [NPE-bgp] ipv4-family vpnv4 [NPE-bgp-af-vpnv4] peer 5.5.5.9 enable [NPE-bgp-af-vpnv4] quit
Issue 03 (2008-09-22)
8-41
# Configure PE3.
[PE3] bgp 100 [PE3-bgp] peer 4.4.4.9 as-number 100 [PE3-bgp] peer 4.4.4.9 connect-interface loopback 1 [PE3-bgp] ipv4-family vpnv4 [PE3-bgp-af-vpnv4] peer 4.4.4.9 enable [PE3-bgp-af-vpnv4] quit
11. Verify the configuration. CE1, CE2 and CE3 can ping through each other. Take CE1 as example:
[CE1] ping 100.1.1.2 PING 100.1.1.2: 56 data bytes, press CTRL_C to break Reply from 100.1.1.2: bytes=56 Sequence=1 ttl=255 time=31 ms Reply from 100.1.1.2: bytes=56 Sequence=2 ttl=255 time=10 ms Reply from 100.1.1.2: bytes=56 Sequence=3 ttl=255 time=5 ms Reply from 100.1.1.2: bytes=56 Sequence=4 ttl=255 time=2 ms Reply from 100.1.1.2: bytes=56 Sequence=5 ttl=255 time=28 ms --- 100.1.1.2 ping statistics --5 packet(s) transmitted 5 packet(s) received 0.00% packet loss round-trip min/avg/max = 2/15/31 ms [CE1] ping 200.1.1.2 PING 200.1.1.2: 56 data bytes, press CTRL_C to break Reply from 200.1.1.2: bytes=56 Sequence=1 ttl=255 time=31 ms Reply from 200.1.1.2: bytes=56 Sequence=2 ttl=255 time=10 ms Reply from 200.1.1.2: bytes=56 Sequence=3 ttl=255 time=5 ms Reply from 200.1.1.2: bytes=56 Sequence=4 ttl=255 time=2 ms Reply from 200.1.1.2: bytes=56 Sequence=5 ttl=255 time=28 ms --- 200.1.1.2 ping statistics --5 packet(s) transmitted 5 packet(s) received 0.00% packet loss round-trip min/avg/max = 2/15/31 ms
Configuration Files
l
8-42
Issue 03 (2008-09-22)
Configuration file of P
# sysname P # mpls lsr-id 3.3.3.9 mpls # mpls ldp # interface Pos1/0/0 undo shutdown link-protocol ppp ip address 30.1.1.1 255.255.255.0 mpls
Issue 03 (2008-09-22)
8-43
8-44
Issue 03 (2008-09-22)
ip address 30.1.1.2 255.255.255.0 mpls mpls ldp # interface Virtual-Ethernet2/0/0 ve-group 1 l2-terminate l2 binding vsi a2 # interface Virtual-Ethernet2/0/1 ve-group 1 l3-access ip binding vpn-instance VPN1 ip address 100.1.1.3 255.255.255.0 # interface LoopBack1 ip address 4.4.4.9 255.255.255.255 isis enable 1 # bgp 100 peer 5.5.5.9 as-number 100 peer 5.5.5.9 connect-interface LoopBack1 # ipv4-family unicast undo synchronization peer 5.5.5.9 enable # ipv4-family vpnv4 policy vpn-target peer 5.5.5.9 enable # ipv4-family vpn-instance VPN1 import-route direct import-route ospf 100 # ospf 1 area 0.0.0.0 network 4.4.4.9 0.0.0.0 network 30.1.1.0 0.0.0.255 # ospf 100 vpn-instance VPN1 import-route bgp domain-id 0.0.0.10 area 0.0.0.0 network 100.1.1.0 0.0.0.255 # return l
Issue 03 (2008-09-22)
8-45
8-46
Issue 03 (2008-09-22)
8.5.4 Example for Configuring the Dual-homing Access of Dynamic Master/Backup VPLS to an L3VPN
Networking Requirements
As shown in Figure 8-9, NPE1, NPE2, and PE3 serve as the PE of the IP/MPLS backbone network, and UPE1 and UPE2 serve as the PE on the VPLS access network. The networking requirements are as follows:
l
Create an mVSI on the UPEs, and connect it to two NPEs through dual-homing links. Set up LDP sessions between the UPEs and NPEs. Create remote LDP sessions if NPEs and UPEs are not connected directly. The administrator VSI manages the VRRP packets and the exchange of the NPE packets and peer BFD packets. Create a service VSI on the UPEs, and connect it to two NPEs through dual-homing links. Set up LDP sessions between the UPE and the NPE. Create remote LDP sessions if NPEs and UPEs are not connected directly. The service VSI is responsible for the exchange of the VPLS service packets. Bind the service VSI and the mVSI on the UPEs. When the master/backup switchover of the NPEs is performed, the MAC addresses of all service VSIs that are bound to the mVSI on the UPE are cleared. The service VSIs learn the MAC address of the new master NPE again, which does not interrupt user services. Create eight VE interfaces on the NPE. VE 2/0/0, VE 2/0/2, VE 2/0/4, and VE 2/0/6, which are L2VEs, are used to terminate VPLS; VE 2/0/1, VE 2/0/3, VE 2/0/5, and VE 2/0/7, which are L3VEs, are used to access the MPLS L3VPN. Configure the mVRRP between NPEs. The VSI of the UPE forwards the mVRRP packets. Whether the NPE is master or backup NPE depends on the priority of the VRRP. If the links related to the master NPE or the master NPE itself is faulty, the backup NPE switches to be the master as specified in VRRP. This helps distinguish the master and backup devices, and ensure the reliability of services. Run the service VRRP between NPEs. The service VRRP and the mVRRP are bound on the NPE; the mVRRP determines the master or backup status of the service VRRP. Set the interval for the peer BFD detection between the NPEs to 30 ms, the link BFD detection between an NPE and a UPE to 10 ms. Peer BFD is used to perform the master/
Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd. 8-47
Issue 03 (2008-09-22)
backup VRRP switchover, and link BFD is used to monitor a link. Peer BFD and link BFD are used together to perform the fast master/backup switchover of NPEs.
NOTE
When the master NPE restarts or the master link BFD reports a fault, the backup NPE receives the fault notification from peer BFD and thus starts to check the status of the backup link BFD. If the backup link BFD is Up, the backup NPE becomes the master and advertises routes to the remote PE. In addition, the backup NPE sends gratuitous ARPs to the UPE to clear the MAC address table of VPLS on the UPE. At this time, the previous master NPE cancels the advertisement of routes to the remote PE When the backup NPE restarts or the backup link BFD reports a fault, the master/backup switchover of NPEs is not performed.
Figure 8-9 Networking diagram of configuring the dual-homing access of dynamic master/ backup VPLS to an L3VPN
VPN1 CE3 CE4 VPN2
GE1/0/0 100.3.1.1/24
Loopback1 5.5.5.9/32
GE1/0/0 100.4.1.1/24
PE3
GE1/0/0 100.3.1.2/24 GE1/0/1 100.4.1.2/24
NPE1
POS2/0/0 POS3/0/0 50.1.1.1/24 60.1.1.1/24 Loopback1 Loopback1 3.3.3.9/32 4.4.4.9/32 POS1/0/0 POS1/0/0 50.1.1.2/24 60.1.1.2/24 GE2/0/1 GE2/0/1 30.1.1.2/24 20.1.1.2/24
NPE2
GE2/0/0 10.1.1.2/24
GE2/0/0 40.1.1.2/24
Access network
GE1/0/0 10.1.1.1/24 Loopback1 1.1.1.9/32 GE1/0/0 40.1.1.1/24 Loopback1 2.2.2.9/32
UPE1
GE1/0/2.1 GE1/0/2.1
UPE2
GE1/0/0.1 100.1.1.1/24
GE1/0/0.1 100.2.1.1/24
CE1 VPN1
CE2 VPN2
Configuration Roadmap
The configuration roadmap is as follows:
8-48 Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd. Issue 03 (2008-09-22)
1. 2. 3. 4. 5. 6. 7. 8.
Configure the MPLS L3VPN backbone network. Create the L2VE interface on the NPE to terminate the VPLS, and the L3VE interface to access L3VPN. Bind them to the same VE-group. Configure the basic MPLS functions of the UPEs and NPEs. Set up MPLS LDP sessions between UPEs and NPEs. Create an mVSI on the UPE, and connect the NPE to the mVSI through VLL. Create a service VSI on the UPE, and connect the NPE to the service VSI through VLL. Run the mVRRP between NPEs. The protocol packets are forwarded between members in the VRRP backup group by the mVSI on the UPE. Run the service VRRP between NPEs. Bind the service VRRP to the mVRRP. Configure the Peer BFD between NPEs; run the Link BFD between NPEs and UPEs. The mVRRP determines the master or backup status of the routers in the VRRP backup group according to the status of the Peer BFD and the Link BFD. Configure the access of CEs to MPLS L3VPN.
9.
Data Preparation
To complete the configuration, you need the following data:
l
Interface number, interface IP address, OSPF process number, OSPF area number, and ISIS process number LSR ID VSI name and VSI ID VC ID of VLL Name of the BFD, the local or remote discriminator, the VRRP backup group number and priority of VRRP VE-group number Names of VPN instances for MPLS L3VPN
l l l l
l l
Configuration Procedure
1. Configure an IP address for each interface. The configuration details are not mentioned here. Configure the IP addresses for the physical interfaces and the loopback interfaces as specified inFigure 8-9. Run the undo shutdown command to start the interfaces. The configuration details are not mentioned here. 2. Create eight VE interfaces in four groups on each NPE. # Configure NPE1.
<Quidway> system-view [Quidway] sysname NPE1 [NPE1] interface virtual-ethernet2/0/0 [NPE1-Virtual-Ethernet2/0/0] ve-group 1 [NPE1-Virtual-Ethernet2/0/0] quit [NPE1] interface virtual-ethernet2/0/1 [NPE1-Virtual-Ethernet2/0/1] ve-group 1 [NPE1-Virtual-Ethernet2/0/1] quit [NPE1] interface virtual-ethernet2/0/2 [NPE1-Virtual-Ethernet2/0/2] ve-group 2 [NPE1-Virtual-Ethernet2/0/2] quit [NPE1] interface virtual-ethernet2/0/3 [NPE1-Virtual-Ethernet2/0/3] ve-group 2
Issue 03 (2008-09-22)
8-49
# Configure NPE2.
<Quidway> system-view [Quidway] sysname NPE2 [NPE2] interface virtual-ethernet2/0/0 [NPE2-Virtual-Ethernet2/0/0] ve-group 1 [NPE2-Virtual-Ethernet2/0/0] quit [NPE2] interface virtual-ethernet2/0/1 [NPE2-Virtual-Ethernet2/0/1] ve-group 1 [NPE2-Virtual-Ethernet2/0/1] quit [NPE2] interface virtual-ethernet2/0/2 [NPE2-Virtual-Ethernet2/0/2] ve-group 2 [NPE2-Virtual-Ethernet2/0/2] quit [NPE2] interface virtual-ethernet2/0/3 [NPE2-Virtual-Ethernet2/0/3] ve-group 2 [NPE2-Virtual-Ethernet2/0/3] quit [NPE2] interface virtual-ethernet2/0/4 [NPE2-Virtual-Ethernet2/0/4] ve-group 3 [NPE2-Virtual-Ethernet2/0/4] quit [NPE2] interface virtual-ethernet2/0/5 [NPE2-Virtual-Ethernet2/0/5] ve-group 3 [NPE2-Virtual-Ethernet2/0/5] quit [NPE2] interface virtual-ethernet2/0/6 [NPE2-Virtual-Ethernet2/0/6] ve-group 4 [NPE2-Virtual-Ethernet2/0/6] quit [NPE2] interface virtual-ethernet2/0/7 [NPE2-Virtual-Ethernet2/0/7] ve-group 4 [NPE2-Virtual-Ethernet2/0/7] quit
After the configuration is complete, run the display virtual-ethernet ve-group command. You can view the binding relationship between VE interfaces and a VE-group. Take NPE1 as example:
[NPE1] display virtual-ethernet ve-group Ve-groupID L2VE 1 Virtual-Ethernet2/0/0 2 Virtual-Ethernet2/0/2 3 Virtual-Ethernet2/0/4 4 Virtual-Ethernet2/0/6 Total 4, 4 printed L3VE Virtual-Ethernet2/0/1 Virtual-Ethernet2/0/3 Virtual-Ethernet2/0/5 Virtual-Ethernet2/0/7
3.
Configure the MPLS L3VPN on backbone network. (1) Configure the IGP between the NPE and the PE on the backbone network. IS-IS is used in the example. # Configure NPE1.
[NPE1] isis 1 [NPE1-isis-1] network-entity 10.0000.0000.0001.00 [NPE1-isis-1] quit [NPE1] interface loopback1 [NPE1-LoopBack1] isis enable 1 [NPE1-LoopBack1] quit [NPE1] interface pos1/0/0 [NPE1-Pos1/0/0] isis enable 1 [NPE1-Pos1/0/0] quit
8-50
Issue 03 (2008-09-22)
# Configure NPE2.
[NPE2] isis 1 [NPE2-isis-1] network-entity 10.0000.0000.0002.00 [NPE2-isis-1] quit [NPE2] interface loopback1 [NPE2-LoopBack1] isis enable 1 [NPE2-LoopBack1] quit [NPE2] interface pos1/0/0 [NPE2-Pos1/0/0] isis enable 1 [NPE2-Pos1/0/0] quit
# Configure PE3.
<Quidway> system-view [Quidway] sysname PE3 [PE3] isis 1 [PE3-isis-1] network-entity 10.0000.0000.0003.00 [PE3-isis-1] quit [PE3] interface loopback1 [PE3-LoopBack1] isis enable 1 [PE3-LoopBack1] quit [PE3] interface pos2/0/0 [PE3-Pos2/0/0] isis enable 1 [PE3-Pos2/0/0] quit [PE3] interface pos3/0/0 [PE3-Pos3/0/0] isis enable 1 [PE3-Pos3/0/0] quit
After the configuration is complete, run the display isis route command. You can view that the NPEs and PEs can learn the loopback1 route of each other. Take NPE1 as an example.
[NPE1] display isis route Route information for ISIS(1) ----------------------------ISIS(1) Level-1 Forwarding Table -------------------------------IPV4 Destination IntCost ExtCost ExitInterface NextHop Flags ------------------------------------------------------------------------------5.5.5.9/32 0 NULL Loop1 Direct D/-/L/4.4.4.9/32 10 NULL Pos3/0/0 60.1.1.2 A/-/L/3.3.3.9/32 10 NULL Pos2/0/0 50.1.1.2 A/-/L/50.1.1.0/24 10 NULL Pos2/0/0 Direct D/-/L/60.1.1.0/24 10 NULL Pos3/0/0 Direct D/-/L/Flags: D-Direct, A-Added to URT, L-Advertised in LSPs, S-IGP Shortcut, U-Up/Down Bit Set ISIS(1) Level-2 Forwarding Table -------------------------------IPV4 Destination IntCost ExtCost ExitInterface NextHop Flags ------------------------------------------------------------------------------5.5.5.9/32 0 NULL Loop1 Direct D/-/L/4.4.4.9/32 10 NULL 3.3.3.9/32 10 NULL 50.1.1.0/24 10 NULL Pos2/0/0 Direct D/-/L/60.1.1.0/24 10 NULL Pos3/0/0 Direct D/-/L/Flags: D-Direct, A-Added to URT, L-Advertised in LSPs, S-IGP Shortcut, U-Up/Down Bit Set
Issue 03 (2008-09-22)
8-51
(2) Configure the basic MPLS functions and LDP on the backbone network. # Configure NPE1.
[NPE1] mpls lsr-id 3.3.3.9 [NPE1] mpls [NPE1-mpls] quit [NPE1] mpls ldp [NPE1-mpls-ldp] quit [NPE1] interface pos1/0/0 [NPE1-Pos1/0/0] mpls [NPE1-Pos1/0/0] mpls ldp [NPE1-Pos1/0/0] quit
# Configure NPE2.
[NPE2] mpls lsr-id 4.4.4.9 [NPE2] mpls [NPE2-mpls] quit [NPE2] mpls ldp [NPE2-mpls-ldp] quit [NPE2] interface pos1/0/0 [NPE2-Pos1/0/0] mpls [NPE2-Pos1/0/0] mpls ldp [NPE2-Pos1/0/0] quit
# Configure PE3.
[PE3] mpls lsr-id 5.5.5.9 [PE3] mpls [PE3-mpls] quit [PE3] mpls ldp [PE3-mpls-ldp] quit [PE3] interface pos2/0/0 [PE3-Pos2/0/0] mpls [PE3-Pos2/0/0] mpls ldp [PE3-Pos2/0/0] quit [PE3] interface pos3/0/0 [PE3-Pos3/0/0] mpls [PE3-Pos3/0/0] mpls ldp [PE3-Pos3/0/0] quit
After the configuration is complete, LDP sessions can be set up between PE3 and the NPEs. Run the display mpls ldp session command. You can view that the "Status" in the output is "Operational". Take PE3 as an example.
[PE3] display mpls ldp session LDP Session(s) in Public Network ----------------------------------------------------------------------------Peer-ID Status LAM SsnRole SsnAge KA-Sent/Rcv ----------------------------------------------------------------------------3.3.3.9:0 Operational DU Passive 000:00:02 10/10 4.4.4.9:0 Operational DU Passive 000:00:10 12/12 ----------------------------------------------------------------------------TOTAL: 2 session(s) Found. LAM : Label Advertisement Mode SsnAge Unit : DDD:HH:MM
(3) Configure the L3VPN instance on NPEs and PEs, and bind the instance to AC interfaces. # Configure NPE1.
[NPE1] ip vpn-instance VPN1 [NPE1-vpn-instance-VPN1] route-distinguisher 100:1 [NPE1-vpn-instance-VPN1] vpn-target 111:1 both [NPE1-vpn-instance-VPN1] quit [NPE1] ip vpn-instance VPN2
8-52
Issue 03 (2008-09-22)
[NPE1-vpn-instance-VPN2] route-distinguisher 100:21 [NPE1-vpn-instance-VPN2] vpn-target 222:1 both [NPE1-vpn-instance-VPN2] quit [NPE1] interface virtual-ethernet2/0/5 [NPE1-Virtual-Ethernet2/0/5] ip binding vpn-instance VPN1 [NPE1-Virtual-Ethernet2/0/5] ip address 100.1.1.2 24 [NPE1-Virtual-Ethernet2/0/5] quit [NPE1] interface virtual-ethernet2/0/7 [NPE1-Virtual-Ethernet2/0/7] ip binding vpn-instance VPN2 [NPE1-Virtual-Ethernet2/0/7] ip address 100.2.1.2 24 [NPE1-Virtual-Ethernet2/0/7] quit
# Configure NPE2.
[NPE2] ip vpn-instance VPN1 [NPE2-vpn-instance-VPN1] route-distinguisher 100:2 [NPE2-vpn-instance-VPN1] vpn-target 111:1 both [NPE2-vpn-instance-VPN1] quit [NPE2] ip vpn-instance VPN2 [NPE2-vpn-instance-VPN2] route-distinguisher 100:22 [NPE2-vpn-instance-VPN2] vpn-target 222:1 both [NPE2-vpn-instance-VPN2] quit [NPE2] interface virtual-ethernet2/0/5 [NPE2-Virtual-Ethernet2/0/5] ip binding vpn-instance VPN1 [NPE2-Virtual-Ethernet2/0/5] ip address 100.1.1.3 24 [NPE2-Virtual-Ethernet2/0/5] quit [NPE2] interface virtual-ethernet2/0/7 [NPE2-Virtual-Ethernet2/0/7] ip binding vpn-instance VPN2 [NPE2-Virtual-Ethernet2/0/7] ip address 100.2.1.3 24 [NPE2-Virtual-Ethernet2/0/7] quit
# Configure PE3.
[PE3] ip vpn-instance VPN1 [PE3-vpn-instance-VPN1] route-distinguisher 100:3 [PE3-vpn-instance-VPN1] vpn-target 111:1 both [PE3-vpn-instance-VPN1] quit [PE3] ip vpn-instance VPN2 [PE3-vpn-instance-VPN2] route-distinguisher 100:23 [PE3-vpn-instance-VPN2] vpn-target 222:1 both [PE3-vpn-instance-VPN2] quit [PE3] interface gigabitethernet1/0/0 [PE3-GigabitEthernet1/0/0] ip binding vpn-instance VPN1 [PE3-GigabitEthernet1/0/0] ip address 100.3.1.2 24 [PE3-GigabitEthernet1/0/0] undo shutdown [PE3-GigabitEthernet1/0/0] quit [PE3] interface gigabitethernet1/0/1 [PE3-GigabitEthernet1/0/1] ip binding vpn-instance VPN2 [PE3-GigabitEthernet1/0/1] ip address 100.4.1.2 24 [PE3-GigabitEthernet1/0/1] undo shutdown [PE3-GigabitEthernet1/0/1] quit
(4) Configure the OSPF multi-instance on NPEs and PEs, and import the VPN routes. # Configure NPE1.
[NPE1] ospf 100 vpn-instance VPN1 [NPE1-ospf-100] domain-id 10 [NPE1-ospf-100] import-route bgp [NPE1-ospf-100] area 0 [NPE1-ospf-100-area-0.0.0.0] network 100.1.1.0 0.0.0.255 [NPE1-ospf-100-area-0.0.0.0] quit [NPE1-ospf-100] quit [NPE1] ospf 200 vpn-instance VPN2 [NPE1-ospf-200] domain-id 20 [NPE1-ospf-200] import-route bgp [NPE1-ospf-200] area 0 [NPE1-ospf-200-area-0.0.0.0] network 100.2.1.0 0.0.0.255 [NPE1-ospf-200-area-0.0.0.0] quit [NPE1-ospf-200] quit [NPE1] bgp 100 [NPE1-bgp] ipv4-family vpn-instance VPN1 [NPE1-bgp-VPN1] import-route direct
Issue 03 (2008-09-22)
8-53
[NPE1-bgp-VPN1] import-route ospf 100 [NPE1-bgp-VPN1] quit [NPE1-bgp] ipv4-family vpn-instance VPN2 [NPE1-bgp-VPN2] import-route direct [NPE1-bgp-VPN2] import-route ospf 200 [NPE1-bgp-VPN2] quit [NPE1-bgp] quit
# Configure NPE2.
[NPE2] ospf 100 vpn-instance VPN1 [NPE2-ospf-100] domain-id 10 [NPE2-ospf-100] import-route bgp [NPE2-ospf-100] area 0 [NPE2-ospf-100-area-0.0.0.0] network 100.1.1.0 0.0.0.255 [NPE2-ospf-100-area-0.0.0.0] quit [NPE2-ospf-100] quit [NPE2] ospf 200 vpn-instance VPN2 [NPE2-ospf-200] domain-id 20 [NPE2-ospf-200] import-route bgp [NPE2-ospf-200] area 0 [NPE2-ospf-200-area-0.0.0.0] network 100.2.1.0 0.0.0.255 [NPE2-ospf-200-area-0.0.0.0] quit [NPE2-ospf-200] quit [NPE2] bgp 100 [NPE2-bgp] ipv4-family vpn-instance VPN1 [NPE2-bgp-VPN1] import-route direct [NPE2-bgp-VPN1] import-route ospf 100 [NPE2-bgp-VPN1] quit [NPE2-bgp] ipv4-family vpn-instance VPN2 [NPE2-bgp-VPN2] import-route direct [NPE2-bgp-VPN2] import-route ospf 200 [NPE2-bgp-VPN2] quit [NPE2-bgp] quit
# Configure PE3.
[PE3] ospf 100 vpn-instance VPN1 [PE3-ospf-100] domain-id 10 [PE3-ospf-100] import-route bgp [PE3-ospf-100] area 0 [PE3-ospf-100-area-0.0.0.0] network 100.3.1.0 0.0.0.255 [PE3-ospf-100-area-0.0.0.0] quit [PE3-ospf-100] quit [PE3] ospf 200 vpn-instance VPN2 [PE3-ospf-200] domain-id 20 [PE3-ospf-200] import-route bgp [PE3-ospf-200] area 0 [PE3-ospf-200-area-0.0.0.0] network 100.4.1.0 0.0.0.255 [PE3-ospf-200-area-0.0.0.0] quit [PE3-ospf-200] quit [PE3] bgp 100 [PE3-bgp] ipv4-family vpn-instance VPN1 [PE3-bgp-VPN1] import-route direct [PE3-bgp-VPN1] import-route ospf 100 [PE3-bgp-VPN1] quit [PE3-bgp] ipv4-family vpn-instance VPN2 [PE3-bgp-VPN2] import-route direct [PE3-bgp-VPN2] import-route ospf 200 [PE3-bgp-VPN2] quit [PE3-bgp] quit
(5) Set up MP-IBGP peer relationships between the NPE and PE. # Configure PE2.
[NPE1] bgp 100 [NPE1-bgp] peer 5.5.5.9 as-number 100 [NPE1-bgp] peer 5.5.5.9 connect-interface loopback 1 [NPE1-bgp] ipv4-family vpnv4 [NPE1-bgp-af-vpnv4] peer 5.5.5.9 enable [NPE1-bgp-af-vpnv4] quit
8-54
Issue 03 (2008-09-22)
# Configure NPE2.
[NPE2] bgp 100 [NPE2-bgp] peer 5.5.5.9 as-number 100 [NPE2-bgp] peer 5.5.5.9 connect-interface loopback 1 [NPE2-bgp] ipv4-family vpnv4 [NPE2-bgp-af-vpnv4] peer 5.5.5.9 enable [NPE2-bgp-af-vpnv4] quit
# Configure PE3.
[PE3] bgp 100 [PE3-bgp] peer 3.3.3.9 as-number 100 [PE3-bgp] peer 3.3.3.9 connect-interface loopback 1 [PE3-bgp] peer 4.4.4.9 as-number 100 [PE3-bgp] peer 4.4.4.9 connect-interface loopback 1 [PE3-bgp] ipv4-family vpnv4 [PE3-bgp-af-vpnv4] peer 3.3.3.9 enable [PE3-bgp-af-vpnv4] peer 4.4.4.9 enable [PE3-bgp-af-vpnv4] quit
After the configuration is complete, run the display bgp peer or display bgp vpn4 all peer command. You can view that the BGP peer relationship is set up between NPE and PE, and it is in the Established status. Take NPE1 as an example.
[NPE1] display bgp peer BGP local router ID : 3.3.3.9 Local AS number : 100 Total number of peers : 1 Peers in established state : 1 Peer V AS MsgRcvd MsgSent OutQ Up/Down State PrefRcv 5.5.5.9 4 100 2 6 0 00:00:12 Established 2 [NPE1] display bgp vpnv4 all peer BGP local router ID : 3.3.3.9 Local AS number : 100 Total number of peers : 3 Peers in established state : 3 Peer V AS MsgRcvd MsgSent OutQ Up/Down State PrefRcv 5.5.5.9 4 100 12 18 0 00:09:38 Established 2
Run the display ip routing-table vpn-instance command on NPE or PE devices. You can view the routes to CEs at peer. Take NPE1 as an example.
[NPE1] display ip routing-table vpn-instance VPN1 Route Flags: R - relied, D - download to fib ----------------------------------------------------------------------------Routing Tables: VPN1 Destinations : 3 Routes : 3 Destination/Mask Proto Pre Cost Flags NextHop Interface 100.1.1.0/24 Direct 0 0 D 100.1.1.2 VirtualEthernet2/0/5 100.1.1.2/32 Direct 0 0 D 127.0.0.1 InLoopBack0 100.3.1.0/24 BGP 255 0 RD 5.5.5.9 Pos1/0/0
4.
Configure MPLS L2VPN on the access network. (1) Run IGP between NPE and UPE. OSPF is used in the example. # Configure UPE1.
<Quidway> system-view [Quidway] sysname UPE1 [UPE1] ospf [UPE1-ospf-1] area 0 [UPE1-ospf-1-area-0.0.0.0] [UPE1-ospf-1-area-0.0.0.0] [UPE1-ospf-1-area-0.0.0.0] [UPE1-ospf-1-area-0.0.0.0] [UPE1-ospf-1] quit
network 10.1.1.0 0.0.0.255 network 20.1.1.0 0.0.0.255 network 1.1.1.9 0.0.0.0 quit
Issue 03 (2008-09-22)
8-55
# Configure UPE2.
<Quidway> system-view [Quidway] sysname UPE2 [UPE2] ospf [UPE2-ospf-1] area 0 [UPE2-ospf-1-area-0.0.0.0] [UPE2-ospf-1-area-0.0.0.0] [UPE2-ospf-1-area-0.0.0.0] [UPE2-ospf-1-area-0.0.0.0] [UPE2-ospf-1] quit
network 30.1.1.0 0.0.0.255 network 40.1.1.0 0.0.0.255 network 2.2.2.9 0.0.0.0 quit
# Configure NPE1.
[NPE1] ospf [NPE1-ospf-1] area 0 [NPE1-ospf-1-area-0.0.0.0] [NPE1-ospf-1-area-0.0.0.0] [NPE1-ospf-1-area-0.0.0.0] [NPE1-ospf-1-area-0.0.0.0] [NPE1-ospf-1] quit network 10.1.1.0 0.0.0.255 network 30.1.1.0 0.0.0.255 network 3.3.3.9 0.0.0.0 quit
# Configure NPE2.
[NPE2] ospf [NPE2-ospf-1] area 0 [NPE2-ospf-1-area-0.0.0.0] network 20.1.1.0 0.0.0.255 [NPE2-ospf-1-area-0.0.0.0] network 40.1.1.0 0.0.0.255 [NPE2-ospf-1-area-0.0.0.0] network 4.4.4.9 0.0.0.0 [NPE2-ospf-1-area-0.0.0.0] [NPE2-ospf-1] quit
After the configuration is complete, run the display ospf routing command. You can view that the UPE and NPE can learn the loopback1 route of each other. Take NPE1 as an example.
[NPE1] display ospf routing OSPF Process 1 with Router ID 3.3.3.9 Routing Tables Routing for Network Destination Cost Type NextHop 30.1.1.0/24 1 Stub 30.1.1.2 20.1.1.0/24 3 Stub 10.1.1.1 4.4.4.9/32 4 Stub 10.1.1.1 4.4.4.9/32 4 Stub 30.1.1.1 40.1.1.0/24 3 Stub 30.1.1.1 3.3.3.9/32 1 Stub 3.3.3.9 2.2.2.9/32 2 Stub 30.1.1.1 10.1.1.0/24 1 Stub 10.1.1.2 1.1.1.9/32 2 Stub 10.1.1.1 Total Nets: 9 Intra Area: 9 Inter Area: 0 ASE: 0 NSSA: 0
AdvRouter 3.3.3.9 1.1.1.9 4.4.4.9 4.4.4.9 2.2.2.9 3.3.3.9 2.2.2.9 3.3.3.9 1.1.1.9
Area 0.0.0.0 0.0.0.0 0.0.0.0 0.0.0.0 0.0.0.0 0.0.0.0 0.0.0.0 0.0.0.0 0.0.0.0
(2) Configure the basic MPLS functions and MPLS LDP on the UPEs and NPEs. Specify the LSR-ID as loopback interface address, and set up LSPs. # Configure UPE1.
[UPE1] mpls lsr-id 1.1.1.9 [UPE1] mpls [UPE1-mpls] quit [UPE1] mpls ldp [UPE1-mpls-ldp] quit [UPE1] interface gigabitethernet [UPE1-GigabitEthernet1/0/0] mpls [UPE1-GigabitEthernet1/0/0] mpls [UPE1-GigabitEthernet1/0/0] quit [UPE1] interface gigabitethernet [UPE1-GigabitEthernet1/0/1] mpls [UPE1-GigabitEthernet1/0/1] mpls [UPE1-GigabitEthernet1/0/1] quit
# Configure UPE2.
8-56 Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd. Issue 03 (2008-09-22)
# Configure NPE1.
[NPE1] interface gigabitethernet [NPE1-GigabitEthernet2/0/0] mpls [NPE1-GigabitEthernet2/0/0] mpls [NPE1-GigabitEthernet2/0/0] quit [NPE1] interface gigabitethernet [NPE1-GigabitEthernet2/0/1] mpls [NPE1-GigabitEthernet2/0/1] mpls [NPE1-GigabitEthernet2/0/1] quit 2/0/0 ldp 2/0/1 ldp
# Configure NPE2.
[NPE2] interface gigabitethernet [NPE2-GigabitEthernet2/0/0] mpls [NPE2-GigabitEthernet2/0/0] mpls [NPE2-GigabitEthernet2/0/0] quit [NPE2] interface gigabitethernet [NPE2-GigabitEthernet2/0/1] mpls [NPE2-GigabitEthernet2/0/1] mpls [NPE2-GigabitEthernet2/0/1] quit 2/0/0 ldp 2/0/1 ldp
After the configuration is complete, LDP sessions can be set up between UPEs and the NPEs. Run the display mpls ldp session command. You can view that the "Status" in the output is "Operational". Take NPE1 as an example.
[NPE1] display mpls ldp session LDP Session(s) in Public Network ----------------------------------------------------------------------------Peer-ID Status LAM SsnRole SsnAge KA-Sent/Rcv ----------------------------------------------------------------------------1.1.1.9:0 Operational DU Passive 000:00:02 12/12 2.2.2.9:0 Operational DU Passive 000:00:02 9/9 5.5.5.9:0 Operational DU Passive 000:00:02 10/10 ----------------------------------------------------------------------------TOTAL: 3 session(s) Found. LAM : Label Advertisement Mode SsnAge Unit : DDD:HH:MM
The default VC type of a VLL on a VE interface of the peer NPE is Ethernet. Therefore, when creating a VSI on the UPE, you need to change the encapsulation type to Ethernet so that the encapsulation types at both ends of a VC are the same.
# Configure UPE1.
[UPE1] mpls l2vpn [UPE1-l2vpn] quit [UPE1] vsi admin-vsi1 static [UPE1-admin-vsi1] pwsignal ldp
Issue 03 (2008-09-22)
8-57
[UPE1-admin-vsi1-ldp] vsi-id 10 [UPE1-admin-vsi1-ldp] peer 3.3.3.9 upe [UPE1-admin-vsi1-ldp] peer 4.4.4.9 upe [UPE1-admin-vsi1-ldp] quit [UPE1-admin-vsi1] encapsulation ethernet [UPE1-admin-vsi1] admin-vsi [UPE1-admin-vsi1] quit
# Configure UPE2.
[UPE2] mpls l2vpn [UPE2-l2vpn] quit [UPE2] vsi admin-vsi2 static [UPE2-admin-vsi2] pwsignal ldp [UPE2-admin-vsi2-ldp] vsi-id 20 [UPE2-admin-vsi2-ldp] peer 3.3.3.9 upe [UPE2-admin-vsi2-ldp] peer 4.4.4.9 upe [UPE2-admin-vsi2-ldp] quit [UPE2-admin-vsi2] encapsulation ethernet [UPE2-admin-vsi2] admin-vsi [UPE2-admin-vsi2] quit
An NPE does not need to learn the MAC addresses of other NPEs, so it is recommended that NPEs connect to the mVSIs on UPEs through VLL. The VC ID must be the same as the ID of the VSI that the NPE accesses. # Configure NPE1.
[NPE1] mpls l2vpn [NPE1-l2vpn] mpls l2vpn default martini [NPE1-l2vpn] quit [NPE1] interface virtual-ethernet2/0/0 [NPE1-Virtual-Ethernet2/0/0] mpls l2vc 1.1.1.9 10 [NPE1-Virtual-Ethernet2/0/0] quit [NPE1] interface virtual-ethernet2/0/2 [NPE1-Virtual-Ethernet2/0/2] mpls l2vc 2.2.2.9 20 [NPE1-Virtual-Ethernet2/0/2] quit
# Configure NPE2.
[NPE2] mpls l2vpn [NPE2-l2vpn] mpls l2vpn default martini [NPE2-l2vpn] quit [NPE2] interface virtual-ethernet2/0/0 [NPE2-Virtual-Ethernet2/0/0] mpls l2vc 1.1.1.9 10 [NPE2-Virtual-Ethernet2/0/0] quit [NPE2] interface virtual-ethernet2/0/2 [NPE2-Virtual-Ethernet2/0/2] mpls l2vc 2.2.2.9 20 [NPE2-Virtual-Ethernet2/0/2] quit
After the configuration is complete, run the display vsi name verbose command on UPEs. You can view that the Administrator VSI in the output is yes. Take UPE1 as an example.
[UPE1] display vsi name admin-vsi1 verbose ***VSI Name : admin-vsi1 Administrator VSI : yes Isolate Spoken : disable VSI Index : 0 PW Signaling : ldp Member Discovery Style : static PW MAC Learn Style : unqualify Encapsulation Type : ethernet MTU : 1500 Diffserv Mode : uniform Service Class : -Color : -DomainId : 255 Domain Name : Tunnel Policy Name : lsp VSI State : up VSI ID : 10
8-58
Issue 03 (2008-09-22)
Run the display mpls l2vc command on NPEs. You can view that the VC State in the output is up. Take NPE1 as an example.
[NPE1] display mpls l2vc total LDP VC : 2 2 up 0 down *client interface : Virtual-Ethernet2/0/0 session state : up AC status : up VC state : up VC ID : 10 VC type : Ethernet destination : 1.1.1.9 local VC label : 140289 remote VC label : 148480 control word : disable forwarding entry : existent local group ID : 0 manual fault : not set active state : active link state : up local VC MTU : 1500 remote VC MTU : 1500 tunnel policy name : -traffic behavior name: -PW template name : -primary or secondary : primary create time : 0 days, 0 hours, 0 minutes, 51 seconds up time : 0 days, 0 hours, 0 minutes, 50 seconds last change time : 0 days, 0 hours, 0 minutes, 50 seconds *client interface : Virtual-Ethernet2/0/2 session state : up AC status : up VC state : up VC ID : 20 VC type : Ethernet destination : 2.2.2.9 local VC label : 140290 remote VC label : 148481 control word : disable forwarding entry : existent local group ID : 0 manual fault : not set active state : active link state : up local VC MTU : 1500 remote VC MTU : 1500 tunnel policy name : -traffic behavior name: -PW template name : --
Issue 03 (2008-09-22)
8-59
(4) Create a Martini service VSI on UPEs, bind the service VSI to an mVSI, and connect it to CEs. # Configure UPE1.
[UPE1] vsi vsi1 static [UPE1-vsi1] pwsignal ldp [UPE1-vsi1-ldp] vsi-id 101 [UPE1-vsi1-ldp] peer 3.3.3.9 [UPE1-vsi1-ldp] peer 4.4.4.9 [UPE1-vsi1-ldp] quit [UPE1-vsi1] encapsulation ethernet [UPE1-vsi1] track admin-vsi admin-vsi1 [UPE1-vsi1] quit [UPE1] interface gigabitethenet 1/0/2.1 [UPE1-GigabitEthernet1/0/2.1] vlan-type dot1q 101 [UPE1-GigabitEthernet1/0/2.1] l2 binding vsi vsi1 [UPE1-GigabitEthernet1/0/2.1] quit
# Configure UPE2.
[UPE2] vsi vsi2 static [UPE2-vsi2] pwsignal ldp [UPE2-vsi2-ldp] vsi-id 102 [UPE2-vsi2-ldp] peer 3.3.3.9 [UPE2-vsi2-ldp] peer 4.4.4.9 [UPE2-vsi2-ldp] quit [UPE2-vsi2] encapsulation ethernet [UPE1-vsi2] track admin-vsi admin-vsi2 [UPE2-vsi2] quit [UPE2] interface gigabitethenet 1/0/2.1 [UPE2-GigabitEthernet1/0/2.1] vlan-type dot1q 102 [UPE2-GigabitEthernet1/0/2.1] l2 binding vsi vsi2 [UPE2-GigabitEthernet1/0/2.1] quit
An NPE does not need to learn the MAC addresses of other NPEs, so it is recommended that NPEs connect to the mVSIs on UPEs through VLL. The VC ID must be the same as the ID of the VSI that the NPE accesses. # Configure NPE1.
[NPE1] interface virtual-ethernet2/0/4 [NPE1-Virtual-Ethernet2/0/4] mpls l2vc 1.1.1.9 101 [NPE1-Virtual-Ethernet2/0/4] quit [NPE1] interface virtual-ethernet2/0/6 [NPE1-Virtual-Ethernet2/0/6] mpls l2vc 2.2.2.9 102 [NPE1-Virtual-Ethernet2/0/6] quit
# Configure NPE2.
[NPE2] interface virtual-ethernet2/0/4 [NPE2-Virtual-Ethernet2/0/4] mpls l2vc 1.1.1.9 101 [NPE2-Virtual-Ethernet2/0/4] quit [NPE2] interface virtual-ethernet2/0/6 [NPE2-Virtual-Ethernet2/0/6] mpls l2vc 2.2.2.9 102 [NPE2-Virtual-Ethernet2/0/6] quit
After the configuration is complete, run the display vsi command on UPEs. You can view that the VSI State in the output is up. Take UPE1 as an example.
[UPE1] display vsi name vsi1 Total VSI number is 1, 0 is up, 1 is down, 1 is LDP mode, 0 is BGP mode Vsi Mem PW Mac Encap Mtu Vsi Name Disc Type Learn Type Value State ------------------------------------------------------------------------vsi1 static ldp unqualify ethernet 1500 up
8-60
Issue 03 (2008-09-22)
Run the display mpls l2vc interface command on NPEs. You can view that the VC State in the output is up. Take NPE1 as an example.
[NPE1] display mpls l2vc *client interface session state AC state VC state VC ID VC type destination local group ID local VC label local AC OAM State local PSN State BFD for PW manual fault active state forwarding entry link state local VC MTU local VCCV remote VCCV local fragmentantion local control word tunnel policy traffic behavior PW template name primary or secondary VC tunnel/token info create time up time last change time interface virtual-ethernet2/0/4 : Virtual-Ethernet2/0/4 is up : up : up : up : 101 : Ethernet : 1.1.1.9 : 0 remote group ID : 0 : 140288 remote VC label : 140292 : up : up : unavailable : not set : active : exist : up : 1500 remote VC MTU : 1500 : Disable : none : disable remote fragmentantion: none : disable remote control word : none : lsp : -: -: primary : 0 tunnels/tokens : 0 days, 0 hours, 0 minutes, 10 seconds : 0 days, 0 hours, 0 minutes, 0 seconds : 0 days, 0 hours, 0 minutes, 10 seconds
Run the display admin-vsi binding command on the UPE. You can view the binding relationship of the service VSI and the mVSI. Take UPE1 as an example:
[UPE1] display admin-vsi binding Admin-vsi Service-vsi -------------------------------------------admin-vsi1 vsi1
5.
Configure the reliability of MPLS L2VPN on the access network. (1) Configure the mVRRP for NPEs. NPEs work in load balancing mode. For the VSI of UPE1, NPE1 serves as the master NPE; for the VSI of UPE2, NPE2 serves as the master NPE. # Configure NPE1.
[NPE1] interface virtual-ethernet2/0/1 [NPE1-Virtual-Ethernet2/0/1] ip address 192.168.1.1 24 [NPE1-Virtual-Ethernet2/0/1] vrrp vrid 1 virtual-ip 192.168.1.254 [NPE1-Virtual-Ethernet2/0/1] vrrp vrid 1 priority 120 [NPE1-Virtual-Ethernet2/0/1] admin-vrrp vrid 1 [NPE1-Virtual-Ethernet2/0/1] quit [NPE1] interface virtual-ethernet2/0/3 [NPE1-Virtual-Ethernet2/0/3] ip address 192.168.2.1 24 [NPE1-Virtual-Ethernet2/0/3] vrrp vrid 2 virtual-ip 192.168.2.254 [NPE1-Virtual-Ethernet2/0/3] admin-vrrp vrid 2 [NPE1-Virtual-Ethernet2/0/3] quit
# Configure NPE2.
[NPE2] interface virtual-ethernet2/0/1 [NPE2-Virtual-Ethernet2/0/1] ip address 192.168.1.2 24 [NPE2-Virtual-Ethernet2/0/1] vrrp vrid 1 virtual-ip 192.168.1.254 [NPE2-Virtual-Ethernet2/0/1] admin-vrrp vrid 1 [NPE2-Virtual-Ethernet2/0/1] quit [NPE2] interface virtual-ethernet2/0/3
Issue 03 (2008-09-22)
8-61
After the configuration is complete, run the display vrrp command on NPEs. You can view that VRRP backup group 1 is the Master in VE 2/0/1 of NPE1; VRRP backup group 2 is the Backup in VE 2/0/3. VRRP backup group 1 is the Backup in VE 2/0/1 of NPE2; VRRP backup group 2 is the Master in VE2/0/3. All these VRRP backup groups are mVRRPs. Take NPE1 as an example.
[NPE1] display vrrp Virtual-Ethernet2/0/3 | Virtual Router 2 state : Backup Virtual IP : 192.168.2.254 PriorityRun : 100 PriorityConfig : 100 MasterPriority : 120 preempt : yes delay time : 0 Timer : 1 Auth Type : NONE Virtual Mac : 0000-5e00-0102 Check TTL : YES Config type : admin-vrrp Virtual-Ethernet2/0/1 | Virtual Router 1 state : Master Virtual IP : 192.168.1.254 PriorityRun : 120 PriorityConfig : 120 MasterPriority : 120 preempt : yes delay time : 0 Timer : 1 Auth Type : NONE Virtual Mac : 0000-5e00-0101 Check TTL : YES Config type : admin-vrrp
# Configure NPE2.
[NPE2] interface virtual-ethernet2/0/5 [NPE2-Virtual-Ethernet2/0/5] vrrp vrid 3 virtual-ip 100.1.1.254 [NPE2-Virtual-Ethernet2/0/5] quit [NPE2] interface virtual-ethernet2/0/7 [NPE2-Virtual-Ethernet2/0/7] vrrp vrid 4 virtual-ip 100.2.1.254 [NPE2-Virtual-Ethernet2/0/7] quit
# Configure NPE2.
8-62 Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd. Issue 03 (2008-09-22)
[NPE2] interface virtual-ethernet2/0/5 [NPE2-Virtual-Ethernet2/0/5] vrrp vrid 3 track admin-vrrp interface virtual-ethernet2/0/1 vrid 1 [NPE2-Virtual-Ethernet2/0/5] quit [NPE2] interface virtual-ethernet2/0/7 [NPE2-Virtual-Ethernet2/0/7] vrrp vrid 4 track admin-vrrp interface virtual-ethernet2/0/3 vrid 2 [NPE2-Virtual-Ethernet2/0/7] quit
After the configuration is complete, run the display vrrp command on NPEs. You can view that the service VRRP status is the same as the status of the bound mVRRP. Take NPE1 as an example.
[NPE1] display vrrp Virtual-Ethernet2/0/7 | Virtual Router state : Initialize Virtual IP : 100.2.1.254 PriorityRun : 100 PriorityConfig : 100 MasterPriority : 100 preempt : yes delay time : 0 Timer : 1 Auth Type : NONE Virtual Mac : 0000-5e00-0104 Check TTL : YES Config type : member-vrrp Virtual-Ethernet2/0/5 | Virtual Router state : Master Virtual IP : 100.1.1.254 PriorityRun : 100 PriorityConfig : 100 MasterPriority : 100 preempt : yes delay time : 0 Timer : 1 Auth Type : NONE Virtual Mac : 0000-5e00-0103 Check TTL : YES Config type : member-vrrp Virtual-Ethernet2/0/3 | Virtual Router state : Backup Virtual IP : 192.168.2.254 PriorityRun : 100 PriorityConfig : 100 MasterPriority : 120 preempt : yes delay time : 0 Timer : 1 Auth Type : NONE Virtual Mac : 0000-5e00-0102 Check TTL : YES Config type : admin-vrrp Virtual-Ethernet2/0/1 | Virtual Router state : Master Virtual IP : 192.168.1.254 PriorityRun : 120 PriorityConfig : 120 MasterPriority : 120 preempt : yes delay time : 0 Timer : 1 Auth Type : NONE Virtual Mac : 0000-5e00-0101 Check TTL : YES Config type : admin-vrrp 4
Run the display vrrp binding admin-vrrp member-vrrp command on NPEs. You can view the binding relationships between the mVRRP backup group and the member VRRP backup groups. Take NPE1 as an example.
[NPE1] display vrrp binding admin-vrrp member-vrrp
Issue 03 (2008-09-22)
8-63
Interface: Virtual-Ethernet2/0/1, admin-vrrp vrid: 1, Member-vrrp number: 1 Interface: Virtual-Ethernet2/0/5, vrid: 3, state: Interface: Virtual-Ethernet2/0/3, admin-vrrp vrid: 2, Member-vrrp number: 1 Interface: Virtual-Ethernet2/0/7, vrid: 4, state:
# Configure NPE2.
[NPE2] bfd [NPE2-bfd] quit [NPE2] bfd peer1 bind peer-ip 192.168.1.1 [NPE2-bfd-session-peer1] discriminator local 431 [NPE2-bfd-session-peer1] discriminator remote 341 [NPE2-bfd-session-peer1] min-tx-interval 30 [NPE2-bfd-session-peer1] min-rx-interval 30 [NPE2-bfd-session-peer1] commit [NPE2-bfd-session-peer1] quit [NPE2] bfd peer2 bind peer-ip 192.168.2.1 [NPE2-bfd-session-peer2] discriminator local 432 [NPE2-bfd-session-peer2] discriminator remote 342 [NPE2-bfd-session-peer2] min-tx-interval 30 [NPE2-bfd-session-peer2] min-rx-interval 30 [NPE2-bfd-session-peer2] commit [NPE2-bfd-session-peer2] quit
After the configuration is complete, run the display bfd session all command on NPEs. You can view that the status of BFD is Up. Take PE1 as an example.
[NPE1] display bfd session all ------------------------------------------------------------------------------Local Remote PeerIpAddr InterfaceName State Type ------------------------------------------------------------------------------341 431 192.168.1.2 -Up S_IP 342 432 192.168.2.2 -Up S_IP ------------------------------------------------------------------------------Total UP/DOWN Session Number : 2/0
(5) Configure the Link BFD between NPEs and UPEs. # Configure UPE1.
[UPE1] bfd [UPE1-bfd] quit [UPE1] bfd link1 bind ldp-lsp peer-ip 3.3.3.9 nexthop 10.1.1.2 interface gigabitethernet 1/0/0
8-64
Issue 03 (2008-09-22)
[UPE1-bfd-session-link1] discriminator local 13 [UPE1-bfd-session-link1] discriminator remote 31 [UPE1-bfd-session-link1] process-pst [UPE1-bfd-session-link1] commit [UPE1-bfd-session-link1] quit [UPE1] bfd link2 bind ldp-lsp peer-ip 4.4.4.9 nexthop 20.1.1.2 interface gigabitethernet 1/0/1 [UPE1-bfd-session-link2] discriminator local 14 [UPE1-bfd-session-link2] discriminator remote 41 [UPE1-bfd-session-link2] process-pst [UPE1-bfd-session-link2] commit [UPE1-bfd-session-link2] quit
# Configure UPE2.
[UPE2] bfd [UPE2-bfd] quit [UPE2] bfd link1 bind ldp-lsp peer-ip 3.3.3.9 nexthop 30.1.1.2 interface gigabitethernet 1/0/1 [UPE2-bfd-session-link1] discriminator local 23 [UPE2-bfd-session-link1] discriminator remote 32 [UPE2-bfd-session-link1] process-pst [UPE2-bfd-session-link1] commit [UPE2-bfd-session-link1] quit [UPE2] bfd link2 bind ldp-lsp peer-ip 4.4.4.9 nexthop 40.1.1.2 interface gigabitethernet 1/0/0 [UPE2-bfd-session-link2] discriminator local 24 [UPE2-bfd-session-link2] discriminator remote 42 [UPE2-bfd-session-link2] process-pst [UPE2-bfd-session-link2] commit [UPE2-bfd-session-link2] quit
# Configure NPE1.
[NPE1] bfd link1 bind ldp-lsp peer-ip 1.1.1.9 nexthop 10.1.1.1 interface gigabitethernet 2/0/0 [NPE1-bfd-session-link1] discriminator local 31 [NPE1-bfd-session-link1] discriminator remote 13 [NPE1-bfd-session-link1] process-pst [NPE1-bfd-session-link1] commit [NPE1-bfd-session-link1] quit [NPE1] bfd link2 bind ldp-lsp peer-ip 2.2.2.9 nexthop 30.1.1.1 interface gigabitethernet 2/0/1 [NPE1-bfd-session-link2] discriminator local 32 [NPE1-bfd-session-link2] discriminator remote 23 [NPE1-bfd-session-link2] process-pst [NPE1-bfd-session-link2] commit [NPE1-bfd-session-link2] quit
# Configure NPE2.
[NPE2] bfd link1 bind ldp-lsp peer-ip 1.1.1.9 nexthop 20.1.1.1 interface gigabitethernet 2/0/1 [NPE2-bfd-session-link1] discriminator local 41 [NPE2-bfd-session-link1] discriminator remote 14 [NPE2-bfd-session-link1] process-pst [NPE2-bfd-session-link1] commit [NPE2-bfd-session-link1] quit [NPE2] bfd link2 bind ldp-lsp peer-ip 2.2.2.9 nexthop 40.1.1.1 interface gigabitethernet 2/0/0 [NPE2-bfd-session-link2] discriminator local 42 [NPE2-bfd-session-link2] discriminator remote 24 [NPE2-bfd-session-link2] process-pst [NPE2-bfd-session-link2] commit [NPE2-bfd-session-link2] quit
After the configuration is complete, run the display bfd session all command on UPEs and NPEs. You can view that the status of BFD is Up. Take UPE1 and NPE1 as examples.
[UPE1] display bfd session all -------------------------------------------------------------------------------
Issue 03 (2008-09-22)
8-65
Local Remote PeerIpAddr InterfaceName State Type ------------------------------------------------------------------------------13 31 3.3.3.9 GigabitEthernet1/0/0 Up S_LDPLSP 14 41 4.4.4.9 GigabitEthernet1/0/1 Up S_LDPLSP ------------------------------------------------------------------------------Total UP/DOWN Session Number : 2/0 [NPE1] display bfd session all ------------------------------------------------------------------------------Local Remote PeerIpAddr InterfaceName State Type ------------------------------------------------------------------------------31 13 1.1.1.9 GigabitEthernet2/0/0 Up S_LDPLSP 32 23 2.2.2.9 GigabitEthernet2/0/1 Up S_LDPLSP 341 431 192.168.1.2 -Up S_IP 342 432 192.168.2.2 -Up S_IP ------------------------------------------------------------------------------Total UP/DOWN Session Number : 4/0
(6) Bind the mVRRP to Peer BFD and Link BFD. # Configure NPE1.
[NPE1] interface virtual-ethernet2/0/1 [NPE1-Virtual-Ethernet2/0/1] vrrp vrid [NPE1-Virtual-Ethernet2/0/1] vrrp vrid [NPE1-Virtual-Ethernet2/0/1] quit [NPE1] interface virtual-ethernet2/0/3 [NPE1-Virtual-Ethernet2/0/3] vrrp vrid [NPE1-Virtual-Ethernet2/0/3] vrrp vrid [NPE1-Virtual-Ethernet2/0/3] quit 1 track bfd-session 341 peer 1 track bfd-session 31 link 2 track bfd-session 342 peer 2 track bfd-session 32 link
# Configure NPE2.
[NPE2] interface virtual-ethernet2/0/1 [NPE2-Virtual-Ethernet2/0/1] vrrp vrid [NPE2-Virtual-Ethernet2/0/1] vrrp vrid [NPE2-Virtual-Ethernet2/0/1] quit [NPE2] interface virtual-ethernet2/0/3 [NPE2-Virtual-Ethernet2/0/3] vrrp vrid [NPE2-Virtual-Ethernet2/0/3] vrrp vrid [NPE2-Virtual-Ethernet2/0/3] quit 1 track bfd-session 431 peer 1 track bfd-session 41 link 2 track bfd-session 432 peer 2 track bfd-session 42 link
After the configuration is complete, run the display vrrp command on NPEs. You can view that the mVRRP is bound to the Peer BFD and the Link BFD; the mVRRP is Up. Take NPE1 as an example.
[NPE1] display vrrp Virtual-Ethernet2/0/7 | Virtual Router 4 state : Initialize Virtual IP : 100.2.1.254 PriorityRun : 100 PriorityConfig : 100 MasterPriority : 100 preempt : yes delay time : 0 Timer : 1 Auth Type : NONE Virtual Mac : 0000-5e00-0104 Check TTL : YES Config type : member-vrrp Virtual-Ethernet2/0/5 | Virtual Router 3
8-66
Issue 03 (2008-09-22)
state : Master Virtual IP : 100.1.1.254 PriorityRun : 100 PriorityConfig : 100 MasterPriority : 100 preempt : yes delay time : 0 Timer : 1 Auth Type : NONE Virtual Mac : 0000-5e00-0103 Check TTL : YES Config type : member-vrrp Virtual-Ethernet2/0/3 | Virtual Router 2 state : Backup Virtual IP : 192.168.2.254 PriorityRun : 100 PriorityConfig : 100 MasterPriority : 120 preempt : yes delay time : 0 Timer : 1 Auth Type : NONE Virtual Mac : 0000-5e00-0102 Check TTL : YES Config type : admin-vrrp Track BFD : 32 type: link bfd-session state : up Track BFD : 342 type: peer bfd-session state : up Virtual-Ethernet2/0/1 | Virtual Router 1 state : Master Virtual IP : 192.168.1.254 PriorityRun : 120 PriorityConfig : 120 MasterPriority : 120 preempt : yes delay time : 0 Timer : 1 Auth Type : NONE Virtual Mac : 0000-5e00-0101 Check TTL : YES Config type : admin-vrrp Track BFD : 31 type: link bfd-session state : up Track BFD : 341 type: peer bfd-session state : up
6.
Configure the access of CEs through the access network to MPLS L3VPN with NPEs. # Configure CE1.
<Quidway> system-view [Quidway] sysname CE1 [CE1] interface gigabitethernet1/0/0.1 [CE1-GigabitEthernet1/0/0.1] vlan-type dot1q 101 [CE1-GigabitEthernet1/0/0.1] ip address 100.1.1.1 24 [CE1-GigabitEthernet1/0/0.1] quit [CE1] ospf 100 [CE1-ospf-100] area 0 [CE1-ospf-100-area-0.0.0.0] network 100.1.1.0 0.0.0.255 [CE1-ospf-100-area-0.0.0.0] quit [CE1-ospf-100] quit
# Configure CE2.
<Quidway> system-view [Quidway] sysname CE2 [CE2] interface gigabitethernet1/0/0.1 [CE2-GigabitEthernet1/0/0.1] vlan-type dot1q 102 [CE2-GigabitEthernet1/0/0.1] ip address 100.2.1.1 24 [CE2-GigabitEthernet1/0/0.1] quit [CE2] ospf 200 [CE2-ospf-200] area 0 [CE2-ospf-200-area-0.0.0.0] network 100.2.1.0 0.0.0.255
Issue 03 (2008-09-22)
8-67
# Configure CE3.
<Quidway> system-view [Quidway] sysname CE3 [CE3] interface gigabitethernet1/0/0 [CE3-GigabitEthernet1/0/0] ip address 100.3.1.1 24 [CE3-GigabitEthernet1/0/0] undo shutdown [CE3-GigabitEthernet1/0/0] quit [CE3] ospf 100 [CE3-ospf-100] area 0 [CE3-ospf-100-area-0.0.0.0] network 100.3.1.0 0.0.0.255 [CE3-ospf-100-area-0.0.0.0] quit [CE3-ospf-100] quit
# Configure CE4.
<Quidway> system-view [Quidway] sysname CE4 [CE4] interface gigabitethernet1/0/0 [CE4-GigabitEthernet1/0/0] ip address 100.4.1.1 24 [CE4-GigabitEthernet1/0/0] undo shutdown [CE4-GigabitEthernet1/0/0] quit [CE4] ospf 200 [CE4-ospf-200] area 0 [CE4-ospf-200-area-0.0.0.0] network 100.4.1.0 0.0.0.255 [CE4-ospf-200-area-0.0.0.0] quit [CE4-ospf-200] quit
7.
Verify the configuration. CE1, CE2, CE3, and CE4 can ping through each other.Take CE1 as example:
[CE1] ping 100.3.1.1 PING 100.3.1.1: 56 data bytes, press CTRL_C to break Reply from 100.3.1.1: bytes=56 Sequence=1 ttl=255 time=31 ms Reply from 100.3.1.1: bytes=56 Sequence=2 ttl=255 time=10 ms Reply from 100.3.1.1: bytes=56 Sequence=3 ttl=255 time=5 ms Reply from 100.3.1.1: bytes=56 Sequence=4 ttl=255 time=2 ms Reply from 100.3.1.1: bytes=56 Sequence=5 ttl=255 time=28 ms --- 100.3.1.1 ping statistics --5 packet(s) transmitted 5 packet(s) received 0.00% packet loss round-trip min/avg/max = 2/15/31 ms
# When the link between NPE1 and UPE1 is Down, run the display vrrp command on the NPE. You can view that the previous backup mVRRP is now the master and the status of the service VRRP is the same as that of the bound mVRRP. Take NPE1 as an example:
[NPE1] interface gigabitethernet2/0/0 [NPE1-GigabitEthernet2/0/0] shutdown [NPE1-GigabitEthernet2/0/0] quit [NPE1] display vrrp Virtual-Ethernet2/0/7 | Virtual Router 4 state : Master Virtual IP : 100.2.1.254 PriorityRun : 100 PriorityConfig : 100 MasterPriority : 100 preempt : yes delay time : 0 Timer : 1 Auth Type : NONE Virtual Mac : 0000-5e00-0104 Check TTL : YES Config type : member-vrrp Virtual-Ethernet2/0/5 | Virtual Router 3 state : Initialize Virtual IP : 100.1.1.254 PriorityRun : 100 PriorityConfig : 100
8-68
Issue 03 (2008-09-22)
MasterPriority : 100 preempt : yes delay time : 0 Timer : 1 Auth Type : NONE Virtual Mac : 0000-5e00-0103 Check TTL : YES Config type : member-vrrp Virtual-Ethernet2/0/3 | Virtual Router 2 state : Master Virtual IP : 192.168.2.254 PriorityRun : 100 PriorityConfig : 100 MasterPriority : 120 preempt : yes delay time : 0 Timer : 1 Auth Type : NONE Virtual Mac : 0000-5e00-0102 Check TTL : YES Config type : admin-vrrp Virtual-Ethernet2/0/1 | Virtual Router 1 state : Initialize Virtual IP : 192.168.1.254 PriorityRun : 120 PriorityConfig : 120 MasterPriority : 120 preempt : yes delay time : 0 Timer : 1 Auth Type : NONE Virtual Mac : 0000-5e00-0101 Check TTL : YES Config type : admin-vrrp
CE1 and CE3 can ping through each other. Take CE1 as example:
<CE1> ping 100.3.1.1 PING 100.3.1.1: 56 data bytes, press CTRL_C to break Reply from 100.3.1.1: bytes=56 Sequence=1 ttl=255 time=31 ms Reply from 100.3.1.1: bytes=56 Sequence=2 ttl=255 time=10 ms Reply from 100.3.1.1: bytes=56 Sequence=3 ttl=255 time=5 ms Reply from 100.3.1.1: bytes=56 Sequence=4 ttl=255 time=2 ms Reply from 100.3.1.1: bytes=56 Sequence=5 ttl=255 time=28 ms --- 100.3.1.1 ping statistics --5 packet(s) transmitted 5 packet(s) received 0.00% packet loss round-trip min/avg/max = 2/15/31 ms
Configuration Files
l
Issue 03 (2008-09-22)
8-69
peer 4.4.4.9 encapsulation ethernet track admin-vsi admin-vsi1 # mpls ldp # interface GigabitEthernet1/0/0 undo shutdown ip address 10.1.1.1 255.255.255.0 mpls mpls ldp # interface GigabitEthernet1/0/1 undo shutdown ip address 20.1.1.1 255.255.255.0 mpls mpls ldp # interface GigabitEthernet1/0/2 undo shutdown # interface GigabitEthernet1/0/2.1 vlan-type dot1q 10 l2 binding vsi vsi1 # interface LoopBack1 ip address 1.1.1.9 255.255.255.255 # bfd link1 bind ldp-lsp peer-ip 3.3.3.9 nexthop 10.1.1.2 interface gigabitethernet 1/0/0 discriminator local 13 discriminator remote 31 process-pst commit # bfd link2 bind ldp-lsp peer-ip 4.4.4.9 nexthop 20.1.1.2 interface gigabitethernet 1/0/1 discriminator local 14 discriminator remote 41 process-pst commit # ospf 1 area 0.0.0.0 network 1.1.1.9 0.0.0.0 network 10.1.1.0 0.0.0.255 network 20.1.1.0 0.0.0.255 # return l
8-70
Issue 03 (2008-09-22)
peer 3.3.3.9 peer 4.4.4.9 encapsulation ethernet track admin-vsi admin-vsi2 # mpls ldp # interface GigabitEthernet1/0/0 undo shutdown ip address 40.1.1.1 255.255.255.0 mpls mpls ldp # interface GigabitEthernet1/0/1 undo shutdown ip address 30.1.1.1 255.255.255.0 mpls mpls ldp # interface GigabitEthernet1/0/2 undo shutdown # interface GigabitEthernet1/0/2.1 vlan-type dot1q 10 l2 binding vsi vsi2 # interface LoopBack1 ip address 2.2.2.9 255.255.255.255 # bfd link1 bind ldp-lsp peer-ip 3.3.3.9 nexthop 30.1.1.2 interface gigabitethernet 1/0/1 discriminator local 23 discriminator remote 32 process-pst commit # bfd link2 bind ldp-lsp peer-ip 4.4.4.9 nexthop 40.1.1.2 interface gigabitethernet 1/0/0 discriminator local 24 discriminator remote 42 process-pst commit # ospf 1 area 0.0.0.0 network 2.2.2.9 0.0.0.0 network 30.1.1.0 0.0.0.255 network 40.1.1.0 0.0.0.255 # return l
Issue 03 (2008-09-22)
8-71
# mpls ldp # isis 1 network-entity 10.0000.0000.0001.00 # interface Pos1/0/0 undo shutdown link-protocol ppp ip address 50.1.1.2 255.255.255.0 isis enable 1 mpls mpls ldp # interface GigabitEthernet2/0/0 undo shutdown ip address 10.1.1.2 255.255.255.0 mpls mpls ldp # interface GigabitEthernet2/0/1 undo shutdown ip address 30.1.1.2 255.255.255.0 mpls mpls ldp # interface Virtual-Ethernet2/0/0 ve-group 1 l2-terminate mpls l2vc 1.1.1.9 10 # interface Virtual-Ethernet2/0/1 ve-group 1 l3-access ip address 192.168.1.1 255.255.255.0 vrrp vrid 1 virtual-ip 192.168.1.254 vrrp vrid 1 priority 120 vrrp vrid 1 track bfd-session 31 link vrrp vrid 1 track bfd-session 341 peer admin-vrrp vrid 1 # interface Virtual-Ethernet2/0/2 ve-group 2 l2-terminate mpls l2vc 2.2.2.9 20 # interface Virtual-Ethernet2/0/3 ve-group 2 l3-access ip address 192.168.2.1 255.255.255.0 vrrp vrid 2 virtual-ip 192.168.2.254 vrrp vrid 2 track bfd-session 32 link vrrp vrid 2 track bfd-session 342 peer admin-vrrp vrid 2 # interface Virtual-Ethernet2/0/4 ve-group 3 l2-terminate mpls l2vc 1.1.1.9 101 # interface Virtual-Ethernet2/0/5 ve-group 3 l3-access ip binding vpn-instance VPN1 ip address 100.1.1.2 255.255.255.0 vrrp vrid 3 virtual-ip 100.1.1.254 vrrp vrid 3 track admin-vrrp interface virtual-ethernet2/0/1 vrid 1 # interface Virtual-Ethernet2/0/6 ve-group 4 l2-terminate mpls l2vc 2.2.2.9 102 # interface Virtual-Ethernet2/0/7 ve-group 4 l3-access ip binding vpn-instance VPN2
8-72
Issue 03 (2008-09-22)
ip address 100.2.1.2 255.255.255.0 vrrp vrid 4 virtual-ip 100.2.1.254 vrrp vrid 4 track admin-vrrp interface virtual-ethernet2/0/3 vrid 2 # interface LoopBack1 ip address 3.3.3.9 255.255.255.255 isis enable 1 # bfd link1 bind ldp-lsp peer-ip 1.1.1.9 nexthop 10.1.1.1 interface gigabitethernet 2/0/0 discriminator local 31 discriminator remote 13 process-pst commit # bfd link2 bind ldp-lsp peer-ip 2.2.2.9 nexthop 30.1.1.1 interface gigabitethernet 2/0/1 discriminator local 32 discriminator remote 23 process-pst commit # bfd peer1 bind peer-ip 192.168.1.2 discriminator local 341 discriminator remote 431 min-tx-interval 30 min-rx-interval 30 commit # bfd peer2 bind peer-ip 192.168.2.2 discriminator local 342 discriminator remote 432 min-tx-interval 30 min-rx-interval 30 commit # bgp 100 peer 5.5.5.9 as-number 100 peer 5.5.5.9 connect-interface LoopBack1 # ipv4-family unicast undo synchronization peer 5.5.5.9 enable # ipv4-family vpnv4 policy vpn-target peer 5.5.5.9 enable # ipv4-family vpn-instance VPN1 import-route ospf 100 import-route direct # ipv4-family vpn-instance VPN2 import-route ospf 200 import-route direct # ospf 1 area 0.0.0.0 network 3.3.3.9 0.0.0.0 network 10.1.1.0 0.0.0.255 network 30.1.1.0 0.0.0.255 # ospf 100 vpn-instance VPN1 import-route bgp domain-id 0.0.0.10 area 0.0.0.0 network 100.1.1.0 0.0.0.255 # ospf 200 vpn-instance VPN2
Issue 03 (2008-09-22)
8-73
8-74
Issue 03 (2008-09-22)
ip address 192.168.2.2 255.255.255.0 vrrp vrid 2 virtual-ip 192.168.2.254 vrrp vrid 2 priority 120 vrrp vrid 2 track bfd-session 42 link vrrp vrid 2 track bfd-session 432 peer admin-vrrp vrid 2 # interface Virtual-Ethernet2/0/4 ve-group 3 l2-terminate mpls l2vc 1.1.1.9 101 # interface Virtual-Ethernet2/0/5 ve-group 3 l3-access ip binding vpn-instance VPN1 ip address 100.1.1.3 255.255.255.0 vrrp vrid 3 virtual-ip 100.1.1.254 vrrp vrid 3 track admin-vrrp interface virtual-ethernet2/0/1 vrid 1 # interface Virtual-Ethernet2/0/6 ve-group 4 l2-terminate mpls l2vc 2.2.2.9 102 # interface Virtual-Ethernet2/0/7 ve-group 4 l3-access ip binding vpn-instance VPN2 ip address 100.2.1.3 255.255.255.0 vrrp vrid 4 virtual-ip 100.2.1.254 vrrp vrid 4 track admin-vrrp interface virtual-ethernet2/0/3 vrid 2 # interface LoopBack1 ip address 4.4.4.9 255.255.255.255 isis enable 1 # bfd link1 bind ldp-lsp peer-ip 1.1.1.9 nexthop 20.1.1.1 interface gigabitethernet 2/0/1 discriminator local 41 discriminator remote 14 process-pst commit # bfd link2 bind ldp-lsp peer-ip 2.2.2.9 nexthop 40.1.1.1 interface gigabitethernet 2/0/0 discriminator local 42 discriminator remote 24 process-pst commit # bfd peer1 bind peer-ip 192.168.1.1 discriminator local 431 discriminator remote 341 min-tx-interval 30 min-rx-interval 30 commit # bfd peer2 bind peer-ip 192.168.2.1 discriminator local 432 discriminator remote 342 min-tx-interval 30 min-rx-interval 30 commit # bgp 100 peer 5.5.5.9 as-number 100 peer 5.5.5.9 connect-interface LoopBack1 # ipv4-family unicast undo synchronization peer 5.5.5.9 enable #
Issue 03 (2008-09-22)
8-75
8-76
Issue 03 (2008-09-22)
mpls ldp # interface Pos3/0/0 undo shutdown link-protocol ppp ip address 60.1.1.1 255.255.255.0 isis enable 1 mpls mpls ldp # interface LoopBack1 ip address 5.5.5.9 255.255.255.255 isis enable 1 # bgp 100 peer 3.3.3.9 as-number 100 peer 3.3.3.9 connect-interface LoopBack1 peer 4.4.4.9 as-number 100 peer 4.4.4.9 connect-interface LoopBack1 # ipv4-family unicast undo synchronization peer 3.3.3.9 enable peer 4.4.4.9 enable # ipv4-family vpnv4 policy vpn-target peer 3.3.3.9 enable peer 4.4.4.9 enable # ipv4-family vpn-instance VPN1 import-route ospf 100 import-route direct # ipv4-family vpn-instance VPN2 import-route ospf 200 import-route direct # ospf 100 vpn-instance VPN1 import-route bgp domain-id 0.0.0.10 area 0.0.0.0 network 100.3.1.0 0.0.0.255 # ospf 200 vpn-instance VPN2 import-route bgp domain-id 0.0.0.20 area 0.0.0.0 network 100.4.1.0 0.0.0.255 # return l
Issue 03 (2008-09-22)
8.5.5 Example for Configuring an L2VPN to Access Multiple L3VPNs Through Sub-interfaces for QinQ VLAN Tag Termination
Networking Requirements
As shown in Figure 8-10, NPEs and PEs serve as the PE of the IP/MPLS backbone network; UPEs serve as the PE of the VLL access network. LDP is used as the signaling protocol to set up a VLL between the UPE and the NPE. CE1 and CE2 are two sites of the same user, and they carry different types of services. The inner VLAN tag 10 and 20 are used to distinguish the services. The user services are tagged with outer VLAN tag100 after convergence by the Switch. UPEs send the packets to NPE by using the specified VLL on the access network according to the outer VLAN tag. Create VE 2/0/0 and VE 2/0/1 on NPE. VE 2/0/0 terminates the L2VE of VLL, and the VE 2/0/1 connects to the L3VE on MPLS L3VPN. Create two VE sub-interfaces on VE 2/0/1. VE 2/0/1.1 terminates the QinQ user packets with inner VLAN tag as 10, and connects to VPN1; VE 2/0/1.2 terminates the QinQ user packets with an inner VLAN tag as 20, and connects to VPN2. Therefore, the ping operations between CE1 and CE3, and CE2 and CE4 succeed.
8-78 Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd. Issue 03 (2008-09-22)
Figure 8-10 Networking diagram of configuring an L2VPN to access multiple L3VPNs through sub-interfaces for QinQ VLAN tag termination
VPN1 CE1 CE3 VPN1
GE1/0/0.1 100.1.1.1/24
VLAN10
GE1/0/1 GE1/0/0
Switch
GE1/0/2
GE1/0/0.1
VLAN100 VLAN20
UPE
POS2/0/0 10.1.1.2/24
NPE
POS2/0/0 20.1.1.2/24
PE
Access network
GE1/0/0.1 100.2.1.1/24
GE1/0/0 100.4.1.1/24
VPN2
CE2
CE4
VPN2
Configuration Roadmap
The configuration roadmap is as follows: 1. 2. 3. Configure the MPLS L3VPN backbone network. Create the L2VE interface on NPE to terminate the VLL, and the L3VE interface to access L3VPN. Bind them to the same VE-group. To configure the Martini VLL on the access network, perform the following procedures:
l
Configure routing protocols for devices (UPEs, P, and NPEs) on the access network to make them communicate, and enable MPLS. The default tunnel policy is used, and LSPs are set up to transmit user data. Enable MPLS L2VPN on the UPE and NPE, and establish VCs.
l l
4. 5.
Enable Layer 2 forwarding and QinQ on the Switch. Configure the access of CEs to MPLS L3VPN.
Data Preparation
To complete the configuration, you need the following data:
l l l l
VE-group number IP addresses of VE interfaces Names of VPN instances for MPLS L3VPN Value of inner and outer VLAN tag of user packets
Configuration Procedure
1. Configure an IP address for each interface. The configuration details are not mentioned here.
Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd. 8-79
Issue 03 (2008-09-22)
Configure the IP addresses for physical interfaces and the loopback interface according to Figure 8-10. The configuration details are not mentioned here. 2. Create VE 2/0/0 and VE 2/0/1 on NPEs, and bind them to the same VE-group. # Create VE 2/0/0 to terminate the MPLS L2VPN.
<Quidway> system-view [Quidway] sysname NPE [NPE] interface virtual-ethernet2/0/0 [NPE-Virtual-Ethernet2/0/0] ve-group 1 l2-terminate [NPE-Virtual-Ethernet2/0/0] quit
After the configuration is complete, run the display virtual-ethernet ve-group command. You can view the binding relationship between VE interfaces and a VE-group.
[NPE] display virtual-ethernet ve-group Ve-groupID L2VE 1 Virtual-Ethernet2/0/0 Total 1, 1 printed L3VE Virtual-Ethernet2/0/1
3.
Run an IGP on the VLL access network. OSPF is used in the example. The configuration details are not mentioned here. When configuring OSPF, advertise the 32-bit loopback interface addresses of the UPE and the NPE. For more configurations, see "Configuration Files."
4.
Configure basic MPLS functions and LDP on the VLL access network. # Configure the UPE.
<Quidway> system-view [Quidway] sysname UPE [UPE] mpls lsr-id 1.1.1.9 [UPE] mpls [UPE-mpls] quit [UPE] mpls ldp [UPE-mpls-ldp] quit [UPE] interface pos 2/0/0 [UPE-Pos2/0/0] mpls [UPE-Pos2/0/0] mpls ldp [UPE-Pos2/0/0] undo shutdown [UPE-Pos2/0/0] quit
5.
Enable MPLS L2VPN on the PE and establish VCs. # Configure the UPE.
[UPE] mpls l2vpn [UPE-l2vpn] mpls l2vpn default martini [UPE-l2vpn] quit [UPE] interface gigabitethernet 1/0/0.1
8-80
Issue 03 (2008-09-22)
The default VC type of a VLL on a VE interface is Ethernet. Therefore, when creating an L2VC on the UPE, you need to specify tagged to change the VC type to VLAN so that the encapsulation types at both ends of a VC are the same.
[NPE] mpls l2vpn [NPE-l2vpn] mpls l2vpn default martini [NPE-l2vpn] quit [NPE] interface virtual-ethernet2/0/0 [NPE-Virtual-Ethernet2/0/0] mpls l2vc 1.1.1.9 101 [NPE-Virtual-Ethernet2/0/0] quit
tagged
After the configuration is complete, check the VLL connections on the UPE and NPE. You can find one static L2VC. Take the NPE as an example.
[NPE] display mpls l2vc Total ldp vc : 1 1 up 0 down *Client Interface : Virtual-Ethernet2/0/0 Session State : up AC Status : up VC State : up VC ID : 101 VC Type : vlan Destination : 1.1.1.9 local VC label : 140288 remote VC label : 140292 control word : disable forwarding entry : not exist local group ID : 0 manual fault : not set active state : active link state : up local VC MTU : 1500 remote VC MTU : 1500 tunnel policy name : lsp traffic behavior name: -PW template name : -primary or secondary : primary create time : 0 days, 0 hours, 30 minutes, 18 seconds up time : 0 days, 0 hours, 0 minutes, 0 seconds last change time : 0 days, 0 hours, 30 minutes, 18 seconds
6.
Enable QinQ to add double tags for packets being sent to UPE by the Switch. # Configure the Switch.
<Quidway> system-view [Quidway] sysname Switch [Switch] vlan 100 [Switch-vlan100] quit [Switch] interface gigabitethernet [Switch-GigabitEthernet1/0/0] port [Switch-GigabitEthernet1/0/0] quit [Switch] interface gigabitethernet [Switch-GigabitEthernet1/0/1] port [Switch-GigabitEthernet1/0/1] quit [Switch] interface gigabitethernet [Switch-GigabitEthernet1/0/2] port [Switch-GigabitEthernet1/0/2] quit
1/0/0 trunk allow-pass vlan 100 1/0/1 vlan-stacking outside-vlan 10 stack-vlan 100 1/0/2 vlan-stacking outside-vlan 20 stack-vlan 100
# Configure CE1.
<Quidway> system-view [Quidway] sysname CE1 [CE1] interface gigabitethernet 1/0/0.1
Issue 03 (2008-09-22)
8-81
# Configure CE2.
<Quidway> system-view [Quidway] sysname CE2 [CE2] interface gigabitethernet 1/0/0.1 [CE2-GigabitEthernet1/0/0.1] ip address 100.2.1.1 24 [CE2-GigabitEthernet1/0/0.1] vlan-type dot1q 20 [CE2-GigabitEthernet1/0/0.1] quit
7.
Run the IGP on the MPLS backbone network. IS-IS is used as the IGP protocol in this example. The configuration details are not mentioned here. When configuring IS-IS, advertise the 32-bit loopback interface addresses of the PE and the NPE. For more configurations, see "Configuration Files."
8.
Create VPN instances, and configure the CEs to access the instances. # Configure the NPE.
[NPE] ip vpn-instance VPN1 [NPE-vpn-instance-VPN1] route-distinguisher 100:1 [NPE-vpn-instance-VPN1] vpn-target 111:1 both [NPE-vpn-instance-VPN1] quit [NPE] ip vpn-instance VPN2 [NPE-vpn-instance-VPN2] route-distinguisher 200:1 [NPE-vpn-instance-VPN2] vpn-target 222:1 both [NPE-vpn-instance-VPN2] quit [NPE] interface virtual-ethernet2/0/1 [NPE-Virtual-Ethernet2/0/1] mode user-termination [NPE-Virtual-Ethernet2/0/1] quit [NPE] interface virtual-ethernet2/0/1.1 [NPE-Virtual-Ethernet2/0/1.1] qinq termination ce-vid [NPE-Virtual-Ethernet2/0/1.1] ip binding vpn-instance [NPE-Virtual-Ethernet2/0/1.1] ip address 100.1.1.2 24 [NPE-Virtual-Ethernet2/0/1.1] arp broadcast enable [NPE-Virtual-Ethernet2/0/1.1] quit [NPE] interface virtual-ethernet2/0/1.2 [NPE-Virtual-Ethernet2/0/1.2] qinq termination ce-vid [NPE-Virtual-Ethernet2/0/1.2] ip binding vpn-instance [NPE-Virtual-Ethernet2/0/1.2] ip address 100.2.1.2 24 [NPE-Virtual-Ethernet2/0/1.2] arp broadcast enable [NPE-Virtual-Ethernet2/0/1.2] quit
10 VPN1
20 VPN2
# Configure CE3.
<Quidway> system-view [Quidway] sysname CE3
8-82
Issue 03 (2008-09-22)
[CE3] interface gigabitethernet1/0/0 [CE3-GigabitEthernet1/0/0] ip address 100.3.1.1 24 [CE3-GigabitEthernet1/0/0] undo shutdown [CE3-GigabitEthernet1/0/0] quit
# Configure CE4.
<Quidway> system-view [Quidway] sysname CE4 [CE4] interface gigabitethernet1/0/0 [CE4-GigabitEthernet1/0/0] ip address 100.4.1.1 24 [CE4-GigabitEthernet1/0/0] undo shutdown [CE4-GigabitEthernet1/0/0] quit
9.
Run OSPF between the PE and CE devices, and import the VPN routes. # Configure the NPE.
[NPE] ospf 100 vpn-instance VPN1 [NPE-ospf-100] domain-id 10 [NPE-ospf-100] import-route bgp [NPE-ospf-100] area 0 [NPE-ospf-100-area-0.0.0.0] network 100.1.1.0 0.0.0.255 [NPE-ospf-100-area-0.0.0.0] quit [NPE-ospf-100] quit [NPE] ospf 200 vpn-instance VPN2 [NPE-ospf-200] domain-id 20 [NPE-ospf-200] import-route bgp [NPE-ospf-200] area 0 [NPE-ospf-200-area-0.0.0.0] network 100.2.1.0 0.0.0.255 [NPE-ospf-200-area-0.0.0.0] quit [NPE-ospf-200] quit [NPE] bgp 100 [NPE-bgp] ipv4-family vpn-instance VPN1 [NPE-bgp-VPN1] import-route direct [NPE-bgp-VPN1] import-route ospf 100 [NPE-bgp-VPN1] quit [NPE-bgp] ipv4-family vpn-instance VPN2 [NPE-bgp-VPN2] import-route direct [NPE-bgp-VPN2] import-route ospf 200 [NPE-bgp-VPN2] quit [NPE-bgp] quit
# Configure CE1.
[CE1] ospf 100 [CE1-ospf-100] area 0 [CE1-ospf-100-area-0.0.0.0] network 100.1.1.0 0.0.0.255 [CE1-ospf-100-area-0.0.0.0] quit [CE1-ospf-100] quit
# Configure CE2.
[CE2] ospf 200 [CE2-ospf-200] area 0 [CE2-ospf-200-area-0.0.0.0] network 100.2.1.0 0.0.0.255 [CE2-ospf-200-area-0.0.0.0] quit [CE2-ospf-200] quit
Issue 03 (2008-09-22)
8-83
# Configure CE3.
[CE3] ospf 100 [CE3-ospf-100] area 0 [CE3-ospf-100-area-0.0.0.0] network 100.3.1.0 0.0.0.255 [CE3-ospf-100-area-0.0.0.0] quit [CE3-ospf-100] quit
# Configure CE4.
[CE4] ospf 200 [CE4-ospf-200] area 0 [CE4-ospf-200-area-0.0.0.0] network 100.4.1.0 0.0.0.255 [CE4-ospf-200-area-0.0.0.0] quit [CE4-ospf-200] quit
10. Set up MP-IBGP peer relationships between the NPE and PE. # Configure the NPE.
[NPE] bgp 100 [NPE-bgp] peer 3.3.3.9 as-number 100 [NPE-bgp] peer 3.3.3.9 connect-interface loopback 1 [NPE-bgp] ipv4-family vpnv4 [NPE-bgp-af-vpnv4] peer 3.3.3.9 enable [NPE-bgp-af-vpnv4] quit
After the configuration, run the display bgp peer command on the PE or the NPE. You can view that the BGP peer relationship between the PE and the NPE is set up and the status of the peer relationship is Established. Take the NPE as an example.
[NPE] display bgp peer BGP local router ID : 2.2.2.9 Local AS number : 100 Total number of peers : 1 Peers in established state : 1 Peer V AS MsgRcvd MsgSent OutQ Up/Down State PrefRcv 3.3.3.9 4 100 2 6 0 00:00:12 Established 2
11. Verify the configuration. # Run the display ip routing-table vpn-instance command on the PE or the NPE. You can view the routes to the remote CE. Take the NPE as an example.
[NPE] display ip routing-table vpn-instance VPN1 Route Flags: R - relay, D - download to fib -----------------------------------------------------------------------------Routing Tables: VPN1 Destinations : 3 Routes : 3 Destination/Mask Proto Pre Cost Flags NextHop Interface 100.1.1.0/24 Direct 0 0 D 100.1.1.2 Virtual-Ethernet2 /0/1.1 100.1.1.2/32 Direct 0 0 D 127.0.0.1 InLoopBack0
8-84
Issue 03 (2008-09-22)
100.3.1.0/24 BGP 255 0 RD 3.3.3.9 Pos1/0/0 [NPE] display ip routing-table vpn-instance VPN2 Route Flags: R - relay, D - download to fib -----------------------------------------------------------------------------Routing Tables: VPN2 Destinations : 3 Routes : 3 Destination/Mask Proto Pre Cost Flags NextHop Interface 100.2.1.0/24 Direct 0 0 D 100.2.1.2 Virtual-Ethernet2 /0/1.2 100.2.1.2/32 Direct 0 0 D 127.0.0.1 InLoopBack0 100.4.1.0/24 BGP 255 0 RD 3.3.3.9 Pos1/0/0
# The ping operations between CE1 and CE3, and CE2 and CE4 succeed. Take CE1 as example:
[CE1] ping 100.3.1.1 PING 100.3.1.1: 56 data bytes, press CTRL_C to break Reply from 100.3.1.1: bytes=56 Sequence=1 ttl=255 time=31 ms Reply from 100.3.1.1: bytes=56 Sequence=2 ttl=255 time=10 ms Reply from 100.3.1.1: bytes=56 Sequence=3 ttl=255 time=5 ms Reply from 100.3.1.1: bytes=56 Sequence=4 ttl=255 time=2 ms Reply from 100.3.1.1: bytes=56 Sequence=5 ttl=255 time=28 ms --- 100.3.1.1 ping statistics --5 packet(s) transmitted 5 packet(s) received 0.00% packet loss round-trip min/avg/max = 2/15/31 ms
Configuration Files
l
Issue 03 (2008-09-22)
8-85
8-86
Issue 03 (2008-09-22)
Issue 03 (2008-09-22)
8-87
8-88
Issue 03 (2008-09-22)
Issue 03 (2008-09-22)
8-89
Issue 03 (2008-09-22)
9-1
9.1 Introduction
This section describes the basic principles and concepts of VPLS convergence. 9.1.1 Overview 9.1.2 VPLS Convergence Features Supported in theNE80E/40E
9.1.1 Overview
The Ethernet switching technology has long been applied in the Local Area Network (LAN). With increasingly expanded bandwidth, simplicity, and cost-efficiency, the Ethernet technology is widely used in the Metropolitan Area Network (MAN) and Wide Area Network (WAN). The demands of the customer and the carrier also drive the rapid development of the Metro-Ethernet (ME). The advantages of the ME are as follows:
l l l l l
Flexible bandwidth Low cost and simple technology Wide application Powerful support on multicast High scalability and security
The major solutions of the ME are L3 convergence, Virtual Private LAN Service (VPLS) convergence, and full Ethernet. This chapter mainly describes the related features and typical configurations of VPLS convergence. Generally, in the VPLS convergence solution, dual NPEs are deployed and VPLS convergence is adopted to improve reliability. Hierarchical VPLS (HVPLS) or VPLS connections are set up between different devices in the ME. The Management Virtual Router Redundancy Protocol (mVRRP) is run between core devices to determine whether a device is the master or the backup. The pseudo wires (PWs) and attachment circuit (AC) interfaces between VSIs determine the master and the backup by tracking the status of the mVRRP virtual router. When mVRRP performs the master/backup switchover, the PW and AC interfaces between VSIs also perform the master/backup switchover. Meanwhile, the VSI clears its own MAC address and learns the MAC address of the new master device again.
mVRRP to track the status of the peer Bidirectional Forwarding Detection (BFD) session and the link BFD session; however, the status of the mVRRP virtual router (Backup or Master, except Initialize) then depends on the status of the VRRP management group.
NOTE
For more information about VRRP, refer to the chapter "VRRP Configuration" in the Quidway NetEngine80E/40E Router Configuration Guide - Reliability
Determining the Master and the Backup Through the mVRRP Virtual Router in Dual Homing
As shown inFigure 9-1, the underlayer provider edge (UPE) is dual-homed to the network provider edges (NPEs). VRRP is run between NPEs. The VRRP priority determines whether an NPE is the master or the backup. When the link related to the master NPE fails or the master NPE itself fails, the backup NPE can switch itself to be the master NPE. To satisfy the requirements of different services, multiple VRRP virtual routers can be run between NPEs. Each VRRP virtual router needs to maintain its own state machine; therefore, a large number of VRRP protocol packets exist between NPEs. To simplify the operation and reduce the bandwidth occupied by protocol packets, you can configure one VRRP virtual router to be an mVRRP virtual router and bind it and other service virtual routers. Then the status of the service virtual router is determined by the status of the bound mVRRP virtual router. Figure 9-1 Networking diagram of determining the master and the backup through the mVRRP virtual router in dual homing
NPE1
mVRRP UPE
NPE2
In different application scenarios, the bindings of mVRRP fall into the following types:
l
Binding of the service virtual router and the mVRRP virtual router After the service virtual router is bound with the mVRRP virtual router, the state machine of the service virtual router becomes dependent. That is, the service virtual router deletes the protocol timer, no longer sends or receives protocol packets, and implements its state machine by directly copying the status of the mVRRP virtual router. The service virtual router can be bound to only one mVRRP virtual router. The mVRRP virtual router is
Issue 03 (2008-09-22)
9-3
identifies by the virtual router ID (VRID) and the interface configured with the virtual router.
l
Binding of the service interface (also regarded as the member interface) and the mVRRP virtual router In Figure 9-1, if the UPE is dual-homed to the NPEs through two physical links, you can bind the service interface and the mVRRP virtual router to determine whether a service interface is the master or the backup.
When the status of the mVRRP virtual router bound with the service interface changes to Master, the mVRRP virtual router notifies the change to all the bound service interfaces. If L3 services are run on the interface, the status of the interface is set to Up and the network segment route is generated. The forwarding plane enables the bidirectional traffic forwarding according to the interface status. If L2 services are run on the interface, the status of the interface is directly set to Up, and the forwarding plane enables the bidirectional traffic forwarding.
When the status of the mVRRP virtual router bound with the service interface changes to Initialize or Backup, the mVRRP virtual router notifies the change to all the bound service interfaces. If L3 services are run on the interface, the status of the interface is set to Down and the network segment route is deleted. The forwarding plane disables the bidirectional traffic forwarding. If L2 services are run on the interface, the status of the interface is directly set to Down. The forwarding plane disables the bidirectional traffic forwarding.
Binding of the PW and the mVRRP virtual router In Figure 9-1, if Virtual Leased Line (VLL), Pseudo-Wire Emulation Edge to Edge (PWE3), or VPLS is run between the UPE and the NPEs, the UPE is dual-homed to the NPEs. You can bind the PW and the mVRRP virtual router to determine whether a PW is the master or the backup.
If the original status of the PW is Down, the PW status is still Down after the binding. After the binding, if the original status of the PW is Up, the PW status is still Up if the mVRRP virtual router is in the Master state; the PW status becomes Down if the mVRRP virtual router is in the Backup state.
The two NPEs can share the load, as shown in Figure 9-2.
9-4
Issue 03 (2008-09-22)
I n t e rn e t
IP/MPLS core
IP network NPE2
NPE1
DSLAM2 DSLAM1
DSLAM3
Access network
Multiple mVRRP virtual routers are run between the NPEs. The services choose different NPEs as the master NPE through bindings with different mVRRP virtual routers. For example, the user of UPE1 uses NPE1 as the master NPE and uses NPE2 as the backup NPE; the customer of UPE2 uses NPE2 as the master NPE and uses NPE1 as the backup NPE.
mVPLS
The VSI of management VPLS (mVPLS) is called the mVSI. Compared with the service VSI (also regarded as the member VSI), the mVSI becomes Up on different conditions as follows:
l l
Service VSI: requires two or more Up AC interfaces, or an Up AC interface and an Up PW. mVSI: requires an Up PW.
The mVSI can be bound with the service VSI. When receiving a gratuitous ARP packet or a BFD Down packet, the mVSI notifies all the bound service VSIs to clear the MAC address entries and learn the MAC address again.
Issue 03 (2008-09-22) Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd. 9-5
VSI1 VSI2 NPE1 mVSI VSI1 VSI2 UPE VSI1 VSI2 NPE2 PW for mVSI PW for normal VSI
mVRRP packets and other service packets are transmitted through different PWs, so they are separated from each other. To enable the fast switchover of mVRRP virtual router between the NPEs, you need to configure peer BFD between NPEs. The peer BFD packets are also transmitted through the mPW and exchanged by the mVSI. The mVSI and the service VSI are bound on the UPE. When the VRRP virtual router on the NPE performs master/backup switchover, the following occurs: 1. 2. The mVSI on the UPE receives the gratuitous ARP packet sent from the NPE through the mPW between the UPE and the NPEs. The mVSI checks whether the received gratuitous ARP packet is the same as the previously received one. That is, the mVSI checks whether the two packets are received through the same PW and whether their IP addresses, incoming labels, incoming interfaces, and MAC addresses are the same.
l l
If they are the same, it indicates that the mVRRP virtual router between NPEs does not perform the master/backup switchover. If they are the different, it indicates that the mVRRP virtual router between NPEs has performed the master/backup switchover.
3. 4.
The UPE clears the MAC addresses of all the bound service VSIs according to the binding of the mVSI and the service VSI. When the service VSI receives the packet destined for the new NPE after the MAC address of the original master NPE is cleared, the service VSI broadcasts the packet because the
Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd. Issue 03 (2008-09-22)
9-6
packet is encapsulated in the unknown frame. After learning the MAC address of the new master NPE, the service VSI sends the packet to the new master NPE. In addition, different from the service VSI, the mVSI is used to transmit and intercept the ARP and BFD packets; therefore, users are not allowed to shut down the mVSI.
Influencing the State Machine of the VRRP Virtual Router Through Link BFD and Peer BFD
As shown in Figure 9-4, VRRP is run between the NPEs. BFD running between the NPEs is called peer BFD; BFD running between the UPE and the NPEs is called link BFD. Peer BFD is used to detect the fault on the device and the link between NPEs; link BFD is used to detect the device and link between the UPE and the NPEs. Figure 9-4 Peer BFD and Link BFD
NPE1
Lin
kB
FD
NPE2
The statuses of the peer BFD session and the link BFD session directly affect the status of the VRRP virtual router; the status of the ordinary BFD for VRRP session indirectly affects the status of the VRRP virtual router by modifying the priority. The modification on the priority, however, does not necessarily change the status of the VRRP virtual router. mVRRP can implement the master/backup switchover more rapidly and locate the fault by tracking the peer BFD status and the link BFD status.
VE Interfaces
In the traditional networking environment shown in Figure 9-5, a PE-AGG and an NPE are generally deployed at the cross-connection point between the access network and the bearer network so that the Layer 2 Virtual Private Network (L2VPN) can access the public network or the L3VPN. The PE-AGG implements the termination and access of the PW of the L2VPN (VLL and VPLS); the NPE implements the termination and access of the L3 service. They act as customer edges (CEs) to each other.
Issue 03 (2008-09-22)
9-7
Figure 9-5 Networking diagram of the access of the traditional L2VPN to the L3VPN
Access network
Bearer network
UPE1
L2VPN L3VPN
PE2
PE-AGG CE1
NPE1 CE2
If an NPE can implement the functions of a PE-AGG and an NPE at the same time, the networking cost is saved and the network complexity is simplified, as shown in Figure 9-6. Figure 9-6 Networking diagram of the access of the L2VPN supported by the VE interface to the L3VPN
Access network
L2VE L3VE
Bearer network
PE2
L3VPN
VP L2 N
NPE1
UPE1
CE1
CE2
In the configuration of VPLS convergence, NPE1 implements the L2VPN termination and L3VPN access functions by using the VE interface; thus NPE1 can implement the functions of both the NPE and the PE-AGG in the traditional networking.
NPE1
NPE2
Pre-configuration Tasks
Before configuring basic functions of mVSIs, complete the following tasks:
l l l l l
Configuring the LSR IDs on the UPE and the NPEs and enabling MPLS Enabling MPLS L2VPN on the UPE and the NPEs Establishing MPLS LDP sessions between the UPE and the NPEs Correctly configuring the service VRRP virtual router on the NPEs Correctly configuring the service VSI on the UPE
Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd. 9-9
Issue 03 (2008-09-22)
Data Preparation
To configure basic functions of mVSIs, you need the following data. No. 1 2 Data Names and IDs of the mVSI and the service VSI Interface bound with the VSI
Procedure
Step 1 Run:
system-view
A VSI is created and the static member discovery mechanism is adopted. Step 3 Run:
pwsignal ldp
An LDP is configured as the PW signaling protocol and the VSI LDP view is displayed. Step 4 Run:
vsi-id vsi-id
The VSI peer between the UPE and the NPE is configured. The MPLS LSR ID of the NPE is specified as the peer address. Step 6 Run:
quit
Procedure
Step 1 Run:
system-view
The service VSI is bound to the mVSI. The mVSI can be bound to the service VSI. When receiving a gratuitous ARP packet or a BFD Down packet, the mVSI notifies all bound service VSIs to clear the MAC address entries and learn the MAC addresses again.
NOTE
The control plane notifies the forwarding plane to clear the MAC address of the service VSI according to whether the number of service VSIs bound to the mVSI reaches the threshold. The threshold value is determined by the PAF file and the License file. If the number does not reach the threshold, the control plane delivers notification messages to the forwarding plane to clear the MAC address of the service VSI bound with the mVSI and records the log. If the number reaches the threshold, the control plane delivers notification messages to the forwarding plane to clear the MAC addresses of all the service VSIs and records the log.
You can enable forwarding isolation between AC interfaces, between UPE PWs, and between ACs and UPE PWs on the VSI. By default, forwarding between AC interfaces, between UPE PWs, and between ACs and UPE PWs is not isolated.. ----End
Action Check the binding of the mVSI and the service VSI.
Run the display admin-vsi binding command. If the mVRRP virtual router and the service VSI are bound successfully, you can view the bindings of the mVRRP virtual router and all the service VSIs.
<Quidway> display admin-vsi binding Admin-vsi Service-vsi -------------------------------------------admin-vsi1 biz-vsi1 biz-vsi2
9-12
Issue 03 (2008-09-22)
Figure 9-8 Networking diagram of configuring VPLS convergence (UPE directly accesses the NPE)
mVRRP VRRP
mVRRP VRRP
NPE1
NPE2
VSI mVSI
Pre-configuration Tasks
Before configuring basic functions of VPLS convergence (UPE directly accesses the NPEs), complete the following tasks:
l l l l l
Configuring the LSR IDs on the UPE and the NPEs and enabling MPLS Enabling MPLS L2VPN on the UPE and the NPEs Establishing MPLS LDP sessions between the UPE and the NPEs Correctly configuring the service VRRP virtual router on the NPEs Correctly configuring the service VSI on the UPE
Data Preparation
To configure basic functions of VPLS convergence (UPE directly accesses the NPEs), you need the following data. No. 1 2 3 4 Data Names and IDs of the mVSI and the service VSI VRID and virtual IP address of the virtual device IP address of the peer and the tunnel policy used by the PW Interface bound with the VSI
Issue 03 (2008-09-22)
9-13
Procedure
l Create an L2VE interface. 1. Run:
system-view
The VE1 interface is created and the VE1 interface view is displayed. 3. Run:
ve-group ve-group-id l2-terminate
The VE1 interface is configured as an L2 VE interface and is bound with the corresponding VE group. l Create an L3VE interface. 1. Run:
system-view
The VE2 interface is created and the VE2 interface view displayed. 3. Run:
ve-group ve-group-id l3-access
The VE2 interface is configured as an L3 VE interface and is bound with the corresponding VE group.
NOTE
You must bind the L3VE interface and the L2VE interface to the same VE group.
----End
Postrequisite
The L2VE interface is used to configure the mPW between the NPEs and the UPE; the L3VE interface is used to configure the mVRRP virtual router between the NPEs.
Procedure
Step 1 Run:
system-view
A virtual router is created and configured with a virtual IP address. Step 4 Run:
vrrp vrid virtual-router-id priority priority-value
The priority of the router in the virtual router is configured. Step 5 Run:
admin-vrrp vrid virtual-router-id
The VRRP virtual router is configured as the mVRRP virtual router. ----End
Postrequisite
The mVRRP virtual router can also be configured in the L3VE sub-interface view; however, for the NE40E, currently, only VRRP in the mode of sub-interface for QinQ VLAN tag termination is supported. For the detailed configuration, refer to the chapter "QinQ Configuration" in the Quidway NetEngine80E/40E Router Configuration Guide - LAN Access and MAN Access.
Procedure
l Configure HVPLS and the mVSI. Do as follows on the UPE: 1. Run:
system-view
The VSI is created and the static member discovery mechanism is adopted. 3.
Issue 03 (2008-09-22)
Run:
Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd. 9-15
LDP is configured as the PW signaling protocol and the VSI LDP view is displayed. 4. Run:
vsi-id vsi-id
The VSI peer between the UPE and the PE-AGG is configured. The MPLS LSR ID of the PE-AGG is specified as the peer address. 6. Run:
quit
The current VSI is set as the mVSI. l Configure the mPW between the NPEs and the UPE. Do as follows on the NPE: 1. Run:
system-view
The VLL connection between the NPEs and the UPE is established. The specified VID must be consistent with the ID of the mVSI configured in Step 1 so that the VLL can access the mVSI on the UPE. The VLL connection between the NPEs and the UPE is established. The specified VID must be consistent with the ID of the mVSI configured in Step 1 so that the VLL can access the mVSI on the UPE. ----End
1.
Run:
system-view
The view of the interface that runs service VRRP is displayed. 3. Run:
vrrp vrid virtual-router-id1 track admin-vrrp interface interface-type interface-number [.subinterface-number ] vrid virtual-router-id2
The service VRRP virtual router and the mVRRP virtual router are bound. After the binding, the service VRRP state machine becomes dependent. The service VRRP virtual router deletes the protocol timer, no longer sends or receives protocol packets, and implements its own state machine by directly copying the status of the mVRRP virtual router. The service VRRP virtual router can be bound to only one mVRRP virtual router. l Binding the Service Interface and the mVRRP Virtual Router If the user packets of the UPE are transmitted to the NPE through the physical link, do as follows on the NPE: 1. Run:
system-view
The service interface is bound with the mVRRP virtual router. After the binding, the status of the service interface becomes dependent. The status of the service interface depends on the status of the mVRRP virtual router. l Binding the mVRRP Virtual Router and the VLL PW If the user packets of the UPE are transmitted to the NPE through the VLL PW, do as follows on the NPE: 1. Run:
system-view
Issue 03 (2008-09-22)
9-17
The VLL connection between the NPEs and the UPE is established. 4. Run:
mpls l2vc track admin-vrrp interface interface-type interface-number vrid virtual-router-id
Or
mpls switch-l2vc ip-address vc-id encapsulation { ethernet | ipinterworking | ip-layer2 | vlan } track admin-vrrp interface interfacetype interface-number vrid virtual-router-id
The mVRRP virtual router is bound with the VLL PW. After the binding, the status of the service PW depends on the status of the mVRRP virtual router. l Binding the mVRRP Virtual Router and the VPLS PW If the user packets of the UPE are transmitted to the service VSI on the NPE through the VPLS PW, do as follows on the NPE: 1. Run:
system-view
The VSI is created and the static member discovery mechanism is adopted. 3. Run:
pwsignal ldp
LDP is configured as the PW signaling protocol and the VSI LDP view is displayed. 4. Run:
vsi-id vsi-id
The service VSI peer between the NPE and the UPE is configured. The MPLS LSR ID of the UPE is specified as the peer address. 6. Run:
peer peer-address [ negotiation-vc-id vc-id ] track admin-vrrp interface interface-type interface-number vrid virtual-router-id
The mVRRP virtual router is bound with the VPLS PW. ----End
Procedure
Step 1 Run:
system-view
The service VSI is bound with the mVSI. The mVSI can be bound with the service VSI. When receiving the gratuitous ARP packet or BFD Down packet, the mVSI notifies all bound service VSIs to clear the MAC address entries and learn the MAC address again.
NOTE
If the number does not reach the threshold, the control plane delivers notification messages to the forwarding plane to clear the MAC address of the service VSI bound with the mVSI and records the log. If the number reaches the threshold, the control plane delivers notification messages to the forwarding plane to clear the MAC addresses of all the service VSIs and records the log.
Forwarding isolation between the AC interfaces of the service VSI is enabled. By default, forwarding isolation between the AC interfaces of the service VSI is not enabled. ----End
Command display vrrp binding admin-vrrp [ interface interfacetype1 interface-number1 ] [vrid virtual-router-id ] display vrrp binding admin-vrrp [ interface interfacetype1 interface-number1 ] [vrid virtual-router-id ] member-vrrp [ interface interface-type2 interfacenumber2 ] [ vrid virtual-router-id ] display vrrp binding admin-vrrp [ interface interfacetype1 interface-number1 ] [ vrid virtual-router-id ] member-pw
9-19
Action Check the binding of the mVRRP virtual router and the service PW of the VLL. Check the binding of the mVRRP virtual router and the VPLS service PW. Check the binding of the mVRRP virtual router and the service PW in the PW switching. Check the binding of the mVRRP virtual router and the service interface. Check the binding of the mVSI and the service VSI.
Command display vrrp binding admin-vrrp [ interface interfacetype1 interface-number1 ] [ vrid virtual-router-id ] member-pw vc interface interface-type2 interfacenumber2 display vrrp binding admin-vrrp [ interface interfacetype1 interface-number1 ] [ vrid virtual-router-id ] member-pw vsi vsi-name peer ip-address [ negotiationvc-id vc-id1 ] display vrrp binding admin-vrrp [ interface interfacetype1 interface-number1 ] [ vrid virtual-router-id ] member-pw switch-vc peer ip-address vc-id2 display vrrp binding admin-vrrp [ interface interfacetype interface-number ] [ vrid virtual-router-id ] memberinterface [ interface interface-type interface-number ] display admin-vsi binding [ admin-vsi vsi-name ]
Run the display vrrp binding admin-vrrp member-vrrp command. If the mVRRP virtual router and the service VRRP virtual router are bound successfully, you can view the bindings of the mVRRP virtual router and all the service VRRP virtual routers.
<Quidway> display vrrp binding admin-vrrp member-vrrp Interface: GigabitEthernet1/0/0.1, admin-vrrp vrid: 1, Member-vrrp number: 2 Interface: GigabitEthernet1/0/0.3, vrid: 3, state: Interface: GigabitEthernet1/0/0.4, vrid: 4, state: Interface: GigabitEthernet1/0/0.2, admin-vrrp vrid: 2, Member-vrrp number: 1 Interface: GigabitEthernet1/0/0.5, vrid: 5, state: state: Master Master Master state: Master Master
Run the display vrrp binding admin-vrrp member-pw command. If the mVRRP virtual router and the service PW are bound successfully, you can view the bindings of the mVRRP virtual router and all the service PWs.
<Quidway> display vrrp binding admin-vrrp member-pw Interface: GigabitEthernet1/0/0.1, admin-vrrp vrid: 1, state: Master VSI PW number: 1 VSI name: v1, peer router ID: 4.4.4.4, vcid: 900, state: Up VC number: 1 Interface name: GigabitEthernet1/0/0.6, type: VLAN, state: Up Switch VC number: 1 peer router ID: 1.1.1.1, vcid: 500, type: VLAN, state: Up
Run the display vrrp binding admin-vrrp member-interface command. If the mVRRP virtual router and the service interface are bound successfully, you can view the bindings of the mVRRP virtual router and all the service interfaces.
<Quidway> display vrrp binding admin-vrrp member-interface Interface: GigabitEthernet1/0/0.1, admin-vrrp vrid: 1, state: Master Member-interface number: 1 Interface: GigabitEthernet1/0/0.8, state: Up
9-20
Issue 03 (2008-09-22)
Run the display admin-vsi binding command. If the mVRRP virtual router and the service VSI are bound successfully, you can view the bindings of the mVRRP virtual router and all the service VSIs.
<Quidway> display admin-vsi binding Admin-vsi Service-vsi -------------------------------------------admin-vsi1 biz-vsi1 biz-vsi2
9.4.1 Clearing the Statistics of the Packets Sent and Received by the VRRP Virtual Router
CAUTION
The statistics of the packets sent and received by the VRRP virtual router cannot be restored after you clear it. So, confirm the action before you use the command. To view the statistics of the packets sent and received by the VRRP virtual device from a certain moment, you can run the following command in the user view to clear the statistics. Action Clear the statistics of the packets sent and received by the VRRP virtual router. Command reset vrrp [ interface interface-name ] [ vrid virtual-routerid ] statistics
CAUTION
Debugging affects the performance of the system. So, after debugging, run the undo debugging all command to disable it immediately. When a fault occurs in VPLS forwarding through software, run the following debugging command in the user view to locate the fault.
Issue 03 (2008-09-22) Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd. 9-21
For the procedure for displaying the debugging information, refer to Chapter 4 "Maintenance and Debugging" in the Quidway NetEngine80E/40E Router Configuration Guide - System Management. For the description of the debugging commands, refer to the Quidway NetEngine80E/40E Router Debugging Reference. Action Enable the debugging on VPLS forwarding through software. Command debugging mpls l2vpn vpls-forward { errormessage | mac-event | vpls-event }
9.5.1 Example for Configuring VPLS Convergence (UPE Directly Accesses the NPE Though the VE Interface)
Networking Requirements
Figure 9-9 shows a typical networking diagram of VPLS convergence (UPE uses the VE interface to access the NPE) in the ME.
l
The two NPEs are the core devices in the ME. They access the upstream IP/MPLS core network and the downstream UPE. The NPE uses the L2VE interface to terminate the PW between the NPE and UPE. An mVRRP virtual router is run between the NPEs for determining whether an NPE is the master or the backup. An mVSI is run on the UPE. mVRRP packets are exchanged between the NPEs through the mVSI on the UPE. The user packets reach the service VSI on the UPE, and are sent to both the PE-AGGs by this service VSI. The service VRRP virtual router, the service PW, and the service interface on the NPE are bound with the mVRRP virtual router on the NPE. Their status depends on the status of the mVRRP virtual router. In this case, only the service VRRP virtual router, the service PW, and the service interface on the master NPE process the user packets. The service VSI and the mVSI on the UPE are bound. When the master NPE fails, the MAC addresses of all the service VSIs that are bound with the mVSI on the UPE are cleared. The service VSIs learn the MAC address of the master NPE again without interrupting the user service. With this networking, VPLS can provide the bearer service with the switchover within milliseconds. When the device or link between the master NPE and the UPE fails, the backup NPE takes shorter than 200 ms to switch itself to be the master NPE.
Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd. Issue 03 (2008-09-22)
9-22
Figure 9-9 Networking diagram of configuring VPLS convergence (UPE directly accesses the NPE though the VE interface)
NPE2
GE1/0/1 10.1.2.2/24
VSI
GE1/0/1 10.1.1.1/24
mVSI
GE1/0/2 10.1.2.1/24
GE1/0/0
UPE
GE1/0/2
Switch
GE1/0/1 VLAN101
Configuration Roadmap
The configuration roadmap is as follows: 1. Configure the route, which involves the following:
l l
Configure the IP address for each interface on the UPE and NPEs. Configure IGP for the UPE and the NPEs. Configure basic MPLS functions of the UPE and the NPEs. Configure MPLS LDP for the UPE and the NPEs.
Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd. 9-23
2.
Issue 03 (2008-09-22)
Configure MPLS TE for the UPE and the NPEs. Configure the mPW between the NPEs and the UPE. mPW: transmits the mVRRP protocol packets between NPEs, the peer BFD packets between NPEs, and the link BFD packets between the NPE and the UPE.
3.
mVSI: exchanges the mVRRP protocol packets between NPEs and the peer BFD packets between NPEs. Service VSI: exchanges the user packets between NPEs and between the NPE and the user network.
Bind the service VSI and the mVSI on the UPE. When the master/backup switchover occurs on the NPEs, the mVSI on the UPE receives a gratuitous ARP packet. The UPE clears the MAC addresses of all the bound service VSIs according to the binding of the mVSI and the service VSI.
Configure the AC isolation function of the service VSI on the UPE. Configure the mVRRP virtual router and the service VRRP virtual router between NPEs.
4.
mVRRP virtual router: This virtual router determines whether an NPE is the master or the backup through priority. When the link of the master NPE or the NPE itself fails, the backup NPE can switch itself to be the master NPE according the VRRP mechanism. Service interface: The address of the service interface is used as the gateway address of the PC.
Bind the service interface and the mVRRP virtual router. If the VRRP virtual router and the mVRRP virtual router are bound on the NPE, the status of the service interface depends on the status of the mVRRP virtual router.
5.
Configure BFD to implement VRRP fast switchover, which involves the following:
l l
Configure peer BFD between NPEs and link BFD between the NPE and the UPE. Configure mVRRP to track the status of the peer BFD session and the link BFD session. The mVRRP virtual router locates the fault by tracking the status of the peer BFD session and the link BFD session to implement VRRP fast switchover.
Data Preparation
To complete the configuration, you need the following data:
l l l l
Interface number, interface IP address, and IS-IS process number LSR ID, tunnel number, tunnel ID, and name of the LDP remote peer VSI name, VC ID, and tunnel policy BFD session name, local/remote discriminator, and number and priority of the VRRP virtual router
Configuration Procedure
1.
9-24
(1) Configure the IP address for the interface on the device. # Configure the UPE.
<Quidway> system-view [Quidway] sysname UPE [UPE] interface loopback1 [UPE-LoopBack1] ip address 1.1.1.1 32 [UPE-LoopBack1] quit [UPE] interface gigabitethernet1/0/1 [UPE-GigabitEthernet1/0/1] ip address 10.1.1.1 24 [UPE-GigabitEthernet1/0/1] quit [UPE] interface gigabitethernet1/0/2 [UPE-GigabitEthernet1/0/2] ip address 10.1.2.1 24 [UPE-GigabitEthernet1/0/2] quit
# Configure NPE1.
<Quidway> system-view [Quidway] sysname NPE1 [NPE1] interface loopback1 [NPE1-LoopBack1] ip address 2.2.2.2 32 [NPE1-LoopBack1] quit [NPE1] interface gigabitethernet1/0/1 [NPE1-GigabitEthernet1/0/1] ip address 10.1.1.2 24 [NPE1-GigabitEthernet1/0/1] quit
# Configure NPE2.
<Quidway> system-view [Quidway] sysname NPE2 [NPE2] interface loopback1 [NPE2-LoopBack1] ip address 3.3.3.3 32 [NPE2-LoopBack1] quit [NPE2] interface gigabitethernet1/0/1 [NPE2-GigabitEthernet1/0/1] ip address 10.1.2.2 24 [NPE2-GigabitEthernet1/0/1] quit
(2) Configure IGP functions for the UPE and the NPEs. In this example, Level-2 IS-IS is adopted as the IGP protocol. When IS-IS is configured, the 32-bit addresses of the loopback interfaces on the UPE and the NPEs need to be advertised. The addresses are used as the LSR IDs of the UPE and the NPEs. # Configure the UPE.
<UPE> system-view [UPE] isis 1 [UPE-isis-1] is-level level-2 [UPE-isis-1] network-entity 49.0040.0010.0100.1001.00 [UPE-isis-1] quit [UPE] interface loopback 1 [UPE-LoopBack1] isis enable 1 [UPE-LoopBack1] quit [UPE] interface gigabitethernet 1/0/1 [UPE-GigabitEthernet1/0/1] isis enable 1 [UPE-GigabitEthernet1/0/1] quit [UPE] interface gigabitethernet 1/0/2 [UPE-GigabitEthernet1/0/2] isis enable 1 [UPE-GigabitEthernet1/0/2] quit
# Configure NPE1.
<NPE1> system-view [NPE1] isis 1 [NPE1-isis-1] is-level level-2 [NPE1-isis-1] network-entity 49.0040.0020.0200.2002.00 [NPE1-isis-1] quit [NPE1] interface loopback 1 [NPE1-LoopBack1] isis enable 1 [NPE1-LoopBack1] quit [NPE1] interface gigabitethernet 1/0/1 [NPE1-GigabitEthernet1/0/1] isis enable 1 [NPE1-GigabitEthernet1/0/1] quit
Issue 03 (2008-09-22)
9-25
# Configure NPE2.
<NPE2> system-view [NPE2] isis 1 [NPE2-isis-1] is-level level-2 [NPE2-isis-1] network-entity 49.0040.0030.0300.3003.00 [NPE2-isis-1] quit [NPE2] interface loopback 1 [NPE2-LoopBack1] isis enable 1 [NPE2-LoopBack1] quit [NPE2] interface gigabitethernet 1/0/1 [NPE2-GigabitEthernet1/0/1] isis enable 1 [NPE2-GigabitEthernet1/0/1] quit
After the configuration, running the display ip routing-table command, you can view that UPE and NPEs learn the loopback1 route from each other. Take UPE as an example:
[UPE] display ip routing-table Route Flags: R - relied, D - download to fib ----------------------------------------------------------------------------Routing Tables: Public Destinations : 9 Routes : 9 Destination/Mask Proto Pre Cost Flags NextHop Interface 1.1.1.1/32 Direct 0 0 D 127.0.0.1 InLoopBack0 2.2.2.2/32 ISIS 15 10 D 10.1.1.2 GigabitEthernet1/0/1 3.3.3.3/32 ISIS 15 10 D 10.1.2.2 GigabitEthernet1/0/2 10.1.1.0/24 Direct 0 0 D 10.1.1.1 Ethernet1/0/1 10.1.1.1/32 Direct 0 0 D 127.0.0.1 InLoopBack0 10.1.2.0/24 Direct 0 0 D 10.1.2.1 GigabitEthernet1/0/2 10.1.2.1/32 Direct 0 0 D 127.0.0.1 InLoopBack0 127.0.0.0/8 Direct 0 0 D 127.0.0.1 InLoopBack0 127.0.0.1/32 Direct 0 0 D 127.0.0.1 InLoopBack0
IS-IS adjacency is established between the UPE and the NPEs. Run the display isis peer command, and you can view the peer status. Take UPE as an example:
[UPE] display isis peer System Id PRI 0020.0200.2002 GE1/0/1 64 0030.0300.3003 GE1/0/2 64 Total Peer(s): 2 Peer information for ISIS(1) ---------------------------Interface Circuit Id State HoldTime Type 0010.0100.1001.01 Up 0010.0100.1001.02 Up 26s 23s L2 L2
2.
Configure MPLS.
NOTE
In this example, the MPLS TE tunnel is used between the UPE and the NPEs. In addition, you can configure TE FRR between the UPE and the NPEs to protect the link through the TE protection group. The TE protection group includes the working and protection TE tunnels. To protect the link by specifying different paths for the two TE tunnels, you can set up the TE tunnel through the explicit path.
(1) Enable MPLS, MPLS TE, MPLS RSVP-TE, and MPLS CSPF. Enable MPLS, MPLS TE, and MPLS RSVP-TE in the system view and the interface view of each node along the tunnel, and enable MPLS CSPF in the system view of the ingress of the tunnel. Specify the address of loopback1 interface as the LSR ID. # Configure the UPE.
9-26 Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd. Issue 03 (2008-09-22)
# Configure NPE1.
[NPE1] mpls lsr-id 2.2.2.2 [NPE1] mpls [NPE1-mpls] mpls te [NPE1-mpls] mpls rsvp-te [NPE1-mpls] mpls te cspf [NPE1-mpls] quit [NPE1] interface gigabitethernet 1/0/1 [NPE1-GigabitEthernet1/0/1] mpls [NPE1-GigabitEthernet1/0/1] mpls te [NPE1-GigabitEthernet1/0/1] mpls rsvp-te [NPE1-GigabitEthernet1/0/1] quit
# Configure NPE2.
[NPE2] mpls lsr-id 3.3.3.3 [NPE2] mpls [NPE2-mpls] mpls te [NPE2-mpls] mpls rsvp-te [NPE2-mpls] mpls te cspf [NPE2-mpls] quit [NPE2] interface gigabitethernet 1/0/1 [NPE2-GigabitEthernet1/0/1] mpls [NPE2-GigabitEthernet1/0/1] mpls te [NPE2-GigabitEthernet1/0/1] mpls rsvp-te [NPE2-GigabitEthernet1/0/1] quit
# Configure NPE1.
[NPE1] isis 1 [NPE1-isis-1] cost-style wide [NPE1-isis-1] traffic-eng level-2 [NPE1-isis-1] quit
# Configure NPE2.
[NPE2] isis 1 [NPE2-isis-1] cost-style wide [NPE2-isis-1] traffic-eng level-2 [NPE2-isis-1] quit
(3) Establish the MPLS LDP session. Establish the MPLS LDP session between the UPE and the NPEs. Specify the IP address of the LDP remote peer as the MPLS LSR ID of the remote device. # Configure the UPE.
[UPE] mpls ldp
Issue 03 (2008-09-22)
9-27
[UPE-ldp] quit [UPE] mpls ldp remote-peer 2.2.2.2 [UPE-mpls-ldp-remote-2.2.2.2] remote-ip 2.2.2.2 [UPE-mpls-ldp-remote-2.2.2.2] quit [UPE] mpls ldp remote-peer 3.3.3.3 [UPE-mpls-ldp-remote-3.3.3.3] remote-ip 3.3.3.3 [UPE-mpls-ldp-remote-3.3.3.3] quit
# Configure NPE1.
[NPE1] mpls ldp [NPE1-ldp] quit [NPE1] mpls ldp remote-peer 1.1.1.1 [NPE1-mpls-ldp-remote-1.1.1.1] remote-ip 1.1.1.1 [NPE1-mpls-ldp-remote-1.1.1.1] quit
# Configure NPE2.
[NPE2] mpls ldp [NPE2-ldp] quit [NPE2] mpls ldp remote-peer 1.1.1.1 [NPE2-mpls-ldp-remote-1.1.1.1] remote-ip 1.1.1.1 [NPE2-mpls-ldp-remote-1.1.1.1] quit
After the preceding configuration, the LDP session is established between the UPE and the NPEs. Running the display mpls ldp session command, you can view that Status displays Operational. Take UPE and NPE1 as an example:
[UPE] display mpls ld session LDP Session(s) in Public Network ----------------------------------------------------------------------------Peer-ID Status LAM SsnRole SsnAge KA-Sent/Rcv ----------------------------------------------------------------------------2.2.2.2:0 Operational DU Passive 000:00:00 4/4 3.3.3.3:0 Operational DU Passive 000:00:00 2/2 ----------------------------------------------------------------------------TOTAL: 2 session(s) Found. LAM : Label Advertisement Mode SsnAge Unit : DDD:HH:MM [NPE1] display mpls ldp session LDP Session(s) in Public Network ----------------------------------------------------------------------------Peer-ID Status LAM SsnRole SsnAge KA-Sent/Rcv ----------------------------------------------------------------------------1.1.1.1:0 Operational DU Active 000:00:01 6/6 ----------------------------------------------------------------------------TOTAL: 1 session(s) Found. LAM : Label Advertisement Mode SsnAge Unit : DDD:HH:MM
(4) Configure the tunnel interface. Create the tunnel interface on the UPE and the NPEs, and specify the tunnel protocol as MPLS TE and the signaling protocol as RSVP-TE. # Configure the UPE.
[UPE] interface tunnel 1/0/1 [UPE-Tunnel1/0/1] ip address unnumbered interface loopback1 [UPE-Tunnel1/0/1] tunnel-protocol mpls te [UPE-Tunnel1/0/1] destination 2.2.2.2
9-28
Issue 03 (2008-09-22)
[UPE-Tunnel1/0/1] description TO NPE1 [UPE-Tunnel1/0/1] mpls te tunnel-id 1 [UPE-Tunnel1/0/1] mpls te commit [UPE] interface tunnel 1/0/2 [UPE-Tunnel1/0/2] ip address unnumbered interface loopback1 [UPE-Tunnel1/0/2] tunnel-protocol mpls te [UPE-Tunnel1/0/2] destination 3.3.3.3 [UPE-Tunnel1/0/2] description TO NPE2 [UPE-Tunnel1/0/2] mpls te tunnel-id 2 [UPE-Tunnel1/0/2] mpls te commit
# Configure NPE1.
[NPE1] interface tunnel 1/0/1 [NPE1-Tunnel1/0/1] ip address unnumbered interface loopback1 [NPE1-Tunnel1/0/1] tunnel-protocol mpls te [NPE1-Tunnel1/0/1] destination 1.1.1.1 [NPE1-Tunnel1/0/1] description TO UPE [NPE1-Tunnel1/0/1] mpls te tunnel-id 1 [NPE1-Tunnel1/0/1] mpls te commit
# Configure NPE2.
[NPE2] interface tunnel 1/0/1 [NPE2-Tunnel1/0/1] ip address unnumbered interface loopback1 [NPE2-Tunnel1/0/1] tunnel-protocol mpls te [NPE2-Tunnel1/0/1] destination 1.1.1.1 [NPE2-Tunnel1/0/1] description TO UPE [NPE2-Tunnel1/0/1] mpls te tunnel-id 2 [NPE2-Tunnel1/0/1] mpls te commit
After the configuration, running the display ip interface brief command, you can view that the protocol status of the created tunnel interface is Up. Take NPE1 as an example:
[NPE1] display ip interface brief *down: administratively down !down: FIB overload down (l): loopback (s): spoofing The number of interface that is UP in Physical is 5 The number of interface that is DOWN in Physical is 0 The number of interface that is UP in Protocol is 4 The number of interface that is DOWN in Protocol is 1 Interface IP Address/Mask Physical Protocol GigabitEthernet1/0/0 unassigned up down GigabitEthernet1/0/1 10.1.1.2/24 up up LoopBack1 2.2.2.2/32 up up(s) NULL0 unassigned up up(s) Tunnel1/0/1 2.2.2.2/32 up up
# Configure NPE1.
[NPE1] tunnel-policy policy1 [NPE1-tunnel-policy-policy1] tunnel select-seq cr-lsp load-balance-number 1 [NPE1-tunnel-policy-policy1] quit
# Configure NPE2.
[NPE2] tunnel-policy policy1 [NPE2-tunnel-policy-policy1] tunnel select-seq cr-lsp load-balance-number 1 [NPE2-tunnel-policy-policy1] quit
3.
Issue 03 (2008-09-22)
Configure VPLS.
Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd. 9-29
(1) Create the VE interface on the NPE. The VE interface of VE-Group1 is used to run the mVRRP virtual router and configure the mPW. Create an L2VE interface to terminate the mPW; create an L3VE interface to run the mVRRP virtual router. # Configure NPE1.
[NPE1] interface virtual-ethernet 1/0/1 [NPE1-Virtual-Ethernet1/0/1] ve-group 1 l2-terminate [NPE1-Virtual-Ethernet1/0/1] quit [NPE1] interface virtual-ethernet 1/0/11 [NPE1-Virtual-Ethernet1/0/11] ve-group 1 l3-access [NPE1-Virtual-Ethernet1/0/11] quit
# Configure NPE2.
[NPE2] interface virtual-ethernet 1/0/1 [NPE2-Virtual-Ethernet1/0/1] ve-group 1 l2-terminate [NPE2-Virtual-Ethernet1/0/1] quit [NPE2] interface virtual-ethernet 1/0/11 [NPE2-Virtual-Ethernet1/0/11] ve-group 1 l3-access [NPE2-Virtual-Ethernet1/0/11] quit
(2) Configure HVPLS on the UPE and the NPEs and establish the mPW between the UPE and the NPEs. The mVRRP protocol packets between NPEs, the peer BFD packets between NPEs, and the link BFD packets between the UPE and the NPEs are transmitted through the mPW between the UPE and the NPEs and exchanged by the mVSI on the UPE. # Configure the mVSI on the UPE.
NOTE
The License determines the maximum number of mVSIs that can be configured in the system. To purchase the License, contact Huawei technical personnel.
# Configure NPE1.
NOTE
The mVRRP protocol packets between NPEs, peer BFD packets between NPEs, and link BFD packets between the UPE and the NPEs are directly sent to UPE by the NPEs; therefore, it is recommended that the NPEs access the mVSI on the UPE through the VLL. The VC ID must be consistent with the ID of the VSI to be accessed.
[NPE1] mpls l2vpn [NPE1-l2vpn] quit [NPE1] interface virtual-ethernet 1/0/1 [NPE1-Virtual-Ethernet1/0/1] mpls l2vc 1.1.1.1 10 tunnel-policy policy1 [NPE1-Virtual-Ethernet1/0/1] quit
# Configure NPE2.
[NPE2] mpls l2vpn [NPE2-l2vpn] quit [NPE2] interface virtual-ethernet 1/0/1 [NPE2-Virtual-Ethernet1/0/1] mpls l2vc 1.1.1.1 10 tunnel-policy policy1 [NPE2-Virtual-Ethernet1/0/1] quit
9-30
Issue 03 (2008-09-22)
After the preceding configuration, running the display vsi command, you can view that VSI State displays up and the status of the PW to the peer is also up. PW Type displays MEHVPLS. Take UPE as an example:
[UPE] display vsi name admin-vsi1 verbose ***VSI Name : admin-vsi1 Administrator VSI : yes Isolate Spoken : disable VSI Index : 0 PW Signaling : ldp Member Discovery Style : static PW MAC Learn Style : unqualify Encapsulation Type : vlan MTU : 1500 Tunnel Policy Name : policy1 VSI State : up VSI ID : 10 *Peer Router ID : 2.2.2.2 VC Label : 23552 Peer Type : dynamic Session : up Tunnel ID : 0x41002000, *Peer Router ID : 3.3.3.3 VC Label : 23553 Peer Type : dynamic Session : up Tunnel ID : 0x41002001,
Running the display tunnel-info all command on the UPE, you can view that the type of the tunnel from UPE to the peer NPE is cr lsp. Take UPE as an example:
[UPE] display tunnel-info all * -> Allocated VC Token Tunnel ID Type Destination Token ---------------------------------------------------------------------0x41002000 cr lsp 2.2.2.2 0 0x41002001 cr lsp 3.3.3.3 1 0x1002002 lsp -2 0x1002004 lsp(*) -4 0x1002005 lsp -5 0x1002007 lsp(*) -7
Running the display mpls l2vc command on the NPEs, you can view that VCs are established from the NPE to each mVSI on the UPE. The status of the VCs is Up. Take NPE1 as an example:
[NPE1] display mpls l2vc total LDP VC : 1 1 up 0 down *client interface : Virtual-Ethernet1/0/1 session state : up AC status : up VC state : up VC ID : 10 VC type : Ethernet destination : 1.1.1.1 local VC label : 21504 remote VC label control word : disable forwarding entry : non-existent local group ID : 0 manual fault : not set active state : active link state : down local VC MTU : 1500 remote VC MTU tunnel policy name : policy1 traffic behavior name: -PW template name : -primary or secondary : primary
: 0
: 0
Issue 03 (2008-09-22)
9-31
(3) Configure VPLS on the UPE. The VSI on the UPE performs local exchange and then sends the packets of the user network to NPE1 and NPE2 simultaneously.
NOTE
In this example, the packets of the user network are sent to NPE1 and NPE2 through GE 1/0/1 and GE 1/0/2 on the physical link after they are locally exchanged by the VSI on the UPE. In addition, the packets of the user network can be configured to be sent to NPE1 and NPE2 respectively through the PW.
After the preceding configuration, running the display vsi command, you can view that VSI State displays up. Take UPE as an example:
[UPE] display vsi Total VSI number is 2, 2 is up, 0 is down, 2 is LDP mode, 0 is BGP mode Vsi Mem PW Mac Encap Mtu Vsi Name Disc Type Learn Type Value State ------------------------------------------------------------------------admin-vsi1 static ldp unqualify vlan 1500 up biz-vsi1 static ldp unqualify vlan 1500 up
(4) Isolate the ACs of the service VSI on the UPE to forbid the CEs from accessing each other, and bind the service VSI and the mVSI. # Configure the UPE.
[UPE] vsi biz-vsi1 [UPE-biz-vsi1] isolate spoken [UPE-biz-vsi1] track admin-vsi admin-vsi1 [UPE-biz-vsi1] quit
After the preceding configuration, running the display vsi verbose command on the NPE, you can view that Isolate Spoken displays enable. Take UPE as an example:
9-32 Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd. Issue 03 (2008-09-22)
: : : : : : : : : : : : : : : : : : : : : : : : : : : : : : : : : : : : : : : : : : : : : : : : : : : : : : : : : : : : : :
admin-vsi1 yes enable 0 ldp static unqualify vlan 1500 policy1 up 10 2.2.2.2 23552 dynamic up 0x41002000, 3.3.3.3 23553 dynamic up 0x41002001, biz-vsi1 no enable 1 ldp static unqualify vlan 1500 policy1 up 101 2.2.2.2 23554 dynamic up 0x41002000, 3.3.3.3 23555 dynamic up 0x41002001, GigabitEthernet1/0/0.1 up GigabitEthernet1/0/3.1 up GigabitEthernet1/0/4.1 up 3.3.3.3 up 23555 21505 label 0x41002001, 2.2.2.2 up 23554 21505 label 0x41002000,
Running the display admin-vsi binding command on the UPE, you can view the binding of the service VSI and the mVSI. Take UPE as an example:
[UPE] display admin-vsi binding
Issue 03 (2008-09-22)
9-33
4.
Configure VRRP. (1) Configure the mVRRP virtual router between NPEs. Master NPE and backup NPE are distinguished. NPE1 is the master; NPE2 is the backup.
NOTE
The mVRRP virtual router between NPEs can also adopt the load balancing mode. For detailed configuration, refer to the VRRP Configuration
# Configure NPE1.
[NPE1] interface virtual-ethernet 1/0/11 [NPE1-Virtual-Ethernet1/0/11] ip address 192.168.1.1 24 [NPE1-Virtual-Ethernet1/0/11] vrrp vrid 1 virtual-ip 192.168.1.254 [NPE1-Virtual-Ethernet1/0/11] vrrp vrid 1 priority 120 [NPE1-Virtual-Ethernet1/0/11] admin-vrrp vrid 1 [NPE1-Virtual-Ethernet1/0/11] quit
# Configure NPE2.
[NPE2] interface virtual-ethernet 1/0/11 [NPE2-Virtual-Ethernet1/0/11] ip address 192.168.1.2 24 [NPE2-Virtual-Ethernet1/0/11] vrrp vrid 1 virtual-ip 192.168.1.254 [NPE2-Virtual-Ethernet1/0/11] admin-vrrp vrid 1 [NPE2-Virtual-Ethernet1/0/11] quit
NOTE
In the VRP5.50, the VRIDs on different interfaces can overlap. The overlapping scope and the maximum number of times of overlapping are determined by the License. To purchase the License, contact Huawei technical personnel.
After the preceding configuration, running the display vrrp command on the NPEs, you can view that the status of VRRP virtual router 1 on VE 1/0/11 of NPE1 is Master and the status of VRRP virtual router 1 on VE 1/0/11 of NPE2 is Backup. Both the VRRP virtual routers are the mVRRP virtual routers. Take NPE1 as an example:
[NPE1] display vrrp Virtual-Ethernet1/0/11 | Virtual Router 1 State : Master Virtual IP : 192.168.1.254 PriorityRun : 120 PriorityConfig : 120 MasterPriority : 120 Preempt : YES Delay Time : 0 Timer : 1 Auth Type : NONE Virtual Mac : 0000-5e00-0101 Check TTL : YES Config type : admin-vrrp [NPE2] display vrrp Virtual-Ethernet1/0/11 | Virtual Router 1 State : Backup Virtual IP : 192.168.1.254 PriorityRun : 100 PriorityConfig : 100 MasterPriority : 120 Preempt : YES Delay Time : 0 Timer : 1 Auth Type : NONE Virtual Mac : 0000-5e00-0101 Check TTL : YES Config type : admin-vrrp
9-34
Issue 03 (2008-09-22)
In this example, the service interfaces GE 1/0/1.1 on NPE1 and NPE2 are configured with the same IP address, which is used as the gateway address of the user of the UPE. Normally, after the service interface is bound with the mVRRP virtual router, the service interface of only the master NPE advertises the network segment route of the interface; while the service interface of the backup NPE is in the Down state. In addition, the service VRRP virtual router can also be configured between NPEs, and the virtual IP address of the service VRRP virtual router is used as the gateway address of the UPE user. # Configure NPE1.
[NPE1] interface gigabitethernet1/0/0.1 [NPE1-GigabitEthernet1/0/0.1] vlan-type dot1q 101 [NPE1-GigabitEthernet1/0/0.1] ip address 192.168.2.254 24 [NPE1-GigabitEthernet1/0/0.1] quit
# Configure NPE2.
[NPE2] interface gigabitethernet1/0/0.1 [NPE2-GigabitEthernet1/0/0.1] vlan-type dot1q 101 [NPE2-GigabitEthernet1/0/0.1] ip address 192.168.2.254 24 [NPE2-GigabitEthernet1/0/0.1] quit
(3) Bind the service interface and the mVRRP virtual router. # Configure NPE1.
[NPE1] interface gigabitethernet1/0/0.1 [NPE1-GigabitEthernet1/0/0.1] track admin-vrrp interface virtual-ethernet 1/0/11 vrid 1 [NPE1-GigabitEthernet1/0/0.1] quit
# Configure NPE2.
[NPE2] interface gigabitethernet1/0/0.1 [NPE2-GigabitEthernet1/0/0.1] track admin-vrrp interface virtual-ethernet 1/0/11 vrid 1 [NPE2-GigabitEthernet1/0/0.1] quit
After the preceding configuration, running the display vrrp binding admin-vrrp member-interface command on the NPEs, you can view the binding of the service interface and the mVRRP virtual router. Take NPE1 as an example:
[PE-AGG1] display vrrp binding admin-vrrp member-interface Interface: Virtual-Ethernet1/0/11, admin-vrrp vrid: 1, state: Master Member-interface number: 1 Interface: GigabitEthernet1/0/0.1, state: Up
Running the display vrrp binding admin-vrrp command on the NPEs, you can view all the bindings of the mVRRP virtual router and the service VRRP virtual router, the service interface, and the service PW. Take NPE1 as an example:
[NPE1] display vrrp binding admin-vrrp Interface: Virtual-Ethernet1/0/11, admin-vrrp vrid: 1, state: Master Member-interface number: 1 Interface: GigabitEthernet1/0/0.1, state: Up
Running the display interface command on the NPEs, you can view the status of the service VRRP virtual router bound with the mVRRP virtual router. If the status of the bound mVRRP virtual router is Backup or Initialize, the status of the interface running the service VRRP virtual router is Flow Down. Take NPE2 as an example:
[NPE2] dispaly interface gigabitethernet1/0/0.1 GigabitEthernet1/0/0.1 current state : FLOW DOWN
Issue 03 (2008-09-22)
9-35
Line protocol current state : DOWN Description : HUAWEI, Quidway Series, GigabitEthernet1/0/0.1 Interface, Route Port The Maximum Transmit Unit is 1500 bytes Internet Address is 192.168.2.254/24 IP Sending Frames' Format is PKTFMT_ETHNT_2, Hardware address is 00e0b649-870c Encapsulation dot1q Virtual LAN, The number of Vlan is 1, Vlan ID 101 Last 300 seconds input rate 0 bytes/sec, 0 packets/sec Last 300 seconds output rate 0 bytes/sec, 0 packets/sec Input: 15 packets,960 bytes, 0 unicast,15 broadcast,0 multicasts 0 errors,0 drops,0 unknowprotocol Output:12 packets,768 bytes, 12 unicast,0 broadcast,0 multicasts 0 errors,0 drops
5.
Configure BFD. (1) Configure peer BFD between NPEs. # Configure NPE1.
[NPE1] bfd [NPE1-bfd] quit [NPE1] bfd peer1 bind peer-ip 192.168.1.2 interface virtual-ethernet 1/0/11 [NPE1-bfd-session-peer1] discriminator local 1 [NPE1-bfd-session-peer1] discriminator remote 1 [NPE1-bfd-session-peer1] commit [NPE1-bfd-session-peer1] quit
# Configure NPE2.
[NPE2] bfd [NPE2-bfd] quit [NPE2] bfd peer1 bind peer-ip 192.168.1.1 interface virtual-ethernet 1/0/11 [NPE2-bfd-session-peer1] discriminator local 1 [NPE2-bfd-session-peer1] discriminator remote 1 [NPE2-bfd-session-peer1] commit [NPE2-bfd-session-peer1] quit
After the preceding configuration, running the display bfd session all command on the NPEs, you can view that BFD status is Up. Take NPE1 as an example:
[NPE1] display bfd session all Total Static Session Number : 2, Dynamic Session Number: 0, Entire Dynamic Sessi on Number: 0 ------------------------------------------------------------------------------Local Remote PeerIpAddr InterfaceName State Type ------------------------------------------------------------------------------1 1 192.168.1.2 Virtual-Ethernet1/0/11 Up S_IP ------------------------------------------------------------------------------Total UP/DOWN Session Number : 1/0
(2) Configure link BFD between the NPEs and the UPE. Between the NPEs and the UPE, the BFD session is used to detect the MPLS TE tunnel between PE1 and PE2. # Configure the UPE.
[UPE] bfd [UPE-bfd] quit [UPE] bfd link1 bind mpls-te interface tunnel 1/0/1 [UPE-bfd-lsp-session-link1] discriminator local 3 [UPE-bfd-lsp-session-link1] discriminator remote 3 [UPE-bfd-lsp-session-link1] commit
9-36
Issue 03 (2008-09-22)
[UPE] bfd link2 bind mpls-te interface tunnel 1/0/2 [UPE-bfd-lsp-session-link2] discriminator local 4 [UPE-bfd-lsp-session-link2] discriminator remote 4 [UPE-bfd-lsp-session-link2] commit
# Configure NPE2.
[NPE2] bfd link1 bind peer-ip 1.1.1.1 [NPE2-bfd-session-link1] discriminator local 4 [NPE2-bfd-session-link1] discriminator remote 4 [NPE2-bfd-session-link1] commit
After the preceding configuration, running the display bfd session all command on the UPE and the NPEs, you can view that the BFD status is Up. Take UPE and NPE1 as an example:
[UPE] display bfd session all Total Static Session Number : 2, Dynamic Session Number: 0, Entire Dynamic Sessi on Number: 0 ------------------------------------------------------------------------------Local Remote PeerIpAddr InterfaceName State Type ------------------------------------------------------------------------------3 3 2.2.2.2 Tunnel1/0/1 Up S_TE_TNL 4 4 3.3.3.3 Tunnel1/0/2 Up S_TE_TNL ------------------------------------------------------------------------------[NPE1] display bfd session all Total Static Session Number : 4, Dynamic Session Number: 0, Entire Dynamic Sessi on Number: 0 ------------------------------------------------------------------------------Local Remote PeerIpAddr InterfaceName State Type ------------------------------------------------------------------------------1 1 192.168.1.2 Virtual-Ethernet1/0/11 Up S_IP 3 3 1.1.1.1 Up S_IP -------------------------------------------------------------------------------
(3) Bind the mVRRP virtual router and the peer BFD session and the link BFD session. # Configure NPE1.
[NPE1] interface virtual-ethernet 1/0/11 [NPE1-Virtual-Ethernet1/0/11] vrrp vrid 1 track bfd-session 1 peer [NPE1-Virtual-Ethernet1/0/11] vrrp vrid 1 track bfd-session 3 link [NPE1-Virtual-Ethernet1/0/11] quit
# Configure NPE2.
[NPE2] interface virtual-ethernet 1/0/11 [NPE2-Virtual-Ethernet1/0/11] vrrp vrid 1 track bfd-session 1 peer [NPE2-Virtual-Ethernet1/0/11] vrrp vrid 1 track bfd-session 4 link [NPE2-Virtual-Ethernet1/0/11] quit
After the preceding configuration, running the display vrrp command on the NPEs, you can view that the mVRRP virtual router is bound with the peer BFD session and the link BFD session, which are in the Up state.
Issue 03 (2008-09-22) Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd. 9-37
6.
Verify the configuration. (1) After the IP address and gateway address are configured correctly on the PC, the ping to the gateway address (virtual IP address of the service VRRP virtual router) succeeds. (2) When the master device or primary link between the UPE and the NPE fails, the backup device and the secondary link can rapidly switch itself to be the master device and the primary link. Run the shutdown command on GE 1/0/1 of UPE to simulate the fault on the link between the UPE and NPE1. Before the shutdown command is run, the statuses of the VRRP virtual router and the service interface on the NPEs are as follows:
l l l l
The status of the mVRRP virtual router 1 on VE 1/0/11 of NPE1 is Master. The status of the service interface GE 1/0/0.1 on NPE1 is Up. The status of the mVRRP virtual router 1 on VE 1/0/11 of NPE2 is Backup. The status of the service interface GE 1/0/0.1 on NPE2 is Flow Down.
[NPE1] display vrrp Virtual-Ethernet1/0/11 | Virtual Router 1 State : Master Virtual IP : 192.168.1.254 PriorityRun : 120 PriorityConfig : 120 MasterPriority : 120 Preempt : YES Delay Time : 0 Timer : 1 Auth Type : NONE Virtual Mac : 0000-5e00-0101 Check TTL : YES Config type : admin-vrrp Track BFD : 1 type: peer bfd-session state : up Track BFD : 4 type: link bfd-session state : up [NPE2] display vrrp Virtual-Ethernet1/0/11 | Virtual Router 1 State : Backup Virtual IP : 192.168.1.254 PriorityRun : 100 PriorityConfig : 100 MasterPriority : 100 Preempt : YES Delay Time : 0 Timer : 1 Auth Type : NONE Virtual Mac : 0000-5e00-0101 Check TTL : YES
9-38
Issue 03 (2008-09-22)
After the shutdown command is run, the statuses of the VRRP virtual router and the service interface on NPE1 are as follows:
l l l l l
The status of the mVRRP virtual router 1 on VE 1/0/11 of NPE1 is Backup. The status of the service interface GE 1/0/0.1 on NPE1 is Flow Down. The status of the mVRRP virtual router 1 on VE 1/0/11 of NPE2 is Backup. The status of the service interface GE 1/0/0.1 on NPE2 is Up. The status of the mVRRP virtual router 1 on VE 1/0/11 of NPE2 is Master.
[NPE1] display vrrp Virtual-Ethernet1/0/11 | Virtual Router 1 State : Initialize Virtual IP : 192.168.1.254 PriorityRun : 120 PriorityConfig : 120 MasterPriority : 0 Preempt : YES Delay Time : 0 Timer : 1 Auth Type : NONE Virtual Mac : 0000-5e00-0101 Check TTL : YES Config type : admin-vrrp Track BFD : 1 type: peer bfd-session state : down Track BFD : 4 type: link bfd-session state : down [NPE2] display vrrp Virtual-Ethernet1/0/11 | Virtual Router 1 State : Master Virtual IP : 192.168.1.254 PriorityRun : 100 PriorityConfig : 100 MasterPriority : 100 Preempt : YES Delay Time : 0 Timer : 1 Auth Type : NONE Virtual Mac : 0000-5e00-0101 Check TTL : YES Config type : admin-vrrp Track BFD : 1 type: peer bfd-session state : up Track BFD : 4 type: link bfd-session state : up
For the UPE user, NPE2 becomes the master device. The MAC addresses of all the service VSIs bound with the admin-vsi1 on the UPE are cleared, and the service VSIs learn the correct MAC address of NPE2 without interrupting the user service.
Configuration Files
l
Issue 03 (2008-09-22)
9-39
9-40
Issue 03 (2008-09-22)
interface GigabitEthernet1/0/4.1 undo shutdown vlan-type dot1q 2 l2 binding vsi biz-vsi1 # interface LoopBack1 ip address 1.1.1.1 255.255.255.255 isis enable 1 # interface Tunnel1/0/1 description To NPE1 ip address unnumbered interface LoopBack1 tunnel-protocol mpls te destination 2.2.2.2 mpls te tunnel-id 1 mpls te commit # interface Tunnel1/0/2 description To NPE2 ip address unnumbered interface LoopBack1 tunnel-protocol mpls te destination 3.3.3.3 mpls te tunnel-id 2 mpls te commit # tunnel-policy policy1 tunnel select-seq cr-lsp load-balance-number 1 # bfd link1 bind mpls-te interface tunnel 1/0/1 discriminator local 3 discriminator remote 3 commit # bfd link2 bind mpls-te interface tunnel 1/0/2 discriminator local 4 discriminator remote 4 commit # return l
Issue 03 (2008-09-22)
9-41
ve-group 1 layer2-terminal mpls l2vc 1.1.1.1 10 tunnel-policy policy1 # interface Virtual-Ethernet1/0/11 undo shutdown ve-group 1 layer3-access ip address 192.168.1.1 255.255.255.0 vrrp vrid 1 virtual-ip 192.168.1.254 vrrp vrid 1 priority 120 vrrp vrid 1 track bfd-session 1 peer vrrp vrid 1 track bfd-session 3 link admin-vrrp vrid 1 # interface GigabitEthernet1/0/1.1 undo shutdown vlan-type dot1q 10 ip address 192.168.2.254 255.255.255.0 track admin-vrrp interface virtual-ethernet1/0/11 vrid 1 # interface GigabitEthernet1/0/1 undo shutdown ip address 10.1.1.2 255.255.255.0 isis enable 1 mpls mpls te mpls rsvp-te # interface LoopBack1 ip address 2.2.2.2 255.255.255.255 isis enable 1 # interface Tunnel1/0/1 description To UPE ip address unnumbered interface LoopBack1 tunnel-protocol mpls te destination 1.1.1.1 mpls te tunnel-id 1 mpls te commit # tunnel-policy policy1 tunnel select-seq cr-lsp load-balance-number 1 # bfd link1 bind peer-ip 1.1.1.1 discriminator local 3 discriminator remote 3 commit # bfd peer1 bind peer-ip 192.168.1.2 interface Virtual-Ethernet1/0/11 discriminator local 1 discriminator remote 1 commit # return l
9-42
Issue 03 (2008-09-22)
# mpls ldp # mpls ldp remote-peer 1.1.1.1 remote-ip 1.1.1.1 # isis 1 is-level level-2 cost-style wide network-entity 49.0040.0030.0300.3003.00 traffic-eng level-2 # interface Virtual-Ethernet1/0/1 undo shutdown ve-group 1 layer2-terminal mpls l2vc 1.1.1.1 10 tunnel-policy policy1 # # interface Virtual-Ethernet1/0/11 undo shutdown ve-group 1 layer3-access ip address 192.168.1.2 255.255.255.0 vrrp vrid 1 virtual-ip 192.168.1.254 vrrp vrid 1 track bfd-session 1 peer vrrp vrid 1 track bfd-session 4 link admin-vrrp vrid 1 # interface GigabitEthernet1/0/1.1 undo shutdown vlan-type dot1q 101 ip address 192.168.2.254 255.255.255.0 track admin-vrrp interface virtual-ethernet1/0/11 vrid 1 # interface GigabitEthernet1/0/1 undo shutdown ip address 10.1.2.2 255.255.255.0 isis enable 1 mpls mpls te mpls rsvp-te # interface LoopBack1 ip address 3.3.3.3 255.255.255.255 # interface Tunnel1/0/1 description To UPE ip address unnumbered interface LoopBack1 tunnel-protocol mpls te destination 1.1.1.1 mpls te tunnel-id 2 mpls te commit # tunnel-policy policy1 tunnel select-seq cr-lsp load-balance-number 1 # bfd link1 bind peer-ip 1.1.1.1 discriminator local 4 discriminator remote 4 commit # bfd peer1 bind peer-ip 192.168.1.1 interface Virtual-Ethernet1/0/11 discriminator local 1 discriminator remote 1 commit # return
Issue 03 (2008-09-22)
9-43
9.5.2 Example for Configuring VPLS Convergence (UPE Directly Accesses the NPE Without Using the VE Interface)
Networking Requirements
Figure 9-10 shows a typical networking diagram of VPLS convergence (UPE accesses the NPE without using the VE interface) in the ME.
l
The two NPEs are the core devices in the ME. They access the upstream IP/MPLS core network and the downstream UPE. The NPEs do not support the L2VE interface. An mVRRP virtual router is run between the NPEs for determining whether an NPE is the master or the backup. An mVSI is run on the UPE. mVRRP packets between NPE1 and NPE2 are exchanged by the mVSI on the UPE. The user packets reach the service VSI on the UPE, and are sent to both the NPEs through this service VSI. The service PW is bound with the mVRRP virtual router on NPE1 and NPE2. The status of the service PW depends on the status of the mVRRP virtual router. Normally, only the service PW on the master NPE processes the user packets. The service VSI and the mVSI on the UPE are bound. When the master/backup switchover occurs on the NPEs, the MAC addresses of all the service VSIs that are bound with the mVSI on the UPE are cleared. The service VSIs learn the MAC address of the new master NPE again without interrupting the user service. With this networking, VPLS can provide the bearer service with the switchover within milliseconds. When the device or link between the master NPE and the UPE fails, the backup NPE takes shorter than 200 ms to switch itself to be the master NPE.
9-44
Issue 03 (2008-09-22)
Figure 9-10 Networking diagram of configuring VPLS convergence (UPE accesses the NPE without using the VE interface)
GE1/0/1
MPLS/IP core
GE1/0/1
VSI
NPE3
GE1/0/0 GE1/0/0
VSI
NPE4
GE1/0/0
NPE1
VSI
GE1/0/0
NPE2
GE1/0/1 10.1.1.2/24
GE1/0/1 10.1.2.2/24
VSI
Switch
GE1/0/1 VLAN101
Issue 03 (2008-09-22)
9-45
Configuration Roadmap
The configuration roadmap is as follows: 1. Configure the route, which involves the following:
l l
Configure the IP address for each interface on the UPE and NPEs. Configure IGP for UPE and the NPEs. Configure basic MPLS functions of the UPE and the NPEs. Configure MPLS LDP for the UPE and the NPEs. Configure MPLS TE for the UPE and the NPEs. Configure the mPW and the service PW between the UPE and the NPEs.
2.
3.
mPW: transmits the mVRRP protocol packets between NPEs, the peer BFD packets between NPEs, and the link BFD packets between the NPEs and the UPE. Service PW: transmits the user packets. mVSI: exchanges the mVRRP protocol packets between NPEs and the peer BFD packets between NPEs. Service VSI: exchanges the user packets between NPEs and between the NPE and the user network.
Bind the service VSI and the mVSI on the UPE. When the master/backup switchover occurs on the NPEs, the mVSI on the UPE receives a gratuitous ARP packet. The UPE clears the MAC addresses of all the bound service VSIs according to the binding of the mVSI and the service VSI.
Configure the AC isolation function of the service VSI on the UPE. Configure the mVRRP virtual router between NPEs. mVRRP virtual device: This virtual router determines whether an NPE is the master or the backup through priority. When the link of the master NPE or the NPE itself fails, the backup NPE can switch itself to be the master NPE according the VRRP mechanism.
4.
Bind the service VRRP virtual router and the mVRRP virtual router. If the VRRP virtual router and the mVRRP virtual router are bound on the NPE, the status of the service interface depends on the status of the mVRRP virtual device.
5.
Configure BFD to implement VRRP fast switchover, which involves the following:
l l
Configure peer BFD between NPEs and link BFD between the NPEs and the UPE. Configure mVRRP to track the status of the peer BFD session and the link BFD session. mVRRP locates the fault by tracking the status of the peer BFD session and the link BFD session to implement VRRP fast switchover.
Data Preparation
To complete the configuration, you need the following data:
l
9-46
LSR ID, tunnel number, tunnel ID, and name of the LDP remote peer VSI name, VC ID, and tunnel policy BFD session name, local/remote discriminator, and number and priority of the VRRP virtual router
Configuration Procedure
1. Configure the route. The procedure is similar to "Configure the route"in "Example for Configuring VPLS Convergence (UPE Directly Accesses the NPE Though the VE Interface)." The configuration details are not mentioned here. 2. Configure MPLS. The procedure is similar to "Configure MPLS" in "Example for Configuring VPLS Convergence (UPE Directly Accesses the NPE Though the VE Interface)." The configuration details are not mentioned here. 3. Configure VPLS. (1) Create the mVSI on the UPE. The mVSI performs only local exchange. The mVRRP protocol packets between NPEs, the peer BFD packets between NPEs, and the link BFD packets between the NPEs and the UPE are exchanged by the mVSI on the UPE.
NOTE
The License determines the maximum number of mVSIs that can be configured in the system. To purchase the License, contact Huawei technical personnel.
After the preceding configuration, running the display vsi command, you can view that VSI State displays up. Take UPE as an example:
[UPE] display vsi name admin-vsi1 verbose ***VSI Name : admin-vsi1 Administrator VSI : yes Isolate Spoken : disable VSI Index : 0 PW Signaling : ldp Member Discovery Style : static PW MAC Learn Style : unqualify Encapsulation Type : vlan MTU : 1500 VSI State : up VSI ID : 10
Issue 03 (2008-09-22)
9-47
(2) Configure HVPLS and bind the service interface and the service VSI on the UPE and NPEs.
NOTE
Configure HVPLS between the NPEs and the UPE; configure VPLS between NPEs. The detailed configuration is not mentioned here. For details, see "Configuration Files" in this section.
# Configure NPE1.
[NPE1] vsi biz-vsi1 static [NPE1-biz-vsi1] pwsignal ldp [NPE1-biz-vsi1-ldp] vsi-id 101 [NPE1-biz-vsi1-ldp] peer 1.1.1.1 tnl-policy policy1 upe [NPE1-biz-vsi1-ldp] peer 4.4.4.4 [NPE1-biz-vsi1-ldp] peer 5.5.5.5 [NPE1-biz-vsi1-ldp] quit [NPE1-biz-vsi1] quit
# Configure NPE2.
[NPE2] vsi biz-vsi1 static [NPE2-biz-vsi1] pwsignal ldp [NPE2-biz-vsi1-ldp] vsi-id 101 [NPE2-biz-vsi1-ldp] peer 1.1.1.1 tnl-policy policy1 upe [NPE2-biz-vsi1-ldp] peer 4.4.4.4 [NPE2-biz-vsi1-ldp] peer 5.5.5.5 [NPE2-biz-vsi1-ldp] quit [NPE2-biz-vsi1] quit
After the preceding configuration, running the display vsi command, you can view that VSI State displays up. Take UPE as an example:
[UPE] display vsi Total VSI number is 2, 2 is up, 0 is down, 2 is LDP mode, 0 is BGP mode Vsi Mem PW Mac Encap Mtu Vsi Name Disc Type Learn Type Value State ------------------------------------------------------------------------admin-vsi1 static ldp unqualify vlan 1500 up biz-vsi1 static ldp unqualify vlan 1500 up
(3) Isolate the ACs of the service VSI on the UPE to forbid the CEs from accessing each other, and bind the service VSI and the mVSI. # Configure the UPE.
[UPE] vsi biz-vsi1 [UPE-biz-vsi1] isolate spoken [UPE-biz-vsi1] track admin-vsi admin-vsi1 [UPE-biz-vsi1] quit
9-48
Issue 03 (2008-09-22)
After the preceding configuration, running the display vsi verbose command on the UPE, you can view that Isolate Spoken displays enable. Take UPE as an example:
[UPE] display vsi name biz-vsi1 verbose ***VSI Name : biz-vsi1 Administrator VSI : no Isolate Spoken : enable VSI Index : 1 PW Signaling : ldp Member Discovery Style : static PW MAC Learn Style : unqualify Encapsulation Type : vlan MTU : 1500 Tunnel Policy Name : policy1 VSI State : up VSI ID : 101 *Peer Router ID : 2.2.2.2 VC Label : 23552 Peer Type : dynamic Session : up Tunnel ID : 0x41002000, *Peer Router ID : 3.3.3.3 VC Label : 23553 Peer Type : dynamic Session : up Tunnel ID : 0x41002001, Interface Name : GigabitEthernet1/0/0.1 State : up **PW Information: *Peer Ip Address : 2.2.2.2 PW State : up Local VC Label : 23552 Remote VC Label : 23552 PW Type : label Tunnel ID : 0x41002000, *Peer Ip Address : 3.3.3.3 PW State : up Local VC Label : 23553 Remote VC Label : 23552 PW Type : label Tunnel ID : 0x41002001,
Running the display admin-vsi binding command on the UPE, you can view the binding of the service VSI and the mVSI. Take UPE as an example:
[UPE] display admin-vsi binding Admin-vsi Service-vsi -------------------------------------------admin-vsi1 biz-vsi1
4.
Configure VRRP. (1) Configure the mVRRP virtual router between NPEs. Master NPE and backup NPE are distinguished. NPE1 is the master; NPE2 is the backup.
NOTE
The mVRRP virtual router between NPEs can also adopt the load balancing mode. For detailed configuration, refer to the chapter "VRRP Configuration" in the Quidway NetEngine80E/ 40E Router Configuration Guide - Reliability.
# Configure NPE1.
[NPE1] interface gigabitethernet1/0/1.1 [NPE1-GigabitEthernet1/0/1.1] vlan-type dot1q 10 [NPE1-GigabitEthernet1/0/1.1] ip address 192.168.1.1 24
Issue 03 (2008-09-22)
9-49
# Configure NPE2.
<NPE2> system-view [NPE2] interface gigabitethernet1/0/1.1 [NPE2-GigabitEthernet1/0/1.1] vlan-type dot1q 10 [NPE2-GigabitEthernet1/0/1.1] ip address 192.168.1.2 24 [NPE2-GigabitEthernet1/0/1.1] vrrp vrid 1 virtual-ip 192.168.1.254 [NPE2-GigabitEthernet1/0/1.1] admin-vrrp vrid 1 [NPE2-GigabitEthernet1/0/1.1] quit
NOTE
l l
The NPE is used as the CE of the UPE to access the mVSI of the PE-AGG. In the NE80E/40E, the VRIDs on different interfaces can overlap. The overlapping scope and the maximum number of times of overlapping are determined by the License. To purchase the License, contact Huawei technical personnel.
After the preceding configuration, running the display vrrp command on the NPEs, you can view that the status of VRRP virtual router 1 on GE 1/0/1.1 of NPE1 is Master and the status of VRRP virtual router 1 on GE 1/0/1.1 of NPE2 is Backup, and both the VRRP virtual routers are mVRRP virtual devices.
[NPE1] display vrrp GigabitEthernet1/0/1.1 | Virtual Router 1 State : Master Virtual IP : 192.168.1.254 PriorityRun : 120 PriorityConfig : 120 MasterPriority : 120 Preempt : YES Delay Time : 0 Timer : 1 Auth Type : NONE Virtual Mac : 0000-5e00-0101 Check TTL : YES Config type : admin-vrrp [NPE2] display vrrp GigabitEthernet1/0/1.1 | Virtual Router 1 State : Backup Virtual IP : 192.168.1.254 PriorityRun : 100 PriorityConfig : 100 MasterPriority : 120 Preempt : YES Delay Time : 0 Timer : 1 Auth Type : NONE Virtual Mac : 0000-5e00-0101 Check TTL : YES Config type : admin-vrrp
(2) Bind the service VRRP virtual router and the mVRRP virtual router. # Configure NPE1.
[NPE1] vsi biz-vsi1 [NPE1-biz-vsi1] pwsignal ldp [NPE1-biz-vsi1] peer 1.1.1.1 track admin-vrrp interface gigabitethernet1/0/1.1 vrid 1 [NPE1-biz-vsi1] quit
# Configure NPE2.
[NPE2] vsi biz-vsi1 [NPE2-biz-vsi1] pwsignal ldp [NPE2-biz-vsi1] peer 1.1.1.1 track admin-vrrp interface gigabitethernet1/0/1.1 vrid 1 [NPE2-biz-vsi1] quit
9-50
Issue 03 (2008-09-22)
After the preceding configuration, running the display vsi verbose command, you can view the following:
l l
If the status of the mVRRP virtual router bound to the service VRRP virtual router is Master, the PW status of the service VSI is Up. If the status of the mVRRP virtual router bound to the service VRRP virtual router is Backup, the PW status of the service VSI is Backup.
[NPE1] display vsi name biz-vsi1 verbose ***VSI Name : biz-vsi1 Administrator VSI : no Isolate Spoken : disable VSI Index : 0 PW Signaling : ldp Member Discovery Style : static PW MAC Learn Style : unqualify Encapsulation Type : vlan MTU : 1500 VSI State : up VSI ID : 101 *Peer Router ID : 1.1.1.1 VC Label : 23552 Peer Type : dynamic Session : up Tunnel ID : 0x41002000, Tunnel Policy Name : policy1 *Peer Router ID : 4.4.4.4 VC Label : 23553 Peer Type : dynamic Session : up Tunnel ID : 0x1002002, *Peer Router ID : 5.5.5.5 VC Label : 23554 Peer Type : dynamic Session : up Tunnel ID : **PW Information: *Peer Ip Address : 1.1.1.1 PW State : up Local VC Label : 23552 Remote VC Label : 23552 PW Type : MEHVPLS Tunnel ID : 0x41002000, *Peer Ip Address : 4.4.4.4 PW State : up Local VC Label : 23553 Remote VC Label : 23552 PW Type : label Tunnel ID : 0x1002002, [NPE2] display vsi name biz-vsi1 verbose ***VSI Name : biz-vsi1 Administrator VSI : no Isolate Spoken : disable VSI Index : 0 PW Signaling : ldp Member Discovery Style : static PW MAC Learn Style : unqualify Encapsulation Type : vlan MTU : 1500 VSI State : up VSI ID : 101 *Peer Router ID : 1.1.1.1 VC Label : 23552 Peer Type : dynamic Session : up Tunnel ID : 0x41002000, Tunnel Policy Name : policy1 *Peer Router ID : 4.4.4.4 VC Label : 23553
Issue 03 (2008-09-22)
9-51
5.5.5.5 23554 dynamic up 0x1002002, 1.1.1.1 backup 23552 23553 MEHVPLS 0x41002000, 5.5.5.5 up 23554 23553 label 0x1002002,
Running the display vrrp binding admin-vrrp member-pw command on the NPEs, you can view the binding of the mVRRP virtual router and the service PW. Take NPE1 as an example:
[NPE1] display vrrp binding admin-vrrp member-pw Interface: GigabitEthernet1/0/1.1, admin-vrrp vrid: 1, state: Master VSI PW number: 1 VSI name: biz-vsi1, peer router ID: 1.1.1.1, vcid: 101, state: Up
Running the display vrrp binding admin-vrrp command on the NPEs, you can view all the bindings of the mVRRP virtual router and the service VRRP virtual device, the service interface, and the service PW. Take NPE1 as an example:
[NPE1] display vrrp binding admin-vrrp Interface: GigabitEthernet1/0/1.1, admin-vrrp vrid: 1, state: Master VSI PW number: 1 VSI name: biz-vsi1, peer router ID: 1.1.1.1, vcid: 101, state: Up
5.
Configure BFD. (1) Configure peer BFD between NPEs. # Configure NPE1.
[NPE1] bfd [NPE1-bfd] quit [NPE1] bfd peer1 bind peer-ip 192.168.1.2 interface gigabitethernet1/0/1.1 [NPE1-bfd-session-peer1] discriminator local 1 [NPE1-bfd-session-peer1] discriminator remote 1 [NPE1-bfd-session-peer1] commit [NPE1-bfd-session-peer1] quit
# Configure NPE2.
[NPE2] bfd [NPE2-bfd] quit [NPE2] bfd peer1 bind peer-ip 192.168.1.1 interface gigabitethernet1/0/1.1 [NPE2-bfd-session-peer1] discriminator local 1 [NPE2-bfd-session-peer1] discriminator remote 1 [NPE2-bfd-session-peer1] commit [NPE2-bfd-session-peer1] quit
After the preceding configuration, running the display bfd session all command on the NPEs, you can view that the BFD status is Up. Take NPE1 as an example:
[NPE1] display bfd session all -------------------------------------------------------------------------------
9-52
Issue 03 (2008-09-22)
Local Remote PeerIpAddr InterfaceName State Type ------------------------------------------------------------------------------1 1 192.168.1.2 GigabitEthernet1/0/1.1 Up S_IP ------------------------------------------------------------------------------Total UP/DOWN Session Number : 1/0
(2) Configure link BFD between the NPEs and the UPE. Between the NPEs and the UPE, the BFD session is used to detect the MPLS TE tunnel between PE1 and PE2. # Configure the UPE.
[UPE] bfd [UPE-bfd] quit [UPE] bfd link1 bind mpls-te interface tunnel 1/0/1 [UPE-bfd-lsp-session-link1] discriminator local 3 [UPE-bfd-lsp-session-link1] discriminator remote 3 [UPE-bfd-lsp-session-link1] commit [UPE] bfd link2 bind mpls-te interface tunnel 1/0/2 [UPE-bfd-lsp-session-link2] discriminator local 4 [UPE-bfd-lsp-session-link2] discriminator remote 4 [UPE-bfd-lsp-session-link2] commit
# Configure NPE1.
<NPE1> system-view [NPE1] bfd link1 bind peer-ip 1.1.1.1 [NPE1-bfd-session-link1] discriminator local 3 [NPE1-bfd-session-link1] discriminator remote 3 [NPE1-bfd-session-link1] commit
# Configure NPE2.
[NPE2] bfd link1 bind peer-ip 1.1.1.1 [NPE2-bfd-session-link1] discriminator local 4 [NPE2-bfd-session-link1] discriminator remote 4 [NPE2-bfd-session-link1] commit
After the preceding configuration, running the display bfd session all command on the UPE and the NPEs, you can view that the BFD status is Up. Take UPE and NPE1 as an example:
[UPE] display bfd session all Total Static Session Number : 2, Dynamic Session Number: 0, Entire Dynamic Sessi on Number: 0 ------------------------------------------------------------------------------Local Remote PeerIpAddr InterfaceName State Type ------------------------------------------------------------------------------3 3 2.2.2.2 Tunnel1/0/1 Up S_TE_TNL 4 4 3.3.3.3 Tunnel1/0/2 Up S_TE_TNL ------------------------------------------------------------------------------[NPE1] display bfd session all Total Static Session Number : 4, Dynamic Session Number: 0, Entire Dynamic Sessi on Number: 0 ------------------------------------------------------------------------------Local Remote PeerIpAddr InterfaceName State Type ------------------------------------------------------------------------------1 1 192.168.1.2 GigabitEthernet1/0/1.1 Up S_IP 3 3 1.1.1.1 Up S_IP
Issue 03 (2008-09-22)
9-53
-------------------------------------------------------------------------------
(3) Bind the mVRRP virtual router and the peer BFD session and the link BFD session. # Configure NPE1.
[NPE1] interface gigabitethernet1/0/1.1 [NPE1-GigabitEthernet1/0/0.1] vrrp vrid 1 track bfd-session 1 peer [NPE1-GigabitEthernet1/0/0.1] vrrp vrid 1 track bfd-session 3 link [NPE1-GigabitEthernet1/0/0.1] quit
# Configure NPE2.
[NPE2] interface gigabitethernet1/0/1.1 [NPE2-GigabitEthernet1/0/0.1] vrrp vrid 1 track bfd-session 1 peer [NPE2-GigabitEthernet1/0/0.1] vrrp vrid 1 track bfd-session 4 link [NPE2-GigabitEthernet1/0/0.1] quit
After the preceding configuration, running the display vrrp command on the NPEs, you can view that the mVRRP virtual router is bound with the peer BFD session and the link BFD session, which are in the Up state. Take NPE1 as an example:
[NPE1] display vrrp GigabitEthernet1/0/1.1 | Virtual Router 1 State : Master Virtual IP : 192.168.1.254 PriorityRun : 120 PriorityConfig : 120 MasterPriority : 120 Preempt : YES Delay Time : 0 Timer : 1 Auth Type : NONE Virtual Mac : 0000-5e00-0101 Check TTL : YES Config type : admin-vrrp Track BFD : 1 type: peer bfd-session state : up Track BFD : 3 type: link bfd-session state : up
6.
Verify the configuration. (1) After the IP address and gateway address are configured correctly on the PC, the ping to the gateway address (virtual IP address of the service VRRP virtual router) succeeds. (2) When the master device or primary link between the UPE and the NPE fails, the backup device and the secondary link can rapidly switch itself to be the master device and the primary link. Run the shutdown command on GE 1/0/1 of UPE to simulate the fault on the link between the UPE and NPE1. Before the shutdown command is run, the status of the VRRP virtual router on the NPEs is as follows:
l l l l
The status of mVRRP virtual router 1 on GE 1/0/1.1 of NPE1 is Master. The status of the service PW on NPE1 is Up. The status of mVRRP virtual router 1 on GE 1/0/1.1 of NPE2 is Backup. The status of the service PW on NPE2 is Backup.
[NPE1] display vrrp GigabitEthernet1/0/1.1 | Virtual Router 1 State : Master Virtual IP : 192.168.1.254 PriorityRun : 120 PriorityConfig : 120 MasterPriority : 120
9-54
Issue 03 (2008-09-22)
Issue 03 (2008-09-22)
9-55
After the shutdown command is run, the status of the VRRP virtual router on the NPE1 is as follows:
l l l l
The status of mVRRP virtual router 1 on GE 1/0/1.1 of NPE1 is Initialize. The service PW on NPE2 is deleted. The status of mVRRP virtual router 1 on GE 1/0/1.1 of NPE2 is Master. The status of the service PW on NPE2 is Up.
[NPE1] display vrrp GigabitEthernet1/0/1.1 | Virtual Router 1 State : Initialize Virtual IP : 192.168.1.254 PriorityRun : 120 PriorityConfig : 120 MasterPriority : 0 Preempt : YES Delay Time : 0 Timer : 1 Auth Type : NONE Virtual Mac : 0000-5e00-0101 Check TTL : YES Config type : admin-vrrp Track BFD : 1 type: peer bfd-session state : down Track BFD : 3 type: link bfd-session state : down [PE-AGG1] display vsi name biz-vsi1 verbose ***VSI Name : biz-vsi1 Administrator VSI : no Isolate Spoken : disable VSI Index : 0 PW Signaling : ldp Member Discovery Style : static PW MAC Learn Style : unqualify Encapsulation Type : vlan MTU : 1500 VSI State : down VSI ID : 101 *Peer Router ID : 1.1.1.1 VC Label : 23552 Peer Type : dynamic Session : down Tunnel ID : 0x41002000, Tunnel Policy Name : policy1 *Peer Router ID : 4.4.4.4 VC Label : 23553 Peer Type : dynamic Session : up Tunnel ID : 0x1002002, *Peer Router ID : 5.5.5.5 VC Label : 23554 Peer Type : dynamic Session : up Tunnel ID : [NPE2] display vrrp GigabitEthernet1/0/1.1 | Virtual Router 1 State : Master Virtual IP : 192.168.1.254 PriorityRun : 100 PriorityConfig : 100 MasterPriority : 100 Preempt : YES Delay Time : 0 Timer : 1 Auth Type : NONE Virtual Mac : 0000-5e00-0101 Check TTL : YES Config type : admin-vrrp Track BFD : 1 type: peer bfd-session state : down
9-56
Issue 03 (2008-09-22)
For the UPE user, NPE2 becomes the master device. The MAC addresses of all the service VSIs bound with the admin-vsi1 on the UPE are cleared and the service VSIs learn the correct MAC address of NPE2 without interrupting the user service.
Configuration Files
l
Issue 03 (2008-09-22)
9-57
9-58
Issue 03 (2008-09-22)
ip address unnumbered interface LoopBack1 tunnel-protocol mpls te destination 3.3.3.3 mpls te tunnel-id 2 mpls te commit # tunnel-policy policy1 tunnel select-seq cr-lsp load-balance-number 1 # bfd link1 bind mpls-te interface tunnel 1/0/1 discriminator local 3 discriminator remote 3 commit # bfd link2 bind mpls-te interface tunnel 1/0/2 discriminator local 4 discriminator remote 4 commit # return l
Issue 03 (2008-09-22)
9-59
# interface GigabitEthernet1/0/1.1 undo shutdown vlan-type dot1q 10 ip address 192.168.1.1 255.255.255.0 vrrp vrid 1 virtual-ip 192.168.1.254 vrrp vrid 1 priority 120 vrrp vrid 1 track bfd-session 1 peer vrrp vrid 1 track bfd-session 3 link admin-vrrp vrid 1 # interface LoopBack1 ip address 2.2.2.2 255.255.255.255 isis enable 1 # interface Tunnel1/0/1 description TO UPE ip address unnumbered interface LoopBack1 tunnel-protocol mpls te destination 1.1.1.1 mpls te tunnel-id 1 mpls te commit # bfd link1 bind peer-ip 1.1.1.1 discriminator local 3 discriminator remote 3 commit # bfd peer1 bind peer-ip 192.168.1.2 interface GigabitEthernet1/0/1.1 discriminator local 1 discriminator remote 1 commit # tunnel-policy policy1 tunnel select-seq cr-lsp load-balance-number 1 # return l
9-60
Issue 03 (2008-09-22)
network-entity 49.0040.0030.0300.3003.00 traffic-eng level-2 # interface GigabitEthernet1/0/0 undo shutdown ip address 20.1.2.1 255.255.255.0 isis enable 1 mpls mpls ldp # interface GigabitEthernet1/0/1 undo shutdown ip address 10.1.2.2 255.255.255.0 isis enable 1 mpls mpls te mpls rsvp-te # interface GigabitEthernet1/0/1.1 undo shutdown vlan-type dot1q 10 ip address 192.168.1.2 255.255.255.0 vrrp vrid 1 virtual-ip 192.168.1.254 vrrp vrid 1 track bfd-session 1 peer vrrp vrid 1 track bfd-session 4 link admin-vrrp vrid 1 # interface LoopBack1 ip address 3.3.3.3 255.255.255.255 isis enable 1 # interface Tunnel1/0/1 description TO UPE ip address unnumbered interface LoopBack1 tunnel-protocol mpls te destination 1.1.1.1 mpls te tunnel-id 2 mpls te commit # bfd link1 bind peer-ip 1.1.1.1 discriminator local 4 discriminator remote 4 commit # bfd peer1 bind peer-ip 192.168.1.1 interface GigabitEthernet1/0/1.1 discriminator local 1 discriminator remote 1 commit # tunnel-policy policy1 tunnel select-seq cr-lsp load-balance-number 1 # return l
Issue 03 (2008-09-22)
9-61
9-62
Issue 03 (2008-09-22)
Issue 03 (2008-09-22)
9-63
10
About This Chapter
This chapter describes the basic concept of ATM IWF, and configuration steps, along with examples 10.1 Introduction This section describes the concepts and applicable environment of ATM IWF. 10.2 Configuring the CCC Local Connection ATM IWF This section describes how to configure the CCC local connection ATM IWF. That is, configure a CCC local connection between an ATM interface and an Ethernet sub-interface on the same device. 10.3 Configuring the Remote ATM IWF This section describes how to configure PW ATM IWF. That is, configure transparent transmission of Layer 2 Ethernet data packets over an ATM link between two PEs, by using LSPs of an L2VPN. 10.4 Configuration Examples This section provides several configuration examples of ATM IWF.
Issue 03 (2008-09-22)
10-1
10.1 Introduction
This section describes the concepts and applicable environment of ATM IWF. 10.1.1 ATM IWF Overview 10.1.2 ATM IWF Supported by the NE80E/40E
Due to the cell tax of ATM, its transmission efficiency is rather low. Due to the SAR of ATM, the capacity of core network has been confined greatly; OC-48 SAR has limited functions. The existing ATM networks have the common interfaces of 622M and 155M, and it is hard to see interfaces of 2.5G or above. ATM cannot keep up with the increase of IP services, and it is poor in terms of multicast. Therefore, it is hard to deploy new services, particularly the popular Triple Play/IPTV services. Building ATM network is very costly, and the maintenance of devices is also complex.
IP and Ethernet technologies have been widely used in the world due to their good compatibility and scalability, and it is inevitable for ATM network to evolve into IP network and Ethernet work. However, such a change should be smooth and gradual to protect customers interests and make full use of existent network and devices. Also, Ethernet has to carry the traditional ATM services and make both ATM network and Ethernet intercommunicate, migrating the services and protecting the investment. The ATM Inter-Working Function (ATM IWF) provides the interoperability function between the ATM link based on the RFC1483 bridge encapsulation mode and the Ethernet link. The ATM packets based on the RFC1483 bridge encapsulations mode can be transmitted transparently to the Ethernet link through MPLS L2VPN. VPI is mapped to the outer VLAN ID and VCI to inner VLAN ID to keep the ATM access information (VPI and VCI of the packets). Usually, the ATM packets with the VPI/VCI information to the Ethernet link through double VLAN that is appended to the packet frame header at the data link layer, that is, the QinQ mode.
NOTE
RFC1483 defines a technical standard for transmitting the multi-protocol data packet on an ATM network. With the 1483 bridge encapsulation, that is for the data packet of the bridge protocols, the Ethernet frame can be transmitted on the ATM link.
Local connection
The NE80E/40E supports the Virtual Leased Line (VLL) in Circuit Cross Connect (CCC) local connection mode. This implements CCC between the ATM sub-interfaces and Ethernet subinterfaces on the same device. As shown in Figure 10-1, in the CCC local connection, the router cross transmits the flow that is based on 1483 encapsulation out of the ATM flow accessed from devices like DSLAM to the Ethernet link. VPI is mapped to be the outer VLAN tag, and VCI is mapped to be the inner VLAN tag. Then, the packets are forwarded from the Ethernet interface to the access device such as BRAS. The BRAS distinguishes different DSLAM users based on the labels on the twolayer of VLAN of a packet. Figure 10-1 ATM IWF diagram in the CCC local connection
CCC ATM GE
DSLAM
RouterA
BRAS
Remote connection
Through the MPLS L2VPN, layer 2 transparent transmissions of data packets of the ATM link and the Ethernet link can be carried out between peer PEs. As shown in Figure 10-2, the ATM flow based on 1483B encapsulation can be transparently transmitted to the remote Ethernet link through PW (such as configuring VLL or PWE3). In the process, VPI is mapped to be the outer VLAN tag and VCI is mapped to be the inner VLAN tag. The ATM packets are then transparently transmitted to the remote BRAS. The BRAS distinguishes different DSLAM users based on the labels on the two-layer VLAN of a packet. Figure 10-2 Diagram of ATM IWF in PW
RouterA PW RouterB
ATM
GE
ATM
ATM Switch
BRAS
10.2.1 Establishing the Configuration Task 10.2.2 Enabling IWF on an ATM Board 10.2.3 Configuring an ATM Sub-Interface and Configuring IWF Mapping 10.2.4 Configuring an Ethernet Sub-Interface 10.2.5 Configuring CCC Local Connection 10.2.6 Checking the Configuration
Pre-configuration Tasks
Before configuring the CCC local connection ATM IWF, complete the following tasks:
l
Connecting the interfaces, configuring physical parameters for the interfaces to ensure that the physical status of the interfaces is Up Enabling MPLS L2VPN
Data Preparation
To configure the CCC local connection ATM IWF, you need the following data. No. 1 2 3 Data The router ATM sub interface number and values of VPI/VCI The Ethernet sub interface number and label value of VLAN Label value of the inner and outer VLAN tags after the VPI/VCI mapping
Procedure
Step 1 Run:
system-view
10-4
Issue 03 (2008-09-22)
The ATM board is configured to enable IWF. By default, the ATM board does not enable the IWF function. Once the ATM board is configured to enable IWF, the function remains effective until it is disabled by using the undo atm iwf slotid enable command. Then, the default state of the ATM board is restored. Step 3 Run:
quit
Procedure
Step 1 Run:
system-view
A P2P ATM sub interface is created and the sub interface view is displayed. Step 3 Run:
pvp vpi
The mapping from VPI to the outer VLAN tag is set. Step 5 Run:
vc-vlan-map vci begin-vci to end-vci ce-vid begin-vlan
The system view is displayed. The mapping from VCI to the inner VLAN tag is set.
Issue 03 (2008-09-22) Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd. 10-5
Before configuring the relationship between ATM sub interface and IWF mapping, you need to ensure that the ATM interface parameters between the router and the ATM switch or the peer device are normal. These parameters include adding interference to the line signal, value of various cost bytes and the clock mode of the interface.
NOTE
The range form begin-vci to end-vci cannot include 3 or 4. The VCI of 3 and 4 is reserved for OAM and cannot be configured.
----End
Procedure
Step 1 Run:
system-view
An Ethernet sub interface is created and the sub interface view is displayed. Step 3 Run:
vlan-type dot1q vid
The encapsulation type of sub interface and related VLAN are set. To configure the CCC local connection IWF, the VLAN ID related to the Ethernet sub interface must be the same as the VLAN ID of the VPI mapping of the corresponding ATM sub interface. That is, the vid configured in Step 3 must be the same as the vid configured in Step 4 of the previous configuration procedures. ----End
Procedure
Step 1 Run:
system-view
Step 2 Run:
ccc ccc-name interface atm interface-number.subnumber out-interface { ethernet | gigabitethernet } interface-number.subnumber
display ccc
After the configuration, run the display atm iwf command. You can view that IWF is enabled on the ATM board of the router.
<Quidway> display atm iwf atm iwf has been enabled for slot 1
After the configuration, run the display pvc-vlan-map interface atm interfacenumber.subinterface-number [ vpi-value ] command. You can view that the mapping between vpi/vci and pe-vid /ce-vid on the ATM interface is set up.
<Quidway> display pvc-vlan-map interface atm 3/0/0.1 PVC 1/5-VLAN 1/5 VCD:5 InFlowID:32769 OutFlowID:131073 PVC 1/6-VLAN 1/6 VCD:6 InFlowID:32770 OutFlowID:131074 PVC 1/100-VLAN 1/100 VCD:10 InFlowID:32868 OutFlowID:131082
Pre-configuration Tasks
Before configuring the remote ATM IWF, complete the following tasks:
l
Connecting the interfaces, configuring physical parameters for the interfaces to ensure that the physical status of the interfaces is Up Configuring MPLS basic functions on the MPLS backbone network Configuring MPLS LDP on the MPLS backbone network Establishing remote LDP sessions between PEs Enabling MPLS L2VPN
l l l l
Data Preparation
To configure the remote ATM IWF, you need the following data. No. 1 2 Data The router ATM sub interface number and values of VPI/VCI Label value of the inner and outer VLAN tags after the VPI/VCI mapping
Procedure
Step 1 Run:
system-view
The ATM board is configured to enable IWF. By default, the ATM board does not enable the IWF function. Once the ATM board is configured to enable IWF, the function remains effective until it is disabled by using the undo atm iwf slotid enable command. Then, the default state of the ATM board is restored.
10-8 Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd. Issue 03 (2008-09-22)
Step 3 Run:
quit
Procedure
Step 1 Run:
system-view
A P2P ATM sub interface is created and the sub interface view is displayed. Step 3 Run:
pvp vpi
The mapping from VPI to the outer VLAN tag is set. Step 5 Run:
vc-vlan-map vci begin-vci to end-vci ce-vid begin-vlan
The system view is displayed. The mapping from VCI to the inner VLAN tag is set. Before configuring the relationship between ATM sub interface and IWF mapping, you need to ensure that the ATM interface parameters between the router and the ATM switch or the peer device are normal. These parameters include adding interference to the line signal, value of various cost bytes and the clock mode of the interface.
NOTE
The range form begin-vci to end-vci cannot include 3 or 4. The VCI of 3 and 4 is reserved for OAM and cannot be configured.
----End
Issue 03 (2008-09-22) Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd. 10-9
display mpls l2vc [ vc-id | interface interface-type interface-number | remote-info [ vc-id ] | state { up | down } ]
After the configuration, run the display atm iwf command. You can view that IWF is enabled on the ATM board of the router.
<Quidway> display atm iwf atm iwf has been enabled for slot 1
After the configuration, run the display pvc-vlan-map interface atm interfacenumber.subinterface-number [ vpi-value ] command. You can view that the mapping between vpi/vci and pe-vid /ce-vid on the ATM interface is set up.
<Quidway> display pvc-vlan-map interface atm 3/0/0.1 PVC 1/5-VLAN 1/5 VCD:5 InFlowID:32769 OutFlowID:131073 PVC 1/6-VLAN 1/6 VCD:6 InFlowID:32770 OutFlowID:131074 PVC 1/100-VLAN 1/100 VCD:10 InFlowID:32868 OutFlowID:131082
10.4.1 Example for Configuring the CCC Local Connection ATM IWF
10-10 Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd. Issue 03 (2008-09-22)
Networking Requirements
As shown in Figure 10-3, the ATM interface of DSLAM is connected to the Ethernet interface of the local BRAS through the PE device. You can carry out transparent transmission of packets between DSLAM and BRAS through the CCC local connection. Figure 10-3 Networking diagram of the CCC local connection ATM IWF
Loopback1 1.1.1.9/32 ATM3/0/0.1 GE4/0/0.1
DSLAM
RouterA
BRAS
Configuration Roadmap
The configuration roadmap is as follows: 1. 2. 3. 4. Enable ATM IWF on the ATM board on Router A. Configure basic MPLS functions on Router A and enable MPLS L2VPN. Configure the mappings between the VPI of the ATM interface and the outer VLAN tag, and the VCI of the ATM interface and the inner VLAN tag. On Router A, create a local connection to DSLAM and BRAS. CCC local connections are bi-directional and thus only one connection is required.
Data Preparation
To complete the configuration, you need the following data:
l l
Values of VPI and VCI of the ATM interface Inner and outer VLAN tags of packets on the Ethernet interface
Configuration Procedure
1. Configure DSLAM and BRAS. Configure a PVC on DSLAM and set the encapsulation type of packets to 1483B. Suppose multiple PVCs are configured and their VPIs are all 1, whereas their VCIs range from 5 to 100. For configurations of DSLAM and BRAS, refer to the configuration guide of related devices. 2. Enable IWF on the ATM board.
<Quidway> [Quidway] [RouterA] [RouterA] <RouterA> system-view sysname RouterA atm iwf 3 enable quit reset slot 3
After the configuration, run the display atm iwf command to check that IWF is enabled.
[RouterA] display atm iwf atm iwf has been enabled for slot 3.
3.
Issue 03 (2008-09-22)
# Configure Router A.
<RouterA> system-view [RouterA] mpls lsr-id 1.1.1.9 [RouterA] mpls [RouterA-mpls] quit
4.
Enable MPLS L2VPN on PE and configuration the CCC ATM IWF. # Configure an ATM P2P sub-interface and map VPI to the outer VLAN tag and VCI to the inner VLAN tag.
[RouterA] interface atm 3/0/0.1 p2p [RouterA-Atm3/0/0.1] pvp 1 [RouterA-Atm3/0/0.1-1/0] vp-vlan-map pe-vid 1 [RouterA-Atm3/0/0.1-1/0] vc-vlan-map vci 5 to 100 ce-vid 1 [RouterA-Atm3/0/0.1-1/0] quit [RouterA-Atm3/0/0.1] quit
# Create an Etherent sub-interface and configure the VLAN ID to be the outer VLAN tag mapped by VPI mentioned earlier.
[RouterA] interface gigabitethernet 4/0/0.1 [RouterA-gigabitethernet4/0/0.1] shutdown [RouterA-gigabitethernet4/0/0.1] vlan-type dot1q 1 [RouterA-gigabitethernet4/0/0.1] undo shutdown [RouterA-gigabitethernet4/0/0.1] quit
# Enable MPLS L2VPN on Router A and set the CCC local connection.
[RouterA] mpls l2vpn [RouterA-l2vpn] quit [RouterA] ccc ccc1 interface atm 3/0/0.1 out-interface gigabitethernet 4/0/0.1
5.
Verify the configuration. Run the display ccc command on Router A to check the establishment of the CCC connection.
[RouterA] display ccc total ccc vc : 1 local ccc vc : 1, 1 up remote ccc vc : 0, 0 up name: ccc1, type: local, state: up, intf1: Atm3/0/0.1 (up), intf2: GigabitEthernet4/0/1.1 (up)
You can also run the display pvc-vlan-map interface atm interface-number.subinterfacenumber vpi-value command to check the mapping relationship between vpi/vci of IWF PVC configured in the ATM interface and pe-vid or ce-vid.
[RouterA] display pvc-vlan-map interface atm 3/0/0.1 PVC 1/5-VLAN 1/5 VCD:5 InFlowID:32769 OutFlowID:131073 PVC 1/6-VLAN 1/6 VCD:6 InFlowID:32770 OutFlowID:131074 PVC 1/100-VLAN 1/100 VCD:10 InFlowID:32868 OutFlowID:131082
Configuration Files
Configuration file of Router A
# sysname RouterA # mpls lsr-id 1.1.1.9 mpls mpls l2vpn # interface atm3/0/0.1 p2p pvp 1 vp-vlan-map pe-vid 1 vc-vlan-map vci 5 to 100 ce-vid 1 #
10-12
Issue 03 (2008-09-22)
interface gigabitethernet4/0/0.1 vlan-type dot1q 1 # ccc ccc1 interface atm 3/0/0.1 out-interface GigabyteEthernet 4/0/0.1 # interface LoopBack1 ip address 1.1.1.9 255.255.255.255 # return
PE 1
ATM1/0/0.1
PE 2
GE1/0/0.1 VLAN1
DSLAM
BRAS
Configuration Roadmap
The configuration roadmap is as follows: 1. 2. 3. 4. 5. Run an IGP to ensure connectivity of routes on the backbone network. Configure basic MPLS functions on the backbone network and set up LSP tunnels. Set up MPLS LDP remote peer relationship between PEs at both ends of the PW. Enable ATM IWF on the ATM board on PE1. On PE1, configure the mappings between the VPI of the ATM interface and the outer VLAN tag, and the VCI of the ATM interface and the inner VLAN tag. Create MPLS L2VC connections on PEs.
Data Preparation
To complete the configuration, you need the following data:
l l
L2VC IDs at both ends of the PW, which must be the same MPLS LSR IDs of PEs and P
Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd. 10-13
Issue 03 (2008-09-22)
IP address of the remote PE peer Values of VPI and VCI of the ATM interface Inner and outer VLAN tags of packets on the Ethernet interface
Configuration Procedure
1. Configure DSLAM and BRAS. Configure PVC on DSLAM and the encapsulation method of packets is 1483B. Suppose multiple PVCs are configured and their VPIs are all 1, while the VCI ranges from 5 to 100. Configure VLAN sub-interfaces on the BRAS. For configurations of DSLAM and BRAS, refer to the configuration guide of related devices. 2. Configure an IGP on the MPLS backbone network and OSPF is used in this case. As shown in Figure 10-4, configure the interface addresses of PE and P. Run the undo shutdown command to change each physical interface to Up. When you configure OSPF, note that you need to release the 32 byte Loopback interface address of PE1, P and PE2. The specific configurations are omitted. 3. Configure basic MPLS functions and LDPs on the MPLS backbone network. # Configure PE1.
[PE1] mpls lsr-id 1.1.1.9 [PE1] mpls [PE1-mpls] quit [PE1] mpls ldp [PE1-mpls-ldp] quit [PE1] interface pos 2/0/0 [PE1-Pos2/0/0] mpls [PE1-Pos2/0/0] mpls ldp [PE1-Pos2/0/0] quit
# Configure P.
[P] mpls lsr-id 2.2.2.9 [P] mpls [P-mpls] quit [P]mpls ldp [P-mpls-ldp] quit [P] interface pos 1/0/0 [P-Pos1/0/0] mpls [P-Pos1/0/0] mpls ldp [P-Pos1/0/0] quit [P] interface pos 2/0/0 [P-Pos2/0/0] mpls [P-Pos2/0/0] mpls ldp [P-Pos2/0/0] quit
# Configure PE2.
[PE2] mpls lsr-id 3.3.3.9 [PE2] mpls [PE2-mpls] quit [PE2] mpls ldp [PE2-mpls-ldp] quit [PE2] interface pos 2/0/0 [PE2-Pos2/0/0] mpls [PE2-Pos2/0/0] mpls ldp [PE2-Pos2/0/0] quit
4.
10-14
Issue 03 (2008-09-22)
# Configure PE2.
[PE2] mpls ldp remote-peer 1 [PE2-mpls-ldp-remote-1] remote-ip 1.1.1.9 [PE2-mpls-ldp-remote-1] quit
5.
6.
Enable MPLS L2VPN on PE and configure the PW ATM IWF. # Configure PE1.
[PE1] mpls l2vpn [PE1-l2vpn] quit [PE1] pw-template pwt [PE1-pw-template-pwt] peer-address 3.3.3.9 [PE1-pw-template-pwt] quit [PE1] interface atm 1/0/0.1 p2p [PE1-Atm1/0/0.1] pvp 1 [PE1-Atm1/0/0.1-1/0] vp-vlan-map pe-vid 1 [PE1-Atm1/0/0.1-1/0] vc-vlan-map vci 5 to 100 ce-vid 1 [PE1-Atm1/0/0.1-1/0] quit [PE1-Atm1/0/0.1] mpls l2vc pw-template pwt 101 [PE1-Atm1/0/0.1] quit
# Configure PE2.
[PE2] mpls l2vpn [PE2-l2vpn] quit [PE2] pw-template pwt [PE2-pw-template-pwt] peer-address 1.1.1.9 [PE2-pw-template-pwt] quit [PE2] interface gigabitethernet 1/0/0.1 [PE2-gigabitethernet1/0/0.1] vlan-type dot1q 1 [PE2-gigabitethernet1/0/0.1] mpls l2vc pw-template pwt 101 [PE2-gigabitethernet1/0/0.1] quit
7.
Verify the configuration. After the configuration, run the display mpls l2vc command on PEs. You can view that the PW is in the Up state and the encapsulation type of the VC is VLAN. Take the display on PE1 as an example.
[PE1] display mpls l2vc Total ldp vc : 1 1 up 0 down *Client Interface : Atm1/0/0.1 Session State : up AC Status : up VC State : up VC ID : 101 VC Type : vlan Destination : 3.3.3.9 Local VC Label : 17408 Remote VC Label : 17409 Control Word : Disable Local VC MTU : 1500 Romete VC MTU : 1500 Tunnel Policy Name : -Traffic Behavior Name: -PW Template Name : pwt Create time : 0 days, 0 hours, 0 minutes, 23 seconds UP time : 0 days, 0 hours, 0 minutes, 23 seconds Last change time : 0 days, 0 hours, 0 minutes, 23 seconds
Run the display pvc-vlan-map interface atm interface-number.subinterface-number command. You can view that the mapping between vpi/vci and pe-vid /ce-vid on the ATM interface is set up. Take the display on PE1 as an example.
Issue 03 (2008-09-22) Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd. 10-15
[PE1] display pvc-vlan-map interface atm 1/0/0.1 PVC 1/5-VLAN 1/5 VCD:5 InFlowID:32769 OutFlowID:131073 PVC 1/6-VLAN 1/6 VCD:6 InFlowID:32770 OutFlowID:131074 PVC 1/100-VLAN 1/100 VCD:10 InFlowID:32868 OutFlowID:131082
Configuration Files
l
Configuration file of P
# sysname P # mpls lsr-id 2.2.2.9 mpls # mpls ldp # interface Pos1/0/0 undo shutdown link-protocol ppp ip address 10.2.2.2 255.255.255.0 mpls mpls ldp # interface Pos2/0/0 undo shutdown link-protocol ppp ip address 10.1.1.2 255.255.255.0 mpls mpls ldp
10-16
Issue 03 (2008-09-22)
Issue 03 (2008-09-22)
10-17
A Glossary
A
This appendix collates frequently used glossaries in this document. A AC Address Space Attribute Value Pair An address realm that is managed by a VPN.
Glossary
A physical or logical link used to transmit frames between the CE and the PE in L2VPN.An AC interface can be a physical interface or a virtual interface. All the user packets on the AC including the protocol packets of Layer 2 and Layer 3 are completely transmitted to the peer site.
The attribute value pairs (AVP) that are used by the L2TP protocol to transmit and negotiate the L2TP parameters. A control message contains multiple AVPs.
C Carrier's Carrier A network structure in which a user of a BGP/MPLS VPN service who is also a service provider at the same time. In this situation, the BGP/MPLS VPN service provider is a Level 1 carrier. The user of the BGP/MPLS VPN service who is also a service provider at the same time is called a Level 2 carrier. An implementation of MPLS L2VPN that uses the static configuration of labels. CCC transmits user data by using Layer 1 label. CCC exclusively uses an LSP. A connection that defines a pair of LNS and LAC and controls the establishment, maintenance and dismantlement of tunnels and sessions. The procedures for establishing a control connection involve the exchange of information about identity protection, L2TP version, frame type, and parameters of the physical links. A message used in the establishment and maintenance of tunnels and sessions, and in the transmission control. Control messages are transmitted in reliable mode.
CCC
Control Connection
Control Message
Issue 03 (2008-09-22)
A-1
A Glossary
Customer Premises Equipment-based VPN. A VPN that is controlled by users. Customer edge equipment that is directly connected with the service provider. In a VPN based on MPLS, a CE device can be a router, switch, or even a host. A 4-byte encapsulated packet header. It is used to transmit packets in a MPLS packet switching network. The control word carries the sequence number, fills the packets to prevent too short packets, and carries Layer 2 header control information.
CW
D Data Message Dynamic PW E Extranet VPN A VPN that expands an enterprise network to the service provider, partner, and client. Through an extranet VPN, different enterprises can construct VPN through public networks. A message that encapsulates PPP frames and is transmitted in tunnels. Data messages are transmitted in unreliable mode. A PW that is set up through a signaling protocol.
G GRE An encapsulation mode in which packets of some network protocols such as IP and IPX are encapsulated and thus can be transmitted in networks supporting other protocols such as IP.
I Intranet VPN A VPN that connects sites within an enterprise through the public network.
K Kompella VPN An implementation of L2VPN that is realized in end-to-end mode in a MPLS network. In Kompella VPN, BGP is used as the signaling protocol to transmit Layer 2 information and VC labels.
L L2TP A Layer 2 tunneling protocol that is drafted by IETF and involves the participation of companies such as Microsoft. The L2TP combines the advantages of both PPTP and L2F. A device that is attached to a switching network and is capable of L2TP processing. It possesses PPP terminal system and generally provides the access service to users. A server that processes the L2TP protocol.
A-2
Issue 03 (2008-09-22)
A Glossary
M Martini VPN An implementation of MPLS L2VPN that is realized by setting up point-to-point link. In Martini VPN, LDP is used as the signaling protocol to transmit Layer 2 information and VC labels. A protocol that transmits VPN structure information and VPN IPv4 routes between the PE devices. A VPN that provides Layer 2 VPN services based on the MPLS network to enable the carriers to provide VPNs of different media, including ATM, FR, VLAN, Ethernet, and PPP on unified MPLS network. A situation in which multiple PWs exist between the U-PEs.
A server that provides the access to Internet for PSTN/ISDN dialup users. A Network Access Server (NAS) can work as an LAC, or as an LNS, or as an LAC and LNS at the same time. A VPN in which users entrust maintenance of the VPN to ISPs and realize VPN features and functions on the network edge devices.
Network-based VPN
P P A backbone device that is located in the service provider network. A P device is not directly connected with the CE devices. The P devices only need the basic MPLS forwarding capability and do not maintain information about a VPN. A Provider Edge (PE) device is a device that is located in the backbone network in the MPLS VPN structure. A PE device is responsible for VPN user management, establishment of LSPs between the PE devices and exchanges of routing information between sites of the same VPN.A PE device performs the mapping and forwarding of the packets from the private network to the public-network tunnels and that in the reverse order. PE can be further divided into UPE, SPE and NPE. A tunnel protocol that encapsulates PPP on the tunnels of an IP network. The protocol is supported by Microsoft, Ascend, and 3COM. A bidirectional virtual connection between two VSIs. A VSI consists of a pair of unidirectional MPLS VCs. A technology that bears Layer 2 services. PWE3 emulates services such as ATM, FR, Ethernet, low-speed TDM circuit, and SONET/ SDH. A signaling protocol used to set up and maintain Pseudo Wires (PWs).PW signaling can automatically discover the peer PE devices of VSIs. Currently, the primary PW signaling protocols are LDP and BGP.
PE
PPTP
PW PWE3
PW Signaling
Issue 03 (2008-09-22)
A-3
A Glossary
PW Template
A Pseudo Wire (PW) template is an aggregation of public attributes of the PWs. A PW template is shared by different PWs.
Q QinQ A mechanism that uses the tunnel protocol based on 802.1Q encapsulation and provides multi-point L2VPN services. In Q-inQ, the private-network VLAN tag is encapsulated in the publicnetwork VLAN tag. The packets carrying double tags are transmitted through the backbone network of the service provider. Thus, the users are provided with a Layer 2 VPN tunnel service.
R Route Distinguisher An 8-byte field in a VPN IPv4 address. A route distinguisher (RD) together with a 4-byte IPv4 address prefix construct a VPN IPv4 address to differentiate the IPv4 prefixes using the same address space.
S Session Connection Single hop PW Site A connection that is a PPP session multiplexed on the tunnel connections. A situation in which only one PW exists between the U-PEs. The label switching on the PW label level is not needed. A group of IP systems. Sites have IP connectivity between each other and this connectivity need not be realized by the service provider network. The SPE devices are core devices that are located within a VPLS full-meshed network. The UPE devices that are connected with the SPE devices are similar to the CE devices. The PWs set up between the UPE devices and the SPE devices serve as the ACs of the SPE devices. The SPE devices must learn the MAC addresses of all the sites on UPE side and those of the UPE interfaces that are connected with the SPE.SPE is sometimes called NPE. A device that is responsible for PW switching and PW label forwarding within a backbone network. A PW whose parameters are specified through command lines instead of parameter negotiation. Data is transmitted between the PE devices through tunnels. An implementation of static MPLS L2VPN that does not use the signaling protocol to transmit L2VPN information. In SVC, VC label information needs manual configuration.
SPE
S-PE Static PW
SVC
A-4
Issue 03 (2008-09-22)
A Glossary
Tunnel
A channel through which a packet switching network transmits service traffic between the PEs. In VPN, a tunnel is an information transmission channel between two entities. The tunnel provides security for transparent transmission of VPN information. A tunnel can bear multiple PWs. In most cases, a tunnel is a MPLS tunnel. A management mode in which the tunnel status is reported to the tunnel application program and the tunnel policies are checked according to the destination IP address. A policy used to choose a tunnel according to the destination IP address. A technology that is used to implement the L2TP tunnel relay. A device supporting the tunnel switch works on the one hand as an LNS to set up the tunnel connection with the LAC, and on the other hand works as an LAC to set up the tunnel connection with the LNS.
Tunnel Management
U UPE A PE device that is directly connected with the CE devices. UPE supports routing and MPLS encapsulation. If a UPE is connected with multiple CEs and possesses the basic bridge function, frame forwarding is performed only on the UPE. This decreases the burden of the SPE. A U-PE is an edge device of a backbone network and is directly connected with user edge devices in a VPN.
U-PE
V VC VCCV A unidirectional logical connection between two nodes. A tool that is used to manually test the connectivity of the virtual circuit. Similar to ICMP ping and LSP ping, it is realized through the extended LSP ping. A line that emulates the leased line by using IP network and thus provides unsymmetrical and low-cost Digital Data Network (DDN) service. A network that implements VPN by using the dial-up function of the public network such as ISDN and PSTN, and the access network to provide the access service for enterprise, small-scale ISP, and mobile business man. A service that is used to connect more than one Ethernet LAN segment through the PSN and make them operate in an environment similar to a LAN. A recently-developed technology that implements the private network over a public network. It is a network that only logically exists.
VLL
VPDN
VPLS
VPN
Issue 03 (2008-09-22)
A-5
A Glossary
VPN instance
An entity that is set up and maintained by the PE devices for directly-connected sites. Each site has its VPN instance on a PE device. A VPN instance is also called VPN Routing and Forwarding (VRF) table. A PE device has multiple forwarding tables, including a public-network routing table and a or multiple VRFs. A BGP extended community attribute that is also called Route Target. In BGP/MPLS IP VPN, VPN-Target is used to control VPN routing information. VPN-Target attribute defines a VPN IPv4 route can be received by which site and a PE device can receive routes from which site. A network that realizes the communication between the headquarters, branches, and the remote offices through the virtual routers. A technology that bears Layer 2 services. VPWS emulates services such as ATM, FR, Ethernet, low-speed TDM circuit, and SONET/ SDH in a PSN. See VPN instance. An instance through which the physical access links of VPLS can be mapped to the virtual links. Each VSI provides independent VPLS service. VSI has Ethernet bridge function and can terminate PW.
VPN-Target
VPRN
VPWS
VRF VSI
A-6
Issue 03 (2008-09-22)
B
A AC ARP AS ASBR ATM AVP B BGP C CCC CE CHAP CRC CW D DHCP DLCI DR DU
This appendix collates frequently used acronyms and abbreviations in this document.
Attachment Circuit Address Resolution Protocol Autonomous System Autonomous System Boundary Router Asynchronous Transfer Mode Attribute Value Pair
Circuit Cross Connect Customer Edge Challenge Handshake Authentication Protocol Cyclic Redundancy Check Control Word
Dynamic Host Configuration Protocol Data Link Connection Identifier Designated Router Downstream Unsolicited
Issue 03 (2008-09-22)
B-1
F FEC FR G GRE H HDLC HoPE HoVPN HVPLS I IETF IGP IKE IPSec IPX ISDN IS-IS ISP L L2F L2TP LAC LAN LCP LDP LFIB LNS LSA LSP LSR
B-2
High-level Data Link Control Hierarchy of PE Hierarchy of VPN Hierarchical Virtual Private LAN Service
Internet Engineering Task Force Interior Gateway Protocol Internet Key Exchange Internet Protocol Security extensions Internet Packet Exchange Integrated Services Digital Network Intermedia System-Intermedia System Internet Service Provider
Layer 2 Forwarding Layer 2 Tunneling Protocol L2TP Access Concentrator Local Area Network Link Control Protocol Label Distribution Protocol Label Forward Information Base L2TP Network Server Link State Advertisement Label Switched Path Label Switching Router
Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd. Issue 03 (2008-09-22)
M MAC MH-PW MIB MPLS MTU N NAS NAT NBIP-VPN NCP NHLFE O OAM OSPF P P2MP P2P PAP PDU PE PHP PING POP PPTP PPVPN PSTN PVC PW PWE3 Point-to-Multipoint Point-to-Point Password Authentication Protocol Protocol Data Unit Provider Edge Penultimate Hop Popping Packet internet groper Point Of Presence Point-to Point Tunneling Protocol Provider Provisioned VPN Public Switched Telephone Network Permanent Virtual Channel Pseudo-Wire Pseudo-Wire Emulation Edge-to-Edge Operation Administration and Maintenance Open Shortest Path First Net Control Protocol; Network Control Point; Network Control Protocol Next Hop Label Forwarding Entry Network Access Server Net Address Translation Media Access Control Multi-Hop Pseudo-Wire Management Information Base Multiprotocol Label Switching Maximum Transmission Unit
Issue 03 (2008-09-22)
B-3
PW template Q QoS QinQ R RADIUS RD RIP RR RRVPN PSN RSVP RSVP-TE RTP S SH-PW SOO SP SPE S-PE SVC T TE TDM U UPE U-PE V VC VCCV
Pseudo-Wire template
Remote Authentication Dial In User Service Router Distinguisher Routing Information Protocol Route-Reflector Resource Reserved VPN Packet Switched Network Resource Reservation Protocol RSVP-Traffic Engineering Real Time Protocol
Single-Hop Pseudo Wire Site-of-Origin Service Provider Superstratum PE; Service provider-end PE Switching-point PE Static Virtual Circuit
B-4
Issue 03 (2008-09-22)
VCI VLAN VLL VPDN VPI VPLS VPN VPRN VPWS VRF
Virtual Channel Identifier Virtual Local Area Network Virtual Leased Line Virtual Private Data Network Virtual Path Identifier Virtual Private LAN Service Virtual Private Network Virtual Private Routing Network Virtual Private Wire Service VPN Routing and Forwarding table
Issue 03 (2008-09-22)
B-5
Index
Index
Symbols/Numerics
, 1-7, 1-8, 1-10, 1-12, 1-15, 1-16, 1-19, 1-20, 1-23, 1-24, 1-26, 2-2, 2-5, 2-9, 2-10, 2-14, 2-15, 2-16, 3-3, 3-6, 3-9, 3-10, 3-20, 3-21, 3-26, 3-27, 3-28, 3-29, 3-34, 3-35, 3-40, 3-41, 3-50, 3-51, 3-52, 3-53, 3-56, 3-57, 3-59, 3-65, 3-67, 3-67, 3-69, 3-69, 3-71, 3-72, 3-78, 3-79, 3-83, 3-84, 3-87, 3-89, 3-91, 3-96, 4-1, 4-2, 4-4, 4-7, 4-8, 4-16, 4-16, 4-22, 4-23, 4-24, 4-25, 4-30, 4-31, 4-35, 4-36, 4-45, 4-46, 4-50, 9-2, 9-12, 9-19, 9-21, 9-22 (Optional) Adjusting BFD Parameters, 6-36 (Optional) Applying a Tunnel Policy to the VPN Instance, 3-8 (Optional) Configuring BGP L2VPN Features, 5-24 (Optional) Configuring the Revertive Switchover, 6-42 (Optional) Configuring the Revertive Switchover Policy, 5-50 (Optional) Deleting ATM Cell Transport, 6-62 BGP/MPLS IPv6 VPN Features Supported by the NE80E/40E, 4-3 Binding a Service VSI to the mVSI, 9-11 Binding a VSI to an AC Interface, 7-64 Binding a VSI to the L2VE Interface, 8-12 Binding an Interface with a VPN Instance, 3-11 Binding an Interface with the VPN Instance, 3-24 Binding an IPv6 VPN Instance with an Interface, 4-9, 4-20 Binding the L2VE to VLL or VPLS, 8-19 Binding the Tunnel with VPN to Which CE belongs on PE, 2-13
C
Canceling the Loop Detection on the Multi-Instance CE, 3-59 Checking L3VPN Traffic, 3-92 Checking the Network Connectivity and Reachability, 3-93, 4-52 Checking the Traffic on a VPLS PW, 7-69 Clearing L3VPN Traffic, 3-92 Clearing MAC Address Entries, 7-70 Clearing the Statistics of the Packets Sent and Received by the VRRP Virtual Router, 9-21 Clearing the Traffic Statistics, 7-69 Configuing ATM Cell Transport, 6-56 Configuration Examples, 5-57 Configuring a Backup PW, 6-28 Configuring a Dynamic VLL to Access the VPLS, 7-35 Configuring a GRE Tunnel, 2-5 Configuring a GRE Tunnel Between CE and PE, 2-10 Configuring a Routing Policy, 3-68, 3-70 Configuring a Routing Policy Differentiating Convergence Priorities, 3-89 Configuring a Routing Policy to Control Label Distribution, 3-38, 4-33 Configuring a Routing Protocol Between PE and CE, 3-12, 4-10 Configuring a Routing Protocol or Static Routes Between PE and CE, 3-26 Configuring a Static VLL to Access the VPLS, 7-36 Configuring a Tunnel Interface, 1-6, 2-7
i-1
A
AC, 7-4 Access of L2VPN to L3VPN Implemented on the CX600, 8-3 Advertising Default Routes of a VPN Instance, 3-52 Advertising Routes of End Address of the Sham Link, 3-54 Applying a Tunnel Policy to L3VPN, 1-10 Applying the Policy-based Route, 3-62 Applying the Routing Policy, 3-90 Applying the Tunnel Policy to L2VPN, 1-13 Applying the Tunnel Policy to L3VPN, 1-18 Applying the Tunnel Policy to the Martini L2VPN, 1-23 Associating the L2VE Interface with a VLL, 8-7 Associating the L3VE Sub-interface Terminated by QinQ with an L3VPN Instance, 8-18 ATM IWF Overview, 10-2 ATM IWF Supported by the NE80E/40E, 10-2
B
BGP/MPLS IP VPN Features Supported by the NE80E/ 40E, 3-4
Issue 03 (2008-09-22)
Index
Configuring a Tunnel Policy , 1-9, 1-12 Configuring a VLL to Access the VPLS, 7-34 Configuring a VPN, 5-21 Configuring a VPN Instance, 3-11 Configuring All Client CEs to Establish IBGP Connections with the RR, 3-84 Configuring an ATM Sub-Interface and Configuring IWF Mapping, 10-5, 10-9 Configuring an Ethernet Sub-Interface, 10-6 Configuring an IPv6 VPN Instance, 4-9 Configuring an L2VPN to Access Multiple L4VPNs Through Sub-interfaces for QinQ VLAN Tag Termination, 8-14 Configuring ATM Cell Transport, 6-58 Configuring Attributes of a PW Template, 6-16 Configuring Attributes of the PW Template, 6-36 Configuring Backup PWs, 6-29 Configuring Basic BGP/MPLS IP VPN, 3-10 Configuring Basic BGP/MPLS IPv6 VPN, 4-7 Configuring BFD for PW, 5-47, 6-33, 6-41 Configuring BGP GR for MP-BGP, 3-78 Configuring BGP/MPLS L2VPN, 5-20 Configuring Carrier's Carrier, 3-41, 4-36 Configuring CCC Local Connection, 10-6 Configuring CCC VLL, 5-9 Configuring Convergence Priorities for VPN Routes, 3-88 Configuring Delay Processing on VPLS, 7-67 Configuring Dual-homed Kompella VPLS, 7-61 Configuring Dynamic BFD for PW, 6-35 Configuring Dynamic PWs, 6-21 Configuring External Route Exchanges Between Level 2 Carrier PEs, 3-48, 4-44 Configuring GRE Security Options, 2-8 Configuring Heterogeneous Transport in PWE3, 6-47 Configuring HoVPN, 3-50 Configuring Hub&Spoke, 3-20, 4-16 Configuring HVPLS for the SPE, 7-45 Configuring Inter-AS IPv6 VPN Option A, 4-24 Configuring Inter-AS IPv6 VPN-Option A, 4-23 Configuring Inter-AS IPv6 VPN-Option B, 4-25 Configuring Inter-AS IPv6 VPN-Option C, 4-30 Configuring Inter-AS Kompella VPLS, 7-49 Configuring Inter-AS Kompella VPLS Option A, 7-50 Configuring Inter-AS Kompella VPLS Option C, 7-51 Configuring Inter-AS Martini VLL, 5-34 Configuring Inter-AS Martini VPLS, 7-55 Configuring Inter-AS Martini VPLS Option A, 7-56 Configuring Inter-AS Martini VPLS Option C, 7-57 Configuring Inter-AS Option A, 5-35 Configuring Inter-AS Option C, 5-35 Configuring Inter-AS PWE3, 6-51 Configuring Inter-AS PWE3-Option A, 6-52 Configuring Inter-AS PWE3-Option C, 6-52 Configuring Inter-AS VPN Option A, 3-27, 3-28 Configuring Inter-AS VPN Option B, 3-29 Configuring Inter-AS VPN Option C, 3-35 Configuring IP FRR of a Private Network, 3-67
i-2
Configuring IPv6 VPN Instances, 4-3 Configuring Kompella L2VPN IP-Interworking, 5-30 Configuring Kompella VLL, 5-19 Configuring Kompella VPLS, 7-10 Configuring L2VPN Primary Tunnel Binding, 1-20 Configuring L3VPN Primary Tunnel Binding, 1-16 Configuring LDP HVPLS, 7-28 Configuring Level 2 Carrier CE to Access Level 1 Carrier PE (Inter-AS), 3-44, 4-40 Configuring Level 2 Carrier CE to Access Level 1 Carrier PE (Intra-AS), 3-42, 4-37 Configuring Level 2 Carrier's Customer to Access Level 2 Carrier PE, 3-48, 4-44 Configuring Local CCC Connection IP-Interworking, 5-28 Configuring Loop Detection, 7-32 Configuring Loop Detection of ACs in a VPLS Network, 7-31 Configuring MAC Address Learning, 7-66 Configuring Martini L2VPN IP-Interworking, 5-29 Configuring Martini VLL, 5-15 Configuring Martini VPLS, 7-21 Configuring MP-EBGP Between ASBR PEs, 4-27 Configuring MP-EBGP Between ASBRs, 3-31 Configuring MP-IBGP Between Hub-PE and SpokePE, 3-25, 4-21 Configuring MP-IBGP Between PE and ASBR PE, 4-26 Configuring MP-IBGP Between PE-ASBRs, 3-30 Configuring MP-IBGP Between PEs, 3-12, 4-9 Configuring MPLS Label Allocation Based on the IPv6 VPN Instance, 4-6 Configuring MPLS Label Allocation Based on the VPN Instance, 3-9 Configuring MPLS OAM, 7-44 Configuring Multi-VPN-Instance CE, 3-56 Configuring mVSIs, 9-8 Configuring OAM Mapping, 5-49, 6-41 Configuring OSPF Sham Link, 3-53 Configuring PBR to VPN, 3-60 Configuring PW FRR, 6-39 Configuring PW Switching, 6-24, 6-25 Configuring PWE3, 6-62 Configuring PWE3 to Support IP-Interworking, 6-47 Configuring PWs, 6-37 Configuring Remote CCC Connection IPInterworking, 5-28 Configuring Route Attributes of a VPN Instance, 3-7 Configuring Route Attributes of the VPN Instance, 3-23 Configuring Route Reflection for BGP IPv4 VPN routes, 3-82 Configuring Route Reflection for BGP IPv6 VPN Routes, 4-46, 4-49 Configuring Route Reflection for the Routes of the BGP VPN Instance, 3-86 Configuring Route Reflection to Optimize the VPN Access Layer, 3-83
Issue 03 (2008-09-22)
Index
Configuring Route Reflection to Optimize the VPN Backbone Layer, 3-79 Configuring Route Related Attributes of an IPv6 VPN Instance, 4-5, 4-18 Configuring Routes for the Tunnel, 2-8 Configuring Routing Between PE and CE, 4-22, 4-30, 4-35 Configuring SPE, 7-29 Configuring Static BFD for PW, 6-32 Configuring Static PWs, 6-18 Configuring the Access of VLL to the Public Network or L3VPN, 8-4 Configuring the Access of VPLS to the Public Network or L3VPN, 8-9 Configuring the Access to the Public Network or an L3VPN, 8-12 Configuring the Access to the Public Network or L3VPN, 8-7 Configuring the ATM Interface Connecting a CE to a PE, 6-57 Configuring the CCC Local Connection ATM IWF, 10-4 Configuring the Client PEs to Establish MP IBGP Connections with the RR, 3-80, 4-47 Configuring the GR of the Routing Protocol Between PEs and CEs, 3-76 Configuring the GRE Tunnel Interface on CE, 2-11 Configuring the GRE Tunnel Interface on PE, 2-12 Configuring the IGP GR on the Backbone Network, 3-73 Configuring the Inter-AS Kompella VLL, 5-39 Configuring the Inter-AS Kompella VLL Option A, 5-40 Configuring the Inter-AS Kompella VLL Option C, 5-41 Configuring the Keepalive Function, 2-15 Configuring the Loopback Address of the Sham Link, 3-54 Configuring the Loopback Interface Bound to GRE, 2-6 Configuring the MPLS GR on the Backbone Network, 3-74 Configuring the mVRRP Binding, 9-16 Configuring the mVRRP Virtual Router, 9-14 Configuring the mVRRP Virtual Router over the mVSI, 9-15 Configuring the mVSI Binding, 9-18 Configuring the OSPF Multi-Instance on the MultiInstance CE, 3-58 Configuring the OSPF Multi-Instance on the PE, 3-57 Configuring the PE to Access the CE Through Ethernet or VLAN, 5-30 Configuring the Remote ATM IWF, 10-7 Configuring the Route for Returned IP Packets, 3-63 Configuring the Routing Protocol Between CE and PE, 3-34, 3-40 Configuring the RR to Establish MP IBGP Connections with All Client CEs, 3-85
Issue 03 (2008-09-22)
Configuring the RR to Establish MP IBGP Connections with All Client PEs, 4-48 Configuring the RR to Establish MP IBGP Connections with the Client PEs, 3-80 Configuring the Static Route on the CE, 3-65 Configuring the Static Route on the PE and Import the Static Route to VPN, 3-66 Configuring the Static Route to VPN on the Device of the Public Network, 3-66 Configuring the SVC VLL, 5-12 Configuring the Tunnel Binding in the Tunnel Policy, 1-18, 1-22 Configuring the Tunnel Policy, 7-43 Configuring the VE Group, 9-14 Configuring Tunnel Interfaces, 1-4 Configuring Tunnel Policies in select-sequence mode for L2VPN, 1-11 Configuring Tunnel Policies in select-sequence Mode for L3VPN, 1-8 Configuring UPE, 7-30 Configuring VLL FRR, 5-46 Configuring VLL IP Interworking, 5-27 Configuring VPLS Convergence, 9-12 Configuring VPN FRR, 3-69 Configuring VPN GR, 3-72 Configuring VPN Instances, 3-6 Connecting VPN and the Internet, 3-65 Controlling the Receiving and Sending of VPN Routes, 3-32, 4-28 Creating a CE Connection, 5-22 Creating a Local CCC Connection, 5-10 Creating a Martini VLL Connection, 5-17 Creating a Remote CCC Connection, 5-11 Creating a Sham Link, 3-55 Creating a VPN Group, 3-61 Creating a VPN Instance, 3-7, 3-22 Creating an IPv6 VPN Instance, 4-4 Creating an L2VE Interface, 8-6, 8-11, 8-16 Creating an L3VE Interface, 8-6, 8-11, 8-16 Creating an mVSI, 9-10 Creating an SVC VLL Connection, 5-14 Creating Dynamic PW, 6-22 Creating IPv6 VPN Instances, 4-17 Creating PW Template, 6-17 Creating Static PW Connection, 6-20 Creating the L3VE Sub-interface Terminated by QinQ, 8-17 Creating the Remote MPLS L2VPN Connection, 10-10 Creating Tunnel Interfaces, 1-5
D
Debugging a PW, 6-67 Debugging a PWE3, 6-69 Debugging a Tunnel, 1-25 Debugging BGP/MPLS IPv6 VPN, 4-54 Debugging the BGP/MPLS IP VPN Information, 3-95
i-3
Index
Debugging VLL, 5-56 Debugging VPLS, 7-69, 9-21 Displaying BGP/MPLS IP VPN Information, 3-92 Displaying BGP/MPLS IPv6 VPN Information, 4-51
E
Enabling Global BFD, 6-33 Enabling Glocal BFD, 6-36 Enabling IP FRR in a Private Network, 3-68 Enabling IWF on an ATM Board, 10-4, 10-8 Enabling Loop Detection Globally, 7-32 Enabling MPLS L2VPN, 5-14, 5-16, 5-20, 6-19, 6-22 Enabling or Disabling VSI, 7-70 Enabling the Exchange of Labeled IPv4 Routes, 4-32 Enabling the Keep-alive Function, 2-16 Enabling the Labeled IPv4 Route Exchange, 3-36 Enabling the MPLS L2VPN, 5-10 Enabling the VPN Binding for a Tunnel, 1-17, 1-21 Enabling VPN FRR, 3-70 Establishing the MP-EBGP Peer Between PEs, 3-39, 4-34 Example for Configuring 1-to-1 VPC ATM Cell Transport, 6-313 Example for Configuring 1-to1 VCC ATM Cell Transport, 6-296 Example for Configuring a Dual-Homed CE, 3-209 Example for Configuring a Dynamic BFD That Checks MH-PW, 6-140 Example for Configuring a Dynamic BFD That Checks SH-PW, 6-132 Example for Configuring a Dynamic Routing Protocol for GRE, 2-22 Example for Configuring a Local CCC Connection, 5-58 Example for Configuring a Local Kompella VLL Connection, 5-77 Example for Configuring a Martini VLL to Access an L3VPN, 8-20 Example for Configuring a Remote CCC Connection, 5-60 Example for Configuring a Remote Kompella VLL Connection, 5-79 Example for Configuring a Static BFD That Checks PWs, 6-116 Example for Configuring a Tunnel Policy for L3VPN, 1-26 Example for Configuring an L2VPN to Access Multiple L3VPNs Through Sub-interfaces for QinQ VLAN Tag Termination, 8-78 Example for Configuring ATM AAL5 SDU Transport, 6-330 Example for Configuring BGP/MPLS IP VPN, 3-96 Example for Configuring BGP/MPLS IP VPN with a GRE Tunnel, 3-106 Example for Configuring BGP/MPLS IPv6 VPN, 4-55 Example for Configuring Carrier's Carrier in a Same AS, 4-111
i-4
Example for Configuring Carrier's Carrier in the Same AS, 3-148 Example for Configuring CE Users to Access a MPLS VPN Through a GRE Tunnel Traversing the Public Network, 2-25 Example for Configuring CE Users to Access an MPLS VPN Through a GRE Tunnel Traversing Another VPN, 2-35 Example for Configuring Dynamic PWs Switching, 6-89 Example for Configuring Dynamic SH-PW (Using the GRE Tunnel), 6-76 Example for Configuring Dynamic SH-PW (Using the LSP Tunnel), 6-71 Example for Configuring Ethernet Loop Detection in a VPLS Network, 7-104 Example for Configuring HoVPN, 3-170 Example for Configuring Hub and Spoke (BGP4+ Between the PE and the CE), 4-66 Example for Configuring Hub and Spoke (Default Route Between the Hub-PE and the Hub-CE), 4-76 Example for Configuring Hub&Spoke, 3-120 Example for Configuring Inter-AS PWE3-Option A, 6-273 Example for Configuring Inter-AS PWE3-OptionC, 6-279 Example for Configuring Inter-AS VPN Option A, 3-128, 4-87 Example for Configuring Inter-AS VPN Option B, 3-136, 4-96 Example for Configuring Inter-AS VPN Option C, 3-142, 4-103 Example for Configuring Interface-based Remote ATM Cell Transport, 6-288 Example for Configuring Kompella VLL with Two Reflectors, 5-178 Example for Configuring Kompella VPLS, 7-71 Example for Configuring LDP HVPLS, 7-91, 7-96 Example for Configuring Load Balancing Among EBGP and IBGP Routes When CEs Are Dual-Homed, 3-227 Example for Configuring Martini VLL, 5-71 Example for Configuring Martini VLL by Using MPLS TE Tunnels, 1-36 Example for Configuring Martini VLL FRR (Asymmetrically Connected CEs), 5-160 Example for Configuring Martini VLL FRR (Symmetrically Dual-homed CEs), 5-145 Example for Configuring Martini VPLS, 7-77 Example for Configuring Mixed PWs Switching, 6-101 Example for Configuring Multi-VPN-Instance CE, 3-186 Example for Configuring N-to-1 VCC ATM Cell Transport, 6-301 Example for Configuring N-to-1 VCC ATM Cell Transport with VPI/VCI Mapping, 6-307
Issue 03 (2008-09-22)
Index
Example for Configuring N-to-1 VPC ATM Cell Transport, 6-318 Example for Configuring N-to-1 VPC ATM Cell Transport with VPI Mapping, 6-324 Example for Configuring OSPF Sham Link, 3-176 Example for Configuring PBR to VPN, 3-195 Example for Configuring PW FRR - CEs Are Symmetrically Connected to PEs Through Ethernet Links, Dynamic BFD Is Used to Detect PWs, EFM Is Used to Detect ACs, 6-189 Example for Configuring PW FRR - CEs Are Unsymmetrically Connected to PEs Through Ethernet Links, Dynamic BFD Is Used to Detect PWs, CFM Is Used to Detect ACs, 6-225 Example for Configuring PW FRR - CEs Are Unsymmetrically Connected to PEs Through Ethernet Links, Dynamic BFD Is Used to Detect PWs, EFM Is Used to Detect ACs, 6-205 Example for Configuring PW FRR - CEs Are Unsymmetrically Connected to PEs Through Ethernet Links, Static BFD Is Used to Detect PWs, CFM Is Used to Detect ACs, 6-246 Example for Configuring PW FRR CEs Are Asymmetrically Connected to PEs Through POS Links, 6-167 Example for Configuring PW FRR CEs Are Symmetrically Connected to PEs Through POS Links, 6-152 Example for Configuring Remote ATM IWF, 10-13 Example for Configuring Route Reflector in an IPv6 VPN, 4-133 Example for Configuring Static PWs Switching, 6-82 Example for Configuring Static Routes for GRE, 2-18 Example for Configuring SVC VLL, 5-66 Example for Configuring the Access of Martini VLL to the Public Network, 8-29 Example for Configuring the Access of Martini VPLS to L3VPN, 8-35 Example for Configuring the BGP AS Number Substitution, 3-114 Example for Configuring the Carrier's Carrier (InterAS), 3-159, 4-122 Example for Configuring the CCC Local Connection ATM IWF, 10-10 Example for Configuring the Dual-homing Access of Dynamic Master/Backup VPLS to an L3VPN, 8-47 Example for Configuring the Inter-AS Kompella VLL Option A, 5-127 Example for Configuring the Inter-AS Kompella VLL Option C, 5-136 Example for Configuring the Inter-AS Martini VLL Option A, 5-112 Example for Configuring the Inter-AS Martini VLL Option C, 5-119 Example for Configuring the IP FRR of the Private Network, 3-234 Example for Configuring the Keepalive Function for GRE, 2-45
Issue 03 (2008-09-22)
Example for Configuring the Martini L2VPN Primary Tunnel Binding, 1-45 Example for Configuring the PWE3 Convergence, 6-108 Example for Configuring the PWE3 Internetworking, 6-267 Example for Configuring the VPN with Double Reflectors, 3-255 Example for Configuring VLL Internetworking (Interconnecting Ethernet with HDLC in Martini Mode), 5-91 Example for Configuring VLL Internetworking (Interconnecting Ethernet with PPP by Using the Remote CCC Connection), 5-85 Example for Configuring VLL Internetworking (Interconnecting VLAN with ATM by Using the Local Kompella Connection), 5-97 Example for Configuring VLL Internetworking (Interconnecting VLAN with PPP by Using the Remote Kompella Connection), 5-101 Example for Configuring VPLS Convergence (UPE Directly Accesses the NPE Though the VE Interface), 9-22 Example for Configuring VPLS Convergence (UPE Directly Accesses the NPE Without Using the VE Interface), 9-44 Example for Configuring VPN FRR, 3-238 Example for Configuring VPN GR, 3-246 Example for Configuring VPN-Route Convergence Priorities, 3-263 Example for Connecting VPN and Internet, 3-204 Examples for Configuring ACs of L2VPN IPinterworking, 5-109
G
GRE, 2-2 GRE Configuration, 2-1 GRE Features Supported by the NE80E/40E, 2-2
H
HVPLS PE type, 7-7
I
Introduction to BGP/MPLS IPv6 VPN, 4-2 Introduction to VLL, 5-2 Introduction to VPN Tunnels, 1-2
L
L2VPN to L3VPN, 8-2
M
MAC address learning
i-5
Index
introduction, 7-5 mode, 7-5 Maintaining VPLS, 7-68 Maintaining a PW, 6-66 Maintaining VLL, 5-55 Monitoring the Running Status of a Tunnel, 1-24 Monitoring the Running Status of L2VPN, 5-56
O
Overview, 9-2 Overview of BGP/MPLS IP VPN, 3-3
implementation control plane, 7-5 data plane, 7-5 introduction, 7-3 VPLS Configuration, 7-1 VPLS Convergence Configuration, 9-1 VPLS Convergence Features Supported in theNE80E/ 40E, 9-2 VPLS Features Supported by the NE80E/40E, 7-4 VPN Tunnel Features Supported by theNE80E/40E, 1-3 VPN Tunnel Management Configuration, 1-1 VSI, 7-4
P
PW, 7-4 PWE3, 6-3 PWE3 Features Supported by the NE80E/40E, 6-4
R
Resetting BGP Connections, 3-94, 4-53 Resetting BGP L2VPN TCP Connections, 5-55 Resetting BGP Statistics of IPv6 VPN Instance, 4-53 Resetting BGP Statistics of VPN instance, 3-94
S
Setting a Traffic Behavior for the Unicast Policy-based Route, 3-62 Setting Attributes for the PW Template, 6-17 Setting the L3VE Interface to User Termination Mode, 8-17 Specifying UPE, 3-51 Storing Information About the IPv6 VPN Instance on the ASBR PEs, 4-29 Storing Information About the VPN Instance on the ASBR PE, 3-33
T
Taking Statistics of L3VPN Traffic, 3-91 Tiggering Dynamic BFD for PW, 6-37
V
VC concept, 7-4 Verifying the Connectivity of a PW, 6-67 VLL Configuration, 5-1 VLL Features Supported by the NE80E/40E, 5-4 VPLS, 7-3 access mode 1483B, 7-6 VLAN, 7-6 basic concept, 7-3 encapsulation mode, 7-6
i-6 Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd. Issue 03 (2008-09-22)