You are on page 1of 1462

Quidway NetEngine80E/40E Core Router V300R003

Configuration Guide - VPN

Issue Date Part Number

03 2008-09-22 00399153

Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd.

Huawei Technologies Co., Ltd. provides customers with comprehensive technical support and service. For any assistance, please contact our local office or company headquarters.

Huawei Technologies Co., Ltd.


Address: Huawei Industrial Base Bantian, Longgang Shenzhen 518129 People's Republic of China http://www.huawei.com support@huawei.com

Website: Email:

Copyright Huawei Technologies Co., Ltd. 2008. All rights reserved. No part of this document may be reproduced or transmitted in any form or by any means without prior written consent of Huawei Technologies Co., Ltd.

Trademarks and Permissions


and other Huawei trademarks are the property of Huawei Technologies Co., Ltd. All other trademarks and trade names mentioned in this document are the property of their respective holders.

Notice
The information in this document is subject to change without notice. Every effort has been made in the preparation of this document to ensure accuracy of the contents, but the statements, information, and recommendations in this document do not constitute a warranty of any kind, express or implied.

Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd.

Quidway NetEngine80E/40E Core Router Configuration Guide - VPN

Contents

Contents
About This Document.....................................................................................................................1 1 VPN Tunnel Management Configuration.............................................................................1-1
1.1 Overview.........................................................................................................................................................1-2 1.1.1 Introduction to VPN Tunnels.................................................................................................................1-2 1.1.2 VPN Tunnel Features Supported by theNE80E/40E.............................................................................1-3 1.2 Configuring Tunnel Interfaces........................................................................................................................1-4 1.2.1 Establishing the Configuration Task......................................................................................................1-4 1.2.2 Creating Tunnel Interfaces.....................................................................................................................1-5 1.2.3 Configuring a Tunnel Interface..............................................................................................................1-6 1.2.4 Checking the Configuration...................................................................................................................1-7 1.3 Configuring Tunnel Policies in Select-Sequence Mode for L3VPN..............................................................1-8 1.3.1 Establishing the Configuration Task......................................................................................................1-8 1.3.2 Configuring a Tunnel Policy..................................................................................................................1-9 1.3.3 Applying a Tunnel Policy to L3VPN...................................................................................................1-10 1.3.4 Checking the Configuration.................................................................................................................1-10 1.4 Configuring Tunnel Policies in Select-Sequence Mode for L2VPN............................................................1-11 1.4.1 Establishing the Configuration Task....................................................................................................1-12 1.4.2 Configuring a Tunnel Policy................................................................................................................1-12 1.4.3 Applying the Tunnel Policy to L2VPN................................................................................................1-13 1.4.4 Checking the Configuration.................................................................................................................1-15 1.5 Configuring L3VPN Primary Tunnel Binding..............................................................................................1-16 1.5.1 Establishing the Configuration Task....................................................................................................1-16 1.5.2 Enabling the VPN Binding for a Tunnel..............................................................................................1-17 1.5.3 Configuring the Tunnel Binding in the Tunnel Policy.........................................................................1-18 1.5.4 Applying the Tunnel Policy to L3VPN................................................................................................1-18 1.5.5 Checking the Configuration.................................................................................................................1-19 1.6 Configuring L2VPN Primary Tunnel Binding..............................................................................................1-20 1.6.1 Establishing the Configuration Task....................................................................................................1-20 1.6.2 Enabling the VPN Binding for a Tunnel..............................................................................................1-21 1.6.3 Configuring the Tunnel Binding in the Tunnel Policy.........................................................................1-22 1.6.4 Applying the Tunnel Policy to the Martini L2VPN.............................................................................1-23 1.6.5 Checking the Configuration.................................................................................................................1-23 1.7 Maintaining a Tunnel....................................................................................................................................1-24 Issue 03 (2008-09-22) Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd. i

Contents

Quidway NetEngine80E/40E Core Router Configuration Guide - VPN 1.7.1 Monitoring the Running Status of a Tunnel.........................................................................................1-24 1.7.2 Debugging a Tunnel.............................................................................................................................1-25

1.8 Configuration Examples................................................................................................................................1-26 1.8.1 Example for Configuring a Tunnel Policy for L3VPN........................................................................1-26 1.8.2 Example for Configuring Martini VLL by Using MPLS TE Tunnels.................................................1-36 1.8.3 Example for Configuring the Martini L2VPN Primary Tunnel Binding.............................................1-45

2 GRE Configuration....................................................................................................................2-1
2.1 Introduction.....................................................................................................................................................2-2 2.1.1 GRE........................................................................................................................................................2-2 2.1.2 GRE Features Supported by the NE80E/40E.........................................................................................2-2 2.2 Configuring a GRE Tunnel.............................................................................................................................2-5 2.2.1 Establishing the Configuration Task......................................................................................................2-5 2.2.2 Configuring the Loopback Interface Bound to GRE..............................................................................2-6 2.2.3 Configuring a Tunnel Interface..............................................................................................................2-7 2.2.4 Configuring Routes for the Tunnel........................................................................................................2-8 2.2.5 Configuring GRE Security Options.......................................................................................................2-8 2.2.6 Checking the Configuration...................................................................................................................2-9 2.3 Configuring a GRE Tunnel Between CE and PE..........................................................................................2-10 2.3.1 Establishing the Configuration Task....................................................................................................2-10 2.3.2 Configuring the GRE Tunnel Interface on CE.....................................................................................2-11 2.3.3 Configuring the GRE Tunnel Interface on PE.....................................................................................2-12 2.3.4 Binding the Tunnel with VPN to Which CE belongs on PE................................................................2-13 2.3.5 Checking the Configuration.................................................................................................................2-14 2.4 Configuring the Keepalive Function.............................................................................................................2-15 2.4.1 Establishing the Configuration Task....................................................................................................2-15 2.4.2 Enabling the Keep-alive Function........................................................................................................2-16 2.4.3 Checking the Configuration.................................................................................................................2-16 2.5 Configuration Examples................................................................................................................................2-17 2.5.1 Example for Configuring Static Routes for GRE.................................................................................2-18 2.5.2 Example for Configuring a Dynamic Routing Protocol for GRE........................................................2-22 2.5.3 Example for Configuring CE Users to Access a MPLS VPN Through a GRE Tunnel Traversing the Public Network.........................................................................................................................................................2-25 2.5.4 Example for Configuring CE Users to Access an MPLS VPN Through a GRE Tunnel Traversing Another VPN...............................................................................................................................................................2-35 2.5.5 Example for Configuring the Keepalive Function for GRE.................................................................2-45

3 BGP/MPLS IP VPN Configuration.........................................................................................3-1


3.1 Introduction.....................................................................................................................................................3-3 3.1.1 Overview of BGP/MPLS IP VPN..........................................................................................................3-3 3.1.2 BGP/MPLS IP VPN Features Supported by the NE80E/40E................................................................3-4 3.2 Configuring VPN Instances............................................................................................................................3-6 3.2.1 Establishing the Configuration Task......................................................................................................3-6 3.2.2 Creating a VPN Instance........................................................................................................................3-7 ii Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd. Issue 03 (2008-09-22)

Quidway NetEngine80E/40E Core Router Configuration Guide - VPN

Contents

3.2.3 Configuring Route Attributes of a VPN Instance..................................................................................3-7 3.2.4 (Optional) Applying a Tunnel Policy to the VPN Instance...................................................................3-8 3.2.5 Configuring MPLS Label Allocation Based on the VPN Instance........................................................3-9 3.2.6 Checking the Configuration...................................................................................................................3-9 3.3 Configuring Basic BGP/MPLS IP VPN........................................................................................................3-10 3.3.1 Establishing the Configuration Task....................................................................................................3-10 3.3.2 Configuring a VPN Instance................................................................................................................3-11 3.3.3 Binding an Interface with a VPN Instance...........................................................................................3-11 3.3.4 Configuring MP-IBGP Between PEs...................................................................................................3-12 3.3.5 Configuring a Routing Protocol Between PE and CE..........................................................................3-12 3.3.6 Checking the Configuration.................................................................................................................3-20 3.4 Configuring Hub&Spoke..............................................................................................................................3-20 3.4.1 Establishing the Configuration Task....................................................................................................3-21 3.4.2 Creating a VPN Instance......................................................................................................................3-22 3.4.3 Configuring Route Attributes of the VPN Instance.............................................................................3-23 3.4.4 Binding an Interface with the VPN Instance........................................................................................3-24 3.4.5 Configuring MP-IBGP Between Hub-PE and Spoke-PE....................................................................3-25 3.4.6 Configuring a Routing Protocol or Static Routes Between PE and CE...............................................3-25 3.4.7 Checking the Configuration.................................................................................................................3-26 3.5 Configuring Inter-AS VPN Option A...........................................................................................................3-27 3.5.1 Establishing the Configuration Task....................................................................................................3-27 3.5.2 Configuring Inter-AS VPN Option A..................................................................................................3-28 3.5.3 Checking the Configuration.................................................................................................................3-28 3.6 Configuring Inter-AS VPN Option B............................................................................................................3-29 3.6.1 Establishing the Configuration Task....................................................................................................3-29 3.6.2 Configuring MP-IBGP Between PE-ASBRs.......................................................................................3-30 3.6.3 Configuring MP-EBGP Between ASBRs............................................................................................3-31 3.6.4 Controlling the Receiving and Sending of VPN Routes......................................................................3-32 3.6.5 Storing Information About the VPN Instance on the ASBR PE..........................................................3-33 3.6.6 Configuring the Routing Protocol Between CE and PE......................................................................3-34 3.6.7 Checking the Configuration.................................................................................................................3-34 3.7 Configuring Inter-AS VPN Option C............................................................................................................3-35 3.7.1 Establishing the Configuration Task....................................................................................................3-35 3.7.2 Enabling the Labeled IPv4 Route Exchange........................................................................................3-36 3.7.3 Configuring a Routing Policy to Control Label Distribution...............................................................3-38 3.7.4 Establishing the MP-EBGP Peer Between PEs....................................................................................3-39 3.7.5 Configuring the Routing Protocol Between CE and PE......................................................................3-40 3.7.6 Checking the Configuration.................................................................................................................3-40 3.8 Configuring Carrier's Carrier........................................................................................................................3-41 3.8.1 Establishing the Configuration Task....................................................................................................3-41 3.8.2 Configuring Level 2 Carrier CE to Access Level 1 Carrier PE (Intra-AS)..........................................3-42 3.8.3 Configuring Level 2 Carrier CE to Access Level 1 Carrier PE (Inter-AS)..........................................3-44 Issue 03 (2008-09-22) Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd. iii

Contents

Quidway NetEngine80E/40E Core Router Configuration Guide - VPN 3.8.4 Configuring Level 2 Carrier's Customer to Access Level 2 Carrier PE...............................................3-48 3.8.5 Configuring External Route Exchanges Between Level 2 Carrier PEs...............................................3-48 3.8.6 Checking the Configuration.................................................................................................................3-50

3.9 Configuring HoVPN.....................................................................................................................................3-50 3.9.1 Establishing the Configuration Task....................................................................................................3-51 3.9.2 Specifying UPE....................................................................................................................................3-51 3.9.3 Advertising Default Routes of a VPN Instance...................................................................................3-52 3.9.4 Checking the Configuration.................................................................................................................3-52 3.10 Configuring OSPF Sham Link....................................................................................................................3-53 3.10.1 Establishing the Configuration Task..................................................................................................3-53 3.10.2 Configuring the Loopback Address of the Sham Link......................................................................3-54 3.10.3 Advertising Routes of End Address of the Sham Link......................................................................3-54 3.10.4 Creating a Sham Link.........................................................................................................................3-55 3.10.5 Checking the Configuration...............................................................................................................3-56 3.11 Configuring Multi-VPN-Instance CE.........................................................................................................3-56 3.11.1 Establishing the Configuration Task..................................................................................................3-57 3.11.2 Configuring the OSPF Multi-Instance on the PE...............................................................................3-57 3.11.3 Configuring the OSPF Multi-Instance on the Multi-Instance CE......................................................3-58 3.11.4 Canceling the Loop Detection on the Multi-Instance CE..................................................................3-59 3.11.5 Checking the Configuration...............................................................................................................3-59 3.12 Configuring PBR to VPN............................................................................................................................3-60 3.12.1 Establishing the Configuration Task..................................................................................................3-60 3.12.2 Creating a VPN Group.......................................................................................................................3-61 3.12.3 Setting a Traffic Behavior for the Unicast Policy-based Route.........................................................3-62 3.12.4 Applying the Policy-based Route.......................................................................................................3-62 3.12.5 Configuring the Route for Returned IP Packets.................................................................................3-63 3.12.6 Checking the Configuration...............................................................................................................3-64 3.13 Connecting VPN and the Internet...............................................................................................................3-65 3.13.1 Establishing the Configuration Task..................................................................................................3-65 3.13.2 Configuring the Static Route on the CE.............................................................................................3-65 3.13.3 Configuring the Static Route on the PE and Import the Static Route to VPN...................................3-66 3.13.4 Configuring the Static Route to VPN on the Device of the Public Network.....................................3-66 3.13.5 Checking the Configuration...............................................................................................................3-67 3.14 Configuring IP FRR of a Private Network..................................................................................................3-67 3.14.1 Establishing the Configuration Task..................................................................................................3-67 3.14.2 Configuring a Routing Policy............................................................................................................3-68 3.14.3 Enabling IP FRR in a Private Network..............................................................................................3-68 3.14.4 Checking the Configuration...............................................................................................................3-69 3.15 Configuring VPN FRR................................................................................................................................3-69 3.15.1 Establishing the Configuration Task..................................................................................................3-69 3.15.2 Configuring a Routing Policy............................................................................................................3-70 3.15.3 Enabling VPN FRR............................................................................................................................3-70 iv Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd. Issue 03 (2008-09-22)

Quidway NetEngine80E/40E Core Router Configuration Guide - VPN

Contents

3.15.4 Checking the Configuration...............................................................................................................3-71 3.16 Configuring VPN GR..................................................................................................................................3-72 3.16.1 Establishing the Configuration Task..................................................................................................3-72 3.16.2 Configuring the IGP GR on the Backbone Network..........................................................................3-73 3.16.3 Configuring the MPLS GR on the Backbone Network......................................................................3-74 3.16.4 Configuring the GR of the Routing Protocol Between PEs and CEs.................................................3-76 3.16.5 Configuring BGP GR for MP-BGP...................................................................................................3-78 3.16.6 Checking the Configuration...............................................................................................................3-78 3.17 Configuring Route Reflection to Optimize the VPN Backbone Layer.......................................................3-79 3.17.1 Establishing the Configuration Task..................................................................................................3-79 3.17.2 Configuring the Client PEs to Establish MP IBGP Connections with the RR..................................3-80 3.17.3 Configuring the RR to Establish MP IBGP Connections with the Client PEs..................................3-80 3.17.4 Configuring Route Reflection for BGP IPv4 VPN routes.................................................................3-82 3.17.5 Checking the Configuration...............................................................................................................3-83 3.18 Configuring Route Reflection to Optimize the VPN Access Layer............................................................3-83 3.18.1 Establishing the Configuration Task..................................................................................................3-84 3.18.2 Configuring All Client CEs to Establish IBGP Connections with the RR.........................................3-84 3.18.3 Configuring the RR to Establish MP IBGP Connections with All Client CEs..................................3-85 3.18.4 Configuring Route Reflection for the Routes of the BGP VPN Instance..........................................3-86 3.18.5 Checking the Configuration...............................................................................................................3-87 3.19 Configuring Convergence Priorities for VPN Routes.................................................................................3-88 3.19.1 Establishing the Configuration Task..................................................................................................3-89 3.19.2 Configuring a Routing Policy Differentiating Convergence Priorities..............................................3-89 3.19.3 Applying the Routing Policy..............................................................................................................3-90 3.19.4 Checking the Configuration...............................................................................................................3-91 3.20 Maintaining BGP/MPLS IP VPN...............................................................................................................3-91 3.20.1 Taking Statistics of L3VPN Traffic...................................................................................................3-91 3.20.2 Checking L3VPN Traffic...................................................................................................................3-92 3.20.3 Clearing L3VPN Traffic.....................................................................................................................3-92 3.20.4 Displaying BGP/MPLS IP VPN Information....................................................................................3-92 3.20.5 Checking the Network Connectivity and Reachability......................................................................3-93 3.20.6 Resetting BGP Statistics of VPN instance.........................................................................................3-94 3.20.7 Resetting BGP Connections...............................................................................................................3-94 3.20.8 Debugging the BGP/MPLS IP VPN Information..............................................................................3-95 3.21 Configuration Examples..............................................................................................................................3-96 3.21.1 Example for Configuring BGP/MPLS IP VPN..................................................................................3-96 3.21.2 Example for Configuring BGP/MPLS IP VPN with a GRE Tunnel...............................................3-106 3.21.3 Example for Configuring the BGP AS Number Substitution..........................................................3-114 3.21.4 Example for Configuring Hub&Spoke............................................................................................3-120 3.21.5 Example for Configuring Inter-AS VPN Option A.........................................................................3-128 3.21.6 Example for Configuring Inter-AS VPN Option B..........................................................................3-136 3.21.7 Example for Configuring Inter-AS VPN Option C..........................................................................3-142 Issue 03 (2008-09-22) Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd. v

Contents

Quidway NetEngine80E/40E Core Router Configuration Guide - VPN 3.21.8 Example for Configuring Carrier's Carrier in the Same AS.............................................................3-148 3.21.9 Example for Configuring the Carrier's Carrier (Inter-AS)...............................................................3-159 3.21.10 Example for Configuring HoVPN..................................................................................................3-170 3.21.11 Example for Configuring OSPF Sham Link..................................................................................3-176 3.21.12 Example for Configuring Multi-VPN-Instance CE.......................................................................3-186 3.21.13 Example for Configuring PBR to VPN..........................................................................................3-195 3.21.14 Example for Connecting VPN and Internet...................................................................................3-204 3.21.15 Example for Configuring a Dual-Homed CE.................................................................................3-209 3.21.16 Example for Configuring Load Balancing Among EBGP and IBGP Routes When CEs Are Dual-Homed .....................................................................................................................................................................3-227 3.21.17 Example for Configuring the IP FRR of the Private Network.......................................................3-234 3.21.18 Example for Configuring VPN FRR..............................................................................................3-238 3.21.19 Example for Configuring VPN GR................................................................................................3-246 3.21.20 Example for Configuring the VPN with Double Reflectors..........................................................3-255 3.21.21 Example for Configuring VPN-Route Convergence Priorities......................................................3-263

4 BGP/MPLS IPv6 VPN Configuration.....................................................................................4-1


4.1 Overview.........................................................................................................................................................4-2 4.1.1 Introduction to BGP/MPLS IPv6 VPN..................................................................................................4-2 4.1.2 BGP/MPLS IPv6 VPN Features Supported by the NE80E/40E............................................................4-3 4.2 Configuring IPv6 VPN Instances....................................................................................................................4-3 4.2.1 Establishing the Configuration Task......................................................................................................4-4 4.2.2 Creating an IPv6 VPN Instance............................................................................................................. 4-4 4.2.3 Configuring Route Related Attributes of an IPv6 VPN Instance...........................................................4-5 4.2.4 Configuring MPLS Label Allocation Based on the IPv6 VPN Instance............................................... 4-6 4.2.5 Checking the Configuration...................................................................................................................4-7 4.3 Configuring Basic BGP/MPLS IPv6 VPN......................................................................................................4-7 4.3.1 Establishing the Configuration Task......................................................................................................4-8 4.3.2 Configuring an IPv6 VPN Instance........................................................................................................4-9 4.3.3 Binding an IPv6 VPN Instance with an Interface..................................................................................4-9 4.3.4 Configuring MP-IBGP Between PEs.....................................................................................................4-9 4.3.5 Configuring a Routing Protocol Between PE and CE..........................................................................4-10 4.3.6 Checking the Configuration.................................................................................................................4-16 4.4 Configuring Hub&Spoke..............................................................................................................................4-16 4.4.1 Establishing the Configuration Task....................................................................................................4-16 4.4.2 Creating IPv6 VPN Instances...............................................................................................................4-17 4.4.3 Configuring Route Related Attributes of an IPv6 VPN Instance.........................................................4-18 4.4.4 Binding an IPv6 VPN Instance with an Interface................................................................................4-20 4.4.5 Configuring MP-IBGP Between Hub-PE and Spoke-PE....................................................................4-21 4.4.6 Configuring Routing Between PE and CE...........................................................................................4-22 4.4.7 Checking the Configuration.................................................................................................................4-22 4.5 Configuring Inter-AS IPv6 VPN-Option A..................................................................................................4-23 4.5.1 Establishing the Configuration Task....................................................................................................4-23 vi Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd. Issue 03 (2008-09-22)

Quidway NetEngine80E/40E Core Router Configuration Guide - VPN

Contents

4.5.2 Configuring Inter-AS IPv6 VPN Option A..........................................................................................4-24 4.5.3 Checking the Configuration.................................................................................................................4-24 4.6 Configuring Inter-AS IPv6 VPN-Option B...................................................................................................4-25 4.6.1 Establishing the Configuration Task....................................................................................................4-25 4.6.2 Configuring MP-IBGP Between PE and ASBR PE.............................................................................4-26 4.6.3 Configuring MP-EBGP Between ASBR PEs......................................................................................4-27 4.6.4 Controlling the Receiving and Sending of VPN Routes......................................................................4-28 4.6.5 Storing Information About the IPv6 VPN Instance on the ASBR PEs................................................4-29 4.6.6 Configuring Routing Between PE and CE...........................................................................................4-30 4.6.7 Checking the Configuration.................................................................................................................4-30 4.7 Configuring Inter-AS IPv6 VPN-Option C...................................................................................................4-30 4.7.1 Establishing the Configuration Task....................................................................................................4-31 4.7.2 Enabling the Exchange of Labeled IPv4 Routes..................................................................................4-32 4.7.3 Configuring a Routing Policy to Control Label Distribution...............................................................4-33 4.7.4 Establishing the MP-EBGP Peer Between PEs....................................................................................4-34 4.7.5 Configuring Routing Between PE and CE...........................................................................................4-35 4.7.6 Checking the Configuration.................................................................................................................4-35 4.8 Configuring Carrier's Carrier........................................................................................................................4-36 4.8.1 Establishing the Configuration Task....................................................................................................4-36 4.8.2 Configuring Level 2 Carrier CE to Access Level 1 Carrier PE (Intra-AS)..........................................4-37 4.8.3 Configuring Level 2 Carrier CE to Access Level 1 Carrier PE (Inter-AS)..........................................4-40 4.8.4 Configuring Level 2 Carrier's Customer to Access Level 2 Carrier PE...............................................4-44 4.8.5 Configuring External Route Exchanges Between Level 2 Carrier PEs...............................................4-44 4.8.6 Checking the Configuration.................................................................................................................4-45 4.9 Configuring Route Reflection for BGP IPv6 VPN Routes...........................................................................4-46 4.9.1 Establishing the Configuration Task....................................................................................................4-46 4.9.2 Configuring the Client PEs to Establish MP IBGP Connections with the RR....................................4-47 4.9.3 Configuring the RR to Establish MP IBGP Connections with All Client PEs....................................4-48 4.9.4 Configuring Route Reflection for BGP IPv6 VPN Routes..................................................................4-49 4.9.5 Checking the Configuration.................................................................................................................4-50 4.10 Maintaining BGP/MPLS IPv6 VPN...........................................................................................................4-51 4.10.1 Displaying BGP/MPLS IPv6 VPN Information................................................................................4-51 4.10.2 Checking the Network Connectivity and Reachability......................................................................4-52 4.10.3 Resetting BGP Statistics of IPv6 VPN Instance................................................................................4-53 4.10.4 Resetting BGP Connections...............................................................................................................4-53 4.10.5 Debugging BGP/MPLS IPv6 VPN....................................................................................................4-54 4.11 Configuration Examples..............................................................................................................................4-54 4.11.1 Example for Configuring BGP/MPLS IPv6 VPN..............................................................................4-55 4.11.2 Example for Configuring Hub and Spoke (BGP4+ Between the PE and the CE).............................4-66 4.11.3 Example for Configuring Hub and Spoke (Default Route Between the Hub-PE and the Hub-CE) .......................................................................................................................................................................4-76 4.11.4 Example for Configuring Inter-AS VPN Option A...........................................................................4-87 4.11.5 Example for Configuring Inter-AS VPN Option B............................................................................4-96 Issue 03 (2008-09-22) Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd. vii

Contents

Quidway NetEngine80E/40E Core Router Configuration Guide - VPN 4.11.6 Example for Configuring Inter-AS VPN Option C..........................................................................4-103 4.11.7 Example for Configuring Carrier's Carrier in a Same AS................................................................4-111 4.11.8 Example for Configuring the Carrier's Carrier (Inter-AS)...............................................................4-122 4.11.9 Example for Configuring Route Reflector in an IPv6 VPN.............................................................4-133

5 VLL Configuration.....................................................................................................................5-1
5.1 Overview.........................................................................................................................................................5-2 5.1.1 Introduction to VLL...............................................................................................................................5-2 5.1.2 VLL Features Supported by the NE80E/40E.........................................................................................5-4 5.2 Configuring CCC VLL....................................................................................................................................5-9 5.2.1 Establishing the Configuration Task......................................................................................................5-9 5.2.2 Enabling the MPLS L2VPN.................................................................................................................5-10 5.2.3 Creating a Local CCC Connection.......................................................................................................5-10 5.2.4 Creating a Remote CCC Connection...................................................................................................5-11 5.2.5 Checking the Configuration.................................................................................................................5-12 5.3 Configuring the SVC VLL............................................................................................................................5-12 5.3.1 Establishing the Configuration Task....................................................................................................5-13 5.3.2 Enabling MPLS L2VPN.......................................................................................................................5-14 5.3.3 Creating an SVC VLL Connection......................................................................................................5-14 5.3.4 Checking the Configuration.................................................................................................................5-14 5.4 Configuring Martini VLL..............................................................................................................................5-15 5.4.1 Establishing the Configuration Task....................................................................................................5-15 5.4.2 Enabling MPLS L2VPN.......................................................................................................................5-16 5.4.3 Creating a Martini VLL Connection....................................................................................................5-17 5.4.4 Checking the Configuration.................................................................................................................5-18 5.5 Configuring Kompella VLL..........................................................................................................................5-19 5.5.1 Establishing the Configuration Task....................................................................................................5-19 5.5.2 Enabling MPLS L2VPN.......................................................................................................................5-20 5.5.3 Configuring BGP/MPLS L2VPN.........................................................................................................5-20 5.5.4 Configuring a VPN...............................................................................................................................5-21 5.5.5 Creating a CE Connection....................................................................................................................5-22 5.5.6 (Optional) Configuring BGP L2VPN Features....................................................................................5-24 5.5.7 Checking the Configuration.................................................................................................................5-25 5.6 Configuring VLL IP Interworking................................................................................................................5-27 5.6.1 Establishing the Configuration Task....................................................................................................5-27 5.6.2 Configuring Local CCC Connection IP-Interworking.........................................................................5-28 5.6.3 Configuring Remote CCC Connection IP-Interworking......................................................................5-28 5.6.4 Configuring Martini L2VPN IP-Interworking.....................................................................................5-29 5.6.5 Configuring Kompella L2VPN IP-Interworking.................................................................................5-30 5.6.6 Configuring the PE to Access the CE Through Ethernet or VLAN.....................................................5-30 5.6.7 Checking the Configuration.................................................................................................................5-32 5.7 Configuring Inter-AS Martini VLL...............................................................................................................5-34 5.7.1 Establishing the Configuration Task....................................................................................................5-34 viii Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd. Issue 03 (2008-09-22)

Quidway NetEngine80E/40E Core Router Configuration Guide - VPN

Contents

5.7.2 Configuring Inter-AS Option A...........................................................................................................5-35 5.7.3 Configuring Inter-AS Option C............................................................................................................5-35 5.7.4 Checking the Configuration.................................................................................................................5-38 5.8 Configuring the Inter-AS Kompella VLL.....................................................................................................5-39 5.8.1 Establishing the Configuration Task....................................................................................................5-39 5.8.2 Configuring the Inter-AS Kompella VLL Option A............................................................................5-40 5.8.3 Configuring the Inter-AS Kompella VLL Option C............................................................................5-41 5.8.4 Checking the Configuration.................................................................................................................5-44 5.9 Configuring VLL FRR..................................................................................................................................5-46 5.9.1 Establishing the Configuration Task....................................................................................................5-46 5.9.2 Configuring BFD for PW.....................................................................................................................5-47 5.9.3 Configuring OAM Mapping.................................................................................................................5-49 5.9.4 (Optional) Configuring the Revertive Switchover Policy....................................................................5-50 5.9.5 Checking the Configuration.................................................................................................................5-51 5.10 Maintaining VLL.........................................................................................................................................5-55 5.10.1 Resetting BGP L2VPN TCP Connections.........................................................................................5-55 5.10.2 Monitoring the Running Status of L2VPN........................................................................................5-56 5.10.3 Debugging VLL.................................................................................................................................5-56 5.11 Configuration Examples..............................................................................................................................5-57 5.11.1 Example for Configuring a Local CCC Connection..........................................................................5-58 5.11.2 Example for Configuring a Remote CCC Connection.......................................................................5-60 5.11.3 Example for Configuring SVC VLL..................................................................................................5-66 5.11.4 Example for Configuring Martini VLL..............................................................................................5-71 5.11.5 Example for Configuring a Local Kompella VLL Connection..........................................................5-77 5.11.6 Example for Configuring a Remote Kompella VLL Connection......................................................5-79 5.11.7 Example for Configuring VLL Internetworking (Interconnecting Ethernet with PPP by Using the Remote CCC Connection)..........................................................................................................................................5-85 5.11.8 Example for Configuring VLL Internetworking (Interconnecting Ethernet with HDLC in Martini Mode) .......................................................................................................................................................................5-91 5.11.9 Example for Configuring VLL Internetworking (Interconnecting VLAN with ATM by Using the Local Kompella Connection)..................................................................................................................................5-97 5.11.10 Example for Configuring VLL Internetworking (Interconnecting VLAN with PPP by Using the Remote Kompella Connection)................................................................................................................................5-101 5.11.11 Examples for Configuring ACs of L2VPN IP-interworking.........................................................5-109 5.11.12 Example for Configuring the Inter-AS Martini VLL Option A.....................................................5-112 5.11.13 Example for Configuring the Inter-AS Martini VLL Option C.....................................................5-119 5.11.14 Example for Configuring the Inter-AS Kompella VLL Option A.................................................5-127 5.11.15 Example for Configuring the Inter-AS Kompella VLL Option C.................................................5-136 5.11.16 Example for Configuring Martini VLL FRR (Symmetrically Dual-homed CEs).........................5-145 5.11.17 Example for Configuring Martini VLL FRR (Asymmetrically Connected CEs)..........................5-160 5.11.18 Example for Configuring Kompella VLL with Two Reflectors....................................................5-178

6 PWE3 Configuration..................................................................................................................6-1
6.1 Introduction.....................................................................................................................................................6-3 Issue 03 (2008-09-22) Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd. ix

Contents

Quidway NetEngine80E/40E Core Router Configuration Guide - VPN 6.1.1 PWE3.....................................................................................................................................................6-3 6.1.2 PWE3 Features Supported by the NE80E/40E......................................................................................6-4

6.2 Configuring Attributes of a PW Template....................................................................................................6-16 6.2.1 Establishing the Configuration Task....................................................................................................6-16 6.2.2 Creating PW Template.........................................................................................................................6-17 6.2.3 Setting Attributes for the PW Template...............................................................................................6-17 6.2.4 Checking the Configuration.................................................................................................................6-18 6.3 Configuring Static PWs.................................................................................................................................6-18 6.3.1 Establishing the Configuration Task....................................................................................................6-19 6.3.2 Enabling MPLS L2VPN.......................................................................................................................6-19 6.3.3 Creating Static PW Connection............................................................................................................6-20 6.3.4 Checking the Configuration.................................................................................................................6-20 6.4 Configuring Dynamic PWs...........................................................................................................................6-21 6.4.1 Establishing the Configuration Task....................................................................................................6-21 6.4.2 Enabling MPLS L2VPN.......................................................................................................................6-22 6.4.3 Creating Dynamic PW.........................................................................................................................6-22 6.4.4 Checking the Configuration.................................................................................................................6-23 6.5 Configuring PW Switching...........................................................................................................................6-24 6.5.1 Establishing the Configuration Task....................................................................................................6-24 6.5.2 Configuring PW Switching..................................................................................................................6-25 6.5.3 Checking the Configuration.................................................................................................................6-27 6.6 Configuring a Backup PW............................................................................................................................6-28 6.6.1 Establishing the Configuration Task....................................................................................................6-28 6.6.2 Configuring Backup PWs.....................................................................................................................6-29 6.6.3 Checking the Configuration.................................................................................................................6-30 6.7 Configuring Static BFD for PW....................................................................................................................6-32 6.7.1 Establishing the Configuration Task....................................................................................................6-32 6.7.2 Enabling Global BFD...........................................................................................................................6-33 6.7.3 Configuring BFD for PW.....................................................................................................................6-33 6.7.4 Checking the Configuration.................................................................................................................6-34 6.8 Configuring Dynamic BFD for PW..............................................................................................................6-35 6.8.1 Establishing the Configuration Task....................................................................................................6-35 6.8.2 Enabling Glocal BFD...........................................................................................................................6-36 6.8.3 Configuring Attributes of the PW Template........................................................................................6-36 6.8.4 (Optional) Adjusting BFD Parameters.................................................................................................6-36 6.8.5 Configuring PWs..................................................................................................................................6-37 6.8.6 Tiggering Dynamic BFD for PW.........................................................................................................6-37 6.8.7 Checking the Configuration.................................................................................................................6-38 6.9 Configuring PW FRR....................................................................................................................................6-39 6.9.1 Establishing the Configuration Task....................................................................................................6-39 6.9.2 Configuring BFD for PW.....................................................................................................................6-41 6.9.3 Configuring OAM Mapping.................................................................................................................6-41 x Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd. Issue 03 (2008-09-22)

Quidway NetEngine80E/40E Core Router Configuration Guide - VPN

Contents

6.9.4 (Optional) Configuring the Revertive Switchover...............................................................................6-42 6.9.5 Checking the Configuration.................................................................................................................6-43 6.10 Configuring Heterogeneous Transport in PWE3........................................................................................6-47 6.10.1 Establishing the Configuration Task..................................................................................................6-47 6.10.2 Configuring PWE3 to Support IP-Interworking................................................................................6-47 6.10.3 Checking the Configuration...............................................................................................................6-49 6.11 Configuring Inter-AS PWE3.......................................................................................................................6-51 6.11.1 Establishing the Configuration Task..................................................................................................6-51 6.11.2 Configuring Inter-AS PWE3-Option A..............................................................................................6-52 6.11.3 Configuring Inter-AS PWE3-Option C..............................................................................................6-52 6.11.4 Checking the Configuration...............................................................................................................6-55 6.12 Configuing ATM Cell Transport.................................................................................................................6-56 6.12.1 Establishing the Configuration Task..................................................................................................6-56 6.12.2 Configuring the ATM Interface Connecting a CE to a PE.................................................................6-57 6.12.3 Configuring ATM Cell Transport......................................................................................................6-58 6.12.4 Configuring PWE3.............................................................................................................................6-62 6.12.5 (Optional) Deleting ATM Cell Transport..........................................................................................6-62 6.12.6 Checking the Configuration...............................................................................................................6-66 6.13 Maintaining a PW........................................................................................................................................6-66 6.13.1 Verifying the Connectivity of a PW...................................................................................................6-67 6.13.2 Debugging a PW................................................................................................................................6-67 6.13.3 Debugging a PWE3............................................................................................................................6-69 6.14 Configuration Examples..............................................................................................................................6-70 6.14.1 Example for Configuring Dynamic SH-PW (Using the LSP Tunnel)...............................................6-71 6.14.2 Example for Configuring Dynamic SH-PW (Using the GRE Tunnel)..............................................6-76 6.14.3 Example for Configuring Static PWs Switching................................................................................6-82 6.14.4 Example for Configuring Dynamic PWs Switching..........................................................................6-89 6.14.5 Example for Configuring Mixed PWs Switching............................................................................6-101 6.14.6 Example for Configuring the PWE3 Convergence..........................................................................6-108 6.14.7 Example for Configuring a Static BFD That Checks PWs..............................................................6-116 6.14.8 Example for Configuring a Dynamic BFD That Checks SH-PW....................................................6-132 6.14.9 Example for Configuring a Dynamic BFD That Checks MH-PW..................................................6-140 6.14.10 Example for Configuring PW FRR CEs Are Symmetrically Connected to PEs Through POS Links .....................................................................................................................................................................6-152 6.14.11 Example for Configuring PW FRR CEs Are Asymmetrically Connected to PEs Through POS Links .....................................................................................................................................................................6-167 6.14.12 Example for Configuring PW FRR - CEs Are Symmetrically Connected to PEs Through Ethernet Links, Dynamic BFD Is Used to Detect PWs, EFM Is Used to Detect ACs..............................................6-189 6.14.13 Example for Configuring PW FRR - CEs Are Unsymmetrically Connected to PEs Through Ethernet Links, Dynamic BFD Is Used to Detect PWs, EFM Is Used to Detect ACs..............................................6-205 6.14.14 Example for Configuring PW FRR - CEs Are Unsymmetrically Connected to PEs Through Ethernet Links, Dynamic BFD Is Used to Detect PWs, CFM Is Used to Detect ACs..............................................6-225 6.14.15 Example for Configuring PW FRR - CEs Are Unsymmetrically Connected to PEs Through Ethernet Links, Static BFD Is Used to Detect PWs, CFM Is Used to Detect ACs...................................................6-246 Issue 03 (2008-09-22) Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd. xi

Contents

Quidway NetEngine80E/40E Core Router Configuration Guide - VPN 6.14.16 Example for Configuring the PWE3 Internetworking...................................................................6-267 6.14.17 Example for Configuring Inter-AS PWE3-Option A.....................................................................6-273 6.14.18 Example for Configuring Inter-AS PWE3-OptionC......................................................................6-279 6.14.19 Example for Configuring Interface-based Remote ATM Cell Transport......................................6-288 6.14.20 Example for Configuring 1-to1 VCC ATM Cell Transport...........................................................6-296 6.14.21 Example for Configuring N-to-1 VCC ATM Cell Transport........................................................6-301 6.14.22 Example for Configuring N-to-1 VCC ATM Cell Transport with VPI/VCI Mapping.................6-307 6.14.23 Example for Configuring 1-to-1 VPC ATM Cell Transport..........................................................6-313 6.14.24 Example for Configuring N-to-1 VPC ATM Cell Transport.........................................................6-318 6.14.25 Example for Configuring N-to-1 VPC ATM Cell Transport with VPI Mapping..........................6-324 6.14.26 Example for Configuring ATM AAL5 SDU Transport.................................................................6-330

7 VPLS Configuration..................................................................................................................7-1
7.1 Introduction.....................................................................................................................................................7-3 7.1.1 VPLS......................................................................................................................................................7-3 7.1.2 VPLS Features Supported by the NE80E/40E.......................................................................................7-4 7.2 Configuring Kompella VPLS........................................................................................................................7-10 7.2.1 Establishing the Configuration Task....................................................................................................7-11 7.2.2 Enabling the BGP Peer to Exchange VPLS Information.....................................................................7-11 7.2.3 Creating a VSI and Configuring BGP Signaling.................................................................................7-12 7.2.4 (Optional) Configuring Huawei Devices to Communicate with Non-Huawei Devices......................7-14 7.2.5 Binding the VSI to the Interface Connected with CE..........................................................................7-15 7.2.6 (Optional) Configuring Route Reflection for BGP VPLS...................................................................7-19 7.2.7 Checking the Configuration.................................................................................................................7-20 7.3 Configuring Martini VPLS............................................................................................................................7-21 7.3.1 Establishing the Configuration Task....................................................................................................7-21 7.3.2 Creating a VSI and Configuring LDP Signaling..................................................................................7-22 7.3.3 Binding the VSI to the Interface Connected with CE..........................................................................7-23 7.3.4 Checking the Configuration.................................................................................................................7-27 7.4 Configuring LDP HVPLS.............................................................................................................................7-28 7.4.1 Establishing the Configuration Task....................................................................................................7-28 7.4.2 Configuring SPE..................................................................................................................................7-29 7.4.3 Configuring UPE..................................................................................................................................7-30 7.4.4 Checking the Configuration.................................................................................................................7-30 7.5 Configuring Loop Detection of ACs in a VPLS Network............................................................................7-31 7.5.1 Establishing the Configuration Task....................................................................................................7-31 7.5.2 Enabling Loop Detection Globally......................................................................................................7-32 7.5.3 Configuring Loop Detection................................................................................................................7-32 7.5.4 Checking the Configuration.................................................................................................................7-33 7.6 Configuring a VLL to Access the VPLS.......................................................................................................7-34 7.6.1 Establishing the Configuration Task....................................................................................................7-34 7.6.2 Configuring a Dynamic VLL to Access the VPLS..............................................................................7-35 7.6.3 Configuring a Static VLL to Access the VPLS....................................................................................7-36 xii Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd. Issue 03 (2008-09-22)

Quidway NetEngine80E/40E Core Router Configuration Guide - VPN

Contents

7.6.4 Checking the Configuration.................................................................................................................7-37 7.7 Configuring the Static VLL to Access the VPLS Network in Dual-homed Mode.......................................7-40 7.7.1 Establishing the Configuration Task....................................................................................................7-40 7.7.2 Configuring L2VPN and OAM to Detect PSN Tunnels......................................................................7-41 7.7.3 Configuring Static LSPs Between the UPE and the SPE.....................................................................7-42 7.7.4 Configuring the Primary Tunnel, Protection Tunnel, and Reverse LSP of MPLS TE........................7-42 7.7.5 Configuring the Tunnel Policy.............................................................................................................7-43 7.7.6 Configuring UPEs to Access SPEs Through Static VLLs...................................................................7-44 7.7.7 Configuring MPLS OAM.....................................................................................................................7-44 7.7.8 Configuring HVPLS for the SPE.........................................................................................................7-45 7.7.9 Checking the Configuration.................................................................................................................7-46 7.8 Configuring Inter-AS Kompella VPLS.........................................................................................................7-49 7.8.1 Establishing the Configuration Task....................................................................................................7-49 7.8.2 Configuring Inter-AS Kompella VPLS Option A................................................................................7-50 7.8.3 Configuring Inter-AS Kompella VPLS Option C................................................................................7-51 7.8.4 Checking the Configuration.................................................................................................................7-54 7.9 Configuring Inter-AS Martini VPLS.............................................................................................................7-55 7.9.1 Establishing the Configuration Task....................................................................................................7-56 7.9.2 Configuring Inter-AS Martini VPLS Option A....................................................................................7-56 7.9.3 Configuring Inter-AS Martini VPLS Option C....................................................................................7-57 7.9.4 Checking the Configuration.................................................................................................................7-59 7.10 Configuring Dual-homed Kompella VPLS.................................................................................................7-61 7.10.1 Establishing the Configuration Task..................................................................................................7-61 7.10.2 Creating VSIs and Configuring BGP Signaling.................................................................................7-61 7.10.3 Configuring the Multi-homed Preference for a VSI..........................................................................7-63 7.10.4 Binding a VSI to an AC Interface......................................................................................................7-64 7.10.5 Checking the Configuration...............................................................................................................7-64 7.11 Configuring Related Parameters of a VSI...................................................................................................7-65 7.11.1 Establishing the Configuration Task..................................................................................................7-65 7.11.2 Configuring General Parameters of the VSI......................................................................................7-65 7.11.3 Configuring MAC Address Learning.................................................................................................7-66 7.11.4 Configuring Delay Processing on VPLS............................................................................................7-67 7.12 Maintaining VPLS.......................................................................................................................................7-68 7.12.1 Collecting the Statistics of the Traffic on a VPLS PW......................................................................7-68 7.12.2 Checking the Traffic on a VPLS PW.................................................................................................7-69 7.12.3 Clearing the Traffic Statistics.............................................................................................................7-69 7.12.4 Debugging VPLS...............................................................................................................................7-69 7.12.5 Enabling or Disabling VSI.................................................................................................................7-70 7.12.6 Clearing MAC Address Entries..........................................................................................................7-70 7.13 Configuration Examples..............................................................................................................................7-71 7.13.1 Example for Configuring Kompella VPLS........................................................................................7-71 7.13.2 Example for Configuring Martini VPLS............................................................................................7-77 Issue 03 (2008-09-22) Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd. xiii

Contents

Quidway NetEngine80E/40E Core Router Configuration Guide - VPN 7.13.3 Example for Configuring VPLS over TE in Martini Mode...............................................................7-82 7.13.4 Example for Configuring LDP HVPLS.............................................................................................7-91 7.13.5 Example for Configuring Loop Detection of ACs in a VPLS Network............................................ 7-96 7.13.6 Example for Configuring a dynamic VLL to Access the VPLS......................................................7-104 7.13.7 Example for Configuring the Static VLL to Access the VPLS Network.........................................7-112 7.13.8 Example for Configuring the Static VLL to Access the VPLS Network in Dual-homed Mode.....7-121 7.13.9 Example for Configuring Inter-AS Kompella VPLS Option A.......................................................7-142 7.13.10 Example for Configuring Inter-AS Kompella VPLS Option C.....................................................7-151 7.13.11 Example for Configuring the Inter-AS Martini VPLS Option A...................................................7-160 7.13.12 Example for Configuring Inter-AS Martini VPLS Option C.........................................................7-167 7.13.13 Example for Configuring Dual-homed Kompella VPLS...............................................................7-176 7.13.14 Example for Configuring Kompella VPLS with Two Reflectors..................................................7-185

8 Access of L2VPN to L3VPN Configuration...........................................................................8-1


8.1 Overview.........................................................................................................................................................8-2 8.1.1 L2VPN to L3VPN..................................................................................................................................8-2 8.1.2 Access of L2VPN to L3VPN Implemented on the NE80E/40E............................................................8-3 8.2 Configuring the Access of VLL to the Public Network or L3VPN................................................................8-4 8.2.1 Establishing the Configuration Task......................................................................................................8-4 8.2.2 Creating an L2VE Interface...................................................................................................................8-6 8.2.3 Creating an L3VE Interface...................................................................................................................8-6 8.2.4 Associating the L2VE Interface with a VLL..........................................................................................8-7 8.2.5 Configuring the Access to the Public Network or L3VPN....................................................................8-7 8.2.6 Checking the Configuration...................................................................................................................8-8 8.3 Configuring the Access of VPLS to the Public Network or L3VPN..............................................................8-9 8.3.1 Establishing the Configuration Task......................................................................................................8-9 8.3.2 Creating an L2VE Interface................................................................................................................. 8-11 8.3.3 Creating an L3VE Interface................................................................................................................. 8-11 8.3.4 Binding a VSI to the L2VE Interface...................................................................................................8-12 8.3.5 Configuring the Access to the Public Network or an L3VPN............................................................. 8-12 8.3.6 Checking the Configuration.................................................................................................................8-13 8.4 Configuring an L2VPN to Access Multiple L3VPNs Through Sub-interfaces for QinQ VLAN Tag Termination .............................................................................................................................................................................8-14 8.4.1 Establishing the Configuration Task....................................................................................................8-14 8.4.2 Creating an L2VE Interface................................................................................................................. 8-16 8.4.3 Creating an L3VE Interface................................................................................................................. 8-16 8.4.4 Setting the L3VE Interface to User Termination Mode.......................................................................8-17 8.4.5 Creating the L3VE Sub-interface Terminated by QinQ.......................................................................8-17 8.4.6 Associating the L3VE Sub-interface Terminated by QinQ with an L3VPN Instance.........................8-18 8.4.7 Binding the L2VE to VLL or VPLS.................................................................................................... 8-19 8.4.8 Checking the Configuration.................................................................................................................8-19 8.5 Configuration Examples................................................................................................................................8-19 8.5.1 Example for Configuring a Martini VLL to Access an L3VPN.......................................................... 8-20 xiv Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd. Issue 03 (2008-09-22)

Quidway NetEngine80E/40E Core Router Configuration Guide - VPN

Contents

8.5.2 Example for Configuring the Access of Martini VLL to the Public Network.....................................8-29 8.5.3 Example for Configuring the Access of Martini VPLS to L3VPN......................................................8-35 8.5.4 Example for Configuring the Dual-homing Access of Dynamic Master/Backup VPLS to an L3VPN .......................................................................................................................................................................8-47 8.5.5 Example for Configuring an L2VPN to Access Multiple L3VPNs Through Sub-interfaces for QinQ VLAN Tag Termination................................................................................................................................8-78

9 VPLS Convergence Configuration..........................................................................................9-1


9.1 Introduction.....................................................................................................................................................9-2 9.1.1 Overview................................................................................................................................................9-2 9.1.2 VPLS Convergence Features Supported in theNE80E/40E...................................................................9-2 9.2 Configuring mVSIs.........................................................................................................................................9-8 9.2.1 Establishing the Configuration Task......................................................................................................9-9 9.2.2 Creating an mVSI.................................................................................................................................9-10 9.2.3 Binding a Service VSI to the mVSI.....................................................................................................9-11 9.2.4 Checking the Configuration.................................................................................................................9-11 9.3 Configuring VPLS Convergence..................................................................................................................9-12 9.3.1 Establishing the Configuration Task....................................................................................................9-12 9.3.2 Configuring the VE Group...................................................................................................................9-14 9.3.3 Configuring the mVRRP Virtual Router..............................................................................................9-14 9.3.4 Configuring the mVRRP Virtual Router over the mVSI.....................................................................9-15 9.3.5 Configuring the mVRRP Binding........................................................................................................9-16 9.3.6 Configuring the mVSI Binding............................................................................................................9-18 9.3.7 Checking the Configuration.................................................................................................................9-19 9.4 Maintaining VPLS.........................................................................................................................................9-21 9.4.1 Clearing the Statistics of the Packets Sent and Received by the VRRP Virtual Router......................9-21 9.4.2 Debugging VPLS.................................................................................................................................9-21 9.5 Configuration Examples................................................................................................................................9-22 9.5.1 Example for Configuring VPLS Convergence (UPE Directly Accesses the NPE Though the VE Interface) .......................................................................................................................................................................9-22 9.5.2 Example for Configuring VPLS Convergence (UPE Directly Accesses the NPE Without Using the VE Interface).......................................................................................................................................................9-44

10 ATM IWF Configuration......................................................................................................10-1


10.1 Introduction.................................................................................................................................................10-2 10.1.1 ATM IWF Overview..........................................................................................................................10-2 10.1.2 ATM IWF Supported by the NE80E/40E..........................................................................................10-2 10.2 Configuring the CCC Local Connection ATM IWF...................................................................................10-3 10.2.1 Establishing the Configuration Task..................................................................................................10-4 10.2.2 Enabling IWF on an ATM Board.......................................................................................................10-4 10.2.3 Configuring an ATM Sub-Interface and Configuring IWF Mapping................................................10-5 10.2.4 Configuring an Ethernet Sub-Interface..............................................................................................10-6 10.2.5 Configuring CCC Local Connection..................................................................................................10-6 10.2.6 Checking the Configuration...............................................................................................................10-7 10.3 Configuring the Remote ATM IWF............................................................................................................10-7 Issue 03 (2008-09-22) Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd. xv

Contents

Quidway NetEngine80E/40E Core Router Configuration Guide - VPN 10.3.1 Establishing the Configuration Task..................................................................................................10-8 10.3.2 Enabling IWF on an ATM Board.......................................................................................................10-8 10.3.3 Configuring an ATM Sub-Interface and Configuring IWF Mapping................................................10-9 10.3.4 Creating the Remote MPLS L2VPN Connection............................................................................10-10 10.3.5 Checking the Configuration.............................................................................................................10-10

10.4 Configuration Examples............................................................................................................................10-10 10.4.1 Example for Configuring the CCC Local Connection ATM IWF...................................................10-10 10.4.2 Example for Configuring Remote ATM IWF..................................................................................10-13

A Glossary.....................................................................................................................................A-1 B Acronyms and Abbreviations.................................................................................................B-1 Index.................................................................................................................................................i-1

xvi

Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd.

Issue 03 (2008-09-22)

Quidway NetEngine80E/40E Core Router Configuration Guide - VPN

Figures

Figures
Figure 1-1 Networking example using VPN primary tunnel binding..................................................................1-4 Figure 1-2 Networking diagram of tunnel policy configuration in L3VPN.......................................................1-26 Figure 1-3 Networking diagram of configuring Martini L2VPN using MPLS TE tunnels...............................1-37 Figure 1-4 Networking diagram of configuring the Martini L2VPN primary tunnel binding...........................1-46 Figure 2-1 GRE in CPE-based VPN....................................................................................................................2-2 Figure 2-2 GRE in Network-based VPN..............................................................................................................2-3 Figure 2-3 Format of GRE packet that contains the MPLS label.........................................................................2-3 Figure 2-4 Diagram of a CE accessing the MPLS VPN backbone network through the IP-based backbone network ...............................................................................................................................................................................2-3 Figure 2-5 GRE tunnel supporting Keep-alive...................................................................................................2-15 Figure 2-6 Networking diagram of GRE static routes configuration.................................................................2-18 Figure 2-7 Networking diagram of GRE dynamic routing protocol configuration............................................2-22 Figure 2-8 Diagram of a CE accessing MPLS VPN through the GRE tunnel...................................................2-26 Figure 2-9 Diagram of a GRE tunnel traversing another VPN between CEs and PEs......................................2-36 Figure 2-10 Networking diagram of configuring the Keepalive function..........................................................2-46 Figure 3-1 BGP/MPLS IP VPN model................................................................................................................3-3 Figure 3-2 Schematic diagram of sham link........................................................................................................3-4 Figure 3-3 Networking diagram of applying PBR to VPN................................................................................3-60 Figure 3-4 BGP/MPLS IP VPN networking diagram........................................................................................3-97 Figure 3-5 Networking diagram of BGP/MPLS IP VPN with GRE tunnel.....................................................3-107 Figure 3-6 Networking diagram of BGP AS number substitution...................................................................3-114 Figure 3-7 Hub and Spoke networking diagram..............................................................................................3-120 Figure 3-8 Networking diagram of inter-AS VPN...........................................................................................3-128 Figure 3-9 Networking diagram of carrier's carrier configuration...................................................................3-149 Figure 3-10 Networking diagram of the carrier's carrier configuration (inter-AS)..........................................3-160 Figure 3-11 Networking diagram of HoVPN...................................................................................................3-170 Figure 3-12 Networking diagram for OSPF sham link configuration..............................................................3-177 Figure 3-13 Networking diagram of example for Multi-VPN-Instance CE.....................................................3-186 Figure 3-14 Networking diagram of configuring PBR to VPN.......................................................................3-196 Figure 3-15 Example of enabling VPN users to access the public network....................................................3-204 Figure 3-16 Networking diagram for the dual-homed CE...............................................................................3-210 Figure 3-17 Networking diagram of configuring load balancing among EBGP and IBGP routes when CEs are dual-homed........................................................................................................................................................3-227 Figure 3-18 Configure IP FRR on the private network....................................................................................3-235 Issue 03 (2008-09-22) Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd. xvii

Figures

Quidway NetEngine80E/40E Core Router Configuration Guide - VPN Figure 3-19 Configuring the VPN FRR...........................................................................................................3-239 Figure 3-20 Networking diagram of the VPN GR...........................................................................................3-246

Figure 3-21 Networking diagram of the VPN with double reflectors..............................................................3-256 Figure 3-22 Networking diagram for inter-AS VPN Option B........................................................................3-264 Figure 4-1 Schematic diagram of the IPv6 VPN over the IPv4 public network..................................................4-2 Figure 4-2 BGP/MPLS IPv6 VPN networking diagram....................................................................................4-55 Figure 4-3 Hub and Spoke networking diagram................................................................................................4-67 Figure 4-4 Hub&Spoke networking diagram.....................................................................................................4-77 Figure 4-5 Networking diagram 1 of inter-AS VPN..........................................................................................4-87 Figure 4-6 Networking diagram 2 of inter-AS VPN..........................................................................................4-97 Figure 4-7 Networking diagram 3 of inter-AS VPN........................................................................................4-103 Figure 4-8 Networking diagram of carrier's carrier configuration...................................................................4-111 Figure 4-9 Networking diagram of the carrier's carrier configuration (inter-AS)............................................4-123 Figure 4-10 Networking diagram of RR VPN.................................................................................................4-134 Figure 5-1 Networking diagram of the access of CE adopting ATM..................................................................5-3 Figure 5-2 VLL model.........................................................................................................................................5-3 Figure 5-3 VLL label processing..........................................................................................................................5-4 Figure 5-4 Symmetrically dual-homed CEs.........................................................................................................5-8 Figure 5-5 Asymmetrically connected CEs..........................................................................................................5-8 Figure 5-6 Networking diagram of the local CCC connection...........................................................................5-58 Figure 5-7 Networking diagram of remote CCC connection.............................................................................5-61 Figure 5-8 Networking diagram of SVC VLL...................................................................................................5-66 Figure 5-9 Networking diagram of Martini VLL...............................................................................................5-71 Figure 5-10 Networking diagram of a local Kompella VLL connection...........................................................5-77 Figure 5-11 Networking diagram of a remote Kompella VLL connection........................................................5-79 Figure 5-12 Networking diagram of L2VPN internetworking (Ethernet interconnecting with PPP by using the remote CCC connection).....................................................................................................................................5-86 Figure 5-13 Networking diagram of IP-interworking Ethernet to HDLC.......................................................5-91 Figure 5-14 Networking diagram of IP-interworking VLAN to ATM in Kompella mode............................5-97 Figure 5-15 Networking diagram of VLL interworking - VLAN interworking with PPP by using the remote Kompella connection.........................................................................................................................................5-101 Figure 5-16 Networking diagram of PPP between CE and PE........................................................................5-109 Figure 5-17 Networking diagram of ATM primary interface between CE and PE.........................................5-111 Figure 5-18 Networking diagram of ATM sub interface between CE and PE................................................5-111 Figure 5-19 Networking diagram of configuring the inter-AS Martini VLL Option A...................................5-113 Figure 5-20 Networking diagram of configuring the inter-AS Martini VLL Option C...................................5-119 Figure 5-21 Networking diagram of configuring the inter-AS Kompella VLL Option A...............................5-128 Figure 5-22 Networking diagram of configuring the inter-AS Kompella VLL Option C...............................5-137 Figure 5-23 Networking diagram of configuring Martini VLL FRR (symmetrically dual-homed CEs)........5-146 Figure 5-24 Networking diagram of configuring Martini VLL FRR (asymmetrically connected CEs)..........5-161 Figure 5-25 Networking diagram of configuring Kompella VLL with two reflectors....................................5-178 Figure 6-1 PWE3 framework...............................................................................................................................6-3 Figure 6-2 Interactive process of the LDP-PW packet.........................................................................................6-5 xviii Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd. Issue 03 (2008-09-22)

Quidway NetEngine80E/40E Core Router Configuration Guide - VPN

Figures

Figure 6-3 Process of tearing down single-hop PWE3........................................................................................6-5 Figure 6-4 Networking diagram of SH-PWE3.....................................................................................................6-6 Figure 6-5 Networking diagram of MH-PWE3...................................................................................................6-6 Figure 6-6 Structure of an LSP ping packet.........................................................................................................6-7 Figure 6-7 Symmetrically dual-homed CEs.........................................................................................................6-8 Figure 6-8 Asymmetrically connected CEs..........................................................................................................6-8 Figure 6-9 PWE3 internetworking.......................................................................................................................6-9 Figure 6-10 Networking diagram of inter-AS PWE3-Option A........................................................................6-11 Figure 6-11 Networking diagram of inter-AS PWE3-Option C........................................................................ 6-12 Figure 6-12 Networking diagram of ATM cell transport...................................................................................6-12 Figure 6-13 Networking diagram of PWE3 SH tracert......................................................................................6-13 Figure 6-14 Networking diagram of PWE3 MH tracert.....................................................................................6-14 Figure 6-15 Asymmetrically connected CEs......................................................................................................6-28 Figure 6-16 Networking diagram of dynamic SH-PW using the LSP tunnel....................................................6-71 Figure 6-17 Networking diagram of dynamic SH-PW using the GRE tunnel...................................................6-77 Figure 6-18 Networking diagram of static MH-PW.......................................................................................... 6-83 Figure 6-19 Networking diagram of dynamic MH-PW.....................................................................................6-89 Figure 6-20 Networking of mixed MH-PW.....................................................................................................6-102 Figure 6-21 Networking diagram of the PWE3 convergence..........................................................................6-109 Figure 6-22 Networking diagram of configuring a static BFD that checks PWs.............................................6-117 Figure 6-23 Networking diagram of configuring a dynamic BFD that checks SH-PW..................................6-132 Figure 6-24 Networking diagram of configuring dynamic BFDs that check MH-PW....................................6-141 Figure 6-25 Networking diagram of PW FRR CEs are symmetrically connected to PEs through POS links ...........................................................................................................................................................................6-153 Figure 6-26 Networking diagram of PW FRR CEs are asymmetrically connected to PEs through POS links ...........................................................................................................................................................................6-168 Figure 6-27 Networking diagram of PW FRR CEs are symmetrically connected to PEs through Ethernet links, dynamic BFD is used to detect PWs, EFM is used to detect ACs....................................................................6-190 Figure 6-28 Networking diagram of PW FRR CEs are unsymmetrically connected to PEs through Ethernet links, dynamic BFD is used to detect PWs, EFM is used to detect ACs..........................................................6-206 Figure 6-29 Networking diagram of PW FRR CEs are unsymmetrically connected to PEs through Ethernet links, dynamic BFD is used to detect PWs, CFM is used to detect ACs..........................................................6-226 Figure 6-30 Networking diagram of PW FRR CEs are unsymmetrically connected to PEs through Ethernet links, static BFD is used to detect PWs, CFM is used to detect ACs...............................................................6-247 Figure 6-31 PWE3 internetworking.................................................................................................................6-268 Figure 6-32 Networking diagram for inter-AS PWE3-Option A.....................................................................6-273 Figure 6-33 Networking diagram of inter-AS PWE3-OptionC.......................................................................6-280 Figure 6-34 Networking diagram for interface-based remote ATM transparent cell transport.......................6-289 Figure 6-35 Networking diagram for 1-to-1 VCC ATM cell transport............................................................6-296 Figure 6-36 Networking diagram for N-to-1 VCC ATM cell transport...........................................................6-301 Figure 6-37 Networking diagram for N-to-1 VCC ATM cell transport with VPI/VCI mapping....................6-307 Figure 6-38 Networking diagram for 1-to-1 VPC ATM cell transport............................................................6-313 Figure 6-39 Networking diagram for N-to-1 VPC ATM cell transport...........................................................6-318 Figure 6-40 Networking diagram of N-to-1 VPC ATM cell transport with the VPI mapping........................6-324 Issue 03 (2008-09-22) Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd. xix

Figures

Quidway NetEngine80E/40E Core Router Configuration Guide - VPN Figure 6-41 Networking diagram for ATM AAL5 SDU transport..................................................................6-330

Figure 7-1 VPLS architecture...............................................................................................................................7-3 Figure 7-2 VPLS forwarding model.....................................................................................................................7-4 Figure 7-3 HVPLS model.....................................................................................................................................7-7 Figure 7-4 Networking diagram of user network accessing to a single PE through redundant links..................7-8 Figure 7-5 The user network accesses the VPLS network through dual-homing links.......................................7-8 Figure 7-6 Networking diagram of the VLL accessing the VPLS.......................................................................7-9 Figure 7-7 Networking diagram of the static VLL accessing the VPLS network in dual-homed mode...........7-10 Figure 7-8 Kompella VPLS................................................................................................................................7-72 Figure 7-9 Martini VPLS...................................................................................................................................7-77 Figure 7-10 VPLS over TE in Martini mode.....................................................................................................7-82 Figure 7-11 Networking diagram of configuring LDP HVPLS.........................................................................7-91 Figure 7-12 Networking diagram of configuring loop detection of ACs in a VPLS network...........................7-96 Figure 7-13 Diagram of configuring dynamic VLLs to access the VPLS network.........................................7-104 Figure 7-14 Networking diagram of configuring static VLL to access the VPLS network.............................7-112 Figure 7-15 Networking diagram of configuring the static VLL to access the VPLS network in dual-homed mode ...........................................................................................................................................................................7-122 Figure 7-16 Networking diagram of configuring Kompella VPLS Option A..................................................7-143 Figure 7-17 Networking diagram of configuring inter-AS Kompella VPLS Option C...................................7-151 Figure 7-18 Networking diagram of configuring the inter-AS Martini VPLS Option A.................................7-160 Figure 7-19 Networking diagram of configuring the inter-AS Martini VPLS Option C.................................7-167 Figure 7-20 Networking diagram of configuring dual-homed Kompella VPLS.............................................7-176 Figure 7-21 Networking diagram of configuring Kompella VPLS with two reflectors..................................7-185 Figure 8-1 Networking diagram of traditional access of L2VPN to L3VPN.......................................................8-2 Figure 8-2 Networking diagram of connection from L2VPN to L3VPN supported by the ................................8-3 Figure 8-3 Networking diagram of connecting a VLL to an L3VPN..................................................................8-5 Figure 8-4 Networking diagram of VPLS accessing L3VPN............................................................................8-10 Figure 8-5 Networking diagram of configuring an L2VPN to access multiple L3VPNs through sub-interfaces for QinQ VLAN tag termination...............................................................................................................................8-15 Figure 8-6 Networking diagram of the access of Martini VLL to MPLS L3VPN.............................................8-21 Figure 8-7 Networking diagram of configuring the Martini VLL to public network........................................8-30 Figure 8-8 Networking diagram of configuring the access of Martini VPLS to L3VPN..................................8-36 Figure 8-9 Networking diagram of configuring the dual-homing access of dynamic master/backup VPLS to an L3VPN................................................................................................................................................................8-48 Figure 8-10 Networking diagram of configuring an L2VPN to access multiple L3VPNs through sub-interfaces for QinQ VLAN tag termination...............................................................................................................................8-79 Figure 9-1 Networking diagram of determining the master and the backup through the mVRRP virtual router in dual homing...........................................................................................................................................................9-3 Figure 9-2 UPE dual-homed to the NPEs............................................................................................................9-5 Figure 9-3 Binding of the mVSI and the service VSI..........................................................................................9-6 Figure 9-4 Peer BFD and Link BFD....................................................................................................................9-7 Figure 9-5 Networking diagram of the access of the traditional L2VPN to the L3VPN.....................................9-8 Figure 9-6 Networking diagram of the access of the L2VPN supported by the VE interface to the L3VPN ...............................................................................................................................................................................9-8 xx Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd. Issue 03 (2008-09-22)

Quidway NetEngine80E/40E Core Router Configuration Guide - VPN

Figures

Figure 9-7 Networking diagram of configuring mVSIs.......................................................................................9-9 Figure 9-8 Networking diagram of configuring VPLS convergence (UPE directly accesses the NPE)............9-13 Figure 9-9 Networking diagram of configuring VPLS convergence (UPE directly accesses the NPE though the VE interface).......................................................................................................................................................9-23 Figure 9-10 Networking diagram of configuring VPLS convergence (UPE accesses the NPE without using the VE interface)..............................................................................................................................................................9-45 Figure 10-1 ATM IWF diagram in the CCC local connection...........................................................................10-3 Figure 10-2 Diagram of ATM IWF in PW.........................................................................................................10-3 Figure 10-3 Networking diagram of the CCC local connection ATM IWF....................................................10-11 Figure 10-4 Networking diagram of PW ATM IWF.......................................................................................10-13

Issue 03 (2008-09-22)

Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd.

xxi

Quidway NetEngine80E/40E Core Router Configuration Guide - VPN

Tables

Tables
Table 6-1 Data types capable of transparent transmission through PWE3..........................................................6-9

Issue 03 (2008-09-22)

Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd.

xxiii

Quidway NetEngine80E/40E Core Router Configuration Guide - VPN

About This Document

About This Document


Purpose
The document describes the configuration methods of the VPN network in terms of basic principles, implementation of protocols, configuration procedures and configuration examples for the VPN of the NE80E/40E

Related Versions
The following table lists the product versions related to this document. Product Name Quidway NetEngine80E/40E Version V300R003

Intended Audience
This document is intended for:
l l l l

Commissioning Engineer Data Configuration Engineer Network Monitoring Engineer System Maintenance Engineer

Organization
This document is organized as follows. Chapter 1 VPN Tunnel Management Configuration Description This chapter describes the VPN tunnel management, and configuration steps for tunnel and tunnel policy, along with examples.
1

Issue 03 (2008-09-22)

Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd.

About This Document

Quidway NetEngine80E/40E Core Router Configuration Guide - VPN

Chapter 2 GRE Configuration

Description This chapter describes the basic GRE concepts, applications and configuration steps for GRE tunnel, GRE tunnel between CE and PE, and GRE keepalive function, along with examples This chapter describes the BGP/MPLS IP VPN concepts, principle, and configuration steps for VPN-instance, basic BGP/MPLS IP VPN, multi-AS BGP/MPLS IP VPN, carrier's carrier, HoVPN, OSPF shamlink, multi-VPN-instance CE, BGP and VPN Users Accessing the Public Network, along with examples. This chapter describes the BGP/MPLS IPv6 VPN concepts, principle, and configuration steps for VPN-instance, basic BGP/MPLS IPv6 VPN, multi-AS BGP/MPLS IPv6 VPN and VPN Users Accessing the Public Network, along with examples. This chapter describes the VLL concepts, principles and configuration steps for CCC, SVC, Martini and Kompella VLL, and VLL IP-interworking, along with examples. This chapter describes the PWE3 concepts, features, terms, principles and configuration steps for dynamic PW, static PW, SH-PW, MH-PW, and PW switching, along with examples. This chapter describes the VPLS concepts, principles, implementation and configuration steps for Martini and Kompella VPLS, and related parameters of the VSI, along with examples. This chapter describes the basic concept of Access of L2VPN to L3VPN, and configuration steps, along with examples This chapter describes the basic concept of VPLS Convergence, and configuration steps, along with examples This chapter describes the basic concept of ATM IWF, and configuration steps, along with examples This appendix collates frequently used glossaries in this document. This appendix collates frequently used acronyms and abbreviations in this document.

3 BGP/MPLS IP VPN Configuration

4 BGP/MPLS IPv6 VPN Configuration

5 VLL Configuration

6 PWE3 Configuration

7 VPLS Configuration

8 Access of L2VPN to L3VPN Configuration 9 VPLS Convergence Configuration 10 ATM IWF Configuration A Glossary B Acronyms and Abbreviations

Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd.

Issue 03 (2008-09-22)

Quidway NetEngine80E/40E Core Router Configuration Guide - VPN

About This Document

Conventions
Symbol Conventions
The symbols that may be found in this document are defined as follows. Symbol Description Indicates a hazard with a high level of risk, which if not avoided, will result in death or serious injury.

Indicates a hazard with a medium or low level of risk, which if not avoided, could result in minor or moderate injury.

Indicates a potentially hazardous situation, which if not avoided, could result in equipment damage, data loss, performance degradation, or unexpected results. Indicates a tip that may help you solve a problem or save time. Provides additional information to emphasize or supplement important points of the main text.

General Conventions
The general conventions that may be found in this document are defined as follows. Convention Times New Roman Boldface Italic Courier New Description Normal paragraphs are in Times New Roman. Names of files, directories, folders, and users are in boldface. For example, log in as user root. Book titles are in italics. Examples of information displayed on the screen are in Courier New.

Command Conventions
The command conventions that may be found in this document are defined as follows. Convention Boldface
Issue 03 (2008-09-22)

Description The keywords of a command line are in boldface.


Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd. 3

About This Document

Quidway NetEngine80E/40E Core Router Configuration Guide - VPN

Convention Italic [] { x | y | ... } [ x | y | ... ] { x | y | ... }*

Description Command arguments are in italics. Items (keywords or arguments) in brackets [ ] are optional. Optional items are grouped in braces and separated by vertical bars. One item is selected. Optional items are grouped in brackets and separated by vertical bars. One item is selected or no item is selected. Optional items are grouped in braces and separated by vertical bars. A minimum of one item or a maximum of all items can be selected. Optional items are grouped in brackets and separated by vertical bars. Several items or no item can be selected. The parameter before the & sign can be repeated 1 to n times. A line starting with the # sign is comments.

[ x | y | ... ]* &<1-n> #

GUI Conventions
The GUI conventions that may be found in this document are defined as follows. Convention Boldface > Description Buttons, menus, parameters, tabs, window, and dialog titles are in boldface. For example, click OK. Multi-level menus are in boldface and separated by the ">" signs. For example, choose File > Create > Folder.

Keyboard Operations
The keyboard operations that may be found in this document are defined as follows. Format Key Key 1+Key 2 Key 1, Key 2 Description Press the key. For example, press Enter and press Tab. Press the keys concurrently. For example, pressing Ctrl+Alt +A means the three keys should be pressed concurrently. Press the keys in turn. For example, pressing Alt, A means the two keys should be pressed in turn.

Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd.

Issue 03 (2008-09-22)

Quidway NetEngine80E/40E Core Router Configuration Guide - VPN

About This Document

Mouse Operations
The mouse operations that may be found in this document are defined as follows. Action Click Double-click Drag Description Select and release the primary mouse button without moving the pointer. Press the primary mouse button twice continuously and quickly without moving the pointer. Press and hold the primary mouse button and move the pointer to a certain position.

Update History
Updates between document issues are cumulative. Therefore, the latest document issue contains all updates made in previous issues.

Updates in Issue 03 (2008-09-22)


The third commercial release.

Updates in Issue 02 (2008-05-08)


The second commercial release.

Updates in Issue 01 (2008-02-22)


Initial commercial release.

Issue 03 (2008-09-22)

Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd.

Quidway NetEngine80E/40E Core Router Configuration Guide - VPN

1 VPN Tunnel Management Configuration

VPN Tunnel Management Configuration

About This Chapter


This chapter describes how to create a tunnel interface and configure a tunnel policy. 1.1 Overview This section describes basic concepts of tunnel management, types and application mechanism of tunnel policies. 1.2 Configuring Tunnel Interfaces This section describes how to configure tunnel interfaces for tunnels such as GRE, MPLS TE. 1.3 Configuring Tunnel Policies in Select-Sequence Mode for L3VPN This section describes how to configure tunnel policies in select-sequence Mode for L3VPN. 1.4 Configuring Tunnel Policies in Select-Sequence Mode for L2VPN This section describes how to configure tunnel policies in select-sequence mode for L2VPN. 1.5 Configuring L3VPN Primary Tunnel Binding This section describes how to configure dedicated tunnels for L3VPN. 1.6 Configuring L2VPN Primary Tunnel Binding This section describes how to configure dedicated tunnels for Martini L2VPN. 1.7 Maintaining a Tunnel This section describes how to debug and remove tunnel faults. 1.8 Configuration Examples This section provides two configuration examples.

Issue 03 (2008-09-22)

Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd.

1-1

1 VPN Tunnel Management Configuration

Quidway NetEngine80E/40E Core Router Configuration Guide - VPN

1.1 Overview
This section describes basic concepts of tunnel management, types and application mechanism of tunnel policies. 1.1.1 Introduction to VPN Tunnels 1.1.2 VPN Tunnel Features Supported by theNE80E/40E

1.1.1 Introduction to VPN Tunnels


In Virtual Private Networks (VPNs), based on the tunnel technology, dedicated transmission channels, namely, tunnels, can be set up in backbone networks. Packets can then be transparently transmitted through the tunnels.

Common VPN Tunnels


Common VPN tunnels are described as follows:
l

LSP A Label Switched Path (LSP) is similar to an Asynchronous Transfer Mode (ATM) Virtual Circuit (VC) or a Frame Relay (FR) VC in function and security. When LSPs are adopted as tunnels on the public network of Multi-Protocol Label Switching (MPLS) VPN, IP packet headers are analyzed only on Provider Edges (PEs), rather than on each device along which VPN packets are transmitted. In this manner, the time to process VPN packets shortens and the delay of packet transmission decreases. In addition, MPLS labels are supported by all link layer protocols.

MPLS TE Generally, carriers are required to provide VPN users with Quality of Service (QoS) guarantee for various end-to-end services, such as the voice service, video service, key data service, and Internet access service. To meet users' requirements, carriers offer the MPLS Traffic Engineering (MPLS TE) tunnels, which can optimize network resources and offer users with QoS guaranteed services.

GRE The major applicable environments of Generic Routing Encapsulation (GRE) are as follows:

P devices do not support MPLS. If PE devices support MPLS while Provider (P) devices of the VPN backbone network does not support MPLS, use GRE tunnels in the VPN backbone network, instead of LSPs.

A CE and a PE are indirectly connected. In an MPLS Layer 3 VPN (MPLS L3VPN), a CE and a PE must have a direct connection. If they are not directly connected, a GRE tunnel is generally set up between the CE and the PE to ensure the CE can access MPLS VPN.

L2TP The Layer 2 Tunneling Protocol (L2TP) is applied for the Virtual Private Data Network (VPDN). The VPDN functions can be implemented if only L2TP is supported.

1-2

Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd.

Issue 03 (2008-09-22)

Quidway NetEngine80E/40E Core Router Configuration Guide - VPN

1 VPN Tunnel Management Configuration

By means of L2TP, mobile users can access the MPLS VPN, namely, Layer 3 VPN, and VPN users can access other VPNs.

Tunnel Configuration Management


Tunnels are protocol-specific. The setup and management of tunnels vary with the tunnel type. For example, GRE tunnels and MPLS TE tunnels, both of which are Constraint-based Routed LSP (CR-LSP) tunnels, are managed by using tunnel interfaces, whereas MPLS LSP tunnels are managed without using tunnel interfaces. This chapter describes the configurations of tunnel interfaces and general tunnel management.
l

Tunnel management: informs the current application about the tunnel status and queries the tunnel and tunnel policy based on the destination IP address. Tunnel policy: selects a tunnel based on the destination IP address.

An application selects tunnels according to the tunnel policy. If no tunnel policy is configured, the default tunnel policy is selected. By default, no load balancing can be performed among tunnels, and only the LSP tunnel can be selected.

1.1.2 VPN Tunnel Features Supported by theNE80E/40E


An application (such as VPN) selects tunnels according to the tunnel policy. If no tunnel policy is configured, the tunnel management module selects the tunnel according to the default tunnel policy. The tunnel policy can be in either of two modes:
l l

Select-sequence Tunnel binding

These two modes are mutually exclusive.

Select-sequence Mode
With the tunnel policy of the select-sequence mode, you can specify the sequence to select the tunnel types, and the number of tunnels participating in load balancing.

Tunnel Binding Mode


Tunnel binding indicates that a certain TE tunnel can only be applied for a specific VPN service. Tunnel binding can be applied in the following scenarios:
l

VPN primary tunnel binding: The primary tunnel can transmit the service data only for a specified VPN. As shown in Figure 1-1, two MPLS TEs, namely Tunnel1 and Tunnel2, are set up between PE1 and PE3.

Issue 03 (2008-09-22)

Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd.

1-3

1 VPN Tunnel Management Configuration

Quidway NetEngine80E/40E Core Router Configuration Guide - VPN

Figure 1-1 Networking example using VPN primary tunnel binding


VPNA VPNA

Site1

CE1

VPN Backbone
TE Tunnel1, for VPNA TE Tunnel2 ,for VPNB

CE3

Site3

PE1 Site2 CE2

PE3 CE4

Site4

VPNB

VPNB

The QoS of both VPN A and VPN B is guaranteed if you configure the VPN primary tunnel binding, that is, binding VPN A with Tunnel 1 and binding VPN B with Tunnel 2. After the configuration, both VPN A and VPN B use separate TE tunnels. The VPN primary tunnel binding has the following features:

The VPN data to a specific peer PE is always transmitted through the bound TE tunnel. The bound TE tunnel cannot be used in select-sequence mode or in load balancing. VPN primary tunnel binding can only use the bound primary tunnel for the specific peer PE. Other peer PEs, however, adopt the default tunnel policy.

You can arrange network resources by creating MPLS TE tunnels of different QoS features. Then you can manually configure each TE tunnel to carry the corresponding VPN service. Therefore, network resources can be optimally used.
l

Resource Reserved VPN (RRVPN): Each sub-tunnel of a primary tunnel can transmit the data of a specified VPN.

1.2 Configuring Tunnel Interfaces


This section describes how to configure tunnel interfaces for tunnels such as GRE, MPLS TE. 1.2.1 Establishing the Configuration Task 1.2.2 Creating Tunnel Interfaces 1.2.3 Configuring a Tunnel Interface 1.2.4 Checking the Configuration

1.2.1 Establishing the Configuration Task


Applicable Environments
Tunnels such as GRE and MPLS TE tunnels use a kind of virtual logical interface, that is, tunnel interface, to forward packets. You must create the tunnel interfaces before using these tunnels. In addition, you can set different encapsulation types for the tunnel interface as required. The encapsulation protocol on both ends of the tunnel must be consistent.
1-4 Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd. Issue 03 (2008-09-22)

Quidway NetEngine80E/40E Core Router Configuration Guide - VPN

1 VPN Tunnel Management Configuration

The source address and destination address of a tunnel uniquely identify the tunnel. The destination address is the address of the interface receiving packets.

Pre-configuration Tasks
Before configuring a tunnel interface, complete the following tasks:
l

Connecting the interfaces, and configuring physical parameters for the interfaces to ensure that the physical status of the interfaces is Up Configuring parameters of the link layer protocol and IP addresses for the interfaces to ensure that the status of the link layer protocol on the interfaces is Up

Data Preparation
To configure a tunnel interface, you need the following data. No. 1 2 Data Serial number of the tunnel interface Encapsulation type of the tunnel, source address, source interface, and destination address of the tunnel interface

1.2.2 Creating Tunnel Interfaces


Context
Do as follows on routers at two ends of a tunnel.

Procedure
Step 1 Run:
system-view

The system view is displayed. Step 2 Run:


interface tunnel interface-number

A tunnel interface is created.


NOTE

When creating the tunnel interfaces on distributed devices, you are recommended to set the slot numbers of the tunnel interfaces the same as the slot number of the interface sending the packets, that is, the interface at the source end. In this manner, the packet forwarding efficiency can be improved.

Issue 03 (2008-09-22)

Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd.

1-5

1 VPN Tunnel Management Configuration


NOTE

Quidway NetEngine80E/40E Core Router Configuration Guide - VPN

When you create a tunnel interface for a GRE or IPv4 over IPv6 tunnel, the slot number of the tunnel interface must be the same as that of the TSU, which is bound to the loopback interface that serves as the source interface. When creating a tunnel interface for other types of tunnels, you are recommended to set the slot number of the tunnel interface same as that of the source end, that is, the number of the slot that sends the packet. This improves the forwarding efficiency.

----End

1.2.3 Configuring a Tunnel Interface


Context
Do as follows on routers with tunnel interfaces.

Procedure
Step 1 Run:
system-view

The system view is displayed. Step 2 Run:


interface tunnel interface-number

The tunnel interface view is displayed. Step 3 Run:


tunnel-protocol { gre | mpls te | ipv6-ipv4 [ 6to4 | auto-tunnel ] | ipv4-ipv6 | none }

The encapsulation type of the tunnel is configured. By default, the encapsulation protocol of a tunnel interface is none. For a tunnel, the tunnel interfaces at two ends must have the same encapsulation protocol. The related commands of an encapsulation protocol can be run only after the protocol is encapsulated on the tunnel interface. For example, you can run MPLS TE commands in a tunnel interface view after the tunnel-protocol mpls te command is configured on the tunnel interface. Step 4 Run:
destination [ vpn-instance vpn-instance-name ] dest-ip-address

The destination address is configured for the tunnel. The parameter vpn-instance vpn-instance-name is valid only for GRE. Step 5 (Optional) Run:
source { source-ip-address | loopback interface-number }

The source address or source interface of the tunnel is configured. Different tunnel interfaces encapsulated with one protocol cannot be configured with the same source address and destination address. You can use loopback interface-number or source-ip-address to specify a source address for a GRE or IPv4 over IPv6 tunnel. The source address must be the address of the loopback interface
1-6 Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd. Issue 03 (2008-09-22)

Quidway NetEngine80E/40E Core Router Configuration Guide - VPN

1 VPN Tunnel Management Configuration

bound to the TSU by using the target-board command. The source address of an IPv6 over IPv4 tunnel, however, is not restricted. Whether a source address or a destination address is necessary for a tunnel interface depends on the tunnel type. For example, an MPLS TE tunnel interface requires only a destination address. If you use interface-type interface-number to specify the source address of a tunnel, the specified interface cannot be the local tunnel interface. Step 6 (Optional) Run:
mtu mtu-value

The MTU of the interface is configured. This step is necessary if you want to change the MTU. The newly configured MTU is validated only after you run the shutdown command and the undo shutdown command on the interface in sequence. Step 7 Choose one of the following methods to configure the IP address of a tunnel interface.
l

Run the ip address ip-address { mask | mask-length } [ sub ] command to configure the IP address of a tunnel interface. Run the ip address unnumbered interface interface-type interface-number command to configure IP unnumbered on the tunnel interface.

----End

1.2.4 Checking the Configuration


Run the following commands to check the previous configuration. Action Check information about a tunnel interface. Check information about all tunnels. Check detailed information about a specific tunnel. Command display interface tunnel interface-number display tunnel-info all display tunnel-info tunnel-id

Run the display interface tunnel command to see that "Line protocol current state" of the tunnel interface is "UP". For example:
<Quidway> display interface Tunnel 4/0/0 Tunnel4/0/0 current state : UP Line protocol current state : UP Description : HUAWEI, Quidway Series, Tunnel4/0/0 Interface The Maximum Transmit Unit is 1500 bytes Internet Address is 40.1.1.1/24 Encapsulation is TUNNEL, loopback not set Tunnel source 20.1.1.1 (GigabitEthernet4/0/0), destination 30.1.1.2 Tunnel protocol/transport GRE/IP, key disabled keepalive disabled Checksumming of packets disabled QoS max-bandwidth : 64 Kbps Output queue : (Urgent queue : Size/Length/Discards) 0/50/0 Output queue : (Protocol queue : Size/Length/Discards) 0/1000/0

Issue 03 (2008-09-22)

Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd.

1-7

1 VPN Tunnel Management Configuration

Quidway NetEngine80E/40E Core Router Configuration Guide - VPN

Output queue : (FIFO queue : Size/Length/Discards) 0/256/0 300 seconds input rate 31776024 bytes/sec, 31776152 packets/sec 300 seconds output rate 31776024 bytes/sec, 31776152 packets/sec 185 packets input, 19714 bytes 0 input error 184 packets output, 19738 bytes 0 output error

Run the display tunnel-info command to check the information about the tunnel, such as the tunnel ID. For example:
<Quidway> display tunnel-info all * -> Allocated VC Token Tunnel ID Type Destination Token ---------------------------------------------------------------------0x1100200a cr lsp 100.1.1.2 115712 0x1800800 lsp 3.3.3.3 0 0x1800801 lsp 2.2.2.2 1 0x41804bb8 lsp 192.168.2.0 3000

Run the display tunnel-info tunnel-id command to further check the information about the tunnel. For example:
<Quidway> display tunnel-info 1100200a Tunnel ID: 0x1100200a Tunnel Token: 115712 Type: cr lsp Destination: 3.3.3.3 Mask: 0.0.0.0 Out Slot: 1 Instance ID: 0 Interface: Tunnel1/0/1 Sub Tunnel ID: 0x0

1.3 Configuring Tunnel Policies in Select-Sequence Mode for L3VPN


This section describes how to configure tunnel policies in select-sequence Mode for L3VPN. 1.3.1 Establishing the Configuration Task 1.3.2 Configuring a Tunnel Policy 1.3.3 Applying a Tunnel Policy to L3VPN 1.3.4 Checking the Configuration

1.3.1 Establishing the Configuration Task


Applicable Environment
A tunnel policy is used to select proper tunnels to forward VPN packets in L2VPN and L3VPN. In L3VPN, a tunnel policy is applied for VPN instances. In L2VPN, a tunnel policy is applied for VCs. The policy includes tunnel selection and the number of tunnels for load balancing. At present, a tunnel policy is effective in only one Autonomous System (AS).
1-8 Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd. Issue 03 (2008-09-22)

Quidway NetEngine80E/40E Core Router Configuration Guide - VPN

1 VPN Tunnel Management Configuration

Pre-configuration Tasks
Before configuring a tunnel policy, complete the following tasks:
l

Connecting the interfaces, and configuring physical parameters for the interfaces to ensure that the physical status of the interfaces is Up Configuring parameters of the link layer protocol and IP addresses for the interfaces to ensure that the status of the link layer protocol on the interfaces is Up Creating the tunnel (LSP, GRE, or MPLS TE) for the VPN instance Configuring the VPN instance on the PE (refer to the chapter "BGP/MPLS IP VPN Configuration" in this manual)

l l

Data Preparation
To configure the tunnel policy, you need the following data. No. 1 2 3 4 Data Name of the tunnel policy Priority of the tunnels Number of tunnels for load balancing Name of the VPN instance configured with a tunnel policy

1.3.2 Configuring a Tunnel Policy


Context
Do as follows on a PE configured with a VPN instance.

Procedure
Step 1 Run:
system-view

The system view is displayed. Step 2 Run:


tunnel-policy policy-name

A tunnel policy is created and the tunnel policy view is displayed. A tunnel policy indicates only one tunnel selection mode. If more tunnel selection modes are required, you need create multiple tunnel policies. A VPN instance can only use one tunnel policy; multiple VPN instances can use the same VPN tunnel policy. Step 3 Run:
tunnel select-seq { gre | cr-lsp | lsp }* load-balance-number load-balance-number

The priority of the tunnels and the number of tunnels for load balancing are configured.
Issue 03 (2008-09-22) Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd. 1-9

1 VPN Tunnel Management Configuration

Quidway NetEngine80E/40E Core Router Configuration Guide - VPN

If no tunnel policy is configured for L3VPN, LSP is used as the VPN tunnel, and no load balancing is carried out. The license offered to you defines the number of tunnels in load balancing. ----End

1.3.3 Applying a Tunnel Policy to L3VPN


Context
For L3VPN, the tunnel policy is applied to the VPN instance. Do as follows on a PE configured with a VPN instance.

Procedure
Step 1 Run:
system-view

The system view is displayed. Step 2 Run:


ip vpn-instance vpn-instance-name

The VPN instance view is displayed. Step 3 Run:


tnl-policy policy-name

A tunnel policy is applied to the VPN instance. ----End

1.3.4 Checking the Configuration


Run the following commands to check the previous configuration. Action Check configuration of the tunnel policy. Check the tunnel policy of the VPN instance. Check the tunnel that transmits the routes of the VPN instance. Check information about a specified tunnel. Command display tunnel-policy policy-name display ip vpn-instance verbose [ vpninstance-name ] display ip routing-table vpn-instance [ desinationt-address ] verbose display tunnel-info tunnel-id

Run the display tunnel-policy command. If the configuration of the tunnel policy is displayed, it means the configuration succeeds. For example:
[Quidway] display tunnel-policy policy1 Tunnel Policy Name Select-Seq Load balance No ---------------------------------------------------------------------

1-10

Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd.

Issue 03 (2008-09-22)

Quidway NetEngine80E/40E Core Router Configuration Guide - VPN


policy1 LSP

1 VPN Tunnel Management Configuration


1

Run the display tunnel-policy command. If the tunnel policy of the VPN instance is displayed, it means the configuration succeeds. In the following example, you can view the tunnel policy of the VPN named vpna is policy1.
[Quidway] display ip vpn-instance verbose Total VPN-Instances configured : 1 VPN-Instance Name and ID : vpna, 1 Create date : 2004/10/11 16:12:02 Up time : 0 days, 00 hours, 03 minutes and 07 seconds Route Distinguisher : 100:1 Export VPN Targets : 100:1 Import VPN Targets : 100:1 Label policy: label per route Tunnel Policy : policy1 The diffserv-mode Information is : uniform The ttl-mode Information is : uniform Interfaces : GigabitEthernet1/0/0

Run the display ip routing-table vpn-instance verbose command, and you can view the tunnel that transmits the VPN routes. For example:
[Quidway] display ip routing-table vpn-instance vpnb 10.4.1.0 verbose Routing Table : vpnb Summary Count : 2 Destination: 10.4.1.0/30 Protocol: BGP Process ID: 0 Preference: 255 Cost: 0 NextHop: 2.2.2.2 Neighbour: 2.2.2.2 State: Active Adv GotQ Age: 01h02m27s Tag: 0 Priority: 0 Label: 107520 QoSInfo:0x0 RelayNextHop: 0.0.0.0 Interface: Tunnel1/0/1 Tunnel ID: 0xc1010003 RelayNextHop: 0.0.0.0 Interface: Pos1/0/0 Tunnel ID: 0x84010000

Run the display tunnel-info tunnel-id command, and you can view detailed information about a specified tunnel. For example:
[Quidway] display tunnel-info c1010003 Tunnel ID: 0xc1010003 Tunnel Token: 115712 Type: cr lsp Destination: 3.3.3.3 Mask: 0.0.0.0 Out Slot: 1 Instance ID: 0 Interface: Tunnel1/0/1 Sub Tunnel ID: 0x0

1.4 Configuring Tunnel Policies in Select-Sequence Mode for L2VPN


This section describes how to configure tunnel policies in select-sequence mode for L2VPN. 1.4.1 Establishing the Configuration Task 1.4.2 Configuring a Tunnel Policy 1.4.3 Applying the Tunnel Policy to L2VPN 1.4.4 Checking the Configuration
Issue 03 (2008-09-22) Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd. 1-11

1 VPN Tunnel Management Configuration

Quidway NetEngine80E/40E Core Router Configuration Guide - VPN

1.4.1 Establishing the Configuration Task


Applicable Environment
By default, LSPs are selected for a VPN, and no load balancing is carried out. To perform load balancing or select tunnels of other types, configure and apply the corresponding tunnel policies. For an L2VPN tunnel, the tunnel policy is applied to VC. At present, a tunnel policy in select-sequence mode is only valid within the same AS. A tunnel policy consists of the following parts:
l l

Tunnel selection Number of tunnels participating in load balancing

Pre-configuration Tasks
Before configuring a tunnel policy, complete the following tasks:
l

Connecting the interfaces, and configuring physical parameters for the interfaces to ensure that the physical status of the interfaces is Up Configuring parameters of the link layer protocol and IP addresses for the interfaces to ensure that the status of the link layer protocol on the interfaces is Up Creating the tunnel (LSP, GRE, or MPLS TE) for a VC Creating the VC of the corresponding type on the PE (refer to the chapter "MPLS L2VPN Configuration" in this manual)

l l

Data Preparation
Before configuring a tunnel policy, you need the following data. No. 1 2 3 4 Data Name of the tunnel policy Priority of tunnels Number of tunnels participating in load balancing Type and serial number of the VC interface on which the tunnel policy needs to be applied

1.4.2 Configuring a Tunnel Policy


Context
Do as follows on a PE configured with VC.
1-12 Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd. Issue 03 (2008-09-22)

Quidway NetEngine80E/40E Core Router Configuration Guide - VPN

1 VPN Tunnel Management Configuration

Procedure
Step 1 Run:
system-view

The system view is displayed. Step 2 Run:


tunnel-policy policy-name

The tunnel policy is created, and the tunnel policy view is displayed. A VC can apply only one tunnel policy. Multiple VCs can share the same tunnel policy. Step 3 Run:
tunnel select-seq { gre | lsp | cr-lsp } * load-balance-number load-balance-number

The priority of tunnels and number of tunnels participating in load balancing are configured. ----End

Postrequisite
For L2VPN, if no tunnel policy is configured, LSP is selected as the VPN tunnel, and no load balancing is carried out. In a tunnel policy, tunnels are selected in sequential order. If the preceding tunnel is Up, it will be selected irrespective of whether or not another service has selected it. The subsequent tunnel is not selected in most cases, except that load balancing is performed or the preceding tunnels are in the Down state. For example, if the tunnel select-seq lsp cr-lsp load-balance-number 1 command is configured, a VPN selects the CR-LSP tunnel if no LSP exists. After an LSP is set up, the VPN selects the LSP and does not use the CR-LSP tunnel anymore. The license offered to you defines the number of tunnels in load balancing.

1.4.3 Applying the Tunnel Policy to L2VPN


Context
Select one of the following configurations according to the L2VPN type.
l l l l

MPLS L2VPN in SVC mode MPLS L2VPN in Martini mode MPLS L2VPN in Kompella mode PWE3

Procedure
l MPLS L2VPN in SVC mode Do as follows on PEs configured with VCs. 1. Run:
system-view

Issue 03 (2008-09-22)

Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd.

1-13

1 VPN Tunnel Management Configuration

Quidway NetEngine80E/40E Core Router Configuration Guide - VPN

The system view is displayed. 2. Run:


interface interface-type interface-number

The view of the interface connected with the CE is displayed. 3. Run:


mpls static-l2vc destination dest-router-id transmit-vpn-label transmitlabel-value receive-vpn-label receive-label-value tunnel-policy policyname

The tunnel policy is applied to the VC of the L2VPN in SVC mode. l MPLS L2VPN in Martini mode Do as follows on PEs configured with VCs. 1. Run:
system-view

The system view is displayed. 2. Run:


interface interface-type interface-number

The view of the interface connected with the CE is displayed. 3. Run:


mpls l2vc dest-ip-address vc-id tunnel-policy policy-name

The tunnel policy is applied to the VC of the L2VPN in Martini mode. l MPLS L2VPN in Kompella mode Do as follows on PEs configured with VCs. 1. Run:
system-view

The system view is displayed. 2. Run:


mpls l2vpn vpn-name

The MPLS L2VPN view is displayed. 3. Run:


ce ce-name

The MPLS L2VPN CE view is displayed. 4. Run:


connection [ ce-offset id ] interface interface-type interface-number tunnel-policy policy-name

The tunnel policy is applied to the VC of the L2VPN in Kompella mode.


NOTE

Before configuring Kompella L2VPN on a PE, create a connection with a CE by running thece ce-name id ce-id [ range range-value ] [ default-offset offset-value ] command.

PWE3 Do as follows on PEs configured with VCs. 1. Run:


system-view

1-14

Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd.

Issue 03 (2008-09-22)

Quidway NetEngine80E/40E Core Router Configuration Guide - VPN

1 VPN Tunnel Management Configuration

The system view is displayed. 2. Run:


interface interface-type interface-number

The view of the interface connected with the CE device is displayed. 3. Choose one of the following options to apply tunnel policy to PW.

For dynamic PW, run: mpls l2vc { pw-template pw-template-name | ipaddress } * vc-id tunnel-policy policy-name For static PW, run: mpls static-l2vc { destination ip-address | pw-template pwtemplate-name vc-id } * transmit-vpn-label transmit-label-value receive-vpnlabel receive-label-value tunnel-policy policy-name

----End

1.4.4 Checking the Configuration


Run the following commands to check the previous configuration. Action Check the configuration of a tunnel policy. Check the information about the tunnel used by the VC in L2VPN in SVC, PWE3, or Martini mode. Check the information about the tunnel used by the VC in Kompella L2VPN. Check information about a specified tunnel. Command display tunnel-policy policy-name display mpls l2vc [interface interface-type interface-number ] display mpls l2vpn connection interface interface-type interface-number display tunnel-inf tunnel-id

Run the display tunnel-policy command. If the bound tunnel interface is displayed, it means the configuration succeeds. For example:
<Quidway> display tunnel-policy policy1 Tunnel Policy Name Destination Tunnel Intf --------------------------------------------------------------------policy1 2.2.2.9 Tunnel1/0/0 3.3.3.9 Tunnel2/0/0

Run the display interface tunnel command, and you can view the bound tunnel is Up. For example:
<Quidway> display interface tunnel 1/0/0 Tunnel1/0/0 current state : UP Line protocol current state : UP Description : HUAWEI, Quidway Series, Tunnel1/0/0 Interface, Route Port The Maximum Transmit Unit is 1500 bytes Internet Address is unnumbered, using address of LoopBack1(1.1.1.9/32) Encapsulation is TUNNEL, loopback not set Tunnel destination 2.2.2.9 Tunnel protocol/transport MPLS/MPLS, ILM is available, primary tunnel id is 0xc1010002, secondary tunnel id is 0x0 The tunnelIfIndex is 0x4000385 QoS max-bandwidth : 64 Kbps Output queue : (Urgent queue : Size/Length/Discards) 0/50/0 Output queue : (Protocol queue : Size/Length/Discards) 0/1000/0

Issue 03 (2008-09-22)

Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd.

1-15

1 VPN Tunnel Management Configuration


Output queue : (FIFO 5 minutes output 22894187 packets 0 packets output

Quidway NetEngine80E/40E Core Router Configuration Guide - VPN


queuing : Size/Length/Discards) 0/75/0 rate 2952 bits/sec, 2 packets/sec output, 2958834536 bytes dropped

Run the display ip vpn-instance verbose command. If the tunnel policy name of the VPN instance is displayed, it means the configuration succeeds. In the following example, you can view the tunnel policy of the VPN named vpna is policy1.
<Quidway> display ip vpn-instance verbose Total VPN-Instances configured : 1 VPN-Instance Name and ID : vpna, 1 Create date : 2004/10/11 16:12:02 Up time : 0 days, 00 hours, 03 minutes and 07 seconds Route Distinguisher : 100:1 Export VPN Targets : 100:1 Import VPN Targets : 100:1 Label policy: label per route Tunnel Policy : policy1 Interfaces : GigabitEthernet1/0/0

Run the display ip routing-table vpn-instance verbose command and you can view the used tunnels by the VPN route. For example:
<Quidway> display ip routing-table vpn-instance vpna 10.3.1.0 verbose Routing Table : vpna Summary Count : 1 Destination: 10.3.1.0/30 Protocol: BGP Process ID: 0 Preference: 255 Cost: 0 NextHop: 2.2.2.2 Neighbour: 2.2.2.2 State: Active Adv GotQ Age: 00h00m08s Tag: 0 Priority: 0 Label: 109568 QoSInfo: 0x0 RelayNextHop: 0.0.0.0 Interface: Tunnel1/0/2 Tunnel ID: 0xc1010002

1.5 Configuring L3VPN Primary Tunnel Binding


This section describes how to configure dedicated tunnels for L3VPN. 1.5.1 Establishing the Configuration Task 1.5.2 Enabling the VPN Binding for a Tunnel 1.5.3 Configuring the Tunnel Binding in the Tunnel Policy 1.5.4 Applying the Tunnel Policy to L3VPN 1.5.5 Checking the Configuration

1.5.1 Establishing the Configuration Task


Applicable Environment
When deploying the VPN service, you can bind a VPN primary tunnel to an MPLS TE tunnel. In this manner,the MPLS TE tunnel can transmit VPN services exclusively. The congestion caused by unbalanced load can be avoided, and no interference occurs among different VPN services. Therefore, the QoS of the VPN service is guaranteed.
1-16 Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd. Issue 03 (2008-09-22)

Quidway NetEngine80E/40E Core Router Configuration Guide - VPN

1 VPN Tunnel Management Configuration

Pre-configuration Tasks
Before configuring VPN primary tunnel binding, complete the following tasks:
l

Connecting the interfaces, configuring physical parameters for the interfaces to ensure that the physical status of the interfaces is Up Configuring parameters of the link layer protocol and IP addresses for the interfaces to ensure the status of the link layer protocol on the interfaces is Up Configuring the static route or the Interior Gateway Protocol (IGP) to ensure routes are reachable to all nodes Configuring basic MPLS functions and enabling MPLS TE Configuring the MPLS TE tunnels between PEs (refer to the Quidway NetEngine80E/ 40E Router Configuration Guide - MPLS). Configuring the VPN instance on the PE (refer to the chapter "BGP/MPLS IP VPN Configuration" in this manual)

l l

Data Preparation
To configure VPN primary tunnel binding, you need the following data. No. 1 2 3 Data Name of the tunnel policy QoS parameters for the MPLS TE tunnel such as bandwidth Name of the VPN instance

1.5.2 Enabling the VPN Binding for a Tunnel


Context
Do as follows on PEs at both ends of the TE tunnel.

Procedure
Step 1 Run:
system-view

The system view is displayed. Step 2 Run:


interface tunnel interface-number

The tunnel interface view of the MPLS TE is displayed. Step 3 Run:


mpls te reserved-for-binding

The VPN binding for the tunnel is enabled.


Issue 03 (2008-09-22) Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd. 1-17

1 VPN Tunnel Management Configuration

Quidway NetEngine80E/40E Core Router Configuration Guide - VPN

Only the tunnel enabled with the VPN binding can be bound with the VPN. The tunnel policy in select-sequence mode cannot use the tunnel enabled with the VPN binding. Step 4 Run:
mpls te commit

The current configuration is validated. ----End

1.5.3 Configuring the Tunnel Binding in the Tunnel Policy


Context
Do as follows on PEs at both ends of the TE tunnel.

Procedure
Step 1 Run:
system-view

The system view is displayed. Step 2 Run:


tunnel-policy policy-name

A tunnel policy is created. Step 3 Run:


tunnel binding destination dest-ip-address te tunnel interface-number

The peer address is bound with the tunnel policy. The VPN data from the local end are transmitted to the destination address through the bound tunnel. If a TE tunnel is bound with the destination address, the VPN data is only transmitted to the destination address through the bound tunnel. Note the following:
l

Tunnel policy can be either in select-sequence mode or tunnel binding mode. Therefore, the tunnel policy configured with the tunnel binding command cannot be then configured with the tunnel select-seq command. One dest-ip-address of a PE device can only be bound with one tunnel. If multiple tunnels are bound, the last binding overwrites the previous one. If the PE has multiple peers, a tunnel policy can be configured with multiple tunnel binding commands with different dest-ip-address.

----End

1.5.4 Applying the Tunnel Policy to L3VPN


Context
Do as follows on PEs at both ends of the TE tunnel.
1-18 Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd. Issue 03 (2008-09-22)

Quidway NetEngine80E/40E Core Router Configuration Guide - VPN

1 VPN Tunnel Management Configuration

Procedure
Step 1 Run:
system-view

The system view is displayed. Step 2 Run:


ip vpn-instance vpn-instance-name

The VPN instance view is displayed. Step 3 Run:


tnl-policy policy-name

The tunnel policy is applied to the VPN instance. Different VPN services to the same destination on a PE must apply different tunnel policies, and be bound with different TE tunnels. ----End

1.5.5 Checking the Configuration


Run the following commands to check the previous configuration. Action Check information about the tunnel policy in tunnel binding mode. Check the information about the interface of the bound tunnel. Check the tunnel policy of the VPN instance. Check information about a specified tunnel. Command display tunnel-policy policy-name display interface tunnel interface-number display ip vpn-instance verbose [ vpn-instancename ] display tunnel-info tunnel-id

Run the display tunnel-policy command. If the bound tunnel interface is displayed, and the destination address is configured the same as that in real situation, it means the configuration succeeds. For example:
<Quidway> display tunnel-policy policy1 Tunnel Policy Name Destination Tunnel Intf Down Switch --------------------------------------------------------------------policy1 2.2.2.9 Tunnel1/0/0 Disable 3.3.3.9 Tunnel2/0/0 Disable

Run the display interface tunnel, and you can view the bound tunnel is Up. For example:
<Quidway> display interface tunnel 1/0/0 Tunnel1/0/0 current state : UP Line protocol current state : UP Description : HUAWEI, Quidway Series, Tunnel1/0/0 Interface, Route Port The Maximum Transmit Unit is 1500 bytes Internet Address is unnumbered, using address of LoopBack1(1.1.1.9/32)

Issue 03 (2008-09-22)

Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd.

1-19

1 VPN Tunnel Management Configuration

Quidway NetEngine80E/40E Core Router Configuration Guide - VPN

Encapsulation is TUNNEL, loopback not set Tunnel destination 2.2.2.9 Tunnel protocol/transport MPLS/MPLS, ILM is available, primary tunnel id is 0xc1010002, secondary tunnel id is 0x0 The tunnelIfIndex is 0x4000385 QoS max-bandwidth : 64 Kbps Output queue : (Urgent queue : Size/Length/Discards) 0/50/0 Output queue : (Protocol queue : Size/Length/Discards) 0/1000/0 Output queue : (FIFO queuing : Size/Length/Discards) 0/75/0 5 minutes output rate 2952 bits/sec, 2 packets/sec 22894187 packets output, 2958834536 bytes 0 packets output dropped

Run the display ip vpn-instance verbose command. If the tunnel policy name of the VPN instance is displayed, it means the configuration succeeds. In the following example, you can view the tunnel policy of the VPN instance named vpna is policy1.
<Quidway> display ip vpn-instance verbose Total VPN-Instances configured : 1 VPN-Instance Name and ID : vpna, 1 Create date : 2004/10/11 16:12:02 Up time : 0 days, 00 hours, 03 minutes and 07 seconds Route Distinguisher : 100:1 Export VPN Targets : 100:1 Import VPN Targets : 100:1 Label policy: label per route Tunnel Policy : policy1 The diffserv-mode Information is : uniform The ttl-mode Information is : uniform Interfaces : GigabitEthernet1/0/0

Run the display ip routing-table vpn-instance verbose command and you can view the tunnels used by the VPN routes. For example:
<Quidway> display ip routing-table vpn-instance vpna 10.3.1.0 verbose Routing Table : vpna Summary Count : 1 Destination: 10.3.1.0/30 Protocol: BGP Process ID: 0 Preference: 255 Cost: 0 NextHop: 2.2.2.2 Neighbour: 2.2.2.2 State: Active Adv GotQ Age: 00h00m08s Tag: 0 Priority: 0 Label: 109568 QoSInfo: 0x0 RelayNextHop: 0.0.0.0 Interface: Tunnel1/0/2 Tunnel ID: 0xc1010002

1.6 Configuring L2VPN Primary Tunnel Binding


This section describes how to configure dedicated tunnels for Martini L2VPN. 1.6.1 Establishing the Configuration Task 1.6.2 Enabling the VPN Binding for a Tunnel 1.6.3 Configuring the Tunnel Binding in the Tunnel Policy 1.6.4 Applying the Tunnel Policy to the Martini L2VPN 1.6.5 Checking the Configuration

1.6.1 Establishing the Configuration Task


1-20 Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd. Issue 03 (2008-09-22)

Quidway NetEngine80E/40E Core Router Configuration Guide - VPN

1 VPN Tunnel Management Configuration

Applicable Environment
When deploying the MPLS L2VPN service, you need consider not only the transparent transmission of user data, but also the following points:
l

MPLS TE tunnels are used to transmit data, which can optimize the usage of network resource, and avoid the congestion caused by unbalanced load. The L2VPN service should be separated from other services. Therefore, the QoS of the L2VPN service is guaranteed.

The MPLS TE tunnel and the MPLS L2VPN primary tunnel binding need to be configured on the PEs of the backbone network.

Pre-configuration Tasks
Before configuring MPLS L2VPN primary tunnel binding, complete the following tasks:
l

Connecting the interfaces, and configuring physical parameters for the interfaces to ensure that the physical status of the interfaces is Up Configuring parameters of the link layer protocol and IP addresses for the interfaces to ensure that the status of the link layer protocol on the interfaces is Up Configuring the static route or IGP to ensure that routes are reachable to all nodes Configuring basic MPLS functions and enabling MPLS TE Configuring the MPLS TE tunnels between PEs (refer to the Quidway NetEngine80E/ 40E Router Configuration Guide - MPLS . Creating the VC on the PE (refer to the chapter "MPLS L2VPN Configuration" in this manual)

l l l

Data Preparation
To configure L2VPN primary tunnel binding, you need the following data. No. 1 2 3 Data Name of the tunnel policy QoS parameters for the MPLS TE tunnel such as bandwidth Type and serial number of the VC interface , destination address, and VC ID

1.6.2 Enabling the VPN Binding for a Tunnel


Context
Do as follows on PEs at both ends of the TE tunnel.

Procedure
Step 1 Run:
system-view

Issue 03 (2008-09-22)

Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd.

1-21

1 VPN Tunnel Management Configuration

Quidway NetEngine80E/40E Core Router Configuration Guide - VPN

The system view is displayed. Step 2 Run:


interface tunnel interface-number

The tunnel interface view of the MPLS TE is displayed. Step 3 Run:


mpls te reserved-for-binding

The VPN binding for the tunnel is enabled. Only the tunnel enabled with the VPN binding can be bound with the VPN. The tunnel policy in select-sequence mode cannot use the tunnel enabled with the VPN binding. Step 4 Run:
mpls te commit

The current configuration is validated. ----End

1.6.3 Configuring the Tunnel Binding in the Tunnel Policy


Context
Do as follows on PEs at both ends of the TE tunnel.

Procedure
Step 1 Run:
system-view

The system view is displayed. Step 2 Run:


tunnel-policy policy-name

A tunnel policy is created. Step 3 Run:


tunnel binding destination dest-ip-address te tunnel interface-number

The peer address is bound with the tunnel policy. The VPN data from the local end are transmitted through the bound tunnel to the destination address. If a TE tunnel is bound with the destination address, the VPN data is only transmitted to the destination address through the bound tunnel. Note the following:
l

Tunnel policy can be either in select-sequence mode or tunnel binding mode. Therefore, the tunnel policy configured with the tunnel binding command cannot be then configured with the tunnel select-seq command. One dest-ip-address of a PE device can only be bound with one tunnel. If multiple tunnels are bound, the last binding overwrites the previous one. If the PE has multiple peers, a tunnel policy can be configured with multiple tunnel binding commands with different dest-ip-address.

----End
1-22 Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd. Issue 03 (2008-09-22)

Quidway NetEngine80E/40E Core Router Configuration Guide - VPN

1 VPN Tunnel Management Configuration

1.6.4 Applying the Tunnel Policy to the Martini L2VPN


Context
Do as follows on PEs at both ends of the TE tunnel.

Procedure
Step 1 Run:
system-view

The system view is displayed. Step 2 Run:


interface interface-name interface-number

The AC interface view is displayed. Step 3 Run:


mpls l2vc destination vc-id tunnel-policy policy-name

The tunnel policy is applied to the VC. Different VPN services to the same destination on a PE must apply different tunnel policies, and be bound with different TE tunnels. ----End

1.6.5 Checking the Configuration


Run the following commands to check the previous configuration. Action Check information about the tunnel policy in tunnel binding mode. Check the information about the interface of the bound tunnel. Check the tunnel policy of the VC. Command display tunnel-policy policy-name display interface tunnel interface-number display mpls l2vc [ interface interface-type interface-number ]

Run the display tunnel-policy command. If the bound tunnel interface is displayed, and the destination address is configured the same as that in real situation, it means the configuration succeeds. For example:
<Quidway> display tunnel-policy policy1 Tunnel Policy Name Destination Tunnel Intf Down Switch --------------------------------------------------------------------policy1 2.2.2.9 Tunnel1/0/0 Disable 3.3.3.9 Tunnel2/0/0 Disable

Run the display interface tunnel command. If the bound tunnel is Up, it means the configuration succeeds. For example:
Issue 03 (2008-09-22) Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd. 1-23

1 VPN Tunnel Management Configuration

Quidway NetEngine80E/40E Core Router Configuration Guide - VPN

<Quidway> display interface Tunnel 1/0/0 Tunnel1/0/0 current state : UP Line protocol current state : UP Description : HUAWEI, Quidway Series, Tunnel1/0/0 Interface, Route Port The Maximum Transmit Unit is 1500 bytes Internet Address is unnumbered, using address of LoopBack1(1.1.1.9/32) Encapsulation is TUNNEL, loopback not set Tunnel destination 2.2.2.9 Tunnel protocol/transport MPLS/MPLS, ILM is available, primary tunnel id is 0x1002043, secondary tunnel id is 0x0 The tunnelIfIndex is 0x4000385

Run the display mpls l2vc interface interface-type interface-number command. If the tunnel policy name of the VC is displayed, it means the configuration succeeds. In the following example, you can view the tunnel policy of the VC is policy1.
<Quidway> display mpls l2vc Total ldp vc : 2 2 up 0 down *Client Interface : gigabitethernet 1/0/0.1 Session State : up AC Status : up VC State : up VC ID : 100 VC Type : ppp Destination : 2.2.2.9 Local VC Label : 17408 Remote VC Label : 17409 Control Word : Disable Tunnel Policy Name : policy1

1.7 Maintaining a Tunnel


This section describes how to debug and remove tunnel faults. 1.7.1 Monitoring the Running Status of a Tunnel 1.7.2 Debugging a Tunnel

1.7.1 Monitoring the Running Status of a Tunnel


In routine maintenance, you can run the following commands to view the running status of a VPN tunnel. Action View information about the tunnel interface. View information about all tunnels. View information about a specified tunnel. View information about a specified tunnel policy. Command display interface tunnel interface-number display tunnel-info all display tunnel-info tunnel-id display tunnel-policy policy-name

1-24

Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd.

Issue 03 (2008-09-22)

Quidway NetEngine80E/40E Core Router Configuration Guide - VPN

1 VPN Tunnel Management Configuration

Action View information about the tunnel policy oused by a specified VPN instance. View information about the tunnel for IP routing. View information about the tunnel used by the VC in the SVC, PWE3 VC, or Martini L2VPN. View information about the tunnel used by the VC in the Kompella L2VPN. View information about the tunnel used by the VC in the Martini L2VPN.

Command display ip vpn-instance verbose [ vpn-instance-name ]

display ip routing-table vpn-instance [ destinationaddress ] verbose display mpls l2vc [ interface interface-type interfacenumber ] display mpls l2vpn connection interface interface-type interface-number display mpls l2vc [ interface interface-type interfacenumber ]

1.7.2 Debugging a Tunnel

CAUTION
Debugging affects the performance of the system. Therefore, after debugging, run the undo debugging all command to disable the debugging immediately. When a fault occurs in a tunnel, run the following debugging commands in the user view to debug the tunnel and locate the fault. For the procedure of outputting the debugging information, refer to the chapter "Maintenance and Debugging" in the Quidway NetEngine80E/40E Router Configuration Guide - System Management. For the description about the debugging commands, refer to the Quidway NetEngine80E/40E Router Command Reference. Action Enable tunnel debugging. Enable the debugging related to tunnel management. Command debugging tunnel all [ interface interfacenumber ] debugging tnlm { all | error | event }

Issue 03 (2008-09-22)

Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd.

1-25

1 VPN Tunnel Management Configuration

Quidway NetEngine80E/40E Core Router Configuration Guide - VPN

1.8 Configuration Examples


This section provides two configuration examples. 1.8.1 Example for Configuring a Tunnel Policy for L3VPN 1.8.2 Example for Configuring Martini VLL by Using MPLS TE Tunnels 1.8.3 Example for Configuring the Martini L2VPN Primary Tunnel Binding

1.8.1 Example for Configuring a Tunnel Policy for L3VPN


Networking Requirements
In Figure 1-2, CE1 and CE3 belong to the VPN named vpna. CE2 and CE4 belong to the VPN named vpnb. Two MPLS TE tunnels and one LSP are set up between PE1 and PE2. One of the TE tunnels is 5 Mbit/s, and the other is 10 Mbit/s. The bandwidth between CEs of vpna must be always 10 Mbit/s. Therefore, the TE tunnel of 10 Mbit/s is applied to vpna. To efficiently utilize tunnel resources, vpnb uses load balancing for tunnels and prefers the TE tunnel. Figure 1-2 Networking diagram of tunnel policy configuration in L3VPN
vpna CE1
POS1/0/0 10.1.1.1/30 POS2/0/0 10.1.1.2/30 POS2/0/1 10.2.1.2/30 Loopback1 1.1.1.1/32 MPLS TE tunnel 1/0/1

vpna
Loopback1 2.2.2.2/32

CE3
POS1/0/0 10.3.1.1/30

MPLS TE tunnel 1/0/2 ( binding) POS1/0/0 100.1.1.1/30 LSP POS1/0/0 100.1.1.2/30

POS2/0/0 10.3.1.2/30

PE1

PE2

POS2/0/1 10.4.1.2/30

POS1/0/0 10.2.1.1/30

POS1/0/0 10.4.1.1/30

CE2 vpnb

CE4 vpnb

Configuration Roadmap
The configuration roadmap is as follows: 1. 2. 3. 4. 5.
1-26

Configure a routing protocol to achieve intercommunication between PEs. Enable the basic MPLS capability on the devices in the backbone network, and set up an LSP and two MPLS TE tunnels between the PEs. Configure VPN instances on PEs and connect CEs with PEs. Configure tunnel policies, and apply them to VPN instances. Configure Multihop-IBGP (MP-IBGP) on PEs to advertise and receive VPNv4 routes.
Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd. Issue 03 (2008-09-22)

Quidway NetEngine80E/40E Core Router Configuration Guide - VPN

1 VPN Tunnel Management Configuration

Data Preparation
To complete the configuration, you need the following data:
l l l

MPLS LSR ID of PEs Name, RD, and VPN target of both VPN instances Name of both tunnel policies

Configuration Procedure
1. Run IGP on the MPLS backbone network to realize IP connectivity between PEs. # Configure PE1.
[Quidway] system-view [Quidway] sysname PE1 [PE1] interface loopback 1 [PE1-LoopBack1] ip address 1.1.1.1 32 [PE1-LoopBack1] quit [PE1] interface pos1/0/0 [PE1-Pos1/0/0] ip address 100.1.1.1 30 [PE1-Pos1/0/0] undo shutdown [PE1-Pos1/0/0] quit [PE1] ospf 1 [PE1-ospf-1] area 0 [PE1-ospf-1-area-0.0.0.0] network 100.1.1.0 0.0.0.3 [PE1-ospf-1-area-0.0.0.0] network 1.1.1.1 0.0.0.0 [PE1-ospf-1-area-0.0.0.0] quit [PE1-ospf-1] quit

# Configure PE2.
[Quidway] system-view [Quidway] sysname PE2 [PE2] interface loopback 1 [PE2-LoopBack1] ip address 2.2.2.2 32 [PE2-LoopBack1] quit [PE2] interface pos 1/0/0 [PE2-Pos1/0/0] ip address 100.1.1.2 30 [PE2-Pos1/0/0] undo shutdown [PE2-Pos1/0/0] quit [PE2] ospf 1 [PE2-ospf-1] area 0 [PE2-ospf-1-area-0.0.0.0] network 100.1.1.0 0.0.0.3 [PE2-ospf-1-area-0.0.0.0] network 2.2.2.2 0.0.0.0 [PE2-ospf-1-area-0.0.0.0] quit [PE2-ospf-1] quit

After the configuration, run the display ip routing-table command on PEs. You find that PEs learn the Lookback1 routes of each other. Take PE1 as an example.
[PE1] display ip routing-table Route Flags: R - relied, D - download to fib -----------------------------------------------------------------------------Routing Tables: Public Destinations : 7 Routes : 7 Destination/Mask Proto Pre Cost Flags NextHop Interface 1.1.1.2/32 Direct 0 0 D 127.0.0.1 InLoopBack0 2.2.2.2/32 OSPF 10 2 D 100.1.1.2 Pos1/0/0 100.1.1.0/30 Direct 0 0 D 172.1.1.1 Pos1/0/0 100.1.1.1/32 Direct 0 0 D 127.0.0.1 InLoopBack0 100.1.1.2/32 Direct 0 0 D 172.1.1.2 Pos1/0/0 127.0.0.0/8 Direct 0 0 D 127.0.0.1 InLoopBack0 127.0.0.1/32 Direct 0 0 D 127.0.0.1 InLoopBack0

2.

Configure basic MPLS capability on the MPLS backbone network and setup the Label Distribution Protocol (LDP) LSP between PEs.
Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd. 1-27

Issue 03 (2008-09-22)

1 VPN Tunnel Management Configuration

Quidway NetEngine80E/40E Core Router Configuration Guide - VPN

# Configure PE1.
[PE1] mpls lsr-id 1.1.1.1 [PE1] mpls [PE1-mpls] quit [PE1] mpls ldp [PE1-mpls-ldp] quit [PE1] interface pos 1/0/0 [PE1-Pos1/0/0] mpls [PE1-Pos1/0/0] mpls ldp [PE1-Pos1/0/0] quit

# Configure PE2.
[PE2] mpls lsr-id 2.2.2.2 [PE2] mpls [PE2-mpls] quit [PE2] mpls ldp [PE2-mpls-ldp] quit [PE2] interface pos 1/0/0 [PE2-Pos1/0/0] mpls [PE2-Pos1/0/0] mpls ldp [PE2-Pos1/0/0] quit

After the configuration, run the display tunnel-info all command, you can find that the LSPs between PE1 and PE2 are set up. Run the display mpls ldp lsp command, you can view the information about the LSPs. Take PE1 as an example.
[PE1] display tunnel-info all * -> Allocated VC Token Tunnel ID Type Destination Token ---------------------------------------------------------------------0x84010000 lsp 2.2.2.2 0 <PE1> display mpls ldp lsp LDP LSP Information -----------------------------------------------------------------SN DestAddress/Mask In/OutLabel Next-Hop In/Out-Interface -----------------------------------------------------------------1 1.1.1.1/32 3/NULL 127.0.0.1 Pos1/0/0/InLoop0 2 2.2.2.2/32 NULL/3 172.1.1.2 -------/Pos1/0/0 -----------------------------------------------------------------TOTAL: 2 Normal LSP(s) Found. TOTAL: 0 Liberal LSP(s) Found. A '*' before an LSP means the LSP is not established A '*' before a Label means the USCB or DSCB is stale

3.

Set up MPLS TE tunnels between PEs. # Configure MPLS TE tunnel attributes, such as the maximum link bandwidth, and the maximum reserved bandwidth. # Configure PE1.
[PE1] mpls [PE1-mpls] mpls te [PE1-mpls] mpls rsvp-te [PE1-mpls] mpls te cspf [PE1-mpls] quit [PE1] interface pos1/0/0 [PE1-Pos1/0/0] mpls te [PE1-Pos1/0/0] mpls rsvp-te [PE1-Pos1/0/0] mpls te max-link-bandwidth 20000 [PE1-Pos1/0/0] mpls te max-reservable-bandwidth 15000 [PE1-Pos1/0/0] quit

# Configure PE2.
[PE2] mpls [PE2-mpls] [PE2-mpls] [PE2-mpls] [PE2-mpls] mpls te mpls rsvp-te mpls te cspf quit

1-28

Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd.

Issue 03 (2008-09-22)

Quidway NetEngine80E/40E Core Router Configuration Guide - VPN

1 VPN Tunnel Management Configuration

[PE2] interface pos1/0/0 [PE2-Pos1/0/0] mpls te [PE2-Pos1/0/0] mpls rsvp-te [PE2-Pos1/0/0] mpls te max-link-bandwidth 20000 [PE2-Pos1/0/0] mpls te max-reservable-bandwidth 15000 [PE2-Pos1/0/0] quit

# Enable OSPF to transmit TE attributes on the routers along the TE tunnels. # Configure PE1.
[PE1] ospf 1 [PE1-ospf-1] opaque-capability enable [PE1-ospf-1] area 0 [PE1-ospf-1-area-0.0.0.0] mpls-te enable [PE1-ospf-1-area-0.0.0.0] quit [PE1-ospf-1] quit

# Configure PE2.
[PE2] ospf 1 [PE2-ospf-1] opaque-capability enable [PE2-ospf-1] area 0 [PE2-ospf-1-area-0.0.0.0] mpls-te enable [PE2-ospf-1-area-0.0.0.0] quit [PE2-ospf-1] quit

# Configure the MPLS TE tunnel of 5Mbit/s. # Configure PE1.


[PE1] interface tunnel 1/0/1 [PE1-Tunnel1/0/1] ip address unnumbered interface loopback1 [PE1-Tunnel1/0/1] tunnel-protocol mpls te [PE1-Tunnel1/0/1] destination 2.2.2.2 [PE1-Tunnel1/0/1] mpls te tunnel-id 11 [PE1-Tunnel1/0/1] mpls te bandwidth 5000 [PE1-Tunnel1/0/1] mpls te commit [PE1-Tunnel1/0/1] quit

# Configure PE2.
[PE2] interface tunnel 1/0/1 [PE2-Tunnel1/0/1] ip address unnumbered interface loopback1 [PE2-Tunnel1/0/1] tunnel-protocol mpls te [PE2-Tunnel1/0/1] destination 1.1.1.1 [PE2-Tunnel1/0/1] mpls te tunnel-id 11 [PE2-Tunnel1/0/1] mpls te bandwidth 5000 [PE2-Tunnel1/0/1] mpls te commit [PE2-Tunnel1/0/1] quit

# Configure the MPLS TE tunnel of 10Mbit/s, and enable tunnel binding. # Configure PE1.
[PE1] interface tunnel 1/0/2 [PE1-Tunnel1/0/2] ip address unnumbered interface loopback1 [PE1-Tunnel1/0/2] tunnel-protocol mpls te [PE1-Tunnel1/0/2] destination 2.2.2.2 [PE1-Tunnel1/0/2] mpls te tunnel-id 22 [PE1-Tunnel1/0/2] mpls te bandwidth 10000 [PE1-Tunnel1/0/2] mpls te reserved-for-binding [PE1-Tunnel1/0/2] mpls te commit [PE1-Tunnel1/0/2] quit

# Configure PE2.
[PE2] interface tunnel 1/0/2 [PE2-Tunnel1/0/2] ip address unnumbered interface loopback1 [PE2-Tunnel1/0/2] tunnel-protocol mpls te [PE2-Tunnel1/0/2] destination 1.1.1.1 [PE2-Tunnel1/0/2] mpls te tunnel-id 22 [PE2-Tunnel1/0/2] mpls te bandwidth 10000 [PE2-Tunnel1/0/2] mpls te reserved-for-binding [PE2-Tunnel1/0/2] mpls te commit [PE2-Tunnel1/0/2] quit

Issue 03 (2008-09-22)

Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd.

1-29

1 VPN Tunnel Management Configuration

Quidway NetEngine80E/40E Core Router Configuration Guide - VPN

After the configuration, run the display interface tunnel interface-number command on PEs. You can find that Tunnel1/0/1 and Tunnel1/0/2 are both in the Up state. Take Tunnel1/0/2 on PE1 as an example.
[PE1] display interface tunnel 1/0/2 Tunnel1/0/2 current state : UP Line protocol current state : UP Description : HUAWEI, Quidway Series, Tunnel1/0/2 Interface, Route Port The Maximum Transmit Unit is 1500 bytes Internet Address is unnumbered, using address of LoopBack1(1.1.1.1/32) Encapsulation is TUNNEL, loopback not set Tunnel destination 2.2.2.2 Tunnel protocol/transport MPLS/MPLS, ILM is available, primary tunnel id is 0xc1010003, secondary tunnel id is 0x0 The tunnelIfIndex is 0x4000385 QoS max-bandwidth : 64 Kbps Output queue : (Urgent queue : Size/Length/Discards) 0/50/0 Output queue : (Protocol queue : Size/Length/Discards) 0/1000/0 Output queue : (FIFO queuing : Size/Length/Discards) 0/75/0 5 minutes output rate 0 bits/sec, 0 packets/sec 22894187 packets output, 2958834536 bytes 0 packets output dropped

Run the display tunnel-info all command on PEs. You can find both Tunnel1/0/1 and Tunnel1/0/2 are in the Up state. Take PE1 as an example.
[PE1] display tunnel-info all * -> Allocated VC Token Tunnel ID Type Destination Token ---------------------------------------------------------------------0xc1010002 cr lsp 2.2.2.2 2 0xc1010003 cr lsp 2.2.2.2 3 0x84010000 lsp 2.2.2.2 0 0x84010001 lsp -1

4.

Configure VPN instances on PEs and connect CEs with PEs. # Configure PE1.
[PE1] ip vpn-instance vpna [PE1-vpn-instance-vpna] route-distinguisher 100:1 [PE1-vpn-instance-vpna] vpn-target 111:1 both [PE1-vpn-instance-vpna] quit [PE1] ip vpn-instance vpnb [PE1-vpn-instance-vpnb] route-distinguisher 100:2 [PE1-vpn-instance-vpnb] vpn-target 222:2 both [PE1-vpn-instance-vpnb] quit [PE1] interface pos2/0/0 [PE1-Pos2/0/0] ip binding vpn-instance vpna [PE1-Pos2/0/0] ip address 10.1.1.2 30 [PE1-Pos2/0/0] undo shutdown [PE1-Pos2/0/0] quit [PE1] interface pos 2/0/1 [PE1-Pos2/0/1] ip binding vpn-instance vpnb [PE1-Pos2/0/1] ip address 10.2.1.2 30 [PE1-Pos2/0/1] undo shutdown [PE1-Pos2/0/1] quit

# Configure PE2.
[PE2] ip vpn-instance vpna [PE2-vpn-instance-vpna] route-distinguisher 100:3 [PE2-vpn-instance-vpna] vpn-target 111:1 both [PE2-vpn-instance-vpna] quit [PE2] ip vpn-instance vpnb [PE2-vpn-instance-vpnb] route-distinguisher 100:4 [PE2-vpn-instance-vpnb] vpn-target 222:2 both [PE2-vpn-instance-vpnb] quit [PE2] interface pos 2/0/0 [PE2-Pos2/0/0] ip binding vpn-instance vpna

1-30

Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd.

Issue 03 (2008-09-22)

Quidway NetEngine80E/40E Core Router Configuration Guide - VPN

1 VPN Tunnel Management Configuration

[PE2-Pos2/0/0] ip address 10.3.1.2 30 [PE2-Pos2/0/0] undo shutdown [PE2-Pos2/0/0] quit [PE2] interface pos 2/0/1 [PE2-Pos2/0/1] ip binding vpn-instance vpnb [PE2-Pos2/0/1] ip address 10.4.1.2 30 [PE2-Pos2/0/1] undo shutdown [PE2-Pos2/0/1] quit

# Assign IP addresses to the interfaces of CEs as shown in Figure 1-2. The configuration details are not mentioned here. After the configuration, run the display ip vpn-instance verbose command on each PE and you can view the configuration of the VPN instance. Each PE can ping through the connected CE.
NOTE

When the interfaces on a PE are bound to the same VPN, you need to specify the source IP address when you use the ping-vpn-instance command to ping the CE connected with the peer PE. That is, you need to specify -a source-ip-address in the ping -vpn-instance vpn-instance-name -a sourceip-address dest-ip-address command; otherwise, the ping fails.

5.

Configure tunnel policies on PEs and apply the tunnel policies to VPN instances. # Configure tunnel policies in tunnel binding mode and apply them to vpna. # Configure PE1.
[PE1]tunnel-policy policy1 [PE1-tunnel-policy-policy1]tunnel binding destination 2.2.2.2 te tunnel1/0/2 [PE1-tunnel-policy-policy1] quit [PE1] ip vpn-instance vpna [PE1-vpn-instance-vpna] tnl-policy policy1 [PE1-vpn-instance-vpna] quit

# Configure PE2.
[PE2] tunnel-policy policy1 [PE2-tunnel-policy-policy1] tunnel binding destination 1.1.1.1 te tunnel1/0/2 [PE2-tunnel-policy-policy1] quit [PE2] ip vpn-instance vpna [PE2-vpn-instance-vpna] tnl-policy policy1 [PE2-vpn-instance-vpna] quit

# Configure tunnel policies in select-sequence mode and apply them to vpnb. # Configure PE1.
[PE1] tunnel-policy policy2 [PE1-tunnel-policy-policy2] tunnel select-seq cr-lsp lsp load-balance-number 2 [PE1-tunnel-policy-policy2] quit [PE1] ip vpn-instance vpnb [PE1-vpn-instance-vpnb] tnl-policy policy2 [PE1-vpn-instance-vpnb] quit

# Configure PE2.
[PE2] tunnel-policy policy2 [PE2-tunnel-policy-policy2] tunnel select-seq cr-lsp lsp load-balance-number 2 [PE2-tunnel-policy-policy2] quit [PE2] ip vpn-instance vpnb [PE2-vpn-instance-vpnb] tnl-policy policy2 [PE2-vpn-instance-vpnb] quit

6.

Establish the MP-IBGP peer relationship between PEs. # Configure PE1.


[PE1] bgp 100 [PE1-bgp] peer 2.2.2.2 as-number 100 [PE1-bgp] peer 2.2.2.2 connect-interface loopback 1 [PE1-bgp] ipv4-family vpnv4 [PE1-bgp-af-vpnv4]peer 2.2.2.2 enable [PE1-bgp-af-vpnv4] quit

Issue 03 (2008-09-22)

Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd.

1-31

1 VPN Tunnel Management Configuration


[PE1-bgp] ipv4-family vpn-instance vpna [PE1-bgp-af-vpna] import-route direct [PE1-bgp-af-vpna] quit [PE1-bgp] ipv4-family vpn-instance vpnb [PE1-bgp-af-vpnb] import-route direct [PE1-bgp-af-vpnb] quit [PE1-bgp] quit

Quidway NetEngine80E/40E Core Router Configuration Guide - VPN

# Configure PE2.
[PE2] bgp 100 [PE2-bgp] peer 1.1.1.1 as-number 100 [PE2-bgp] peer 1.1.1.1 connect-interface loopback 1 [PE2-bgp] ipv4-family vpnv4 [PE2-bgp-af-vpnv4] peer 1.1.1.1 enable [PE2-bgp-af-vpnv4] quit [PE2-bgp] ipv4-family vpn-instance vpna [PE2-bgp-af-vpna] import-route direct [PE2-bgp-af-vpna] quit [PE2-bgp] ipv4-family vpn-instance vpnb [PE2-bgp-af-vpnb] import-route direct [PE2-bgp-af-vpnb] quit [PE2-bgp] quit

After the configuration, run the display bgp peer or display bgp vpnv4 all peer command on a PE and you can view that the BGP peer relationships between PEs is set up and reaches the Established state. 7. Verify the configuration. Run the display ip routing-table vpn-instance command on a PE and you can view the route to the peer CE. Take PE1 as an example.
[PE1] display ip routing-table vpn-instance vpna Route Flags: R - relied, D - download to fib -----------------------------------------------------------------------------Routing Tables: vpna Destinations : 3 Routes : 3 Destination/Mask Proto Pre Cost Flags NextHop Interface 10.1.1.0/30 Direct 0 0 D 10.1.1.2 Pos2/0/0 10.1.1.2/32 Direct 0 0 D 127.0.0.1 InLoopBack0 10.3.1.0/30 BGP 255 0 RD 2.2.2.2 Tunnel1/0/2 [PE1] display ip routing-table vpn-instance vpnb Route Flags: R - relied, D - download to fib -----------------------------------------------------------------------------Routing Tables: vpnb Destinations : 3 Routes : 4 Destination/Mask Proto Pre Cost Flags NextHop Interface 10.2.1.0/30 Direct 0 0 D 10.2.1.2 Pos2/0/0 10.2.1.2/32 Direct 0 0 D 127.0.0.1 InLoopBack0 10.4.1.0/30 BGP 255 0 RD 2.2.2.2 Tunnel1/0/1 BGP 255 0 RD 2.2.2.2 Pos1/0/0

# Run the display ip routing-table vpn-instance verbose command on a PE and you can view the tunnel to transmit the VPN route. Take PE1 as an example:
[PE1] display ip routing-table vpn-instance vpna 10.3.1.0 verbose Routing Table : vpna Summary Count : 1 Destination: 10.3.1.0/30 Protocol: BGP Process ID: 0 Preference: 255 Cost: 0 NextHop: 2.2.2.2 Neighbour: 2.2.2.2 State: Active Adv GotQ Age: 00h00m08s Tag: 0 Priority: 0 Label: 109568 QoSInfo: 0x0 RelayNextHop: 0.0.0.0 Interface: Tunnel1/0/2 Tunnel ID: 0xc1010002

1-32

Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd.

Issue 03 (2008-09-22)

Quidway NetEngine80E/40E Core Router Configuration Guide - VPN

1 VPN Tunnel Management Configuration

[PE1] display ip routing-table vpn-instance vpnb 10.4.1.0 verbose Routing Table : vpnb Summary Count : 2 Destination: 10.4.1.0/30 Protocol: BGP Process ID: 0 Preference: 255 Cost: 0 NextHop: 2.2.2.2 Neighbour: 2.2.2.2 State: Active Adv GotQ Age: 01h02m27s Tag: 0 Priority: 0 Label: 107520 QoSInfo:0x0 RelayNextHop: 0.0.0.0 Interface: Tunnel1/0/1 Tunnel ID: 0xc1010003

The CEs in the same VPN can ping through each other while two CEs in different VPNs cannot ping through each other.
NOTE

The configurations of routing protocols between PE and CE are not mentioned here.

Configuration files
l

Configuration file of PE1


# sysname PE1 # ip vpn-instance vpna route-distinguisher 100:1 tnl-policy policy1 vpn-target 111:1 export-extcommunity vpn-target 111:1 import-extcommunity # ip vpn-instance vpnb route-distinguisher 100:2 tnl-policy policy2 vpn-target 222:2 export-extcommunity vpn-target 222:2 import-extcommunity # mpls lsr-id 1.1.1.1 mpls mpls te mpls rsvp-te mpls te cspf # mpls ldp # interface Pos1/0/0 link-protocol ppp ip address 100.1.1.1 255.255.255.252 mpls mpls te mpls te max-link-bandwidth 20000 mpls te max-reservable-bandwidth 15000 mpls rsvp-te mpls ldp # interface Pos2/0/0 link-protocol ppp ip binding vpn-instance vpna ip address 10.1.1.2 255.255.255.252 # interface Pos2/0/1 link-protocol ppp ip binding vpn-instance vpnb ip address 10.2.1.2 255.255.255.252 # interface LoopBack1 ip address 1.1.1.1 255.255.255.255 #

Issue 03 (2008-09-22)

Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd.

1-33

1 VPN Tunnel Management Configuration

Quidway NetEngine80E/40E Core Router Configuration Guide - VPN

interface Tunnel1/0/1 ip address unnumbered interface LoopBack1 tunnel-protocol mpls te destination 2.2.2.2 mpls te tunnel-id 11 mpls te bandwidth bc0 5000 mpls te commit # interface Tunnel1/0/2 ip address unnumbered interface LoopBack1 tunnel-protocol mpls te destination 2.2.2.2 mpls te tunnel-id 22 mpls te bandwidth bc0 10000 mpls te reserved-for-binding mpls te commit # bgp 100 peer 2.2.2.2 as-number 100 peer 2.2.2.2 connect-interface LoopBack1 # ipv4-family unicast undo synchronization peer 2.2.2.2 enable # ipv4-family vpnv4 policy vpn-target peer 2.2.2.2 enable # ipv4-family vpn-instance vpna import-route direct # ipv4-family vpn-instance vpnb import-route direct # ospf 1 opaque-capability enable area 0.0.0.0 network 100.1.1.0 0.0.0.3 network 1.1.1.1 0.0.0.0 mpls-te enable # tunnel-policy policy1 tunnel binding destination 2.2.2.2 te Tunnel1/0/2 # tunnel-policy policy2 tunnel select-seq cr-lsp lsp load-balance-number 2 # return l

Configuration file of PE2


# sysname PE2 # ip vpn-instance vpna route-distinguisher 100:3 tnl-policy policy1 vpn-target 111:1 export-extcommunity vpn-target 111:1 import-extcommunity # ip vpn-instance vpnb route-distinguisher 100:4 tnl-policy policy2 vpn-target 222:2 export-extcommunity vpn-target 222:2 import-extcommunity # mpls lsr-id 2.2.2.2 mpls mpls te mpls rsvp-te

1-34

Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd.

Issue 03 (2008-09-22)

Quidway NetEngine80E/40E Core Router Configuration Guide - VPN


mpls te cspf # mpls ldp # interface Pos1/0/0 link-protocol ppp ip address 100.1.1.2 255.255.255.252 mpls mpls te mpls te max-link-bandwidth 20000 mpls te max-reservable-bandwidth 15000 mpls rsvp-te mpls ldp # interface Pos2/0/0 link-protocol ppp ip binding vpn-instance vpna ip address 10.3.1.2 255.255.255.252 # interface Pos2/0/1 link-protocol ppp ip binding vpn-instance vpnb ip address 10.4.1.2 255.255.255.252 # interface LoopBack1 ip address 2.2.2.2 255.255.255.255 # interface Tunnel1/0/1 ip address unnumbered interface LoopBack1 tunnel-protocol mpls te destination 1.1.1.1 mpls te tunnel-id 11 mpls te bandwidth bc0 5000 mpls te commit # interface Tunnel1/0/2 ip address unnumbered interface LoopBack1 tunnel-protocol mpls te destination 1.1.1.1 mpls te tunnel-id 22 mpls te bandwidth bc0 10000 mpls te reserved-for-binding mpls te commit # bgp 100 peer 1.1.1.1 as-number 100 peer 1.1.1.1 connect-interface LoopBack1 # ipv4-family unicast undo synchronization peer 1.1.1.1 enable # ipv4-family vpnv4 policy vpn-target peer 1.1.1.1 enable # ipv4-family vpn-instance vpna import-route direct # ipv4-family vpn-instance vpnb import-route direct # ospf 1 opaque-capability enable area 0.0.0.0 network 100.1.1.0 0.0.0.3 network 2.2.2.2 0.0.0.0 mpls-te enable #

1 VPN Tunnel Management Configuration

Issue 03 (2008-09-22)

Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd.

1-35

1 VPN Tunnel Management Configuration

Quidway NetEngine80E/40E Core Router Configuration Guide - VPN

tunnel-policy policy1 tunnel binding destination 1.1.1.1 te Tunnel1/0/2 # tunnel-policy policy2 tunnel select-seq cr-lsp lsp load-balance-number 2 # return l

Configuration file of CE1


# sysname CE1 # interface Pos1/0/0 link-protocol ppp ip address 10.1.1.1 255.255.255.252 # return

Configuration file of CE2


# sysname CE2 # interface Pos1/0/0 link-protocol ppp ip address 10.2.1.1 255.255.255.252 # return

Configuration file of CE3


# sysname CE3 # interface Pos1/0/0 link-protocol ppp ip address 10.3.1.1 255.255.255.252 # return

Configuration file of CE4


# sysname CE4 # interface Pos1/0/0 link-protocol ppp ip address 10.4.1.1 255.255.255.252 # return

1.8.2 Example for Configuring Martini VLL by Using MPLS TE Tunnels


Networking Requirements
As shown in Figure 1-3, CE1 and CE2 belong to the same VPN. They access the MPLS backbone network through PE1 and PE2 respectively. OSPF is used as the IGP protocol on the MPLS backbone network. In this scenario, you need to configure Martini VLL. An MPLS TE tunnel must be established between PE1 and PE2 through the dynamic signaling protocol RSVP-TE to forward the traffic of the VLL. The bandwidth of the tunnel is 20 Mbit/s. The maximum bandwidth of the link that the TE tunnel passes through is 100 Mbit/s, and the maximum reservable bandwidth is 50 Mbit/ s.
1-36 Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd. Issue 03 (2008-09-22)

Quidway NetEngine80E/40E Core Router Configuration Guide - VPN

1 VPN Tunnel Management Configuration

Figure 1-3 Networking diagram of configuring Martini L2VPN using MPLS TE tunnels
Loopback1 1.1.1.9/32 POS1/0/0 POS1/0/0 100.1.1.1/24 100.1.1.2/24 Loopback1 2.2.2.9/32 Loopback1 3.3.3.9/32

P POS2/0/0

PE1
POS2/0/0

POS1/0/0 100.2.1.1/24 100.2.1.2/24

PE2
POS2/0/0

MPLS TE Tunnel

POS1/0/0 10.1.1.1/24

POS1/0/0 10.1.1.2/24

CE1

CE2

Configuration Roadmap
The configuration roadmap is as follows: 1. 2. Configure a routing protocol and enable MPLS on related devices (PEs and P) in the backbone network to implement interworking. Establish the MPLS TE tunnel and configure the tunnel policy. For the details of establishing an MPLS TE tunnel, refer to the chapter "MPLS TE Configuration" in the Quidway NetEngine80E/40E Router Configuration Guide - MPLS. Enable VLL on the PEs and establish VCs.

3.

Data Preparation
To complete the configuration, you need the following data:
l l l

OSPF area enabled with TE Name of the tunnel policy Number of tunnels involved in load balancing (if load balancing is not performed, the number of tunnels is 1)

Configuration Procedure
1. 2. Configure an IP address for each interface and configure OSPF in the backbone network. The configuration details are not mentioned here. Enable MPLS, MPLS TE, MPLS RSVP-TE, and MPLS CSPF. Enable MPLS, MPLS TE, and MPLS RSVP-TE in the system view and the interface view of each node along the tunnel, and enable MPLS CSPF in the system view of the ingress of the tunnel. # Configure PE1.
[PE1] mpls [PE1] mpls [PE1-mpls] [PE1-mpls] [PE1-mpls] [PE1-mpls] lsr-id 1.1.1.9 mpls te mpls rsvp-te mpls te cspf quit

Issue 03 (2008-09-22)

Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd.

1-37

1 VPN Tunnel Management Configuration


[PE1] interface pos1/0/0 [PE1-Pos1/0/0] mpls [PE1-Pos1/0/0] mpls te [PE1-Pos1/0/0] mpls rsvp-te [PE1-Pos1/0/0] quit

Quidway NetEngine80E/40E Core Router Configuration Guide - VPN

# Configure P.
[P] mpls lsr-id 2.2.2.9 [P] mpls [P-mpls] mpls te [P-mpls] mpls rsvp-te [P-mpls] quit [P] interface pos1/0/0 [P-Pos1/0/0] mpls [P-Pos1/0/0] mpls te [P-Pos1/0/0] mpls rsvp-te [P-Pos1/0/0] quit [P] interface pos2/0/0 [P-Pos2/0/0] mpls [P-Pos2/0/0] mpls te [P-Pos2/0/0] mpls rsvp-te [P-Pos2/0/0] quit

# Configure PE2.
[PE2] mpls lsr-id 3.3.3.9 [PE2] mpls [PE2-mpls] mpls te [PE2-mpls] mpls rsvp-te [PE2-mpls] mpls te cspf [PE2-mpls] quit [PE2] interface pos1/0/0 [PE2-Pos1/0/0] mpls [PE2-Pos1/0/0] mpls te [PE2-Pos1/0/0] mpls rsvp-te [PE2-Pos1/0/0] quit

3.

Configure OSPF TE on the backbone network. # Configure PE1.


[PE1] ospf [PE1-ospf-1] opaque-capability enable [PE1-ospf-1] area 0.0.0.0 [PE1-ospf-1-area-0.0.0.0] network 1.1.1.9 0.0.0.0 [PE1-ospf-1-area-0.0.0.0] network 100.1.1.0 0.0.0.255 [PE1-ospf-1-area-0.0.0.0] mpls-te enable

# Configure P.
[P] ospf [P-ospf-1] opaque-capability enable [P-ospf-1] area 0.0.0.0 [P-ospf-1-area-0.0.0.0] network 2.2.2.9 0.0.0.0 [P-ospf-1-area-0.0.0.0] network 100.1.1.0 0.0.0.255 [P-ospf-1-area-0.0.0.0] network 100.2.1.0 0.0.0.255 [P-ospf-1-area-0.0.0.0] mpls-te enable

# Configure PE2.
[PE2] ospf [PE2-ospf-1] opaque-capability enable [PE2-ospf-1] area 0.0.0.0 [PE2-ospf-1-area-0.0.0.0] network 3.3.3.9 0.0.0.0 [PE2-ospf-1-area-0.0.0.0] network 100.2.1.0 0.0.0.255 [PE2-ospf-1-area-0.0.0.0] mpls-te enable

4.

Configure the MPLS TE attributes of the links. Configure the maximum bandwidth and the maximum reservable bandwidth of the link on the interface of each router along the tunnel. # Configure PE1.
[PE1] interface pos 1/0/0

1-38

Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd.

Issue 03 (2008-09-22)

Quidway NetEngine80E/40E Core Router Configuration Guide - VPN

1 VPN Tunnel Management Configuration

[PE1-Pos1/0/0] mpls te max-link-bandwidth 100000 [PE1-Pos1/0/0] mpls te max-reservable-bandwidth 50000 [PE1-Pos1/0/0] quit

# Configure P.
[P] interface pos [P-Pos1/0/0] mpls [P-Pos1/0/0] mpls [P-Pos1/0/0] quit [P] interface pos [P-Pos2/0/0] mpls [P-Pos2/0/0] mpls [P-Pos2/0/0] quit 1/0/0 te max-link-bandwidth 100000 te max-reservable-bandwidth 50000 2/0/0 te max-link-bandwidth 100000 te max-reservable-bandwidth 50000

# Configure PE2.
[PE2] interface pos 1/0/0 [PE2-Pos1/0/0] mpls te max-link-bandwidth 100000 [PE2-Pos1/0/0] mpls te max-reservable-bandwidth 50000 [PE2-Pos1/0/0] quit

5.

Configure a tunnel interface. # Create the tunnel interface on the PEs, specify the tunnel protocol as MPLS TE and the signaling protocol as RSVP-TE, and specify the bandwidth. # Configure PE1.
<PE1> system-view [PE1] interface tunnel 1/0/0 [PE1-Tunnel1/0/0] ip address unnumbered interface loopback1 [PE1-Tunnel1/0/0] tunnel-protocol mpls te [PE1-Tunnel1/0/0] mpls te signal-protocol rsvp-te [PE1-Tunnel1/0/0] destination 3.3.3.9 [PE1-Tunnel1/0/0] mpls te tunnel-id 100 [PE1-Tunnel1/0/0] mpls te bandwidth 20000 [PE1-Tunnel1/0/0] mpls te commit

# Configure PE2.
<PE2> system-view [PE2] interface tunnel 1/0/0 [PE2-Tunnel1/0/0] ip address unnumbered interface loopback1 [PE2-Tunnel1/0/0] tunnel-protocol mpls te [PE2-Tunnel1/0/0] mpls te signal-protocol rsvp-te [PE2-Tunnel1/0/0] destination 1.1.1.9 [PE2-Tunnel1/0/0] mpls te tunnel-id 101 [PE2-Tunnel1/0/0] mpls te bandwidth 20000 [PE2-Tunnel1/0/0] mpls te commit

After the configuration, run the display this interface command in the tunnel interface view. You can view that the MPLS TE tunnel is established successfully. That is, Line protocol current state displays UP.
[PE1-Tunnel1/0/0] display this interface Tunnel1/0/0 current state : UP Line protocol current state : UP Description:HUAWEI, Quidway Series, Tunnel1/0/0 Interface Route Port,The Maximum Transmit Unit is 1500 Internet Address is unnumbered, using address of LoopBack1(1.1.1.9/32) Encapsulation is TUNNEL, loopback not set Tunnel destination 3.3.3.9 Tunnel up/down statistics 1 Tunnel protocol/transport MPLS/MPLS, ILM is available, primary tunnel id is 0x1002002, secondary tunnel id is 0x0 QoS max-bandwidth : 64 Kbps Output queue : (Urgent queue : Size/Length/Discards) 0/50/0 Output queue : (Protocol queue : Size/Length/Discards) 0/1000/0 Output queue : (FIFO queue : Size/Length/Discards) 0/256/0 300 seconds output rate 0 bytes/sec, 0 packets/sec 26 packets output, 396 bytes 0 output error

Issue 03 (2008-09-22)

Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd.

1-39

1 VPN Tunnel Management Configuration

Quidway NetEngine80E/40E Core Router Configuration Guide - VPN

6.

Establish LDP sessions. Establish a remote peer session between PE1 and PE2. # Configure PE1.
[PE1] mpls ldp [PE1-mpls-ldp] quit [PE1] mpls ldp remote-peer 3.3.3.9 [PE1-mpls-ldp-remote-3.3.3.9] remote-ip 3.3.3.9 [PE1-mpls-ldp-remote-3.3.3.9] quit

# Configure PE2.
[PE2] mpls ldp [PE2-mpls-ldp] quit [PE2] mpls ldp remote-peer 1.1.1.9 [PE2-mpls-ldp-remote-1.1.1.9] remote-ip 3.3.3.9 [PE2-mpls-ldp-remote-1.1.1.9] quit

After the configuration, LDP sessions are established between the PEs. Take the display on PE1 as an example:
[PE1] display mpls ldp session LDP Session(s) in Public Network -----------------------------------------------------------------------------Peer-ID Status LAM SsnRole SsnAge KA-Sent/Rcv -----------------------------------------------------------------------------3.3.3.9:0 Operational DU Passive 000:00:07 31/31 -----------------------------------------------------------------------------TOTAL: 1 session(s) Found. LAM : Label Advertisement Mode SsnAge Unit : DDD:HH:MM

7.

Configure a tunnel policy and establish VC connections. # Configure PE1.


[PE1] tunnel-policy policy1 [PE1-tunnel-policy-policy1] tunnel select-seq cr-lsp load-balance-number 1 [PE1-tunnel-policy-policy1] quit [PE1] mpls l2vpn [PE1-l2vpn] mpls l2vpn default martini [PE1-l2vpn] quit [PE1] interface pos2/0/0 [PE1-Pos2/0/0] mpls l2vc 3.3.3.9 100 tunnel-policy policy1 [PE1-Pos2/0/0] undo shutdown [PE1-Pos2/0/0] quit

# Configure PE2.
[PE2] tunnel-policy policy1 [PE2-tunnel-policy-policy1] tunnel select-seq cr-lsp load-balance-number 1 [PE2-tunnel-policy-policy1] quit [PE2] mpls l2vpn [PE2-l2vpn] mpls l2vpn default martini [PE2-l2vpn] quit [PE2] interface pos2/0/0 [PE2-Pos2/0/0] mpls l2vc 1.1.1.9 100 tunnel-policy policy1 [PE2-Pos2/0/0] undo shutdown [PE2-Pos2/0/0] quit

# Configure CE1.
<CE1> interface pos1/0/0 [CE1-Pos1/0/0] ip address 10.1.1.1 24 [CE1-Pos1/0/0] undo shutdown [CE1-Pos1/0/0] quit

# Configure CE2.
<CE2> interface pos1/0/0 [CE2-Pos1/0/0] ip address 10.1.1.2 24

1-40

Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd.

Issue 03 (2008-09-22)

Quidway NetEngine80E/40E Core Router Configuration Guide - VPN


[CE2-Pos1/0/0] undo shutdown [CE2-Pos1/0/0] quit
NOTE

1 VPN Tunnel Management Configuration

l l

VC IDs on the two ends of the L2VC must be the same; otherwise, VC connections cannot be Up. The PE interface through which the CE accesses the PE need not be configured with an IP address.

8.

Verify the configuration. Run the display mpls forwarding-table command on PE1. You can view that the item Fec to 3.3.3.9/32 is in the MPLS forwarding table.
<PE1> display mpls forwarding-table Fec Outlabel Out-IF 3.3.3.9/32 13312 Pos1/0/0 Nexthop 100.1.1.2 LspIndex 4096

Run the display mpls lsp verbose command on PE1. You can view that an MPLS RSVPTE tunnel is established between 1.1.1.9 and 3.3.3.9. The LSP index of this tunnel is the same as the value in the MPLS forwarding table, which indicates that the local packets to 3.3.3.9 are forwarded through the MPLS TE tunnel.
<PE1> display mpls lsp verbose ---------------------------------------------------------------------LSP Information: RSVP LSP ---------------------------------------------------------------------No : 1 SessionID : 100 IngressLsrID : 1.1.1.9 LocalLspID : 1 Tunnel-Interface : Tunnel1/0/0 Fec : 3.3.3.9/32 Nexthop : 100.1.1.2 In-Label : NULL Out-Label : 13312 In-Interface : ---------Out-Interface : Pos1/0/0 LspIndex : 4096 Token : 0x1002002 LsrType : Ingress Bypass In Use : Not Exists Bypass Tunnel Id : 0x0 BypassTunnel : Tunnel Index[---] Mpls-Mtu : 1500 TimeStamp : 396sec Bfd-State : --No : 2 SessionID : 101 IngressLsrID : 3.3.3.9 LocalLspID : 1 Tunnel-Interface : Tunnel1/0/0 Fec : 1.1.1.9/32 Nexthop : ------In-Label : 3 Out-Label : NULL In-Interface : Pos1/0/0 Out-Interface : ---------LspIndex : 4097 Token : 0x0 LsrType : Egress Bypass In Use : Not Exists Bypass Tunnel Id : 0x0 BypassTunnel : Tunnel Index[---] Mpls-Mtu : -----TimeStamp : 394sec Bfd-State : -----------------------------------------------------------------------LSP Information: LDP LSP ----------------------------------------------------------------------

Issue 03 (2008-09-22)

Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd.

1-41

1 VPN Tunnel Management Configuration


No VrfIndex Fec Nexthop In-Label Out-Label In-Interface Out-Interface LspIndex Token FrrToken LsrType Outgoing token Label Operation Mpls-Mtu TimeStamp Bfd-State : : : : : : : : : : : : : : : : : 3 1.1.1.9/32 127.0.0.1 3 NULL ------------------10240 0x0 0x0 Egress 0x0 POP -----394sec ---

Quidway NetEngine80E/40E Core Router Configuration Guide - VPN

Run the display mpls te tunnel-interface command on the PEs. You can view detailed information about the tunnel. Take the display on PE1 as an example:
<PE1> display mpls te tunnel-interface Tunnel Name : Tunnel1/0/0 Tunnel Desc : HUAWEI, Quidway Series, Tunnel1/0/0 Interface Tunnel State Desc : CR-LSP is Up Tunnel Attributes : LSP ID : 1.1.1.9:1 Session ID : 100 Admin State : UP Oper State : UP Ingress LSR ID : 1.1.1.9 Egress LSR ID: 3.3.3.9 Signaling Protocol : RSVP Resv Style : SE Class Type : CLASS 0 Tunnel BW : 20000 kbps Reserved BW : 20000 kbps Setup Priority : 7 Hold Priority: 7 Hop Limit : Secondary Hop Limit : BestEffort Hop Limit: Affinity Prop/Mask : 0x0/0x0 Explicit Path Name : Secondary Affinity Prop/Mask: 0x0/0x0 Secondary Explicit Path Name: BestEffort Affinity Prop/Mask: 0x0/0x0 Tie-Breaking Policy : None Metric Type : None Record Route : Disabled Record Label : Disabled FRR Flag : Disabled BackUpBW Flag: Not Supported BackUpBW Type : BackUpBW : Route Pinning : Disabled Retry Limit : 5 Retry Interval: 10 sec Reopt : Disabled Reopt Freq : Back Up Type : None Back Up LSPID : Auto BW : Disabled Auto BW Freq : Min BW : Max BW : Current Collected BW: Interfaces Protected: ACL Bind Value : VRF Bind Value : L2VPN Bind Value : Car Policy : Disabled Tunnel Group : Primary Primary Tunnel Sum : Primary Tunnel : Backup Tunnel : IPTN InLabel : Group Status : Up Oam Status : Up Bfd Capability : None BestEffort : Disabled IsBestEffortPath: Non-existent

CE1 and CE2 can ping through each other.


1-42 Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd. Issue 03 (2008-09-22)

Quidway NetEngine80E/40E Core Router Configuration Guide - VPN

1 VPN Tunnel Management Configuration

<CE1> ping 10.1.1.2 PING 10.1.1.2: 56 data bytes, press CTRL_C to break Reply from 10.1.1.2: bytes=56 Sequence=1 ttl=255 time=125 ms Reply from 10.1.1.2: bytes=56 Sequence=2 ttl=255 time=125 ms Reply from 10.1.1.2: bytes=56 Sequence=3 ttl=255 time=94 ms Reply from 10.1.1.2: bytes=56 Sequence=4 ttl=255 time=125 ms Reply from 10.1.1.2: bytes=56 Sequence=5 ttl=255 time=125 ms --- 10.1.1.2 ping statistics --5 packet(s) transmitted 5 packet(s) received 0.00% packet loss round-trip min/avg/max = 94/118/125 ms

Configuration Files
l

Configuration file of CE1


# sysname CE1 # interface Pos1/0/0 link-protocol ppp undo shutdown ip address 10.1.1.1 255.255.255.0 # return

Configuration file of PE1


# sysname PE1 # mpls lsr-id 1.1.1.9 mpls mpls te mpls rsvp-te mpls te cspf # mpls l2vpn mpls l2vpn default martini # mpls ldp # mpls ldp remote-peer 3.3.3.9 remote-ip 3.3.3.9 # interface Pos1/0/0 link-protocol ppp undo shutdown ip address 100.1.1.1 255.255.255.0 mpls mpls te mpls te max-link-bandwidth 100000 mpls te max-reservable-bandwidth 50000 mpls rsvp-te # interface Pos2/0/0 link-protocol ppp undo shutdown mpls l2vc 3.3.3.9 100 tunnel-policy policy1 # interface LoopBack1 ip address 1.1.1.9 255.255.255.255 # interface Tunnel1/0/0 ip address unnumbered interface LoopBack1 tunnel-protocol mpls te destination 3.3.3.9 mpls te tunnel-id 100 mpls te bandwidth bc0 20000 mpls te commit

Issue 03 (2008-09-22)

Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd.

1-43

1 VPN Tunnel Management Configuration

Quidway NetEngine80E/40E Core Router Configuration Guide - VPN

# ospf 1 opaque-capability enable area 0.0.0.0 network 1.1.1.9 0.0.0.0 network 100.1.1.0 0.0.0.255 mpls-te enable # tunnel-policy policy1 tunnel select-seq cr-lsp load-balance-number 1 # return l

Configuration file of P
# sysname P # mpls lsr-id 2.2.2.9 mpls mpls te mpls rsvp-te # interface Pos1/0/0 link-protocol ppp undo shutdown ip address 100.1.1.2 255.255.255.0 mpls mpls te mpls te max-link-bandwidth 100000 mpls te max-reservable-bandwidth 50000 mpls rsvp-te # interface Pos2/0/0 link-protocol ppp undo shutdown ip address 100.2.1.1 255.255.255.0 mpls mpls te mpls te max-link-bandwidth 100000 mpls te max-reservable-bandwidth 50000 mpls rsvp-te # interface LoopBack1 ip address 2.2.2.9 255.255.255.255 # ospf 1 opaque-capability enable area 0.0.0.0 network 2.2.2.9 0.0.0.0 network 100.1.1.0 0.0.0.255 network 100.2.1.0 0.0.0.255 mpls-te enable # return

Configuration file of PE2


# sysname PE2 # mpls lsr-id 3.3.3.9 mpls mpls te mpls rsvp-te mpls te cspf # mpls l2vpn mpls l2vpn default martini # mpls ldp #

1-44

Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd.

Issue 03 (2008-09-22)

Quidway NetEngine80E/40E Core Router Configuration Guide - VPN

1 VPN Tunnel Management Configuration

mpls ldp remote-peer 1.1.1.9 remote-ip 1.1.1.9 # interface Pos1/0/0 link-protocol ppp undo shutdown ip address 100.2.1.2 255.255.255.0 mpls mpls te mpls te max-link-bandwidth 100000 mpls te max-reservable-bandwidth 50000 mpls rsvp-te # interface Pos2/0/0 link-protocol ppp undo shutdown mpls l2vc 1.1.1.9 100 tunnel-policy policy1 # interface LoopBack1 ip address 3.3.3.9 255.255.255.255 # interface Tunnel1/0/0 ip address unnumbered interface LoopBack1 tunnel-protocol mpls te destination 1.1.1.9 mpls te tunnel-id 101 mpls te bandwidth bc0 20000 mpls te commit # ospf 1 opaque-capability enable area 0.0.0.0 network 3.3.3.9 0.0.0.0 network 100.2.1.0 0.0.0.255 mpls-te enable # tunnel-policy policy1 tunnel select-seq cr-lsp load-balance-number 1 # return l

Configuration file of CE2


# sysname CE2 # interface Pos1/0/0 link-protocol ppp undo shutdown ip address 10.1.1.2 255.255.255.0 # return

1.8.3 Example for Configuring the Martini L2VPN Primary Tunnel Binding

Issue 03 (2008-09-22)

Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd.

1-45

1 VPN Tunnel Management Configuration

Quidway NetEngine80E/40E Core Router Configuration Guide - VPN

Networking Requirements
Figure 1-4 Networking diagram of configuring the Martini L2VPN primary tunnel binding
Backbone
Loopback1 2.2.2.9/32 POS1/0/0 100.2.1.2/24 Loopback1 1.1.1.9/32 POS3/0/0 100.1.1.1/24 GE1/0/0.1 Loopback1 4.4.4.9/32 GE1/0/0.1 10.1.1.2/24 GE2/0/0.1

VPNA

PE2
POS2/0/0 100.2.1.1/24 POS3/0/0 100.3.1.1/24

VLAN2

CE2

Site2

PE1 100.1.1.2/24 P
GE2/0/0.1

POS1/0/0

VLAN1
GE1/0/0.1 10.1.1.1/24

VLAN4
GE2/0/0.1 20.1.1.1/24

POS1/0/0 100.3.1.2/24

PE3

VPNA
GE1/0/0.1 20.1.1.2/24 GE2/0/0.1

VLAN3
Loopback1 3.3.3.9/32

CE3 Site3

Site1 CE1

VPNA

In Figure 1-4:
l l

Site 1, Site 2 and Site 3 belong to VPNA. Site 1, Site 2 and Site 3 access the backbone network as Virtual LANs (VLANs).

The configuration requirements are as follows:


l l

Configuring the Martini L2VPN Ensuring the bandwidth between Site1 and Site2 is 10 Mbit/s and that between Site1 and Site3 is 20 Mbit/s all along. Ensuring that the communication between Site1 and Site2 and that between Site1 and Site3 cannot interfere with each other.

Configuration Roadmap
The configuration roadmap is as follows: 1. 2. 3. 4. 5. Configure the TE tunnel. Configure the tunnel policy and binding the IP address of the peer with the tunnel. Adopt the tunnel policy when configuring the L2VC connection. Configure the sub-interfaces on CE and PE. Connect CE with the backbone network.

Data Preparation
To configure the Martini L2VPN tunnel binding, you need the following data:
1-46 Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd. Issue 03 (2008-09-22)

Quidway NetEngine80E/40E Core Router Configuration Guide - VPN


l l l

1 VPN Tunnel Management Configuration

Tunnel policy VC ID Data of QoS for MPLS TE tunnel


NOTE

On a PE, specify different tunnel policies and TE tunnels for L2VPN services to the same destination.

Configuration Procedure
1. Realize the interworking between PEs. Configure the unicast routing protocol on the backbone network to realize the interworking between PEs. In this example, IS-IS is adopted. The process number is 1. Consider PE1 as an example. The configurations on PE2 and PE3 are similar to that on PE1 and are omitted. # Configure PE1.
<Quidway> system-view [Quidway] sysname PE1 [PE1] isis 1 [PE1-isis-1] network-entity 10.0000.0000.0000.0001.00 [PE1-isis-1] is-level level-2 [PE1-isis-1] quit [PE1] interface pos 3/0/0 [PE1-Pos3/0/0] isis enable 1 [PE1-Pos3/0/0] quit [PE1] interface loopback 1 [PE1-LoopBack1] isis enable 1 [PE1-LoopBack1] quit

# Configure P.
[Quidway] system-view [Quidway] sysname P [P] isis 1 [P-isis-1] network-entity 10.0000.0000.0000.0002.00 [P-isis-1] is-level level-2 [P-isis-1] quit [P] interface pos 1/0/0 [P-Pos1/0/0] isis enable 1 [P-Pos1/0/0] quit [P] interface pos 2/0/0 [P-Pos2/0/0] isis enable 1 [P-Pos2/0/0] quit [P] interface pos 3/0/0 [P-Pos3/0/0] isis enable 1 [P-Pos3/0/0] quit [P] interface loopback 1 [P-LoopBack1] isis enable 1 [P-LoopBack1] quit

After the configuration, running the display ip routing-table command in any view on PE, you can see that PEs learn the loopback address of their peers. Consider PE1as an example.
[PE1] display ip routing-table Route Flags: R - relied, D - download to fib -----------------------------------------------------------------------------Routing Tables: Public Destinations : 11 Routes : 11 Destination/Mask Proto Pre Cost Flags NextHop Interface 1.1.1.9/32 Direct 0 0 D 127.0.0.1 InLoopBack0 2.2.2.9/32 ISIS 15 20 D 100.1.1.2 Pos3/0/0 3.3.3.9/32 ISIS 15 20 D 100.1.1.2 Pos3/0/0 4.4.4.9/32 ISIS 15 10 D 100.1.1.2 Pos3/0/0 100.1.1.0/24 Direct 0 0 D 100.1.1.1 Pos3/0/0

Issue 03 (2008-09-22)

Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd.

1-47

1 VPN Tunnel Management Configuration


100.1.1.1/32 100.1.1.2/32 100.2.1.0/24 100.3.1.0/24 127.0.0.0/8 127.0.0.1/32 Direct Direct ISIS ISIS Direct Direct 0 0 15 15 0 0 0 0 20 20 0 0

Quidway NetEngine80E/40E Core Router Configuration Guide - VPN


D D D D D D 127.0.0.1 100.1.1.2 100.1.1.2 100.1.1.2 127.0.0.1 127.0.0.1 InLoopBack0 Pos3/0/0 Pos3/0/0 Pos3/0/0 InLoopBack0 InLoopBack0

2.

Configure the basic MPLS capability. Establish the LDP remote peer and enable MPLS TE, RSVP-TE and CSPF. In this example, RSVP-TE is adopted as the signaling protocol. Enable MPLS TE and RSVP-TE globally on each PE and P along the TE tunnel. Configure CSPF on the ingress of the tunnel. The configurations on PE2 and PE3 are similar, and are not mentioned here. # Configure PE1.
[PE1] mpls lsr-id 1.1.1.9 [PE1] mpls [PE1-mpls] mpls te [PE1-mpls] mpls rsvp-te [PE1-mpls] mpls te cspf [PE1-mpls] quit [PE1] interface pos 3/0/0 [PE1-Pos3/0/0] mpls [PE1-Pos3/0/0] mpls te [PE1-Pos3/0/0] mpls rsvp-te [PE1-Pos3/0/0] quit [PE1] mpls ldp [PE1-mpls-ldp] quit [PE1] mpls ldp remote-peer 2.2.2.9 [PE1-mpls-ldp-remote-2.2.2.9] remote-ip 2.2.2.9 [PE1-mpls-ldp-remote-2.2.2.9] quit [PE1] mpls ldp remote-peer 3.3.3.9 [PE1-mpls-ldp-remote-3.3.3.9] remote-ip 3.3.3.9 [PE1-mpls-ldp-remote-3.3.3.9] quit

# Configure P.
[P] mpls lsr-id 4.4.4.9 [P] mpls [P-mpls] mpls te [P-mpls] mpls rsvp-te [P-mpls] quit [P] interface pos 1/0/0 [P-Pos1/0/0] mpls [P-Pos1/0/0] mpls te [P-Pos1/0/0] mpls rsvp-te [P-Pos1/0/0] quit [P] interface pos 2/0/0 [P-Pos2/0/0] mpls [P-Pos2/0/0] mpls te [P-Pos2/0/0] mpls rsvp-te [P-Pos2/0/0] quit [P] interface pos 3/0/0 [P-Pos3/0/0] mpls [P-Pos3/0/0] mpls te [P-Pos3/0/0] mpls rsvp-te [P-Pos3/0/0] quit

After the configuration, running the display mpls ldp session command on PE, you can see that the LDP remote peer is set up between PE1 and PE2. The LDP remote peer is also set up between PE1 and PE3. Consider PE1 as an example.
[PE1] display mpls ldp session LDP Session(s) in Public Network ------------------------------------------------------------------------Peer-ID Status LAM SsnRole SsnAge KA-Sent/Rcv -------------------------------------------------------------------------

1-48

Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd.

Issue 03 (2008-09-22)

Quidway NetEngine80E/40E Core Router Configuration Guide - VPN

1 VPN Tunnel Management Configuration

2.2.2.9:0 Operational DU Passive 000:00:00 4/4 3.3.3.9:0 Operational DU Passive 000:00:00 4/4 ------------------------------------------------------------------------LAM : Label Advertisement Mode SsnAge Unit : DDD:HH:MM

3.

Configure the IS-IS TE. Consider the configuration on PE1 as an example. The configurations on P, PE2 and PE3 are similar to that on PE1 and are not mentioned here. # Configure PE1.
[PE1] isis 1 [PE1-isis-1] cost-style wide [PE1-isis-1] traffic-eng level-2 [PE1-isis-1] quit
NOTE

l l

If this step is configured only on one end, the status of the remote session configured on the local end turns to Down. After the opposite end is configured with the IS-IS TE, the LDP session of the remote end will restore the Up state.

4.

Configure the MPLS TE attribute of the link. The maximum reservation bandwidth of the links that the TE tunnel passes by must be no smaller than the sum of all the TE tunnel bandwidth. The maximum link bandwidth must be no smaller than the maximum reservation bandwidth. Consider PE1 and P as examples. The configurations on PE2 and PE3 are similar to that on PE1 and are not mentioned here. # Configure PE1.
[PE1] interface pos 1/0/0 [PE1-Pos1/0/0] mpls te max-link-bandwidth 100000 [PE1-Pos1/0/0] mpls te max-reservable-bandwidth 80000 [PE1-Pos1/0/0] quit

# Configure P.
[P] interface pos [P-Pos1/0/0] mpls [P-Pos1/0/0] mpls [P-Pos1/0/0] quit [P] interface pos [P-Pos2/0/0] mpls [P-Pos2/0/0] mpls [P] interface pos [P-Pos3/0/0] mpls [P-Pos3/0/0] mpls 1/0/0 te max-link-bandwidth 100000 te max-reservable-bandwidth 80000 2/0/0 te max-link-bandwidth 100000 te max-reservable-bandwidth 80000 3/0/0 te max-link-bandwidth 100000 te max-reservable-bandwidth 80000

5.

Configure the MPLS TE explicit path. You can configure the MPLS TE path manually; that is, configure the MPLS TE explicit path. Consider the configuration of the explicit path on the MPLS TE tunnel on PE1 as an example. # Configure PE1.
[PE1] explicit-path PE1toPE2 [PE1-explicit-path-PE1toPE2] [PE1-explicit-path-PE1toPE2] [PE1-explicit-path-PE1toPE2] [PE1-explicit-path-PE1toPE2] [PE1] explicit-path PE1toPE3 [PE1-explicit-path-PE1toPE3] [PE1-explicit-path-PE1toPE3] [PE1-explicit-path-PE1toPE3] [PE1-explicit-path-PE1toPE3] next hop 100.1.1.2 next hop 100.2.1.2 next hop 2.2.2.9 quit next hop 100.1.1.2 next hop 100.3.1.2 next hop 3.3.3.9 quit

6.
Issue 03 (2008-09-22)

Configure MPLS TE tunnel.


Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd. 1-49

1 VPN Tunnel Management Configuration


NOTE

Quidway NetEngine80E/40E Core Router Configuration Guide - VPN

l l

The MPLS TE tunnel is unidirectional. If the two-way QoS of the TE tunnel is needed, configure MPLS TE tunnel on the PEs of the two ends of the tunnel.

Create two tunnel interfaces on PE1 and create one tunnel interface on PE2 and PE3 respectively. # Configure PE1.
[PE1] interface tunnel 1/0/0 [PE1-Tunnel1/0/0] ip address unnumbered interface loopback 1 [PE1-Tunnel1/0/0] tunnel-protocol mpls te [PE1-Tunnel1/0/0] destination 2.2.2.9 [PE1-Tunnel1/0/0] mpls te tunnel-id 100 [PE1-Tunnel1/0/0] mpls te signal-protocol rsvp-te [PE1-Tunnel1/0/0] mpls te path explicit-path PE1toPE2 [PE1-Tunnel1/0/0] mpls te bandwidth 10000 [PE1-Tunnel1/0/0] mpls te commit [PE1-Tunnel1/0/0] quit [PE1] interface tunnel 2/0/0 [PE1-Tunnel2/0/0] ip address unnumbered interface loopback 1 [PE1-Tunnel2/0/0] tunnel-protocol mpls te [PE1-Tunnel2/0/0] destination 3.3.3.9 [PE1-Tunnel2/0/0] mpls te tunnel-id 200 [PE1-Tunnel2/0/0] mpls te signal-protocol rsvp-te [PE1-Tunnel2/0/0] mpls te path explicit-path PE1toPE3 [PE1-Tunnel2/0/0] mpls te bandwidth 20000 [PE1-Tunnel2/0/0] mpls te commit [PE1-Tunnel2/0/0] quit

# Configure PE2.
[PE2] interface tunnel 1/0/0 [PE2-Tunnel1/0/0] ip address unnumbered interface loopback 1 [PE2-Tunnel1/0/0] tunnel-protocol mpls te [PE2-Tunnel1/0/0] destination 1.1.1.9 [PE2-Tunnel1/0/0] mpls te tunnel-id 100 [PE2-Tunnel1/0/0] mpls te signal-protocol rsvp-te [PE2-Tunnel1/0/0] mpls te bandwidth 10000 [PE2-Tunnel1/0/0] mpls te commit [PE2-Tunnel1/0/0] quit

# Configure PE3.
[PE3] interface tunnel 1/0/0 [PE3-Tunnel1/0/0] ip address unnumbered interface loopback 1 [PE3-Tunnel1/0/0] tunnel-protocol mpls te [PE3-Tunnel1/0/0] destination 1.1.1.9 [PE3-Tunnel1/0/0] mpls te tunnel-id 100 [PE3-Tunnel1/0/0] mpls te signal-protocol rsvp-te [PE3-Tunnel1/0/0] mpls te bandwidth 20000 [PE3-Tunnel1/0/0] mpls te commit [PE3-Tunnel1/0/0] quit

After the configuration mentioned above, run the display this interface command in tunnel interface view to check the TE tunnel. The state of the tunnel should be Up. Consider Tunnel 1/0/0 of PE1 as an example.
[PE1-Tunnel1/0/0] display this interface Tunnel1/0/0 current state : UP Line protocol current state : UP Description : HUAWEI, Quidway Series, Tunnel1/0/0 Interface, Route Port The Maximum Transmit Unit is 1500 bytes Internet Address is unnumbered, using address of LoopBack1(1.1.1.9/32) Encapsulation is TUNNEL, loopback not set Tunnel destination 2.2.2.9 Tunnel protocol/transport MPLS/MPLS, ILM is available, primary tunnel id is 0x1002001, secondary tunnel id is 0x0 The tunnelIfIndex is 0x4000205

1-50

Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd.

Issue 03 (2008-09-22)

Quidway NetEngine80E/40E Core Router Configuration Guide - VPN

1 VPN Tunnel Management Configuration

QoS max-bandwidth : 64 Kbps Output queue : (Urgent queue : Size/Length/Discards) 0/50/0 Output queue : (Protocol queue : Size/Length/Discards) 0/1000/0 Output queue : (FIFO queuing : Size/Length/Discards) 0/75/0 5 minutes output rate 0 bytes/sec, 0 packets/sec 0 packets output, 0 bytes 0 output error

7.

Configure the VPN tunnel binding. # Configure PE1 (to bind Tunnel1).
[PE1] mpls l2vpn [PE1-l2vpn] mpls l2vpn default martini [PE1-l2vpn] quit [PE1] interface tunnel 1/0/0 [PE1-Tunnel1/0/0] mpls te reserved-for-binding [PE1-Tunnel1/0/0] mpls te commit [PE1-Tunnel1/0/0] quit [PE1] tunnel-policy policy1 [PE1-tunnel-policy-policy1] tunnel binding destination 2.2.2.9 te tunnel1/0/0 [PE1-tunnel-policy-policy1] quit [PE1] interface gigabitethernet 1/0/0.1 [PE1-GigabitEthernet1/0/0.1] shutdown [PE1-GigabitEthernet1/0/0.1] vlan-type dot1q 1 [PE1-GigabitEthernet1/0/0.1] mpls l2vc 2.2.2.9 100 tunnel-policy policy1 [PE1-GigabitEthernet1/0/0.1] undo shutdown [PE1-GigabitEthernet1/0/0.1] quit

# Configure PE1 (to bind Tunnel2).


[PE1] interface tunnel 2/0/0 [PE1-Tunnel2/0/0] mpls te reserved-for-binding [PE1-Tunnel2/0/0] mpls te commit [PE1-Tunnel2/0/0] quit [PE1] tunnel-policy policy2 [PE1-tunnel-policy-policy2] tunnel binding destination 3.3.3.9 te tunnel2/0/0 [PE1-tunnel-policy-policy2] quit [PE1] interface gigabitethernet 2/0/0.1 [PE1-GigabitEthernet2/0/0.1] shutdown [PE1-GigabitEthernet2/0/0.1] vlan-type dot1q 4 [PE1-GigabitEthernet2/0/0.1] mpls l2vc 3.3.3.9 200 tunnel-policy policy2 [PE1-GigabitEthernet2/0/0.1] undo shutdown [PE1-GigabitEthernet2/0/0.1] quit

# Configure PE2.
[PE2] mpls l2vpn [PE2-l2vpn] mpls l2vpn default martini [PE2-l2vpn] quit [PE2] interface tunnel 1/0/0 [PE2-Tunnel1/0/0] mpls te reserved-for-binding [PE2-Tunnel1/0/0] mpls te commit [PE2-Tunnel1/0/0] quit [PE2] tunnel-policy policy1 [PE2-tunnel-policy-policy1] tunnel binding destination 1.1.1.9 te tunnel1/0/0 [PE2-tunnel-policy-policy1] quit [PE2] interface gigabitethernet 2/0/0.1 [PE2-GigabitEthernet2/0/0.1] shutdown [PE2-GigabitEthernet2/0/0.1] vlan-type dot1q 2 [PE2-GigabitEthernet2/0/0.1] mpls l2vc 1.1.1.9 100 tunnel-policy policy1 [PE2-GigabitEthernet2/0/0.1] undo shutdown [PE2-GigabitEthernet2/0/0.1] quit

# Configure PE3.
[PE3] mpls l2vpn [PE3-l2vpn] mpls l2vpn default martini [PE3-l2vpn] quit [PE3] interface tunnel 1/0/0 [PE3-Tunnel1/0/0] mpls te reserved-for-binding [PE3-Tunnel1/0/0] mpls te commit [PE3-Tunnel1/0/0] quit [PE3] tunnel-policy policy1

Issue 03 (2008-09-22)

Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd.

1-51

1 VPN Tunnel Management Configuration

Quidway NetEngine80E/40E Core Router Configuration Guide - VPN

[PE3-tunnel-policy-policy1] tunnel binding destination 1.1.1.9 te tunnel1/0/0 [PE3-tunnel-policy-policy1] quit [PE3] interface gigabitethernet 2/0/0.1 [PE3-GigabitEthernet2/0/0.1] shutdown [PE3-GigabitEthernet2/0/0.1] vlan-type dot1q 3 [PE3-GigabitEthernet2/0/0.1] mpls l2vc 1.1.1.9 200 tunnel-policy policy1 [PE3-GigabitEthernet2/0/0.1] undo shutdown [PE3-GigabitEthernet2/0/0.1] quit

8.

Connect CE with the backbone network. Consider CE1 as an example. The configurations on CE2 and CE3 are similar to that on CE1 and are omitted.
[CE1] interface gigabitethernet 1/0/0.1 [CE1-GigabitEthernet1/0/0.1] shutdown [CE1-GigabitEthernet1/0/0.1] vlan-type dot1q 1 [CE1-GigabitEthernet1/0/0.1] ip address 10.1.1.1 24 [CE1-GigabitEthernet1/0/0.1] undo shutdown [CE1-GigabitEthernet1/0/0.1] quit [CE1] interface gigabitethernet 2/0/0.1 [CE1-GigabitEthernet2/0/0.1] vlan-type dot1q 4 [CE1-GigabitEthernet2/0/0.1] ip address 20.1.1.1 24 [CE1-GigabitEthernet2/0/0.1] undo shutdown [CE1-GigabitEthernet2/0/0.1] quit

9.

Verify the configuration. Check the VC state on PE1. The state of each VC is Up.
[PE1] display mpls l2vc Total ldp vc : 2 2 up 0 down *Client Interface : gigabitethernet 1/0/0.1 Session State : up AC Status : up VC State : up VC ID : 100 VC Type : ppp Destination : 2.2.2.9 Local VC Label : 17408 Remote VC Label : 17409 Control Word : Disable Local VC MTU : 1500 Remote VC MTU : 1500 Tunnel Policy Name : policy1 Traffic Behavior Name: -PW Template Name : -Create time : 0 days, 0 hours, 7 minutes, UP time : 0 days, 0 hours, 7 minutes, Last change time : 0 days, 0 hours, 7 minutes, *Client Interface : gigabitethernet 2/0/0.1 Session State : up AC Status : up VC State : up VC ID : 200 VC Type : ppp Destination : 3.3.3.9 Local VC Label : 17409 Remote VC Label : 17408 Control Word : Disable Local VC MTU : 1500 Remote VC MTU : 1500 Tunnel Policy Name : policy1 Traffic Behavior Name: -PW Template Name : -Create time : 0 days, 0 hours, 2 minutes, UP time : 0 days, 0 hours, 0 minutes, Last change time : 0 days, 0 hours, 0 minutes,

18 seconds 18 seconds 18 seconds

23 seconds 24 seconds 24 seconds

Check information about the tunnel interface. Consider Tunnel 1/0/0 as an example.
1-52 Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd. Issue 03 (2008-09-22)

Quidway NetEngine80E/40E Core Router Configuration Guide - VPN

1 VPN Tunnel Management Configuration

[PE1] display interface Tunnel 1/0/0 Tunnel1/0/0 current state : UP Line protocol current state : UP Description : HUAWEI, Quidway Series, Tunnel1/0/0 Interface, Route Port The Maximum Transmit Unit is 1500 bytes Internet Address is unnumbered, using address of LoopBack1(1.1.1.9/32) Encapsulation is TUNNEL, loopback not set Tunnel destination 2.2.2.9 Tunnel protocol/transport MPLS/MPLS, ILM is available, primary tunnel id is 0x1002043, secondary tunnel id is 0x0 The tunnelIfIndex is 0x4000385 QoS max-bandwidth : 64 Kbps Output queue : (Urgent queue : Size/Length/Discards) 0/50/0 Output queue : (Protocol queue : Size/Length/Discards) 0/1000/0 Output queue : (FIFO queuing : Size/Length/Discards) 0/75/0 5 minutes output rate 0 bits/sec, 0 packets/sec 0 packets output, 0 bytes 0 packets output dropped

CE1 can ping CE2 and CE3. Check information about Tunnel 1/0/0 again.
[PE1] display interface Tunnel 1/0/0 Tunnel1/0/0 current state : UP Line protocol current state : UP Description : HUAWEI, Quidway Series, Tunnel1/0/0 Interface, Route Port The Maximum Transmit Unit is 1500 bytes Internet Address is unnumbered, using address of LoopBack1(1.1.1.9/32) Encapsulation is TUNNEL, loopback not set Tunnel destination 2.2.2.9 Tunnel protocol/transport MPLS/MPLS, ILM is available, primary tunnel id is 0x1002043, secondary tunnel id is 0x0 The tunnelIfIndex is 0x4000385 QoS max-bandwidth : 64 Kbps Output queue : (Urgent queue : Size/Length/Discards) 0/50/0 Output queue : (Protocol queue : Size/Length/Discards) 0/1000/0 Output queue : (FIFO queuing : Size/Length/Discards) 0/75/0 5 minutes output rate 2952 bits/sec, 2 packets/sec 48739720 packets output, 361150 bytes 0 packets output dropped

The output shows that the packets pass through Tunnel 1/0/0 increases. Run the ping 20.1.1.2 command on CE1 to check the interface information about Tunnel 1/0/0. The statistics of packets remain unchanged, because Tunnel 1/0/0 is only used to transmit the data of PE1 and PE2.

Configuration files
l

Configuration file of PE1


# sysname PE1 # mpls lsr-id 1.1.1.9 mpls mpls te mpls rsvp-te mpls te cspf mpls l2vpn mpls l2vpn default martini # explicit-path PE1toPE2 next hop 100.1.1.2 next hop 100.2.1.2 next hop 2.2.2.9 # explicit-path PE1toPE3 next hop 100.1.1.2 next hop 100.3.1.2

Issue 03 (2008-09-22)

Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd.

1-53

1 VPN Tunnel Management Configuration

Quidway NetEngine80E/40E Core Router Configuration Guide - VPN

next hop 3.3.3.9 # mpls ldp # mpls ldp remote-peer 2.2.2.9 remote-ip 2.2.2.9 # mpls ldp remote-peer 3.3.3.9 remote-ip 3.3.3.9 # isis 1 is-level level-2 cost-style wide network-entity 10.0000.0000.0000.0001.00 traffic-eng level-2 # interface Pos1/0/0 link-protocol ppp ip address 100.1.1.1 255.255.255.0 isis enable 1 mpls mpls te mpls te max-link-bandwidth 100000 mpls te max-reservable-bandwidth 80000 mpls rsvp-te # interface GigabitEthernet1/0/0.1 undo shutdown mpls l2vc 2.2.2.9 100 tunnel-policy policy1 # interface GigabitEthernet2/0/0.1 undo shutdown vlan-type dot1q 4 mpls l2vc 3.3.3.9 200 tunnel-policy policy2 # interface LoopBack1 ip address 1.1.1.9 255.255.255.255 isis enable 1 # interface Tunnel1/0/0 ip address unnumbered interface LoopBack1 tunnel-protocol mpls te destination 2.2.2.9 mpls te tunnel-id 100 mpls te bandwidth bc0 10000 mpls te path explicit-path pe1tope2 mpls te reserved-for-binding mpls te commit # interface Tunnel2/0/0 ip address unnumbered interface LoopBack1 tunnel-protocol mpls te destination 3.3.3.9 mpls te tunnel-id 200 mpls te bandwidth bc0 20000 mpls te path explicit-path pe1tope3 mpls te reserved-for-binding mpls te commit # tunnel-policy policy1 tunnel binding destination 2.2.2.9 te tunnel1/0/0 # tunnel-policy policy2 tunnel binding destination 3.3.3.9 te tunnel2/0/0 # return l

Configuration file of P
# sysname P

1-54

Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd.

Issue 03 (2008-09-22)

Quidway NetEngine80E/40E Core Router Configuration Guide - VPN


# mpls lsr-id 4.4.4.9 mpls mpls te mpls rsvp-te # isis 1 is-level level-2 cost-style wide network-entity 10.0000.0000.0000.0002.00 traffic-eng level-2 # interface Pos1/0/0 link-protocol ppp ip address 100.1.1.2 255.255.255.0 isis enable 1 mpls mpls te mpls te max-link-bandwidth 100000 mpls te max-reservable-bandwidth 80000 mpls rsvp-te # interface Pos2/0/0 link-protocol ppp ip address 100.2.1.1 255.255.255.0 isis enable 1 mpls mpls te mpls te max-link-bandwidth 100000 mpls te max-reservable-bandwidth 80000 mpls rsvp-te # interface Pos3/0/0 link-protocol ppp ip address 100.3.1.1 255.255.255.0 isis enable 1 mpls mpls te mpls te max-link-bandwidth 100000 mpls te max-reservable-bandwidth 80000 mpls rsvp-te # interface LoopBack1 ip address 4.4.4.9 255.255.255.255 isis enable 1 # return l

1 VPN Tunnel Management Configuration

Configuration file of PE2


# sysname PE2 # mpls lsr-id 2.2.2.9 mpls mpls te mpls rsvp-te mpls te cspf mpls l2vpn mpls l2vpn default martini # mpls ldp # mpls ldp remote-peer 1.1.1.9 remote-ip 1.1.1.9 # isis 1 is-level level-2 cost-style wide network-entity 10.0000.0000.0000.0003.00 traffic-eng level-2

Issue 03 (2008-09-22)

Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd.

1-55

1 VPN Tunnel Management Configuration

Quidway NetEngine80E/40E Core Router Configuration Guide - VPN

# interface Pos1/0/0 link-protocol ppp ip address 100.2.1.2 255.255.255.0 isis enable 1 mpls mpls te mpls te max-link-bandwidth 100000 mpls te max-reservable-bandwidth 80000 mpls rsvp-te # interface GigabitEthernet2/0/0.1 undo shutdown vlan-type dot1q 2 mpls l2vc 1.1.1.9 100 tunnel-policy policy1 # interface LoopBack1 ip address 2.2.2.9 255.255.255.255 isis enable 1 # interface Tunnel1/0/0 ip address unnumbered interface LoopBack1 tunnel-protocol mpls te destination 1.1.1.9 mpls te tunnel-id 100 mpls te bandwidth bc0 10000 mpls te reserved-for-binding mpls te commit # tunnel-policy policy1 tunnel binding destination 1.1.1.9 te tunnel1/0/0 # return l

Configuration file of PE3


# sysname PE3 # mpls lsr-id 3.3.3.9 mpls mpls te mpls rsvp-te mpls te cspf mpls l2vpn mpls l2vpn default martini # mpls ldp # mpls ldp remote-peer 1.1.1.9 remote-ip 1.1.1.9 # isis 1 is-level level-2 cost-style wide network-entity 10.0000.0000.0000.0004.00 traffic-eng level-2 # interface Pos1/0/0 link-protocol ppp ip address 100.3.1.2 255.255.255.0 isis enable 1 mpls mpls te mpls te max-link-bandwidth 100000 mpls te max-reservable-bandwidth 80000 mpls rsvp-te # interface GigabitEthernet2/0/0.1 undo shutdown vlan-type dot1q 3

1-56

Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd.

Issue 03 (2008-09-22)

Quidway NetEngine80E/40E Core Router Configuration Guide - VPN

1 VPN Tunnel Management Configuration

mpls l2vc 1.1.1.9 200 tunnel-policy policy1 # interface LoopBack1 ip address 3.3.3.9 255.255.255.255 isis enable 1 # interface Tunnel1/0/0 ip address unnumbered interface LoopBack1 tunnel-protocol mpls te destination 1.1.1.9 mpls te tunnel-id 100 mpls te bandwidth bc0 20000 mpls te reserved-for-binding mpls te commit # tunnel-policy policy1 tunnel binding destination 1.1.1.9 te tunnel1/0/0 # return l

Configuration file of CE1


# sysname CE1 # interface GigabitEthernet1/0/0 # interface GigabitEthernet2/0/0 # interface GigabitEthernet1/0/0.1 undo shutdown vlan-type dot1q 1 ip address 10.1.1.1 255.255.255.0 # interface GigabitEthernet2/0/0.1 undo shutdown vlan-type dot1q 4 ip address 20.1.1.1 255.255.255.0 # return

Configuration file of CE2


# sysname CE2 # interface GigabitEthernet1/0/0 # interface GigabitEthernet1/0/0.1 undo shutdown vlan-type dot1q 2 ip address 10.1.1.2 255.255.255.0 # return

Configuration file of CE3


# sysname CE3 # interface GigabitEthernet1/0/0 # interface GigabitEthernet1/0/0.1 undo shutdown vlan-type dot1q 3 ip address 20.1.1.2 255.255.255.0 # return

Issue 03 (2008-09-22)

Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd.

1-57

Quidway NetEngine80E/40E Core Router Configuration Guide - VPN

2 GRE Configuration

2
About This Chapter

GRE Configuration

This chapter describes the principle, application, and configuration of the GRE protocol. 2.1 Introduction This section describes the principle and concepts of the Generic Routing Encapsulation (GRE). 2.2 Configuring a GRE Tunnel This section describes how to configure a GRE tunnel. 2.3 Configuring a GRE Tunnel Between CE and PE This section describes how to configure a GRE tunnel between a CE and a PE. 2.4 Configuring the Keepalive Function This section describes how to configure the Keepalive function. 2.5 Configuration Examples This section provides several configuration examples for the GRE protocol.

Issue 03 (2008-09-22)

Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd.

2-1

2 GRE Configuration

Quidway NetEngine80E/40E Core Router Configuration Guide - VPN

2.1 Introduction
This section describes the principle and concepts of the Generic Routing Encapsulation (GRE). 2.1.1 GRE 2.1.2 GRE Features Supported by the NE80E/40E

2.1.1 GRE
GRE indicates the encapsulation of the packets of certain network layer protocols, such as IP and Internetwork Packet Exchange (IPX). After the encapsulation, these packets can be transmitted according to another network layer protocol, such as IP. GRE can serve as a Layer 3 tunneling protocol for VPNs. A tunnel is a virtual point-to-point connection. In addition, a tunnel can also be considered as a virtual interface that only supports point-to-point connection, which provides a path to transmit the encapsulated datagram. GRE encapsulates and decapsulates the datagram at both ends of the tunnel.
NOTE

The implementation of GRE in the NE80E/40E depends on the Tunnel Service Unit(TSU). For details, refer to the Quidway NetEngine80E/40E Router Hardware Description - Boards.

2.1.2 GRE Features Supported by the NE80E/40E


Connecting Discontinuous Sub-Networks to Establish a VPN
Using a GRE tunnel, you can connect discontinuous subnets to establish a VPN on a WAN. For example, the two VPN subnets of Site 1 and Site 2 are in different cities. You can connect the two subnets to construct a continuous VPN network by establishing the GRE tunnel on the area border devices. GRE can be applied to L2VPNs and L3VPNs in the following two modes:
l

CPE-based VPN: Both ends of a GRE tunnel are on the customer edge (CE) devices, as shown in Figure 2-1. Figure 2-1 GRE in CPE-based VPN

GRE tunnel VPN site1 CE PE VPN backbone VPN site2 PE CE

Network-based VPN: Both ends of a GRE tunnel are on the provider edge (PE) devices, as shown in Figure 2-2.
Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd. Issue 03 (2008-09-22)

2-2

Quidway NetEngine80E/40E Core Router Configuration Guide - VPN

2 GRE Configuration

Figure 2-2 GRE in Network-based VPN


VPN backbone GRE tunnel CE PE PE CE VPN site2

VPN site1

In general, an MPLS VPN backbone network uses the label switch path (LSP) as the public tunnel. When the core device on the backbone network (the P device) only provides IP functions and does not have MPLS functions, the PE devices have the MPLS functions. In this situation, the LSP cannot be used as the public tunnel, and is replaced with the GRE tunnel. The GRE tunnel provides Layer 3 or Layer 2 VPN solutions on the backbone network. Figure 2-3 shows the format of a private packet that is transmitted on the VPN backbone network. Figure 2-3 Format of GRE packet that contains the MPLS label
Public network IP header GRE header MPLS label Private network IP header Payload

Accessing MPLS VPN Through the GRE Tunnels


In an MPLS VPN, a direct physical link is often set up between a CE and a PE to enable the CE to access the VPN. CEs and PEs are located in the same network. In such a networking, bind the physical interface connected to the CE with the VPN on the PE. In the actual networking, not all CEs and PEs are directly connected through physical links. For example, the CE devices of multiple institutions that are connected to the Internet or are on the IP-based backbone network are distant in geographical locations from the PE devices. These CE devices are impossible to be directly connected to the PE device of the MPLS backbone network. As a result, it is impossible to access the sites within the MPLS VPN through Internet or IP backbone network. Figure 2-4 Diagram of a CE accessing the MPLS VPN backbone network through the IP-based backbone network
IP network GRE Tunnel CE PE

VPN Site

MPLS network PE CE

VPN Site

When the CE is not directly connected to the PE, create a logically direct connection to enable the CE to access the VPN. Create a GRE tunnel between the CE and the PE. In such a networking, on the PE, bind the VPN with the GRE tunnel between the PE and the CE. The GRE tunnel acts as a physical interface. When the GRE tunnel is used to access an MPLS VPN, the configuration of PEs involves the following three cases:
Issue 03 (2008-09-22) Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd. 2-3

2 GRE Configuration
l

Quidway NetEngine80E/40E Core Router Configuration Guide - VPN

The source interface of the GRE tunnel is bound to the VPN instance. The destination address of the GRE tunnel belongs to this VPN instance. The GRE tunnel is bound to the VPN instance. However, the source and destination addresses of the GRE tunnel do not belong to the VPN instance. The GRE tunnel is bound to a VPN instance (such as VPN1). The source interface of the GRE tunnel is bound to another VPN instance (such as VPN2). The GRE tunnel needs to traverse VPN2.

In the first case, the source and the destination addresses of the GRE tunnel are private network addresses. In applications, it is of no use creating a tunnel to a PE in a private network. Therefore, the first case does not exist in actual networks. The following sections cover the configuration procedures and examples in the second and third cases.

Applying a GRE Tunnel to an MPLS VPN Backbone Network


When the core device on a backbone network (the P device) provides only IP functions and does not have MPLS functions, an LSP cannot be used as the public tunnel between PEs that provide MPLS functions. In this situation, a GRE tunnel is used. For detailed configurations about GRE tunnels, refer to the chapter "VPN Tunnel Management Configuration." For detailed configuration examples, refer to the chapters "BGP MPLS IP VPN Configuration" and "VLL Configuration."

Keepalive Function
GRE cannot detect the link status. If the remote interface is unreachable, the tunnel cannot disconnect the tunnel link in time. Therefore, the source interface keeps on sending data to the remote interface, but the remote keeps on discarding all packets. Then, the "black hole" appears. The GRE keepalive function allows GRE tunnel to detect the tunnel status. Once the remote end is unreachable, the tunnel is disconnected to avoid the "black hole". After the Keepalive function is enabled on the source end of the GRE tunnel, a timer is created to periodically send Keepalive probe packets. At the same time, the retry times counting is started. Each time a probe packet is sent, the retry time is increased by one. After receiving a probe packet, the remote end sends a response packet to the source end. If the source end receives a response packet before the counter reaches the preset value, the remote end is reachable. If the counter on the source end reaches the preset value, the retry times, but the source end does not receive the response packet, the remote end is unreachable. If so, the tunnel connection is disabled on the source end.

Other Features
GRE provides two types of simple security mechanisms:
l

Checksum authentication that implements end-to-end authentication for encapsulated packets Key authentication that authenticates packets on the tunnel interface

The Generic Routing Encapsulation (GRE) of RFC 1701 stipulates that: If the checksum bit exists in the GRE header, the checksum is valid. The sender calculates the checksum based on the GRE header and the payload and sends the checksum packet to the remote side. The receiver,
2-4 Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd. Issue 03 (2008-09-22)

Quidway NetEngine80E/40E Core Router Configuration Guide - VPN

2 GRE Configuration

on the other hand, calculates the checksum of the received packet and compares the checksum with that in the packet. If the two checksums are the same, the packet is forwarded. Otherwise, the packet is discarded. Based on the requirements, you can decide whether the checksum should be configured and triggered on both ends of a tunnel. If the checksum is configured on the local end but not on the remote end, the local end does not check the checksum of the received packets. If the checksum is configured on the remote end but not on the local end, the local end checks the checksum of the packets from the remote end. The RFC 1701 also stipulates that: If the key bit exists in the GRE header, the sender and the receiver implements key authentication on the tunnel. Only when the key is configured the same on both ends of a tunnel, the authentication succeeds. Otherwise, the packet is discarded.
NOTE

At present, the NE80E/40E supports the key authentication only.

2.2 Configuring a GRE Tunnel


This section describes how to configure a GRE tunnel. 2.2.1 Establishing the Configuration Task 2.2.2 Configuring the Loopback Interface Bound to GRE 2.2.3 Configuring a Tunnel Interface 2.2.4 Configuring Routes for the Tunnel 2.2.5 Configuring GRE Security Options 2.2.6 Checking the Configuration

2.2.1 Establishing the Configuration Task


Applicable Environment
To set up a GRE tunnel, create a tunnel interface first, and then configure GRE functions on the tunnel interface. After deleting the tunnel interface, you delete all configurations on the interface.

Pre-configuration Tasks
Before setting up a GRE tunnel, you need ensure the IP connectivity between the source interface and the destination interface.

Data Preparation
To set up a GRE tunnel, you need the following data. No. 1
Issue 03 (2008-09-22)

Data Number of the tunnel interface


Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd. 2-5

2 GRE Configuration

Quidway NetEngine80E/40E Core Router Configuration Guide - VPN

No. 2 3 4

Data Source address and destination address of the tunnel IP address of the tunnel interface Key of the tunnel interface

2.2.2 Configuring the Loopback Interface Bound to GRE


Context
Do as follows on devices on both ends of a tunnel.

Procedure
Step 1 Run:
system-view

The system view is displayed. Step 2 Run:


interface loopback interface-number

A loopback interface is created and the loopback interface view is displayed. Step 3 Run:
ip address ip-address { mask | mask-length }

The IP address is set for the loopback interface. For the loopback interface that acts as the source interface of the GRE tunnel, the IP address must be a 32-bit IP address of the host. Otherwise, the GRE tunnel cannot be set up. Step 4 Run:
target-board slot-number

The mapping from the interface to the tunnel service unit is set. Step 5 Run:
binding tunnel gre

The GRE protocol is bound to the interface. ----End

Postrequisite
After a loopback interface is created, you need to configure IP address for the interface, configure the mapping from the interface to the tunnel service unit and bind the GRE protocol on the interface. In this manner, when a packet to the loopback interface is received, the packet is directly sent to the tunnel service unit.
2-6 Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd. Issue 03 (2008-09-22)

Quidway NetEngine80E/40E Core Router Configuration Guide - VPN

2 GRE Configuration

2.2.3 Configuring a Tunnel Interface


Context
Do as follows on routers on two ends of a tunnel.

Procedure
Step 1 Run:
system-view

The system view is displayed. Step 2 Run:


interface tunnel interface-number

A tunnel interface is created and the tunnel interface view is displayed.


NOTE

When creating a tunnel interface for a GRE tunnel, you need ensure that the slot number of the tunnel interface is the same as that of the TSU, which is bound to the loopback interface that serves as the source interface of the tunnel.

Step 3 Run:
tunnel-protocol gre

The tunnel is encapsulated with GRE. Step 4 Run:


source { source-ip-address | loopback interface-number }

The source address or source interface of the tunnel is configured. You can use the loopback interface-number command or the loopback source-ip-address command to specify the source address of a GRE tunnel. The source address, however, must be the address of the loopback interface bound to the TSU. You can run the target-board command to bind the loopback interface with the TSU. Step 5 Run:
destination [ vpn-instance vpn-instance-name ] ip-address

The destination address of the tunnel is configured. After a tunnel interface is created, you need to specify the source and destination addresses of the tunnel. The source address is the address of the loopback interface that sends the GRE packets, while the destination address is the IP address of the loopback interface that receives the GRE packets. Step 6 (Optional) Run:
mtu mtu-value

The Maximum Transmission Unit (MTU) of the tunnel interface can be modified. The new MTU takes effect only after you run the shutdown and the undo shutdown commands in succession on the interface. Step 7 Choose one of the following commands to configure the IP address of the tunnel interface.
Issue 03 (2008-09-22) Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd. 2-7

2 GRE Configuration
l

Quidway NetEngine80E/40E Core Router Configuration Guide - VPN

Run the ip address ip-address { mask | mask-length } [ sub ] command to configure the IP address of the tunnel interface. Run the ip address unnumbered interface interface-type interface-number command to configure IP unnumbered for the tunnel interface.

To support dynamic routing protocols on a tunnel, you must configure a network address for the tunnel interface. The network address of the tunnel interface may not be a public address, but should be in the same network segment on both ends of the tunnel. By default, the network address of the tunnel interface is not set. ----End

2.2.4 Configuring Routes for the Tunnel


Context
Do as follows on devices on two ends of a tunnel.
NOTE

The packets encapsulated with GRE are forwarded correctly only if the routes passing through the tunnel are available on both the source and destination routers.

Procedure
Step 1 Run:
system-view

The system view is displayed. Step 2 Choose one of the following methods to configure routes passing through the tunnel interface.
l

Run the ip route-static dest-ip-address { mask | mask-length } tunnel interface-number [ description text ] command to configure a static route. Configure the static route on both ends of the tunnel. In this command, the destination address is neither the destination address of the tunnel nor the address of the opposite tunnel interface, but the destination address of the packet that is not encapsulated with GRE. The outgoing interface must be the local tunnel interface.

Configure dynamic routes using IGP or BGP. The detailed procedure is not mentioned here. When configuring a dynamic routing protocol, enable the dynamic routing protocol on both the tunnel interface and the interface connected to the private network. To ensure proper routing, do not choose the tunnel interface as the next hop when configuring the route to the physical or logical interface of the destination tunnel. In practical configurations, different routing protocols or different processes of the same routing protocol should be used for tunnel interfaces and physical interfaces connected to the public network. In this manner, you can avoid selecting a tunnel interface as an outbound interface for packets destined for the destination of the tunnel. In addition, you can avoid a physical interface from forwarding user packets that should be forwarded by the tunnel.

----End

2.2.5 Configuring GRE Security Options


2-8 Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd. Issue 03 (2008-09-22)

Quidway NetEngine80E/40E Core Router Configuration Guide - VPN

2 GRE Configuration

Context
Do as follows on routers on two ends of a tunnel.

Procedure
Step 1 Run:
system-view

The system view is displayed. Step 2 Run: interface tunnel interface-number The tunnel interface view is displayed. Step 3 Run:
gre key key-number

The key is set for the tunnel interface. If keys are set for tunnel interfaces on two ends of the tunnel, ensure they have the same key number. Alternatively, you may not set the keys for tunnel interfaces on two ends of the tunnel. By default, the key is not configured. ----End

2.2.6 Checking the Configuration


Run the following commands to check the previous configuration. Action Check the running status of the tunnel interface. Check the routing table. Check whether two ends of the tunnel can ping through each other. Command display interface tunnel [ interfacenumber ] display ip routing-table ping -a source-ip-address dest-ip-address

Run the display interface tunnel command. If the tunnel interface is Up, it means the configuration succeeds. For example:
<Quidway> display interface Tunnel 1/0/0 Tunnel1/0/0 current state : UP Line protocol current state : UP Description : HUAWEI, Quidway Series, Tunnel1/0/0 Interface The Maximum Transmit Unit is 1500 bytes Internet Address is 40.1.1.1/24 Encapsulation is TUNNEL, loopback not set Tunnel source 20.1.1.1 (LoopBack1), destination 30.1.1.2 Tunnel protocol/transport GRE/IP, key disabled keepalive disabled Checksumming of packets disabled QoS max-bandwidth : 64 Kbps

Issue 03 (2008-09-22)

Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd.

2-9

2 GRE Configuration

Quidway NetEngine80E/40E Core Router Configuration Guide - VPN


300 seconds input rate 31776024 bytes/sec, 31776152 packets/sec 300 seconds output rate 31776024 bytes/sec, 31776152 packets/sec 511 packets input, 46339 bytes 0 input error 508 packets output, 46015 bytes 0 output error

Run the display ip routing-table command. If the route transmitted through the tunnel interface exists in the routing table, it means the configuration succeeds. For example:
[Quidway] display ip routing-table Route Flags: R - relied, D - download to fib -----------------------------------------------------------------------------Routing Tables: Public Destinations : 11 Routes : 11 Destination/Mask Proto Pre Cost Flags NextHop Interface 10.1.1.0/24 Direct 0 0 D 10.1.1.2 GigabitEthernet2/0/0 10.1.1.2/32 Direct 0 0 D 127.0.0.1 InLoopBack0 10.2.1.0/24 Static 60 0 D 40.1.1.1 Tunnel1/0/1 20.1.1.0/24 Direct 0 0 D 20.1.1.1 Pos1/0/0 20.1.1.1/32 Direct 0 0 D 127.0.0.1 InLoopBack0 20.1.1.2/32 Direct 0 0 D 20.1.1.2 Pos1/0/0 30.1.1.0/24 OSPF 10 2 D 20.1.1.2 Pos1/0/0 40.1.1.0/24 Direct 0 0 D 40.1.1.1 Tunnel1/0/1 40.1.1.1/32 Direct 0 0 D 127.0.0.1 InLoopBack0 127.0.0.0/8 Direct 0 0 D 127.0.0.1 InLoopBack0 127.0.0.1/32 Direct 0 0 D 127.0.0.1 InLoopBack0

Run the ping -a source-ip-address dest-ip-address command, and you can find that the ping from the local tunnel interface to the destination tunnel succeeds.

2.3 Configuring a GRE Tunnel Between CE and PE


This section describes how to configure a GRE tunnel between a CE and a PE. 2.3.1 Establishing the Configuration Task 2.3.2 Configuring the GRE Tunnel Interface on CE 2.3.3 Configuring the GRE Tunnel Interface on PE 2.3.4 Binding the Tunnel with VPN to Which CE belongs on PE 2.3.5 Checking the Configuration

2.3.1 Establishing the Configuration Task


Applicable Environment
To allow users of the CE that is not directly connected with a PE to access the Multi-Protocol Label Switching (MPLS) VPN, configure a GRE tunnel and create routes between them and configure MPLS VPN on the PE. A GRE tunnel needs to be created between a CE and a PE in the following two cases:
l l

A CE interconnects with a PE through the public network. A CE interconnects with a PE through the VPN of a second carrier.
Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd. Issue 03 (2008-09-22)

2-10

Quidway NetEngine80E/40E Core Router Configuration Guide - VPN

2 GRE Configuration

Pre-configuration Tasks
Before configuring a GRE tunnel between a CE and a PE, complete the following tasks:
l l l

Assigning IP addresses for interfaces on the CE and PE Configuring the routes between the CE and PE Configuring the VPN that the GRE tunnel needs to pass through

Data Preparation
To configure a GRE tunnel between a CE and a PE, you need the following data. No. 1 2 3 4 5 Data Number of the GRE tunnel interface specified on the CE Source address and destination address of the GRE tunnel interface specified on the CE Number of the GRE tunnel interface specified on the PE Source address and destination address of the GRE tunnel interface specified on the PE Name of the VPN that the GRE tunnel needs to pass through

2.3.2 Configuring the GRE Tunnel Interface on CE


Context
Do as follows on the router.

Procedure
Step 1 Run:
system-view

The system view is displayed. Step 2 Run:


interface loopback number

A loopback interface is created and the loopback interface view is displayed. Step 3 Run:
ip address ip-address { mask | mask-length }

The IP address of the loopback interface is set. Step 4 Run:


target-board slot-number

The mapping between the interface and the TSU is set.


Issue 03 (2008-09-22) Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd. 2-11

2 GRE Configuration

Quidway NetEngine80E/40E Core Router Configuration Guide - VPN

Step 5 Run:
binding tunnel gre

The interface is bound to the GRE protocol. Step 6 Run:


interface tunnel interface-number

The tunnel interface is created and the tunnel interface view is displayed. Step 7 Run:
tunnel-protocol gre

The tunnel is encapsulated as a GRE tunnel. Step 8 Run:


source { source-ip-address | loopback interface-number }

The source address or source interface of the tunnel interface is configured. The source address of the tunnel is the address of the specified loopback interface. In addition, the source address of the tunnel specified on the CE and the destination address of the tunnel specified on the PE should be the same. The destination address of the tunnel specified on the CE and the source address of the tunnel specified on the PE should be the same. Step 9 Run:
destination ip-address

The destination address of the tunnel interface is configured. Step 10 (Optional) Run:
mtu mtu-value

The MTU of the interface can be modified. The new MTU takes effect only after you run the shutdown and the undo shutdown commands in succession on the interface. Step 11 Choose one of the following commands to configure the IP address of the tunnel interface.
l

Run the ip address ip-address { mask | mask-length } [ sub ] command to configure the IP address of the tunnel interface. Run the ip address unnumbered interface interface-type interface-number command to configure IP unnumbered for the tunnel interface.

----End

2.3.3 Configuring the GRE Tunnel Interface on PE


Context
Do as follows on the router:

Procedure
Step 1 Run:
system-view

The system view is displayed.


2-12 Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd. Issue 03 (2008-09-22)

Quidway NetEngine80E/40E Core Router Configuration Guide - VPN

2 GRE Configuration

Step 2 Run:
interface loopback number

A loopback interface is created and the loopback interface view is displayed. Step 3 Run:
ip address ip-address { mask | mask-length }

The IP address of the loopback interface is set. Step 4 Run:


target-board slot-number

The mapping between the interface and the TSU is set. Step 5 Run:
binding tunnel gre

The interface is bound to the GRE protocol. Step 6 Run:


interface tunnel interface-number

The tunnel interface is created and the tunnel interface view is displayed. Step 7 Run:
tunnel-protocol gre

The tunnel is encapsulated as a GRE tunnel. Step 8 Run:


source { source-ip-address | interface-type interface-number }

The source address or source interface of the tunnel interface is configured. The source address of the tunnel is the address of the specified loopback interface. In addition, the source address of the tunnel specified on the CE and the destination address of the tunnel specified on the PE should be the same. The destination address of the tunnel specified on the CE and the source address of the tunnel specified on the PE should be the same. Step 9 Run:
destination [ vpn-instance vpn-instance-name ] ip-address

The destination address of the tunnel interface is configured. If the tunnel passes through another VPN, specify the parameter vpn-instance vpn-instancename. If the tunnel passes through the public network, the parameter is not required. Step 10 (Optional) Run:
mtu mtu-value

The MTU of the interface can be modified. The new MTU takes effect only after you run the shutdown and the undo shutdown commands in succession on the interface. ----End

2.3.4 Binding the Tunnel with VPN to Which CE belongs on PE


Issue 03 (2008-09-22) Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd. 2-13

2 GRE Configuration

Quidway NetEngine80E/40E Core Router Configuration Guide - VPN

Context
Do as follows on the router.

Procedure
Step 1 Run:
system-view

The system view is displayed. Step 2 Run:


interface tunnel interface-number

The tunnel interface is created and the tunnel interface view is displayed. Step 3 Run:
ip binding vpn-instance vpn-instance-name

Bind the tunnel with the VPN instance. Step 4 Choose one of the following commands to configure the IP address of the tunnel interface.
l

Run the ip address ip-address { mask | mask-length } [ sub ] command to configure the IP address of the tunnel interface. Run the ip address unnumbered interface interface-type interface-number command to configure the IP unnumbered address of the tunnel interface.

----End

2.3.5 Checking the Configuration


Run the following commands to check the previous configuration. Action Check information about the tunnel interface. Check the VPN routing table on PE. Check the routing table on CE. Check whether the two ends of the tunnel can ping through each other. Command display interface tunnel [ interfacenumber ] display ip routing-table vpn-instance vpninstance-name display ip routing-table ping -a source-ip-address dest-ip-address

Run the display interface tunnel command. If the tunnel interface is Up, it means the configuration succeeds. Take the PE as an example:
<Quidway> display interface Tunnel 1/0/0 Tunnel1/0/0 current state : UP Line protocol current state : UP Description : HUAWEI, Quidway Series, Tunnel1/0/0 Interface The Maximum Transmit Unit is 1500 bytes Internet Address is 40.1.1.1/24 Encapsulation is TUNNEL, loopback not set

2-14

Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd.

Issue 03 (2008-09-22)

Quidway NetEngine80E/40E Core Router Configuration Guide - VPN

2 GRE Configuration

Tunnel source 20.1.1.1 (loopback1), destination 30.1.1.2 Tunnel protocol/transport GRE/IP, key disabled keepalive disabled Checksumming of packets disabled QoS max-bandwidth : 64 Kbps 300 seconds input rate 31776024 bytes/sec, 31776152 packets/sec 300 seconds output rate 31776024 bytes/sec, 31776152 packets/sec 511 packets input, 46339 bytes 0 input error 508 packets output, 46015 bytes 0 output error

2.4 Configuring the Keepalive Function


This section describes how to configure the Keepalive function. 2.4.1 Establishing the Configuration Task 2.4.2 Enabling the Keep-alive Function 2.4.3 Checking the Configuration

2.4.1 Establishing the Configuration Task


Application Environment
The Keep-alive function is used to test the status of a GRE tunnel. If the remote end is found unreachable, the tunnel is disconnected on time to avoid data hole. Figure 2-5 GRE tunnel supporting Keep-alive

Source Router A

Internet GRE tunnel

Destination Router B

Pre-configuration Tasks
Before configuring the Keep-alive function, complete the following tasks:
l l l

Configuring the link layer attributes of the interfaces Assigning the IP addresses for the interfaces Establishing the GRE tunnel and keeping the tunnel up

Data Preparation
To configure the Keep-alive function, you need the following data. No. 1
Issue 03 (2008-09-22)

Data Interval for sending Keep-alive messages


Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd. 2-15

2 GRE Configuration

Quidway NetEngine80E/40E Core Router Configuration Guide - VPN

No. 2

Data Retry times of the unreachable timer

2.4.2 Enabling the Keep-alive Function


Context
Do as follows on the routers that need the Keep-alive function.

Procedure
Step 1 Run:
system-view

The system view is displayed. Step 2 Run:


interface tunnel interface-number

The tunnel interface view is displayed. Step 3 Run:


keepalive [ period period ] [ retry-times retry-times ]

The Keep-alive function is enabled. The Keep-alive function of a GRE tunnel is unidirectional. To provide the Keep-alive function on both ends, you must enable the Keep-alive function on both ends of a GRE tunnel. One end can be configured with the Keep-alive function regardless of whether the peer supports the Keepalive function or not. It is recommended to enable the Keep-alive function on both ends of a tunnel.
TIP

Before configuring the tunnel policy and the GRE tunnel for the VPN, enable the Keep-alive function for the GRE tunnel. In this manner, the VPN does not select the unreachable GRE tunnel at the remote end, and the data loss can be avoided. The reasons for enabling the Keep-alive function are as below:
l l

If the Keep-alive function is not enabled, the local tunnel interface may still be Up regardless of whether data reaches the remote end. If the Keep-alive function is enabled on the local end, the local tunnel interface is set Down when the remote end is unreachable. Therefore, in cast that the remote end is not reachable, the VPN does not select the unreachable GRE tunnel and the data is not lost.

----End

2.4.3 Checking the Configuration

2-16

Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd.

Issue 03 (2008-09-22)

Quidway NetEngine80E/40E Core Router Configuration Guide - VPN

2 GRE Configuration

CAUTION
Debugging affects the performance of the system. Therefore, after the debugging, execute the undo debugging all command to disable it immediately. For the procedure of displaying the debugging information, refer to the chapter "Maintenance and Debugging" in the Quidway NetEngine80E/40E Router Configuration Guide - System Management. Run the following command to check the previous configuration. Action Check the Keep-alive packets and keep-alive response packets sent and received by the GRE tunnel interface. Check the Keep-alive function of GRE tunnel. Command display keepalive packets count

debugging tunnel keepalive

Run the display keepalive packets count command on the tunnel interface that is enabled with the Keep-alive function, and you can find the number of sent Keep-alive packets and received Keep-alive response packets on both the local end and the remote end. If the Keep-alive function is successfully configured on the local tunnel interface, the number of Keep-alive packets or Keep-alive response packets sent and received by the local end is not 0.
[Quidway-Tunnel1/0/0] display keepalive packets count Send 34 keepalive packets to peers, Receive 34 keepalive response packets from peers Receive 0 keepalive packets from peers, Send 0 keepalive response packets to peers

Run the debugging tunnel keepalivecommand. If the configuration succeeds, you can view information similar to the following example:
<Quidway> debugging tunnel keepalive *0.21628063 RouterA TUNNEL/7/debug:GRE_KEEP:Judge keepalive finished. Keepalive packet from peer router. *0.21628064 RouterA TUNNEL/7/debug:GRE_FWD: Receive peer keepalive on mainboard successfully. Put into decapsulation. *0.21628064 RouterA TUNNEL/7/debug:Slot=1;GRE_KEEP:Judge keepalive finished. Ke epalive packet from peer router. *0.21628064 RouterA TUNNEL/7/debug:Slot=1;GRE_FWD: IO board received keepalive packet, resend to mainboard.

2.5 Configuration Examples


This section provides several configuration examples for the GRE protocol. 2.5.1 Example for Configuring Static Routes for GRE 2.5.2 Example for Configuring a Dynamic Routing Protocol for GRE 2.5.3 Example for Configuring CE Users to Access a MPLS VPN Through a GRE Tunnel Traversing the Public Network 2.5.4 Example for Configuring CE Users to Access an MPLS VPN Through a GRE Tunnel Traversing Another VPN
Issue 03 (2008-09-22) Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd. 2-17

2 GRE Configuration

Quidway NetEngine80E/40E Core Router Configuration Guide - VPN

2.5.5 Example for Configuring the Keepalive Function for GRE

2.5.1 Example for Configuring Static Routes for GRE


Networking Requirements
As shown in Figure 2-6, Router A, Router B, and Router C belong to the VPN backbone network and OSPF runs between them. GRE is used between Router A and Router C for interworking between PC 1 and PC 2. PC1 takes Router A as default gateway, and PC2 takes Router C as the default gateway. Figure 2-6 Networking diagram of GRE static routes configuration
RouterB
POS1/0/0 20.1.1.2/24 Loopback1 1.1.1.9/32 POS1/0/0 20.1.1.1/24 POS1/0/0 30.1.1.2/24 POS2/0/0 30.1.1.1/24 Loopback1 2.2.2.9/32

RouterA
GE2/0/0 10.1.1.2/24

Tunnel
Tunnel5/0/1 40.1.1.1/24 Tunnel5/0/1 40.1.1.2/24

RouterC
GE2/0/0 10.2.1.2/24

PC1
10.1.1.1/24

PC2
10.2.1.1/24

Configuration Roadmap
The configuration roadmap is as follows: 1. 2. Configure dynamic routing protocols on the routers to implement interconnection between routers. Configure the loopback interfaces of the tunnel on Router A and Router C. Specify the source and destination addresses of a tunnel when the tunnel interface is created. Note that the source address of the tunnel is the IP address of the loopback interface that sends the packets; the destination address of the tunnel is the IP address of the loopback interface that receives the packets. Configure static routes from Router A and Router C to PC1 and PC2 respectively to transmit the traffic between PC1 and PC2 through the GRE tunnel. The outbound interface is the tunnel interface of the local end.

3.

Data Preparation
To complete the configuration, you need the following data:
2-18 Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd. Issue 03 (2008-09-22)

Quidway NetEngine80E/40E Core Router Configuration Guide - VPN


l l l l

2 GRE Configuration

Data for running OSPF Loopback interfaces on both ends of the tunnel Source and destination addresses of the GRE tunnel IP addresses of the tunnel interfaces on both ends

Configuration Procedure
1. Assign an IP address to each interface. Configure the IP address to each physical and loopback interface as shown in Figure 2-6. Run the undo shutdown command to change each physical interface to Up. The details of the configuration are not mentioned here. 2. Configure an IGP on the VPN backbone network. # Configure Router A.
[RouterA] ospf 1 [RouterA-ospf-1] area 0 [RouterA-ospf-1-area-0.0.0.0] network 20.1.1.0 0.0.0.255 [RouterA-ospf-1-area-0.0.0.0] network 1.1.1.9 0.0.0.0 [RouterA-ospf-1-area-0.0.0.0] quit [RouterA-ospf-1] quit

# Configure Router B.
[RouterB] ospf 1 [RouterB-ospf-1] area 0 [RouterB-ospf-1-area-0.0.0.0] network 20.1.1.0 0.0.0.255 [RouterB-ospf-1-area-0.0.0.0] network 30.1.1.0 0.0.0.255 [RouterB-ospf-1-area-0.0.0.0] quit [RouterB-ospf-1] quit

# Configure Router C.
[RouterC] ospf 1 [RouterC-ospf-1] area 0 [RouterC-ospf-1-area-0.0.0.0] network 30.1.1.0 0.0.0.255 [RouterC-ospf-1-area-0.0.0.0] network 2.2.2.9 0.0.0.0 [RouterC-ospf-1-area-0.0.0.0] quit [RouterC-ospf-1] quit

After the configuration, run the display ip routing-table command on Router A and Router C. You can find that they learn the OSPF route to the network segment address of the remote loopback interface. Take Router A as an example.
[RouterA] display ip routing-table Route Flags: R - relied, D - download to fib -----------------------------------------------------------------------------Routing Tables: Public Destinations : 10 Routes : 10 Destination/Mask Proto Pre Cost Flags NextHop Interface 1.1.1.9/32 Direct 0 0 D 127.0.0.1 InLoopBack0 2.2.2.9/24 OSPF 10 2 D 20.1.1.2 Pos1/0/0 10.1.1.0/24 Direct 0 0 D 10.1.1.2 GigabitEthernet2/0/0 10.1.1.2/32 Direct 0 0 D 127.0.0.1 InLoopBack0 20.1.1.0/24 Direct 0 0 D 20.1.1.1 Pos1/0/0 20.1.1.1/32 Direct 0 0 D 127.0.0.1 InLoopBack0 20.1.1.2/32 Direct 0 0 D 20.1.1.2 Pos1/0/0 30.1.1.0/24 OSPF 10 2 D 20.1.1.2 Pos1/0/0 127.0.0.0/8 Direct 0 0 D 127.0.0.1 InLoopBack0 127.0.0.1/32 Direct 0 0 D 127.0.0.1 InLoopBack0

3.

Configure the tunnel interface. # Configure Router A.


[RouterA] interface loopback1

Issue 03 (2008-09-22)

Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd.

2-19

2 GRE Configuration

Quidway NetEngine80E/40E Core Router Configuration Guide - VPN


[RouterA-LoopBack1] target-board 5 [RouterA-LoopBack1] binding tunnel gre [RouterA-LoopBack1] quit [RouterA] interface tunnel 5/0/1 [RouterA-Tunnel5/0/1] tunnel-protocol gre [RouterA-Tunnel5/0/1] ip address 40.1.1.1 255.255.255.0 [RouterA-Tunnel5/0/1] source loopback 1 [RouterA-Tunnel5/0/1] destination 2.2.2.9 [RouterA-Tunnel5/0/1] quit

# Configure Router C.
[RouterC] interface loopback1 [RouterC-LoopBack1] target-board 5 [RouterC-LoopBack1] binding tunnel gre [RouterC-LoopBack1] quit [RouterC] interface tunnel 5/0/1 [RouterC-Tunnel5/0/1] tunnel-protocol gre [RouterC-Tunnel5/0/1] ip address 40.1.1.2 255.255.255.0 [RouterC-Tunnel5/0/1] source loopback 1 [RouterC-Tunnel5/0/1] destination 1.1.1.9 [RouterC-Tunnel5/0/1] quit

After the configuration, the tunnel interfaces is in the Up state, and the ping between the tunnel interfaces succeeds. Take Router A as an example:
[RouterA] ping -a 40.1.1.1 40.1.1.2 PING 40.1.1.2: 56 data bytes, press CTRL_C to break Reply from 40.1.1.2: bytes=56 Sequence=1 ttl=255 time=24 Reply from 40.1.1.2: bytes=56 Sequence=2 ttl=255 time=33 Reply from 40.1.1.2: bytes=56 Sequence=3 ttl=255 time=48 Reply from 40.1.1.2: bytes=56 Sequence=4 ttl=255 time=33 Reply from 40.1.1.2: bytes=56 Sequence=5 ttl=255 time=36 --- 40.1.1.2 ping statistics --5 packet(s) transmitted 5 packet(s) received 0.00% packet loss round-trip min/avg/max = 24/34/48 ms ms ms ms ms ms

4.

Configure a static route. # Configure Router A.


[RouterA] ip route-static 10.2.1.0 255.255.255.0 Tunnel 5/0/1

# Configure Router C.
[RouterC] ip route-static 10.1.1.0 255.255.255.0 Tunnel 5/0/1

After the configuration, run the display ip routing-table command on Router A and Router C. You can find the static route to the network segment of the remote user end through the tunnel interface. Take Router A as an example:
[RouterA] display ip routing-table Route Flags: R - relied, D - download to fib -----------------------------------------------------------------------------Routing Tables: Public Destinations : 13 Routes : 13 Destination/Mask Proto Pre Cost Flags NextHop Interface 1.1.1.9/32 Direct 0 0 D 127.0.0.1 InLoopBack0 2.2.2.9/24 OSPF 10 3 D 20.1.1.2 Pos1/0/0 10.1.1.0/24 Direct 0 0 D 10.1.1.2 GigabitEthernet2/0/0 10.1.1.2/32 Direct 0 0 D 127.0.0.1 InLoopBack0 10.2.1.0/24 Static 60 0 D 40.1.1.1 Tunnel5/0/1 20.1.1.0/24 Direct 0 0 D 20.1.1.1 Pos1/0/0 20.1.1.1/32 Direct 0 0 D 127.0.0.1 InLoopBack0 20.1.1.2/32 Direct 0 0 D 20.1.1.2 Pos1/0/0 30.1.1.0/24 OSPF 10 2 D 20.1.1.2 Pos1/0/0 40.1.1.0/24 Direct 0 0 D 40.1.1.1 Tunnel5/0/1

2-20

Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd.

Issue 03 (2008-09-22)

Quidway NetEngine80E/40E Core Router Configuration Guide - VPN


40.1.1.1/32 127.0.0.0/8 127.0.0.1/32 Direct 0 Direct 0 Direct 0 0 0 0 D D D 127.0.0.1 127.0.0.1 127.0.0.1

2 GRE Configuration
InLoopBack0 InLoopBack0 InLoopBack0

The ping from PC1 to PC2 and from PC2 to PC1 succeeds.

Configuration Files
l

Configuration file of Router A


# sysname RouterA # interface GigabitEthernet2/0/0 undo shutdown ip address 10.1.1.2 255.255.255.0 # interface Pos1/0/0 undo shutdown link-protocol ppp ip address 20.1.1.1 255.255.255.0 # interface LoopBack1 ip address 1.1.1.9 255.255.255.255 target-board 5 binding tunnel gre # interface Tunnel5/0/1 tunnel-protocol gre ip address 40.1.1.1 255.255.255.0 source LoopBack1 destination 2.2.2.9 # ospf 1 area 0.0.0.0 network 20.1.1.0 0.0.0.255 network 1.1.1.9 0.0.0.0 # ip route-static 10.2.1.0 255.255.255.0 Tunnel5/0/1 # return

Configuration file of Router B


# sysname RouterB # interface Pos1/0/0 undo shutdown link-protocol ppp ip address 20.1.1.2 255.255.255.0 # interface Pos2/0/0 undo shutdown link-protocol ppp ip address 30.1.1.1 255.255.255.0 # ospf 1 area 0.0.0.0 network 20.1.1.0 0.0.0.255 network 30.1.1.0 0.0.0.255 # return

Configuration file of Router C


# sysname RouterC # interface GigabitEthernet2/0/0 undo shutdown ip address 10.2.1.2 255.255.255.0

Issue 03 (2008-09-22)

Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd.

2-21

2 GRE Configuration

Quidway NetEngine80E/40E Core Router Configuration Guide - VPN


# interface Pos1/0/0 undo shutdown link-protocol ppp ip address 30.1.1.2 255.255.255.0 # interface LoopBack1 ip address 2.2.2.9 255.255.255.255 target-board 5 binding tunnel gre # interface Tunnel5/0/1 tunnel-protocol gre ip address 40.1.1.2 255.255.255.0 source LoopBack1 destination 1.1.1.9 # ospf 1 area 0.0.0.0 network 30.1.1.0 0.0.0.255 network 2.2.2.9 0.0.0.0 # ip route-static 10.1.1.0 255.255.255.0 Tunnel5/0/1 # return

2.5.2 Example for Configuring a Dynamic Routing Protocol for GRE


Networking Requirements
In Figure 2-7, Router A, Router B and Router C belong to the VPN backbone network and OSPF runs between them. GRE is used between Router A and Router C for interworking between PC1 and PC2. PC1 takes Router A as default gateway, and PC2 takes Router C as default gateway. OSPF is enabled on the tunnel interface. The OSPF process 1 is used for the VPN backbone network and the OSPF process 2 is used for user access. Figure 2-7 Networking diagram of GRE dynamic routing protocol configuration
RouterB
POS1/0/0 20.1.1.2/24 Loopback1 1.1.1.9/32 POS2/0/0 30.1.1.1/24

OSPF 1
POS1/0/0 20.1.1.1/24 Tunnel5/0/1 40.1.1.1/24 POS1/0/0 30.1.1.2/24 Tunnel5/0/1 40.1.1.2/24

Loopback1 2.2.2.9/32

RouterA

RouterC

Tunnel

GE2/0/0 10.1.1.2/24

GE2/0/0 10.2.1.2/24

OSPF 2
10.1.1.1/24

OSPF 2
10.2.1.1/24

PC1

PC2

2-22

Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd.

Issue 03 (2008-09-22)

Quidway NetEngine80E/40E Core Router Configuration Guide - VPN

2 GRE Configuration

Configuration Roadmap
The configuration roadmap is as follows: 1. 2. 3. Configure IGP on routers in the backbone network and using the OSPF process 1. Create a GRE tunnel between Router A and Router B. Configure OSPF on the network segment between PC and the backbone network and using the OSPF process 2.

Data Preparation
To complete the configuration, you need the following data:
l l l

Source address and destination address on both ends of the GRE tunnel Loopback interface addresses on both ends of the tunnel IP addresses of tunnel interfaces on both ends

Configuration Procedure
1. Configure an IP address for each interface. Configure the IP address for each interface as shown in Figure 2-7. Run the undo shutdown command to change each physical interface to Up. The details of the configuration are not mentioned here. 2. Configure an IGP of the VPN backbone network. The configuration is the same as that of "2.5.1 Example for Configuring Static Routes for GRE" and is not mentioned here. 3. 4. Configure the tunnel interface. For details, see the section "2.5.1 Example for Configuring Static Routes for GRE." Enable OSPF on the tunnel interface. # Configure Router A.
[RouterA] ospf 2 [RouterA-ospf-2] area 0 [RouterA-ospf-2-area-0.0.0.0] network 40.1.1.0 0.0.0.255 [RouterA-ospf-2-area-0.0.0.0] network 10.1.1.0 0.0.0.255 [RouterA-ospf-2-area-0.0.0.0] quit [RouterA-ospf-2] quit

# Configure Router C.
[RouterC] ospf 2 [RouterC-ospf-2] area 0 [RouterC-ospf-2-area-0.0.0.0] network 40.1.1.0 0.0.0.255 [RouterC-ospf-2-area-0.0.0.0] network 10.2.1.0 0.0.0.255 [RouterC-ospf-2-area-0.0.0.0] quit [RouterC-ospf-2] quit

After the configuration, run the display ip routing-table command on Router A and Router C. You can find the OSPF route to the network segment of the remote user end through the tunnel interface. Moreover, the next hop to the destination IP address of the physical interface (30.1.1.0/24) of the tunnel is not the tunnel interface. Take Router A as an example:
[RouterA] display ip routing-table Route Flags: R - relied, D - download to fib -----------------------------------------------------------------------------Routing Tables: Public Destinations : 13 Routes : 13

Issue 03 (2008-09-22)

Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd.

2-23

2 GRE Configuration
Destination/Mask Proto Pre 1.1.1.9/32 Direct 0 2.2.2.9/24 OSPF 10 10.1.1.0/24 Direct 0 0 10.1.1.2/32 Direct 0 10.2.1.0/24 OSPF 10 20.1.1.0/24 Direct 0 20.1.1.1/32 Direct 0 20.1.1.2/32 Direct 0 30.1.1.0/24 OSPF 10 40.1.1.0/24 Direct 0 40.1.1.1/32 Direct 0 127.0.0.0/8 Direct 0 127.0.0.1/32 Direct 0 Cost 0 3 0 2 0 0 0 2 0 0 0 0

Quidway NetEngine80E/40E Core Router Configuration Guide - VPN


Flags NextHop Interface D 127.0.0.1 InLoopBack0 D 20.1.1.2 Pos1/0/0 D 10.1.1.2 GigabitEthernet2/0/0 D 127.0.0.1 InLoopBack0 D 40.1.1.2 Tunnel5/0/1 D 20.1.1.1 Pos1/0/0 D 127.0.0.1 InLoopBack0 D 20.1.1.2 Pos1/0/0 D 20.1.1.2 Pos1/0/0 D 40.1.1.1 Tunnel5/0/1 D 127.0.0.1 InLoopBack0 D 127.0.0.1 InLoopBack0 D 127.0.0.1 InLoopBack0

The ping between PC1 and PC2 succeeds.

Configuration Files
l

Configuration file of Router A


# sysname RouterA # interface GigabitEthernet2/0/0 undo shutdown ip address 10.1.1.2 255.255.255.0 # interface Pos1/0/0 undo shutdown link-protocol ppp ip address 20.1.1.1 255.255.255.0 # interface LoopBack1 ip address 1.1.1.9 255.255.255.255 target-board 5 binding tunnel gre # interface Tunnel5/0/1 tunnel-protocol gre ip address 40.1.1.1 255.255.255.0 source LoopBack1 destination 2.2.2.9 # ospf 1 area 0.0.0.0 network 20.1.1.0 0.0.0.255 network 1.1.1.9 0.0.0.0 # ospf 2 area 0.0.0.0 network 40.1.1.0 0.0.0.255 network 10.1.1.0 0.0.0.255 # return

Configuration file of Router B


# sysname RouterB # interface Pos1/0/0 undo shutdown link-protocol ppp ip address 20.1.1.2 255.255.255.0 # interface Pos2/0/0 undo shutdown link-protocol ppp ip address 30.1.1.1 255.255.255.0 #

2-24

Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd.

Issue 03 (2008-09-22)

Quidway NetEngine80E/40E Core Router Configuration Guide - VPN


ospf 1 area 0.0.0.0 network 20.1.1.0 0.0.0.255 network 30.1.1.0 0.0.0.255 # return l

2 GRE Configuration

Configuration file of Router C


# sysname RouterC # interface GigabitEthernet2/0/0 undo shutdown ip address 10.2.1.2 255.255.255.0 # interface Pos1/0/0 undo shutdown link-protocol ppp ip address 30.1.1.2 255.255.255.0 # interface LoopBack1 ip address 2.2.2.9 255.255.255.255 target-board 5 binding tunnel gre # interface Tunnel5/0/1 tunnel-protocol gre ip address 40.1.1.2 255.255.255.0 source LoopBack1 destination 1.1.1.9 # ospf 1 area 0.0.0.0 network 30.1.1.0 0.0.0.255 network 2.2.2.9 0.0.0.0 # ospf 2 area 0.0.0.0 network 40.1.1.0 0.0.0.255 network 10.2.1.0 0.0.0.255 # return

2.5.3 Example for Configuring CE Users to Access a MPLS VPN Through a GRE Tunnel Traversing the Public Network
Networking Requirements
As shown in Figure 2-8, PE1 and PE2 are located in the MPLS backbone network. The network between CE1 and PE1 is public network. The CE1 and PE1 are connected with each other through the device R1, but CE2 and PE2 are directly connected with each other. It is required to deploy an MPLS-based VPN, which consists of both users directly connected to CE1 and users directly connected to CE2.

Issue 03 (2008-09-22)

Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd.

2-25

2 GRE Configuration

Quidway NetEngine80E/40E Core Router Configuration Guide - VPN

Figure 2-8 Diagram of a CE accessing MPLS VPN through the GRE tunnel
Loopback1 R1 GE2/0/0 GE1/0/0 Loopback1 GE2/0/0
Tunn el

PE1 GE2/0/0 GE1/0/0 Tunnel5/0/1

MPLS PE2 GE2/0/0 GE1/0/0 CE2

GE1/0/0

Tunnel5/0/1 CE1 GE1/0/0

GE2/0/0

PC1

PC2

device CE1 CE1 CE1 CE1 R1 R1 PE1 PE1 PE1 PE1 PE1 PE2 PE2 PE2 CE2 CE2

Interface Loopback1 GE 1/0/0 GE 2/0/0 Tunnel 5/0/1 GE 1/0/0 GE 2/0/0 Loopback0 Loopback1 GE 1/0/0 GE 2/0/0 Tunnel 5/0/1 Loopback0 GE 1/0/0 GE 2/0/0 GE 1/0/0 GE 2/0/0

IP Address 6.6.6.6/32 21.1.1.2/24 30.1.1.1/24 2.2.2.1/24 30.1.1.2/24 50.1.1.1/24 1.1.1.9/32 5.5.5.5/32 50.1.1.2/24 110.1.1.1/24 2.2.2.2/24 3.3.3.9/32 110.1.1.2/24 11.1.1.2/24 11.1.1.1/24 31.1.1.2/24

Configuration Roadmap
The configuration roadmap is as follows: 1. 2. 3. 4. Run IGP to implement interconnection of routers on the backbone network by using OSPF here and enable MPLS on the backbone network. Create a GRE tunnel between PE1 and CE1. Create a VPN instance VPN1 on PE1 and PE2, on PE1, bind the VPN instance to the GRE tunnel, and on PE2, bind the VPN instance to the interface of CE2. Configure reachable private routing between CE1 and CE2 by using IS-IS.

Data Preparation
To complete the configuration, you need the following data:
2-26 Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd. Issue 03 (2008-09-22)

Quidway NetEngine80E/40E Core Router Configuration Guide - VPN


l l l l l l

2 GRE Configuration

Data for the routing protocol running on the routers in backbone network Loopback interfaces on both ends of the tunnel Source and destination addresses of the GRE tunnel IP addresses of the tunnel interfaces on both ends Name of the VPN instance , Route-Distinguisher and VPN-Target Data for IBGP running between PE1 and PE2

Configuration Procedure
1. Assign an IP address to each interface. Configure the IP address for each interface as shown in Figure 2-8. Run the undo shutdown command to change each physical interface to Up. The details of the configuration are not mentioned here. 2. Configure an IGP on the MPLS backbone network to interconnect PEs on the backbone network. # Configure PE1. # Enable OSPF to advertise the routes of each interface.
[PE1] ospf [PE1-ospf-1] area 0 [PE1-ospf-1-area-0.0.0.0] network 110.1.1.0 0.0.0.255 [PE1-ospf-1-area-0.0.0.0] network 1.1.1.9 0.0.0.0 [PE1-ospf-1-area-0.0.0.0] quit [PE1-ospf-1] quit

# Configure PE2. # Enable OSPF to advertise the routes of each interface.


[PE2] ospf [PE2-ospf-1] area 0 [PE2-ospf-1-area-0.0.0.0] network 110.1.1.0 0.0.0.255 [PE2-ospf-1-area-0.0.0.0] network 3.3.3.9 0.0.0.0 [PE2-ospf-1-area-0.0.0.0] quit [PE2-ospf-1] quit

After the configuration, the OSPF neighbor relationship should be established between PE1 and PE2. Run the display ospf peer command, and you can find that the neighbor status is Full. Run the display ip routing-table command, and you can find that PE1 and PE2 can learn the loopback0 route of each other. Take PE1 as an example:
[PE1] display ip routing-table Route Flags: R - relied, D - download to fib -----------------------------------------------------------------------------Routing Tables: Public Destinations : 9 Routes : 9 Destination/Mask Proto Pre Cost Flags NextHop Interface 1.1.1.9/32 Direct 0 0 D 127.0.0.1 InLoopBack0 3.3.3.9/32 OSPF 10 2 D 110.1.1.2 GigabitEthernet2/0/0 127.0.0.0/8 Direct 0 0 D 127.0.0.1 InLoopBack0 127.0.0.1/32 Direct 0 0 D 127.0.0.1 InLoopBack0 110.1.1.0/24 Direct 0 0 D 110.1.1.2 GigabitEthernet2/0/0 110.1.1.1/32 Direct 0 0 D 127.0.0.1 InLoopBack0

3.

Configure basic MPLS functions and MPLS LDP on the MPLS backbone network. Set up the LDP LSP. # Configure PE1.

Issue 03 (2008-09-22)

Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd.

2-27

2 GRE Configuration

Quidway NetEngine80E/40E Core Router Configuration Guide - VPN

# Enable MPLS and LDP on PE1, specify the LSR-ID to be IP address of the Loopback interface and trigger the establishment of LSP.
[PE1] mpls lsr-id 1.1.1.9 [PE1] mpls [PE1-mpls] quit [PE1] mpls ldp [PE1-mpls-ldp] quit

# Enable the MPLS and LDP on the interface of the backbone network.
[PE1] interface GigabitEthernet 2/0/0 [PE1-GigabitEthernet 2/0/0] mpls [PE1-GigabitEthernet 2/0/0] mpls ldp [PE1-GigabitEthernet 2/0/0] quit

# Configure PE2. # Enable MPLS and LDP on PE1, specify the LSR-ID to be IP address of the Loopback interface and trigger the establishment of LSP.
[PE2] mpls lsr-id 3.3.3.9 [PE2] mpls [PE2-mpls] quit [PE2] mpls ldp [PE2-mpls-ldp] quit

# Enable the MPLS and LDP on the interface of the backbone network.
[PE2] interface GigabitEthernet 1/0/0 [PE2-GigabitEthernet1/0/0] mpls [PE2-GigabitEthernet1/0/0] mpls ldp [PE2-GigabitEthernet1/0/0] quit

After the configuration, the LDP session should be established. Run the display mpls ldp session command, and you can find that the status in the output is "Operational". Run the display mpls ldp lsp command, and you can find the establishment of the LDP LSP. Take PE1 as an example:
[PE1] display mpls ldp session LDP Session(s) in Public Network -------------------------------------------------------------------------Peer-ID Status LAM SsnRole SsnAge KA-Sent/Rcv -------------------------------------------------------------------------3.3.3.9:0 Operational DU Passive 000:00:01 5/5 -------------------------------------------------------------------------TOTAL: 1 session(s) Found. LAM : Label Advertisement Mode SsnAge Unit : DDD:HH:MM [PE1] display mpls ldp lsp LDP LSP Information -----------------------------------------------------------------SN DestAddress/Mask In/OutLabel Next-Hop In/Out-Interface -----------------------------------------------------------------1 1.1.1.9/32 3/NULL 127.0.0.1 GE2/0/0/InLoop0 2 3.3.3.9/32 NULL/3 110.1.1.2 -------/GE2/0/0 *3 11.1.1.0/24 Liberal 4 50.1.1.0/24 3/NULL 50.1.1.2 GE2/0/0/GE1/0/0 -----------------------------------------------------------------TOTAL: 3 Normal LSP(s) Found. TOTAL: 1 Liberal LSP(s) Found. A '*' before an LSP means the LSP is not established A '*' before a Label means the USCB or DSCB is stale

4.

Configure the IGP routing between CE1, R1 and PE1. Enable intercommunication of the loopback1 interfaces on CE1 and PE1. # Configure CE1.
[CE1] ospf 10 [CE1-ospf-10] area 0 [CE1-ospf-10-area-0.0.0.0] network 30.1.1.0 0.0.0.255 [CE1-ospf-10-area-0.0.0.0] network 6.6.6.6 0.0.0.0 [CE1-ospf-10-area-0.0.0.0] quit

2-28

Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd.

Issue 03 (2008-09-22)

Quidway NetEngine80E/40E Core Router Configuration Guide - VPN


[CE1-ospf-10] quit

2 GRE Configuration

# Configure R1.
[R1] ospf 10 [R1-ospf-10] area 0 [R1-ospf-10-area-0.0.0.0] network 30.1.1.0 0.0.0.255 [R1-ospf-10-area-0.0.0.0] network 50.1.1.0 0.0.0.255 [R1-ospf-10-area-0.0.0.0] quit [R1-ospf-10] quit

# Configure PE1.
[PE1] ospf 10 [PE1-ospf-10] area 0 [PE1-ospf-10-area-0.0.0.0] network 50.1.1.0 0.0.0.255 [PE1-ospf-10-area-0.0.0.0] network 5.5.5.5 0.0.0.0 [PE1-ospf-10-area-0.0.0.0] quit [PE1-ospf-10] quit

The ping between the IP address of loopback1 interfaces on CE1 and PE1 succeeds in both directions. For example:
[PE1] ping 6.6.6.6 PING 6.6.6.6: 56 data bytes, press CTRL_C to break Reply from 6.6.6.6: bytes=56 Sequence=1 ttl=253 time=72 Reply from 6.6.6.6: bytes=56 Sequence=2 ttl=253 time=34 Reply from 6.6.6.6: bytes=56 Sequence=3 ttl=253 time=50 Reply from 6.6.6.6: bytes=56 Sequence=4 ttl=253 time=50 Reply from 6.6.6.6: bytes=56 Sequence=5 ttl=253 time=34 --- 6.6.6.6 ping statistics --5 packet(s) transmitted 5 packet(s) received 0.00% packet loss round-trip min/avg/max = 34/48/72 ms ms ms ms ms ms

5.

Configure the GRE tunnel between CE1 and PE1. # Configure CE1.
[CE1] interface loopback1 [CE1-LoopBack1] target-board 5 [CE1-LoopBack1] binding tunnel gre [CE1-LoopBack1] quit [CE1] interface tunnel5/0/1 [CE1-Tunnel5/0/1] tunnel-protocol gre [CE1-Tunnel5/0/1] ip address 2.2.2.1 255.255.255.0 [CE1-Tunnel5/0/1] source loopback 1 [CE1-Tunnel5/0/1] destination 5.5.5.5 [CE1-Tunnel5/0/1] quit

# Configure PE1.
[PE1] interface loopback1 [PE1-LoopBack1] target-board 5 [PE1-LoopBack1] binding tunnel gre [PE1-LoopBack1] quit [PE1] interface tunnel5/0/1 [PE1-Tunnel5/0/1] tunnel-protocol gre [PE1-Tunnel5/0/1] ip address 2.2.2.2 255.255.255.0 [PE1-Tunnel5/0/1] source loopback 1 [PE1-Tunnel5/0/1] destination 6.6.6.6 [PE1-Tunnel5/0/1] quit

After the configuration, the GRE tunnel between CE1 and PE1 is established. On CE1, the ping to the 2.2.2.2 of the Tunnel 5/0/1 of PE1 succeeds. Run the display interface tunnel command on both ends of the tunnel, and you can find that the status of the tunnel interface becomes Up. Take PE1 as an example:
[PE1] display interface Tunnel 5/0/1 Tunnel5/0/1 current state : UP

Issue 03 (2008-09-22)

Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd.

2-29

2 GRE Configuration

Quidway NetEngine80E/40E Core Router Configuration Guide - VPN


Line protocol current state : UP Description : HUAWEI, Quidway Series, Tunnel5/0/1 Interface, Route Port The Maximum Transmit Unit is 1500 bytes Internet Address is 2.2.2.2/24 Encapsulation is TUNNEL, loopback not set Tunnel source 5.5.5.5 (LoopBack1), destination 6.6.6.6 Tunnel protocol/transport GRE/IP , key disabled keepalive disabled Checksumming of packets disabled 5 minutes input rate 0 bytes/sec, 0 packets/sec 5 minutes output rate 0 bytes/sec, 0 packets/sec 0 packets input, 0 bytes 0 input error 0 packets output, 0 bytes 0 output error

6.

Create a VPN instance VPN1 on PE1 and bind VPN1 with the GRE tunnel. # Configure VPN1, specify the RD and VPN-Target. The VPN-Target configured on the local PE should be the same as that configured on the peer. In this manner, each site can access others in the same VPN.
[PE1] ip vpn-instance vpn1 [PE1-vpn-instance-vpn1] route-distinguisher 100:1 [PE1-vpn-instance-vpn1] vpn-target 111:1 export-extcommunity [PE1-vpn-instance-vpn1] vpn-target 111:1 import-extcommunity [PE1-vpn-instance-vpn1] quit [PE1] interface tunnel5/0/1 [PE1-Tunnel5/0/1] ip binding vpn-instance vpn1 [PE1-Tunnel5/0/1] ip address 2.2.2.2 255.255.255.0 [PE1-Tunnel5/0/1] quit

7.

Create the VPN instance VPN1 on PE2 and bind VPN1 with the interface connected to the CE. # Configure VPN1, specify the RD and VPN-Target. The VPN-Target configured on the local PE should be the same as that configured on the peer. In this manner, each site can access others in the same VPN.
[PE2] ip vpn-instance vpn1 [PE2-vpn-instance-vpn1] route-distinguisher 200:1 [PE2-vpn-instance-vpn1] vpn-target 111:1 export-extcommunity [PE2-vpn-instance-vpn1] vpn-target 111:1 import-extcommunity [PE2-vpn-instance-vpn1] quit [PE2] interface GigabitEthernet 2/0/0 [PE2-GigabitEthernet2/0/0] ip binding vpn-instance vpn1 [PE2-GigabitEthernet2/0/0] ip address 11.1.1.2 255.255.255.0 [PE2-GigabitEthernet2/0/0] quit

8.

Configure the IGP routing that traverses the GRE tunnel between CE1 and CE2. # Configure CE1.
[CE1] isis 10 [CE1-isis-10] network-entity 10.0000.0000.0001.00 [CE1-isis-10] quit [CE1] interface gigabitethernet1/0/0 [CE1-GigabitEthernet1/0/0] isis enable 10 [CE1-GigabitEthernet1/0/0] quit [CE1] interface tunnel5/0/1 [CE1-Tunnel5/0/1] isis enable 10 [CE1-Tunnel5/0/1] quit

# Configure PE1.
[PE1] isis 10 vpn-instance vpn1 [PE1-isis-10] network-entity 10.0000.0000.0002.00 [PE1-isis-10] quit [PE1] interface tunnel5/0/1 [PE1-Tunnel5/0/1] isis enable 10 [PE1-Tunnel5/0/1] quit

# Configure CE2.
2-30 Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd. Issue 03 (2008-09-22)

Quidway NetEngine80E/40E Core Router Configuration Guide - VPN


[CE2] isis 10 [CE2-isis-10] network-entity 10.0000.0000.0004.00 [CE2-isis-10] quit [CE2] interface gigabitethernet1/0/0 [CE2-GigabitEthernet1/0/0] isis enable 10 [CE2-GigabitEthernet1/0/0] quit [CE2] interface gigabitethernet2/0/0 [CE2-GigabitEthernet2/0/0] isis enable 10 [CE2-GigabitEthernet2/0/0] quit

2 GRE Configuration

# Configure PE2.
[PE2] isis 10 vpn-instance vpn1 [PE2-isis-10] network-entity 10.0000.0000.0003.00 [PE2-isis-10] quit [PE2] interface gigabitethernet2/0/0 [PE2-GigabitEthernet2/0/0] isis enable 10 [PE2-GigabitEthernet2/0/0] quit

9.

Establish the MP-IBGP peer relationship between PEs. # Configure PE1. # Specify the remote PE as the IBGP peer and use the loopback interface to establish the IBGP connection.
[PE1] bgp 100 [PE1-bgp] peer 3.3.3.9 as-number 100 [PE1-bgp] peer 3.3.3.9 connect-interface loopback 0

# Enter the VPNv4 address family view and enable the switching of VPN-IPv4 routing information with the peer.
[PE1-bgp] ipv4-family vpnv4 [PE1-bgp-af-vpnv4] peer 3.3.3.9 enable [PE1-bgp-af-vpnv4] quit

# Enter the VPN1 instance of BGP and import the direct routes and the IS-IS routes.
[PE1-bgp] ipv4-family vpn-instance vpn1 [PE1-bgp-vpn1] import-route direct [PE1-bgp-vpn1] import-route isis 10 [PE1-bgp-vpn1] quit

# Configure PE2. # Specify the remote PE as the IBGP peer and use the loopback interface to establish the IBGP connection.
[PE2] bgp 100 [PE2-bgp] peer 1.1.1.9 as-number 100 [PE2-bgp] peer 1.1.1.9 connect-interface loopback 0

# Enter the VPNv4 address family view and enable the switching of VPN-IPv4 routing information with the peer.
[PE2-bgp] ipv4-family vpnv4 [PE2-bgp-af-vpnv4] peer 1.1.1.9 enable [PE2-bgp-af-vpnv4] quit

# Enter the VPN1 instance of BGP and import the direct and IS-IS routes.
[PE2-bgp] ipv4-family vpn-instance vpn1 [PE2-bgp-vpn1] import-route direct [PE2-bgp-vpn1] import-route isis 10 [PE2-bgp-vpn1] quit

After the configuration, run the display bgp peer or display bgp vpnv4 all peer commands on PEs. You can find that the BGP peer relationship is established between PEs and the status is "Established". Take PE1 as an example:
[PE1] display bgp peer BGP local router ID : 3.3.3.9 Local AS number : 100

Issue 03 (2008-09-22)

Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd.

2-31

2 GRE Configuration
Total number of peers : 1 Peer V AS MsgRcvd 3.3.3.9 4 100 2

Quidway NetEngine80E/40E Core Router Configuration Guide - VPN


Peers in established state : 1 OutQ Up/Down State PrefRcv 0 00:00:12 Established 0

MsgSent 6

10. Import the BGP routing to the IS-IS routing in PE. # Configure PE1.
[PE1] isis 10 [PE1-isis-10] import-route bgp [PE1-isis-10] quit

# Configure PE2.
[PE2] isis 10 [PE2-isis-10] import-route bgp [PE2-isis-10] quit

11. Verify the configuration. If the configuration succeeds, the ping from CE1 to 31.1.1.2 on CE2 succeeds. Take CE1 as an example:
[CE1] ping 31.1.1.2 PING 31.1.1.2: 56 data bytes, press CTRL_C to break Reply from 31.1.1.2: bytes=56 Sequence=1 ttl=253 time=72 Reply from 31.1.1.2: bytes=56 Sequence=2 ttl=253 time=34 Reply from 31.1.1.2: bytes=56 Sequence=3 ttl=253 time=50 Reply from 31.1.1.2: bytes=56 Sequence=4 ttl=253 time=50 Reply from 31.1.1.2: bytes=56 Sequence=5 ttl=253 time=34 --- 31.1.1.2 ping statistics --5 packet(s) transmitted 5 packet(s) received 0.00% packet loss round-trip min/avg/max = 34/48/72 ms ms ms ms ms ms

The ping between PC1 and PC2 succeeds.

Configuration Files
l

Configuration File of CE1


# sysname CE1 # isis 10 network-entity 10.0000.0000.0001.00 # interface GigabitEthernet1/0/0 undo shutdown ip address 21.1.1.2 255.255.255.0 isis enable 10 # interface GigabitEthernet2/0/0 undo shutdown ip address 30.1.1.1 255.255.255.0 # interface LoopBack1 ip address 6.6.6.6 255.255.255.255 target-board 5 binding tunnel gre # interface Tunnel5/0/1 tunnel-protocol gre ip address 2.2.2.1 255.255.255.0 source LoopBack1 destination 5.5.5.5 isis enable 10 # ospf 10 area 0.0.0.0 network 30.1.1.0 0.0.0.255

2-32

Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd.

Issue 03 (2008-09-22)

Quidway NetEngine80E/40E Core Router Configuration Guide - VPN


network 6.6.6.6 0.0.0.0 # return l

2 GRE Configuration

Configuration File of R1
# sysname R1 # interface GigabitEthernet1/0/0 undo shutdown ip address 30.1.1.2 255.255.255.0 # interface GigabitEthernet2/0/0 undo shutdown ip address 50.1.1.1 255.255.255.0 # ospf 10 area 0.0.0.0 network 30.1.1.0 0.0.0.255 network 50.1.1.0 0.0.0.255 # return

Configuration File of PE1


# sysname PE1 # ip vpn-instance vpn1 route-distinguisher 100:1 vpn-target 111:1 export-extcommunity vpn-target 111:1 import-extcommunity # mpls lsr-id 1.1.1.9 mpls # mpls ldp # isis 10 vpn-instance vpn1 network-entity 10.0000.0000.0002.00 import-route bgp # interface GigabitEthernet1/0/0 undo shutdown ip address 50.1.1.2 255.255.255.0 # interface GigabitEthernet2/0/0 undo shutdown ip address 110.1.1.1 255.255.255.0 mpls mpls ldp # interface LoopBack0 ip address 1.1.1.9 255.255.255.255 # interface LoopBack1 ip address 5.5.5.5 255.255.255.255 target-board 5 binding tunnel gre # interface Tunnel5/0/1 tunnel-protocol gre ip binding vpn-instance vpn1 ip address 2.2.2.2 255.255.255.0 source LoopBack1 destination 6.6.6.6 isis enable 10 # bgp 100 peer 3.3.3.9 as-number 100 peer 3.3.3.9 connect-interface LoopBack0

Issue 03 (2008-09-22)

Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd.

2-33

2 GRE Configuration
# ipv4-family unicast undo synchronization peer 3.3.3.9 enable # ipv4-family vpnv4 policy vpn-target peer 3.3.3.9 enable # ipv4-family vpn-instance vpn1 import-route direct import-route isis 10 # ospf 1 area 0.0.0.0 network 1.1.1.9 0.0.0.0 network 110.1.1.0 0.0.0.255 # ospf 10 area 0.0.0.0 network 50.1.1.0 0.0.0.255 network 5.5.5.5 0.0.0.0 # return l

Quidway NetEngine80E/40E Core Router Configuration Guide - VPN

Configuration File of PE2


# sysname PE2 # ip vpn-instance vpn1 route-distinguisher 200:1 vpn-target 111:1 export-extcommunity vpn-target 111:1 import-extcommunity # mpls lsr-id 3.3.3.9 mpls # mpls ldp # isis 10 vpn-instance vpn1 network-entity 10.0000.0000.0003.00 import-route bgp # interface GigabitEthernet2/0/0 undo shutdown ip binding vpn-instance vpn1 ip address 11.1.1.2 255.255.255.0 isis enable 10 # interface GigabitEthernet1/0/0 undo shutdown ip address 110.1.1.2 255.255.255.0 mpls mpls ldp # interface LoopBack0 ip address 3.3.3.9 255.255.255.255 # bgp 100 peer 1.1.1.9 as-number 100 peer 1.1.1.9 connect-interface LoopBack0 # ipv4-family unicast undo synchronization peer 1.1.1.9 enable # ipv4-family vpnv4 policy vpn-target peer 1.1.1.9 enable #

2-34

Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd.

Issue 03 (2008-09-22)

Quidway NetEngine80E/40E Core Router Configuration Guide - VPN


ipv4-family vpn-instance vpn1 import-route direct import-route isis 10 # ospf 1 area 0.0.0.0 network 3.3.3.9 0.0.0.0 network 110.1.1.0 0.0.0.255 # return l

2 GRE Configuration

Configuration File of CE2


# sysname CE2 # isis 10 network-entity 10.0000.0000.0004.00 # interface GigabitEthernet1/0/0 undo shutdown ip address 11.1.1.1 255.255.255.0 isis enable 10 # interface GigabitEthernet2/0/0 undo shutdown ip address 31.1.1.2 255.255.255.0 isis enable 10 # return

2.5.4 Example for Configuring CE Users to Access an MPLS VPN Through a GRE Tunnel Traversing Another VPN
Networking Requirements
As shown in Figure 2-9:
l l

PE1 and PE2 are located in the MPLS backbone network of the first-level carrier. VPN2 is a VPN that belongs to the second-level carrier, whose CE1 is directly connected with PE1. CE2 and CE3 are devices that belong to users. CE3 is directly connected with CE1 of the second-level carrier, and CE2 is directly connected with PE2.

l l

It is required to deploy an MPLS-based VPN named VPN1, which consists of users directly connected to CE3 and users directly connected to CE2.

Issue 03 (2008-09-22)

Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd.

2-35

2 GRE Configuration

Quidway NetEngine80E/40E Core Router Configuration Guide - VPN

Figure 2-9 Diagram of a GRE tunnel traversing another VPN between CEs and PEs
VPN2 CE1 GE1/0/0 Loopback1 GE2/0/0 CE3 GE1/0/0 Tunnel5/0/1 VPN1 VPN1 PC1 PC2 GE1/0/0 GE2/0/0 GE1/0/0 PE1 Tunnel5/0/1 CE2 Loopback1 MPLS GE2/0/0 GE1/0/0 GE2/0/0 PE2

GE2/0/0

device CE3 CE3 CE3 CE3 CE1 CE1 PE1 PE1 PE1 PE1 PE1 PE2 PE2 PE2 CE2 CE2

Interface Loopback1 GE1/0/0 GE2/0/0 Tunnel5/0/1 GE1/0/0 GE2/0/0 Loopback0 Loopback1 GE1/0/0 GE2/0/0 Tunnel5/0/1 Loopback0 GE1/0/0 GE2/0/0 GE1/0/0 GE2/0/0

IP address 6.6.6.6/32 21.1.1.2/24 30.1.1.1/24 2.2.2.1/24 30.1.1.2/24 50.1.1.1/24 1.1.1.9/32 5.5.5.5/32 50.1.1.2/24 110.1.1.1/24 2.2.2.2/24 3.3.3.9/32 110.1.1.2/24 11.1.1.2/24 11.1.1.1/24 31.1.1.2/24

Configuration Roadmap
The configuration roadmap is as follows: 1. 2. 3. 4. 5.
2-36

Run IGP to implement interconnection of routers on the backbone network by using OSPF here and enable MPLS on the backbone network. Create a VPN instance VPN2 on PE1 and bind the VPN instance to an interface connected to CE1. Create a GRE tunnel between PE1 and CE3 and specify the destination address (or source address) of the tunnel to belong to VPN2. Create a VPN instance VPN1 on PE1 and PE2, on PE1, bind the VPN instance to the GRE tunnel, and on PE2, bind the VPN instance to the interface of CE2. Configure reachable private routing between CE3 and CE2 by using IS-IS.
Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd. Issue 03 (2008-09-22)

Quidway NetEngine80E/40E Core Router Configuration Guide - VPN

2 GRE Configuration

Data Preparation
To complete the configuration, you need the following data:
l l l

Data for the routing protocol in the backbone network Loopback interface addresses on both ends of the tunnel Source address and destination address of the GRE tunnel, and IP addresses of tunnel interfaces VPN-instance name, route distinguisher (RD) and VPN-target Data for IBGP running between PE1 and PE2

l l

Configuration Procedure
1. Configure the IP address for each interface. Configure the IP address for each interface as shown in Figure 2-9. Run the undo shutdown command to change each physical interface to Up. The details of the configuration are not mentioned here. 2. Configure IGP on the MPLS backbone network to interconnect PEs on the backbone network. # Configure PE1.
[PE1] ospf [PE1-ospf-1] area 0 [PE1-ospf-1-area-0.0.0.0] network 110.1.1.0 0.0.0.255 [PE1-ospf-1-area-0.0.0.0] network 1.1.1.9 0.0.0.0 [PE1-ospf-1-area-0.0.0.0] quit [PE1-ospf-1] quit

# Configure PE2.
[PE2] ospf [PE2-ospf-1] area 0 [PE2-ospf-1-area-0.0.0.0] network 110.1.1.0 0.0.0.255 [PE2-ospf-1-area-0.0.0.0] network 3.3.3.9 0.0.0.0 [PE2-ospf-1-area-0.0.0.0] quit [PE2-ospf-1] quit

After the configuration, the OSPF neighbor relationship should be established between PE1 and PE2. Run the display ospf peer command, and you can find that the neighbor status is in the Full state. Run the display ip routing-table command, and you can find that PE1 and PE2 can learn the loopback0 route of each other. Take PE1 as an example:
[PE1] display ip routing-table Route Flags: R - relied, D - download to fib -----------------------------------------------------------------------------Routing Tables: Public Destinations : 9 Routes : 9 Destination/Mask Proto Pre Cost Flags NextHop Interface 1.1.1.9/32 Direct 0 0 D 127.0.0.1 InLoopBack0 3.3.3.9/32 OSPF 10 2 D 110.1.1.2 GigabitEthernet2/0/0 127.0.0.0/8 Direct 0 0 D 127.0.0.1 InLoopBack0 127.0.0.1/32 Direct 0 0 D 127.0.0.1 InLoopBack0 110.1.1.0/24 Direct 0 0 D 172.1.1.1 GigabitEthernet2/0/0 110.1.1.1/32 Direct 0 0 D 127.0.0.1 InLoopBack0

3.

Configure basic MPLS functions and MPLS LDP on the MPLS backbone network. Set up an LDP LSP. # Configure PE1.

Issue 03 (2008-09-22)

Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd.

2-37

2 GRE Configuration

Quidway NetEngine80E/40E Core Router Configuration Guide - VPN

# Enable MPLS and LDP on PE1, specify the LSR-ID to be the IP address of the Loopback interface and trigger the establishment of LSP.
[PE1] mpls lsr-id 1.1.1.9 [PE1] mpls [PE1-mpls] quit [PE1] mpls ldp [PE1-mpls-ldp] quit

# Enable MPLS and LDP on the interface connected to the backbone network.
[PE1] interface GigabitEthernet 2/0/0 [PE1-GigabitEthernet2/0/0] mpls [PE1-GigabitEthernet2/0/0] mpls ldp [PE1-GigabitEthernet2/0/0] quit

# Configure PE2. # Enable MPLS and LDP on PE2, specify the LSR-ID to be the IP address of the Loopback interface and trigger the establishment of LSP.
[PE2] mpls lsr-id 3.3.3.9 [PE2] mpls [PE2-mpls] quit [PE2] mpls ldp [PE2-mpls-ldp] quit

# Enable MPLS and LDP on the interface of the backbone network.


[PE2] interface GigabitEthernet 1/0/0 [PE2-GigabitEthernet1/0/0] mpls [PE2-GigabitEthernet1/0/0] mpls ldp [PE2-GigabitEthernet1/0/0] quit

After the configuration, the LDP session should be established. Run the display mpls ldp session command, and you can find that the status in the output is "Operational". Run the display mpls ldp lsp command, and you can find that the LDP is established. Take PE1 as an example:
[PE1] display mpls ldp session LDP Session(s) in Public Network -------------------------------------------------------------------------Peer-ID Status LAM SsnRole SsnAge KA-Sent/Rcv -------------------------------------------------------------------------3.3.3.9:0 Operational DU Passive 000:00:01 5/5 -------------------------------------------------------------------------TOTAL: 1 session(s) Found. LAM : Label Advertisement Mode SsnAge Unit : DDD:HH:MM [PE1] display mpls ldp lsp LDP LSP Information -----------------------------------------------------------------SN DestAddress/Mask In/OutLabel Next-Hop In/Out-Interface -----------------------------------------------------------------1 1.1.1.9/32 3/NULL 127.0.0.1 GE2/0/0/InLoop0 2 3.3.3.9/32 NULL/3 110.1.1.2 -------/GE2/0/0 *3 11.1.1.0/24 Liberal 4 50.1.1.0/24 3/NULL 50.1.1.2 GE2/0/0/GE1/0/0 -----------------------------------------------------------------TOTAL: 3 Normal LSP(s) Found. TOTAL: 1 Liberal LSP(s) Found. A '*' before an LSP means the LSP is not established A '*' before a Label means the USCB or DSCB is stale

4.

Configure IGP routes between CE3, CE1 and PE1. Enable intercommunication between the loopback1 interfaces of CE3 and PE1. # Configure CE3.
[CE3] ospf 10 [CE3-ospf-10] area 0 [CE3-ospf-10-area-0.0.0.0] network 30.1.1.0 0.0.0.255 [CE3-ospf-10-area-0.0.0.0] network 6.6.6.6 0.0.0.0 [CE3-ospf-10-area-0.0.0.0] quit

2-38

Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd.

Issue 03 (2008-09-22)

Quidway NetEngine80E/40E Core Router Configuration Guide - VPN


[CE3-ospf-10] quit

2 GRE Configuration

# Configure CE1.
[CE1] ospf 10 [CE1-ospf-10] area 0 [CE1-ospf-10-area-0.0.0.0] network 30.1.1.0 0.0.0.255 [CE1-ospf-10-area-0.0.0.0] network 50.1.1.0 0.0.0.255 [CE1-ospf-10-area-0.0.0.0] quit [CE1-ospf-10] quit

# Configure PE1.
[PE1] ip vpn-instance vpn2 [PE1-vpn-instance-vpn2] route-distinguisher 100:2 [PE1-vpn-instance-vpn2] vpn-target 222:2 export-extcommunity [PE1-vpn-instance-vpn2] vpn-target 222:2 import-extcommunity [PE1-vpn-instance-vpn2] quit [PE1] interface gigabitethernet1/0/0 [PE1-GigabitEthernet1/0/0] ip binding vpn-instance vpn2 [PE1-GigabitEthernet1/0/0] ip address 50.1.1.2 255.255.255.0 [PE1-GigabitEthernet1/0/0] quit [PE1] interface loopback 1 [PE1-LoopBack1] ip binding vpn-instance vpn2 [PE1-LoopBack1] ip address 5.5.5.5 32 [PE1] ospf 10 vpn-instance vpn2 [PE1-ospf-10] area 0 [PE1-ospf-10-area-0.0.0.0] network 50.1.1.0 0.0.0.255 [PE1-ospf-10-area-0.0.0.0] network 5.5.5.5 0.0.0.0 [PE1-ospf-10-area-0.0.0.0] quit [PE1-ospf-10] quit

The ping from CE3 to the 5.5.5.5 of PE1 succeeds. When you ping the loopback1 interface of CE3 from PE1, you need to specify the source address and the VPN instance by using the ping command. For example:
[PE1] ping -a 5.5.5.5 -vpn-instance vpn2 6.6.6.6 PING 6.6.6.6: 56 data bytes, press CTRL_C to break Reply from 6.6.6.6: bytes=56 Sequence=1 ttl=253 time=72 Reply from 6.6.6.6: bytes=56 Sequence=2 ttl=253 time=34 Reply from 6.6.6.6: bytes=56 Sequence=3 ttl=253 time=50 Reply from 6.6.6.6: bytes=56 Sequence=4 ttl=253 time=50 Reply from 6.6.6.6: bytes=56 Sequence=5 ttl=253 time=34 --- 6.6.6.6 ping statistics --5 packet(s) transmitted 5 packet(s) received 0.00% packet loss round-trip min/avg/max = 34/48/72 ms ms ms ms ms ms

5.

Configure the GRE tunnel between CE3 and PE1. # Configure CE3.
[CE3] interface loopback1 [CE3-LoopBack1] target-board 5 [CE3-LoopBack1] binding tunnel gre [CE3-LoopBack1] quit [CE3] interface tunnel5/0/1 [CE3-Tunnel5/0/1] tunnel-protocol gre [CE3-Tunnel5/0/1] ip address 2.2.2.1 255.255.255.0 [CE3-Tunnel5/0/1] source loopback 1 [CE3-Tunnel5/0/1] destination 5.5.5.5 [CE3-Tunnel5/0/1] quit

# Configure PE1.
[PE1] interface loopback1 [PE1-LoopBack1] target-board 5 [PE1-LoopBack1] binding tunnel gre [PE1-LoopBack1] quit [PE1] interface tunnel5/0/1 [PE1-Tunnel5/0/1] tunnel-protocol gre

Issue 03 (2008-09-22)

Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd.

2-39

2 GRE Configuration
[PE1-Tunnel5/0/1] [PE1-Tunnel5/0/1] [PE1-Tunnel5/0/1] [PE1-Tunnel5/0/1]
NOTE

Quidway NetEngine80E/40E Core Router Configuration Guide - VPN


ip address 2.2.2.2 255.255.255.0 source loopback 1 destination vpn-instance vpn2 6.6.6.6 quit

The GRE tunnel from PE1 to CE3 traverses VPN2. Therefore, you need to specify that the destination address belongs to VPN2 when configuring the destination address of the tunnel.

After the configuration, the GRE tunnel between CE3 and PE1 is established. On CE3, the ping to the 2.2.2.2 of the Tunnel 5/0/1 on PE1 succeeds. Run the display interface tunnel command on both ends of the tunnel, and you can find that the status of the tunnel interface is Up. Take PE1 as an example:
[PE1] display interface Tunnel 5/0/1 Tunnel5/0/1 current state : UP Line protocol current state : UP Description : HUAWEI, Quidway Series, Tunnel5/0/1 Interface, Route Port The Maximum Transmit Unit is 1500 bytes Internet Address is 2.2.2.2/24 Encapsulation is TUNNEL, loopback not set Tunnel source 5.5.5.5 (LoopBack1), destination vrf vpn2 6.6.6.6 Tunnel protocol/transport GRE/IP , key disabled keepalive disabled Checksumming of packets disabled 5 minutes input rate 0 bytes/sec, 0 packets/sec 5 minutes output rate 0 bytes/sec, 0 packets/sec 0 packets input, 0 bytes 0 input error 0 packets output, 0 bytes 0 output error

6.

Create a VPN instance VPN1 on PE1 and bind the instance with the GRE tunnel. # Configure VPN1, specify the RD and VPN-Target. The VPN-Target configured on the local PE should be the same as that configured on the peer. In this manner, the site can access each other in the same VPN.
[PE1]ip vpn-instance vpn1 [PE1-vpn-instance-vpn1] route-distinguisher 100:1 [PE1-vpn-instance-vpn1] vpn-target 111:1 export-extcommunity [PE1-vpn-instance-vpn1] vpn-target 111:1 import-extcommunity [PE1-vpn-instance-vpn1] quit [PE1] interface tunnel5/0/1 [PE1-Tunnel5/0/1] ip binding vpn-instance vpn1 [PE1-Tunnel5/0/1] ip address 2.2.2.2 255.255.255.0 [PE1-Tunnel5/0/1] quit

7.

Create a VPN instance VPN1 on PE2 and bind the instance with the interface connected to CE. # Configure VPN1, specify the RD and VPN-Target. The VPN-Target configured on the local PE should be the same as that configured on the peer. In this manner each site can access others in the same VPN.
[PE2]ip vpn-instance vpn1 [PE2-vpn-instance-vpn1] route-distinguisher 200:1 [PE2-vpn-instance-vpn1] vpn-target 111:1 export-extcommunity [PE2-vpn-instance-vpn1] vpn-target 111:1 import-extcommunity [PE2-vpn-instance-vpn1] quit [PE2] interface GigabitEthernet 2/0/0 [PE2-GigabitEthernet2/0/0] ip binding vpn-instance vpn1 [PE2-GigabitEthernet2/0/0] ip address 11.1.1.2 255.255.255.0 [PE2-GigabitEthernet2/0/0] quit

8.

Configure the IGP routing that traverses the GRE tunnel between CE3 and CE2. # Configure CE3.
[CE3] isis 10

2-40

Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd.

Issue 03 (2008-09-22)

Quidway NetEngine80E/40E Core Router Configuration Guide - VPN


[CE3-isis-10] network-entity 10.0000.0000.0001.00 [CE3-isis-10] quit [CE3] interface gigabitethernet1/0/0 [CE3-GigabitEthernet1/0/0] isis enable 10 [CE3-GigabitEthernet1/0/0] quit [CE3] interface tunnel5/0/1 [CE3-Tunnel5/0/1] isis enable 10 [CE3-Tunnel5/0/1] quit

2 GRE Configuration

# Configure PE1.
[PE1] isis 10 vpn-instance vpn1 [PE1-isis-10] network-entity 10.0000.0000.0002.00 [PE1-isis-10] quit [PE1] interface Tunnel5/0/1 [PE1-Tunnel5/0/1] isis enable 10 [PE1-Tunnel5/0/1] quit

# Configure CE2.
[CE2] isis 10 [CE2-isis-10] network-entity 10.0000.0000.0004.00 [CE2-isis-10] quit [CE2] interface gigabitethernet1/0/0 [CE2-GigabitEthernet1/0/0] isis enable 10 [CE2-GigabitEthernet1/0/0] quit [CE2] interface gigabitethernet2/0/0 [CE2-GigabitEthernet2/0/0] isis enable 10 [CE2-GigabitEthernet2/0/0] quit

# Configure PE2.
[PE2] isis 10 vpn-instance vpn1 [PE2-isis-10] network-entity 10.0000.0000.0003.00 [PE2-isis-10] quit [PE2] interface gigabitethernet2/0/0 [PE2-GigabitEthernet2/0/0] isis enable 10 [PE2-GigabitEthernet2/0/0] quit

9.

Set up the MP-IBGP peer relationship between PEs. # Configure PE1. # Specify the remote PE as the IBGP peer and use the loopback interface to establish the IBGP connection.
[PE1] bgp 100 [PE1-bgp] peer 3.3.3.9 as-number 100 [PE1-bgp] peer 3.3.3.9 connect-interface loopback 0

# Enter the VPNv4 address family view and enable the exchanging of VPN-IPv4 routing information with the peer.
[PE1-bgp] ipv4-family vpnv4 [PE1-bgp-af-vpnv4] peer 3.3.3.9 enable [PE1-bgp-af-vpnv4] quit

# Enter the VPN1 instance of BGP and import the direct and IS-IS routes.
[PE1-bgp] ipv4-family vpn-instance vpn1 [PE1-bgp-vpn1] import-route direct [PE1-bgp-vpn1] import-route isis 10 [PE1-bgp-vpn1] quit

# Configure PE2. # Specify the remote PE as the IBGP peer and use the loopback interface to establish the IBGP connection.
[PE2] bgp 100 [PE2-bgp] peer 1.1.1.9 as-number 100 [PE2-bgp] peer 1.1.1.9 connect-interface loopback 0

# Enter the VPNv4 address family view and enable the switching of VPN-IPv4 routing information with the peer.
[PE2-bgp] ipv4-family vpnv4

Issue 03 (2008-09-22)

Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd.

2-41

2 GRE Configuration
[PE2-bgp-af-vpnv4] peer 1.1.1.9 enable [PE2-bgp-af-vpnv4] quit

Quidway NetEngine80E/40E Core Router Configuration Guide - VPN

# Enter the VPN1 instance of BGP and import the direct and IS-IS routes.
[PE2-bgp] ipv4-family vpn-instance vpn1 [PE2-bgp-vpn1] import-route direct [PE2-bgp-vpn1] import-route isis 10 [PE2-bgp-vpn1] quit

After the configuration, run the display bgp peer or display bgp vpnv4 all peer commands on PEs. You can find that the BGP peer relationship is established between PEs and the status is "Established". Take PE1 as an example:
[PE1] display bgp peer BGP local router ID : 3.3.3.9 Local AS number : 100 Total number of peers : 1 Peers in established state : 1 Peer V AS MsgRcvd MsgSent OutQ Up/Down State PrefRcv 3.3.3.9 4 100 2 6 0 00:00:12 Established 0

10. Import BGP routes to the IS-IS routing table on PEs. # Configure PE1.
[PE1] isis 10 [PE1-isis-10] import-route bgp [PE1-isis-10] quit

# Configure PE2.
[PE2] isis 10 [PE2-isis-10] import-route bgp [PE2-isis-10] quit

11. Verify the configuration. If the configuration succeeds, the ping from CE3 to 31.1.1.2 on CE2 succeeds. Take CE3 as an example:
[CE3] ping 31.1.1.2 PING 31.1.1.2: 56 data bytes, press CTRL_C to break Reply from 31.1.1.2: bytes=56 Sequence=1 ttl=253 time=72 Reply from 31.1.1.2: bytes=56 Sequence=2 ttl=253 time=34 Reply from 31.1.1.2: bytes=56 Sequence=3 ttl=253 time=50 Reply from 31.1.1.2: bytes=56 Sequence=4 ttl=253 time=50 Reply from 31.1.1.2: bytes=56 Sequence=5 ttl=253 time=34 --- 31.1.1.2 ping statistics --5 packet(s) transmitted 5 packet(s) received 0.00% packet loss round-trip min/avg/max = 34/48/72 ms ms ms ms ms ms

The ping between PC1 and PC2 succeeds.

Configuration Files
l

Configuration file of CE3


# sysname CE3 # isis 10 network-entity 10.0000.0000.0001.00 # interface GigabitEthernet1/0/0 undo shutdown ip address 21.1.1.2 255.255.255.0 isis enable 10 # interface GigabitEthernet2/0/0 undo shutdown

2-42

Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd.

Issue 03 (2008-09-22)

Quidway NetEngine80E/40E Core Router Configuration Guide - VPN


ip address 30.1.1.1 255.255.255.0 # interface LoopBack1 ip address 6.6.6.6 255.255.255.255 target-board 5 binding tunnel gre # interface Tunnel5/0/1 tunnel-protocol gre ip address 2.2.2.1 255.255.255.0 source LoopBack1 destination 5.5.5.5 isis enable 10 # ospf 10 area 0.0.0.0 network 30.1.1.0 0.0.0.255 network 6.6.6.6 0.0.0.0 # return l

2 GRE Configuration

Configuration file of CE1


# sysname CE1 # interface GigabitEthernet1/0/0 undo shutdown ip address 30.1.1.2 255.255.255.0 # interface GigabitEthernet2/0/0 undo shutdown ip address 50.1.1.1 255.255.255.0 # ospf 10 area 0.0.0.0 network 30.1.1.0 0.0.0.255 network 50.1.1.0 0.0.0.255 # return

Configuration file of PE1


# sysname PE1 # ip vpn-instance vpn1 route-distinguisher 100:1 vpn-target 111:1 export-extcommunity vpn-target 111:1 import-extcommunity # ip vpn-instance vpn2 route-distinguisher 100:2 vpn-target 222:2 export-extcommunity vpn-target 222:2 import-extcommunity # mpls lsr-id 1.1.1.9 mpls # mpls ldp # isis 10 vpn-instance vpn1 network-entity 10.0000.0000.0002.00 import-route bgp # interface GigabitEthernet1/0/0 undo shutdown ip binding vpn-instance vpn2 ip address 50.1.1.2 255.255.255.0 # interface GigabitEthernet2/0/0 undo shutdown

Issue 03 (2008-09-22)

Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd.

2-43

2 GRE Configuration
ip address 110.1.1.1 255.255.255.0 mpls mpls ldp # interface LoopBack0 ip address 1.1.1.9 255.255.255.255 # interface LoopBack1 ip binding vpn-instance vpn2 ip address 5.5.5.5 255.255.255.255 target-board 5 binding tunnel gre # interface Tunnel5/0/1 tunnel-protocol gre ip binding vpn-instance vpn1 ip address 2.2.2.2 255.255.255.0 source LoopBack1 destination vpn-instance vpn2 6.6.6.6 isis enable 10 # bgp 100 peer 3.3.3.9 as-number 100 peer 3.3.3.9 connect-interface LoopBack0 # ipv4-family unicast undo synchronization peer 3.3.3.9 enable # ipv4-family vpnv4 policy vpn-target peer 3.3.3.9 enable # ipv4-family vpn-instance vpn1 import-route direct import-route isis 10 # ospf 1 area 0.0.0.0 network 1.1.1.9 0.0.0.0 network 110.1.1.0 0.0.0.255 # ospf 10 vpn-instance vpn2 area 0.0.0.0 network 50.1.1.0 0.0.0.255 network 5.5.5.5 0.0.0.0 # return l

Quidway NetEngine80E/40E Core Router Configuration Guide - VPN

Configuration file of PE2


# sysname PE2 # ip vpn-instance vpn1 route-distinguisher 200:1 vpn-target 111:1 export-extcommunity vpn-target 111:1 import-extcommunity # mpls lsr-id 3.3.3.9 mpls # mpls ldp # isis 10 vpn-instance vpn1 network-entity 10.0000.0000.0003.00 import-route bgp # interface GigabitEthernet2/0/0 undo shutdown ip binding vpn-instance vpn1

2-44

Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd.

Issue 03 (2008-09-22)

Quidway NetEngine80E/40E Core Router Configuration Guide - VPN


ip address 11.1.1.2 255.255.255.0 isis enable 10 # interface GigabitEthernet1/0/0 undo shutdown ip address 110.1.1.2 255.255.255.0 mpls mpls ldp # interface LoopBack0 ip address 3.3.3.9 255.255.255.255 # bgp 100 peer 1.1.1.9 as-number 100 peer 1.1.1.9 connect-interface LoopBack0 # ipv4-family unicast undo synchronization peer 1.1.1.9 enable # ipv4-family vpnv4 policy vpn-target peer 1.1.1.9 enable # ipv4-family vpn-instance vpn1 import-route direct import-route isis 10 # ospf 1 area 0.0.0.0 network 3.3.3.9 0.0.0.0 network 110.1.1.0 0.0.0.255 # return l

2 GRE Configuration

Configuration file of CE2


# sysname CE2 # isis 10 network-entity 10.0000.0000.0004.00 # interface GigabitEthernet1/0/0 undo shutdown ip address 11.1.1.1 255.255.255.0 isis enable 10 # interface GigabitEthernet2/0/0 undo shutdown ip address 31.1.1.2 255.255.255.0 isis enable 10 # return

2.5.5 Example for Configuring the Keepalive Function for GRE


Networking Requirements
Figure 2-10 shows the interfaces of Router A and Router B are configured on the GRE tunnel protocol. It is required to enable the GRE Keepalive function on Router A.

Issue 03 (2008-09-22)

Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd.

2-45

2 GRE Configuration

Quidway NetEngine80E/40E Core Router Configuration Guide - VPN

Figure 2-10 Networking diagram of configuring the Keepalive function


Loopback1 1.1.1.9/32 POS1/0/0 172.16.1.1/24 POS1/0/0 172.16.1.2/24 Loopback1 2.2.2.9/32

Internet GRE tunnel

Router A

Router B
Tunnel5/01 12.12.12.2/24

Tunnel5/0/1 12.12.12.1/24

Configuration Roadmap
To enable the Keepalive function on the local GRE, run the keepalive command in the tunnel interface view on the local device.
TIP

If the Keepalive function is enabled on one end, it is not required for the peer to possess the same function. The peer can only possess the forwarding function.

Data Preparation
To complete the configuration, you need the following data:
l l l l l l

Data for the routing protocol running on the routers in the backbone network Loopback interfaces on both ends of the tunnel Source and destination addresses of the GRE tunnel IP addresses of the tunnel interfaces on both ends Period of sending a Keepalive message Retry times

Configuration Procedure
1. 2. Interconnect Router A and Router B. The details of the configuration are not mentioned here. Configure the tunnel interface on Router A, and enable Keepalive.
<RouterA> system-view [RouterA] interface loopback1 [RouterA-LoopBack1] ip address 1.1.1.9 255.255.255.255 [RouterA-LoopBack1] target-board 5 [RouterA-LoopBack1] binding tunnel gre [RouterA-LoopBack1] quit [RouterA] interface tunnel 5/0/1 [RouterA-Tunnel5/0/1] tunnel-protocol gre [RouterA-Tunnel5/0/1] ip address 12.12.12.1 255.255.255.0 [RouterA-Tunnel5/0/1] source loopback 1 [RouterA-Tunnel5/0/1] destination 2.2.2.9 [RouterA-Tunnel5/0/1] keepalive period 20 retry-times 3 [RouterA-Tunnel5/0/1] return

3.

Configure the tunnel interface of Router B.


<RouterB> system-view [RouterB] interface loopback1 [RouterB-LoopBack1] ip address 2.2.2.9 255.255.255.255 [RouterB-LoopBack1] target-board 5 [RouterB-LoopBack1] binding tunnel gre

2-46

Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd.

Issue 03 (2008-09-22)

Quidway NetEngine80E/40E Core Router Configuration Guide - VPN


[RouterB-LoopBack1] quit [RouterB] interface tunnel 5/0/1 [RouterB-Tunnel5/0/1] tunnel-protocol gre [RouterB-Tunnel5/0/1] ip address 12.12.12.2 255.255.255.0 [RouterB-Tunnel5/0/1] source loopback 1 [RouterB-Tunnel5/0/1] destination 1.1.1.9 [RouterB-Tunnel5/0/1] quit

2 GRE Configuration

4.

Verify the configuration. Ping the tunnel interface of Router B from the tunnel interface of Router A.
<RouterA> ping -a 12.12.12.1 12.12.12.2 PING 12.12.12.2: 56 data bytes, press CTRL_C to break Reply from 12.12.12.2: bytes=56 Sequence=1 ttl=255 time=187 ms Reply from 12.12.12.2: bytes=56 Sequence=2 ttl=255 time=93 ms Reply from 12.12.12.2: bytes=56 Sequence=3 ttl=255 time=125 ms Reply from 12.12.12.2: bytes=56 Sequence=4 ttl=255 time=94 ms Reply from 12.12.12.2: bytes=56 Sequence=5 ttl=255 time=94 ms --- 12.12.12.2 ping statistics --5 packet(s) transmitted 5 packet(s) received 0.00% packet loss round-trip min/avg/max = 93/118/187 ms

# Enable the debugging of Router A to check information about the Keepalive packets.
<RouterA> terminal moniter <RouterA> terminal debugging <RouterA> debugging tunnel keepalive *0.64797312 RouterA TUNNEL/5/debug:GRE_FWD: Receive the keepalive response on mainboard successfully.Finish. *0.64802312 RouterA TUNNEL/5/debug:GRE_FWD: Receive the keepalive response on mainboard successfully.Finish. *0.64812313 RouterA TUNNEL/5/debug:GRE_FWD: Receive the keepalive response on mainboard successfully.Finish.

Configuration Files
l

Configuration file of Router A


# sysname RouterA # interface Pos1/0/0 undo shutdown link-protocol ppp ip address 172.16.1.1 255.255.255.0 # interface LoopBack1 ip address 1.1.1.9 255.255.255.255 target-board 5 binding tunnel gre # interface Tunnel5/0/1 tunnel-protocol gre ip address 12.12.12.1 255.255.255.0 source LoopBack1 destination 2.2.2.9 keepalive period 20 # ospf 1 area 0.0.0.0 network 172.16.1.0 0.0.0.255 network 1.1.1.9 0.0.0.0 # return

Configuration file of Router B


# sysname RouterB

Issue 03 (2008-09-22)

Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd.

2-47

2 GRE Configuration
# interface Pos1/0/0 undo shutdown link-protocol ppp ip address 172.16.1.2 255.255.255.0 # interface LoopBack1 ip address 2.2.2.9 255.255.255.255 target-board 5 binding tunnel gre # interface Tunnel5/0/1 tunnel-protocol gre ip address 12.12.12.2 255.255.255.0 source LoopBack1 destination 1.1.1.9 # ospf 1 area 0.0.0.0 network 172.16.1.0 0.0.0.255 network 2.2.2.9 0.0.0.0 # return

Quidway NetEngine80E/40E Core Router Configuration Guide - VPN

2-48

Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd.

Issue 03 (2008-09-22)

Quidway NetEngine80E/40E Core Router Configuration Guide - VPN

3 BGP/MPLS IP VPN Configuration

BGP/MPLS IP VPN Configuration

About This Chapter


This chapter describes the principle, application and configuration for BGP MPLS IP VPN. 3.1 Introduction This section describes the principle and concepts of the BGP/MPLS IP VPN. 3.2 Configuring VPN Instances This section describes how to configure a VPN instance. 3.3 Configuring Basic BGP/MPLS IP VPN This section describes how to configure basic BGP/MPLS IP VPN. 3.4 Configuring Hub&Spoke This section describes how to configure Hub&Spoke. 3.5 Configuring Inter-AS VPN Option A This section describes how to configure inter-AS VPN Option A. 3.6 Configuring Inter-AS VPN Option B This section describes how to configure inter-AS VPN Option B. 3.7 Configuring Inter-AS VPN Option C This section describes how to configure inter-AS VPN Option C. 3.8 Configuring Carrier's Carrier This section describes how to configure carrier's carrier. See: 3.9 Configuring HoVPN This section describes how to configure HoVPN. 3.10 Configuring OSPF Sham Link This section describes how to configure OSPF sham link. 3.11 Configuring Multi-VPN-Instance CE This section describes how to configure multi-VPN-instance CE. 3.12 Configuring PBR to VPN This section describes how to configure PBR to VPN.
Issue 03 (2008-09-22) Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd. 3-1

3 BGP/MPLS IP VPN Configuration

Quidway NetEngine80E/40E Core Router Configuration Guide - VPN

3.13 Connecting VPN and the Internet This section describes how to connect VPN and Internet. 3.14 Configuring IP FRR of a Private Network This section describes how to configure IP FRR of a private network. 3.15 Configuring VPN FRR This section describes how to configure VPN FRR. 3.16 Configuring VPN GR This section describes how to configure VPN GR. 3.17 Configuring Route Reflection to Optimize the VPN Backbone Layer This section describes how to configure route reflection to optimize the VPN backbone layer. 3.18 Configuring Route Reflection to Optimize the VPN Access Layer This section describes how to configure route reflection to optimize the VPN access layer. 3.19 Configuring Convergence Priorities for VPN Routes This section describes how to configure convergence priorities for VPN routes. 3.20 Maintaining BGP/MPLS IP VPN This section describes how to maintain BGP/MPLS VPN. 3.21 Configuration Examples This section describes how to configure BGP/MPLS IP VPN.

3-2

Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd.

Issue 03 (2008-09-22)

Quidway NetEngine80E/40E Core Router Configuration Guide - VPN

3 BGP/MPLS IP VPN Configuration

3.1 Introduction
This section describes the principle and concepts of the BGP/MPLS IP VPN. 3.1.1 Overview of BGP/MPLS IP VPN 3.1.2 BGP/MPLS IP VPN Features Supported by the NE80E/40E

3.1.1 Overview of BGP/MPLS IP VPN


The BGP/MPLS IP VPN is a PE-based L3VPN technology in the Provider Provisioned VPN (PPVPN). It uses BGP to advertise the VPN routes and MPLS to forward the VPN packets on the provider's backbone network. The BGP/MPLS IP VPN has flexible networking modes, excellent extensibility and convenient support for the MPLS QoS and the MPLS TE. Hence, the BGP/MPLS IP VPN is widely used. The BGP/MPLS IP VPN model contains the following parts:
l

Customer Edge (CE): indicates an edge device in the customer network, which has one or more interfaces directly connected with the service provider network. A CE can be a router, a switch or a host. Mostly, the CE cannot "sense" the existence of the VPN, and does not need to support MPLS. Provider Edge (PE): indicates an edge device of the provider network, which is directly connected to the CE. In the MPLS network, the PE device disposes all the VPN processing. Provider (P): indicates a backbone device in the provider network, which is not directly connected to the CE. The P device should have MPLS basic forwarding capability. Site: indicates a group of IP systems. Sites have IP connectivity between each other and this connectivity need not be realized by the service provider network. A site is connected to the provider network through the CE. A site may contain many CEs, but a CE belongs only to a single site.

l l l

Figure 3-1 shows the networking diagram of BGP/MPLS IP VPN. Figure 3-1 BGP/MPLS IP VPN model
VPN1 Service provider's backbone P P
Site1

VPN2 CE PE PE

CE
Site1

VPN2 P CE
Site2

PE P VPN1 CE
Site2

Issue 03 (2008-09-22)

Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd.

3-3

3 BGP/MPLS IP VPN Configuration

Quidway NetEngine80E/40E Core Router Configuration Guide - VPN

3.1.2 BGP/MPLS IP VPN Features Supported by the NE80E/40E


Basic Networking
The NE80E/40E supports the VPN route exchange between PEs through MP-BGP. To ensure that a PE and a CE can exchange routes, you can configure the static route, RIP multi-instance, OSPF multi-instance, IS-IS multi-instance, or EBGP. The NE80E/40E uses VPN targets to control the transmission of VPN routes; thus, multiple VPN networking topologies including Intranet, Extranet, and Hub&Spoke can be implemented. Generally, LSPs or MPLS TE tunnels are configured as the tunnels of VPN backbone networks. If PEs support MPLS functions and Ps support IP functions rather than MPLS functions, GRE tunnels can be configured.

Typical Networking
The NE80E/40E supports the following typical VPN networking:
l

Inter-AS VPN If a VPN backbone network span multiple ASs, the inter-AS VPN must be configured. The inter-AS VPN is classified into Option A, Option B, and Option C.

Carrier's carrier If a carrier's network has multiple ASs and requires other carriers' networks to complete a backbone network, the networking of carrier's carrier can be deployed.

HoVPN To relieve the burden of PEs, HoVPN can be configured. The devices on the convergence layer or the access layer serve as UPEs, which work with SPEs (PEs) on the backbone layer to implement the functions of the PEs.

OSPF sham link If OSPF runs between PEs and CEs, OSPF sham links can be adopted to solve the problem that the private route passing through the MPLS backbone network is not selected because the intra-area route passing through the backdoor link takes precedence over the private route, as shown in Figure 3-2.

Figure 3-2 Schematic diagram of sham link

MPLS VPN backbone sham link

PE1 Area 1 OSPF 200 CE12


VPN1 site1

PE2 Area 1 OSPF 200 CE22

backdoor

VPN1 site3

3-4

Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd.

Issue 03 (2008-09-22)

Quidway NetEngine80E/40E Core Router Configuration Guide - VPN


l

3 BGP/MPLS IP VPN Configuration

Multi-VPN-Instance CE Currently, different services of a LAN are isolated through the VLAN function of switches. However, the routing capability is not the strong point of switches. To ensure that the services of the LAN are safely isolated and improve the routing capability of the LAN, you can configure Multi-VPN-Instance CE to solve the security problem of the LAN at a low cost.

VPN and Internet interworking The NE80E/40E supports the interworking between VPNs and Internet. This chapter describes how to implement VPN and Internet interworking through configuring static routes and Policy-based Routing (PBC) on PEs.

Reliability
To improve the reliability of a VPN, generally, the following networking modes are adopted.
l

The backbone network is an MPLS network, in which the devices on the backbone layer are fully connected. The devices on the backbone layer are generally connected through high-speed interfaces. If the number of PEs is large, use the BGP route reflector to reflect IPv4 VPN routes to decrease the number of MP IBGP connections. The convergence layer is of either a mesh topology or a ring topology. The dual-homed CE or multi-homed CE is configured on the access layer.

l l

The NE80E/40E supports VPN FRR in a dual-homed CE VPN network. After a PE fails, VPN FRR ensures that the VPN service from CE to CE can fast switch to the remaining PEs. When a site accesses the PE through dual-homed CEs, and a link between the PE and the CE fails, to ensure that VPN traffic can rapidly switch to another link between the PE and the CE, you can configure the IP FRR feature. VPN Graceful Restart (GR) can also improve the reliability of a VPN. When the VPN GR is configured, the VPN traffic on the router (PE, P, or CE) is not interrupted during the master/ slave switchover. This reduces the impact of a single point failure on VPN services.

QoS
To ensure QoS of a VPN, the NE80E/40E introduces Resource Reserved VPN (RRVPN) and VPN tunnel binding.
l

RRVPN divides an MPLS TE tunnel into sub-tunnels, ensures sub-tunnels with differentiated QoS, and binds each sub-tunnel to a VPN instance. Thus, each VPN instance exclusively occupies the resources of each sub-tunnel. VPN primary tunnel binding refers to binding an MPLS TE primary tunnel to a VPN instance. The VPN instance exclusively occupies the resources of the TE tunnel.

Other Features
To provide guaranteed services for some VIP VPN customers, carriers must ensure that the VPN routes of these customers can fast converge preferentially. The technology of VPN route convergence based on priorities is thus introduced. Through this technology, VPN routes are configured with different priorities. After a network fault occurs, VPN routes converge in order of priorities. VPN routes of higher priority converge first.
Issue 03 (2008-09-22) Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd. 3-5

3 BGP/MPLS IP VPN Configuration

Quidway NetEngine80E/40E Core Router Configuration Guide - VPN

3.2 Configuring VPN Instances


This section describes how to configure a VPN instance. 3.2.1 Establishing the Configuration Task 3.2.2 Creating a VPN Instance 3.2.3 Configuring Route Attributes of a VPN Instance 3.2.4 (Optional) Applying a Tunnel Policy to the VPN Instance 3.2.5 Configuring MPLS Label Allocation Based on the VPN Instance 3.2.6 Checking the Configuration

3.2.1 Establishing the Configuration Task


Applicable Environment
The VPN instance is used to isolate the VPN routes and the public routes. In all the BGP/MPLS IP VPN networking scenarios, you should configure VPN instances. The VPN instance implements isolation of address spaces through the RD, and controls VPN membership and routing rules through the VPN target attribute. To control the advertisement of VPN routes accurately with the VPN target attribute, use import and export routing policies. The import routing policy is used to filter the routes imported to the VPN instance. The export routing policy is used to filter the routes exported to other PEs.

Pre-configuration Tasks
Before configuring a VPN instance, complete the following tasks:
l

Configuring routing policies if import or export routing policies need to be applied to the VPN instance Configuring tunnel policies if load balancing is required, or configuring MPLS TE tunnels or GRE tunnels (For configuration about tunnel policies, refer to the chapter "VPN Tunnel Management Configuration" in this manual.)

Data Preparation
To configure VPN instances, you need the following data. No. 1 2 3 4
3-6

Data Name and RD of the VPN instance Description of the VPN instance (optional) VPN target The maximum number of routes allowed by the VPN instance (optional)
Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd. Issue 03 (2008-09-22)

Quidway NetEngine80E/40E Core Router Configuration Guide - VPN

3 BGP/MPLS IP VPN Configuration

No. 5

Data Routing policy that controls the receiving and sending of VPN routes (optional)

3.2.2 Creating a VPN Instance


Context
Do as follows on the PE devices connected with CE devices.

Procedure
Step 1 Run:
system-view

The system view is displayed. Step 2 Run:


ip vpn-instance vpn-instance-name

A VPN instance is created and the VPN instance view is displayed. Step 3 Run:
route-distinguisher route-distinguisher

The RD of the VPN instance is configured. A VPN instance takes effect only after the RD is configured. The RDs of the VPN instances on the same PE must be different from each other. Before configuring the RD, you can configure only the description about the VPN instance. Step 4 Run:
description description-information

The description about the VPN instance is configured. This Step is optional. The description can be used to record the relationship between a VPN instance and a certain VPN. ----End

3.2.3 Configuring Route Attributes of a VPN Instance


Context
Do as follows on the PE devices configured with VPN instances.

Procedure
Step 1 Run:
system-view

Issue 03 (2008-09-22)

Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd.

3-7

3 BGP/MPLS IP VPN Configuration

Quidway NetEngine80E/40E Core Router Configuration Guide - VPN

The system view is displayed. Step 2 Run:


ip vpn-instance vpn-instance-name

The VPN instance view is displayed. Step 3 Run:


vpn-target vpn-target &<1-8> [ both | export-extcommunity | import-extcommunity ]

The VPN target extended community for the VPN instance is created. You can configure a maximum of eight VPN targets with a command and a maximum of 16 VPN targets for a VPN instance. Step 4 (Optional) Run:
routing-table limit number { alert-percent | simply-alert }

The maximum number of routes of the VPN instance is configured. You can define the maximum number of routes for a VPN instance to avoid importing too many routes from the CE. The maximum number of routes supported by a PE device varies with the products. Step 5 Run:
import route-policy policy-name

The import routing policy of the VPN instance is configured. This Step is optional. Step 6 Run:
export route-policy policy-name

The export routing policy of the VPN instance is configured. This Step is optional. ----End

3.2.4 (Optional) Applying a Tunnel Policy to the VPN Instance


Context
Do as follows on the PE devices configured with VPN instances.

Procedure
Step 1 Run:
system-view

The system view is displayed. Step 2 Run:


ip vpn-instance vpn-instance-name

The VPN instance view is displayed. Step 3 Run:


tnl-policy policy-name

A tunnel policy is applied to the VPN instance.


3-8 Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd. Issue 03 (2008-09-22)

Quidway NetEngine80E/40E Core Router Configuration Guide - VPN

3 BGP/MPLS IP VPN Configuration

By default, a VPN instance uses an MPLS LSP as tunnel and no load balancing is carried out. ----End

3.2.5 Configuring MPLS Label Allocation Based on the VPN Instance


Context
Do as follows on the PE devices configured with VPN instances.

Procedure
Step 1 Run:
system-view

The system view is displayed. Step 2 Run:


ip vpn-instance vpn-instance-name

The VPN instance view is displayed. Step 3 Run:


apply-label per-instance

The label is allocated based on VPN instance. That is, all the routes in a VPN instance use the same label. The MPLS labels are generally allocated on a one label per route basis. When the number of routes becomes more, the Incoming Label Map (ILM) of a router needs to maintain more insegment entries accordingly. This demands high capacity of a device. The NE80E/40E provides the feature of the MPLS label allocation based on the VPN instance, that is, one label per VPN instance. All the routes of a VPN instance share the same label. ----End

3.2.6 Checking the Configuration


Run the following commands to check the previous configuration. Action View detailed information about the VPN instance. View brief information about the VPN instance. Command display ip vpn-instance verbose [ vpn-instancename ] display ip vpn-instance [ vpn-instance-name ]

Run the display ip vpn-instance command. If brief information about the VPN instance is displayed, it means the configuration succeeds. For example:
Issue 03 (2008-09-22) Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd. 3-9

3 BGP/MPLS IP VPN Configuration


<Quidway> display ip vpn-instance vpna VPN-Instance Name RD vpna 200:1

Quidway NetEngine80E/40E Core Router Configuration Guide - VPN

Creation Time 2006/6/06 11:26:06

Run the display ip vpn-instance verbose command. If detailed information about the VPN instance is displayed, it means the configuration succeeds. For example:
<Quidway> display ip vpn-instance verbose vpn1 VPN-Instance Name and ID : vpn1, 1 Create date : 2006/06/06 16:30:22 Up time : 0 days, 00 hours, 01 minutes and 03 seconds Route Distinguisher : 100:1 Export VPN Targets : 1:2 Import VPN Targets : 1:2 Label policy : label per instance Import Route Policy : p1 Export Route Policy : p2 Description : This is a VPN for company1. Maximum Routes Limit : 100

3.3 Configuring Basic BGP/MPLS IP VPN


This section describes how to configure basic BGP/MPLS IP VPN. 3.3.1 Establishing the Configuration Task 3.3.2 Configuring a VPN Instance 3.3.3 Binding an Interface with a VPN Instance 3.3.4 Configuring MP-IBGP Between PEs 3.3.5 Configuring a Routing Protocol Between PE and CE 3.3.6 Checking the Configuration

3.3.1 Establishing the Configuration Task


Applicable Environment
The BGP/MPLS IP VPN networking mentioned in this section involves only a carrier and an MPLS backbone network (not inter-provider), and LSP serves as the public tunnel. The functions of the PE, the P and the CE are simple. None of them serves as both the PE and the CE. Certain special BGP/MPLS IP VPN networking scenarios such as HoVPN, multi-role host and inter-provider VPN need additional configurations. For more information, see the related sections in this chapter. When configuring the BGP/MPLS IP VPN, management of the advertisement of VPN routes on the MPLS backbone networks is a key task, including the management of routes advertisement between the PE and the CE, and between the PEs. For the route exchange between the PE and the CE, you can configure static routes, RIP multiinstance, OSPF multi-instance, IS-IS multi-instance or BGP according to the networking situations. The MP-IBGP is adopted between the PEs.

Pre-configuration Tasks
Before configuring basic BGP/MPLS IP VPN, complete the following tasks:
3-10 Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd. Issue 03 (2008-09-22)

Quidway NetEngine80E/40E Core Router Configuration Guide - VPN


l l l l

3 BGP/MPLS IP VPN Configuration

Configuring IGP for the MPLS backbone network (PE, P) to implement IP connectivity Configuring basic MPLS capabilities for the MPLS backbone network (PE, P) Configuring tunnels between PEs Configuring IP addresses for the CE interface attached to PE

Data Preparation
To configure basic BGP/MPLS IP VPN, you need the following data. No. 1 Data To configure a VPN instance, you need the following data:
l l l l l l

Name of the VPN instance Route distinguisher Description of the VPN instance VPN target Routing policy (optional) Maximum number of route permitted in a VPN instance (optional)

2 3 4 5

IP address of the PE interface attached to the CE Route exchange between the PE and the CE: static route, RIP, OSPF, IS-IS or BGP AS number of the PE IP address and interface of the PE to establish the BGP peers

3.3.2 Configuring a VPN Instance


Context
For the details, see Configuring VPN Instances.

3.3.3 Binding an Interface with a VPN Instance


Context
Do as follows on the PE devices connected with CE devices.

Procedure
Step 1 Run:
system-view

The system view is displayed. Step 2 Run:


Issue 03 (2008-09-22) Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd. 3-11

3 BGP/MPLS IP VPN Configuration


interface interface-type interface-number

Quidway NetEngine80E/40E Core Router Configuration Guide - VPN

The interface view is displayed. Step 3 Run:


ip binding vpn-instance vpn-instance-name

The interface is bound with the VPN instance. ----End

3.3.4 Configuring MP-IBGP Between PEs


Context
Do as follows on the PE devices connected with CE devices.

Procedure
Step 1 Run:
system-view

The system view is displayed. Step 2 Run:


bgp as-number

The BGP view is displayed. Step 3 Run:


peer peer-address as-number as-number

The remote PE is specified as the peer. Step 4 Run:


peer peer-address connect-interface loopback interface-number

The interface to set up the TCP connection is specified. Step 5 Run:


ipv4-family vpnv4 [ unicast ]

The BGP VPNv4 address family view is displayed. Step 6 Run:


peer peer-address enable

The VPN IPv4 routing information is exchanged between the peers. ----End

3.3.5 Configuring a Routing Protocol Between PE and CE


Context
Select one of the following configurations as required:
3-12 Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd. Issue 03 (2008-09-22)

Quidway NetEngine80E/40E Core Router Configuration Guide - VPN


l l l l l l

3 BGP/MPLS IP VPN Configuration

Configuring EBGP between PE and CE Configuring IBGP between PE and CE Configuring the static route between PE and CE Configuring RIP between PE and CE Configuring OSPF between PE and CE Configuring IS-IS between PE and CE

Procedure
l Configuring EBGP Between PE and CE Configuring PE 1. Run:
system-view

The system view is displayed. 2. Run:


bgp as-number

The BGP view is displayed. 3. Run:


ipv4-family vpn-instance vpn-instance-name

The BGP VPN instance view is displayed. 4. Run:


peer peer-address as-number number

The CE is specified as the peer of the VPN private network. 5. (Optional) Run:
peer { ipv4-address | group-name } ebgp-max-hop [ number ]

The maximum number of hops is configured for the EBGP connection. Generally, a or multiple directly-connected physical link exists between a pair of EBGP peers. If not, you must use the peer ebgp-max-hop command to ensure that the TCP connection can be set up between the EBGP peers through multi-hop. 6. Run:
import-route direct [ med value ] [ route-policy policy-name ]

The direct route is imported. The PE must import the routes of the local CEs into the VPN routing table and advertise them to the peer PE. The route types to be imported may be different. The BGP uses the AS number to detect a routing loop. In the case of Hub and Spoke networking, however, if EBGP runs between the PE and the CE at the Hub site, the Hub-PE carries the local AS number when advertising routes to the Hub-CE. Therefore, the PE denies the subsequent update from the Hub-CE, because it contains the local AS number. To ensure proper transmission of routes in the Hub and Spoke scenario, configure all the BGP peers along the path, used for the Hub-CE to advertise private network routes to the Spoke-CE, to accept the routes which have the AS number repeated once. 7.
Issue 03 (2008-09-22)

Run:
Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd. 3-13

3 BGP/MPLS IP VPN Configuration

Quidway NetEngine80E/40E Core Router Configuration Guide - VPN

peer ip-address allow-as-loop [ number ]

The loop is allowed. This Step is optional and used in the Hub&Spoke networking. 8. Run:
peer ip-address substitute-as

The BGP AS number substitution is enabled. This Step is optional is used for the networking scenario where physically dispersed CEs use the same AS number. The configuration is executed on the PE.
NOTE

In the case of multi-homed CE, the BGP AS substitution function may lead to route loops.

Configuring CE 1. Run:
system-view

The system view is displayed. 2. Run:


bgp as-number

The BGP view is displayed. 3. Run:


peer peer-address as-number as-number

The CE is specified as the peer. 4. (Optional) Run:


peer { ipv4-address | group-name } ebgp-max-hop [ number ]

The maximum number of hops is configured for the EBGP connection. Generally, a or multiple directly-connected physical link exists between a pair of EBGP peers. If not, you must use the peer ebgp-max-hop command to ensure that the TCP connection can be set up between the EBGP peers through multi-hop. 5. Run:
import-route { direct | static | rip [ process-id ] | ospf process-id | isis process-id } [ med value | route-policy policy-name ]*

The direct route is imported. The CE must advertise the reachable VPN segment addresses to the attached PE. Through the PE, the addresses are advertised to the remote CEs. In applications, the types of routes to be imported may be different. l Configuring IBGP between PE and CE Do as follows on the PE: 1. Run:
system-view

The system view is displayed. 2. Run:


bgp

3-14

Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd.

Issue 03 (2008-09-22)

Quidway NetEngine80E/40E Core Router Configuration Guide - VPN

3 BGP/MPLS IP VPN Configuration

The BGP view is displayed. 3. Run:


ipv4-family vpn-instance vpn-instance-name

The BGP-VPN instance view is displayed. 4. Run:


peer peer-address as-number number

The CE is specified as the peer in the VPN private network. 5. (Optional) When the direct route of the local CE need be imported to the VPN routing table and then advertised to the remote PE, select one of the following configurations:

Run the import-route direct [ med value | route-policy policy-name ]* command, and you can find that the direct route to the local CE is imported. Run the network ip-address mask command, and you can find that the direct route to the local CE is advertised.
NOTE

The PE can automatically learn the direct route to the local CE. The route has a higher priority than the direct route that is advertised by IBGP. Therefore, if the Step 5 is not performed, the PE does not advertise the direct route to the remote PE by using MP-BGP.
NOTE

Compared with the BGP view, the BGP-VPN instance view does not support the following configuration commands:
l l l l l

BGP Confederation: confederation BGP Graceful Restartgraceful-restart Router ID of BGP: router-id Synchronization Between BGP and IGP: synchronization BGP Timer: timer

Do as follows on the CE: 1. Run:


system-view

The system view is displayed. 2. Run:


bgp as-number

The BGP view is displayed. 3. Run:


peer peer-address as-number as-number

The PE is specified as the IBGP peer. 4. Run:


import-route { direct | static | rip [ process-id ] | ospf process-id | isis process-id } [ med value | route-policy policy-name ]*

The route is imported to the local CE. The CE advertises its VPN network segment to the connected PE, and the PE then advertises the address to the remote CE. Note that the type of the imported route may vary with different networking modes.
Issue 03 (2008-09-22) Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd. 3-15

3 BGP/MPLS IP VPN Configuration

Quidway NetEngine80E/40E Core Router Configuration Guide - VPN

Configuring Static Routes Between PE and CE Do as follow on the PE. The CE is configured with the static route, and the configurations are common and not mentioned here.
NOTE

For details, refer to the chapter "IP Static Route Configuration" in the Quidway NetEngine80E/ 40E Router Configuration Guide - IP Routing.

1.

Run:
system-view

The system view is displayed. 2. Run:


ip route-static vpn-instance vpn-instance-name dest-ip-address { mask | mask-length } { interface-type interface-number | vpn-instance vpndestination-name nexthop-address | nexthop-address [ public ] } [ preference preference ] [ track bfd session cfg-name ] [ description text ]

The static route is configured for the specified VPN instance. 3. Run:
bgp as-number

The BGP view is displayed. 4. Run:


ipv4-family vpn-instance vpn-instance-name

The BGP VPN instance view is displayed. 5. Run:


import-route static [ med value ] [ route-policy policy-name ]

The configured static route is imported into the routing table of the BGP VPN instance. l Configuring RIP Between PE and CE Do as follow on the PE. The CE is configured with RIPv1 or RIPv2, and the configurations are common and not mentioned here.
NOTE

For details, refer to Quidway NetEngine80E/40E Router Configuration Guide - IP Routing.

1.

Run:
system-view

The system view is displayed. 2. Run:


rip process-id vpn-instance vpn-instance-name

The RIP instance is created between the PE and the CE and the RIP view is displayed. A RIP process belongs to only one VPN instance. If you run a RIP process without binding it to a VPN instance, this process is considered as a public network process. An RIP process that belongs to a public network cannot be bound with a VPN instance. 3. Run:
network network-address

The RIP is configured on the network segment of the interface bound with the VPN instance.
3-16 Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd. Issue 03 (2008-09-22)

Quidway NetEngine80E/40E Core Router Configuration Guide - VPN

3 BGP/MPLS IP VPN Configuration

4.

Run:
import-route bgp [ cost value ] [ route-policy policy-name ]

The BGP route is imported. After the execution of the import-route bgp command in the RIP view, the PE imports the VPN-IPv4 routes learnt from the remote PE into the RIP and further advertises them to its CE. 5. Run:
quit

Return to the system view. 6. Run:


bgp as-number

The BGP view is displayed. 7. Run:


ipv4-family vpn-instance vpn-instance-name

The BGP VPN instance view is displayed. 8. Run:


import-route rip process-id [ med value ] [ route-policy policy-name ]

The RIP route is imported into the routing table of the BGP VPN instance. After the configuration of the import-route rip command in the BGP VPN view, the PE imports the VPN routes learnt from its CE into BGP, forms them into VPN-IPv4 routes and advertise them to the peer PE.
NOTE

After an VPN instance is deleted, all the associated RIP processes are deleted.

Configuring OSPF Between PE and CE Do as follows on the PE. The CE is configured with OSPF. The configurations are common and not mentioned here.
NOTE

For details, refer to Quidway NetEngine80E/40E Router Configuration Guide - IP Routing.

1.

Run:
system-view

The system view is displayed. 2. Run:


ospf process-id [ router-id router-id ] vpn-instance vpn-instance-name

The OSPF instance is created between the PE and the CE and the OSPF view is displayed. An OSPF process belongs to only one VPN instance. If you run an OSPF process without binding it to a VPN instance, it is considered as a public network process. An OSPF process that belongs to a public network cannot be bound with a VPN instance. The OSPF processes that are bound to the VPN instance do not use the public network Router ID configured in the system view. You must specify the router ID when starting a process or to configure the IP address for at least one interface of the VPN instance. 3.
Issue 03 (2008-09-22)

(Optional)Run:
Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd. 3-17

3 BGP/MPLS IP VPN Configuration


domain-id domain-id [ secondary ]

Quidway NetEngine80E/40E Core Router Configuration Guide - VPN

The domain ID is configured. You can configure two domain IDs for each OSPF process. The domain IDs of different processes are independent of each other. There is no limitation to configure the domain IDs of the OSPF processes in different VPNs. But, all the OSPF processes in a VPN should be configured with the same domain ID to ensure correct routing advertisement. The domain ID of an OSPF process is contained in the routes generated by this process. When the OSPF routes are imported into BGP, the domain ID is added into the BGP VPN route and is transmitted as the BGP extended community attribute. By default, the domain ID is 0. 4. (Optional)Run:
route-tag tag-value

The VPN route tag is configured. 5. Run:


import-route bgp [ cost value ] [ type { 1 | 2 } ] [ tag value ] [ routepolicy policy-name ]

The BGP route is imported. 6. Run:


area area-id

The OSPF area view is displayed. 7. Run:


network ip-address wildcard-mask

OSPF is run on the network segment where the interface bound to the VPN instance resides. A network segment can belong to only one area. That is, you must specify to which area each OSPF interface belongs. OSPF can run on an interface if the following conditions are true:

The mask length of the IP address on the interface must be longer than wildcardmask specified in the network command. The primary IP address of the interface must be located in the network segment specified in the network command.

For a loopback interface, by default, OSPF advertises the IP address of the loopback interface as a 32-bit host route, which bears no relation to the mask length configured on the interface. 8. Run:
quit

Return to the OSPF view. 9. Run:


quit

Return to the system view.


3-18 Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd. Issue 03 (2008-09-22)

Quidway NetEngine80E/40E Core Router Configuration Guide - VPN

3 BGP/MPLS IP VPN Configuration

10. Run:
bgp as-number

The BGP view is displayed. 11. Run:


ipv4-family vpn-instance vpn-instance-name

The BGP VPN instance view is displayed. 12. Run:


import-route ospf process-id [ med med ] [ route-policy policy-name ]

The OSPF route is imported into the routing table of the BGP BPN instance.
NOTE

After a VPN instance is deleted, all related OSPF processes are deleted.

Configuring IS-IS Between PE and CE Do as follows on the PE. The CE is configured with IS-IS. The configurations are common and not mentioned here.
NOTE

For details, refer to Quidway NetEngine80E/40E Router Configuration Guide - IP Routing.

1.

Run:
system-view

The system view is displayed. 2. Run:


isis process-id vpn-instance vpn-instance-name

The IS-IS instance between the CE and the PE is created and the IS-IS view is displayed. An IS-IS process belongs to only one VPN instance. If you run an IS-IS process without binding it to a VPN instance, it is considered as a public network process. An IS-IS process that belongs to a public network cannot be bound with a VPN instance. 3. Run:
network-entity net

The Network Entity Title (NET) is configured. An NET defines the address of the current IS-IS area and the system ID of the router. A maximum of three NETs can be configured for one process on a router. 4. (Optional) Run:
is-level { level-1 | level-1-2 | level-2 }

The level of the router is configured. By default, the level of a router is level-1-2. 5. Run:
import-route bgp [ cost value ] [ cost-type { external | internal } ] [ level-1 | level-1-2 | level-2 ] [ route-policy policy-name ] [ tag tagvalue ]

The BGP route is imported. 6. Run:


quit

Issue 03 (2008-09-22)

Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd.

3-19

3 BGP/MPLS IP VPN Configuration

Quidway NetEngine80E/40E Core Router Configuration Guide - VPN

Return to the system view. 7. Run:


interface interface-type interface-number

The view of the interface bound to the VPN instance is displayed. 8. Run:
isis enable [ process-id ]

IS-IS is enabled on the interface. 9. Run:


quit

The system view is displayed. 10. Run:


bgp as-number

The BGP view is displayed. 11. Run:


ipv4-family vpn-instance vpn-instance-name

The BGP VPN instance view is displayed. 12. Run:


import-route isis process-id [ med med ] [ route-policy policy-name ]

The IS-IS route is imported into the routing table of the BGP VPN instance.
NOTE

After the VPN instance is deleted, all IS-IS processes are deleted.

----End

3.3.6 Checking the Configuration


Run the following commands to check the previous configuration. Action Check routing information about the specified VPN on the PE. Check routing information on the CE. Command display ip routing-table vpn-instance vpninstance-name display ip routing-table

Run the display ip routing-table vpn-instance vpn-instance-name command. If the VPN routes related to the CE are displayed, it means the configuration succeeds. Run the display ip routing-table command. If the routes to the peer CE are displayed on the CE, it means the configuration succeeds.

3.4 Configuring Hub&Spoke


This section describes how to configure Hub&Spoke.

3-20

Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd.

Issue 03 (2008-09-22)

Quidway NetEngine80E/40E Core Router Configuration Guide - VPN

3 BGP/MPLS IP VPN Configuration

3.4.1 Establishing the Configuration Task 3.4.2 Creating a VPN Instance 3.4.3 Configuring Route Attributes of the VPN Instance 3.4.4 Binding an Interface with the VPN Instance 3.4.5 Configuring MP-IBGP Between Hub-PE and Spoke-PE 3.4.6 Configuring a Routing Protocol or Static Routes Between PE and CE 3.4.7 Checking the Configuration

3.4.1 Establishing the Configuration Task


Applicable Environment
If it is required that all the users must access to a central access control device, the Hub&Spoke networking is adopted. In the Hub&Spoke network, all the Spoke stations communicate through the Hub station.

Pre-configuration Task
Before configuring Hub&Spoke, complete the following tasks:
l l

Configuring IGP on PE devices and P devices in the MPLS backbone network Configuring basic MPLS capability on PE devices and P devices in the MPLS backbone network Configuring the IP addresses, through which the CE devices access the PE devices, on the CE devices

Data Preparation
Before configuring Hub&Spoke, you need the following data. No. 1 Data To configure a VPN instance, you need the following data:
l l l l l l

Name of the VPN instance Route distinguisher Description of the VPN instance VPN target Routing policy (optional) Maximum number of route permitted in a VPN instance (optional)

2 3

IP addresses through which the CE devices access the PE devices Data for route configuration (static route, RIP, OSPF, IS-IS, or EBGP) between HubPE and Hub-CE, and Spoke-PE and Spoke-CE

Issue 03 (2008-09-22)

Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd.

3-21

3 BGP/MPLS IP VPN Configuration

Quidway NetEngine80E/40E Core Router Configuration Guide - VPN

3.4.2 Creating a VPN Instance


Context
Configure the VPN instance on each Spoke-PE and Hub-PE. Every Spoke-PE is configured with a VPN instance, while each Hub-PE is configured with the following two VPN instances:
l l

VPN-in: It receives and maintains all the VPN IPv4 routes. VPN-out: It maintains the routes of all the Hub stations and Spoke stations and advertises those routes to all the Spoke-PEs.
NOTE

Step 1 to 6 describes how to configure a VPN instance. Different VPN instances on a device have different names, RDs, and description.

Procedure
Step 1 Run:
system-view

The system view is displayed. Step 2 Run:


ip vpn-instance vpn-instance-name

The VPN instance is created and the VPN instance view is displayed. Step 3 Run:
route-distinguisher route-distinguisher

The RD of the VPN instance is configured. A VPN instance takes effect only after the RD is configured. Before configuring the RD, you can configure only the description about the VPN instance. Step 4 Run:
description description-information

The description about the VPN instance is configured. This Step is optional. The description can be used to record the relationship between a VPN instance and a certain VPN. Step 5 Run:
apply-label per-instance

The label is allocated based on VPN instance. That is, all the routes in a VPN instance use the same label. The MPLS labels are generally allocated on a one label per route basis. The NE80E/40E provides the feature of the MPLS label allocation based on the VPN instance, that is, one label per VPN instance. All the routes of a VPN instance share the same label. Step 6 Run:
routing-table limit number { alert-percent | simply-alert }

3-22

Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd.

Issue 03 (2008-09-22)

Quidway NetEngine80E/40E Core Router Configuration Guide - VPN

3 BGP/MPLS IP VPN Configuration

The maximum number of routes of the VPN instance is configured. This step is optional. You can define the maximum number of routes for a VPN instance to avoid importing too many routes. ----End

3.4.3 Configuring Route Attributes of the VPN Instance


Procedure
l Configuring Hub-PE 1. Run:
system-view

The system view is displayed. 2. Run:


ip vpn-instance vpn-instance-name1

The VPN instance view of the VPN-in is displayed. 3. Run:


vpn-target vpn-target1 &<1-8> import-extcommunity

The VPN target extended community for the VPN instance is created to import the IPv4 routes advertised by all the Spoke-PEs. vpn-target1 lists the export VPN targets advertised by all the Spoke-PEs. 4. Run:
import route-policy policy-name

The import routing policy of the VPN instance is configured. This step is optional. 5. Run:
export route-policy policy-name

The export routing policy of the VPN instance is configured. This step is optional. 6. Run:
quit

Return to the system view. 7. Run:


ip vpn-instance vpn-instance-name2

The VPN instance view of the VPN-out is displayed. 8. Run:


vpn-target vpn-target2 &<1-8> export-extcommunity

The VPN target extended community for the VPN instance is created to advertise the routes of all the Hubs and the Spokes. 9. Run:
import route-policy policy-name

The import routing policy of the VPN instance is configured. This step is optional. 10. Run:
export route-policy policy-name

Issue 03 (2008-09-22)

Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd.

3-23

3 BGP/MPLS IP VPN Configuration

Quidway NetEngine80E/40E Core Router Configuration Guide - VPN

The export routing policy of the VPN instance is configured. This step is optional. l Configuring Spoke-PE 1. Run:
system-view

The system view is displayed. 2. Run:


ip vpn-instance vpn-instance-name1

The VPN instance view of the VPN-in is displayed. 3. Run:


vpn-target vpn-target2 &<1-8> import-extcommunity

The VPN target extended community for the VPN instance is created to import the IPv4 routes advertised by all the Hub-PEs. vpn-target2 lists the export VPN targets of all the Hub-PEs. 4. Run:
vpn-target vpn-target1 &<1-8> export-extcommunity

The VPN target extended community for the VPN instance is created to advertise the IPv4 routes of stations the Spoke-PE accesses. 5. Run:
import route-policy policy-name

The import routing policy of the VPN instance is configured. This step is optional. 6. Run:
export route-policy policy-name

The export routing policy of the VPN instance is configured. This step is optional. 7. Run:
export route-policy policy-name

The export routing policy of the VPN instance is configured. This step is optional. ----End

3.4.4 Binding an Interface with the VPN Instance


Context
The configuration on the Hub-PE involves two interfaces or sub-interfaces: one is bound with the VPN-in and receives the routes advertised by the Spoke-PE; the other is bound with the VPN-out and advertises the routes of the Hub and all the Spokes. Do as follows on the Hub-PE and all the Spoke-PEs.

Procedure
Step 1 Run:
system-view

The system view is displayed.


3-24 Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd. Issue 03 (2008-09-22)

Quidway NetEngine80E/40E Core Router Configuration Guide - VPN

3 BGP/MPLS IP VPN Configuration

Step 2 Run:
interface interface-type interface-number

The interface view is displayed. Step 3 Run:


ip binding vpn-instance vpn-instance-name

The interface is bound with the VPN instance. ----End

3.4.5 Configuring MP-IBGP Between Hub-PE and Spoke-PE


Context
The Hub-PE must set up the MP-IBGP peer with all the Spoke-PEs. Spoke-PEs need not set up the MP-IBGP peer between each other. Do as follows on the Hub-PE and the Spoke-PE.

Procedure
Step 1 Run:
system-view

The system view is displayed. Step 2 Run:


bgp as-number

The BGP view is displayed. Step 3 Run:


peer peer-address as-number as-number

The remote PE is specified as the peer. Step 4 Run:


peer peer-address connect-interface loopback interface-number

The interface to set up the TCP connection is specified. Step 5 Run:


ipv4-family vpnv4 [ unicast ]

The BGP VPNv4 address family view is displayed. Step 6 Run:


peer peer-address enable

The VPN IPv4 routing information is exchanged between the peers. ----End

3.4.6 Configuring a Routing Protocol or Static Routes Between PE and CE


Issue 03 (2008-09-22) Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd. 3-25

3 BGP/MPLS IP VPN Configuration

Quidway NetEngine80E/40E Core Router Configuration Guide - VPN

Context
The Hub-PE and the Hub-CE can exchange routes in the following ways:
l

Configuring EBGP between the Hub-PE and the Hub-CE In this way, EBGP, IGP, or static routes can be adopted between the Spoke-PE and the Spoke-CE. To set up the EBGP peer between the Hub-PE and the Hub-CE, run the peer ip-address allow-as-loop [ number ] command in the BGP VPN instance view to allow the routing loop.

Configuring IGP between the Hub-PE and the Hub-CE In this way, instead of BGP, IGP or static routes are adopted between the Spoke-PE and the Spoke-CE.

Configuring static routes between the Hub-PE and the Hub-CE In this way, EBGP, IGP, or static routes can be adopted between the Spoke-PE and the Spoke-CE. If the Hub-CE uses the default route to access the Hub-PE, to advertise the default route to all the Spoke-PEs, do as follows on the Hub-PE:

Run the ip route-static vpn-instance vpn-instance-name 0.0.0.0 0.0.0.0 nexthopaddress [ preference preference ] [ description text ] command in the system view. vpn-instance-name refers to the VPN-out. nexthop-address is the IP address of the HubCE interface that is connected with the PE interface bound with the VPN-out.

Run the network 0.0.0.0 0 command in the BGP VPN instance view to advertise the default route to all the Spoke-PEs through MP-BGP. vpn-instance-name refers to the VPN-out.

Choose one of the preceding methods as required. For detailed configurations, see Configuring a Routing Protocol Between PE and CE.

3.4.7 Checking the Configuration


Run the following commands to check the previous configuration. Action Check routing information about the VPN-in and VPN-out on the Hub-PE. Check routing information on the Hub-CE and all the Spoke-CEs. Command display ip routing-table vpn-instance vpninstance-name display ip routing-table

Run the preceding commands. If the routing table of the VPN-in has routes to all the Spoke stations, and the routing table of the VPN-out has routes to the Hub and all the Spoke stations, it means the configuration succeeds. Additionally, Hub-CE and all the Spoke-CEs have routes to the Hub and all the Spoke stations.
3-26 Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd. Issue 03 (2008-09-22)

Quidway NetEngine80E/40E Core Router Configuration Guide - VPN

3 BGP/MPLS IP VPN Configuration

3.5 Configuring Inter-AS VPN Option A


This section describes how to configure inter-AS VPN Option A. 3.5.1 Establishing the Configuration Task 3.5.2 Configuring Inter-AS VPN Option A 3.5.3 Checking the Configuration

3.5.1 Establishing the Configuration Task


Applicable Environment
If the MPLS backbone network bearing the VPN routes is across multiple ASs, you must configure the Inter-AS VPNs. The Inter-AS VPN Option A is convenient to implement and is suitable when certain VPNs and VPN routes are configured on the PE.

Pre-configuration Tasks
Before configuring inter-AS VPN Option A, complete the following tasks:
l

Configuring IGP for MPLS backbone networks in each AS to keep IP connectivity of the backbones in one AS Enabling MPLS on the PE and the ASBR PE Setting up the tunnel (LSP, GRE, or MPLS TE) between the PE and the ASBR PE in the same AS Configuring the IP address of the CE interface through which the CE accesses the PE

l l

Data Preparation
To configure inter-AS VPN Option A, you need the following data: No. 1 Data To configure the VPN instance on the PE and the ASBR PE, you need the following data:
l l l l l l l

Name of the VPN instance Route distinguisher Description of the VPN instance VPN target Routing policy (optional) Tunnel policy (optional) Maximum number of route permitted in a VPN instance (optional)
Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd. 3-27

Issue 03 (2008-09-22)

3 BGP/MPLS IP VPN Configuration

Quidway NetEngine80E/40E Core Router Configuration Guide - VPN

No. 2 3 4 5 6

Data IP address of the PE interface connected with the PE AS number of the PE IP addresses of the interfaces connected the ASBR PEs Routing protocol configured between the PE and the CE: static routes, RIP, OSPF, IS-IS and BGP IP addresses and interfaces setting up the IBGP peer between the PE and the ASBR PE

3.5.2 Configuring Inter-AS VPN Option A


Context
Inter-AS VPN Option A is easy to deploy. When the amount of the VPNs and the VPN routes on the PE is small, this solution can be adopted. The configurations of the inter-AS VPN Option A are as follows:

Procedure
Step 1 Configuring Basic BGP/MPLS IP VPN on each AS Step 2 Configuring ASBR-PE by considering the peer ASBR-PE as its CE Step 3 Configuring VPN instances for the PE and the ASBR-PE separately The VPN instance for PE is used to access CE; that for ASBR-PE is used to access its peer ASBR-PE.
NOTE

In inter-AS VPN Option A mode, for the same VPN, the VPN targets of ASBR-PE and the PE VPN instance must be matched in an AS. This is not required for the PEs in different ASs.

----End

3.5.3 Checking the Configuration


Run the following commands to check the previous configuration. Action Check information about the BGP peers on the PE or the ASBR PE. Check the IPv4 VPN routes on the PE or the ASBR-PE.
3-28

Command display bgp vpnv4 all peer display bgp vpnv4 all routing-table

Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd.

Issue 03 (2008-09-22)

Quidway NetEngine80E/40E Core Router Configuration Guide - VPN

3 BGP/MPLS IP VPN Configuration

Action Check the VPN routing table on the PE or the ASBR PE.

Command display ip routing-table vpn-instance vpninstance-name

After the successful configuration, run the display bgp vpnv4 all peer command on the PE or the ASBR PE, and you can view that the BGP VPNv4 peer relationship between the ASBR-PE and the PE in the same AS is "Established". Run the display bgp vpnv4 all routing-table command on the PE or the ASBR PE, and you can view the VPNv4 routes on the ASBR-PE. Run the display ip routing-table vpn-instance command on the PE or the ASBR PE, and you can view all the relevant routes in the VPN routing table.

3.6 Configuring Inter-AS VPN Option B


This section describes how to configure inter-AS VPN Option B. 3.6.1 Establishing the Configuration Task 3.6.2 Configuring MP-IBGP Between PE-ASBRs 3.6.3 Configuring MP-EBGP Between ASBRs 3.6.4 Controlling the Receiving and Sending of VPN Routes 3.6.5 Storing Information About the VPN Instance on the ASBR PE 3.6.6 Configuring the Routing Protocol Between CE and PE 3.6.7 Checking the Configuration

3.6.1 Establishing the Configuration Task


Applicable Environment
If the MPLS backbone network bearing VPN routes crosses multiple ASs, the inter-AS VPN is needed. If the ASBR can manage VPN routes, however, there are no enough interfaces for each inter-AS VPN, the inter-AS VPN Option B is adopted. In this option, the ASBR is involved in maintaining and advertising VPN IPv4 routes.

Pre-configuration Tasks
Before configuring inter-AS VPN Option B, complete the following tasks:
l

Configuring IGP for MPLS backbone networks in each AS to realize IP connectivity of the backbones in one AS Configuring basic MPLS capability for the MPLS backbone network Configuring MPLS LDP and establishing LDP LSP for the MPLS backbone network
Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd. 3-29

l l

Issue 03 (2008-09-22)

3 BGP/MPLS IP VPN Configuration


l

Quidway NetEngine80E/40E Core Router Configuration Guide - VPN

Configuring VPN Instances on the PE devices connected with the CE devices and Binding an Interface with a VPN Instance Configuring the IP addresses of the CE interfaces through which the CE accesses the PE

Data Preparation
To configure inter-AS VPN Option B, you need the following data. No. 1 Data To configure the VPN instance on the PE and the ASBR PE, you need the following data:
l l l l l l l

Name of the VPN instance Route distinguisher Description of the VPN instance VPN target Routing policy (optional) Tunnel policy (optional) Maximum number of route permitted in a VPN instance (optional)

2 3 4 5 6

IP address of the PE interface connected with the PE AS number of the PE IP addresses of the interfaces connected the ASBR PEs Routing policy configured between the PE and the CE: static routes, RIP, OSPF, ISIS and BGP IP addresses and interfaces setting up the IBGP peer between the PE and the ASBR PE

3.6.2 Configuring MP-IBGP Between PE-ASBRs


Context
Do as follows on the PE and the ASBR PE in the same AS.

Procedure
Step 1 Run:
system-view

The system view is displayed. Step 2 Run:


bgp as-number

The BGP view is displayed.


3-30 Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd. Issue 03 (2008-09-22)

Quidway NetEngine80E/40E Core Router Configuration Guide - VPN

3 BGP/MPLS IP VPN Configuration

Step 3 Run:
peer peer-address as-number as-number

The peer ASBR PE is specified as the IBGP peer. Step 4 Run:


peer peer-address connect-interface loopback interface-number

The loopback interface is specified as the outgoing interface of the BGP session. Step 5 Run:
ipv4-family vpnv4 [ unicast ]

The BGP-VPNv4 address family is displayed. Step 6 Run:


peer peer-address enable

The exchange of IPv4 VPN routes with the peer PE or the ASBR PE is enabled. ----End

3.6.3 Configuring MP-EBGP Between ASBRs


Context
Do as follows on the ASBR PE.

Procedure
Step 1 Run:
system-view

The system view is displayed. Step 2 Run:


interface interface-type interface-number

The view of the interface connected with the ASBR PE interface is displayed. Step 3 Run:
ip address ip-address { mask | mask-length }

The IP address of the interface is configured. Step 4 Run:


mpls

The MPLS capability is enabled. Step 5 Run:


quit

Return to the system view. Step 6 Run:


bgp as-number

The BGP view is displayed.


Issue 03 (2008-09-22) Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd. 3-31

3 BGP/MPLS IP VPN Configuration

Quidway NetEngine80E/40E Core Router Configuration Guide - VPN

Step 7 Run:
peer peer-address as-number as-number

The peer ASBR PE is specified as the EBGP peer. Step 8 Run:


ipv4-family vpnv4 [ unicast ]

The BGP-VPNv4 address family is displayed. Step 9 Run:


peer peer-address enable

The exchange of IPv4 VPN routes with the peer ASBR PE is enabled. ----End

3.6.4 Controlling the Receiving and Sending of VPN Routes


Context
The following describes two methods for controlling the receiving and sending of VPN routes:
l

Without VPN Target Filtering In this way, the ASBR PE stores all the VPN IPv4 routes. VPN Target Filtering In this way, the ASBR stores partial VPN IPv4 routes through routing policies.

Do as follows on the ASBR PE.

Procedure
l Without VPN Target Filtering 1. Run:
system-view

The system view is displayed. 2. Run:


bgp as-number

The BGP view is displayed. 3. Run:


ipv4-family vpnv4 [ unicast ]

The BGP-VPNv4 address family is displayed. 4. Run:


undo policy vpn-target

The VPN IPv4 routes are not filtered by the VPN target. By default, the PE performs VPN target filtering on the received IPv4 VPN routes. The routes passing the filter is added to the routing table, and the others are discarded. If the PE is not configured with VPN instance, or the VPN instance is not configured with the VPN target, the PE discards all the received VPN IPv4 routes.
3-32 Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd. Issue 03 (2008-09-22)

Quidway NetEngine80E/40E Core Router Configuration Guide - VPN

3 BGP/MPLS IP VPN Configuration

In the Inter-AS VPN Option B mode, if the ASBR-PE does not store information about the VPN instance, the ASBR-PE must save all the VPNv4 routing information and advertise it to the peer ASBR-PE. In this case, the ASBR-PE should receive all the VPNv4 routing information without the VPN target filtering. l VPN Target Filtering 1. Run:
system-view

The system view is displayed. 2. Run:


ip extcommunity-filter extcom-filter-number { deny | permit } rt vpntarget &<1-16>

The extended community filter is configured. 3. Run:


route-policy route-policy-name permit node node

The routing policy is configured. 4. Run:


if-match extcommunity-filter extcomm-filter-number &<1-16>

A matching rule based on the extended community filter is configured. 5. Run:


quit

Return to the system view. 6. Run:


bgp as-number

The BGP view is displayed. 7. Run:


ipv4-family vpnv4 [ unicast ]

The BGP-VPNv4 address family is displayed. 8. Run:


peer peer-address route-policy policy-name { export | import }

The routing policy is applied to controlling the VPN IPv4 routing information. ----End

3.6.5 Storing Information About the VPN Instance on the ASBR PE


Context
If the VPN receives and sends the VPNv4 routing information through the ASBR-PE, configure the corresponding instance on the ASBR-PE. Otherwise, the instance is not needed. Do as follows on the ASBR PE.

Procedure
Step 1 Run:
Issue 03 (2008-09-22) Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd. 3-33

3 BGP/MPLS IP VPN Configuration


system-view

Quidway NetEngine80E/40E Core Router Configuration Guide - VPN

The system view is displayed. Step 2 Run:


ip vpn-instance vpn-instance-name

A VPN instance is created and the VPN instance view is displayed. Step 3 Run:
route-distinguisher route-distinguisher

The RD of the VPN instance is configured. Step 4 Run:


vpn-target vpn-target &<1-8> import-extcommunity

The VPN target extended community for the VPN instance is created. For the same VPN in the inter-AS VPN Option B mode, the VPN targets of the ASBR-PE and the PE in an AS should match with each other. The VPN targets of the PE in different ASs must match with each other too. Step 5 Run:
routing-table limit number { alert-percent | simply-alert }

The maximum number of routes of the VPN instance is configured. Step 6 Run:
import route-policy policy-name

The import routing policy of the VPN instance is configured. This step is optional. Step 7 Run:
export route-policy policy-name

The export routing policy of the VPN instance is configured. This step is optional. ----End

3.6.6 Configuring the Routing Protocol Between CE and PE


Context
Choose one of the preceding methods as required. For detailed configurations, see Configuring a Routing Protocol Between PE and CE.

3.6.7 Checking the Configuration


Run the following commands to check the previous configuration. Action Check the VPN IPv4 routing table on the PE or the ASBR PE.
3-34

Command display bgp vpnv4 all routing-table

Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd.

Issue 03 (2008-09-22)

Quidway NetEngine80E/40E Core Router Configuration Guide - VPN

3 BGP/MPLS IP VPN Configuration

Action Check information about all the BGP peer on the PE or the ASBR PE. Check the VPN routing table on the PE.

Command display bgp vpnv4 all peer display ip routing-table vpn-instance vpninstance-name

Run the display bgp vpnv4 all routing-table command on the ASBR PE. If the IPv4 routes of the VPN are displayed, it means the configuration succeeds. Run the display bgp vpnv4 all peer command on the PE or the ASBR PE. If the status of the IBGP peer is "Established", and the status of the EBGP peer is "Established", it means the configuration succeeds. Run the display ip routing-table vpn-instance command on the PE. If the VPN routes are displayed, it means the configuration succeeds.

3.7 Configuring Inter-AS VPN Option C


This section describes how to configure inter-AS VPN Option C. 3.7.1 Establishing the Configuration Task 3.7.2 Enabling the Labeled IPv4 Route Exchange 3.7.3 Configuring a Routing Policy to Control Label Distribution 3.7.4 Establishing the MP-EBGP Peer Between PEs 3.7.5 Configuring the Routing Protocol Between CE and PE 3.7.6 Checking the Configuration

3.7.1 Establishing the Configuration Task


Applicable Environment
If the MPLS backbone network bearing VPN routes crosses multiple ASs, the inter-AS VPN is needed. If each AS has a large amount of VPN routes to be exchanged, the VPN-Option C can be adopted to prevent the ASBR PE becoming a bottleneck of the network.

Pre-configuration Tasks
Before configuring inter-AS VPN Option C, complete the following tasks:
l

Configuring IGP for MPLS backbone networks in each AS to realize IP connectivity of the backbones in one AS Configuring basic MPLS capability for the MPLS backbone network
Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd. 3-35

Issue 03 (2008-09-22)

3 BGP/MPLS IP VPN Configuration


l l

Quidway NetEngine80E/40E Core Router Configuration Guide - VPN

Configuring MPLS LDP and establishing LDP LSP for the MPLS backbone network Configuring VPN Instances on the PE devices connected with the CE devices and Binding an Interface with a VPN Instance Configuring the IP addresses of the CE interfaces through which the CE accesses the PE

Data Preparation
To configure inter-AS VPN Option C, you need the following data: No. 1 Data To configure the VPN instance on the PE and the ASBR PE, you need the following data:
l l l l l l l

Name of the VPN instance Route distinguisher Description of the VPN instance VPN target Routing policy (optional) Tunnel policy (optional) Maximum number of route permitted in a VPN instance (optional)

2 3 4 5 6 7

IP address of the PE interface connected with the CE AS number of the PE IP addresses of the interfaces connected the ASBR PEs Routing policy configured on the ASBR PE Routing protocol configured between the PE and the CE: static routes, RIP, OSPF, IS-IS, or BGP IP addresses and interfaces setting up the IBGP peer between the PE and the ASBR PE

NOTE

In inter-AS VPNOption C, do not enable LDP between ASBR-PEs. If LDP is enabled on the interfaces between ASBR-PEs, LDP sessions are then established between the ASBR-PEs. In this case, the ASBR-PEs establish an egress LSP and send Mapping messages to the upstream ASBR-PE. After receiving Mapping messages, the upstream ASBR-PE establishes a transit LSP. When there are high-volume BGP routes, enabling LDP on the interfaces between ASBR-PEs leads to the occupation of a large number of LDP labels.

3.7.2 Enabling the Labeled IPv4 Route Exchange

3-36

Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd.

Issue 03 (2008-09-22)

Quidway NetEngine80E/40E Core Router Configuration Guide - VPN

3 BGP/MPLS IP VPN Configuration

Context
NOTE

In option C, do not enable LDP between ASBR PEs. If LDP is enabled on interfaces connected with ASBR PEs, the LDP session is set up between ASBR PEs. The ASBR PE creates the egress LSP and sends Mapping messages to the upstream ASBR PE. After receiving the Mapping messages, the upstream ASBR PE creates transit LSP. When a large amount of BGP routes exist, enabling LDP on interfaces connected with ASBR PEs leads to the consumption of a great number of LDP labels.

Procedure
l Configuring the PE 1. Run:
system-view

The system view is displayed. 2. Run:


bgp as-number

The BGP view is displayed. 3. Run:


peer peer-address label-route-capability

The exchange of the labeled IPv4 routes with the ASBR PE in the same AS is enabled. l Configuring the ASBR PE 1. Run:
system-view

The system view is displayed. 2. Run:


interface interface-type interface-number

The view of the interface connected with the peer ASBR PE is displayed. 3. Run:
ip address ip-address { mask | mask-length }

The IP address of the interface is configured. 4. Run:


mpls

The MPLS capability is enabled. 5. Run:


quit

Return to the system view. 6. Run:


bgp as-number

The BGP view is displayed. 7. Run:


peer peer-address label-route-capability

The exchange of the labeled IPv4 routes with the PE of the same AS is enabled.
Issue 03 (2008-09-22) Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd. 3-37

3 BGP/MPLS IP VPN Configuration

Quidway NetEngine80E/40E Core Router Configuration Guide - VPN

In the Option C solution, you must establish an inter-AS VPN LSP. The related PEs and the ASBRs exchange public network routes with the MPLS labels. The ASBR-PE establishes a common EBGP peer relationship with the remote ASBRPE to switch labeled IPv4 routes. The public network routes with the MPLS labels are advertised by the MP-BGP. According to RFC 3107 (Carrying Label Information in BGP-4), the label mapping information of a route is carried by advertising BGP updates. This feature is implemented through BGP extension attributes, which requires BGP peers to process the labeled IPv4 routes. By default, BGP peers cannot process labeled IPv4 routes. 8. Run:
peer peer-address as-number as-number

The peer ASBR PE is specified as the EBGP peer. 9. Run:


peer peer-address label-route-capability

The exchange of the labeled IPv4 routes with the peer ASBR PE is enabled. ----End

3.7.3 Configuring a Routing Policy to Control Label Distribution


Context
Do as follows on the ASBR PE.

Procedure
l Creating a Routing Policy 1. Run:
system-view

The system view is displayed. 2. Run:


route-policy policy-name1 permit node seq-number

The routing policy applied to the local PE is created. For the labeled IPv4 routes received from ASBR PEs, and sent to the PEs in the same AS, this policy ensures that a new MPLS label is allocated. 3. Run:
if-match mpls-label

The IPv4 routes with label are matched. 4. Run:


apply mpls-label

The label is allocated to the IPv4 route. 5. Run:


quit

3-38

Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd.

Issue 03 (2008-09-22)

Quidway NetEngine80E/40E Core Router Configuration Guide - VPN

3 BGP/MPLS IP VPN Configuration

Return to the system view. 6. Run:


route-policy policy-name2 permit node seq-number

The routing policy applied to the peer ASBR PE is created. For the labeled IPv4 routes received from PE in the local AS, and sent to the remote ASBR PE, this policy ensures that a new MPLS label is allocated. 7. Run:
apply mpls-label

The label is allocated to the IPv4 route. l Applying Routing Policies 1. Run:
system-view

The system view is displayed. 2. Run:


bgp as-number

The BGP view is displayed. 3. Run:


peer peer-address route-policy policy-name1 export

The routing policy adopted when the route is advertised to the local PE. 4. Run:
peer peer-address route-policy policy-name2 export

The routing policy adopted when the route is advertised to the peer ASBR PE. ----End

3.7.4 Establishing the MP-EBGP Peer Between PEs


Context
Do as follows on the ASBR PE.

Procedure
l Configuring ASBR PEs 1. Run:
system-view

The system view is displayed. 2. Run:


bgp as-number

The BGP view is displayed. 3. Run:


network ip-address [ mask | mask-length ] [ route-policy route-policyname ]

Issue 03 (2008-09-22)

Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd.

3-39

3 BGP/MPLS IP VPN Configuration

Quidway NetEngine80E/40E Core Router Configuration Guide - VPN

The address of the loopback interface that is used to set up the BGP session is advertised to the peer ASBR PE and then to the PEs of the other ASs. l Configuring PE 1. Run:
system-view

The system view is displayed. 2. Run:


bgp as-number

The BGP view is displayed. 3. Run:


peer peer-address as-number as-number

The peer PE is specified as the EBGP peer. 4. Run:


peer peer-address ebgp-max-hop [ hop-count ]

The maximum hop of the EBGP peer is configured. PEs of different ASs are generally not directly connected. To set up the EBGP peer between PEs of different ASs, configure the maximum hop between PEs and ensure PEs are reachable. 5. Run:
ipv4-family vpnv4 [ unicast ]

The BGP VPNv4 address family is displayed. 6. Run:


peer peer-address enable

The exchange of VPN IPv4 routes with the peer PE is enabled. 7. (Optional) Run:
peer peer-address next-hop-invariable

The next hop is not changed when the route is advertised to the EBGP peer.
NOTE

Perform this step when using Route Reflector (RR) to advertise VPNv4 routes. If VPNv4 routes are advertised between RRs, the next hop cannot be changed. This step is not configured in most cases.

----End

3.7.5 Configuring the Routing Protocol Between CE and PE


Context
Choose one of the preceding methods as required. For detailed configurations, see Configuring a Routing Protocol Between PE and CE.

3.7.6 Checking the Configuration


Run the following commands to check the previous configuration.
3-40 Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd. Issue 03 (2008-09-22)

Quidway NetEngine80E/40E Core Router Configuration Guide - VPN

3 BGP/MPLS IP VPN Configuration

Action Check the BGP peers on the PE. Check the VPN IPv4 routing table on the PE or the ASBR PE. Check information about the label of the IPv4 route on the ASBR PE. Check the VPN routing table on the PE.

Command display bgp vpnv4 all peer display bgp vpnv4 all routing-table display bgp routing-table label display ip routing-table vpn-instance vpn-instance-name

Run the display bgp vpnv4 all peer command on the PE. If the status of the EBGP peer between PEs is "Established", it means the configuration succeeds. Running the display bgp vpnv4 all routing-table command, you can view that the PE has the VPN IPv4 routes while the ASBR PE has no VPN IPv4 route. Run the display bgp routing-table label command on the ASBR PE. If information about the label of the IPv4 route is displayed, it means the configuration succeeds. Run the display ip routing-table vpn-instance command on the PE. If the VPN routes to related CEs are displayed, it means the configuration succeeds.

3.8 Configuring Carrier's Carrier


This section describes how to configure carrier's carrier. See: 3.8.1 Establishing the Configuration Task 3.8.2 Configuring Level 2 Carrier CE to Access Level 1 Carrier PE (Intra-AS) 3.8.3 Configuring Level 2 Carrier CE to Access Level 1 Carrier PE (Inter-AS) 3.8.4 Configuring Level 2 Carrier's Customer to Access Level 2 Carrier PE 3.8.5 Configuring External Route Exchanges Between Level 2 Carrier PEs 3.8.6 Checking the Configuration

3.8.1 Establishing the Configuration Task


Applicable Environment
If the BGP/MPLS IP VPN users are also service providers, who provide common Internet services or BGP/MPLS IP VPN services to their customers, you can use the carriers carrier configuration.

Pre-configuration Tasks
Before configuring the carrier's carrier, complete the following tasks:
Issue 03 (2008-09-22) Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd. 3-41

3 BGP/MPLS IP VPN Configuration


l

Quidway NetEngine80E/40E Core Router Configuration Guide - VPN

Configuring IGP for the Level 1 carrier's MPLS backbone network to implement the IP connectivity of the backbone network Configuring the MPLS basic capability and the LDP for the Level 1 carrier's MPLS backbone network Establishing the MP-IBGP connection between the Level 1 carrier PEs Configuring the IGP for the Level 2 carrier's IP network or MPLS network to the IP connectivity Configuring the MPLS basic capability and LDP for the Level 2 carrier network and establishing the LSP if the Level 2 carrier provides the BGP/MPLS IP VPN services

l l

Data Preparation
To configure the carrier's carrier, you need the following data. No. 1 2 3 4 5 Data Name, RD and VPN target of the VPN instance used by the Level 1 carrier CE to access the Level 1 carrier PE IP addresses of each interface on the Level 1 carrier PE, and the Level 2 carrier CE and PE AS number of the Level 1 carrier network and that of the Level 2 carrier network Name and number of the routing policy used when the Level 1 and Level 2 carrier have different AS numbers Maximum hops of the EBGP connection allowed for the Level 2 carrier network (inter-AS)

3.8.2 Configuring Level 2 Carrier CE to Access Level 1 Carrier PE (Intra-AS)


Procedure
l Creating a VPN instance on Level 1 Carrier PE 1. Run:
system-view

The system view is displayed. 2. Run:


ip vpn-instance vpn-instance-name

A VPN instance is created and the VPN instance view is displayed. 3. Run:
route-distinguisher route-distinguisher

The RD of the VPN instance is configured. 4.


3-42

Run:
Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd. Issue 03 (2008-09-22)

Quidway NetEngine80E/40E Core Router Configuration Guide - VPN

3 BGP/MPLS IP VPN Configuration

vpn-target vpn-target &<1-8> [ both | export-extcommunity | importextcommunity ]

The VPN target for the VPN instance is configured. 5. Run:


quit

Return to the system view. 6. Run:


interface interface-type interface-number

The view of the interface connected with the Level 2 carrier CE. 7. Run:
ip binding vpn-instance vpn-instance-name

The interface is bound with the VPN instance. 8. Run:


ip address ip-address { mask | mask-length }

The IP address of the interface is configured. l Configuring LDP and IGP on Level 1 Carrier PE 1. Run:
system-view

The system view is displayed. 2. Run:


mpls ldp vpn-instance vpn-instance-name

LDP is enabled for the VPN instance. 3. Run:


quit

Return to the system view. 4. Run:


interface interface-type interface-number

The view of the interface connected with the Level 2 carrier CE. 5. Run:
mpls

MPLS is enabled on the interface. 6. Run:


mpls ldp

LDP is enabled on the interface. 7. Run:


quit

Return to the system view. 8. Configure IGP between the Level 1 carrier PE and the Level 2 carrier CE. The RIP multi-instance, the OSPF multi-instance or the IS-IS multi-instance can be used on PE as the IGP protocol. l
Issue 03 (2008-09-22)

Configuring LDP and IGP on the Level 2 Carrier CE


Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd. 3-43

3 BGP/MPLS IP VPN Configuration

Quidway NetEngine80E/40E Core Router Configuration Guide - VPN

1.

Run:
system-view

The system view is displayed. 2. Run:


interface interface-type interface-number

The view of the interface connected with the Level 1 carrier CE. 3. Run:
ip address ip-address { mask | mask-length }

The IP address of the interface is configured. 4. Run:


mpls

MPLS is enabled on the interface. 5. Run:


mpls ldp

LDP is enabled on the interface. 6. Run:


mpls ldp transport-address interface

The LDP session is set up on the IP address of the interface. 7. Run:


quit

Return to the system view. 8. Configure IGP between the Level 2 carrier CE and the Level 1 carrier PE. RIP, OSPF or IS-IS can be used as the IGP protocol. ----End

3.8.3 Configuring Level 2 Carrier CE to Access Level 1 Carrier PE (Inter-AS)


Procedure
l Creating a VPN instance on the Level 1 carrier PE 1. Run:
system-view

The system view is displayed. 2. Run:


ip vpn-instance vpn-instance-name

A VPN instance is created and the VPN instance view is displayed. 3. Run:
route-distinguisher route-distinguisher

The RD of the VPN instance is configured.


3-44 Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd. Issue 03 (2008-09-22)

Quidway NetEngine80E/40E Core Router Configuration Guide - VPN

3 BGP/MPLS IP VPN Configuration

4.

Run:
vpn-target vpn-target &<1-8> [ both | export-extcommunity | importextcommunity ]

The VPN target for the VPN instance is configured. 5. Run:


quit

Return to the system view. 6. Run:


interface interface-type interface-number

The view of the interface connected with the Level 2 carrier CE. 7. Run:
ip binding vpn-instance vpn-instance-name

The interface is bound with the VPN instance. 8. Run:


ip address ip-address { mask | mask-length }

The IP address of the interface is configured. 9. Run:


mpls

The MPLS capability is enabled on the interface. l Configuring Labeled BGP on the Level 1 Carrier PE 1. Run:
system-view

The system view is displayed. 2. Run:


route-policy policy-name permit node seq-number

The routing policy applied to the Level 2 carrier CE is configured. 3. Run:


apply mpls-label

The label is allocated to the IPv4 route. 4. Run:


quit

Return to the system view. 5. Run:


bgp as-number1

The BGP view is displayed. 6. Run:


ipv4-family vpn-instance vpn-instance-name

The BGP VPN instance view is displayed. 7. Run:


peer peer-address as-number as-number2

The Level 2 carrier CE is specified as the EBGP peer.


Issue 03 (2008-09-22) Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd. 3-45

3 BGP/MPLS IP VPN Configuration

Quidway NetEngine80E/40E Core Router Configuration Guide - VPN

8.

Run:
peer peer-address label-route-capability

The exchange of labeled IPv4 routes is enabled. 9. Run:


peer peer-address route-policy policy-name export

The label is allocated to the route advertised by the Level 2 carrier CE. 10. Run:
import-route direct

The direct route is imported. l On a Level 2 Carrier CE, Configuring Labeled BGP Between the Level 2 Carrier CE and the Level 1 Carrier PE 1. Run:
system-view

The system view is displayed. 2. Run:


interface interface-type interface-number

The view of the interface connected with the Level 1 carrier CE. 3. Run:
ip address ip-address { mask | mask-length }

The IP address of the interface is configured. 4. Run:


mpls

MPLS is enabled on the interface. 5. Run:


quit

Return to the system view. 6. Run:


route-policy policy-name1 permit node seq-number

The routing policy applied to the Level 1 carrier PE is configured. 7. Run:


apply mpls-label

The label is allocated to the IPv4 route. 8. Run:


quit

Return to the system view. 9. Run:


bgp as-number2

The BGP view is displayed. 10. Run:


peer peer-address as-number as-number1

3-46

Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd.

Issue 03 (2008-09-22)

Quidway NetEngine80E/40E Core Router Configuration Guide - VPN

3 BGP/MPLS IP VPN Configuration

The Level 1 carrier PE is specified as the EBGP peer. 11. Run:


peer peer-address label-route-capability

The exchange of labeled IPv4 routes is enabled. 12. Run:


peer peer-address route-policy policy-name1 export

The label is allocated to the route advertised by the Level 1 carrier PE. l On a Level 2 Carrier CE, Configuring Labeled BGP Between the Level 2 Carrier CE and the Level 2 Carrier PE 1. Run:
system-view

The system view is displayed. 2. Run:


route-policy policy-name2 permit node seq-number

The routing policy applied to the Level 2 carrier PE is created. 3. Run:


if-match mpls-label

The IPv4 routes with specified label are matched. 4. Run:


apply mpls-label

The label is allocated to the IPv4 route. 5. Run:


quit

Return to the system view. 6. Run:


bgp as-number2

The BGP view is displayed. 7. Run:


peer peer-address as-number as-number2

The Level 2 carrier PE is specified as the IBGP peer of another Level 2 carrier PE. 8. Run:
peer peer-address connect-interface loopback interface-number

The interface on which the TCP connection is set up is specified. 9. Run:


peer peer-address label-route-capability

The exchange of labeled IPv4 routes is enabled. 10. Run:


peer peer-address route-policy policy-name2 export

The label is allocated to the labeled IPv4 route advertised to the Level 2 carrier PE. 11. Run:
import-route direct

Issue 03 (2008-09-22)

Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd.

3-47

3 BGP/MPLS IP VPN Configuration

Quidway NetEngine80E/40E Core Router Configuration Guide - VPN

The direct route is imported. 12. Run:


import-route protocol process-id

The internal route of the Level 2 carrier network is imported. The imported route type depends on the type of IGP running on the Level 2 carrier MPLS network. l Configuring Labeled BGP on the Level 2 Carrier PE 1. Run:
system-view

The system view is displayed. 2. Run:


bgp as-number2

The BGP view is displayed. 3. Run:


peer peer-address as-number as-number2

The Level 2 carrier PE is specified as the IBGP peer of another Level 2 carrier PE. 4. Run:
peer peer-address connect-interface loopback interface-number

The interface on which the TCP connection is set up is specified. 5. Run:


peer peer-address label-route-capability

The exchange of labeled IPv4 routes is enabled. ----End

3.8.4 Configuring Level 2 Carrier's Customer to Access Level 2 Carrier PE


Procedure
l Second Level Carrier Is Common ISP In this case, the Level 2 carrier PE is not configured with the BGP/MPLS IP VPN, but configured according to the specific requirements. The details are not mentioned here. l Level 2 Carrier Provides BGP/MPLS IP VPN Services In this case, see the configuration between the PE and the CE in Configuring Basic BGP/ MPLS IP VPN. ----End

3.8.5 Configuring External Route Exchanges Between Level 2 Carrier PEs


3-48 Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd. Issue 03 (2008-09-22)

Quidway NetEngine80E/40E Core Router Configuration Guide - VPN

3 BGP/MPLS IP VPN Configuration

Context
When configuring route exchange of the Level 2 carrier PE, select one of the following configurations based on the service type provided by the Level 2 carrier for customers:

Procedure
l Level 2 Carrier Is Common ISP 1. Run:
system-view

The system view is displayed. 2. Run:


bgp as-number

The BGP view is displayed. 3. Run:


peer peer-address as-number as-number

The peer PE is specified as the BGP peer. 4. Run:


peer peer-address connect-interface loopback interface-number

The interface on which the TCP connection is set up is specified. 5. (Optional)Run:


peer peer-address ebgp-max-hop [ hop-count ]

The maximum hop of the EBGP connection is configured. This step is needed when the Level 2 carrier PEs are EBGP peers of each other. l Level 2 Carrier Provides BGP/MPLS IP VPN Services 1. Run:
system-view

The system view is displayed. 2. Run:


bgp as-number

The BGP view is displayed. 3. Run:


peer peer-address as-number as-number

The peer PE is specified as the BGP peer. 4. Run:


peer peer-address connect-interface loopback interface-number

The interface on which the TCP connection is set up is specified. 5. (Optional)Run:


peer peer-address ebgp-max-hop [ hop-count ]

The maximum hop of the EBGP connection is configured. This step is needed when the Level 2 carrier PEs are MP-EBGP peers of each other. 6.
Issue 03 (2008-09-22)

Run:
Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd. 3-49

3 BGP/MPLS IP VPN Configuration


ipv4-family vpnv4 [ unicast ]

Quidway NetEngine80E/40E Core Router Configuration Guide - VPN

The BGP IPv4 VPN address family is displayed. 7. Run:


peer peer-address enable

The exchange of the IPv4 VPN routes with the peer is enabled. ----End

3.8.6 Checking the Configuration


Run the following commands to check the previous configuration. Action Check the public routing tables on the CEs and PEs of the Level 1 carrier and the Level 2 carrier. Check the private routing tables on the PEs of the Level 1 carrier and the Level 2 carrier. Command display ip routing-table display ip routing-table vpn-instance vpn-instance-name

Run the display ip routing-table command on the PEs and CEs of the Level 1 carrier and the Level 2 carrier. You can view the following:
l

The public routing table of the Level 1 carrier PE contains only the routes of the Level 1 carrier network. The public routing table of the Level 1 carrier CE contains the internal routes instead of the external routes of the Level 2 carrier network. The public routing table of the Level 2 carrier PE contains the internal routes of the Level 2 carrier network. There are routes to the related remote CEs between the Level 2 carrier CEs.

Run the display ip routing-table vpn-instance command on the PEs of the Level 1 carrier and the Level 2 carrier. You can view the following in the private routing table:
l

The VPN routing table of the Level 1 carrier PE contains the internal routes instead of the external routes of the Level 2 carrier network. The VPN routing table of the Level 2 carrier PE contains the external routes of the Level 2 carrier.

3.9 Configuring HoVPN


This section describes how to configure HoVPN. 3.9.1 Establishing the Configuration Task 3.9.2 Specifying UPE 3.9.3 Advertising Default Routes of a VPN Instance 3.9.4 Checking the Configuration
3-50 Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd. Issue 03 (2008-09-22)

Quidway NetEngine80E/40E Core Router Configuration Guide - VPN

3 BGP/MPLS IP VPN Configuration

3.9.1 Establishing the Configuration Task


Applicable Environment
For hierarchical VPN networks, adopt the HoVPN to reduce the requirements for PE devices.

Pre-configuration Tasks
Before configuring HoVPN, complete the task of Configuring Basic BGP/MPLS IP VPN.

Data Preparation
To configure HoVPN, you need the following data. No. 1 2 Data Relationship between UPE and SPE Name of the VPN instance sending default routes to UPE

3.9.2 Specifying UPE


Context
Do as follows on the SPE.

Procedure
Step 1 Run:
system-view

The system view is displayed. Step 2 Run:


bgp as-number

The BGP view is displayed. Step 3 Run:


peer { peer-address | group-name } as-number as-number

The UPE is specified as the BGP peer of the SPE. Step 4 Run:
ipv4-family vpnv4 [ unicast ]

The BGP VPNv4 sub-address family is displayed. Step 5 Run:


peer { peer-address | group-name } enable

The capability of exchanging BGP VPNv4 routing information with the peer is enabled.
Issue 03 (2008-09-22) Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd. 3-51

3 BGP/MPLS IP VPN Configuration

Quidway NetEngine80E/40E Core Router Configuration Guide - VPN

Step 6 Run:
peer { peer-address | group-name } upe

The peer is specified as the UPE of the SPE. ----End

3.9.3 Advertising Default Routes of a VPN Instance


Context
Do as follows on the SPE.

Procedure
Step 1 Run:
system-view

The system view is displayed. Step 2 Run:


bgp as-number

The BGP view is displayed. Step 3 Run:


ipv4-family vpnv4

The BGP-VPNv4 sub-address family view is displayed. Step 4 Run:


peer { peer-address | group-name } default-originate vpn-instance vpn-instance-name

The default routes of a specified VPN instance are advertised to the UPE. After running the peer default-originate vpn-instance command, the SPE advertises a default route to the UPE with its local address as the next hop, regardless of whether there is a default route in the local routing table or not. After the peer default-originate vpn-instance command is configured in the BGP-VPNv4 subaddress family view, the router does not advertise the default route to the BGP VPNv4 peer if the default-route imported command is configured in the BGP-VPN instance view, however, no IGP default route is imported. If the peer default-originate vpn-instance command is configured in the BGP-VPNv4 subaddress family view, and then the default-route imported command is configured in the BGPVPN instance view, the peer default-originate vpn-instance command can take effect, however, the default-route imported command cannot take effect. ----End

3.9.4 Checking the Configuration


Run the following command to check the previous configuration.
3-52 Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd. Issue 03 (2008-09-22)

Quidway NetEngine80E/40E Core Router Configuration Guide - VPN

3 BGP/MPLS IP VPN Configuration

Action Check the routing table on the CE.

Command display ip routing-table

Run the display ip routing-table on the CE connected with the UPE. You can find that there is a default route whose next hop is UPE. And there is no route to the network segment where the peer CE resides.

3.10 Configuring OSPF Sham Link


This section describes how to configure OSPF sham link. 3.10.1 Establishing the Configuration Task 3.10.2 Configuring the Loopback Address of the Sham Link 3.10.3 Advertising Routes of End Address of the Sham Link 3.10.4 Creating a Sham Link 3.10.5 Checking the Configuration

3.10.1 Establishing the Configuration Task


Applicable Environment
The sham link is considered as an OSPF intra-area route. It is used to ensure that the traffic is transmitted over the backbone instead of the backdoor link between the two CEs. The source and destination addresses of the sham link should use loopback interface addresses with 32-bit masks. Besides, this loopback interface must be bound to the VPN instances and be advertised through the BGP.

Pre-configuration Tasks
Before configuring the OSPF sham link, you need to complete the following tasks:
l l

Configuring Basic BGP/MPLS IP VPN ( OSPF between the PE and the CE) Configuring OSPF in the LAN where the CEs reside

Data Preparation
To configure the OSPF sham link, you need the following data. No. 1 2
Issue 03 (2008-09-22)

Data Number and address of the loopback interfaces that serve as the ends of sham link Name of the VPN instance
Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd. 3-53

3 BGP/MPLS IP VPN Configuration

Quidway NetEngine80E/40E Core Router Configuration Guide - VPN

No. 3 4 5

Data Process number of OSPF instance on PE for CEs Local AS number Metric used in sham link and other link parameters

3.10.2 Configuring the Loopback Address of the Sham Link


Context
Do as follows on the PEs of the two ends of the sham link.

Procedure
Step 1 Run:
system-view

The system view is displayed. Step 2 Run:


interface loopback interface-number

A loopback interface is created and the loopback interface view is displayed. A sham link of each VPN instance must have an end interface address that is an address of the loopback interface. The address has a 32-bit mask. Multiple sham links of a OSPF process can share the same address. The end addresses of two sham links of different OSPF processes must be different. Step 3 Run:
ip binding vpn-instance vpn-instance-name

The loopback interface is bound to the VPN instance. Step 4 Run:


ip address ip-address { mask | mask-length }

The address of the loopback interface is configured. ----End

3.10.3 Advertising Routes of End Address of the Sham Link


Context
Do as follows on the PEs of the two ends of the sham link.

Procedure
Step 1 Run:
3-54 Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd. Issue 03 (2008-09-22)

Quidway NetEngine80E/40E Core Router Configuration Guide - VPN


system-view

3 BGP/MPLS IP VPN Configuration

The system view is displayed. Step 2 Run:


bgp as-number

The BGP view is displayed. Step 3 Run:


ipv4-family vpn-instance vpn-instance-name

The BGP-VPNv4 instance view is displayed. Step 4 Run:


import-route direct

The direct route is imported. That is, the route of the end address is imported into BGP. BGP advertises the end address of the sham link as the VPN-IPv4 address. ----End

3.10.4 Creating a Sham Link


Context
Do as follows on the PEs of the two ends of the sham link.

Procedure
Step 1 Run:
system-view

The system view is displayed. Step 2 Run:


ospf process-id [ router-id router-id ] vpn-instance vpn-instance-name

The OSPF view is displayed. Step 3 Run:


area area-id

The OSPF area view is displayed. Step 4 Run:


sham-link source-ip-address destination-ip-address [ cost cost | dead deadinterval | hello hello-interval | retransmit retransmit-interval | trans-delay trans-delay-interval ] * [ authentication-null | { simple | { md5 | hmac-md5 } keyid } [ cipher | plain ] password ]

The sham link is configured. By default,


l l

The interface cost of the sham link, namely, cost is 1. The invalid interval of the sham link, namely,dead-interval is 40 seconds.
Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd. 3-55

Issue 03 (2008-09-22)

3 BGP/MPLS IP VPN Configuration


l l l

Quidway NetEngine80E/40E Core Router Configuration Guide - VPN

Interval for sending Hello packets, namely, hello-interval, is 10 seconds. Interval for retransmitting LSA packets, namely, retransmit-interval, is 5 seconds. Delay for sending LSA packets, namely, trans-delay-interval, is 1 second.

The authentication mode on the two ends of the sham link must be the same. If the packet authentication is supported, only the OSPF packets that pass the authentication can be received. If the authentication fails, the neighbor relationship cannot be set up. If the plain text, namely, simple is used, the authenticator type is plain by default. If the MD5 algorithm or HMAC-MD5 algorithm, namely, md5 | hmac-md5 is used, the authenticator type is cipher by default. ----End

3.10.5 Checking the Configuration


Run the following commands to check the previous configuration. Action Check the routing table of the specified VPN instance on the PE. Check the routing table on the CE. On the CE, check the path of the data transmitted to the peer CE. Check the setup state of the sham-link on the PE. Check the routes discovered by OSPF on the CE. Command display ip routing-table vpn-instance vpninstance-name display ip routing-table tracert dest-ip-address display ospf process-id sham-link [ area areaid ] display ospf routing

Run the display ip routing-table vpn-instance command. You can find the routes from the PE to the peer CE is the OSPF routes that pass through the user network rather than the BGP routes that pass through the backbone network. Run the display ip routing-table and the tracert commands on the CE. You can find the VPN traffic from the CE to the peer is forwarded through the backbone network. Run the display ospf process-id sham-link command on the PE. You can find the OSPF neighbor status between the PE and the peer CE is Full. Run the display ospf routing on the CE. You can find the routes from the CE to the peer CE is learned as the intra-area routes.

3.11 Configuring Multi-VPN-Instance CE


This section describes how to configure multi-VPN-instance CE. 3.11.1 Establishing the Configuration Task
3-56 Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd. Issue 03 (2008-09-22)

Quidway NetEngine80E/40E Core Router Configuration Guide - VPN

3 BGP/MPLS IP VPN Configuration

3.11.2 Configuring the OSPF Multi-Instance on the PE 3.11.3 Configuring the OSPF Multi-Instance on the Multi-Instance CE 3.11.4 Canceling the Loop Detection on the Multi-Instance CE 3.11.5 Checking the Configuration

3.11.1 Establishing the Configuration Task


Applicable Environment
The multi-VPN-instance CE is used in the LAN. You can implement service isolation through the multiple OSPF instances on the CE devices. One OSPF process can belong to only one VPN instance but one VPN instance can run several OSPF processes.

Pre-configuration Tasks
Before configuring the multi-VPN-instance CE, complete the following tasks:
l

Configuring VPN Instances on the multi-instance CE and the PE that the CE accesses (each service with a VPN instance) Configuring the link layer protocol and network layer protocol for LAN interfaces and connecting LAN with the multi-instance CE (each service using an interface to access the multi-instance CE) Binding related VPN instances with the interfaces of the multi-instance CE and PE interfaces through which the PE accesses the multi-instance and configuring IP addresses for those interfaces

Data Preparation
To configure multi-VPN-instance CE, you need the following data. No. 1 2 3 Data Names of the VPN instances corresponding with the OSPF processes used by each service OSPF process number and Router ID used by each service Routes advertised by each OSPF process

3.11.2 Configuring the OSPF Multi-Instance on the PE


Context
Do as follows on the PE that the multi-instance CE accesses.
Issue 03 (2008-09-22) Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd. 3-57

3 BGP/MPLS IP VPN Configuration

Quidway NetEngine80E/40E Core Router Configuration Guide - VPN

Procedure
Step 1 Run:
system-view

The system view is displayed. Step 2 Run:


ospf process-id [ router-id router-id ] vpn-instance vpn-instance-name

The OSPF multi-instance is configured. Different services have different OSPF process IDs. However, router IDs of different services can be either the same or not. Step 3 Run:
area area-id

The OSPF area view is displayed. Step 4 Run:


network ip-address wildcard-mask

The IP address of the interface connected to the multi-instance CE is advertised. Step 5 Run:
quit

Return to the OSPF Step 6 Run:


import-route bgp

The BGP route is imported. Step 7 Run:


quit

Return to the system view. Step 8 Run:


bgp as-number

The BGP view is displayed. Step 9 Run:


ipv4-family vpn-instance vpn-instance-name

The BGP-VPN instance view is displayed. Step 10 Run:


import-route ospf process-id

The OSPF multi-instance route is imported. ----End

3.11.3 Configuring the OSPF Multi-Instance on the Multi-Instance CE


3-58 Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd. Issue 03 (2008-09-22)

Quidway NetEngine80E/40E Core Router Configuration Guide - VPN

3 BGP/MPLS IP VPN Configuration

Context
Do as follows on the multi-instance CE.

Procedure
Step 1 Run:
system-view

The system view is displayed. Step 2 Run:


ospf process-id [ router-id router-id ] vpn-instance vpn-instance-name

The OSPF multi-instance is configured. The OSPF process ID corresponds to that of the PE. Step 3 Run:
area area-id

The OSPF area view is displayed. Step 4 Run:


network ip-address wildcard-mask

The IP address of the interface connected the PE is advertised. ----End

3.11.4 Canceling the Loop Detection on the Multi-Instance CE


Context
Do as follows on the PE.

Procedure
Step 1 Run:
system-view

The system view is displayed. Step 2 Run:


ospf process-id [ router-id router-id ] vpn-instance vpn-instance-name

The OSPF view is displayed. Step 3 Run:


vpn-instance-capability simple

The loop detection is not performed. ----End

3.11.5 Checking the Configuration


Issue 03 (2008-09-22) Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd. 3-59

3 BGP/MPLS IP VPN Configuration

Quidway NetEngine80E/40E Core Router Configuration Guide - VPN

Run the following command to check the previous configuration. Action Check the VPN routing table on the multi-instance CE. Command display ip routing-table vpn-instance vpn-instancename [ verbose ]

Run the display ip routing-table vpn-instance command on the multi-instance CE to check the VPN routing table. If there are routes to the LAN and the remote nodes for each service, it means the configuration succeeds.

3.12 Configuring PBR to VPN


This section describes how to configure PBR to VPN. 3.12.1 Establishing the Configuration Task 3.12.2 Creating a VPN Group 3.12.3 Setting a Traffic Behavior for the Unicast Policy-based Route 3.12.4 Applying the Policy-based Route 3.12.5 Configuring the Route for Returned IP Packets 3.12.6 Checking the Configuration

3.12.1 Establishing the Configuration Task


Applicable Environment
On the same site, if some users need to access multiple VPNs, whereas others need not, you can implement PBR to VPN.As shown in Figure 3-3, you can configure PBR to VPN on the ingress PE. In this manner, PC can access VPN 1 and VPN 2, whereas other hosts connected to CE1 cannot. Figure 3-3 Networking diagram of applying PBR to VPN
100.1.1.0/24 CE2 VPN1 Static-Route PE1 (Ingress PE) Backbone 200.1.1.0/24 VPN1 PC Policy-Based Routing PE3 CE3 VPN2 PE2

CE1

3-60

Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd.

Issue 03 (2008-09-22)

Quidway NetEngine80E/40E Core Router Configuration Guide - VPN

3 BGP/MPLS IP VPN Configuration

Pre-configuration Tasks
Before configuring PBR to VPN, complete the following tasks:
l

Connecting the interfaces, configuring physical parameters for the interfaces, and ensuring that the physical status of the interfaces is Up Configuring basic BGP/MPLS IP VPN Defining the complex traffic classification based on information about Layer 2, Layer 3, and Layer 4
NOTE

l l

For details on the configuration of the complex traffic classification, refer to the Quidway NetEngine80E/ 40E Router Configuration Guide QoS.

Data Preparation
To configure PBR to VPN, you need the following data. No. 1 2 3 4 5 6 Data Name of the VPN instance corresponding with the private network routing table available to the packets Name of a traffic class, ACL number, DSCP value, 802.1p priority, and TCP flag value Name of a traffic behavior Name of a traffic policy VPN group number to which packets are redirected in the policy Number of the interface that the policy-based route is applied to

3.12.2 Creating a VPN Group


Context
Do as follows on the ingress PE.

Procedure
Step 1 Run:
system-view

The system view is displayed. Step 2 Run:


vpn-group vpn-group-name [ vpn-instance vpn-name [ vpn-name ] &<1-8> ]

A VPN group is created.


Issue 03 (2008-09-22) Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd. 3-61

3 BGP/MPLS IP VPN Configuration


NOTE

Quidway NetEngine80E/40E Core Router Configuration Guide - VPN

l l

The VPN instances added to a VPN group must exist.A VPN instance can be added to different VPN groups. The VPN instances in a VPN group are arranged in the configuration sequence. If vpn-instance is not used, a VPN group with no VPN instances is created.If a VPN group exists, when you use the vpn-group command to re-add the existing VPN instances to the VPN group, the VPN instances remain in the previous sequence.

----End

3.12.3 Setting a Traffic Behavior for the Unicast Policy-based Route


Context
Do as follows on the ingress PE.

Procedure
Step 1 Run:
system-view

The system view is displayed. Step 2 Run:


traffic behavior behavior-name

A traffic behavior is set and its view is displayed. Step 3 Run:


redirect vpn-group vpn-group-name

The packets are redirected to the specific VPN group. ----End

3.12.4 Applying the Policy-based Route


Context
Do as follows on the ingress PE.

Procedure
Step 1 Run:
system-view

The system view is displayed. Step 2 Run:


traffic policy policy-name

A traffic policy is set and its view is displayed. Step 3 Run:


classifier class-name behavior behavior-name

3-62

Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd.

Issue 03 (2008-09-22)

Quidway NetEngine80E/40E Core Router Configuration Guide - VPN

3 BGP/MPLS IP VPN Configuration

The traffic behavior is associated with the traffic class. In the traffic policy view, each class can be associated with only one traffic behavior. To associate a traffic class with multiple traffic behaviors, you can add multiple actions to the traffic behavior. Step 4 Run:
quit

The command line interface (CLI) returns to the system view. Step 5 Run:
interface interface-type interface-number

The view of the AC interface on the ingress PE is displayed. Step 6 Run:


traffic-policy policy-name inbound

The associated policy is applied on the interface. Step 7 Run:


undo shutdown

The interface is started. Step 8 Run:


quit

The CLI returns to the system view. Step 9 Run:


commit traffic policy

The traffic policy is valid. ----End

3.12.5 Configuring the Route for Returned IP Packets


Context
Do as follows on the ingress PE.

Procedure
Step 1 Run:
system-view

The system view is displayed. Step 2 Run:


ip route-static vpn-instance vpn-instance-name dest-ip-address { mask | masklength } { vpn-instance vpn-destination-name nexthop-address | nexthop-address public}

The static route is configured. You can configure a private network static route on a PE, and specify the export of another private network or public network as the export of this static route. Thus, the packets from user accessing some VPN can return, based on the routing table, which does not belong to this VPN.
Issue 03 (2008-09-22) Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd. 3-63

3 BGP/MPLS IP VPN Configuration

Quidway NetEngine80E/40E Core Router Configuration Guide - VPN

If vpn-instance vpn-destination-name is specified, packets are returned from another VPN. As shown in 3.12.1 Establishing the Configuration Task, the route from PC to VPN 2 is exported from the routing table of VPN 1. In this case, VPN 2 is specified by vpn-instance-name and VPN 1 is specified by vpn-destination-name. If public is specified, route to a VPN is exported through the routing table of a public network. ----End

3.12.6 Checking the Configuration


Run the following commands to check the previous configuration. Action Check information about a VPN group. Check the configuration of a traffic behavior. Check the configuration of a traffic class. Check the association between all traffic classes and traffic behaviors in a traffic policy, or between a specific traffic class and traffic behavior. Check the routing tables of VPNs that a user can access. Check the routing table of a user. Command display vpn-group [ slave | slot slotnumber ] { vpn-group-name | all } display traffic behavior user-defined [ behavior-name ] display traffic classifier user-defined [ classifier-name ] display traffic policy user-defined [ policy-name [ classifier classifiername ] ] display ip routing-table vpn-instance vpn-instance-name display ip routing-table

Run the display vpn-group all command. If all VPN groups of the device are displayed, it means that the configuration succeeds and the VPN groups are set up. Run the display vpn-group vpngroup-name command. You can view the basic information of a VPN group and the sequence of VPN instances in a VPN group.
<Quidway> display vpn-group all vpn-group-number: 2 vpn-group: vg1 vg2 <Quidway> display vpn-group vg1 vpn-group: vg1 vpn-instance: vpna vpnb behavior: b1

Run display traffic behavior command on the ingress PE. You can view the configuration of a traffic behavior and actions in the behavior. Run the display traffic classifier command on the ingress PE. You can view the configuration of the traffic classification rules.
3-64 Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd. Issue 03 (2008-09-22)

Quidway NetEngine80E/40E Core Router Configuration Guide - VPN

3 BGP/MPLS IP VPN Configuration

Run display traffic policy command on the ingress PE. You can view the association between the traffic class and traffic behavior in a traffic policy. Run the display ip routing-table vpn-instance command on the ingress PE. If the VPN routing table contains the routes to the user network, it means that the configuration succeeds.

3.13 Connecting VPN and the Internet


This section describes how to connect VPN and Internet. 3.13.1 Establishing the Configuration Task 3.13.2 Configuring the Static Route on the CE 3.13.3 Configuring the Static Route on the PE and Import the Static Route to VPN 3.13.4 Configuring the Static Route to VPN on the Device of the Public Network 3.13.5 Checking the Configuration

3.13.1 Establishing the Configuration Task


Applicable Environment
You can enable VPN users to access the Internet, by supplementing certain software configurations in the established VPN network.

Pre-configuration Tasks
Before configuring VPN users to access the Internet, complete the following tasks:
l l

Setting up the VPN network Translating the private network address to the public network address through Network Address Translation (NAT) if the VPN user uses a private network address

Data Preparation
None.

3.13.2 Configuring the Static Route on the CE


Context
Do as follows on the CE.

Procedure
Step 1 Run:
system-view

The system view is displayed.


Issue 03 (2008-09-22) Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd. 3-65

3 BGP/MPLS IP VPN Configuration

Quidway NetEngine80E/40E Core Router Configuration Guide - VPN

Step 2 Run:
ip route-static dest-ip-address { mask | mask-length } { interface-type interfacenumber [ nexthop-address ] | nexthop-address } [ preference value ] [ description text ]

The static route to the public network destination address. dest-ip-address can be the destination address of the public network or 0.0.0.0. If the dest-ipaddress is 0.0.0.0, the static route is also called default route, the mask of which must be 0.0.0.0 or the mask-length of which must be 0. Note that, the out-interface must be the interface connected directly with the PE, and the next-hop is the IP address of the peer PE interface connected directly with the CE. ----End

3.13.3 Configuring the Static Route on the PE and Import the Static Route to VPN
Context
Do as follows on the PE.

Procedure
Step 1 Run:
system-view

The system view is displayed. Step 2 Run:


ip route-static vpn-instance vpn-instance-name destination-address { mask | masklength } nexthop-address public [ preference preference ] [ track bfd session cfgname ] [ description text ]

The static route from the VPN to Internet is configured and the next-hop address is a public network address. ----End

3.13.4 Configuring the Static Route to VPN on the Device of the Public Network
Context
Do as follows on the PE.

Procedure
Step 1 Run:
system-view

The system view is displayed. Step 2 Run:


3-66 Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd. Issue 03 (2008-09-22)

Quidway NetEngine80E/40E Core Router Configuration Guide - VPN

3 BGP/MPLS IP VPN Configuration

ip route-static dest-ip-address { mask | mask-length } { interface-type interfacenumber [ nexthop-address ] | vpn-instance vpn-destination-name nexthop-address | nexthop-address } [ preference value ] [ description text ]

The static route from the public network to the VPN is configured and the next-hop address is a private network address. ----End

3.13.5 Checking the Configuration


Run the following commands to check the preceding configuration. Action View the VPN routing table on the PE. View the routing table on the CE and the destination device in the public network. Command display ip routing-table vpn-instance vpn-instance-name display ip routing-table

Run the display ip routing-table vpn-instance command on the PE, and you can find that the route to the CE and the route to the destination device in the public network exist in the VPN routing table. Run the display ip routing-table command on the CE, and you can find that the CE has the route to the destination device in the public network and the destination device in the public network has the route to the CE. The CE and the destination device in the public network can successfully ping each other.

3.14 Configuring IP FRR of a Private Network


This section describes how to configure IP FRR of a private network. 3.14.1 Establishing the Configuration Task 3.14.2 Configuring a Routing Policy 3.14.3 Enabling IP FRR in a Private Network 3.14.4 Checking the Configuration

3.14.1 Establishing the Configuration Task


Applicable Environment
It is applied to the service sensitive to packet loss or delay in the private network.

Pre-configuration Tasks
Before configuring IP FRR of private network, complete the following tasks:
Issue 03 (2008-09-22) Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd. 3-67

3 BGP/MPLS IP VPN Configuration


l l l

Quidway NetEngine80E/40E Core Router Configuration Guide - VPN

Setting up the VPN network Generating two unequal-cost routes by the routing protocols that binds the VPN instance Configuring the routing policy on the router to achieve internetworking

Data Preparation
To configure the IP FRR of private network, you need the following data. No. 1 2 3 Data Name of the routing policy Name of the VPN instance Backup out-interface and the backup next hop

3.14.2 Configuring a Routing Policy


Context
Do as follows on the router.

Procedure
Step 1 Run:
system-view

The system view is displayed. Step 2 Run:


route-policy route-policy-name { permit | deny } node node

The routing policy node is created and the routing policy view is displayed. Step 3 Run:
apply backup-interface interface-type interface-number

The backup outgoing interface is configured. Step 4 (Optional) Run:


apply backup-nexthop ip-address

The backup next hop is configured. For P2P links, a backup next hop is not necessary. For non-P2P links, a backup next hop is necessary. ----End

3.14.3 Enabling IP FRR in a Private Network


3-68 Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd. Issue 03 (2008-09-22)

Quidway NetEngine80E/40E Core Router Configuration Guide - VPN

3 BGP/MPLS IP VPN Configuration

Context
Do as follows on the router.

Procedure
Step 1 Run:
system-view

The system view is displayed. Step 2 Run:


ip vpn-instance vpn-instance-name

The VPN instance view is displayed. Step 3 Run:


ip frr route-policy route-policy-name

The IP FRR of the private network is enabled. ----End

3.14.4 Checking the Configuration


Run the following commands to check the previous configuration. Action Check the routing policy. Check the information about the backup outgoing interface and the backup next hop. Command display route-policy [ route-policy-name ] display ip routing-table vpn-instance vpninstance-name [ option ] verbose

3.15 Configuring VPN FRR


This section describes how to configure VPN FRR. 3.15.1 Establishing the Configuration Task 3.15.2 Configuring a Routing Policy 3.15.3 Enabling VPN FRR 3.15.4 Checking the Configuration

3.15.1 Establishing the Configuration Task


Applicable Environment
It is applied to the service sensitive to packet loss or delay in the private network.
Issue 03 (2008-09-22) Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd. 3-69

3 BGP/MPLS IP VPN Configuration

Quidway NetEngine80E/40E Core Router Configuration Guide - VPN

Pre-configuration Tasks
Before configuring VPN FRR, complete the following tasks:
l l l l

Configuring the routing protocol on the routers to achieve internetworking Generating two unequal-cost routes by configuring different costs or metrics Setting up the VPN network Creating the IP prefix that matches the Loopback interface of PE

Data Preparation
To configure the VPN FRR, you need the following data. No. 1 2 3 Data Name of the routing policy and the name of the IP prefix Name of the VPN instance Backup out-interface and the backup next hop

3.15.2 Configuring a Routing Policy


Context
Do as follows on the router.

Procedure
Step 1 Run:
system-view

The system view is displayed. Step 2 Run:


route-policy route-policy-name { permit | deny } node node

The routing policy node is created and the routing policy view is displayed. Step 3 (Optional) Run:
apply backup-nexthop { ip-address | auto }

The backup next hop is configured. For a P2P link, the backup next hop need not be configured; for a non-P2P link, the backup next hop must be specified. ----End

3.15.3 Enabling VPN FRR


3-70 Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd. Issue 03 (2008-09-22)

Quidway NetEngine80E/40E Core Router Configuration Guide - VPN

3 BGP/MPLS IP VPN Configuration

Context
Do as follows on the router.

Procedure
Step 1 Run:
system-view

The system view is displayed. Step 2 Run:


ip vpn-instance vpn-instance-name

The VPN instance view is displayed. Step 3 Run:


vpn frr route-policy route-policy-name

The VPN FRR is enabled. ----End

3.15.4 Checking the Configuration


Run the following command to check the previous configuration. Action Check information about the backup next hop, backup tunnel, and backup label. Command display ip routing-table vpn-instance vpninstance-name [ filter-option ] verbose

Run the display ip routing-table vpn-instance verbose command on the PE configured with VPN FRR. If information about the backup next-hop PE, backup tunnel, and label value of the routes is displayed, it means the configuration succeeds. For example, configure the primary next hop and the backup next hop of 10.1.1.0 to be 2.2.2.2 and 3.3.3.3 respectively. The display about the backup next hop, backup tunnel, and backup label is as follows:
<Quidway> display ip routing-table vpn-instance vpn1 10.1.1.0 Routing Table : vpn1 Summary Count : 2 Destination: 10.1.1.0/30 Protocol: BGP Process ID: 0 Preference: 255 Cost: 0 NextHop: 3.3.3.3 Neighbour: 3.3.3.3 State: Inactive Adv GotQ Age: 01h02m04s Tag: 0 Priority: 0 Label: 15363 QoSInfo: 0x0 RelayNextHop: 0.0.0.0 Interface: Pos2/0/0 TunnelID: 0x6002000 Destination: 10.1.1.0/30 Protocol: BGP Process ID: 0 Preference: 255 Cost: 0 NextHop: 2.2.2.2 Neighbour: 2.2.2.2 State: Active Adv GotQ Age: 00h21m57s Tag: 0 Priority: 0 Label: 15362 QoSInfo: 0x0 RelayNextHop: 0.0.0.0 Interface: Pos1/0/0 verbose

Issue 03 (2008-09-22)

Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd.

3-71

3 BGP/MPLS IP VPN Configuration


TunnelID: BkNextHop: BkLabel: BkPETunnelID: 0x6002002 3.3.3.3 15363 0x6002000

Quidway NetEngine80E/40E Core Router Configuration Guide - VPN

BkInterface: SecTunnelID: 0x0 BkPESecTunnelID: 0x0

3.16 Configuring VPN GR


This section describes how to configure VPN GR. 3.16.1 Establishing the Configuration Task 3.16.2 Configuring the IGP GR on the Backbone Network 3.16.3 Configuring the MPLS GR on the Backbone Network 3.16.4 Configuring the GR of the Routing Protocol Between PEs and CEs 3.16.5 Configuring BGP GR for MP-BGP 3.16.6 Checking the Configuration

3.16.1 Establishing the Configuration Task


Applicable Environment
The VPN GR is enabled for the BGP/MPLS IP VPN that needs the GR capability. Configuring VPN GR on the router that undertakes the VPN service can ensure that router keeps forwarding when the router performs the AMB/SMB switchover and the VPN traffic is not broken.
NOTE

The GR capability cannot ensure that the traffic is not broken if the neighboring router performs the AMB/ SMB switchover at the same time.

When configuring VPN GR, you must configure the IGP GR, BGP GR and MPLS LDP GR on the PE, configure the IGP GR and the MPLS LDP GR on the P, and configure the IGP GR or the BGP GR on the CE. If more than one domain is traversed, you must configure the IGP GR, BGP GR and MPLS LDP GR on the ASBR PE.

Pre-configuration Tasks
Before configuring VPN GR, complete the following tasks:
l l

Establishing the VPN environment and configuring the VPN Configuring the common IGP GR (such as the IS-IS GR and the OSPF GR), BGP GR and MPLS LDP GR on PEs and Ps in all related backbone networks to ensure that the backbone network has the GR capability
NOTE

For details of the common IGP GR, BGP GR and MPLS LDP GR, refer to Chapter 3 "HA Configuration" in the NE80E/40E Router Configuration Guide - Reliability.

Data Preparation
To configure VPN GR, you need the following data.
3-72 Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd. Issue 03 (2008-09-22)

Quidway NetEngine80E/40E Core Router Configuration Guide - VPN

3 BGP/MPLS IP VPN Configuration

No. 1 2 3 4 5 6

Data Interval for re-establishing the GR session (by default, it is 300 seconds) if the IS-IS GR is enabled Interval for the GR time if the OSPF GR is enabled (optional) Reconnection time of the MPLS LDP session (by default, it is 300 seconds) Validity period of the MPLS LDP neighbors (by default, it is 600 seconds) Maximum time of restarting the GR Restarter (by default, it is 150 seconds) Time of waiting for the End-of-Rib messages (by default, it is 600 seconds)

3.16.2 Configuring the IGP GR on the Backbone Network


Procedure
l Configuring the IS-IS GR in the Backbone Network If IS-IS is run on the public network routing, do as follows on the related PEs and Ps on the backbone network: 1. Run:
system-view

The system view is displayed. 2. Run:


isis process-id

The IS-IS view is displayed. 3. Run:


graceful-restart

The GR capability of IS-IS is enabled. By default, the GR capability of IS-IS is disabled. 4. Run:
graceful-restart interval timer

The interval for re-establishing the GR session of IS-IS is configured. This step is optional. The interval for re-establishing the GR session of IS-IS is set to the Hold time in the Hello PDU of IS-IS. In this way, the neighbor does not terminate the adjacency relationship with the router when the router performs the AMB/SMB switchover. By default, the interval for re-establishing the GR session of IS-IS is set to 300 seconds. 5. Run:
graceful-restart suppress-sa

The GR Restarter is configured to suppress the advertisement of the adjacency relationship when the GR Restarter is restarting. This step is optional.
Issue 03 (2008-09-22) Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd. 3-73

3 BGP/MPLS IP VPN Configuration

Quidway NetEngine80E/40E Core Router Configuration Guide - VPN

The suppress advertisement (SA) bit is used in the Hello PDUs by a restarting router to request its neighbors to suppress advertising the adjacency to the restarting router in their LSPs. The SA bit is removed once its database synchronization is over. Enabling this feature avoids the black hole effect caused by sending and receiving LSP during the restart process. If the administrator does not want the restarting router to set the SA bit in its Hello PDUs, the administrator can use the undo graceful-restart suppress-sa command to disable setting the SA bit in the Hello PDUs. By default, the SA bit does not take effect. l Configuring the OSPF GR on the Backbone Network If OSPF is run on the public network routing, do as follows on the related PEs and Ps on the backbone network: 1. Run:
system-view

The system view is displayed. 2. Run:


ospf process-id

The OSPF view is displayed. 3. Run:


enable link-local-signaling

The local link signaling capability of OSPF is enabled. 4. Run:


enable out-of-band-resynchronization

The out-of-band synchronization capability of OSPF is enabled. 5. Perform the following as required:

To enable the GR capability of OSPF, run:


graceful-restart

To enable the GR Help capability of OSPF and configure the interval at which the Restarter performs the GR, run:
graceful-restart help { ip-prefix prefix-list | acl-number }

It is suggested to enable the GR capability of OSPF on all the related PEs and Ps on the backbone network. By default, the GR capability of OSPF and the GR Help capability of OSPF are disabled. ----End

3.16.3 Configuring the MPLS GR on the Backbone Network


Context
If you use an LDP LSP tunnel, you need configure MPLS LDP GR. If you use an RSVP-TE tunnel, you need configure MPLS RSVP GR. If you use another type of tunnel, you need not perform this step.
3-74 Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd. Issue 03 (2008-09-22)

Quidway NetEngine80E/40E Core Router Configuration Guide - VPN

3 BGP/MPLS IP VPN Configuration

Procedure
l Configure MPLS LDP GR. 1. Run:
system-view

The system view is displayed. 2. Run:


mpls ldp

The MPLS LDP view is displayed. 3. Run:


graceful-restart

The GR capability of MPLS LDP is enabled. 4. (Optional) Run:


graceful-restart timer reconnect timer

The reconnection period of the MPLS LDP session is configured. By default, the reconnection period is set to 300 seconds. 5. (Optional) Run:
graceful-restart timer neighbor-liveness timer

The validity period of MPLS LDP neighbors is configured. By default, the validity period of MPLS LDP neighbors is 600 seconds. 6. Run:
graceful-restart timer recovery timer

The MPLS LDP recovery period is configured. By default, the MPLS LDP recovery period is 300 seconds.
NOTE

When the GR capability of MPLS LDP is enabled or the GR parameters are modified, the LDP session is reestablished.

Configure RSVP GR. 1. Run:


system-view

The system view is displayed. 2. Run:


mpls

The MPLS view is displayed. 3. Run:


mpls rsvp-te

The RSVP TE is enabled. 4. Run:


mpls rsvp-te hello

The RSVP Hello extension of the local node is enabled. 5.


Issue 03 (2008-09-22)

Run:
Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd. 3-75

3 BGP/MPLS IP VPN Configuration


mpls rsvp-te hello full-gr

Quidway NetEngine80E/40E Core Router Configuration Guide - VPN

The GR capability of RSVP TE is enabled. In addition, the GR capability of the peer is also supported. By default, the GR capability of RSVP TE is disabled. 6. Run:
mpls rsvp-te hello support-peer-gr

The GR capability of the peer is supported by RSVP TE. 7. (Optional) Run:


mpls rsvp-te hello [ nodeid-session ip-address ]

The Hello session is established between nodes of RSVP TE enabled with GR capability. ----End

3.16.4 Configuring the GR of the Routing Protocol Between PEs and CEs
Procedure
l Configuring the GR of the IS-IS Multi-instance Between PEs and CEs Do as follows if IS-IS is run between the PE and the CE: 1. Run:
system-view

The system view is displayed. 2. Run:


isis process-id vpn-instance vpn-instance-name

The IS-IS multi-instance view is displayed. 3. Run:


graceful-restart

The GR capability of IS-IS is enabled. By default, the GR capability of IS-IS is disabled. 4. Run:
graceful-restart interval timer

The interval for re-establishing the GR session of IS-IS is configured. (Optional) The interval for re-establishing the GR session of IS-IS is set to the Hold time in the Hello PDU of IS-IS. In this way, the neighbor does not terminate the adjacency relationship with the router when the router performs the AMB/SMB switchover. By default, the interval for re-establishing the GR session of IS-IS is set to 300 seconds. 5. Run:
graceful-restart suppress-sa

The GR Restarter is configured to suppress the advertisement of the adjacency relationship when the GR Restarter is restarting. (Optional)
3-76 Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd. Issue 03 (2008-09-22)

Quidway NetEngine80E/40E Core Router Configuration Guide - VPN

3 BGP/MPLS IP VPN Configuration

The suppress advertisement (SA) bit is used in the Hello PDUs by a restarting router to request its neighbors to suppress advertising the adjacency to the restarting router in their LSPs. The SA bit is removed once its database synchronization is over. Enabling this feature avoids the black hole effect caused by sending and receiving LSP during the restart process. If the administrator does not want the restarting router to set the SA bit in its Hello PDUs, the administrator can use the undo graceful-restart suppress-sa command to disable setting the SA bit in the Hello PDUs. By default, the SA bit does not take effect. l Configuring the GR of the OSPF Multi-instance Between PEs and CES Do as follows if OSPF is run between the PE and the CE: 1. Run:
system-view

The system view is displayed. 2. Run:


ospf process-id vpn-instance vpn-instance-name

The OSPF multi-instance view is displayed. 3. Run:


enable link-local-signaling

The local link signaling capability of OSPF is enabled. 4. Run:


enable out-of-band-resynchronization

The out-of-band synchronization of OSPF is enabled. 5. Run:


graceful-restart

The GR capability of OSPF is enabled. 6. Perform the following as required:

To enable the GR capability of OSPF, run:


graceful-restart

To enable the GR Help capability of OSPF and configure the interval at which the Restarter performs the GR, run:
graceful-restart help { ip-prefix prefix-list | acl-number }

It is suggested to enable the GR capability of OSPF on all the related PEs and Ps on the backbone network. By default, the local link signaling capability, the out-of-band capability, the GR Help capability and the GR capability of OSPF are all disabled. l Configuring BGP GR Between PEs and CEs Do as follows on the PE and CE if EBGP is run between the PE and the CE: 1. Run:
system-view

The system view is displayed.


Issue 03 (2008-09-22) Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd. 3-77

3 BGP/MPLS IP VPN Configuration

Quidway NetEngine80E/40E Core Router Configuration Guide - VPN

2.

Run:
bgp as-number

The BGP view is displayed. 3. Run:


graceful-restart

The GR capability of BGP is enabled. 4. Run:


graceful-restart timer restart timer

The maximum time for restarting the GR Restarter is configured. (Optional) After the Receiving Speaker detects that the GR session is interrupted, it waits for the configured reconnection time to re-establish the session. By default, the restart time is set to 150 seconds. 5. Run:
graceful-restart timer wait-for-rib timer

The time of waiting for the End-of-RIB message is configured. (Optional) By default, the GR capability of BGP is disabled and the default time of waiting for End-of-RIB is 600 seconds. ----End

3.16.5 Configuring BGP GR for MP-BGP


Context
Configure the BGP GR for MP-BGP on all the PEs (including the PE that acts as the ASBR) and the RRs that reflect the VPNv4 route, unless the BGP GR has been configured for MP-BGP in Configuring BGP GR Between PEs and CEs. The process for configuring the BGP GR for MP-BGP is the same as that of configuring the GR in the common BGP. For the detailed configuration, refer to Configuring BGP GR Between PEs and CEs.

3.16.6 Checking the Configuration


Run the following commands to check the previous configuration. Action Check the status of the OSPF GR Check the status of the IS-IS GR Command display ospf brief display isis graceful-restart status [ level-1 | level-2 ] [ process-id | vpn-instance vpninstance-name ] display bgp peer verbose

Check the status of the BGP GR

3-78

Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd.

Issue 03 (2008-09-22)

Quidway NetEngine80E/40E Core Router Configuration Guide - VPN

3 BGP/MPLS IP VPN Configuration

3.17 Configuring Route Reflection to Optimize the VPN Backbone Layer


This section describes how to configure route reflection to optimize the VPN backbone layer. 3.17.1 Establishing the Configuration Task 3.17.2 Configuring the Client PEs to Establish MP IBGP Connections with the RR 3.17.3 Configuring the RR to Establish MP IBGP Connections with the Client PEs 3.17.4 Configuring Route Reflection for BGP IPv4 VPN routes 3.17.5 Checking the Configuration

3.17.1 Establishing the Configuration Task


Applicable Environment
The BGP speaker does not advertise the routes learned from IBGP devices to its IBGP peers. To make a PE advertise the routes of the VPN that the PE accesses to the BGP VPNv4 peers in the same AS, the PE must establish IBGP connections with all peers to directly exchange VPN routing information. That is, MP IBGP peers must establish full connections between each other. Suppose there are n PEs (including ASBR PEs) in an AS, n (n-1)/2 MP IBGP connections need to be established. A large number of IBGP peers consume a great amount of network resources. The Route Reflector (RR) can solve this problem. In an AS, one router can be configured as the RR to reflect VPNv4 routes and the other PEs and ASBR PEs serve as the clients, which are called Client PEs. An RR can be a P, PE, ASBR PE, or a router of other types. The introduction of the RR reduces the number of MP IBGP connections. This lightens the burden of PEs and facilitates network maintenance and management.

Pre-configuration Tasks
Before configuring route reflection to optimize the VPN backbone layer, complete the following tasks:
l

Configuring the routing protocol for the MPLS backbone network to implement IP interworking between routers in the backbone network Establishing tunnels (LSPs, GRE tunnels, or MPLS TE tunnels) between the RR and all Client PEs

Data Preparation
To configure the BGP VPNv4 route reflection, you need the following data. No. 1
Issue 03 (2008-09-22)

Data Local AS number and peer AS number


Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd. 3-79

3 BGP/MPLS IP VPN Configuration

Quidway NetEngine80E/40E Core Router Configuration Guide - VPN

No. 2 3

Data Type and number of the interfaces used to set up the TCP connection IP address of the peer

3.17.2 Configuring the Client PEs to Establish MP IBGP Connections with the RR
Context
Do as follows on all Client PEs:

Procedure
Step 1 Run:
system-view

The system view is displayed. Step 2 Run:


bgp as-number

The BGP view is displayed. Step 3 Run:


peer peer-ipv4-address as-number as-number

The RR is specified as the BGP peer. Step 4 Run:


peer peer-ipv4-address connect-interface interface-type interface-number

The interface is specified as an interface to establish the TCP connection. The IP address of the interface must be the same as the MPLS LSR ID. It is recommended to specify a loopback interface to establish the TCP connection. Step 5 Run:
ipv4-family vpnv4

The BGP VPNv4 address family view is displayed. Step 6 Run:


peer peer-ipv4-address enable

The capability of exchanging VPNv4 routes between the PE and the RR is enabled. ----End

3.17.3 Configuring the RR to Establish MP IBGP Connections with the Client PEs
3-80 Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd. Issue 03 (2008-09-22)

Quidway NetEngine80E/40E Core Router Configuration Guide - VPN

3 BGP/MPLS IP VPN Configuration

Context
Do as follows on the RR:

Procedure
l Configuring the RR to Establish MP IBGP Connections with the Peer Group 1. Run:
system-view

The system view is displayed. 2. Run:


bgp as-number

The BGP view is displayed. 3. Run:


group group-name [ internal ]

An IBGP peer group is created. 4. Run:


peer ip-address group group-name

The peer is added to the peer group. 5. Run:


peer group-name connect-interface interface-type interface-number

The interface is specified as an interface to establish the TCP connection. The IP address of the interface must be the same as the MPLS LSR ID. It is recommended to specify a loopback interface to establish the TCP connection. 6. Run:
ipv4-family vpnv4

The BGP VPNv4 address family view is displayed. 7. Run:


peer group-name enable

The capability of exchanging IPv4 VPN routes between the RR and the peer group is enabled. 8. Run:
peer ip-address group group-name

The peer is added to the peer group. l Configuring the RR to Establish an MP IBGP Connection with Each Client PE 1. Run:
system-view

The system view is displayed. 2. Run:


bgp as-number

The BGP view is displayed. 3. Run:


peer peer-ipv4-address as-number as-number

Issue 03 (2008-09-22)

Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd.

3-81

3 BGP/MPLS IP VPN Configuration

Quidway NetEngine80E/40E Core Router Configuration Guide - VPN

The Client PE is specified as the BGP peer. 4. Run:


peer peer-ipv4-address connect-interface interface-type interface-number

The interface is specified as an interface to establish the TCP connection. The IP address of the interface must be the same as the MPLS LSR ID. It is recommended to specify a loopback interface to establish the TCP connection. 5. Run:
ipv4-family vpnv4

The BGP VPNv4 address family view is displayed. 6. Run:


peer peer-ipv4-address enable

The capability of exchanging VPNv4 routes between the RR and the Client PE is enabled. ----End

3.17.4 Configuring Route Reflection for BGP IPv4 VPN routes


Context
Do as follows on the RR:

Procedure
Step 1 Run:
system-view

The system view is displayed. Step 2 Run:


bgp as-number

The BGP view is displayed. Step 3 Run:


ipv4-family vpnv4

The BGP VPNv4 address family view is displayed. Step 4 Enable route reflection for BGP VPNv4 routes on the RR.
l

Run the peer { group-name | peer-ipv4-address } reflect-client command to enable route reflection if the RR establishes the MP IBGP connection with the peer group consisting of Client PEs. Run the peer peer-ipv4-address reflect-client command repeatedly to enable route reflection if the RR establishes the MP IBGP connection with each PE rather than peer group.

Step 5 Run:
undo policy vpn-target

The filtering of VPNv4 routes based on the VPN target is disabled.


3-82 Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd. Issue 03 (2008-09-22)

Quidway NetEngine80E/40E Core Router Configuration Guide - VPN

3 BGP/MPLS IP VPN Configuration

Step 6 (Optional) Run:


rr-filter extended-list-number

The reflection policy is configured for the RR. ----End

3.17.5 Checking the Configuration


Run the following commands to check the preceding configuration. Action View information about the BGP VPNv4 peer on the RR or the Client PEs. View information about the routes received from the peer or the routes advertised to the peer on the RR or the Client PEs. View information about the VPNv4 peer group on the RR. Command display bgp vpnv4 all peer [ [ ipv4-address ] verbose ] display bgp vpnv4 all routing-table peer peer-ipv4address { advertised-routes | received-routes } [ statistics ] display bgp vpnv4 all group [ group-name ]

If the configurations succeed,


l

You can find that the status of the MP IBGP connections between the RR and all Client PEs is "Established" after running the display bgp vpnv4 all peer command on the RR or Client PEs. You can find that the RR and each Client PE can receive and send VPNv4 routing information between each other after running the display bgp vpnv4 all routing-table peer command on the RR or the Client PEs. If the peer group is configured, you can view information about the group members and find that the status of the BGP connections between the RR and the group members is "Established" after running the display bgp vpnv4 all group command on the RR.

3.18 Configuring Route Reflection to Optimize the VPN Access Layer


This section describes how to configure route reflection to optimize the VPN access layer. 3.18.1 Establishing the Configuration Task 3.18.2 Configuring All Client CEs to Establish IBGP Connections with the RR 3.18.3 Configuring the RR to Establish MP IBGP Connections with All Client CEs 3.18.4 Configuring Route Reflection for the Routes of the BGP VPN Instance 3.18.5 Checking the Configuration
Issue 03 (2008-09-22) Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd. 3-83

3 BGP/MPLS IP VPN Configuration

Quidway NetEngine80E/40E Core Router Configuration Guide - VPN

3.18.1 Establishing the Configuration Task


Applicable Environment
If a PE and multiple CEs accessing the PE are located in the same AS, to reduce the IBGP connections between the CEs, the PE can be configured as an RR to reflect the routes of the VPN instance, and the CEs can be configured as clients, which are called Client CEs. This simplifies and facilitates network maintenance and management.

Pre-configuration Tasks
Before configuring route reflection to optimize the VPN access layer, configure a routing protocol for the MPLS backbone network to implement IP interworking between the routers in the backbone network.

Data Preparation
Before configuring route reflection to optimize the VPN access layer, you need the following data. No. 1 2 3 Data Local AS number and peer AS number Type and number of the interfaces used to set up the TCP connection IP address of the peer

3.18.2 Configuring All Client CEs to Establish IBGP Connections with the RR
Context
Do as follows on all Client CEs:

Procedure
Step 1 Run:
system-view

The system view is displayed. Step 2 Run:


bgp as-number

The BGP view is displayed. Step 3 Run:


peer peer-ipv4-address as-number as-number

3-84

Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd.

Issue 03 (2008-09-22)

Quidway NetEngine80E/40E Core Router Configuration Guide - VPN

3 BGP/MPLS IP VPN Configuration

The RR is specified as the BGP peer. Step 4 Run:


peer peer-ipv4-address connect-interface interface-type interface-number

The interface is specified as an interface to establish the TCP connection. The IP address of the interface must be the same as the MPLS LSR ID. It is recommended to specify a loopback interface to establish the TCP connection. Step 5 Run:
ipv4-family unicast

The BGP IPv4 address family view is displayed. Step 6 Run:


peer peer-ipv4-address enable

The capability of exchanging BGP IPv4 routes between the Client CE and the RR is enabled. ----End

3.18.3 Configuring the RR to Establish MP IBGP Connections with All Client CEs
Context
Do as follows on the RR:

Procedure
l Establishing the MP IBGP Connection with the Peer Group 1. Run:
system-view

The system view is displayed. 2. Run:


bgp as-number

The BGP view is displayed. 3. Run:


group group-name [ internal ]

An IBGP peer group is created. 4. Run:


peer ip-address group group-name

The peer is added to the peer group. 5. Run:


peer group-name connect-interface interface-type interface-number

The interface is specified as an interface to establish the TCP connection. The IP address of the interface must be the same as the MPLS LSR ID. It is recommended to specify a loopback interface to establish the TCP connection.
Issue 03 (2008-09-22) Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd. 3-85

3 BGP/MPLS IP VPN Configuration

Quidway NetEngine80E/40E Core Router Configuration Guide - VPN

6.

Run:
ipv4-family vpn-instance vpn-instance-name

The BGP VPN instance view is displayed. 7. Run:


peer group-name as-number as-number

The peer group of the BGP IPv4 VPN instance is configured. 8. Run:
peer ip-address group group-name

The peer is added to the peer group. l Establishing the MP IBGP Connection with Each Peer Perform Step 1 to Step 6 repeatedly on the RR to establish MP IBGP connections with all Client CEs. 1. Run:
system-view

The system view is displayed. 2. Run:


bgp as-number

The BGP view is displayed. 3. Run:


peer peer-ipv4-address as-number as-number

The Client CE is specified as the BGP peer. 4. Run:


peer peer-ipv4-address connect-interface interface-type interface-number

The interface is specified as an interface to establish the TCP connection. The IP address of the interface must be the same as the MPLS LSR ID. It is recommended to specify a loopback interface to establish the TCP connection. 5. Run:
ipv4-family vpn-instance vpn-instance-name

The BGP VPN instance view is displayed. 6. Run:


peer peer-ipv4-address as-number as-number

The peer of the BGP IPv4 VPN instance is configured. ----End

3.18.4 Configuring Route Reflection for the Routes of the BGP VPN Instance
Context
Do as follows on the RR:
3-86 Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd. Issue 03 (2008-09-22)

Quidway NetEngine80E/40E Core Router Configuration Guide - VPN

3 BGP/MPLS IP VPN Configuration

Procedure
Step 1 Run:
system-view

The system view is displayed. Step 2 Run:


bgp as-number

The BGP view is displayed. Step 3 Run:


ipv4-family vpn-instance vpn-instance-name

The BGP VPN instance view is displayed. Step 4 Enable route reflection for the routes of the BGP VPNv4 instance on the RR.
l

Run the peer { group-name | peer-ipv4-address } reflect-client command to enable route reflection if the RR establishes the MP IBGP connection with the peer group consisting of all Client CEs. Run the peer peer-ipv4-address reflect-client command repeatedly to enable route reflection if the RR establishes the MP IBGP connection with each PE rather than the peer group.

Step 5 (Optional) Run:


rr-filter extended-list-number

The reflection policy is configured for the RR. This command is required only on the RR. Step 6 (Optional) Run:
reflect between-clients

Route reflection between the Client CEs is enabled. By default, route reflection between the Client CEs is enabled. If the Client CEs are fully connected, you can use the undo reflect between-clients command to disable route reflection between the clients to reduce the cost. Step 7 (Optional) Run:
reflector cluster-id cluster-id

The cluster ID of the RR is set. If a cluster has multiple RRs, you can use this command to set the same cluster ID for these RRs to prevent routing loops. By default, the cluster ID is the router ID. ----End

3.18.5 Checking the Configuration


Run the following commands to check the preceding configuration.
Issue 03 (2008-09-22) Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd. 3-87

3 BGP/MPLS IP VPN Configuration

Quidway NetEngine80E/40E Core Router Configuration Guide - VPN

Action View information about the peer group of the BGP VPN instance on the RR. View information about the BGP peer on the Client CE. View information about the routes received from the peer or the routes advertised to the peer on the RR. View information about the routes received from the peer or the routes advertised to the peer on the Client CE. View information about the VPNv4 peer group on the RR. View information about the VPNv4 peer group on the CE.

Command display bgp [ vpnv4 vpn-instance vpn-instancename ] peer [ ipv4-address | group-name ] verbose display bgp peer [ ipv4-address| group-name ] verbose display bgp vpnv4 all routing-table peer peer-ipv4address { advertised-routes | received-routes } [ statistics ] display bgp peer peer-ipv4-address { advertisedroutes | received-routes } [ statistics ]

display bgp vpnv4 vpn-instance vpn-instance-name group [ group-name ] display bgp group [ group-name ]

If the configurations succeed, you can achieve the following objects:


l

You can find that the status of the MP IBGP connections between the RR and all Client CEs is "Established" after running the display bgp vpnv4 all peer command on the RR. You can find that the status of the IBGP connections between the RR and all Client CEs is "Established" after running the display bgp peer command on the Client CE. You can view the routing information advertised by the RR to the Client CE or the routing information advertised by the Client CE to the RR after running the display bgp vpnv4 all routing-table peer command on the RR. You can view the routing information advertised by the Client CE to the RR and the routing information advertised by the RR to the Client CE after running the display bgp peer peeripv4-address { advertised-routes | received-routes } [ statistics ] command on the Client CE. If the peer group is configured, you can view information about the group members and find that the status of the BGP connections between the RR and the group members is "Established" after running the display bgp vpnv4 all group command on the RR.

3.19 Configuring Convergence Priorities for VPN Routes


This section describes how to configure convergence priorities for VPN routes. 3.19.1 Establishing the Configuration Task 3.19.2 Configuring a Routing Policy Differentiating Convergence Priorities 3.19.3 Applying the Routing Policy 3.19.4 Checking the Configuration
3-88 Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd. Issue 03 (2008-09-22)

Quidway NetEngine80E/40E Core Router Configuration Guide - VPN

3 BGP/MPLS IP VPN Configuration

3.19.1 Establishing the Configuration Task


Applicable Environment
After faults occur on certain nodes or links in a network, route flapping may appear. To make some VPN routes converge faster than other routes, configure those VPN routes with higher priorities.

Pre-configuration Tasks
Before configuring convergence priorities for VPN routes, complete one of the following tasks:
l l l

Configuring Basic BGP/MPLS IP VPN Configuring Inter-AS VPN Option A Configuring Inter-AS VPN Option B
NOTE

The inter-AS VPN Option C does not support convergence priorities for VPN routes.

Data Preparation
To configure convergence priorities for VPN routes, you need the following data. No. 1 2 3 Data RD filter Convergence priorities for VPN routes Routing policy that defines convergence priorities for VPN routes

3.19.2 Configuring a Routing Policy Differentiating Convergence Priorities


Context
Do as follows on the PEs, ASBR PEs, and VPNv4 RRs that need to be configured with convergence priorities for VPN routes.

Procedure
Step 1 Run:
system-view

The system view is displayed. Step 2 Run:


ip rd-filter rd-filter-number { deny | permit } route-distinguisher &<1-10>

Issue 03 (2008-09-22)

Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd.

3-89

3 BGP/MPLS IP VPN Configuration

Quidway NetEngine80E/40E Core Router Configuration Guide - VPN

The RD filter is defined. Step 3 Run:


route-policy route-policy-name permit node node-index

The routing policy view is displayed. Step 4 Run:


if-match rd-filter rd-filter-number

The routing policy is defined. Step 5 Run:


apply convergence-priority priority

The convergence priority is configured for the route that matches the if-match rd-filter command. ----End

3.19.3 Applying the Routing Policy


Procedure
l Applying the Import Routing Policy in the VPN Instance View on the PEs 1. Run:
system-view

The system view is displayed. 2. Run:


ip vpn-instance vpn-instance-name

The VPN instance view is displayed. 3. Run:


import route-policy route-policy-name

The import routing policy is applied. l Applying the Routing Policy in the VPNv4 Address Family View on the ASBR PEs or the VPNv4 RRs 1. Run:
system-view

The system view is displayed. 2. Run:


bgp as-number

The BGP view is displayed. 3. Run:


ipv4-family vpnv4

The BGP VPNv4 address family view is displayed. 4. Run:


peer peer-address route-policy route-policy-name { import | export }

3-90

Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd.

Issue 03 (2008-09-22)

Quidway NetEngine80E/40E Core Router Configuration Guide - VPN

3 BGP/MPLS IP VPN Configuration

The routing policy is applied. ----End

3.19.4 Checking the Configuration


Run the following command to check the previous configuration. Action View information about the BGP VPNv4 routes and the BGP IPv4 VPN instance routes. Command display bgp vpnv4 all routing-table ip-address

Run the display bgp vpnv4 all routing-table ip-address command on the devices configured with convergence priorities for BGP VPNv4 routes and the BGP IPv4 VPN instance routes, and you can view the convergence priorities for the routes. For example:
<Quidway> display bgp vpnv4 all routing-table 10.1.1.0 Total routes of Route Distinguisher(100:1): 1 BGP routing table entry information of 10.1.1.0/24: Label information (Received/Applied): 15360/15362 From: 100.1.3.1 (100.1.3.1) Original nexthop: 1100.1.3.1 Ext-Community: <1 : 1> Convergence Priority: 2 AS-path Nil, origin incomplete, MED 0, localpref 100, pref-val 0, valid, internal, best, pre 255 Advertised to such 1 peers: 6.6.6.6

3.20 Maintaining BGP/MPLS IP VPN


This section describes how to maintain BGP/MPLS VPN. 3.20.1 Taking Statistics of L3VPN Traffic 3.20.2 Checking L3VPN Traffic 3.20.3 Clearing L3VPN Traffic 3.20.4 Displaying BGP/MPLS IP VPN Information 3.20.5 Checking the Network Connectivity and Reachability 3.20.6 Resetting BGP Statistics of VPN instance 3.20.7 Resetting BGP Connections 3.20.8 Debugging the BGP/MPLS IP VPN Information

3.20.1 Taking Statistics of L3VPN Traffic


L3VPN traffic statistics is applicable to the traffic of an interface at the user side in a VPN.
Issue 03 (2008-09-22) Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd. 3-91

3 BGP/MPLS IP VPN Configuration

Quidway NetEngine80E/40E Core Router Configuration Guide - VPN

Do as follows on the ruter: 1. Run:


system-view

The system view is displayed. 2. Run:


ip vpn-instance vpn-instance-name

The VPN instance view is displayed. 3. Run:


traffic-statistics enable

The function of collecting statistics of L3VPN traffic is enabled.

3.20.2 Checking L3VPN Traffic


Action Check the statistics of the specified L3VPN traffic. Command display traffic-statistics ip vpn-instance vpninstance-name

3.20.3 Clearing L3VPN Traffic


Run the following reset commands in the user view to clear traffic-statistics. Action Clear L3VPN traffic statistics of a specified VPN instance or all VPN instances. Command reset traffic-statistics ip vpn-instance { vpn-instancename | all }

3.20.4 Displaying BGP/MPLS IP VPN Information


Run the following display commands in any view to check the running configuration of the BGP/MPLS IP VPN. For more information, refer to the NE80E/40E Router Command Reference. Action Check the IP routing table of a VPN instance. Check information about the VPN instance. Check labeled routes information in BGP routing table.
3-92

Command display ip routing-table vpn-instance vpn-instancename [ [ filter-option ] [ verbose ] | statistics ] display ip vpn-instance [ verbose ] [ vpn-instancename ] display bgp [ vpnv4 { all | vpn-instance vpninstance-name } ] routing-table label
Issue 03 (2008-09-22)

Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd.

Quidway NetEngine80E/40E Core Router Configuration Guide - VPN

3 BGP/MPLS IP VPN Configuration

Action Check information of the BGP VPNv4 routing table.

Command display bgp vpnv4 { all | route-distinguisher routedistinguisher | vpn-instance vpn-instance-name } routing-table destination-address [ mask | masklength ] display bgp vpnv4 {all |route-distinguisher routedistinguisher | vpn-instance vpn-instance-name } routing-table statistics [ match-options ] display bgp vpnv4 { all | vpn-instance vpn-instancename } group [ group-name ] display bgp vpnv4 { all | vpn-instance vpn-instancename } peer [ [ peer-ip-address ] verbose ] display bgp vpnv4 { all | vpn-instance vpn-instancename } network display bgp vpnv4 { all | vpn-instance vpn-instancename } paths [ as-regular-expression ] display bgp vpnv4 vpn-instance vpn-instancename peer { group-name | peer-ip-address } log-info

Check statistics of the BGP VPNv4 routing table. Check information about the BGP VPNv4 peer group. Check the BGP VPNv4 peer information. Check the routing information advertised by BGP VPNv4. Check the AS path information of BGP VPNv4. Check BGP peer's log information of specified VPN instance.

3.20.5 Checking the Network Connectivity and Reachability


Run the following commands to check the network connectivity and reachability. Action Check the connectivity of the network. Command ping [ ip ] [ -a source-ip-address | -c count | -d | -f | h ttl-value | -i interface-type interface-number } | m time | -n | -p pattern | -q | -r | -s packetsize | -t timeout | -tos tos-value | -v | -vpn-instance vpninstance-name ] * dest-address tracert [ -a source-ip-address | -f first-ttl | -m maxttl | -p port | -q nqueries | -vpn-instance vpn-instancename | -w timeout ] * dest-address

Check the gateway that the packet passes by from the source to the destination

After the VPN configuration, using the ping command with -vpn-instance vpn-instancename on PE, you can check whether the PE and the CEs that belongs to the same VPN can communicate with each other. If the ping fails, you can use the tracert command with -vpninstance vpn-instance-name to locate the fault. If multiple interfaces bound to the same VPN exist on the PE, specify the source IP address, that is -a source-ip-address when you ping or tracert the remote CE that accesses the peer PE. Otherwise, the ping or tracert may fail. Because if you do not specify a source IP address, the PE chooses the smallest IP address of the interface bound to the VPN on the PE as the source address of the ICMP packet randomly. If no
Issue 03 (2008-09-22) Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd. 3-93

3 BGP/MPLS IP VPN Configuration

Quidway NetEngine80E/40E Core Router Configuration Guide - VPN

route to the selected address exists on the CE, the ICMP packet sent back from the peer PE is discarded.
NOTE

By default, as for the MPLS TTL timeout packet with level 1 label, the router returns the ICMP packet according to the local IP route, which is the route of the public network. However, no VPN route exists in the public-network routing table of the ASBR PE. Therefore, the ICMP packet is discarded when it is sent from the ASBR PE or returns to the ASBR PE. In this situation, the ping can succeed. To tracert the correct path that the operator network forwards the packet of the private network on the operator network, it is recommended to configure the undo ttl expiration command on the following devices:
l l l

Level 1 carrier's PE devices in the carrier's carrier network SPE devices in the HoVPN ASBR PE devices of the inter-AS VPN

3.20.6 Resetting BGP Statistics of VPN instance


Run the following reset commands in the user view to clear the BGP statistics of the VPN instance. Action Clear statistics of the BGP peer flap for a specified VPN instance. Clear dampening information of a VPN instance. Command reset bgp vpn-instance vpn-instance-name peeripv4-address flap-info reset bgp vpn-instance vpn-instance-name dampening [ ip-address [ mask | mask-length ] ]

3.20.7 Resetting BGP Connections


When the BGP configuration changes, you can use the soft reset or reset BGP connections to let the new configurations take effect. Soft reset requires the BGP peers have route refreshment capability (supporting Route-Refresh messages). Do as follows in the user view. Action Trigger the inbound soft reset of VPN instance's BGP connection. Trigger the outbound soft reset of VPN instance's BGP connection. Trigger the inbound soft reset of BGP VPNv4 connection.
3-94

Command refresh bgp vpn-instance vpn-instance-name { all | peer-ip-address | group group-name | internal | external } import refresh bgp vpn-instance vpn-instance-name { all | peer-ip-address | group group-name | internal | external } export refresh bgp vpnv4 { all | peer-ip-address | group group-name | internal | external } import
Issue 03 (2008-09-22)

Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd.

Quidway NetEngine80E/40E Core Router Configuration Guide - VPN

3 BGP/MPLS IP VPN Configuration

Action Trigger the outbound soft reset of BGP VPNv4 connection. Reset BGP connections of a VPN instance. Reset BGP VPNv4 connections.

Command refresh bgp vpnv4 { all | peer-ip-address | group group-name | internal | external } export reset bgp vpn-instance vpn-instance-name { asnumber | peer-ip-address | group group-name | all | internal | external } reset bgp vpnv4 { as-number | peer-ip-address | group group-name | all | internal | external }

3.20.8 Debugging the BGP/MPLS IP VPN Information

CAUTION
Debugging affects the performance of the system. So, after the debugging, run the undo debugging all command to disable it immediately. Run the following debugging commands in the user view to debug BGP/MPLS IP VPN and locate the fault. For more information, see the chapter "Maintenance and Debugging" in the NE80E/40E Router Configuration Guide - System Management. Action Enable the debugging of BGP peers in a VPN instance. Enable the packet debugging of BGP peers in a VPN instance. Enable the BGP Update packets debugging of VPN instances. Enable the BGP Update packets debugging of BGP VPNv4 routes. Enable the BGP Update packets debugging of labeled routes. Command debugging bgp vpn-instance vpn-instance-name peeraddress { all | event | graceful-restart | timer } debugging bgp vpn-instance vpn-instance-name peeraddress { keepalive | open | packet | raw-packet | routerefresh } [ receive | send ] [ verbose ] debugging bgp update vpn-instance vpn-instancename peer ip-address [ acl acl-number | ip-prefix ipprefix-name ] [ receive | send ] [ verbose ] debugging bgp update vpnv4 [ peer ip-address ] [ receive | send ] [ verbose ] debugging bgp update label-route [ peer ip-address ] [ acl acl-number | ip-prefix ip-prefix-name ] [ receive | send ] [ verbose ]

Issue 03 (2008-09-22)

Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd.

3-95

3 BGP/MPLS IP VPN Configuration

Quidway NetEngine80E/40E Core Router Configuration Guide - VPN

3.21 Configuration Examples


This section describes how to configure BGP/MPLS IP VPN. 3.21.1 Example for Configuring BGP/MPLS IP VPN 3.21.2 Example for Configuring BGP/MPLS IP VPN with a GRE Tunnel 3.21.3 Example for Configuring the BGP AS Number Substitution 3.21.4 Example for Configuring Hub&Spoke 3.21.5 Example for Configuring Inter-AS VPN Option A 3.21.6 Example for Configuring Inter-AS VPN Option B 3.21.7 Example for Configuring Inter-AS VPN Option C 3.21.8 Example for Configuring Carrier's Carrier in the Same AS 3.21.9 Example for Configuring the Carrier's Carrier (Inter-AS) 3.21.10 Example for Configuring HoVPN 3.21.11 Example for Configuring OSPF Sham Link 3.21.12 Example for Configuring Multi-VPN-Instance CE 3.21.13 Example for Configuring PBR to VPN 3.21.14 Example for Connecting VPN and Internet 3.21.15 Example for Configuring a Dual-Homed CE 3.21.16 Example for Configuring Load Balancing Among EBGP and IBGP Routes When CEs Are Dual-Homed 3.21.17 Example for Configuring the IP FRR of the Private Network 3.21.18 Example for Configuring VPN FRR 3.21.19 Example for Configuring VPN GR 3.21.20 Example for Configuring the VPN with Double Reflectors 3.21.21 Example for Configuring VPN-Route Convergence Priorities

3.21.1 Example for Configuring BGP/MPLS IP VPN


Networking Requirements
As shown in Figure 3-4:
l l

CE1 and CE3 are in VPN-A while CE2 and CE4 are in VPN-B. Users in different VPN cannot access each other. The VPN target attribute of VPN-A is 111:1, and that of VPN-B is 222:2. VPN routing information is exchanged between CE and PE through the EBGP.
Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd. Issue 03 (2008-09-22)

3-96

Quidway NetEngine80E/40E Core Router Configuration Guide - VPN


l

3 BGP/MPLS IP VPN Configuration

Intercommunication between PEs is implemented through the OSPF. The VPN routing information is exchanged between PEs through the MP-IBGP.

Figure 3-4 BGP/MPLS IP VPN networking diagram


AS: 65410 VPN-A CE1
GE1/0/0 10.1.1.1/24 Loopback1 2.2.2.9/32

AS: 65430 VPN-A CE3


GE1/0/0 10.3.1.1/24

GE1/0/0 10.1.1.2/24 Loopback1 1.1.1.9/32 GE2/0/0 10.2.1.2/24

PE1

POS1/0/0 172.1.1.2/24

POS2/0/0 172.2.1.1/24

PE2

GE1/0/0 10.3.1.2/24 Loopback1 3.3.3.9/32 GE2/0/0 10.4.1.2/24

POS3/0/0 172.1.1.1/24

P MPLS backbone AS: 100

POS3/0/0 172.2.1.2/24

GE1/0/0 10.2.1.1/24

GE1/0/0 10.4.1.1/24

CE2 VPN-B AS: 65420

CE4 VPN-B AS: 65440

Configuration Roadmap
The configuration roadmap is as follows: 1. 2. 3. Configure OSPF between PEs to implement interworking. Configure the basic MPLS functions and MPLS LDP on the PEs and establish the MPLS LSPs between the PEs. Configure the VPN instance on the PE connected with the CE in the backbone network, bind the PE interface connected with the CE to the corresponding VPN instance, and then reconfigure the IP address for the PE interface connected with the CE. Configure MP IBGP to exchange the VPN routing information between the PEs. Configure EBGP between the CE and the PE to exchange the VPN routing information.

4. 5.

Data Preparation
To configure BGP/MPLS IP VPN, you need the following data:
l l l

MPLS LSR ID on the PEs and the Ps RD of VPN-A and VPN-B VPN-Target of VPN-A and VPN-B

Issue 03 (2008-09-22)

Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd.

3-97

3 BGP/MPLS IP VPN Configuration

Quidway NetEngine80E/40E Core Router Configuration Guide - VPN

Configuration Procedure
1. Configure IGP on MPLS backbone to make the PEs and the Ps reach each other. # Configure PE1.
<Quidway> system-view [Quidway] sysname PE1 [PE1] interface loopback 1 [PE1-LoopBack1] ip address 1.1.1.9 32 [PE1-LoopBack1] quit [PE1] interface pos3/0/0 [PE1-Pos3/0/0] ip address 172.1.1.1 24 [PE1-Pos3/0/0] quit [PE1] ospf [PE1-ospf-1] area 0 [PE1-ospf-1-area-0.0.0.0] network 172.1.1.0 0.0.0.255 [PE1-ospf-1-area-0.0.0.0] network 1.1.1.9 0.0.0.0 [PE1-ospf-1-area-0.0.0.0] quit [PE1-ospf-1] quit

# Configure P.
<Quidway> system-view [Quidway] sysname P [P] interface loopback 1 [P-LoopBack1] ip address 2.2.2.9 32 [P-LoopBack1] quit [P] interface pos 1/0/0 [P-Pos1/0/0] ip address 172.1.1.2 24 [P-Pos1/0/0] quit [P] interface pos 2/0/0 [P-Pos2/0/0] ip address 172.2.1.1 24 [P-Pos2/0/0] quit [P] ospf [P-ospf-1] area 0 [P-ospf-1-area-0.0.0.0] network 172.1.1.0 0.0.0.255 [P-ospf-1-area-0.0.0.0] network 172.2.1.0 0.0.0.255 [P-ospf-1-area-0.0.0.0] network 2.2.2.9 0.0.0.0 [P-ospf-1-area-0.0.0.0] quit [P-ospf-1] quit

# Configure PE2.
<Quidway> system-view [Quidway] sysname PE2 [PE2] interface loopback 1 [PE2-LoopBack1] ip address 3.3.3.9 32 [PE2-LoopBack1] quit [PE2] interface pos 3/0/0 [PE2-Pos3/0/0] ip address 172.2.1.2 24 [PE2-Pos3/0/0] quit [PE2] ospf [PE2-ospf-1] area 0 [PE2-ospf-1-area-0.0.0.0] network 172.2.1.0 0.0.0.255 [PE2-ospf-1-area-0.0.0.0] network 3.3.3.9 0.0.0.0 [PE2-ospf-1-area-0.0.0.0] quit [PE2-ospf-1] quit

After the configuration, the OSPF neighbor relationship should be established between PE1, P and PE2. After running the display ospf peer command, you can find that the OSPF neighbor relationship is in Full state. Run the display ip routing-table command on the PE, and you can view the Loopback1 routes imported from the peer. Take PE1 as an example:
[PE1] display ip routing-table Route Flags: R - relied, D - download to fib -----------------------------------------------------------------------------Routing Tables: Public Destinations : 9 Routes : 9 Destination/Mask Proto Pre Cost Flags NextHop Interface

3-98

Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd.

Issue 03 (2008-09-22)

Quidway NetEngine80E/40E Core Router Configuration Guide - VPN

3 BGP/MPLS IP VPN Configuration

1.1.1.9/32 Direct 0 0 D 127.0.0.1 InLoopBack0 2.2.2.9/32 OSPF 10 2 D 172.1.1.2 Pos3/0/0 3.3.3.9/32 OSPF 10 3 D 172.1.1.2 Pos3/0/0 127.0.0.0/8 Direct 0 0 D 127.0.0.1 InLoopBack0 127.0.0.1/32 Direct 0 0 D 127.0.0.1 InLoopBack0 172.1.1.0/24 Direct 0 0 D 172.1.1.1 Pos3/0/0 172.1.1.1/32 Direct 0 0 D 127.0.0.1 InLoopBack0 172.1.1.2/32 Direct 0 0 D 172.1.1.2 Pos3/0/0 172.2.1.0/24 OSPF 10 2 D 172.1.1.2 Pos3/0/0 [PE1] display ospf peer OSPF Process 1 with Router ID 1.1.1.9 Neighbors Area 0.0.0.0 interface 172.1.1.1(Pos3/0/0)'s neighbors Router ID: 172.1.1.2 Address: 172.1.1.2 GR State: Normal State: Full Mode:Nbr is Master Priority: 1 DR: None BDR: None MTU: 1500 Dead timer due in 38 sec Neighbor is up for 00:02:44 Authentication Sequence: [ 0 ]

2.

Configure basic MPLS capability and MPLS LDP on the MPLS backbone network to setup LDP LSP. # Configure PE1.
[PE1] mpls lsr-id 1.1.1.9 [PE1] mpls [PE1-mpls] lsp-trigger all [PE1-mpls] quit [PE1] mpls ldp [PE1-mpls-ldp] quit [PE1] interface pos 3/0/0 [PE1-Pos3/0/0] mpls [PE1-Pos3/0/0] mpls ldp [PE1-Pos3/0/0] quit

# Configure P.
[P] mpls lsr-id 2.2.2.9 [P] mpls [P-mpls] lsp-trigger all [P-mpls] quit [P] mpls ldp [P-mpls-ldp] quit [P] interface pos 1/0/0 [P-Pos1/0/0] mpls [P-Pos1/0/0] mpls ldp [P-Pos1/0/0] quit [P] interface pos 2/0/0 [P-Pos2/0/0] mpls [P-Pos2/0/0] mpls ldp [P-Pos2/0/0] quit

# Configure PE2.
[PE2] mpls lsr-id 3.3.3.9 [PE2] mpls [PE2-mpls] lsp-trigger all [PE2-mpls] quit [PE2] mpls ldp [PE2-mpls-ldp] quit [PE2] interface pos 3/0/0 [PE2-Pos3/0/0] mpls [PE2-Pos3/0/0] mpls ldp [PE2-Pos3/0/0] quit

After the configuration, LDP sessions are set up between PE1, P and PE2. After running the display mpls ldp session command on the routers, you can find the status of the session is "Operational" in the display result. Run the display mpls ldp lsp command, and view the state of the LDP LSP. Take the PE1 as an example:
Issue 03 (2008-09-22) Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd. 3-99

3 BGP/MPLS IP VPN Configuration

Quidway NetEngine80E/40E Core Router Configuration Guide - VPN

[PE1] display mpls ldp session LDP Session(s) in Public Network ------------------------------------------------------------------------Peer-ID Status LAM SsnRole SsnAge KA-Sent/Rcv ------------------------------------------------------------------------2.2.2.9:0 Operational DU Passive 000:00:01 5/5 ------------------------------------------------------------------------TOTAL: 1 session(s) Found. LAM : Label Advertisement Mode SsnAge Unit : DDD:HH:MM [PE1] display mpls ldp lsp LDP LSP Information -----------------------------------------------------------------SN DestAddress/Mask In/OutLabel Next-Hop In/Out-Interface -----------------------------------------------------------------1 1.1.1.9/32 3/NULL 127.0.0.1 Pos3/0/0/InLoop0 2 2.2.2.9/32 NULL/3 172.1.1.2 -------/Pos3/0/0 3 3.3.3.9/32 NULL/1024 172.1.1.2 -------/Pos3/0/0 -----------------------------------------------------------------TOTAL: 3 Normal LSP(s) Found. TOTAL: 0 Liberal LSP(s) Found. A '*' before an LSP means the LSP is not established A '*' before a Label means the USCB or DSCB is stale

3.

Configure VPN instances on PEs and bind the instance to the interfaces of CEs. # Configure PE1.
[PE1] ip vpn-instance vpna [PE1-vpn-instance-vpna] route-distinguisher 100:1 [PE1-vpn-instance-vpna] vpn-target 111:1 both [PE1-vpn-instance-vpna] quit [PE1] ip vpn-instance vpnb [PE1-vpn-instance-vpnb] route-distinguisher 100:2 [PE1-vpn-instance-vpnb] vpn-target 222:2 both [PE1-vpn-instance-vpnb] quit [PE1] interface gigabitethernet 1/0/0 [PE1-GigabitEthernet1/0/0] ip binding vpn-instance vpna [PE1-GigabitEthernet1/0/0] ip address 10.1.1.2 24 [PE1-GigabitEthernet1/0/0] quit [PE1] interface gigabitethernet 2/0/0 [PE1-GigabitEthernet2/0/0] ip binding vpn-instance vpnb [PE1-GigabitEthernet2/0/0] ip address 10.2.1.2 24 [PE1-GigabitEthernet2/0/0] quit

# Configure PE2.
[PE2] ip vpn-instance vpna [PE2-vpn-instance-vpna] route-distinguisher 200:1 [PE2-vpn-instance-vpna] vpn-target 111:1 both [PE2-vpn-instance-vpna] quit [PE2] ip vpn-instance vpnb [PE2-vpn-instance-vpnb] route-distinguisher 200:2 [PE2-vpn-instance-vpnb] vpn-target 222:2 both [PE2-vpn-instance-vpnb] quit [PE2] interface gigabitethernet 1/0/0 [PE2-GigabitEthernet1/0/0] ip binding vpn-instance vpna [PE2-GigabitEthernet1/0/0] ip address 10.3.1.2 24 [PE2-GigabitEthernet1/0/0] quit [PE2] interface gigabitethernet 2/0/0 [PE2-GigabitEthernet2/0/0] ip binding vpn-instance vpnb [PE2-GigabitEthernet2/0/0] ip address 10.4.1.2 24 [PE2-GigabitEthernet2/0/0] quit

# Configure IP address for the CE interface according to Figure 3-4. The configuration procedure is not mentioned here. After the configuration, view the configuration of VPN instances by running the display ip vpn-instance verbose command on the PEs. The PE can ping through its own CE. Take PE1 and CE1 for example:
[PE1] display ip vpn-instance verbose Total VPN-Instances configured : 2

3-100

Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd.

Issue 03 (2008-09-22)

Quidway NetEngine80E/40E Core Router Configuration Guide - VPN

3 BGP/MPLS IP VPN Configuration

VPN-Instance Name and ID : vpna, 1 Create date : 2006/09/21 11:30:35 Up time : 0 days, 00 hours, 05 minutes and 19 seconds Route Distinguisher : 100:1 Export VPN Targets : 111:1 Import VPN Targets : 111:1 Label policy: label per route Interfaces : GigabitEthernet1/0/0 VPN-Instance Name and ID : vpnb, 2 Create date : 2006/09/21 11:31:18 Up time : 0 days, 00 hours, 04 minutes and 36 seconds Route Distinguisher : 100:2 Export VPN Targets : 222:2 Import VPN Targets : 222:2 Interfaces : GigabitEthernet2/0/0 [PE1] ping -vpn-instance vpna 10.1.1.1 PING 10.1.1.1: 56 data bytes, press CTRL_C to break Reply from 10.1.1.1: bytes=56 Sequence=1 ttl=255 time=56 ms Reply from 10.1.1.1: bytes=56 Sequence=2 ttl=255 time=4 ms Reply from 10.1.1.1: bytes=56 Sequence=3 ttl=255 time=4 ms Reply from 10.1.1.1: bytes=56 Sequence=4 ttl=255 time=52 ms Reply from 10.1.1.1: bytes=56 Sequence=5 ttl=255 time=3 ms --- 10.1.1.1 ping statistics --5 packet(s) transmitted 5 packet(s) received 0.00% packet loss round-trip min/avg/max = 3/23/56 ms

4.

Establish the EBGP peer relationship between the PE and the CE to import VPN routes. # Configure CE1.
[CE1] bgp 65410 [CE1-bgp] peer 10.1.1.2 as-number 100 [CE1-bgp] import-route direct
NOTE

The configuration of CE2, CE3 and CE4 is similar to CE1 and their configuration procedures are not mentioned here.

# Configure PE1.
[PE1] bgp 100 [PE1-bgp] ipv4-family vpn-instance vpna [PE1-bgp-vpna] peer 10.1.1.1 as-number 65410 [PE1-bgp-vpna] import-route direct [PE1-bgp-vpna] quit [PE1-bgp] ipv4-family vpn-instance vpnb [PE1-bgp-vpnb] peer 10.2.1.1 as-number 65420 [PE1-bgp-vpnb] import-route direct [PE1-bgp-vpnb] quit
NOTE

The configuration of PE2 is similar to PE1 and the configuration procedure is not mentioned here.

After the configuration, run the display bgp peer or the display bgp vpnv4 all peer command. You can find that the BGP peer relationship has been established between the PE and the CE. Take the peer relationship between PE1 and CE1 as an example.
[PE1] display bgp vpnv4 vpn-instance vpna peer BGP local router ID : 1.1.1.9 Local AS number : 100 Total number of peers : 1 Peers in established state : 1 Peer V AS MsgRcvd MsgSent OutQ Up/Down State PrefRcv 10.1.1.1 4 65410 11 9 0 00:06:37 Established 1

5.
Issue 03 (2008-09-22)

Establish MP-IBGP peers between the PEs.


Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd. 3-101

3 BGP/MPLS IP VPN Configuration

Quidway NetEngine80E/40E Core Router Configuration Guide - VPN

# Configure PE1.
[PE1] bgp 100 [PE1-bgp] peer 3.3.3.9 as-number 100 [PE1-bgp] peer 3.3.3.9 connect-interface loopback 1 [PE1-bgp] ipv4-family vpnv4 [PE1-bgp-af-vpnv4] peer 3.3.3.9 enable [PE1-bgp-af-vpnv4] quit

# Configure PE2.
[PE2] bgp 100 [PE2-bgp] peer 1.1.1.9 as-number 100 [PE2-bgp] peer 1.1.1.9 connect-interface loopback 1 [PE2-bgp] ipv4-family vpnv4 [PE2-bgp-af-vpnv4] peer 1.1.1.9 enable [PE2-bgp-af-vpnv4] quit

After the configuration, you can find that the BGP peer relationship has been set up between PE1 and PE2 by running the display bgp peer command or the display bgp vpnv4 all peer command.
[PE1] display bgp peer BGP local router ID : 1.1.1.9 Local AS number : 100 Total number of peers : 1 Peers in established state : 1 Peer V AS MsgRcvd MsgSent OutQ Up/Down State PrefRcv 3.3.3.9 4 100 2 6 0 00:00:12 Established 0 [PE1] display bgp vpnv4 all peer BGP local router ID : 1.1.1.9 Local AS number : 100 Total number of peers : 3 Peers in established state : 3 Peer V AS MsgRcvd MsgSent OutQ Up/Down State PrefRcv 3.3.3.9 4 100 12 18 0 00:09:38 Established 0 Peer of vpn instance: vpn instance vpna : 10.1.1.1 4 65410 25 25 0 00:17:57 Established 1 vpn instance vpnb : 10.2.1.1 4 65420 21 22 0 00:17:10 Established 1

6.

Verify the configuration. Running the display ip routing-table vpn-instance command on the PE, you can find the route to peer CEs. Take PE1 as an example.
[PE1] display ip routing-table vpn-instance vpna Route Flags: R - relied, D - download to fib -----------------------------------------------------------------------------Routing Tables: vpna Destinations : 3 Routes : 3 Destination/Mask Proto Pre Cost Flags NextHop Interface 10.1.1.0/24 Direct 0 0 D 10.1.1.2 GigabitEthernet1/0/0 10.1.1.2/32 Direct 0 0 D 127.0.0.1 InLoopBack0 10.3.1.0/24 BGP 255 0 RD 3.3.3.9 Pos3/0/0 [PE1] display ip routing-table vpn-instance vpnb Route Flags: R - relied, D - download to fib -----------------------------------------------------------------------------Routing Tables: vpnb Destinations : 3 Routes : 3 Destination/Mask Proto Pre Cost Flags NextHop Interface 10.2.1.0/24 Direct 0 0 D 10.2.1.2 GigabitEthernet2/0/0 10.2.1.2/32 Direct 0 0 D 127.0.0.1 InLoopBack0 10.4.1.0/24 BGP 255 0 RD 3.3.3.9 Pos3/0/0

The CEs in the same VPN can ping through each other while two CEs in different VPNs cannot ping through each other. For example, CE1 can ping through CE3 (10.3.1.1) but cannot ping through CE4 (10.4.1.1).
3-102 Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd. Issue 03 (2008-09-22)

Quidway NetEngine80E/40E Core Router Configuration Guide - VPN

3 BGP/MPLS IP VPN Configuration

[CE1] ping 10.3.1.1 PING 10.3.1.1: 56 data bytes, press CTRL_C to break Reply from 10.3.1.1: bytes=56 Sequence=1 ttl=253 time=72 Reply from 10.3.1.1: bytes=56 Sequence=2 ttl=253 time=34 Reply from 10.3.1.1: bytes=56 Sequence=3 ttl=253 time=50 Reply from 10.3.1.1: bytes=56 Sequence=4 ttl=253 time=50 Reply from 10.3.1.1: bytes=56 Sequence=5 ttl=253 time=34 --- 10.3.1.1 ping statistics --5 packet(s) transmitted 5 packet(s) received 0.00% packet loss round-trip min/avg/max = 34/48/72 ms [CE1] ping 10.4.1.1 PING 10.4.1.1: 56 data bytes, press CTRL_C to break Request time out Request time out Request time out Request time out Request time out --- 10.4.1.1 ping statistics --5 packet(s) transmitted 0 packet(s) received 100.00% packet loss

ms ms ms ms ms

Configuration Files
l

Configuration file of PE1


# sysname PE1 # ip vpn-instance vpna route-distinguisher 100:1 vpn-target 111:1 export-extcommunity vpn-target 111:1 import-extcommunity # ip vpn-instance vpnb route-distinguisher 100:2 vpn-target 222:2 export-extcommunity vpn-target 222:2 import-extcommunity # mpls lsr-id 1.1.1.9 mpls lsp-trigger all # mpls ldp # interface GigabitEthernet1/0/0 ip binding vpn-instance vpna ip address 10.1.1.2 255.255.255.0 # interface GigabitEthernet2/0/0 ip binding vpn-instance vpnb ip address 10.2.1.2 255.255.255.0 # interface Pos3/0/0 link-protocol ppp ip address 172.1.1.1 255.255.255.0 mpls mpls ldp # interface LoopBack1 ip address 1.1.1.9 255.255.255.255 # bgp 100 peer 3.3.3.9 as-number 100 peer 3.3.3.9 connect-interface LoopBack1 # ipv4-family unicast undo synchronization

Issue 03 (2008-09-22)

Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd.

3-103

3 BGP/MPLS IP VPN Configuration


peer 3.3.3.9 enable # ipv4-family vpnv4 policy vpn-target peer 3.3.3.9 enable # ipv4-family vpn-instance vpna peer 10.1.1.1 as-number 65410 import-route direct # ipv4-family vpn-instance vpnb peer 10.2.1.1 as-number 65420 import-route direct # ospf 1 area 0.0.0.0 network 172.1.1.0 0.0.0.255 network 1.1.1.9 0.0.0.0 # return l

Quidway NetEngine80E/40E Core Router Configuration Guide - VPN

Configuration file of P
# sysname P # mpls lsr-id 2.2.2.9 mpls lsp-trigger all # mpls ldp # interface Pos1/0/0 link-protocol ppp ip address 172.1.1.2 255.255.255.0 mpls mpls ldp # interface Pos2/0/0 link-protocol ppp ip address 172.2.1.1 255.255.255.0 mpls mpls ldp # interface LoopBack1 ip address 2.2.2.9 255.255.255.255 # ospf 1 area 0.0.0.0 network 172.1.1.0 0.0.0.255 network 172.2.1.0 0.0.0.255 network 2.2.2.9 0.0.0.0 # return

Configuration file of PE2


# sysname PE2 # ip vpn-instance vpna route-distinguisher 200:1 vpn-target 111:1 export-extcommunity vpn-target 111:1 import-extcommunity # ip vpn-instance vpnb route-distinguisher 200:2 vpn-target 222:2 export-extcommunity vpn-target 222:2 import-extcommunity # mpls lsr-id 3.3.3.9 mpls

3-104

Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd.

Issue 03 (2008-09-22)

Quidway NetEngine80E/40E Core Router Configuration Guide - VPN


lsp-trigger all # mpls ldp # interface GigabitEthernet1/0/0 ip binding vpn-instance vpna ip address 10.3.1.2 255.255.255.0 # interface GigabitEthernet2/0/0 ip binding vpn-instance vpnb ip address 10.4.1.2 255.255.255.0 # interface Pos3/0/0 link-protocol ppp ip address 172.2.1.2 255.255.255.0 mpls mpls ldp # interface LoopBack1 ip address 3.3.3.9 255.255.255.255 # bgp 100 peer 1.1.1.9 as-number 100 peer 1.1.1.9 connect-interface LoopBack1 # ipv4-family unicast undo synchronization peer 1.1.1.9 enable # ipv4-family vpnv4 policy vpn-target peer 1.1.1.9 enable # ipv4-family vpn-instance vpna peer 10.3.1.1 as-number 65430 import-route direct # ipv4-family vpn-instance vpnb peer 10.4.1.1 as-number 65440 import-route direct # ospf 1 area 0.0.0.0 network 172.2.1.0 0.0.0.255 network 3.3.3.9 0.0.0.0 # return l

3 BGP/MPLS IP VPN Configuration

Configuration file of CE1


# sysname CE1 # interface GigabitEthernet1/0/0 ip address 10.1.1.1 255.255.255.0 # bgp 65410 peer 10.1.1.2 as-number 100 # ipv4-family unicast undo synchronization import-route direct peer 10.1.1.2 enable # return

Configuration file of CE2


# sysname CE2 # interface GigabitEthernet1/0/0

Issue 03 (2008-09-22)

Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd.

3-105

3 BGP/MPLS IP VPN Configuration


ip address 10.2.1.1 255.255.255.0 # bgp 65420 peer 10.2.1.2 as-number 100 # ipv4-family unicast undo synchronization import-route direct peer 10.2.1.2 enable # return l

Quidway NetEngine80E/40E Core Router Configuration Guide - VPN

Configuration file of CE3


# sysname CE3 # interface GigabitEthernet1/0/0 ip address 10.3.1.1 255.255.255.0 # bgp 65430 peer 10.3.1.2 as-number 100 # ipv4-family unicast undo synchronization import-route direct peer 10.3.1.2 enable # return

Configuration file of CE4


# sysname CE4 # interface GigabitEthernet1/0/0 ip address 10.4.1.1 255.255.255.0 # bgp 65440 peer 10.4.1.2 as-number 100 # ipv4-family unicast undo synchronization import-route direct peer 10.4.1.2 enable # return

3.21.2 Example for Configuring BGP/MPLS IP VPN with a GRE Tunnel


Networking Requirements
As shown in Figure 3-5, CE1 and CE2 belong to VPN-A. The PE provides MPLS capability while the P devices provide only pure IP but MPLS capabilities. Adopt the GRE tunnel on the backbone to forward the VPN packets. In this scenario, tunnel policies should be configured on the PE to specify the GRE tunnel for forwarding VPN traffic.

3-106

Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd.

Issue 03 (2008-09-22)

Quidway NetEngine80E/40E Core Router Configuration Guide - VPN

3 BGP/MPLS IP VPN Configuration

Figure 3-5 Networking diagram of BGP/MPLS IP VPN with GRE tunnel

AS:100

POS1/0/0 172.1.1.2/24

POS2/0/0 172.2.1.1/24

P
Loopback1 1.1.1.9/32 POS2/0/0 172.1.1.1/24 POS2/0/0 172.2.1.2/24 Loopback1 2.2.2.9/32

PE1
GE1/0/0 10.1.1.2/24 Tunnel5/0/0 20.1.1.1/24

GRE Tunnel
Tunnel5/0/0 20.1.1.2/24

PE2
GE1/0/0 10.2.1.2/24 GE1/0/0 10.2.1.1/24

GE1/0/0 10.1.1.1/24

CE1 VPN-A AS: 65410 VPN-A AS: 65420

CE2

Configuration Roadmap
The configuration roadmap is as follows: 1. 2. 3. 4. 5. 6. Configure common routing protocol (OSPF in this example) on the backbone network to implement interworking between the PEs. Establish GRE tunnels between the PEs. Enable MPLS on the PEs. Configure the tunnel policy on the PEs and specify the tunnel transmitting VPN traffic as GRE. Configure MP IBGP between the PEs to exchange VPN routing information. Configure EBGP between the CE and the PE to exchange VPN routing information.

Data Preparation
To configure BGP/MPLS IP VPN with the GRE tunnel, you need the following data:
l l l l l

The MPLS LSR-ID on the PE The tunnel policy configured on the PE The VPN instance name, RD and the route attribute The source address, destination address of the two ends of the GRE tunnel The IP address of the tunnel interface GRE

Configuration Procedure
1.
Issue 03 (2008-09-22)

Configure the IP address for each interface.


Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd. 3-107

3 BGP/MPLS IP VPN Configuration

Quidway NetEngine80E/40E Core Router Configuration Guide - VPN

Configure the IP address to each physical and loopback interface as shown in Figure 3-5. Run the undo shutdown command to change each physical interface to Up. The details of the configuration are not mentioned here. 2. Configure IGP on backbone to implement the interconnection among the PEs and the Ps. In this example, we use OSPF as the IGP on backbone. The configuration procedure is not mentioned here. After the configuration, the OSPF adjacency should be established between PE1, P and PE2. Using the display ospf peer command, you can see that the status of OSPF neighbor is "FULL". Using the display ip routing-table command, you can see that the PEs have learnt each other's loopback interface route. 3. Configure MPLS basic capabilities on PEs. # Configure PE1.
<PE1> system-view [PE1] mpls lsr-id 1.1.1.9 [PE1] mpls [PE1-mpls] quit

# Configure PE2.
<PE2> system-view [PE2] mpls lsr-id 2.2.2.9 [PE2] mpls [PE2-mpls] quit

4.

Configure VPN instances on the PE to associate the CEs, adopt a tunnel policy on the PE and specify a GRE tunnel to forward VPN packets. # Configure PE1.
[PE1] tunnel-policy gre1 [PE1-tunnel-policy-gre1] tunnel select-seq gre load-balance-number 1 [PE1-tunnel-policy-gre1] quit [PE1] ip vpn-instance vpna [PE1-vpn-instance-vpna] route-distinguisher 100:1 [PE1-vpn-instance-vpna] vpn-target 100:1 both [PE1-vpn-instance-vpna] tnl-policy gre1 [PE1-vpn-instance-vpna] quit [PE1] interface gigabitethernet 1/0/0 [PE1-GigabitEthernet1/0/0] ip binding vpn-instance vpna [PE1-GigabitEthernet1/0/0] ip address 10.1.1.2 24 [PE1-GigabitEthernet1/0/0] quit

# Configure PE2.
[PE2] tunnel-policy gre1 [PE2-tunnel-policy-gre1] tunnel select-seq gre load-balance-number 1 [PE2-tunnel-policy-gre1] quit [PE2] ip vpn-instance vpna [PE2-vpn-instance-vpna] route-distinguisher 100:2 [PE2-vpn-instance-vpna] vpn-target 100:1 both [PE2-vpn-instance-vpna] tnl-policy gre1 [PE2-vpn-instance-vpna] quit [PE2] interface gigabitethernet 1/0/0 [PE2-GigabitEthernet1/0/0] ip binding vpn-instance vpna [PE2-GigabitEthernet1/0/0] ip address 10.2.1.2 24 [PE2-GigabitEthernet1/0/0] quit

# Configure CE1.
<CE1> system-view [CE1] interface gigabitethernet 1/0/0 [CE1-GigabitEthernet1/0/0] ip address 10.1.1.1 24 [CE1-GigabitEthernet1/0/0] quit

# Configure CE2.
<CE2> system-view [CE2] interface gigabitethernet 1/0/0

3-108

Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd.

Issue 03 (2008-09-22)

Quidway NetEngine80E/40E Core Router Configuration Guide - VPN

3 BGP/MPLS IP VPN Configuration

[CE2-GigabitEthernet1/0/0] ip address 10.2.1.1 24 [CE2-GigabitEthernet1/0/0] quit

After the configuration, run the display ip vpn-instance verbose command on the PE and you will see the configuration of VPN instances. The PEs can ping through the CEs connected to it.
[PE1] display ip vpn-instance verbose Total VPN-Instances configured : 1 VPN-Instance Name and ID : vpna, 1 Create date : 2006/10/11 16:12:02 Up time : 0 days, 00 hours, 03 minutes and 07 seconds Route Distinguisher : 100:1 Export VPN Targets : 100:1 Import VPN Targets : 100:1 Label policy: label per route Tunnel Policy : gre1 Interfaces : GigabitEthernet1/0/0 [PE1] ping -vpn-instance vpna 10.1.1.1 PING 10.1.1.1: 56 data bytes, press CTRL_C to break Reply from 10.1.1.1: bytes=56 Sequence=1 ttl=255 time=27 ms Reply from 10.1.1.1: bytes=56 Sequence=2 ttl=255 time=33 ms Reply from 10.1.1.1: bytes=56 Sequence=3 ttl=255 time=7 ms Reply from 10.1.1.1: bytes=56 Sequence=4 ttl=255 time=29 ms Reply from 10.1.1.1: bytes=56 Sequence=5 ttl=255 time=9 ms --- 10.1.1.1 ping statistics --5 packet(s) transmitted 5 packet(s) received 0.00% packet loss round-trip min/avg/max = 7/21/33 ms

5.

Establish EBGP peers between the PE and the CE to import VPN routes. # Configure CE1.
[CE1] bgp 65410 [CE1-bgp] peer 10.1.1.2 as-number 100 [CE1-bgp] import-route direct

# Configure PE1.
[PE1] bgp 100 [PE1-bgp] ipv4-family vpn-instance vpna [PE1-bgp-vpna] peer 10.1.1.1 as-number 65410 [PE1-bgp-vpna] import-route direct [PE1-bgp-vpna] quit [PE1-bgp] quit
NOTE

The configuration of CE2 is similar to that of CE1, and the configuration of PE2 is similar to that of PE1. Their configuration procedures are not mentioned here.

After the configuration, run the display bgp vpnv4 vpn-instance peer command on the PE. You can find that the BGP peer has been established between the PE and the CE, the peer state is "Established".
[PE1] display bgp vpnv4 vpn-instance vpna peer BGP local router ID : 1.1.1.9 Local AS number : 100 Total number of peers : 1 Peers in established state : 1 Peer V AS MsgRcvd MsgSent OutQ Up/Down State PrefRcv 10.1.1.1 4 65410 5 5 0 00:02:03 Established 1

6.

Establish MP-IBGP peers between the PEs. # Configure PE1.


[PE1] bgp [PE1-bgp] [PE1-bgp] [PE1-bgp] 100 peer 2.2.2.9 as-number 100 peer 2.2.2.9 connect-interface loopback1 ipv4-family vpnv4

Issue 03 (2008-09-22)

Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd.

3-109

3 BGP/MPLS IP VPN Configuration


[PE1-bgp-af-vpnv4] peer 2.2.2.9 enable [PE1-bgp-af-vpnv4] quit
NOTE

Quidway NetEngine80E/40E Core Router Configuration Guide - VPN

The configuration of the PE2 is similar to that of the PE1. Their configuration procedures are not mentioned here.

After the configuration, using the display bgp peer or display bgp vpnv4 all peer command on the PE, you can find that the BGP peer has been established between the PEs, and the status of the peer is "Established".
[PE1] display bgp vpnv4 all peer BGP local router ID : 1.1.1.9 Local AS number : 100 Total number of peers : 2 Peer V AS MsgRcvd 2.2.2.9 4 100 4 Peer of vpn instance: vpn instance vpna : 10.1.1.1 4 65410 12

Peers in established state : 2 MsgSent OutQ Up/Down State PrefRcv 7 0 00:01:22 Established 1 11 0 00:08:13 Established 1

7.

Configure a GRE tunnel.


NOTE

The source and destination of a GRE tunnel are the interfaces used to establish the MP-IBGP peer relationship between the PEs.

# Configure PE1.
[PE1] interface loopback1 [PE1-loopback1] target-board 5 [PE1-loopback1] binding tunnel gre [PE1-loopback1] quit [PE1] interface tunnel 5/0/0 [PE1-Tunnel5/0/0] tunnel-protocol gre [PE1-Tunnel5/0/0] source loopback 1 [PE1-Tunnel5/0/0] destination 2.2.2.9 [PE1-Tunnel5/0/0] ip address 20.1.1.1 24 [PE1-Tunnel5/0/0] quit

# Configure PE2.
[PE2] interface loopback1 [PE2-loopback1] target-board 5 [PE2-loopback1] binding tunnel gre [PE2-loopback1] quit [PE2] interface tunnel 5/0/0 [PE2-Tunnel5/0/0] tunnel-protocol gre [PE2-Tunnel5/0/0] source loopback 1 [PE2-Tunnel5/0/0] destination 1.1.1.9 [PE2-Tunnel5/0/0] ip address 20.1.1.2 24 [PE2-Tunnel5/0/0] quit

8.

Verify the configuration. After the configuration, the CEs should have learnt each other's interface route.
[CE1] display ip routing-table Route Flags: R - relied, D - download to fib -----------------------------------------------------------------------------Routing Tables: Public Destinations : 5 Routes : 5 Destination/Mask Proto Pre Cost Flags NextHop Interface 10.1.1.0/24 Direct 0 0 D 10.1.1.1 GigabitEthernet1/0/0 10.1.1.1/32 Direct 0 0 D 127.0.0.1 InLoopBack0 10.2.1.0/24 BGP 255 0 D 10.1.1.2 GigabitEthernet1/0/0 127.0.0.0/8 Direct 0 0 D 127.0.0.1 InLoopBack0 127.0.0.1/32 Direct 0 0 D 127.0.0.1 InLoopBack0

In the VPN routing table on the PE, there should be a BGP route to the destination CE network.
3-110 Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd. Issue 03 (2008-09-22)

Quidway NetEngine80E/40E Core Router Configuration Guide - VPN

3 BGP/MPLS IP VPN Configuration

Consider PE1 as an example:


[PE1] display ip routing-table vpn-instance vpna Route Flags: R - relied, D - download to fib -----------------------------------------------------------------------------Routing Tables: vpna Destinations : 3 Routes : 3 Destination/Mask Proto Pre Cost Flags NextHop Interface 10.1.1.0/24 Direct 0 0 D 10.1.1.2 GigabitEthernet1/0/0 10.1.1.2/32 Direct 0 0 D 127.0.0.1 InLoopBack0 10.2.1.0/24 BGP 255 0 RD 2.2.2.9 Tunnel5/0/0

CEs can ping each other successfully.


[CE1] ping 10.2.1.1 PING 10.2.1.1: 56 data bytes, press CTRL_C to break Reply from 10.2.1.1: bytes=56 Sequence=1 ttl=253 time=41 Reply from 10.2.1.1: bytes=56 Sequence=2 ttl=253 time=69 Reply from 10.2.1.1: bytes=56 Sequence=3 ttl=253 time=68 Reply from 10.2.1.1: bytes=56 Sequence=4 ttl=253 time=68 Reply from 10.2.1.1: bytes=56 Sequence=5 ttl=253 time=67 --- 10.2.1.1 ping statistics --5 packet(s) transmitted 5 packet(s) received 0.00% packet loss round-trip min/avg/max = 41/62/69 ms ms ms ms ms ms

Shutdown any one interface of the GRE tunnel to find that CEs cannot ping through each other. Consider PE1and CE1 as examples: # Shutdown the GRE tunnel interface on PE1.
[PE1] interface tunnel 5/0/0 [PE1-Tunnel5/0/0] shutdown

# CE1 ping CE2.


[CE1] ping 10.2.1.1 PING 10.2.1.1: 56 data bytes, press CTRL_C to break Request time out Request time out Request time out Request time out Request time out --- 10.2.1.1 ping statistics --5 packet(s) transmitted 0 packet(s) received 100.00% packet loss

The result is that CE1 cannot ping through CE2. This clarifies that VPN traffic is encapsulated by the GRE tunnel and then forwarded through it.

Configuration Files
l

Configuration file of CE1


# sysname CE1 # interface GigabitEthernet1/0/0 undo shutdown ip address 10.1.1.1 255.255.255.0 # bgp 65410 peer 10.1.1.2 as-number 100 import-route direct # ipv4-family unicast undo synchronization import-route direct peer 10.1.1.2 enable

Issue 03 (2008-09-22)

Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd.

3-111

3 BGP/MPLS IP VPN Configuration


# return l

Quidway NetEngine80E/40E Core Router Configuration Guide - VPN

Configuration file of PE1


# sysname PE1 # ip vpn-instance vpna route-distinguisher 100:1 tnl-policy gre1 vpn-target 100:1 export-extcommunity vpn-target 100:1 import-extcommunity # mpls lsr-id 1.1.1.9 mpls # interface GigabitEthernet1/0/0 undo shutdown ip binding vpn-instance vpna ip address 10.1.1.2 255.255.255.0 # interface Pos2/0/0 undo shutdown link-protocol ppp ip address 172.1.1.1 255.255.255.0 # interface LoopBack1 ip address 1.1.1.9 255.255.255.255 target-board 5 binding tunnel gre # interface Tunnel5/0/0 ip address 20.1.1.1 255.255.255.0 source LoopBack1 destination 2.2.2.9 # tunnel-policy gre1 tunnel select-seq gre load-balance-number 1 # bgp 100 peer 2.2.2.9 as-number 100 peer 2.2.2.9 connect-interface LoopBack1 # ipv4-family unicast undo synchronization peer 2.2.2.9 enable # ipv4-family vpnv4 policy vpn-target peer 2.2.2.9 enable # ipv4-family vpn-instance vpna peer 10.1.1.1 as-number 65410 import-route direct # ospf 1 area 0.0.0.0 network 1.1.1.9 0.0.0.0 network 172.1.1.0 0.0.0.255 # return

Configuration file of P
# sysname P # interface Pos1/0/0 undo shutdown link-protocol ppp ip address 172.1.1.2 255.255.255.0

3-112

Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd.

Issue 03 (2008-09-22)

Quidway NetEngine80E/40E Core Router Configuration Guide - VPN


# interface Pos2/0/0 undo shutdown link-protocol ppp ip address 172.2.1.1 255.255.255.0 # ospf 1 area 0.0.0.0 network 172.1.1.0 0.0.0.255 network 172.2.1.0 0.0.0.255 # return l

3 BGP/MPLS IP VPN Configuration

Configuration file of PE2


# sysname PE2 # ip vpn-instance vpna route-distinguisher 100:2 tnl-policy gre1 vpn-target 100:1 export-extcommunity vpn-target 100:1 import-extcommunity # mpls lsr-id 2.2.2.9 mpls # interface GigabitEthernet1/0/0 undo shutdown ip binding vpn-instance vpna ip address 10.2.1.2 255.255.255.0 # interface Pos2/0/0 undo shutdown link-protocol ppp ip address 172.2.1.2 255.255.255.0 # interface LoopBack1 ip address 2.2.2.9 255.255.255.255 target-board 5 binding tunnel gre # interface Tunnel5/0/0 ip address 20.1.1.2 255.255.255.0 source LoopBack1 destination 1.1.1.9 # tunnel-policy gre1 tunnel select-seq gre load-balance-number 1 # bgp 100 peer 1.1.1.9 as-number 100 peer 1.1.1.9 connect-interface LoopBack1 # ipv4-family unicast undo synchronization peer 1.1.1.9 enable # ipv4-family vpnv4 policy vpn-target peer 1.1.1.9 enable # ipv4-family vpn-instance vpna peer 10.2.1.1 as-number 65420 import-route direct # ospf 1 area 0.0.0.0 network 2.2.2.9 0.0.0.0 network 172.2.1.0 0.0.0.255 #

Issue 03 (2008-09-22)

Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd.

3-113

3 BGP/MPLS IP VPN Configuration


return l

Quidway NetEngine80E/40E Core Router Configuration Guide - VPN

Configuration file of CE2


# sysname CE2 # interface GigabitEthernet1/0/0 undo shutdown ip address 10.2.1.1 255.255.255.0 # bgp 65420 peer 10.2.1.2 as-number 100 # ipv4-family unicast undo synchronization import-route direct peer 10.2.1.2 enable # return

3.21.3 Example for Configuring the BGP AS Number Substitution


Networking Requirements
As shown in Figure 3-6,CE1 and CE2 belong to the same VPN, and access PE1 and PE2 respectively. CE1 and CE2 use the same AS number 600. Figure 3-6 Networking diagram of BGP AS number substitution

Loopback1 1.1.1.9/32

Loopback1 2.2.2.9/32 POS1/0/0 20.1.1.2/24 POS2/0/0 20.1.1.1/24 POS2/0/0 30.1.1.2/24 POS2/0/0 30.1.1.1/24 P

Loopback1 3.3.3.9/32

PE1
POS1/0/0 10.1.1.2/24 POS1/0/0 10.1.1.1/24

PE2
POS1/0/0 10.2.1.2/24 POS1/0/0 10.2.1.1/24 GE2/0/0 200.1.1.1/24

Backbone AS 100

CE1
GE2/0/0 100.1.1.1/24

CE2

VPN1 AS 600

VPN1 AS 600

Configuration Roadmap
The configuration roadmap is as follows: 1. Configure IGP on the backbone network to realize the interconnection between PEs and between the PE and the P.
Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd. Issue 03 (2008-09-22)

3-114

Quidway NetEngine80E/40E Core Router Configuration Guide - VPN

3 BGP/MPLS IP VPN Configuration

2. 3. 4.

Set up the MPLS LDP LSP between PEs. Create the VPN instance on the PE. Configure the CE to access the PE. Set up the EBGP relationship between the PE and the CE. Import the route of the CE to the PE. Configure the BGP AS number substitution on the PE.

Data Preparation
To configure the BGP AS number substitution, you need the following data:
l l l

MPLS LSR-ID of the PE and the P The VPN instance created on the PE1 and PE2 The same AS number used by the CE1 and the CE2 (It is different from the AS number of the backbone network.)

Configuration Procedure
1. Configure basic BGP/MPLS IP VPN. The configuration of basic BGP/MPLS IP VPN includes:
l

Configure OSPF on the MPLS backbone network. PE and P can learn routes of the Loopback interface from each other. Configure MPLS basic capability and MPLS LDP on the MPLS backbone network to establish LDP LSP. Establish the MP-IBGP neighbor between PEs and advertise VPN-IPv4 routes. Configure the VPN instances of VPN1 on PE2 and associate it with CE2. Configure the VPN instances of VPN1 on PE1 and associate it with CE1. Configure BGP between PE1 and CE1, and between PE2 and CE2 to import CE routes into PE.

l l l l

After the configuration given above, run the display ip routing-table command on CE. It shows that CE2 can learn the route of the network segment (10.1.1.0/24) of the interface on CE1 that is connected with PE1. There is no route to the VPN site (100.1.1.0/24) of the CE1. The same situation occurs on CE1.
[CE2] display ip routing-table Route Flags: R - relied, D - download to fib -----------------------------------------------------------------------------Routing Tables: Public Destinations : 8 Routes : 8 Destination/Mask Proto Pre Cost Flags NextHop Interface 10.1.1.0/24 BGP 255 0 D 10.2.1.2 Pos1/0/0 10.1.1.1/32 BGP 255 0 D 10.2.1.2 Pos1/0/0 10.2.1.0/24 Direct 0 0 D 10.2.1.1 Pos1/0/0 10.2.1.1/32 Direct 0 0 D 127.0.0.1 InLoopBack0 10.2.1.2/32 Direct 0 0 D 10.2.1.2 Pos1/0/0 127.0.0.0/8 Direct 0 0 D 127.0.0.1 InLoopBack0 127.0.0.1/32 Direct 0 0 D 127.0.0.1 InLoopBack0 200.1.1.0/24 Direct 0 0 D 200.1.1.1 GigabitEthernet2/0/0 200.1.1.1/32 Direct 0 0 D 127.0.0.1 InLoopBack0

Run the display ip routing-table vpn-instance command on PE. It shows that there are routes to the VPN site of the remote CE in the VPN instances of the PE. Consider PE2 as an example:
[PE2] display ip routing-table vpn-instance vpn1 Route Flags: R - relied, D - download to fib

Issue 03 (2008-09-22)

Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd.

3-115

3 BGP/MPLS IP VPN Configuration

Quidway NetEngine80E/40E Core Router Configuration Guide - VPN

-----------------------------------------------------------------------------Routing Tables: vpn1 Destinations : 7 Routes : 7 Destination/Mask Proto Pre Cost Flags NextHop Interface 10.1.1.0/24 BGP 255 0 RD 1.1.1.9 Pos2/0/0 10.1.1.1/32 BGP 255 0 RD 1.1.1.9 Pos2/0/0 10.2.1.0/24 Direct 0 0 D 10.2.1.2 Pos1/0/0 10.2.1.1/32 Direct 0 0 D 10.2.1.1 Pos1/0/0 10.2.1.2/32 Direct 0 0 D 127.0.0.1 InLoopBack0 100.1.1.0/24 BGP 255 0 RD 1.1.1.9 Pos2/0/0 200.1.1.0/24 BGP 255 0 D 10.2.1.1 Pos1/0/0

Enable the BGP update packets debugging on PE2. It shows that PE2 advertises the route to 100.1.1.0/24 and the AS path information is "100 600".
<PE2> terminal monitor <PE2> terminal debugging <PE2> debugging bgp update vpn-instance vpn1 peer 10.2.1.1 verbose <PE2> refresh bgp vpn-instance vpn1 all export *0.4402392 PE2 RM/7/RMDEBUG: BGP.vpn1: Send UPDATE to 10.2.1.1 for following destinations : Origin : Incomplete AS Path : 100 600 Next Hop : 10.2.1.2 100.1.1.0/24,

Run the display bgp routing-table peer received-routes command on CE2. It shows that CE2 does not receive the route to 100.1.1.0/24.
[CE2] display bgp routing-table peer 10.2.1.2 received-routes Total Number of Routes: 4 BGP Local router ID is 10.2.1.1 Status codes: * - valid, > - best, d - damped, h - history, i - internal, s - suppressed, S - Stale Origin : i - IGP, e - EGP, ? - incomplete Network NextHop MED LocPrf PrefVal Path/Ogn *> 10.1.1.0/24 10.2.1.2 0 100? *> 10.1.1.1/32 10.2.1.2 0 100? * 10.2.1.0/24 10.2.1.2 0 0 100? * 10.2.1.1/32 10.2.1.2 0 0 100?

2.

Substitute the BGP AS number. # Substitute the BGP AS number on the PEs. Consider PE2 as an example.
[PE2] bgp 100 [PE2-bgp] ipv4-family vpn-instance vpn1 [PE2-bgp-vpn1] peer 10.2.1.1 substitute-as

In the route advertised by PE2 to CE2, it shows that the AP path information of 100.1.1.0/24 changes from "100 600" to "100 100".
*0.13498737 PE2 RM/7/RMDEBUG: BGP.vpn1: Send UPDATE to 10.2.1.1 for following destinations : Origin : Incomplete AS Path : 100 100 Next Hop : 10.2.1.2 100.1.1.0/24,

Display the routing information and routing table received by CE2.


[CE2] display bgp routing-table peer 10.2.1.2 received-routes Total Number of Routes: 5 BGP Local router ID is 10.2.1.1 Status codes: * - valid, > - best, d - damped, h - history, i - internal, s - suppressed, S - Stale Origin : i - IGP, e - EGP, ? - incomplete Network NextHop MED LocPrf PrefVal Path/Ogn *> 10.1.1.0/24 10.2.1.2 0 100? *> 10.1.1.1/32 10.2.1.2 0 100? * 10.2.1.0/24 10.2.1.2 0 0 100? * 10.2.1.1/32 10.2.1.2 0 0 100?

3-116

Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd.

Issue 03 (2008-09-22)

Quidway NetEngine80E/40E Core Router Configuration Guide - VPN

3 BGP/MPLS IP VPN Configuration

*> 100.1.1.0/24 10.2.1.2 0 100 100? [CE2] display ip routing-table Route Flags: R - relied, D - download to fib -----------------------------------------------------------------------------Routing Tables: Public Destinations : 10 Routes : 10 Destination/Mask Proto Pre Cost Flags NextHop Interface 10.1.1.0/24 BGP 255 0 D 10.2.1.2 Pos1/0/0 10.1.1.1/32 BGP 255 0 D 10.2.1.2 Pos1/0/0 10.2.1.0/24 Direct 0 0 D 10.2.1.1 Pos1/0/0 10.2.1.1/32 Direct 0 0 D 127.0.0.1 InLoopBack0 10.2.1.2/32 Direct 0 0 D 10.2.1.2 Pos1/0/0 100.1.1.1/24 BGP 255 0 D 10.2.1.2 Pos1/0/0 127.0.0.0/8 Direct 0 0 D 127.0.0.1 InLoopBack0 127.0.0.1/32 Direct 0 0 D 127.0.0.1 InLoopBack0 200.1.1.0/24 Direct 0 0 D 127.0.0.1 GigabitEthernet2/0/0 200.1.1.1/32 Direct 0 0 D 127.0.0.1 InLoopBack0

Configure the BGP AS number substitution function on the PE1. The GigabitEthernet interfaces of CE1 and CE2 can then ping through each other.
[CE1] ping a 100.1.1.1 200.1.1.1 PING 200.1.1.1: 56 data bytes, press CTRL_C to break Reply from 200.1.1.1: bytes=56 Sequence=1 ttl=253 time=109 ms Reply from 200.1.1.1: bytes=56 Sequence=2 ttl=253 time=67 ms Reply from 200.1.1.1: bytes=56 Sequence=3 ttl=253 time=66 ms Reply from 200.1.1.1: bytes=56 Sequence=4 ttl=253 time=85 ms Reply from 200.1.1.1: bytes=56 Sequence=5 ttl=253 time=70 ms --- 200.1.1.1 ping statistics --5 packet(s) transmitted 5 packet(s) received 0.00% packet loss round-trip min/avg/max = 66/79/109 ms

Configuration Files
l

Configuration file of CE1


# sysname CE1 # interface GigabitEthernet2/0/0 ip address 100.1.1.1 255.255.255.0 # interface Pos1/0/0 link-protocol ppp ip address 10.1.1.1 255.255.255.0 # bgp 600 peer 10.1.1.2 as-number 100 # ipv4-family unicast undo synchronization import-route direct peer 10.1.1.2 enable # return

Configuration file of PE1


# sysname PE1 # ip vpn-instance vpn1 route-distinguisher 100:1 vpn-target 1:1 export-extcommunity vpn-target 1:1 import-extcommunity # mpls lsr-id 1.1.1.9 mpls

Issue 03 (2008-09-22)

Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd.

3-117

3 BGP/MPLS IP VPN Configuration


lsp-trigger all # mpls ldp # interface Pos1/0/0 link-protocol ppp ip binding vpn-instance vpn1 ip address 10.1.1.2 255.255.255.0 # interface Pos2/0/0 link-protocol ppp ip address 20.1.1.1 255.255.255.0 mpls mpls ldp # interface LoopBack1 ip address 1.1.1.9 255.255.255.255 # bgp 100 peer 3.3.3.9 as-number 100 peer 3.3.3.9 connect-interface LoopBack1 # ipv4-family unicast undo synchronization peer 3.3.3.9 enable # ipv4-family vpnv4 policy vpn-target peer 3.3.3.9 enable # ipv4-family vpn-instance vpn1 peer 10.1.1.1 as-number 600 peer 10.1.1.1 substitute-as import-route direct # ospf 1 area 0.0.0.0 network 1.1.1.9 0.0.0.0 network 20.1.1.0 0.0.0.255 # return l

Quidway NetEngine80E/40E Core Router Configuration Guide - VPN

Configuration file of P
# sysname P # mpls lsr-id 2.2.2.9 mpls lsp-trigger all # mpls ldp # interface Pos1/0/0 link-protocol ppp ip address 20.1.1.2 255.255.255.0 mpls mpls ldp # interface Pos2/0/0 link-protocol ppp ip address 30.1.1.1 255.255.255.0 mpls mpls ldp # interface LoopBack1 ip address 2.2.2.9 255.255.255.255 # ospf 1 area 0.0.0.0 network 2.2.2.9 0.0.0.0

3-118

Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd.

Issue 03 (2008-09-22)

Quidway NetEngine80E/40E Core Router Configuration Guide - VPN


network 20.1.1.0 0.0.0.255 network 30.1.1.0 0.0.0.255 # return l

3 BGP/MPLS IP VPN Configuration

Configuration file of PE2


# sysname PE2 # ip vpn-instance vpn1 route-distinguisher 100:1 vpn-target 1:1 export-extcommunity vpn-target 1:1 import-extcommunity # mpls lsr-id 3.3.3.9 mpls lsp-trigger all # mpls ldp # interface Pos1/0/0 link-protocol ppp ip binding vpn-instance vpn1 ip address 10.2.1.2 255.255.255.0 # interface Pos2/0/0 link-protocol ppp ip address 30.1.1.2 255.255.255.0 mpls mpls ldp # interface LoopBack1 ip address 3.3.3.9 255.255.255.255 # bgp 100 peer 1.1.1.9 as-number 100 peer 1.1.1.9 connect-interface LoopBack1 # ipv4-family unicast undo synchronization peer 1.1.1.9 enable # ipv4-family vpnv4 policy vpn-target peer 1.1.1.9 enable # ipv4-family vpn-instance vpn1 peer 10.2.1.1 as-number 600 peer 10.2.1.1 substitute-as import-route direct # ospf 1 area 0.0.0.0 network 3.3.3.9 0.0.0.0 network 30.1.1.0 0.0.0.255 # return

Configuration file of CE2


# sysname CE2 # interface GigabitEthernet2/0/0 ip address 200.1.1.1 255.255.255.0 # interface Pos1/0/0 link-protocol ppp ip address 10.2.1.1 255.255.255.0 # bgp 600

Issue 03 (2008-09-22)

Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd.

3-119

3 BGP/MPLS IP VPN Configuration


peer 10.2.1.2 as-number 100 # ipv4-family unicast undo synchronization import-route direct peer 10.2.1.2 enable # return

Quidway NetEngine80E/40E Core Router Configuration Guide - VPN

3.21.4 Example for Configuring Hub&Spoke


Networking Requirements
The communication between the Spoke-CEs is controlled by the Hub-CE in the central site, as shown in Figure 3-7. Figure 3-7 Hub and Spoke networking diagram
AS: 65430 Hub-CE
GE1/0/0 110.1.1.1/24 GE3/0/0 110.1.1.2/24

GE2/0/0 110.2.1.1/24 GE4/0/0 110.2.1.2/24

Hub-PE
POS1/0/0 10.1.1.2/24 Loopback1 1.1.1.9/32 POS2/0/0 10.1.1.1/24 GE1/0/0 100.1.1.2/24 POS2/0/0 11.1.1.2/24 Loopback1 2.2.2.9/32 Loopback1 3.3.3.9/32 POS2/0/0 11.1.1.1/24

Spoke-PE1 Backbone AS100

Spoke-PE2 GE1/0/0
120.1.1.2/24

GE1/0/0 100.1.1.1/24

GE1/0/0 120.1.1.1/24

Spoke-CE1 AS: 65410

SpokeCE2 AS: 65420

Configuration Roadmap
The configuration roadmap is as follows: 1. Set up the IBGP peer relationship between the Hub-PE and Spoke-PE. (There is no need to set up the IBGP peer relationship between the Spoke-PEs.)

3-120

Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd.

Issue 03 (2008-09-22)

Quidway NetEngine80E/40E Core Router Configuration Guide - VPN

3 BGP/MPLS IP VPN Configuration

2.

Create two VPN instances on the Hub-PE. Set the VPN-target community attribute as advertised by two Spoke-PEs. Set the advertised VPN-target community attribute to be different from the received one. Create a VPN instance on the Spoke-PE. Set the imported VPN-target community attribute to be the one that advertised by the Hub-PE. Set the VPN-target community attribute for the advertised route. Configure BGP between the CE and the PE. Configure Hub-PE to receive the route with the AS repeated for one time.

3.

4. 5.

Data Preparation
To configure the hub and spoke, you need the following data:
l l

MPLS LSR ID on the PE The VPN instance name of the Hub-PE and Spoke-PE, RD and the VPN-target

Configuration Procedure
1. Configure IGP to implement the inter-networking between the Hub-PE and the Spoke-PE in the backbone network. The OSPF is used in this instance, and the specific configuration procedures are not mentioned. After the configuration, the OSPF neighbor relationship is established between the PEs. After running the display ospf peer command, you can see that the status of the neighbor is Full. After running the display ip routing-table command on the PE, you can see the imported loopback routes of the peer. 2. Configure the basic MPLS capabilities and MPLS LDP on the backbone networks and establish LDP LSP. The specific configuration procedures are not mentioned here. After the configuration, LDP neighbor relationship is established between the Hub-PE and the Spoke-PE. After running the display mpls ldp session command on each device, you can see that the status of the session is "Operational". 3. Configure VPN instances on each PE and connect the CE to the PE.
NOTE

The export VPN target on the Hub-PE must be consistent with the import VPN target on the SpokePE. The import VPN target on the Hub-PE must be consistent with the export VPN target on the SpokePE.

# Configure Spoke-PE 1.
<Spoke-PE1> system-view [Spoke-PE1] ip vpn-instance vpna [Spoke-PE1-vpn-instance-vpna] route-distinguisher 100:1 [Spoke-PE1-vpn-instance-vpna] vpn-target 100:1 export-extcommunity [Spoke-PE1-vpn-instance-vpna] vpn-target 200:1 import-extcommunity [Spoke-PE1-vpn-instance-vpna] quit [Spoke-PE1] interface gigabitethernet 1/0/0 [Spoke-PE1-GigabitEthernet1/0/0] ip binding vpn-instance vpna [Spoke-PE1-GigabitEthernet1/0/0] ip address 100.1.1.2 24

Issue 03 (2008-09-22)

Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd.

3-121

3 BGP/MPLS IP VPN Configuration


[Spoke-PE1-GigabitEthernet1/0/0] quit

Quidway NetEngine80E/40E Core Router Configuration Guide - VPN

# Configure Spoke-PE 2.
<Spoke-PE2> system-view [Spoke-PE2] ip vpn-instance vpna [Spoke-PE2-vpn-instance-vpna] route-distinguisher 100:3 [Spoke-PE2-vpn-instance-vpna] vpn-target 100:1 export-extcommunity [Spoke-PE2-vpn-instance-vpna] vpn-target 200:1 import-extcommunity [Spoke-PE2-vpn-instance-vpna] quit [Spoke-PE2] interface gigabitethernet 1/0/0 [Spoke-PE2-GigabitEthernet1/0/0] ip binding vpn-instance vpna [Spoke-PE2-GigabitEthernet1/0/0] ip address 120.1.1.2 24 [Spoke-PE2-GigabitEthernet1/0/0] quit

# Configure Hub-PE.
<Hub-PE> system-view [Hub-PE] ip vpn-instance vpn_in [Hub-PE-vpn-instance-vpn_in] route-distinguisher 100:21 [Hub-PE-vpn-instance-vpn_in] vpn-target 100:1 import-extcommunity [Hub-PE-vpn-instance-vpn_in] quit [Hub-PE] ip vpn-instance vpn_out [Hub-PE-vpn-instance-vpn_out] route-distinguisher 100:22 [Hub-PE-vpn-instance-vpn_out] vpn-target 200:1 export-extcommunity [Hub-PE-vpn-instance-vpn_out] quit [Hub-PE] interface gigabitethernet 3/0/0 [Hub-PE-GigabitEthernet3/0/0] ip binding vpn-instance vpn_in [Hub-PE-GigabitEthernet3/0/0] ip address 110.1.1.2 24 [Hub-PE-GigabitEthernet3/0/0] quit [Hub-PE] interface gigabitethernet 4/0/0 [Hub-PE-GigabitEthernet4/0/0] ip binding vpn-instance vpn_out [Hub-PE-GigabitEthernet4/0/0] ip address 110.2.1.2 24 [Hub-PE-GigabitEthernet4/0/0] quit

# Configure IP addresses of the CE interfaces as shown in Figure 3-7. The configuration procedures are not mentioned here. After the configuration, run the display ip vpn-instance verbose command on the PE devices, and you can see the configurations of VPN instances. Each PE can ping through its attached CEs using the ping -vpn-instance vpn-name ip-address command. 4. Establish EBGP peers between the PE and the CE and import the VPN routes.
NOTE

l l

To accept the routes advertised by Spoke-PE, configure the Spoke-CE to allow AS number to be repeated once. To accept the routes advertised by Hub-PE, configure the Hub-CE to allow AS number to be repeated once.
65410 peer 100.1.1.2 as-number 100 peer 100.1.1.2 allow-as-loop 1 import-route direct quit

# Configure Spoke-CE 1.
[Spoke-CE1] bgp [Spoke-CE1-bgp] [Spoke-CE1-bgp] [Spoke-CE1-bgp] [Spoke-CE1-bgp]

# Configure Spoke-PE 1.
[Spoke-PE1] bgp 100 [Spoke-PE1-bgp] ipv4-family vpn-instance vpna [Spoke-PE1-bgp-vpna] peer 100.1.1.1 as-number 65410 [Spoke-PE1-bgp-vpna] import-route direct [Spoke-PE1-bgp-vpna] quit [Spoke-PE1-bgp] quit

# Configure Spoke-CE 2.
[Spoke-CE2] bgp 65420 [Spoke-CE2-bgp] peer 120.1.1.2 as-number 100 [Spoke-CE2-bgp] peer 120.1.1.2 allow-as-loop 1

3-122

Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd.

Issue 03 (2008-09-22)

Quidway NetEngine80E/40E Core Router Configuration Guide - VPN


[Spoke-CE2-bgp] import-route direct [Spoke-CE2-bgp] quit

3 BGP/MPLS IP VPN Configuration

# Configure Spoke-PE 2.
[Spoke-PE2] bgp 100 [Spoke-PE2-bgp] ipv4-family vpn-instance vpna [Spoke-PE2-bgp-vpna] peer 120.1.1.1 as-number 65420 [Spoke-PE2-bgp-vpna] import-route direct [Spoke-PE2-bgp-vpna] quit [Spoke-PE2-bgp] quit

# Configure Hub-CE.
[Hub-CE] bgp [Hub-CE-bgp] [Hub-CE-bgp] [Hub-CE-bgp] [Hub-CE-bgp] 65430 peer 110.1.1.2 as-number 100 peer 110.2.1.2 as-number 100 import-route direct quit

# Configure Hub-PE.
[Hub-PE] bgp 100 [Hub-PE-bgp] ipv4-family vpn-instance vpn_in [Hub-PE-bgp-vpn_in] peer 110.1.1.1 as-number 65430 [Hub-PE-bgp-vpn_in] import-route direct [Hub-PE-bgp-vpn_in] quit [Hub-PE-bgp] ipv4-family vpn-instance vpn_out [Hub-PE-bgp-vpn_out] peer 110.2.1.1 as-number 65430 [Hub-PE-bgp-vpn_out] peer 110.2.1.1 allow-as-loop 1 [Hub-PE-bgp-vpn_out] import-route direct [Hub-PE-bgp-vpn_out] quit [Hub-PE-bgp] quit

After the configuration, run the display bgp vpnv4 all peer command on each PE devices and you can see that the BGP peer relationship is established between the PE and the CE. 5. Establish MP-IBGP peers between the PEs
NOTE

To accept the routes advertised by Hub-PE, configure the Spoke-CE to allow the AS number to be repeated once.

# Configure Spoke-PE 1.
[Spoke-PE1] bgp 100 [Spoke-PE1-bgp] peer 2.2.2.9 as-number 100 [Spoke-PE1-bgp] peer 2.2.2.9 connect-interface loopback 1 [Spoke-PE1-bgp] ipv4-family vpnv4 [Spoke-PE1-bgp-af-vpnv4] peer 2.2.2.9 enable [Spoke-PE1-bgp-af-vpnv4] quit

# Configure Spoke-PE 2.
[Spoke-PE2] bgp 100 [Spoke-PE2-bgp] peer 2.2.2.9 as-number 100 [Spoke-PE2-bgp] peer 2.2.2.9 connect-interface loopback 1 [Spoke-PE2-bgp] ipv4-family vpnv4 [Spoke-PE2-bgp-af-vpnv4] peer 2.2.2.9 enable [Spoke-PE2-bgp-af-vpnv4] quit

# Configure Hub-PE.
[Hub-PE] bgp 100 [Hub-PE-bgp] peer 1.1.1.9 as-number 100 [Hub-PE-bgp] peer 1.1.1.9 connect-interface loopback 1 [Hub-PE-bgp] peer 3.3.3.9 as-number 100 [Hub-PE-bgp] peer 3.3.3.9 connect-interface loopback 1 [Hub-PE-bgp] ipv4-family vpnv4 [Hub-PE-bgp-af-vpnv4] peer 1.1.1.9 enable [Hub-PE-bgp-af-vpnv4] peer 3.3.3.9 enable [Hub-PE-bgp-af-vpnv4] quit

Issue 03 (2008-09-22)

Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd.

3-123

3 BGP/MPLS IP VPN Configuration

Quidway NetEngine80E/40E Core Router Configuration Guide - VPN

After the configuration, run the display bgp peer or display bgp vpnv4 all peer command on each PE device. You can see the BGP peer relationship is set up between the PEs. 6. Verify the configuration. After the configuration, the Spoke-CEs can ping through each other. Run the tracert command, and you can see that the traffic between Spoke-CEs is forwarded through HubCE. You can also deduce the number of forwarding devices between Spoke-CEs based on the TTL in the Ping result. Consider Spoke-CE 1 as an example:
[Spoke-CE1] ping 120.1.1.1 PING 120.1.1.1: 56 data bytes, press CTRL_C to break Reply from 120.1.1.1: bytes=56 Sequence=1 ttl=250 time=80 ms Reply from 120.1.1.1: bytes=56 Sequence=2 ttl=250 time=129 ms Reply from 120.1.1.1: bytes=56 Sequence=3 ttl=250 time=132 ms Reply from 120.1.1.1: bytes=56 Sequence=4 ttl=250 time=92 ms Reply from 120.1.1.1: bytes=56 Sequence=5 ttl=250 time=126 ms --- 120.1.1.1 ping statistics --5 packet(s) transmitted 5 packet(s) received 0.00% packet loss round-trip min/avg/max = 80/111/132 ms [Spoke-CE1] tracert 120.1.1.1 traceroute to 120.1.1.1(120.1.1.1) 30 hops max,40 bytes packet 1 100.1.1.2 24 ms 19 ms 11 ms 2 110.2.1.2 87 ms 60 ms 58 ms 3 110.2.1.1 59 ms 27 ms 53 ms 4 110.1.1.2 41 ms 34 ms 56 ms 5 120.1.1.2 90 ms 66 ms 75 ms 6 120.1.1.1 143 ms 96 ms 90 ms

Run the display bgp routing-table command on Spoke-CE, and you can see that there are repetitive AS numbers in AS paths of the BGP routes toward the remote Spoke-CE. Consider Spoke-CE 1 as an example:
[Spoke-CE1] display bgp routing-table Total Number of Routes: 6 BGP Local router ID is 100.1.1.1 Status codes: * - valid, > - best, d - damped, h - history, i - internal, s - suppressed, S - Stale Origin : i - IGP, e - EGP, ? - incomplete Network NextHop MED LocPrf PrefVal Path/Ogn *> 100.1.1.0/24 0.0.0.0 0 0 ? * 100.1.1.2 0 0 100? *> 100.1.1.1/32 0.0.0.0 0 0 ? *> 110.1.1.0/24 100.1.1.2 0 100 65430? *> 110.2.1.0/24 100.1.1.2 0 100? *> 120.1.1.0/24 100.1.1.2 0 100 65430 100?

Configuration Files
l

Configuration file of Spoke-CE 1


# sysname Spoke-CE1 # interface GigabitEthernet1/0/0 ip address 100.1.1.1 255.255.255.0 # bgp 65410 peer 100.1.1.2 as-number 100 # ipv4-family unicast undo synchronization import-route direct peer 100.1.1.2 enable #

3-124

Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd.

Issue 03 (2008-09-22)

Quidway NetEngine80E/40E Core Router Configuration Guide - VPN


return l

3 BGP/MPLS IP VPN Configuration

Configuration file of Spoke-PE 1


# sysname Spoke-PE1 # ip vpn-instance vpna route-distinguisher 100:1 vpn-target 100:1 export-extcommunity vpn-target 200:1 import-extcommunity # mpls lsr-id 1.1.1.9 mpls lsp-trigger all # mpls ldp # interface GigabitEthernet1/0/0 ip binding vpn-instance vpna ip address 100.1.1.2 255.255.255.0 # interface Pos2/0/0 link-protocol ppp ip address 10.1.1.1 255.255.255.0 mpls mpls ldp # interface LoopBack1 ip address 1.1.1.9 255.255.255.255 # bgp 100 peer 2.2.2.9 as-number 100 peer 2.2.2.9 connect-interface LoopBack1 # ipv4-family unicast undo synchronization peer 2.2.2.9 enable # ipv4-family vpnv4 policy vpn-target peer 2.2.2.9 enable # ipv4-family vpn-instance vpna peer 100.1.1.1 as-number 65410 import-route direct # ospf 1 area 0.0.0.0 network 10.1.1.0 0.0.0.255 network 1.1.1.9 0.0.0.0 # return

Configuration file of Spoke-PE 2


# sysname Spoke-PE2 # ip vpn-instance vpna route-distinguisher 100:3 vpn-target 100:1 export-extcommunity vpn-target 200:1 import-extcommunity # mpls lsr-id 3.3.3.9 mpls lsp-trigger all # mpls ldp # interface GigabitEthernet1/0/0 ip binding vpn-instance vpna

Issue 03 (2008-09-22)

Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd.

3-125

3 BGP/MPLS IP VPN Configuration


ip address 120.1.1.2 255.255.255.0 # interface Pos2/0/0 link-protocol ppp ip address 11.1.1.1 255.255.255.0 mpls mpls ldp # interface LoopBack1 ip address 3.3.3.9 255.255.255.255 # bgp 100 peer 2.2.2.9 as-number 100 peer 2.2.2.9 connect-interface LoopBack1 # ipv4-family unicast undo synchronization peer 2.2.2.9 enable # ipv4-family vpnv4 policy vpn-target peer 2.2.2.9 enable # ipv4-family vpn-instance vpna peer 120.1.1.1 as-number 65420 import-route direct # ospf 1 area 0.0.0.0 network 3.3.3.9 0.0.0.0 network 11.1.1.0 0.0.0.255 # return l

Quidway NetEngine80E/40E Core Router Configuration Guide - VPN

Configuration file of Spoke-CE 2


# sysname Spoke-CE2 # interface GigabitEthernet1/0/0 ip address 120.1.1.1 255.255.255.0 # bgp 65420 peer 120.1.1.2 as-number 100 # ipv4-family unicast undo synchronization import-route direct peer 120.1.1.2 enable # return

Configuration file of Hub-CE


# sysname Hub-CE # interface GigabitEthernet1/0/0 ip address 110.1.1.1 255.255.255.0 # interface GigabitEthernet2/0/0 ip address 110.2.1.1 255.255.255.0 # bgp 65430 peer 110.1.1.2 as-number 100 peer 110.2.1.2 as-number 100 # ipv4-family unicast undo synchronization import-route direct peer 110.2.1.2 enable peer 110.1.1.2 enable

3-126

Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd.

Issue 03 (2008-09-22)

Quidway NetEngine80E/40E Core Router Configuration Guide - VPN


# return l

3 BGP/MPLS IP VPN Configuration

Configuration file of Hub-PE


# sysname Hub-PE # ip vpn-instance vpn_in route-distinguisher 100:21 vpn-target 100:1 import-extcommunity # ip vpn-instance vpn_out route-distinguisher 100:22 vpn-target 200:1 export-extcommunity # mpls lsr-id 2.2.2.9 mpls lsp-trigger all # mpls ldp # interface GigabitEthernet3/0/0 ip binding vpn-instance vpn_in ip address 110.1.1.2 255.255.255.0 # interface GigabitEthernet4/0/0 ip binding vpn-instance vpn_out ip address 110.2.1.2 255.255.255.0 # interface Pos1/0/0 link-protocol ppp ip address 10.1.1.2 255.255.255.0 mpls mpls ldp # interface Pos2/0/0 link-protocol ppp ip address 11.1.1.2 255.255.255.0 mpls mpls ldp # interface LoopBack1 ip address 2.2.2.9 255.255.255.255 # bgp 100 peer 1.1.1.9 as-number 100 peer 1.1.1.9 connect-interface LoopBack1 peer 3.3.3.9 as-number 100 peer 3.3.3.9 connect-interface LoopBack1 # ipv4-family unicast undo synchronization peer 1.1.1.9 enable peer 3.3.3.9 enable # ipv4-family vpnv4 policy vpn-target peer 1.1.1.9 enable peer 3.3.3.9 enable # ipv4-family vpn-instance vpn_in peer 110.1.1.1 as-number 65430 import-route direct # ipv4-family vpn-instance vpn_out peer 110.2.1.1 as-number 65430 peer 110.2.1.1 allow-as-loop import-route direct # ospf 1

Issue 03 (2008-09-22)

Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd.

3-127

3 BGP/MPLS IP VPN Configuration


area 0.0.0.0 network 2.2.2.9 0.0.0.0 network 10.1.1.0 0.0.0.255 network 11.1.1.0 0.0.0.255 # return

Quidway NetEngine80E/40E Core Router Configuration Guide - VPN

3.21.5 Example for Configuring Inter-AS VPN Option A


Networking Requirements
As shown in Figure 3-8, CE1 and CE2 belong to the same VPN. The CE1 accesses the network through the PE1 in AS 100 and the CE2 accesses the network through the PE2 in AS 200. The Inter-AS BGP/MPLS IP VPN is implemented using Option A. That is, VRF-to-VRF method is used to manage the VPN routes. Figure 3-8 Networking diagram of inter-AS VPN
BGP/MPLS Backbone Loopback1 AS 100
2.2.2.9/32 POS1/0/0 POS2/0/0 172.1.1.1/24 192.1.1.1/24 Loopback1 1.1.1.9/32 ASBR -PE1 Loopback1 3.3.3.9/32 POS2/0/0 192.1.1.2/24

BGP/MPLS Backbone AS 200

POS1/0/0 162.1.1.1/24 Loopback1 4.4.4.9/32 ASBR-PE2 POS1/0/0 162.1.1.2/24 GE2/0/0 10.2.1.2/24 GE1/0/0 10.2.1.1/24

PE1

POS1/0/0 172.1.1.2/24 GE2/0/0 10.1.1.2/24 GE1/0/0 10.1.1.1/24

PE2

CE1 AS 65001

CE2 AS 65002

Configuration Roadmap
The configuration roadmap is as follows: 1. 2. Set up the EBGP peer relationship between the PE and the CE. Set up the MP-IBGP peer relationship between the PE and the ASBR-PE Create the VPN instance on two ASBR-PEs and bind the instance to the interface connected another ASBR-PE. Set up the EBGP peer relationship between ASBR-PEs

Data Preparation
To complete the configuration, you need the following data:
l l

MPLS LSR-ID of the PE and the ASBR-PE The VPN instance names of the PE and the ASBR-PE, RD and the VPN-target
Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd. Issue 03 (2008-09-22)

3-128

Quidway NetEngine80E/40E Core Router Configuration Guide - VPN

3 BGP/MPLS IP VPN Configuration

Configuration Procedure
1. Configure IGP on the MPLS backbone of AS 100 and AS 200 respectively to make ASBRPE and PE can reach each other in the same AS. OSPF is used as the IGP in this example, the configuration procedure is not mentioned.
NOTE

The 32-bit loopback interface address used as LSR ID should be advertised by OSPF.

After the configuration, the OSPF neighbor relationship should be established between the ASBR-PE and the PE of the same AS. Run the display ospf peer command to find that the OSPF neighbor relationship is in "Full" state. The ASBR-PE and the PE in the same AS can ping through each other and can learn the Loopback interface address of each other. 2. Configure MPLS basic capability and MPLS LDP on the MPLS backbone of AS 100 and AS 200 respectively to set up LDP LSP. # Configure basic MPLS capability on PE1 and enable LDP on the interface connecting ASBR-PE 1.
<PE1> system-view [PE1] mpls lsr-id 1.1.1.9 [PE1] mpls [PE1-mpls] lsp-trigger all [PE1-mpls] quit [PE1] mpls ldp [PE1-mpls-ldp] quit [PE1] interface pos1/0/0 [PE1-Pos1/0/0] mpls [PE1-Pos1/0/0] mpls ldp [PE1-Pos1/0/0] quit

# Configure basic MPLS capability on ASBR-PE 1 and enable LDP on the interface connecting PE1.
<ASBR-PE1> system-view [ASBR-PE1] mpls lsr-id 2.2.2.9 [ASBR-PE1] mpls [ASBR-PE1-mpls] lsp-trigger all [ASBR-PE1-mpls] quit [ASBR-PE1] mpls ldp [ASBR-PE1-mpls-ldp] quit [ASBR-PE1] interface pos1/0/0 [ASBR-PE1-Pos1/0/0] mpls [ASBR-PE1-Pos1/0/0] mpls ldp [ASBR-PE1-Pos1/0/0] quit

# Configure basic MPLS capability on ASBR-PE 2 and enable LDP on the interface connecting PE2.
<ASBR-PE2> system-view [ASBR-PE2] mpls lsr-id 3.3.3.9 [ASBR-PE2] mpls [ASBR-PE2-mpls] lsp-trigger all [ASBR-PE2-mpls] quit [ASBR-PE2] mpls ldp [ASBR-PE2-mpls-ldp] quit [ASBR-PE2] interface pos1/0/0 [ASBR-PE2-Pos1/0/0] mpls [ASBR-PE2-Pos1/0/0] mpls ldp [ASBR-PE2-Pos1/0/0] quit

# Configure basic MPLS capability on PE2 and enable LDP on the interface connecting ASBR-PE 2.
<PE2> system-view [PE2] mpls lsr-id 4.4.4.9 [PE2] mpls

Issue 03 (2008-09-22)

Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd.

3-129

3 BGP/MPLS IP VPN Configuration


[PE2-mpls] lsp-trigger all [PE2-mpls] quit [PE2] mpls ldp [PE2-mpls-ldp] quit [PE2] interface pos1/0/0 [PE2-Pos1/0/0] mpls [PE2-Pos1/0/0] mpls ldp [PE2-Pos1/0/0] quit

Quidway NetEngine80E/40E Core Router Configuration Guide - VPN

After the configuration, the LDP neighbor relationship should be established between the PE and the ASBR-PE in the same AS. Running the display mpls ldp session command on the routers, you can find the session state is "Operational" in the output information. Consider PE1 as an example.
[PE1] display mpls ldp session LDP Session(s) in Public Network -------------------------------------------------------------------------Peer-ID Status LAM SsnRole SsnAge KA-Sent/Rcv -------------------------------------------------------------------------2.2.2.9:0 Operational DU Passive 000:00:02 9/9 -------------------------------------------------------------------------TOTAL: 1 session(s) Found. LAM : Label Advertisement Mode SsnAge Unit : DDD:HH:MM

3.

Configure basic BGP/MPLS IP VPN on the MPLS backbone of AS 100 and AS 200 respectively.
NOTE

The VPN target of the VPN instances of the ASBR-PE and the PE in the same AS should match. In different ASs, the matching of the VPN target attributes of the PEs is unnecessary.

# Configure CE1.
<CE1> system-view [CE1] interface gigabitethernet 1/0/0 [CE1-GigabitEthernet1/0/0] ip address 10.1.1.1 24 [CE1-GigabitEthernet1/0/0] quit [CE1] bgp 65001 [CE1-bgp] peer 10.1.1.2 as-number 100 [CE1-bgp] import-route direct [CE1-bgp] quit

# Configure PE1 to set up the EBGP peer relationship with CE1.


[PE1] ip vpn-instance vpn1 [PE1-vpn-instance-vpn1] route-distinguisher 100:1 [PE1-vpn-instance-vpn1] vpn-target 1:1 both [PE1-vpn-instance-vpn1] quit [PE1] interface gigabitethernet 2/0/0 [PE1-GigabitEthernet2/0/0] ip binding vpn-instance vpn1 [PE1-GigabitEthernet2/0/0] ip address 10.1.1.2 24 [PE1-GigabitEthernet2/0/0] quit [PE1] bgp 100 [PE1-bgp] ipv4-family vpn-instance vpn1 [PE1-bgp-vpn1] peer 10.1.1.1 as-number 65001 [PE1-bgp-vpn1] import-route direct [PE1-bgp-vpn1] quit [PE1-bgp] quit

# Configure PE1 to set up the MP-IBGP peer relationship with ASBR-PE 1.


[PE1] bgp 100 [PE1-bgp] peer 2.2.2.9 as-number 100 [PE1-bgp] peer 2.2.2.9 connect-interface loopback 1 [PE1-bgp] ipv4-family vpnv4 [PE1-bgp-af-vpnv4] peer 2.2.2.9 enable [PE1-bgp-af-vpnv4] quit

# Configure ASBR-PE 1 to set up the MP-IBGP peer relationship with PE1.


[ASBR-PE1] bgp 100 [ASBR-PE1-bgp] peer 1.1.1.9 as-number 100

3-130

Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd.

Issue 03 (2008-09-22)

Quidway NetEngine80E/40E Core Router Configuration Guide - VPN

3 BGP/MPLS IP VPN Configuration

[ASBR-PE1-bgp] peer 1.1.1.9 connect-interface loopback 1 [ASBR-PE1-bgp] ipv4-family vpnv4 [ASBR-PE1-bgp-af-vpnv4] peer 1.1.1.9 enable [ASBR-PE1-bgp-af-vpnv4] quit [ASBR-PE1-bgp] quit
NOTE

The configurations of CE2, PE2 and ASBR-PE 2 are similar to that of CE1, PE1 and ASBR-PE 1 and are not mentioned here.

After the above configurations, run the display bgp vpnv4 vpn-instance peer command. You can find the BGP peer relationship between PE and CE is set up, that is the "State" in display is "Established". Run display bgp vpnv4 all peer to find the BGP peer relationship is "Established" between the PE and the CE, and between the PE and the ASBR-PE. Consider PE1 as an example.
[PE1] display bgp vpnv4 vpn-instance vpn1 peer BGP local router ID : 1.1.1.9 Local AS number : 100 Total number of peers : 1 Peers in established state : 1 Peer V AS MsgRcvd MsgSent OutQ Up/Down State PrefRcv 10.1.1.1 4 65001 10 10 0 00:07:10 Established 0 [PE1] display bgp vpnv4 all peer BGP local router ID : 1.1.1.9 Local AS number : 100 Total number of peers : 2 Peers in established state : 2 Peer V AS MsgRcvd MsgSent OutQ Up/Down State PrefRcv 2.2.2.9 4 100 3 7 0 00:01:36 Established 0 Peer of vpn instance: vpn instance vpn1 : 10.1.1.1 4 65001 13 13 0 00:04:00 Established 2

4.

Configure inter-AS VPN in VRF-to-VRF mode. # Configure ASBR-PE 1. Create a VPN instance and bind it to the interface connected to ASBR-PE 2. (ASBR-PE 1 regards ASBR-PE 2 as its own CE.)
[ASBR-PE1] ip vpn-instance vpn1 [ASBR-PE1-vpn-instance-vpn1] route-distinguisher 100:2 [ASBR-PE1-vpn-instance-vpn1] vpn-target 1:1 both [ASBR-PE1-vpn-instance-vpn1] quit [ASBR-PE1] interface pos 2/0/0 [ASBR-PE1-Pos2/0/0] ip binding vpn-instance vpn1 [ASBR-PE1-Pos2/0/0] ip address 192.1.1.1 24 [ASBR-PE1-Pos2/0/0] quit

# Configure ASBR-PE 2. Create a VPN instance and bind it to the interface connected to ASBR-PE 1. (ASBR-PE 2 regards ASBR-PE 1 as its CE after configuration.)
[ASBR-PE2] ip vpn-instance vpn1 [ASBR-PE2-vpn-instance-vpn1] route-distinguisher 200:2 [ASBR-PE2-vpn-instance-vpn1] vpn-target 2:2 both [ASBR-PE2-vpn-instance-vpn1] quit [ASBR-PE2] interface pos 2/0/0 [ASBR-PE2-Pos2/0/0] ip binding vpn-instance vpn1 [ASBR-PE2-Pos2/0/0] ip address 192.1.1.2 24 [ASBR-PE2-Pos2/0/0] quit

# Configure ASBR-PE 1 to set up the EBGP peer relationship with ASBR-PE 2.


[ASBR-PE1] bgp 100 [ASBR-PE1-bgp] ipv4-family vpn-instance vpn1 [ASBR-PE1-bgp-vpn1] peer 192.1.1.2 as-number 200 [ASBR-PE1-bgp-vpn1] import-route direct [ASBR-PE1-bgp-vpn1] quit [ASBR-PE1-bgp] quit

# Configure ASBR-PE 2 to set up the EBGP peer relationship with ASBR-PE 1.


[ASBR-PE2] bgp 200 [ASBR-PE2-bgp] ipv4-family vpn-instance vpn1 [ASBR-PE2-bgp-vpn1] peer 192.1.1.1 as-number 100

Issue 03 (2008-09-22)

Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd.

3-131

3 BGP/MPLS IP VPN Configuration


[ASBR-PE2-bgp-vpn1] import-route direct [ASBR-PE2-bgp-vpn1] quit [ASBR-PE2-bgp] quit

Quidway NetEngine80E/40E Core Router Configuration Guide - VPN

After the above configuration, run the display bgp vpnv4 vpn-instance peer command, and you can see that the BGP peer relationship is established between the ASBR-PEs. 5. Verify the configuration. After the above configuration, the CEs learn interface routes of each other. CE1 and CE2 can ping through each other. Consider CE1 as an example.
[CE1] display ip routing-table Route Flags: R - relied, D - download to fib -----------------------------------------------------------------------------Routing Tables: Public Destinations : 7 Routes : 7 Destination/Mask Proto Pre Cost Flags NextHop Interface 10.1.1.0/24 Direct 0 0 D 10.1.1.1 GigabitEthernet1/0/0 10.1.1.1/32 Direct 0 0 D 127.0.0.1 InLoopBack0 10.2.1.0/24 BGP 255 0 D 10.1.1.2 GigabitEthernet1/0/0 127.0.0.0/8 Direct 0 0 D 127.0.0.1 InLoopBack0 127.0.0.1/32 Direct 0 0 D 127.0.0.1 InLoopBack0 192.1.1.0/24 BGP 255 0 D 10.1.1.2 GigabitEthernet1/0/0 192.1.1.2/32 BGP 255 0 D 10.1.1.2 GigabitEthernet1/0/0 [CE1] ping 10.2.1.1 PING 10.2.1.1: 56 data bytes, press CTRL_C to break Reply from 10.2.1.1: bytes=56 Sequence=1 ttl=251 time=119 ms Reply from 10.2.1.1: bytes=56 Sequence=2 ttl=251 time=141 ms Reply from 10.2.1.1: bytes=56 Sequence=3 ttl=251 time=136 ms Reply from 10.2.1.1: bytes=56 Sequence=4 ttl=251 time=113 ms Reply from 10.2.1.1: bytes=56 Sequence=5 ttl=251 time=78 ms --- 10.2.1.1 ping statistics --5 packet(s) transmitted 5 packet(s) received 0.00% packet loss round-trip min/avg/max = 78/117/141 ms

Run the display ip routing-table vpn-instance command on ASBR-PE to see the information of the VPN routing table on that device.
[ASBR-PE1] display ip routing-table vpn-instance vpn1 Route Flags: R - relied, D - download to fib -----------------------------------------------------------------------------Routing Tables: vpn1 Destinations : 7 Routes : 7 Destination/Mask Proto Pre Cost Flags NextHop Interface 10.1.1.0/24 BGP 255 0 RD 1.1.1.9 Pos1/0/0 10.1.1.1/32 BGP 255 0 RD 1.1.1.9 Pos1/0/0 10.2.1.0/24 BGP 255 0 D 192.1.1.2 Pos2/0/0 10.2.1.1/32 BGP 255 0 D 192.1.1.2 Pos2/0/0 192.1.1.0/24 Direct 0 0 D 192.1.1.1 Pos2/0/0 192.1.1.1/32 Direct 0 0 D 127.0.0.1 InLoopBack0 192.1.1.2/32 Direct 0 0 D 192.1.1.2 Pos2/0/0

Run the display bgp vpnv4 all routing-table command on the ASBR-PE, and you can see the IPv4 VPN routes on the ASBR-PE.
[ASBR-PE1] display bgp vpnv4 all routing-table BGP Local router ID is 2.2.2.9 Status codes: * - valid, > - best, d - damped, h - history, i - internal, s - suppressed, S - Stale Origin : i - IGP, e - EGP, ? - incomplete Total number of routes from all PE: 2 Route Distinguisher: 100:1 Network NextHop MED LocPrf PrefVal Path/Ogn

3-132

Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd.

Issue 03 (2008-09-22)

Quidway NetEngine80E/40E Core Router Configuration Guide - VPN


*>i 10.1.1.0/24 1.1.1.9 *>i 10.1.1.1/32 1.1.1.9 Total routes of vpn-instance vpn1: 9 Network NextHop *>i 10.1.1.0/24 1.1.1.9 *>i 10.1.1.1/32 1.1.1.9 *> 10.2.1.0/24 192.1.1.2 *> 10.2.1.1/32 192.1.1.2 *> 192.1.1.0 0.0.0.0 * 192.1.1.2 *> 192.1.1.1/32 0.0.0.0 * 192.1.1.2 *> 192.1.1.2/32 0.0.0.0 0 0 MED 0 0 0 0 0 0 0

3 BGP/MPLS IP VPN Configuration


100 100 LocPrf 100 100 0 0 ? ?

PrefVal Path/Ogn 0 ? 0 ? 0 200? 0 200? 0 ? 0 200? 0 ? 0 200? 0 ?

Configuration Files
l

Configuration file of CE1


# sysname CE1 # interface GigabitEthernet1/0/0 ip address 10.1.1.1 255.255.255.0 # bgp 65001 peer 10.1.1.2 as-number 100 # ipv4-family unicast undo synchronization import-route direct peer 10.1.1.2 enable # return

Configuration file of PE1


# sysname PE1 # ip vpn-instance vpn1 route-distinguisher 100:1 vpn-target 1:1 export-extcommunity vpn-target 1:1 import-extcommunity # mpls lsr-id 1.1.1.9 mpls lsp-trigger all # mpls ldp # interface GigabitEthernet2/0/0 ip binding vpn-instance vpn1 ip address 10.1.1.2 255.255.255.0 # interface Pos1/0/0 link-protocol ppp ip address 172.1.1.2 255.255.255.0 mpls mpls ldp # interface LoopBack1 ip address 1.1.1.9 255.255.255.255 # bgp 100 peer 2.2.2.9 as-number 100 peer 2.2.2.9 connect-interface LoopBack1 # ipv4-family unicast undo synchronization peer 2.2.2.9 enable #

Issue 03 (2008-09-22)

Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd.

3-133

3 BGP/MPLS IP VPN Configuration


ipv4-family vpnv4 policy vpn-target peer 2.2.2.9 enable # ipv4-family vpn-instance vpn1 peer 10.1.1.1 as-number 65001 import-route direct # ospf 1 area 0.0.0.0 network 1.1.1.9 0.0.0.0 network 172.1.1.0 0.0.0.255 # return l

Quidway NetEngine80E/40E Core Router Configuration Guide - VPN

Configuration file of ASBR-PE 1


# sysname ASBR-PE1 # ip vpn-instance vpn1 route-distinguisher 100:2 vpn-target 1:1 export-extcommunity vpn-target 1:1 import-extcommunity # mpls lsr-id 2.2.2.9 mpls lsp-trigger all # mpls ldp # interface Pos1/0/0 link-protocol ppp ip address 172.1.1.1 255.255.255.0 mpls mpls ldp # interface Pos2/0/0 link-protocol ppp ip binding vpn-instance vpn1 ip address 192.1.1.1 255.255.255.0 # interface LoopBack1 ip address 2.2.2.9 255.255.255.255 # bgp 100 peer 1.1.1.9 as-number 100 peer 1.1.1.9 connect-interface LoopBack1 # ipv4-family unicast undo synchronization import-route direct peer 1.1.1.9 enable # ipv4-family vpnv4 policy vpn-target peer 1.1.1.9 enable # ipv4-family vpn-instance vpn1 peer 192.1.1.2 as-number 200 import-route direct # ospf 1 area 0.0.0.0 network 2.2.2.9 0.0.0.0 network 172.1.1.0 0.0.0.255 # return

Configuration file of ASBR-PE 2


#

3-134

Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd.

Issue 03 (2008-09-22)

Quidway NetEngine80E/40E Core Router Configuration Guide - VPN


sysname ASBR-PE2 # ip vpn-instance vpn1 route-distinguisher 200:2 vpn-target 2:2 export-extcommunity vpn-target 2:2 import-extcommunity # mpls lsr-id 3.3.3.9 mpls lsp-trigger all # mpls ldp # interface Pos1/0/0 link-protocol ppp ip address 162.1.1.1 255.255.255.0 mpls mpls ldp # interface Pos2/0/0 link-protocol ppp ip binding vpn-instance vpn1 ip address 192.1.1.2 255.255.255.0 # interface LoopBack1 ip address 3.3.3.9 255.255.255.255 # bgp 200 peer 4.4.4.9 as-number 200 peer 4.4.4.9 connect-interface LoopBack1 # ipv4-family unicast undo synchronization peer 4.4.4.9 enable # ipv4-family vpnv4 policy vpn-target peer 4.4.4.9 enable # ipv4-family vpn-instance vpn1 peer 192.1.1.1 as-number 100 import-route direct # ospf 1 area 0.0.0.0 network 3.3.3.9 0.0.0.0 network 162.1.1.0 0.0.0.255 # return l

3 BGP/MPLS IP VPN Configuration

Configuration file of PE2


# sysname PE2 # ip vpn-instance vpn1 route-distinguisher 200:1 vpn-target 2:2 export-extcommunity vpn-target 2:2 import-extcommunity # mpls lsr-id 4.4.4.9 mpls lsp-trigger all # mpls ldp # interface GigabitEthernet2/0/0 ip binding vpn-instance vpn1 ip address 10.2.1.2 255.255.255.0 # interface Pos1/0/0

Issue 03 (2008-09-22)

Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd.

3-135

3 BGP/MPLS IP VPN Configuration


link-protocol ppp ip address 162.1.1.2 255.255.255.0 mpls mpls ldp # interface LoopBack1 ip address 4.4.4.9 255.255.255.255 # bgp 200 peer 3.3.3.9 as-number 200 peer 3.3.3.9 connect-interface LoopBack1 # ipv4-family unicast undo synchronization peer 3.3.3.9 enable # ipv4-family vpnv4 policy vpn-target peer 3.3.3.9 enable # ipv4-family vpn-instance vpn1 peer 10.2.1.1 as-number 65002 import-route direct # ospf 1 area 0.0.0.0 network 4.4.4.9 0.0.0.0 network 162.1.1.0 0.0.0.255 # return l

Quidway NetEngine80E/40E Core Router Configuration Guide - VPN

Configuration file of CE2


# sysname CE2 # interface GigabitEthernet1/0/0 ip address 10.2.1.1 255.255.255.0 # bgp 65002 peer 10.2.1.2 as-number 200 # ipv4-family unicast undo synchronization import-route direct peer 10.2.1.2 enable # return

3.21.6 Example for Configuring Inter-AS VPN Option B


Networking Requirements
The CE1 and the CE2 belong to the same VPN. The CE1 accesses the network through the PE1 in the AS 100. The CE2 accesses the network through the PE2 in the AS 200. The inter-AS BGP/MPLS IP VPN is implemented using Option B:
l l

ASBR-PE 1 switches VPN-IPv4 routes with ASBR-PE 2 by MP-EBGP. ASBR-PE does not perform VPN target filtering on the received VPN-IPv4 routes. See Figure 3-8 for the networking diagram.

Configuration Roadmap
The configuration roadmap is as follows:
3-136 Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd. Issue 03 (2008-09-22)

Quidway NetEngine80E/40E Core Router Configuration Guide - VPN

3 BGP/MPLS IP VPN Configuration

1. 2. 3. 4.

Configure IGP on the backbone network to interconnect the ASBR-PE and the PE in the same AS. Set up MPLS LDP LSP between the ASBR-PE and the PE in the same AS. Set up the EBGP peer relationship between the PE and the CE. Set up the MP-IBGP peer relationship between the PE and the ASBR-PE. Configure the VPN instance on the PE. (There is no need to configure the VPN instance on the ASBR-PE.) Enable MPLS on the interface connected ASBR-PEs. Set up the MP-EBGP peer relationship between ASBR-PEs. Configure no VPN-target filtration on the received IPv4 VPN routes.

Data Preparation
To complete the configuration, you need the following data:
l l

MPLS LSR-ID on the PE and the ASBR-PE Name, RD and the VPN-Target of the VPN instance configured on the PE1 and PE2

Configuration Procedure
1. Configure IGP on MPLS backbone of AS 100 and AS 200 respectively to make the PE and the P reach each other in the same AS. OSPF is used as the IGP in this example, the configuration procedure is not mentioned here.
NOTE

The 32-bit loopback interface address used as the LSR ID should be advertised by OSPF.

After the configuration, the OSPF neighbor relationship should be established between the ASBR-PE and the PE of the same AS. Run the display ospf peer command to find that the status of the OSPF neighbor relationship is "Full". The ASBR-PE and the PE in the same AS can learn the Loopback addresses of each other and can ping through each other. 2. Configure MPLS basic capability and MPLS LDP on the MPLS backbone of AS 100 and AS 200 respectively to setup LDP LSP. For configuration procedures, see Example for Configuring Inter-AS VPN Option A. 3. Configure basic BGP/MPLS IP VPN on the MPLS backbone of AS 100 and AS 200 respectively.
NOTE

The VPN target of the VPN instances of the PE1 and the PE2 should be consistent.

For configuration procedures, see the following configuration files. 4. Configure inter-AS VPN Option B mode. # Configure ASBR-PE 1. Enable MPLS on POS 2/0/0 connected with ASBR-PE 2.
<ASBR-PE1> system-view [ASBR-PE1] interface pos 2/0/0 [ASBR-PE1-Pos2/0/0] ip address 192.1.1.1 24 [ASBR-PE1-Pos2/0/0] mpls [ASBR-PE1-Pos2/0/0] quit

# Configure ASBR-PE 1. Establish MP-EBGP peer with ASBR-PE 2 and perform no VPN target filtering on the received IPv4 VPN routes.
[ASBR-PE1] bgp 100 [ASBR-PE1-bgp] peer 192.1.1.2 as-number 200

Issue 03 (2008-09-22)

Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd.

3-137

3 BGP/MPLS IP VPN Configuration

Quidway NetEngine80E/40E Core Router Configuration Guide - VPN

[ASBR-PE1-bgp] ipv4-family vpnv4 [ASBR-PE1-bgp-af-vpnv4] peer 192.1.1.2 enable [ASBR-PE1-bgp-af-vpnv4] undo policy vpn-target [ASBR-PE1-bgp-af-vpnv4] quit [ASBR-PE1-bgp] quit
NOTE

The configurations of ASBR-PE 2 are similar to that of ASBR-PE 1 and are not mentioned here.

5.

Verify the configuration. After the above configuration, the CEs can learn the interface routes of each other. CE1 and CE2 can be pinged successfully on each other. Consider CE1 as an example.
<CE1> display ip routing-table Route Flags: R - relied, D - download to fib -----------------------------------------------------------------------------Routing Tables: Public Destinations : 5 Routes : 5 Destination/Mask Proto Pre Cost Flags NextHop Interface 10.1.1.0/24 Direct 0 0 D 10.1.1.1 GigabitEthernet1/0/0 10.1.1.1/32 Direct 0 0 D 127.0.0.1 InLoopBack0 10.2.1.0/24 BGP 255 0 D 10.1.1.2 GigabitEthernet1/0/0 127.0.0.0/8 Direct 0 0 D 127.0.0.1 InLoopBack0 127.0.0.1/32 Direct 0 0 D 127.0.0.1 InLoopBack0 <CE1> ping 10.2.1.1 PING 10.2.1.1: 56 data bytes, press CTRL_C to break Reply from 10.2.1.1: bytes=56 Sequence=1 ttl=252 time=120 ms Reply from 10.2.1.1: bytes=56 Sequence=2 ttl=252 time=73 ms Reply from 10.2.1.1: bytes=56 Sequence=3 ttl=252 time=111 ms Reply from 10.2.1.1: bytes=56 Sequence=4 ttl=252 time=86 ms Reply from 10.2.1.1: bytes=56 Sequence=5 ttl=252 time=110 ms --- 10.2.1.1 ping statistics --5 packet(s) transmitted 5 packet(s) received 0.00% packet loss round-trip min/avg/max = 73/100/120 ms

Run the display bgp vpnv4 all routing-table command on the ASBR-PE, and you can see the IPv4 VPN routes on the ASBR-PE. Consider ASBR-PE 1 for an example.
[ASBR-PE1] display bgp vpnv4 all routing-table BGP Local router ID is 2.2.2.9 Status codes: * - valid, > - best, d - damped, h - history, i - internal, s - suppressed, S - Stale Origin : i - IGP, e - EGP, ? - incomplete Total number of routes from all PE: 4 Route Distinguisher: 100:1 Network NextHop MED LocPrf PrefVal Path/Ogn *>i 10.1.1.0/24 1.1.1.9 0 100 0 ? *>i 10.1.1.1/32 1.1.1.9 0 100 0 ? Route Distinguisher: 200:1 Network NextHop MED LocPrf PrefVal Path/Ogn *> 10.2.1.0/24 192.1.1.2 0 200? *> 10.2.1.1/32 192.1.1.2 0 200?

Configuration Files
l

Configuration file of CE1


# sysname CE1 # interface GigabitEthernet1/0/0 ip address 10.1.1.1 255.255.255.0

3-138

Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd.

Issue 03 (2008-09-22)

Quidway NetEngine80E/40E Core Router Configuration Guide - VPN


# bgp 65001 peer 10.1.1.2 as-number 100 # ipv4-family unicast undo synchronization import-route direct peer 10.1.1.2 enable return l

3 BGP/MPLS IP VPN Configuration

Configuration file of PE1


# sysname PE1 # ip vpn-instance vpn1 route-distinguisher 100:1 vpn-target 1:1 export-extcommunity vpn-target 1:1 import-extcommunity # mpls lsr-id 1.1.1.9 mpls lsp-trigger all # mpls ldp # interface GigabitEthernet2/0/0 ip binding vpn-instance vpn1 ip address 10.1.1.2 255.255.255.0 # interface Pos1/0/0 link-protocol ppp ip address 172.1.1.2 255.255.255.0 mpls mpls ldp # interface LoopBack1 ip address 1.1.1.9 255.255.255.255 # bgp 100 peer 2.2.2.9 as-number 100 peer 2.2.2.9 connect-interface LoopBack1 # ipv4-family unicast undo synchronization peer 2.2.2.9 enable # ipv4-family vpnv4 policy vpn-target peer 2.2.2.9 enable # ipv4-family vpn-instance vpn1 peer 10.1.1.1 as-number 65001 import-route direct # ospf 1 area 0.0.0.0 network 1.1.1.9 0.0.0.0 network 172.1.1.0 0.0.0.255 # return

Configuration file of ASBR-PE 1


# sysname ASBR-PE1 # mpls lsr-id 2.2.2.9 mpls lsp-trigger all # mpls ldp

Issue 03 (2008-09-22)

Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd.

3-139

3 BGP/MPLS IP VPN Configuration


# interface Pos1/0/0 link-protocol ppp ip address 172.1.1.1 255.255.255.0 mpls mpls ldp # interface Pos2/0/0 link-protocol ppp ip address 192.1.1.1 255.255.255.0 mpls # interface LoopBack1 ip address 2.2.2.9 255.255.255.255 # bgp 100 peer 192.1.1.2 as-number 200 peer 1.1.1.9 as-number 100 peer 1.1.1.9 connect-interface LoopBack1 # ipv4-family unicast undo synchronization peer 192.1.1.2 enable peer 1.1.1.9 enable # ipv4-family vpnv4 undo policy vpn-target peer 1.1.1.9 enable peer 192.1.1.2 enable # ospf 1 area 0.0.0.0 network 2.2.2.9 0.0.0.0 network 172.1.1.0 0.0.0.255 # return l

Quidway NetEngine80E/40E Core Router Configuration Guide - VPN

Configuration file of ASBR-PE 2


# sysname ASBR-PE2 # mpls lsr-id 3.3.3.9 mpls lsp-trigger all # mpls ldp # interface Pos1/0/0 link-protocol ppp ip address 162.1.1.1 255.255.255.0 mpls mpls ldp # interface Pos2/0/0 link-protocol ppp ip address 192.1.1.2 255.255.255.0 mpls # interface LoopBack1 ip address 3.3.3.9 255.255.255.255 # bgp 200 peer 192.1.1.1 as-number 100 peer 4.4.4.9 as-number 200 peer 4.4.4.9 connect-interface LoopBack1 # ipv4-family unicast undo synchronization peer 192.1.1.1 enable peer 4.4.4.9 enable

3-140

Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd.

Issue 03 (2008-09-22)

Quidway NetEngine80E/40E Core Router Configuration Guide - VPN


# ipv4-family vpnv4 undo policy vpn-target peer 4.4.4.9 enable peer 192.1.1.1 enable # ospf 1 area 0.0.0.0 network 3.3.3.9 0.0.0.0 network 162.1.1.0 0.0.0.255 # return l

3 BGP/MPLS IP VPN Configuration

Configuration file of PE2


# sysname PE2 # ip vpn-instance vpn1 route-distinguisher 200:1 vpn-target 1:1 export-extcommunity vpn-target 1:1 import-extcommunity # mpls lsr-id 4.4.4.9 mpls lsp-trigger all # mpls ldp # interface GigabitEthernet2/0/0 ip binding vpn-instance vpn1 ip address 10.2.1.2 255.255.255.0 # interface Pos1/0/0 link-protocol ppp ip address 162.1.1.2 255.255.255.0 mpls mpls ldp # interface LoopBack1 ip address 4.4.4.9 255.255.255.255 # bgp 200 peer 3.3.3.9 as-number 200 peer 3.3.3.9 connect-interface LoopBack1 # ipv4-family unicast undo synchronization peer 3.3.3.9 enable # ipv4-family vpnv4 policy vpn-target peer 3.3.3.9 enable # ipv4-family vpn-instance vpn1 peer 10.2.1.1 as-number 65002 import-route direct # ospf 1 area 0.0.0.0 network 4.4.4.9 0.0.0.0 network 162.1.1.0 0.0.0.255 # return

Configuration file of CE2


# sysname CE2 # interface GigabitEthernet1/0/0 ip address 10.2.1.1 255.255.255.0

Issue 03 (2008-09-22)

Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd.

3-141

3 BGP/MPLS IP VPN Configuration


# bgp 65002 peer 10.2.1.2 as-number 200 # ipv4-family unicast undo synchronization import-route direct peer 10.2.1.2 enable # return

Quidway NetEngine80E/40E Core Router Configuration Guide - VPN

3.21.7 Example for Configuring Inter-AS VPN Option C


Networking Requirements
CE1 and CE2 belong to the same VPN. The CE1 accesses the network through the PE1 in AS 100 and the CE2 accesses the network through the PE2 in AS 200. The Inter-AS BGP/MPLS IP VPN is implemented using Option C. See Figure 3-8 for the networking diagram.

Configuration Roadmap
The configuration roadmap is as follows: 1. 2. Set up the MP-EBGP peer relationship between different ASs and configure the maximum hops between PEs. Configure the routing policy on the ASBR-PE. Assign MPLS labels to the routes received from the PE in the local AS when the routes are advertised to the remote ASBR-PE Assign new MPLS labels to the routes advertised to the PE in the local AS if they are labeled as IPv4 routes. Configure the PE and the ASBR-PE of the local AS to exchange the labeled IPv4 route. Configure the ASBR-PE and the peer ASBR-PE to exchange the labeled IPv4 route.

3. 4.

Data Preparation
To complete the configuration, you need the following data:
l l l

MPLS LSR-ID of the PE and the ASBR-PE The VPN instance configured on the PE, RD and the VPN-target Two routing policies configured on the ASBR-PE

Configuration Procedure
1. Configure IGP on the MPLS backbone of AS 100 and AS 200 respectively to make the PE and the ASBR-PE can reach each other in the same AS. OSPF is used as IGP in this example, and the configuration procedure is not mentioned here.
NOTE

The 32-bit loopback interface address used as the LSR ID should be advertised by OSPF.

3-142

Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd.

Issue 03 (2008-09-22)

Quidway NetEngine80E/40E Core Router Configuration Guide - VPN

3 BGP/MPLS IP VPN Configuration

After the configuration, the OSPF neighbor relationship should be established between the ASBR-PE and the PE of the same AS. Run the display ospf peer command to find the status of the OSPF neighbor relationship as "Full". The ASBR-PE and the PE in the same AS can learn Loopback addresses of each other and can ping through each other. 2. Configure MPLS basic capability and MPLS LDP on the MPLS backbone of AS 100 and AS 200 respectively to setup LDP LSP. For configuration procedures, see . 3. 4. Set up the IBGP peer relationship between the PEs and the ASBR PEs in the same AS. The detailed configuration is not mentioned here. Configure the VPN instance on the PE and configure the CE to access the PE. For the detailed configuration, see the following configuration file.
NOTE

The import VPN-taget configured on PE1 must be the same as the export VPN-target configured on PE2; the export VPN-taget configured on PE1 must be the same as the import VPN-target configured on PE2.

5.

Configure exchange of labeled IPv4 routes. # Configure PE1. Enable to switch labeled IPv4 routes with ASBR-PE 1.
[PE1] bgp 100 [PE1-bgp] peer 2.2.2.9 label-route-capability [PE1-bgp] quit

# Configure ASBR-PE 1. Enable MPLS on POS 2/0/0 connected to ASBR-PE 2.


[ASBR-PE1] interface pos 2/0/0 [ASBR-PE1-Pos2/0/0] ip address 192.1.1.1 24 [ASBR-PE1-Pos2/0/0] mpls [ASBR-PE1-Pos2/0/0] quit

# Configure ASBR-PE 1. Create route policies.


[ASBR-PE1] route-policy [ASBR-PE1-route-policy] [ASBR-PE1-route-policy] [ASBR-PE1] route-policy [ASBR-PE1-route-policy] [ASBR-PE1-route-policy] [ASBR-PE1-route-policy] policy1 permit node 1 apply mpls-label quit policy2 permit node 1 if-match mpls-label apply mpls-label quit

# Configure ASBR-PE 1. Apply route policies to the routes advertised to PE1 and enable to switch label IPv4 routes with PE1.
[ASBR-PE1] bgp 100 [ASBR-PE1-bgp] peer 1.1.1.9 route-policy policy2 export [ASBR-PE1-bgp] peer 1.1.1.9 label-route-capability

# Configure ASBR-PE 1. Apply route policies to the routes advertised to ASBR-PE 2 and enable to switch label IPv4 routes with ASBR-PE 2.
[ASBR-PE1-bgp] [ASBR-PE1-bgp] [ASBR-PE1-bgp] [ASBR-PE1-bgp] peer 192.1.1.2 as-number 200 peer 192.1.1.2 route-policy policy1 export peer 192.1.1.2 label-route-capability quit

# Configure ASBR-PE1. Advertise the Loopback address of PE1 to ASBR-PE2, and then to PE2.
[ASBR-PE1] bgp 100 [ASBR-PE1-bgp] network 1.1.1.9 32 [ASBR-PE1-bgp] quit

Issue 03 (2008-09-22)

Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd.

3-143

3 BGP/MPLS IP VPN Configuration


NOTE

Quidway NetEngine80E/40E Core Router Configuration Guide - VPN

The configurations of PE2 and ASBR-PE 2 are similar to that of PE1 and ASBR-PE 1 and are not mentioned here.

6.

Establish MP-EBGP peers between PE1 and PE2 # Configure PE1.


[PE1] bgp 100 [PE1-bgp] peer 4.4.4.9 as-number 200 [PE1-bgp] peer 4.4.4.9 connect-interface LoopBack 1 [PE1-bgp] peer 4.4.4.9 ebgp-max-hop 10 [PE1-bgp] ipv4-family vpnv4 [PE1-bgp-af-vpnv4] peer 4.4.4.9 enable [PE1-bgp-af-vpnv4] quit [PE1-bgp] quit

# Configure PE2.
[PE2] bgp 200 [PE2-bgp] peer 1.1.1.9 as-number 100 [PE2-bgp] peer 1.1.1.9 connect-interface LoopBack 1 [PE2-bgp] peer 1.1.1.9 ebgp-max-hop 10 [PE2-bgp] ipv4-family vpnv4 [PE2-bgp-af-vpnv4] peer 1.1.1.9 enable [PE2-bgp-af-vpnv4] quit [PE2-bgp] quit

7.

Verify the configuration. After the above configuration, the CEs can learn interface routes of each other. CE1 and CE2 can ping through each other. Consider CE1 as an example:
[CE1] display ip routing-table Route Flags: R - relied, D - download to fib -----------------------------------------------------------------------------Routing Tables: Public Destinations : 5 Routes : 5 Destination/Mask Proto Pre Cost Flags NextHop Interface 10.1.1.0/24 Direct 0 0 D 10.1.1.1 GigabitEthernet1/0/0 10.1.1.1/32 Direct 0 0 D 127.0.0.1 InLoopBack0 10.2.1.0/24 BGP 255 0 D 10.1.1.2 GigabitEthernet1/0/0 127.0.0.0/8 Direct 0 0 D 127.0.0.1 InLoopBack0 127.0.0.1/32 Direct 0 0 D 127.0.0.1 InLoopBack0 [CE1] ping 10.2.1.1 PING 10.2.1.1: 56 data bytes, press CTRL_C to break Reply from 10.2.1.1: bytes=56 Sequence=1 ttl=252 time=102 ms Reply from 10.2.1.1: bytes=56 Sequence=2 ttl=252 time=89 ms Reply from 10.2.1.1: bytes=56 Sequence=3 ttl=252 time=106 ms Reply from 10.2.1.1: bytes=56 Sequence=4 ttl=252 time=104 ms Reply from 10.2.1.1: bytes=56 Sequence=5 ttl=252 time=56 ms --- 10.2.1.1 ping statistics --5 packet(s) transmitted 5 packet(s) received 0.00% packet loss round-trip min/avg/max = 56/91/106 ms

There is no VPNv4 route on the ASBR-PE. Run the display bgp routing-table label command on the ASBR-PE to see the label information of the routes. Consider ASBR-PE1 as an example:
[ASBR-PE1] display bgp routing-table label Total Number of Routes: 2 BGP Local router ID is 2.2.2.9 Status codes: * - valid, > - best, d - damped, h - history, i - internal, s - suppressed, S - Stale Origin : i - IGP, e - EGP, ? - incomplete Network NextHop In/Out Label

3-144

Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd.

Issue 03 (2008-09-22)

Quidway NetEngine80E/40E Core Router Configuration Guide - VPN


*> *> 1.1.1.9 4.4.4.9 172.1.1.2 192.1.1.2

3 BGP/MPLS IP VPN Configuration


15360/NULL 15361/15361

Configuration Files
l

Configuration file of CE1


# sysname CE1 # interface GigabitEthernet1/0/0 ip address 10.1.1.1 255.255.255.0 # bgp 65001 peer 10.1.1.2 as-number 100 # ipv4-family unicast undo synchronization import-route direct peer 10.1.1.2 enable # return

Configuration file of PE1


# sysname PE1 # ip vpn-instance vpn1 route-distinguisher 100:1 vpn-target 1:1 export-extcommunity vpn-target 1:1 import-extcommunity # mpls lsr-id 1.1.1.9 mpls lsp-trigger all # mpls ldp # interface GigabitEthernet2/0/0 ip binding vpn-instance vpn1 ip address 10.1.1.2 255.255.255.0 # interface Pos1/0/0 link-protocol ppp ip address 172.1.1.2 255.255.255.0 mpls mpls ldp # interface LoopBack1 ip address 1.1.1.9 255.255.255.255 # bgp 100 peer 4.4.4.9 as-number 200 peer 4.4.4.9 ebgp-max-hop 10 peer 4.4.4.9 connect-interface LoopBack1 peer 2.2.2.9 as-number 100 peer 2.2.2.9 connect-interface LoopBack1 # ipv4-family unicast undo synchronization peer 4.4.4.9 enable peer 2.2.2.9 enable peer 2.2.2.9 label-route-capability # ipv4-family vpnv4 policy vpn-target peer 4.4.4.9 enable # ipv4-family vpn-instance vpn1 peer 10.1.1.1 as-number 65001

Issue 03 (2008-09-22)

Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd.

3-145

3 BGP/MPLS IP VPN Configuration


import-route direct # ospf 1 area 0.0.0.0 network 1.1.1.9 0.0.0.0 network 172.1.1.0 0.0.0.255 # return l

Quidway NetEngine80E/40E Core Router Configuration Guide - VPN

Configuration file of ASBR-PE 1


# sysname ASBR-PE1 # mpls lsr-id 2.2.2.9 mpls lsp-trigger all # mpls ldp # interface Pos1/0/0 link-protocol ppp ip address 172.1.1.1 255.255.255.0 mpls mpls ldp # interface Pos2/0/0 link-protocol ppp ip address 192.1.1.1 255.255.255.0 mpls # interface LoopBack1 ip address 2.2.2.9 255.255.255.255 # bgp 100 peer 192.1.1.2 as-number 200 peer 1.1.1.9 as-number 100 peer 1.1.1.9 connect-interface LoopBack1 # ipv4-family unicast undo synchronization network 1.1.1.9 255.255.255.255 peer 192.1.1.2 enable peer 192.1.1.2 route-policy policy1 export peer 192.1.1.2 label-route-capability peer 1.1.1.9 enable peer 1.1.1.9 route-policy policy2 export peer 1.1.1.9 label-route-capability # ospf 1 area 0.0.0.0 network 2.2.2.9 0.0.0.0 network 172.1.1.0 0.0.0.255 # route-policy policy1 permit node 1 apply mpls-label route-policy policy2 permit node 1 if-match mpls-label apply mpls-label # return

Configuration file of ASBR-PE 2


# sysname ASBR-PE2 # mpls lsr-id 3.3.3.9 mpls lsp-trigger all # mpls ldp

3-146

Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd.

Issue 03 (2008-09-22)

Quidway NetEngine80E/40E Core Router Configuration Guide - VPN


# interface Pos1/0/0 link-protocol ppp ip address 162.1.1.1 255.255.255.0 mpls mpls ldp # interface Pos2/0/0 link-protocol ppp ip address 192.1.1.2 255.255.255.0 mpls # interface LoopBack1 ip address 3.3.3.9 255.255.255.255 # bgp 200 peer 192.1.1.1 as-number 100 peer 4.4.4.9 as-number 200 peer 4.4.4.9 connect-interface LoopBack1 # ipv4-family unicast undo synchronization network 4.4.4.9 255.255.255.255 peer 192.1.1.1 enable peer 192.1.1.1 route-policy policy1 export peer 192.1.1.1 label-route-capability peer 4.4.4.9 enable peer 4.4.4.9 route-policy policy2 export peer 4.4.4.9 label-route-capability # ospf 1 area 0.0.0.0 network 3.3.3.9 0.0.0.0 network 162.1.1.0 0.0.0.255 # route-policy policy1 permit node 1 apply mpls-label route-policy policy2 permit node 1 if-match mpls-label apply mpls-label # return l

3 BGP/MPLS IP VPN Configuration

Configuration file of PE2


# sysname PE2 # ip vpn-instance vpn1 route-distinguisher 200:1 vpn-target 1:1 export-extcommunity vpn-target 1:1 import-extcommunity # mpls lsr-id 4.4.4.9 mpls lsp-trigger all # mpls ldp # interface GigabitEthernet2/0/0 ip binding vpn-instance vpn1 ip address 10.2.1.2 255.255.255.0 # interface Pos1/0/0 link-protocol ppp ip address 162.1.1.2 255.255.255.0 mpls mpls ldp # interface LoopBack1 ip address 4.4.4.9 255.255.255.255

Issue 03 (2008-09-22)

Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd.

3-147

3 BGP/MPLS IP VPN Configuration


# bgp 200 peer 1.1.1.9 as-number 100 peer 1.1.1.9 ebgp-max-hop 10 peer 1.1.1.9 connect-interface LoopBack1 peer 3.3.3.9 as-number 200 peer 3.3.3.9 connect-interface LoopBack1 # ipv4-family unicast undo synchronization peer 1.1.1.9 enable peer 3.3.3.9 enable peer 3.3.3.9 label-route-capability # ipv4-family vpnv4 policy vpn-target peer 1.1.1.9 enable # ipv4-family vpn-instance vpn1 peer 10.2.1.1 as-number 65002 import-route direct # ospf 1 area 0.0.0.0 network 4.4.4.9 0.0.0.0 network 162.1.1.0 0.0.0.255 # return l

Quidway NetEngine80E/40E Core Router Configuration Guide - VPN

Configuration file of CE2


# sysname CE2 # interface GigabitEthernet1/0/0 ip address 10.2.1.1 255.255.255.0 # bgp 65002 peer 10.2.1.2 as-number 200 # ipv4-family unicast undo synchronization import-route direct peer 10.2.1.2 enable # return

3.21.8 Example for Configuring Carrier's Carrier in the Same AS


Networking Requirements
The Level 1 carrier and the Level 2 carrier are in the same AS. The Level 2 carrier provides the BGP/MPLS IP VPN service for its customers. In Figure 3-9:
l l l

PE1 and PE2 are PEs of the Level 1 carrier's backbone. CE1 and CE2 belong to the Level 2 carrier and access the backbone of Level 1 carrier. PE3 and PE4 belong to the Level 2 carrier and provide access service for Level 2 carrier's customer. CE3 and CE4 are the Level 2 carrier's customer.

3-148

Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd.

Issue 03 (2008-09-22)

Quidway NetEngine80E/40E Core Router Configuration Guide - VPN

3 BGP/MPLS IP VPN Configuration

Figure 3-9 Networking diagram of carrier's carrier configuration


Provider carrier
Loopback1 3.3.3.9/32 POS2/0/0 30.1.1.1/24 POS1/0/0 30.1.1.2/24 Loopback1 4.4.4.9/32

PE1
POS1/0/0 11.1.1.2/24

PE2
POS2/0/0 21.1.1.1/24

Loopback1 Customer carrier 1.1.1.9/32 POS2/0/0 10.1.1.1/24

AS: 100

AS: 100 Customer carrier Loopback1


POS2/0/0 11.1.1.1/24 POS1/0/0 21.1.1.2/24 6.6.6.9/32 POS2/0/0 20.1.1.2/24

PE3 GE1/0/0

POS1/0/0 10.1.1.2/24

CE1
Loopback1 2.2.2.9/32

CE2

100.1.1.2/24

POS2/0/0 20.1.1.1/24 GE1/0/0 Loopback1 120.1.1.2/24 5.5.5.9/32

PE4

MP-IBGP
GE1/0/0 100.1.1.1/24 GE1/0/0 120.1.1.1/24

CE3

AS:65410

AS:65420

CE4

Configuration Roadmap
The configuration roadmap is as follows: 1. Configure the two types of route exchange as follows:
l

The exchange of the internal route of the level 2 carrier on the backbone network of level 1 carrier: configure the level 2 carrier to access the level 1 carrier as the level 1 carrier's CE. The exchange of the external route of the level 2 carrier between the PE devices of the level 2 carrier: set up the MP-IBGP peer relationship between the PE devices (PE3 and PE4) of the level 2 carrier.

2.

Configure the carrier's carrier of the same AS and configure IGP and LDP between the PE of the level 1 carrier and the CE of the level 2 carrier.

Data Preparation
To configure the carrier's carrier in the same AS, you need the following data:
l

MPLS LSR ID on the PE of the level 1 carrier, MPLS LSR ID on the PE and the CE of the level 2 carrier Data for configuring IGP (The IS-IS process number of the IGP protocol running on the PE and the CE of the level 2 carrier is the same with that used when the CE of the level 2
Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd. 3-149

Issue 03 (2008-09-22)

3 BGP/MPLS IP VPN Configuration

Quidway NetEngine80E/40E Core Router Configuration Guide - VPN

carrier accesses the level 1 carrier. However, it is different with that on the PE of the level 1 carrier.)
l

The name of the VPN instance configured on the PE, RD and the VPN-target

Configuration Procedure
1. Configure the BGP/MPLS IP VPN on Level 1 carrier's backbone. Adopt IS-IS as the IGP. Enable LDP between PE1 and PE2 and establish MP-IBGP peer relationship between them. # Configure PE1
<Quidway> system-view [Quidway] sysname PE1 [PE1] interface loopback 1 [PE1-LoopBack1] ip address 3.3.3.9 32 [PE1-LoopBack1] quit [PE1] mpls lsr-id 3.3.3.9 [PE1] mpls [PE1-mpls] quit [PE1] mpls ldp [PE1-mpls-ldp] quit [PE1] isis 1 [PE1-isis-1] network-entity 10.0000.0000.0004.00 [PE1-isis-1] quit [PE1] interface loopback 1 [PE1-LoopBack1] isis enable 1 [PE1-LoopBack1] quit [PE1] interface pos 2/0/0 [PE1-Pos2/0/0] ip address 30.1.1.1 24 [PE1-Pos2/0/0] isis enable 1 [PE1-Pos2/0/0] mpls [PE1-Pos2/0/0] mpls ldp [PE1-Pos2/0/0] quit [PE1] bgp 100 [PE1-bgp] peer 4.4.4.9 as-number 100 [PE1-bgp] peer 4.4.4.9 connect-interface loopback 1 [PE1-bgp] ipv4-family vpnv4 [PE1-bgp-af-vpnv4] peer 4.4.4.9 enable [PE1-bgp-af-vpnv4] quit [PE1-bgp] quit
NOTE

The configuration of PE2 is similar to that of PE1 and is not mentioned here.

After the configuration, run the display mpls ldp session command on PE1 and PE2, to find that the LDP session has been established successfully. Run the display bgp peer command to find that the BGP peer relationship has been established. Run the display isis peer command to find that the IS-IS neighbor has been set up. Consider PE1 as an example:
[PE1] display mpls ldp session LDP Session(s) in Public Network ---------------------------------------------------------------Peer-ID Status LAM SsnRole SsnAge KA-Sent/Rcv ---------------------------------------------------------------4.4.4.9:0 Operational DU Active 000:00:01 8/8 ---------------------------------------------------------------TOTAL: 1 session(s) Found. LAM : Label Advertisement Mode SsnAge Unit : DDD:HH:MM [PE1] display bgp peer BGP local router ID : 3.3.3.9 Local AS number : 100 Total number of peers : 1 Peers in established state : 1 Peer V AS MsgRcvd MsgSent OutQ Up/Down State 4.4.4.9 4 100 7 8 0 00:02:47 Established [PE1] display isis peer Peer information for ISIS(1)

PrefRcv 0

3-150

Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd.

Issue 03 (2008-09-22)

Quidway NetEngine80E/40E Core Router Configuration Guide - VPN

3 BGP/MPLS IP VPN Configuration


---------------------------Circuit Id State HoldTime 002 Up 26s

System Id Interface PRI 0000.0000.0005 P2/0/0 -Total Peer(s): 1

Type L1L2

2.

Configure Level 2 carrier's network. Adopt IS-IS as IGP and enable LDP between PE3 and CE1, PE4 and CE2 respectively. # Configure PE3.
<Quidway> system-view [Quidway] sysname PE3 [PE3] interface loopback 1 [PE3-LoopBack1] ip address 1.1.1.9 32 [PE3-LoopBack1] quit [PE3] mpls lsr-id 1.1.1.9 [PE3] mpls [PE3-mpls] quit [PE3] mpls ldp [PE3-mpls-ldp] quit [PE3] isis 2 [PE3-isis-2] network-entity 10.0000.0000.0001.00 [PE3-isis-2] quit [PE3] interface loopback 1 [PE3-LoopBack1] isis enable 2 [PE3-LoopBack1] quit [PE3] interface pos 2/0/0 [PE3-Pos2/0/0] ip address 10.1.1.1 24 [PE3-Pos2/0/0] isis enable 2 [PE3-Pos2/0/0] mpls [PE3-Pos2/0/0] mpls ldp [PE3-Pos2/0/0] quit

# Configure CE1.
<Quidway> system-view [Quidway] sysname CE1 [CE1] interface loopback 1 [CE1-LoopBack1] ip address 2.2.2.9 32 [CE1-LoopBack1] quit [CE1] mpls lsr-id 2.2.2.9 [CE1] mpls [CE1-mpls] quit [CE1] mpls ldp [CE1-mpls-ldp] quit [CE1] isis 2 [CE1-isis-2] network-entity 10.0000.0000.0002.00 [CE1-isis-2] quit [CE1] interface loopback 1 [CE1-LoopBack1] isis enable 2 [CE1-LoopBack1] quit [CE1] interface pos 1/0/0 [CE1-Pos1/0/0] ip address 10.1.1.2 24 [CE1-Pos1/0/0] isis enable 2 [CE1-Pos1/0/0] mpls [CE1-Pos1/0/0] mpls ldp [CE1-Pos1/0/0] quit

After the configuration, the LDP session and IS-IS neighbor relationship should be established between the PE3 and the CE1.
NOTE

The configurations of PE4 and CE2 are similar to that of PE3 and CE1. Their configurations are not mentioned here.

3.

Configure CEs of the Level 1 carrier to access PEs of the Level 1 carrier. # Configure PE1.
[PE1] ip vpn-instance vpn1

Issue 03 (2008-09-22)

Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd.

3-151

3 BGP/MPLS IP VPN Configuration

Quidway NetEngine80E/40E Core Router Configuration Guide - VPN

[PE1-vpn-instance-vpn1] route-distinguisher 200:1 [PE1-vpn-instance-vpn1] vpn-target 1:1 both [PE1-vpn-instance-vpn1] quit [PE1] bgp 100 [PE1-bgp] ipv4-family vpn-instance vpn1 [PE1-bgp-vpn1] import-route isis 2 [PE1-bgp-vpn1] quit [PE1-bgp] quit [PE1] mpls ldp vpn-instance vpn1 [PE1-mpls-ldp-vpn-instance-vpn1] quit [PE1] isis 2 vpn-instance vpn1 [PE1-isis-2] network-entity 10.0000.0000.0003.00 [PE1-isis-2] import-route bgp [PE1-isis-2] quit [PE1] interface pos 1/0/0 [PE1-Pos1/0/0] ip binding vpn-instance vpn1 [PE1-Pos1/0/0] ip address 11.1.1.2 24 [PE1-Pos1/0/0] isis enable 2 [PE1-Pos1/0/0] mpls [PE1-Pos1/0/0] mpls ldp [PE1-Pos1/0/0] mpls ldp transport-address interface

# Configure CE1.
[CE1] interface pos 2/0/0 [CE1-Pos2/0/0] ip address 11.1.1.1 24 [CE1-Pos2/0/0] isis enable 2 [CE1-Pos2/0/0] mpls [CE1-Pos2/0/0] mpls ldp [CE1-Pos2/0/0] mpls ldp transport-address interface [CE1-Pos2/0/0] quit

After the configuration, the LDP session and IS-IS neighbor relationship should be established between PE1 and CE1.
NOTE

The configuration of PE2 and CE2 are similar to that of PE1 and CE1. Their configurations are not mentioned here.

4.

Configure the Level 2 carrier's CE and PE so that the CE can access the PE. # Configure CE3.
<Quidway> system-view [Quidway] sysname CE3 [CE3] interface gigabitethernet 1/0/0 [CE3-GigabitEthernet1/0/0] ip address 100.1.1.1 24 [CE3-GigabitEthernet1/0/0] quit [CE3] bgp 65410 [CE3-bgp] peer 100.1.1.2 as-number 100 [CE3-bgp] import-route direct [CE3-bgp] quit

# Configure PE3.
[PE3] ip vpn-instance vpn1 [PE3-vpn-instance-vpn1] route-distinguisher 100:1 [PE3-vpn-instance-vpn1] vpn-target 1:1 both [PE3-vpn-instance-vpn1] quit [PE3] interface gigabitethernet 1/0/0 [PE3-GigabitEthernet1/0/0] ip binding vpn-instance vpn1 [PE3-GigabitEthernet1/0/0] ip address 100.1.1.2 24 [PE3-GigabitEthernet1/0/0] quit [PE3] bgp 100 [PE3-bgp] ipv4-family vpn-instance vpn1 [PE3-bgp-vpn1] peer 100.1.1.1 as-number 65410 [PE3-bgp-vpn1] import-route direct [PE3-bgp-vpn1] quit [PE3-bgp] quit

After the configuration, you can view that the BGP peer is set up between CE3 and PE3 and the peer status is "Established".
3-152 Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd. Issue 03 (2008-09-22)

Quidway NetEngine80E/40E Core Router Configuration Guide - VPN


NOTE

3 BGP/MPLS IP VPN Configuration

The configurations of PE4 and CE4 are similar to that of PE3 and CE3. Their configurations are not mentioned here.

5.

Establish MP-IBGP peers between Level 2 carrier's PEs to switch VPN routes of Level 2 carrier's CEs. # Configure PE3.
[PE3] bgp 100 [PE3-bgp] peer 6.6.6.9 as-number 100 [PE3-bgp] peer 6.6.6.9 connect-interface loopback 1 [PE3-bgp] ipv4-family vpnv4 [PE3-bgp-af-vpnv4] peer 6.6.6.9 enable [PE3-bgp-af-vpnv4] quit [PE3-bgp] quit
NOTE

The configuration of the PE4 is similar to that of the PE3 and is not mentioned here.

6.

Verify the configuration. After all the configurations, run the display ip routing-table command on PE1 and PE2 to find that the public routing table on PE1 and PE2 contain only the Level 1 carrier's routes. Consider PE1 as an example:
[PE1] display ip routing-table Route Flags: R - relied, D - download to fib -----------------------------------------------------------------------------Routing Tables: Public Destinations : 7 Routes : 7 Destination/Mask Proto Pre Cost Flags NextHop Interface 3.3.3.9/32 Direct 0 0 D 127.0.0.1 InLoopBack0 4.4.4.9/32 ISIS 15 10 D 30.1.1.2 Pos2/0/0 30.1.1.0/24 Direct 0 0 D 30.1.1.1 Pos2/0/0 30.1.1.1/32 Direct 0 0 D 127.0.0.1 InLoopBack0 30.1.1.2/32 Direct 0 0 D 30.1.1.2 Pos2/0/0 127.0.0.0/8 Direct 0 0 D 127.0.0.1 InLoopBack0 127.0.0.1/32 Direct 0 0 D 127.0.0.1 InLoopBack0

Run the display ip routing-table vpn-instance command on PE1 and PE2, to find that the VPN routing table does not contain the external but the internal routes of the Level 2 carrier. Consider PE1 as an example:
[PE1] display ip routing-table vpn-instance vpn1 Route Flags: R - relied, D - download to fib -----------------------------------------------------------------------------Routing Tables: vpn1 Destinations : 10 Routes : 10 Destination/Mask Proto Pre Cost Flags NextHop Interface 1.1.1.9/32 ISIS 15 20 D 11.1.1.1 Pos1/0/0 2.2.2.9/32 ISIS 15 10 D 11.1.1.1 Pos1/0/0 5.5.5.9/32 BGP 255 0 RD 4.4.4.9 Pos2/0/0 6.6.6.9/32 BGP 255 0 RD 4.4.4.9 Pos2/0/0 10.1.1.0/24 ISIS 15 20 D 11.1.1.1 Pos1/0/0 11.1.1.0/24 Direct 0 0 D 11.1.1.1 Pos1/0/0 11.1.1.1/32 Direct 0 0 D 127.0.0.1 InLoopBack0 11.1.1.2/32 Direct 0 0 D 11.1.1.2 Pos1/0/0 20.1.1.0/24 BGP 255 0 RD 4.4.4.9 Pos2/0/0 21.1.1.0/24 BGP 255 0 RD 4.4.4.9 Pos2/0/0

Run the display ip routing-table command on CE1 and CE2 to find that the public routing table does not contain external but internal routes of the Level 2 carrier. Consider CE1 as an example:
[CE1] display ip routing-table Route Flags: R - relied, D - download to fib -----------------------------------------------------------------------------Routing Tables: Public

Issue 03 (2008-09-22)

Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd.

3-153

3 BGP/MPLS IP VPN Configuration


Destinations : 14 Destination/Mask Proto Pre 1.1.1.9/32 ISIS 15 2.2.2.9/32 Direct 0 5.5.5.9/32 ISIS 15 6.6.6.9/32 ISIS 15 10.1.1.0/24 Direct 0 10.1.1.1/32 Direct 0 10.1.1.2/32 Direct 0 11.1.1.0/24 Direct 0 11.1.1.1/32 Direct 0 11.1.1.2/32 Direct 0 20.1.1.0/24 ISIS 15 21.1.1.0/24 ISIS 15 127.0.0.0/8 Direct 0 127.0.0.1/32 Direct 0

Quidway NetEngine80E/40E Core Router Configuration Guide - VPN


Routes : 14 Cost Flags 10 D 0 D 74 D 74 D 0 D 0 D 0 D 0 D 0 D 0 D 74 D 74 D 0 D 0 D

NextHop 10.1.1.2 127.0.0.1 11.1.1.2 11.1.1.2 10.1.1.2 10.1.1.1 127.0.0.1 11.1.1.1 127.0.0.1 11.1.1.2 11.1.1.2 11.1.1.2 127.0.0.1 127.0.0.1

Interface Pos1/0/0 InLoopBack0 Pos2/0/0 Pos2/0/0 Pos1/0/0 Pos1/0/0 InLoopBack0 Pos2/0/0 InLoopBack0 Pos2/0/0 Pos2/0/0 Pos2/0/0 InLoopBack0 InLoopBack0

Run the display ip routing-table command on PE3 and PE4 to find that the internal routes of the Level 2 carrier are contained in the public routing table. Consider PE3 as an example:
[PE3] display ip routing-table Route Flags: R - relied, D - download to fib -----------------------------------------------------------------------------Routing Tables: Public Destinations : 13 Routes : 13 Destination/Mask Proto Pre Cost Flags NextHop Interface 1.1.1.9/32 Direct 0 0 D 127.0.0.1 InLoopBack0 2.2.2.9/32 ISIS 15 10 D 10.1.1.2 Pos2/0/0 5.5.5.9/32 ISIS 15 84 D 10.1.1.2 Pos2/0/0 6.6.6.9/32 ISIS 15 84 D 10.1.1.2 Pos2/0/0 10.1.1.0/24 Direct 0 0 D 10.1.1.1 Pos2/0/0 10.1.1.1/32 Direct 0 0 D 127.0.0.1 InLoopBack0 10.1.1.2/32 Direct 0 0 D 10.1.1.2 Pos2/0/0 11.1.1.0/24 ISIS 15 20 D 10.1.1.2 Pos2/0/0 20.1.1.0/24 ISIS 15 84 D 10.1.1.2 Pos2/0/0 20.1.1.1/32 BGP 255 0 RD 6.6.6.9 Pos2/0/0 21.1.1.0/24 ISIS 15 84 D 10.1.1.2 Pos2/0/0 127.0.0.0/8 Direct 0 0 D 127.0.0.1 InLoopBack0 127.0.0.1/32 Direct 0 0 D 127.0.0.1 InLoopBack0

Run the display ip routing-table vpn-instance command on PE3 and PE4 to find that the routes of the remote CEs, that is, the external routes of the Level 2 carrier, are contained in the VPN routing table. Consider PE3 as an example:
[PE3] display ip routing-table vpn-instance vpn1 Route Flags: R - relied, D - download to fib -----------------------------------------------------------------------------Routing Tables: vpn1 Destinations : 3 Routes : 3 Destination/Mask Proto Pre Cost Flags NextHop Interface 100.1.1.0/24 Direct 0 0 D 100.1.1.2 GigabitEthernet1/0/0 100.1.1.2/32 Direct 0 0 D 127.0.0.1 InLoopBack0 120.1.1.0/24 BGP 255 0 RD 6.6.6.9 Pos2/0/0

PE3 and PE4 can ping through each other:


[PE3] ping 20.1.1.2 PING 20.1.1.2: 56 data bytes, press CTRL_C to break Reply from 20.1.1.2: bytes=56 Sequence=1 ttl=252 time=127 ms Reply from 20.1.1.2: bytes=56 Sequence=2 ttl=252 time=97 ms Reply from 20.1.1.2: bytes=56 Sequence=3 ttl=252 time=83 ms Reply from 20.1.1.2: bytes=56 Sequence=4 ttl=252 time=70 ms Reply from 20.1.1.2: bytes=56 Sequence=5 ttl=252 time=60 ms --- 20.1.1.2 ping statistics --5 packet(s) transmitted 5 packet(s) received 0.00% packet loss round-trip min/avg/max = 60/87/127 ms

3-154

Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd.

Issue 03 (2008-09-22)

Quidway NetEngine80E/40E Core Router Configuration Guide - VPN

3 BGP/MPLS IP VPN Configuration

CE3 and CE4 can ping through each other:


[CE3] ping 120.1.1.1 PING 120.1.1.1: 56 data bytes, press CTRL_C to break Reply from 120.1.1.1: bytes=56 Sequence=1 ttl=252 time=102 ms Reply from 120.1.1.1: bytes=56 Sequence=2 ttl=252 time=69 ms Reply from 120.1.1.1: bytes=56 Sequence=3 ttl=252 time=105 ms Reply from 120.1.1.1: bytes=56 Sequence=4 ttl=252 time=88 ms Reply from 120.1.1.1: bytes=56 Sequence=5 ttl=252 time=87 ms --- 120.1.1.1 ping statistics --5 packet(s) transmitted 5 packet(s) received 0.00% packet loss round-trip min/avg/max = 69/90/105 ms

Configuration Files
l

Configuration file of CE3


# sysname CE3 # interface GigabitEthernet1/0/0 ip address 100.1.1.1 255.255.255.0 # bgp 65410 peer 100.1.1.2 as-number 100 # ipv4-family unicast undo synchronization import-route direct peer 100.1.1.2 enable # return

Configuration file of PE3


# sysname PE3 # ip vpn-instance vpn1 route-distinguisher 100:1 vpn-target 1:1 export-extcommunity vpn-target 1:1 import-extcommunity # mpls lsr-id 1.1.1.9 mpls # mpls ldp # isis 2 network-entity 10.0000.0000.0001.00 # interface GigabitEthernet1/0/0 ip binding vpn-instance vpn1 ip address 100.1.1.2 255.255.255.0 # interface Pos2/0/0 link-protocol ppp ip address 10.1.1.1 255.255.255.0 isis enable 2 mpls mpls ldp # interface LoopBack1 ip address 1.1.1.9 255.255.255.255 isis enable 2 # bgp 100 peer 6.6.6.9 as-number 100 peer 6.6.6.9 connect-interface LoopBack1

Issue 03 (2008-09-22)

Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd.

3-155

3 BGP/MPLS IP VPN Configuration


# ipv4-family unicast undo synchronization peer 6.6.6.9 enable # ipv4-family vpnv4 policy vpn-target peer 6.6.6.9 enable # ipv4-family vpn-instance vpn1 peer 100.1.1.1 as-number 65410 import-route direct # return l

Quidway NetEngine80E/40E Core Router Configuration Guide - VPN

Configuration file of CE1


# sysname CE1 # mpls lsr-id 2.2.2.9 mpls # mpls ldp # isis 2 network-entity 10.0000.0000.0002.00 # interface Pos1/0/0 link-protocol ppp ip address 10.1.1.2 255.255.255.0 isis enable 2 mpls mpls ldp # interface Pos2/0/0 link-protocol ppp ip address 11.1.1.1 255.255.255.0 isis enable 2 mpls mpls ldp mpls ldp transport-address interface # interface LoopBack1 ip address 2.2.2.9 255.255.255.255 isis enable 2 # return

Configuration file of PE1


# sysname PE1 # ip vpn-instance vpn1 route-distinguisher 200:1 vpn-target 1:1 export-extcommunity vpn-target 1:1 import-extcommunity # mpls lsr-id 3.3.3.9 mpls # mpls ldp # mpls ldp vpn-instance vpn1 # isis 1 network-entity 10.0000.0000.0004.00 # isis 2 vpn-instance vpn1 network-entity 10.0000.0000.0003.00 import-route bgp

3-156

Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd.

Issue 03 (2008-09-22)

Quidway NetEngine80E/40E Core Router Configuration Guide - VPN


# interface Pos1/0/0 link-protocol ppp ip binding vpn-instance vpn1 ip address 11.1.1.2 255.255.255.0 isis enable 2 mpls mpls ldp # interface Pos2/0/0 link-protocol ppp ip address 30.1.1.1 255.255.255.0 isis enable 1 mpls mpls ldp # interface LoopBack1 ip address 3.3.3.9 255.255.255.255 isis enable 1 # bgp 100 peer 4.4.4.9 as-number 100 peer 4.4.4.9 connect-interface LoopBack1 # ipv4-family unicast undo synchronization peer 4.4.4.9 enable # ipv4-family vpnv4 policy vpn-target peer 4.4.4.9 enable # ipv4-family vpn-instance vpn1 import-route isis 2 # return l

3 BGP/MPLS IP VPN Configuration

Configuration file of PE2


# sysname PE2 # ip vpn-instance vpn1 route-distinguisher 200:2 vpn-target 1:1 export-extcommunity vpn-target 1:1 import-extcommunity # mpls lsr-id 4.4.4.9 mpls # mpls ldp # mpls ldp vpn-instance vpn1 # isis 1 network-entity 10.0000.0000.0005.00 # isis 2 vpn-instance vpn1 network-entity 10.0000.0000.0006.00 import-route bgp # interface Pos1/0/0 link-protocol ppp ip address 30.1.1.2 255.255.255.0 isis enable 1 mpls mpls ldp # interface Pos2/0/0 link-protocol ppp ip binding vpn-instance vpn1

Issue 03 (2008-09-22)

Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd.

3-157

3 BGP/MPLS IP VPN Configuration


ip address 21.1.1.1 255.255.255.0 isis enable 2 mpls mpls ldp # interface LoopBack1 ip address 4.4.4.9 255.255.255.255 isis enable 1 # bgp 100 peer 3.3.3.9 as-number 100 peer 3.3.3.9 connect-interface LoopBack1 # ipv4-family unicast undo synchronization peer 3.3.3.9 enable # ipv4-family vpnv4 policy vpn-target peer 3.3.3.9 enable # ipv4-family vpn-instance vpn1 import-route isis 2 # return l

Quidway NetEngine80E/40E Core Router Configuration Guide - VPN

Configuration file of CE2


# sysname CE2 # mpls lsr-id 5.5.5.9 mpls # mpls ldp # isis 2 network-entity 10.0000.0000.0007.00 # interface Pos1/0/0 link-protocol ppp ip address 21.1.1.2 255.255.255.0 isis enable 2 mpls mpls ldp mpls ldp transport-address interface # interface Pos2/0/0 link-protocol ppp ip address 20.1.1.1 255.255.255.0 isis enable 2 mpls mpls ldp # interface LoopBack1 ip address 5.5.5.9 255.255.255.255 isis enable 2 # return

Configuration file of PE4


# sysname PE4 # ip vpn-instance vpn1 route-distinguisher 100:2 vpn-target 1:1 export-extcommunity vpn-target 1:1 import-extcommunity # mpls lsr-id 6.6.6.9 mpls

3-158

Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd.

Issue 03 (2008-09-22)

Quidway NetEngine80E/40E Core Router Configuration Guide - VPN


# mpls ldp # isis 2 network-entity 10.0000.0000.0008.00 # interface GigabitEthernet1/0/0 ip binding vpn-instance vpn1 ip address 120.1.1.2 255.255.255.0 # interface Pos2/0/0 link-protocol ppp ip address 20.1.1.2 255.255.255.0 isis enable 2 mpls mpls ldp # interface LoopBack1 ip address 6.6.6.9 255.255.255.255 isis enable 2 # bgp 100 peer 1.1.1.9 as-number 100 peer 1.1.1.9 connect-interface LoopBack1 # ipv4-family unicast undo synchronization import-route direct peer 1.1.1.9 enable # ipv4-family vpnv4 policy vpn-target peer 1.1.1.9 enable # ipv4-family vpn-instance vpn1 peer 120.1.1.1 as-number 65420 import-route direct # return l

3 BGP/MPLS IP VPN Configuration

Configuration file of CE4


# sysname CE4 # interface GigabitEthernet1/0/0 ip address 120.1.1.1 255.255.255.0 # bgp 65420 peer 120.1.1.2 as-number 100 # ipv4-family unicast undo synchronization import-route direct peer 120.1.1.2 enable # return

3.21.9 Example for Configuring the Carrier's Carrier (Inter-AS)


Networking Requirements
As shown in Figure 3-10, the Level 1 carrier and the Level 2 carrier are in different ASs. The Level 2 carrier provides BGP/MPLS IP VPN service for its customers. Different from Example for Configuring Carrier's Carrier in the Same AS, the Level 1 carrier and the Level 2 carrier in this example are in different ASs.
Issue 03 (2008-09-22) Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd. 3-159

3 BGP/MPLS IP VPN Configuration

Quidway NetEngine80E/40E Core Router Configuration Guide - VPN

Figure 3-10 Networking diagram of the carrier's carrier configuration (inter-AS)


AS:100 AS:100 Provider carrier
Loopback1 3.3.3.9/32 POS2/0/0 30.1.1.1/24 POS1/0/0 30.1.1.2/24 Loopback1 4.4.4.9/32

PE1
POS1/0/0 11.1.1.2/24

PE2
POS2/0/0 21.1.1.1/24

Loopback1 Customer carrier 1.1.1.9/32 POS2/0/0 10.1.1.1/24 POS1/0/0 10.1.1.2/24 GE1/0/0 100.1.1.2/24

AS: 200

AS: 300 Customer carrier Loopback1


POS2/0/0 11.1.1.1/24 POS1/0/0 21.1.1.2/24 6.6.6.9/32 POS2/0/0 20.1.1.2/24

CE1
Loopback1 2.2.2.9/32

CE2

PE3

POS2/0/0 20.1.1.1/24 GE1/0/0 Loopback1 120.1.1.2/24 5.5.5.9/32

PE4

MP-EBGP
GE1/0/0 100.1.1.1/24 GE1/0/0 120.1.1.1/24

CE3

AS:65410

AS:65420

CE4

Configuration Roadmap
The configuration roadmap is as follows: 1. Configure the two types of routes exchange as follows:
l

The exchange of the internal route of the level 2 carrier on the backbone network of level 1 carrier: configure the level 2 carrier to access the level 1 carrier as the level 1 carrier's CE. The exchange of the external route of the level 2 carrier between the PE devices of the level 2 carrier: set up the MP-EBGP peer relationship between the PE devices (PE3 and PE4) of the level 2 carrier.

2.

Configuring the labeled MP-EBGP between the PE of the level 1 carrier and the CE of the level 2 carrier that are located in different ASs

Data Preparation
To configure the inter-AS carrier's carrier, you need the following data:
l

MPLS LSR ID on the PE of the level 1 carrier, MPLS LSR ID on the PE and the CE of the level 2 carrier Data for configuring IGP (The IS-IS process number of the IGP protocol running on the PE and the CE of the level 2 carrier is the same with that used when the CE of the level 2
Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd. Issue 03 (2008-09-22)

3-160

Quidway NetEngine80E/40E Core Router Configuration Guide - VPN

3 BGP/MPLS IP VPN Configuration

carrier accesses the level 1 carrier. However, it is different with that on the PE of the level 1 carrier.)
l l

The name of the VPN instance configured on the PE, RD and VPN-target Two routing policies configured on the CE of the level 2 carrier

Configuration Procedure
1. Configure BGP/MPLS IP VPN on the Level 1 carrier backbone network. Configure IS-IS as the IGP protocol of the backbone network. Enable LDP between PE1 and PE2. Establish MP-IBGP peer relationship. The specific configuration procedures are not mentioned here.
NOTE

During the configuration of IGP, note that the 32-bit Loopback interface address of each PE needs to be advertised.

2.

Configure the Level 2 carrier network. Configure IS-IS as the IGP protocol. Enable LDP between the PE3 and the CE1, and between the PE4 and the CE2 respectively. The configuration procedures are similar to those in Example for Configuring Carrier's Carrier in the Same AS and not mentioned here.
NOTE

During the IGP protocol configuration, note that the 32-bit Loopback interface address of each PE and CE needs to be advertised.

3.

Configure the Level 2 carrier CE to access the Level 1 carrier PE and configure the exchange of labeled IPv4 routes between them. # Configure CE1 to exchange labeled IPv4 routes with PE3 and PE1.
<CE1> system-view [CE1] interface pos 2/0/0 [CE1-Pos2/0/0] ip address 11.1.1.1 24 [CE1-Pos2/0/0] mpls [CE1-Pos2/0/0] quit [CE1] route-policy policy1 permit node 1 [CE1-route-policy] apply mpls-label [CE1-route-policy] quit [CE1] route-policy policy2 permit node 1 [CE1-route-policy] if-match mpls-label [CE1-route-policy] apply mpls-label [CE1-route-policy] quit [CE1] bgp 200 [CE1-bgp] peer 1.1.1.9 as-number 200 [CE1-bgp] peer 1.1.1.9 connect-interface loopback 1 [CE1-bgp] peer 1.1.1.9 route-policy policy2 export [CE1-bgp] peer 1.1.1.9 label-route-capability [CE1-bgp] peer 11.1.1.2 as-number 100 [CE1-bgp] peer 11.1.1.2 route-policy policy1 export [CE1-bgp] peer 11.1.1.2 label-route-capability [CE1-bgp] import-route isis 2 [CE1-bgp] quit

# Configure PE1 to exchange labeled IPv4 routes with CE1.


<PE1> system-view [PE1] ip vpn-instance vpn1 [PE1-vpn-instance-vpn1] route-distinguisher 200:1 [PE1-vpn-instance-vpn1] vpn-target 1:1 both [PE1-vpn-instance-vpn1] quit [PE1] interface pos 1/0/0 [PE1-Pos1/0/0] ip binding vpn-instance vpn1 [PE1-Pos1/0/0] ip address 11.1.1.2 24 [PE1-Pos1/0/0] mpls

Issue 03 (2008-09-22)

Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd.

3-161

3 BGP/MPLS IP VPN Configuration

Quidway NetEngine80E/40E Core Router Configuration Guide - VPN

[PE1-Pos1/0/0] quit [PE1] route-policy policy1 permit node 1 [PE1-route-policy] apply mpls-label [PE1-route-policy] quit [PE1] bgp 100 [PE1-bgp] ipv4-family vpn-instance vpn1 [PE1-bgp-vpn1] peer 11.1.1.1 as-number 200 [PE1-bgp-vpn1] peer 11.1.1.1 route-policy policy1 export [PE1-bgp-vpn1] peer 11.1.1.1 label-route-capability [PE1-bgp-vpn1] import-route direct [PE1-bgp-vpn1] quit [PE1-bgp] quit

# Configure PE3 to exchange labeled IPv4 routes with CE1.


<PE3> system-view [PE3] bgp 200 [PE3-bgp] peer 2.2.2.9 as-number 200 [PE3-bgp] peer 2.2.2.9 connect-interface loopback 1 [PE3-bgp] peer 2.2.2.9 label-route-capability [PE3-bgp] quit

After the above configuration, the BGP peer relationship is established between CE1 and PE3, and between CE1 and PE1.
[CE1] display bgp peer BGP local router ID : 2.2.2.9 Local AS number : 200 Total number of peers : 2 Peer V AS MsgRcvd MsgSent 1.1.1.9 4 200 7 8 11.1.1.2 4 100 3 4
NOTE

Peers in established state : 2 OutQ Up/Down State PrefRcv 0 00:04:07 Established 0 0 00:00:08 Established 0

The configuration procedures of PE4, CE2 and PE2 are similar to those of PE3, CE1 and PE1, and are not mentioned here.

4.

Configure the Level 2 carrier's customer to access the Level 2 carrier PE. The specific configurations are the same as those in Example for Configuring Carrier's Carrier in the Same AS and are not mentioned here.

5.

Establish MP-EBGP peer relationship between the Level 2 carrier PEs to exchange VPN routes of the Level 2 carrier's customer. # Configure PE3.
<PE3> system-view [PE3] bgp 200 [PE3-bgp] peer 6.6.6.9 as-number 300 [PE3-bgp] peer 6.6.6.9 connect-interface loopback 1 [PE3-bgp] peer 6.6.6.9 ebgp-max-hop 10 [PE3-bgp] ipv4-family vpnv4 [PE3-bgp-af-vpnv4] peer 6.6.6.9 enable [PE3-bgp-af-vpnv4] quit [PE3-bgp] quit

# Configure PE4.
<PE4> system-view [PE4] bgp 300 [PE4-bgp] peer 1.1.1.9 as-number 200 [PE4-bgp] peer 1.1.1.9 connect-interface loopback 1 [PE4-bgp] peer 1.1.1.9 ebgp-max-hop 10 [PE4-bgp] ipv4-family vpnv4 [PE4-bgp-af-vpnv4] peer 1.1.1.9 enable [PE4-bgp-af-vpnv4] quit [PE4-bgp] quit

6.

Verify the configuration. After the configuration, run the display ip routing-table command on PE1 and PE2 to see that the public routing table contains only the route of the Level 1 carrier network.

3-162

Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd.

Issue 03 (2008-09-22)

Quidway NetEngine80E/40E Core Router Configuration Guide - VPN

3 BGP/MPLS IP VPN Configuration

Consider PE1 as an example:


[PE1] display ip routing-table Route Flags: R - relied, D - download to fib -----------------------------------------------------------------------------Routing Tables: Public Destinations : 7 Routes : 7 Destination/Mask Proto Pre Cost Flags NextHop Interface 3.3.3.9/32 Direct 0 0 D 127.0.0.1 InLoopBack0 4.4.4.9/32 ISIS 15 10 D 30.1.1.2 Pos2/0/0 30.1.1.0/24 Direct 0 0 D 30.1.1.1 Pos2/0/0 30.1.1.1/32 Direct 0 0 D 127.0.0.1 InLoopBack0 30.1.1.2/32 Direct 0 0 D 30.1.1.2 Pos2/0/0 127.0.0.0/8 Direct 0 0 D 127.0.0.1 InLoopBack0 127.0.0.1/32 Direct 0 0 D 127.0.0.1 InLoopBack0

Run the display ip routing-table vpn-instance command on PE1 and PE2 to see that the VPN routing table does not contain the external but internal routes of the Level 2 carrier. Consider PE1 as an example:
[PE1] display ip routing-table vpn-instance vpn1 Route Flags: R - relied, D - download to fib -----------------------------------------------------------------------------Routing Tables: vpn1 Destinations : 11 Routes : 11 Destination/Mask Proto Pre Cost Flags NextHop Interface 1.1.1.9/32 BGP 255 10 D 11.1.1.1 Pos1/0/0 2.2.2.9/32 BGP 255 0 D 11.1.1.1 Pos1/0/0 5.5.5.9/32 BGP 255 0 RD 4.4.4.9 Pos2/0/0 6.6.6.9/32 BGP 255 10 RD 4.4.4.9 Pos2/0/0 10.1.1.0/24 BGP 255 0 D 11.1.1.1 Pos1/0/0 11.1.1.0/24 Direct 0 0 D 11.1.1.2 Pos1/0/0 11.1.1.1/32 Direct 0 0 D 11.1.1.1 Pos1/0/0 11.1.1.2/32 Direct 0 0 D 127.0.0.1 InLoopBack0 20.1.1.0/24 BGP 255 0 RD 4.4.4.9 Pos2/0/0 21.1.1.0/24 BGP 255 0 RD 4.4.4.9 Pos2/0/0 21.1.1.2/32 BGP 255 0 RD 4.4.4.9 Pos2/0/0

Run the display ip routing-table command on CE1 and CE2 to see that the public routing table does not contain external but internal routes of the Level 2 carrier. Consider CE1 as an example:
[CE1] display ip routing-table Route Flags: R - relied, D - download to fib -----------------------------------------------------------------------------Routing Tables: Public Destinations : 15 Routes : 15 Destination/Mask Proto Pre Cost Flags NextHop Interface 1.1.1.9/32 ISIS 15 10 D 10.1.1.1 Pos1/0/0 2.2.2.9/32 Direct 0 0 D 127.0.0.1 InLoopBack0 5.5.5.9/32 BGP 255 0 D 11.1.1.2 Pos2/0/0 6.6.6.9/32 BGP 255 0 D 11.1.1.2 Pos2/0/0 10.1.1.0/24 Direct 0 0 D 10.1.1.2 Pos1/0/0 10.1.1.1/32 Direct 0 0 D 10.1.1.1 Pos1/0/0 10.1.1.2/32 Direct 0 0 D 127.0.0.1 InLoopBack0 11.1.1.0/24 Direct 0 0 D 11.1.1.1 Pos2/0/0 11.1.1.1/32 Direct 0 0 D 127.0.0.1 InLoopBack0 11.1.1.2/32 Direct 0 0 D 11.1.1.2 Pos2/0/0 20.1.1.0/24 BGP 255 0 D 11.1.1.2 Pos2/0/0 21.1.1.0/24 BGP 255 0 D 11.1.1.2 Pos2/0/0 21.1.1.2/32 BGP 255 0 D 11.1.1.2 Pos2/0/0 127.0.0.0/8 Direct 0 0 D 127.0.0.1 InLoopBack0 127.0.0.1/32 Direct 0 0 D 127.0.0.1 InLoopBack0

Run the display ip routing-table command on PE3 and PE4 to see that the public routing table contains the internal route of the Level 2 carrier. Consider PE3 as an example:
[PE3] display ip routing-table Route Flags: R - relied, D - download to fib

Issue 03 (2008-09-22)

Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd.

3-163

3 BGP/MPLS IP VPN Configuration

Quidway NetEngine80E/40E Core Router Configuration Guide - VPN

-----------------------------------------------------------------------------Routing Tables: Public Destinations : 14 Routes : 14 Destination/Mask Proto Pre Cost Flags NextHop Interface 1.1.1.9/32 Direct 0 0 D 127.0.0.1 InLoopBack0 2.2.2.9/32 ISIS 15 10 D 10.1.1.2 Pos2/0/0 5.5.5.9/32 BGP 255 0 RD 2.2.2.9 Pos2/0/0 6.6.6.9/32 BGP 255 0 RD 2.2.2.9 Pos2/0/0 10.1.1.0/24 Direct 0 0 D 10.1.1.1 Pos2/0/0 10.1.1.1/32 Direct 0 0 D 127.0.0.1 InLoopBack0 10.1.1.2/32 Direct 0 0 D 10.1.1.2 Pos2/0/0 11.1.1.0/24 BGP 255 0 RD 6.6.6.9 Pos2/0/0 11.1.1.1/32 BGP 255 0 RD 6.6.6.9 Pos2/0/0 20.1.1.0/24 BGP 255 0 RD 2.2.2.9 Pos2/0/0 21.1.1.0/24 BGP 255 0 RD 2.2.2.9 Pos2/0/0 21.1.1.2/32 BGP 255 0 RD 2.2.2.9 Pos2/0/0 127.0.0.0/8 Direct 0 0 D 127.0.0.1 InLoopBack0 127.0.0.1/32 Direct 0 0 D 127.0.0.1 InLoopBack0

Running the display ip routing-table vpn-instance command on PE3 and PE4 to see that the external routes of the Level 2 carrier are contained in the VPN routing table. Consider PE3 as an example:
[PE3] display ip routing-table vpn-instance vpn1 Route Flags: R - relied, D - download to fib -----------------------------------------------------------------------------Routing Tables: vpn1 Destinations : 3 Routes : 3 Destination/Mask Proto Pre Cost Flags NextHop Interface 100.1.1.0/24 Direct 0 0 D 100.1.1.2 GigabitEthernet1/0/0 100.1.1.2/32 Direct 0 0 D 127.0.0.1 InLoopBack0 120.1.1.0/24 BGP 255 0 RD 6.6.6.9 Pos2/0/0

PE3 and PE4 can ping through each other.


[PE3] ping 20.1.1.2 PING 20.1.1.2: 56 data bytes, press CTRL_C to break Reply from 20.1.1.2: bytes=56 Sequence=1 ttl=251 time=116 ms Reply from 20.1.1.2: bytes=56 Sequence=2 ttl=251 time=92 ms Reply from 20.1.1.2: bytes=56 Sequence=3 ttl=251 time=118 ms Reply from 20.1.1.2: bytes=56 Sequence=4 ttl=251 time=103 ms Reply from 20.1.1.2: bytes=56 Sequence=5 ttl=251 time=121 ms --- 20.1.1.2 ping statistics --5 packet(s) transmitted 5 packet(s) received 0.00% packet loss round-trip min/avg/max = 92/110/121 ms

CE3 and CE4 can ping through each other.


[CE3] ping 120.1.1.1 PING 120.1.1.1: 56 data bytes, press CTRL_C to break Reply from 120.1.1.1: bytes=56 Sequence=1 ttl=251 time=65 ms Reply from 120.1.1.1: bytes=56 Sequence=2 ttl=251 time=114 ms Reply from 120.1.1.1: bytes=56 Sequence=3 ttl=251 time=80 ms Reply from 120.1.1.1: bytes=56 Sequence=4 ttl=251 time=88 ms Reply from 120.1.1.1: bytes=56 Sequence=5 ttl=251 time=105 ms --- 120.1.1.1 ping statistics --5 packet(s) transmitted 5 packet(s) received 0.00% packet loss round-trip min/avg/max = 65/90/114 ms

Configuration Files
l

Configuration file of CE3


# sysname CE3 # interface GigabitEthernet1/0/0

3-164

Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd.

Issue 03 (2008-09-22)

Quidway NetEngine80E/40E Core Router Configuration Guide - VPN


ip address 100.1.1.1 255.255.255.0 # bgp 65410 peer 100.1.1.2 as-number 200 # ipv4-family unicast undo synchronization import-route direct peer 100.1.1.2 enable # return l

3 BGP/MPLS IP VPN Configuration

Configuration file of PE3


# sysname PE3 # ip vpn-instance vpn1 route-distinguisher 100:1 vpn-target 1:1 export-extcommunity vpn-target 1:1 import-extcommunity # mpls lsr-id 1.1.1.9 mpls # mpls ldp # isis 2 network-entity 10.0000.0000.0001.00 # interface GigabitEthernet1/0/0 ip binding vpn-instance vpn1 ip address 100.1.1.2 255.255.255.0 # interface Pos2/0/0 link-protocol ppp ip address 10.1.1.1 255.255.255.0 isis enable 2 mpls mpls ldp # interface LoopBack1 ip address 1.1.1.9 255.255.255.255 isis enable 2 # bgp 200 peer 2.2.2.9 as-number 200 peer 2.2.2.9 connect-interface LoopBack1 peer 6.6.6.9 as-number 300 peer 6.6.6.9 ebgp-max-hop 10 peer 6.6.6.9 connect-interface LoopBack1 # ipv4-family unicast undo synchronization peer 2.2.2.9 enable peer 2.2.2.9 label-route-capability peer 6.6.6.9 enable # ipv4-family vpnv4 policy vpn-target peer 6.6.6.9 enable # ipv4-family vpn-instance vpn1 peer 100.1.1.1 as-number 65410 import-route direct # return

Configuration file of CE1


# sysname CE1

Issue 03 (2008-09-22)

Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd.

3-165

3 BGP/MPLS IP VPN Configuration


# mpls lsr-id 2.2.2.9 mpls # mpls ldp # isis 2 network-entity 10.0000.0000.0002.00 # interface Pos1/0/0 link-protocol ppp ip address 10.1.1.2 255.255.255.0 isis enable 2 mpls mpls ldp # interface Pos2/0/0 link-protocol ppp ip address 11.1.1.1 255.255.255.0 mpls # interface LoopBack1 ip address 2.2.2.9 255.255.255.255 isis enable 2 # bgp 200 peer 11.1.1.2 as-number 100 peer 1.1.1.9 as-number 200 peer 1.1.1.9 connect-interface LoopBack1 # ipv4-family unicast undo synchronization import-route isis 2 peer 11.1.1.2 enable peer 11.1.1.2 route-policy policy1 export peer 11.1.1.2 label-route-capability peer 1.1.1.9 enable peer 1.1.1.9 route-policy policy2 export peer 1.1.1.9 label-route-capability # route-policy policy1 permit node 1 apply mpls-label route-policy policy2 permit node 2 if-match mpls-label apply mpls-label # return l

Quidway NetEngine80E/40E Core Router Configuration Guide - VPN

Configuration file of PE1


# sysname PE1 # ip vpn-instance vpn1 route-distinguisher 200:1 vpn-target 1:1 export-extcommunity vpn-target 1:1 import-extcommunity # mpls lsr-id 3.3.3.9 mpls # mpls ldp # isis 1 network-entity 10.0000.0000.0004.00 # interface Pos1/0/0 link-protocol ppp ip binding vpn-instance vpn1 ip address 11.1.1.2 255.255.255.0 mpls

3-166

Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd.

Issue 03 (2008-09-22)

Quidway NetEngine80E/40E Core Router Configuration Guide - VPN


# interface Pos2/0/0 link-protocol ppp ip address 30.1.1.1 255.255.255.0 isis enable 1 mpls mpls ldp # interface LoopBack1 ip address 3.3.3.9 255.255.255.255 isis enable 1 # bgp 100 peer 4.4.4.9 as-number 100 peer 4.4.4.9 connect-interface LoopBack1 # ipv4-family unicast undo synchronization peer 4.4.4.9 enable # ipv4-family vpnv4 policy vpn-target peer 4.4.4.9 enable # ipv4-family vpn-instance vpn1 peer 11.1.1.1 as-number 200 peer 11.1.1.1 route-policy policy1 export peer 11.1.1.1 label-route-capability import-route direct # route-policy policy1 permit node 1 apply mpls-label # return l

3 BGP/MPLS IP VPN Configuration

Configuration file of PE2


# sysname PE2 # ip vpn-instance vpn1 route-distinguisher 200:2 vpn-target 1:1 export-extcommunity vpn-target 1:1 import-extcommunity # mpls lsr-id 4.4.4.9 mpls # mpls ldp # isis 1 network-entity 10.0000.0000.0005.00 # interface Pos1/0/0 link-protocol ppp ip address 30.1.1.2 255.255.255.0 isis enable 1 mpls mpls ldp # interface Pos2/0/0 link-protocol ppp ip binding vpn-instance vpn1 ip address 21.1.1.1 255.255.255.0 mpls # interface LoopBack1 ip address 4.4.4.9 255.255.255.255 isis enable 1 # bgp 100

Issue 03 (2008-09-22)

Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd.

3-167

3 BGP/MPLS IP VPN Configuration


peer 3.3.3.9 as-number 100 peer 3.3.3.9 connect-interface LoopBack1 # ipv4-family unicast undo synchronization peer 3.3.3.9 enable # ipv4-family vpnv4 policy vpn-target peer 3.3.3.9 enable # ipv4-family vpn-instance vpn1 peer 21.1.1.2 as-number 300 peer 21.1.1.2 route-policy policy1 export peer 21.1.1.2 label-route-capability import-route direct # route-policy policy1 permit node 1 apply mpls-label # return l

Quidway NetEngine80E/40E Core Router Configuration Guide - VPN

Configuration file of CE2


# sysname CE2 # mpls lsr-id 5.5.5.9 mpls # mpls ldp # isis 2 network-entity 10.0000.0000.0006.00 # interface Pos1/0/0 link-protocol ppp ip address 21.1.1.2 255.255.255.0 mpls # interface Pos2/0/0 link-protocol ppp ip address 20.1.1.1 255.255.255.0 isis enable 2 mpls mpls ldp # interface LoopBack1 ip address 5.5.5.9 255.255.255.255 isis enable 2 # bgp 300 peer 21.1.1.1 as-number 100 peer 6.6.6.9 as-number 300 peer 6.6.6.9 connect-interface LoopBack1 # ipv4-family unicast undo synchronization import-route isis 2 peer 21.1.1.1 enable peer 21.1.1.1 route-policy policy1 export peer 21.1.1.1 label-route-capability peer 6.6.6.9 enable peer 6.6.6.9 route-policy policy2 export peer 6.6.6.9 label-route-capability # route-policy policy1 permit node 1 apply mpls-label route-policy policy2 permit node 1 if-match mpls-label apply mpls-label

3-168

Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd.

Issue 03 (2008-09-22)

Quidway NetEngine80E/40E Core Router Configuration Guide - VPN


# return l

3 BGP/MPLS IP VPN Configuration

Configuration file of PE4


# sysname PE4 # ip vpn-instance vpn1 route-distinguisher 100:2 vpn-target 1:1 export-extcommunity vpn-target 1:1 import-extcommunity # mpls lsr-id 6.6.6.9 mpls # mpls ldp # isis 2 network-entity 10.0000.0000.0007.00 # interface GigabitEthernet1/0/0 ip binding vpn-instance vpn1 ip address 120.1.1.2 255.255.255.0 # interface Pos2/0/0 link-protocol ppp ip address 20.1.1.2 255.255.255.0 isis enable 2 mpls mpls ldp # interface LoopBack1 ip address 6.6.6.9 255.255.255.255 isis enable 2 # bgp 300 peer 5.5.5.9 as-number 300 peer 5.5.5.9 connect-interface LoopBack1 peer 1.1.1.9 as-number 200 peer 1.1.1.9 ebgp-max-hop 10 peer 1.1.1.9 connect-interface LoopBack1 # ipv4-family unicast undo synchronization peer 5.5.5.9 enable peer 5.5.5.9 label-route-capability peer 1.1.1.9 enable # ipv4-family vpnv4 policy vpn-target peer 1.1.1.9 enable # ipv4-family vpn-instance vpn1 peer 120.1.1.1 as-number 65420 import-route direct # return

Configuration file of CE4


# sysname CE4 # interface GigabitEthernet1/0/0 ip address 120.1.1.1 255.255.255.0 # bgp 65420 peer 120.1.1.2 as-number 300 # ipv4-family unicast undo synchronization

Issue 03 (2008-09-22)

Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd.

3-169

3 BGP/MPLS IP VPN Configuration


import-route direct peer 120.1.1.2 enable # return

Quidway NetEngine80E/40E Core Router Configuration Guide - VPN

3.21.10 Example for Configuring HoVPN


Networking Requirements
As shown in Figure 3-11:
l l

CE1 and CE2 belong to VPN-A and the VPN target is 1:1. CE1 accesses the backbone network through the UPE and CE2 accesses the network through the PE. The UPE, the SPE and the PE are interconnected through OSPF.

Figure 3-11 Networking diagram of HoVPN

Loopback1 2.2.2.9./32 Loopback1 1.1.1.9./32 POS2/0/0 172.2.1.1/24

Loopback1 3.3.3.9./32

POS1/0/0 172.1.1.2/24

PE
GE1/0/0 10.2.1.2/24

SPE
POS2/0/0 172.1.1.1/24

POS2/0/0 172.2.1.2/24

UPE GE1/0/0
10.1.1.2/24

AS: 100

GE1/0/0 10.1.1.1/24

GE1/0/0 10.2.1.1/24

CE1 VPN-A AS: 65410 AS: 65420

CE2 VPN-A

Configuration Roadmap
The configuration roadmap is as follows: 1. 2. 3. 4. Configure IGP in the backbone network and ensure the PEs can learn the loopback address from each other. Configure MPLS LSP between PEs. Create the VPN instance on the UPE and set up the EBGP peer relationship between the UPE and the CE1. Create the VPN instance on the PE and set up the EBGP peer relationship between the PE and the CE2.
Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd. Issue 03 (2008-09-22)

3-170

Quidway NetEngine80E/40E Core Router Configuration Guide - VPN

3 BGP/MPLS IP VPN Configuration

5. 6.

Set up the MP-IBGP peer relationship between the UPE and the SPE, the PE and the SPE. Create the VPN instance on the SPE. Specify the UPE as the lower PE, that is, the user layer PE. Advertise the default route of the VPN instance to the UPE.

Data Preparation
To configure HoVPN, you need to know the MPLS LSR-ID of the UPE, SPE and PE

Configuration Procedure
1. Configure OSPF on the MPLS backbone network to implement internetworking. After the configuration, OSPF neighbors are established among UPE, SPE and PE. Run the display ospf peer command to see the neighbors are full. Run the display ip routingtable command to see that PEs know loopback routes from each other. The specific configuration procedures are not mentioned here. 2. Configure basic MPLS capability and MPLS LDP on MPLS backbone networks and establish LDP LSP. After the configuration, LDP session can be established among UPE, SPE and PE. Run the display mpls ldp session command to see that the session state is "Operational". Run the display mpls ldp lsp command to see LDP LSP is established. The specific configuration procedures are not mentioned here. 3. Configure PEs and CEs. # Configure UPE.
<UPE> system-view [UPE] ip vpn-instance vpna [UPE-vpn-instance-vpna] route-distinguisher 100:1 [UPE-vpn-instance-vpna] vpn-target 1:1 [UPE-vpn-instance-vpna] quit [UPE] interface gigabitethernet 1/0/0 [UPE-GigabitEthernet1/0/0] ip binding vpn-instance vpna [UPE-GigabitEthernet1/0/0] ip address 10.1.1.2 24 [UPE-GigabitEthernet1/0/0] quit [UPE] bgp 100 [UPE-bgp] ipv4-family vpn-instance vpna [UPE-bgp-vpna] peer 10.1.1.1 as-number 65410 [UPE-bgp-vpna] import-route direct [UPE-bgp-vpna] quit [UPE-bgp] quit

# Configure CE1.
<Quidway> system-view [Quidway] sysname CE1 [CE1] interface gigabitethernet 1/0/0 [CE1-GigabitEthernet1/0/0] ip address 10.1.1.1 24 [CE1-GigabitEthernet1/0/0] quit [CE1] bgp 65410 [CE1-bgp] peer 10.1.1.2 as-number 100 [CE1-bgp] import-route direct [CE1-bgp] quit

# Configure PE.
<PE> system-view [PE] ip vpn-instance vpna [PE-vpn-instance-vpna] route-distinguisher 100:2 [PE-vpn-instance-vpna] vpn-target 1:1 [PE-vpn-instance-vpna] quit [PE] interface gigabitethernet 1/0/0 [PE-GigabitEthernet1/0/0] ip binding vpn-instance vpna [PE-GigabitEthernet1/0/0] ip address 10.2.1.2 24

Issue 03 (2008-09-22)

Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd.

3-171

3 BGP/MPLS IP VPN Configuration


[PE-GigabitEthernet1/0/0] quit [PE] bgp 100 [PE-bgp] ipv4-family vpn-instance vpna [PE-bgp-vpna] peer 10.2.1.1 as-number 65420 [PE-bgp-vpna] import-route direct [PE-bgp-vpna] quit [PE-bgp] quit

Quidway NetEngine80E/40E Core Router Configuration Guide - VPN

# Configure CE2.
<Quidway> system-view [Quidway] sysname CE2 [CE2] interface gigabitethernet 1/0/0 [CE2-GigabitEthernet1/0/0] ip address 10.2.1.1 24 [CE2-GigabitEthernet1/0/0] quit [CE2] bgp 65420 [CE2-bgp] peer 10.2.1.2 as-number 100 [CE2-bgp] import-route direct [CE2-bgp] quit

After the configuration, run the display ip vpn-instance verbose command on the PE devices to see the configurations of VPN instances. Each PE pings the CEs attached to itself successfully. 4. Configure MP-IBGP peer relationship between UPE and SPE, and between PE and SPE. # Configure UPE.
<UPE> system-view [UPE] bgp 100 [UPE-bgp] peer 2.2.2.9 as-number 100 [UPE-bgp] peer 2.2.2.9 connect-interface loopback 1 [UPE-bgp] ipv4-family vpnv4 [UPE-bgp-af-vpnv4] peer 2.2.2.9 enable [UPE-bgp-af-vpnv4] quit [UPE-bgp] quit

# Configure SPE.
<SPE> system-view [SPE] bgp 100 [SPE-bgp] peer 1.1.1.9 as-number 100 [SPE-bgp] peer 1.1.1.9 connect-interface loopback 1 [SPE-bgp] peer 3.3.3.9 as-number 100 [SPE-bgp] peer 3.3.3.9 connect-interface loopback 1 [SPE-bgp] ipv4-family vpnv4 [SPE-bgp-af-vpnv4] peer 1.1.1.9 enable [SPE-bgp-af-vpnv4] peer 3.3.3.9 enable [SPE-bgp-af-vpnv4] quit [SPE-bgp] quit

# Configure PE.
<PE> system-view [PE] bgp 100 [PE-bgp] peer 2.2.2.9 as-number 100 [PE-bgp] peer 2.2.2.9 connect-interface loopback 1 [PE-bgp] ipv4-family vpnv4 [PE-bgp-af-vpnv4] peer 2.2.2.9 enable [PE-bgp-af-vpnv4] quit [PE-bgp] quit

5.

Configure SPE. # Configure VPN instances.


[SPE] ip vpn-instance vpna [SPE-vpn-instance-vpna] route-distinguisher 200:1 [SPE-vpn-instance-vpna] vpn-target 1:1 [SPE-vpn-instance-vpna] quit

# Specify a UPE for the SPE.


[SPE] bgp 100 [SPE-bgp] ipv4-family vpnv4

3-172

Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd.

Issue 03 (2008-09-22)

Quidway NetEngine80E/40E Core Router Configuration Guide - VPN


[SPE-bgp-af-vpnv4] peer 1.1.1.9 upe

3 BGP/MPLS IP VPN Configuration

# Advertise the default route of VPN instances to UPE.


[SPE-bgp-af-vpnv4] peer 1.1.1.9 default-originate vpn-instance vpna [SPE-bgp-af-vpnv4] quit

6.

Verify the configuration. After the configuration, CE1 does not have a route to the network segment of the interface on CE2, but has a default route with the next hop to UPE. The CE2 has the route to the network segment of the interface on CE1. Therefore, CE1 and CE2 can ping through each other using the ping ip-address command.
<CE1> display ip routing-table Route Flags: R - relied, D - download to fib -----------------------------------------------------------------------------Routing Tables: Public Destinations : 5 Routes : 5 Destination/Mask Proto Pre Cost Flags NextHop Interface 0.0.0.0/0 BGP 255 0 D 10.1.1.2 GigabitEthernet1/0/0 10.1.1.0/24 Direct 0 0 D 10.1.1.1 GigabitEthernet1/0/0 10.1.1.1/32 Direct 0 0 D 127.0.0.1 InLoopBack0 127.0.0.0/8 Direct 0 0 D 127.0.0.1 InLoopBack0 127.0.0.1/32 Direct 0 0 D 127.0.0.1 InLoopBack0 [CE1] ping 10.2.1.1 PING 10.2.1.1: 56 data bytes, press CTRL_C to break Reply from 10.2.1.1: bytes=56 Sequence=1 ttl=253 time=85 ms Reply from 10.2.1.1: bytes=56 Sequence=2 ttl=253 time=70 ms Reply from 10.2.1.1: bytes=56 Sequence=3 ttl=253 time=57 ms Reply from 10.2.1.1: bytes=56 Sequence=4 ttl=253 time=66 ms Reply from 10.2.1.1: bytes=56 Sequence=5 ttl=253 time=55 ms --- 10.2.1.1 ping statistics --5 packet(s) transmitted 5 packet(s) received 0.00% packet loss round-trip min/avg/max = 55/66/85 ms [CE2] display ip routing-table Route Flags: R - relied, D - download to fib -----------------------------------------------------------------------------Routing Tables: Public Destinations : 5 Routes : 5 Destination/Mask Proto Pre Cost Flags NextHop Interface 10.1.1.0/24 BGP 255 0 D 10.2.1.2 GigabitEthernet1/0/0 10.2.1.0/24 Direct 0 0 D 10.2.1.1 GigabitEthernet1/0/0 10.2.1.1/32 Direct 0 0 D 127.0.0.1 InLoopBack0 127.0.0.0/8 Direct 0 0 D 127.0.0.1 InLoopBack0 127.0.0.1/32 Direct 0 0 D 127.0.0.1 InLoopBack0

Run the display bgp vpnv4 all routing-table command on UPE to see a default route of VPN instances vpna with the next hop to SPE.
[UPE] display bgp vpnv4 all routing-table BGP Local router ID is 1.1.1.9 Status codes: * - valid, > - best, d - damped, h - history, i - internal, s - suppressed, S - Stale Origin : i - IGP, e - EGP, ? - incomplete Total number of routes from all PE: 1 Route Distinguisher: 200:1 Network NextHop MED LocPrf PrefVal Path/Ogn *>i 0.0.0.0 2.2.2.9 100 0 i Total routes of vpn-instance vpna: 6 Network NextHop MED LocPrf PrefVal Path/Ogn *>i 0.0.0.0 2.2.2.9 100 0 i *> 10.1.1.0/24 0.0.0.0 0 0 ? * 10.1.1.2 0 0 65410? *> 10.1.1.1/32 0.0.0.0 0 0 ? *> 10.1.1.2/32 0.0.0.0 0 0 ? * 10.1.1.1 0 0 65410?

Issue 03 (2008-09-22)

Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd.

3-173

3 BGP/MPLS IP VPN Configuration

Quidway NetEngine80E/40E Core Router Configuration Guide - VPN

Configuration Files
l

Configuration file of CE1


# sysname CE1 # interface GigabitEthernet1/0/0 ip address 10.1.1.1 255.255.255.0 # bgp 65410 peer 10.1.1.2 as-number 100 # ipv4-family unicast undo synchronization import-route direct peer 10.1.1.2 enable # return

Configuration file of UPE


# sysname UPE # ip vpn-instance vpna route-distinguisher 100:1 vpn-target 1:1 export-extcommunity vpn-target 1:1 import-extcommunity # mpls lsr-id 1.1.1.9 mpls lsp-trigger all # mpls ldp # interface GigabitEthernet1/0/0 ip binding vpn-instance vpna ip address 10.1.1.2 255.255.255.0 # interface Pos2/0/0 link-protocol ppp ip address 172.1.1.1 255.255.255.0 mpls mpls ldp # interface LoopBack1 ip address 1.1.1.9 255.255.255.255 # bgp 100 peer 2.2.2.9 as-number 100 peer 2.2.2.9 connect-interface LoopBack1 # ipv4-family unicast undo synchronization peer 2.2.2.9 enable # ipv4-family vpnv4 policy vpn-target peer 2.2.2.9 enable # ipv4-family vpn-instance vpna peer 10.1.1.1 as-number 65410 import-route direct # ospf 1 area 0.0.0.0 network 1.1.1.9 0.0.0.0 network 172.1.1.0 0.0.0.255 # return

3-174

Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd.

Issue 03 (2008-09-22)

Quidway NetEngine80E/40E Core Router Configuration Guide - VPN


l

3 BGP/MPLS IP VPN Configuration

Configuration file of SPE


# sysname SPE # ip vpn-instance vpna route-distinguisher 200:1 vpn-target 1:1 export-extcommunity vpn-target 1:1 import-extcommunity # mpls lsr-id 2.2.2.9 mpls lsp-trigger all # mpls ldp # interface Pos1/0/0 link-protocol ppp ip address 172.1.1.2 255.255.255.0 mpls mpls ldp # interface Pos2/0/0 link-protocol ppp ip address 172.2.1.1 255.255.255.0 mpls mpls ldp # interface LoopBack1 ip address 2.2.2.9 255.255.255.255 # bgp 100 peer 1.1.1.9 as-number 100 peer 3.3.3.9 as-number 100 peer 1.1.1.9 connect-interface LoopBack1 peer 3.3.3.9 connect-interface LoopBack1 # ipv4-family unicast undo synchronization peer 1.1.1.9 enable peer 3.3.3.9 enable # ipv4-family vpnv4 policy vpn-target peer 1.1.1.9 enable peer 1.1.1.9 upe peer 1.1.1.9 default-originate vpn-instance vpna peer 3.3.3.9 enable # ospf 1 area 0.0.0.0 network 2.2.2.9 0.0.0.0 network 172.1.1.0 0.0.0.255 network 172.2.1.0 0.0.0.255 # return

Configuration file of PE
# sysname PE # ip vpn-instance vpna route-distinguisher 100:2 vpn-target 1:1 export-extcommunity vpn-target 1:1 import-extcommunity # mpls lsr-id 3.3.3.9 mpls lsp-trigger all #

Issue 03 (2008-09-22)

Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd.

3-175

3 BGP/MPLS IP VPN Configuration


mpls ldp # interface GigabitEthernet1/0/0 ip binding vpn-instance vpna ip address 10.2.1.2 255.255.255.0 # interface Pos2/0/0 link-protocol ppp ip address 172.2.1.2 255.255.255.0 mpls mpls ldp # interface LoopBack1 ip address 3.3.3.9 255.255.255.255 # bgp 100 peer 2.2.2.9 as-number 100 peer 2.2.2.9 connect-interface LoopBack1 # ipv4-family unicast undo synchronization peer 2.2.2.9 enable # ipv4-family vpnv4 policy vpn-target peer 2.2.2.9 enable # ipv4-family vpn-instance vpna peer 10.2.1.1 as-number 65420 import-route direct # ospf 1 area 0.0.0.0 network 3.3.3.9 0.0.0.0 network 172.2.1.0 0.0.0.255 # return l

Quidway NetEngine80E/40E Core Router Configuration Guide - VPN

Configuration file of CE2


# sysname CE2 # interface GigabitEthernet1/0/0 ip address 10.2.1.1 255.255.255.0 # bgp 65420 peer 10.2.1.2 as-number 100 # ipv4-family unicast undo synchronization import-route direct peer 10.2.1.2 enable # return

3.21.11 Example for Configuring OSPF Sham Link


Networking Requirements
As shown in Figure 3-12, CE1 and CE2 belong to VPN1 and are in a same OSPF domain. They access PE1 and PE2 respectively. The OSPF costs of all interfaces are 1. Run OSPF between the CE and the PE. Forward VPN traffic between CE1 and CE2 over the MPLS backbone not through the OSPF intra-area routes.
3-176 Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd. Issue 03 (2008-09-22)

Quidway NetEngine80E/40E Core Router Configuration Guide - VPN

3 BGP/MPLS IP VPN Configuration

Figure 3-12 Networking diagram for OSPF sham link configuration


Loopback1 1.1.1.9/32 POS2/0/0 10.1.1.1/24 POS1/0/0 10.1.1.2/24 Loopback1 2.2.2.9/32 Loopback1 3.3.3.9/32 POS2/0/0 40.1.1.2/24

PE1
GE1/0/0 100.1.1.2/24

PE2
GE1/0/0 120.1.1.2/24

POS2/0/0 40.1.1.1/24

Loopback10 5.5.5.5/32 GE1/0/0 100.1.1.1/24 POS2/0/0 20.1.1.1/24

sham link

Loopback10 6.6.6.6/32 GE1/0/0 120.1.1.1/24 POS2/0/0 30.1.1.1/24

CE1

POS1/0/0 20.1.1.2/24 RT0

POS2/0/0 30.1.1.2/24 CE2

backdoor

Configuration Roadmap
The configuration roadmap is as follows: 1. 2. 3. 4. Set up the MP-IBGP peer relationship between PEs. Configure OSPF on the PE and the CE. Create the VPN instance on the PE and bind the instance with the interface connected with the CE. Configure the OSPF sham link on the PE. Adjust the cost value of the forwarding interface of the private network to be larger than that of the sham link.

Data Preparation
To configure the OSPF sham link, you need the following data:
l l l

MPLS LSR-ID of the PE and P The name of the VPN instance on the PE, RD and the VPN-target Data for configuring OSPF (The OSPF process running in the backbone network and that in the private network are different from that on the PE) The cost value of the sham link and that of the OSPF route forwarded through the private network

Configuration Procedure
1. Configure OSPF in the customer's network. Configure common OSPF on CE1, RT0 and CE2 and advertise the segment address of each interface as shown in Figure 3-12. # Configure CE1.
<Quidway> system-view [Quidway] sysname CE1 [CE1] interface pos2/0/0 [CE1-Pos2/0/0] ip address 20.1.1.1 24 [CE1-Pos2/0/0] quit

Issue 03 (2008-09-22)

Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd.

3-177

3 BGP/MPLS IP VPN Configuration

Quidway NetEngine80E/40E Core Router Configuration Guide - VPN

[CE1] interface gigabitethernet1/0/0 [CE1-GigabitEthernet1/0/0] ip address 100.1.1.1 24 [CE1-GigabitEthernet1/0/0] quit [CE1] ospf [CE1-ospf-1] area 0 [CE1-ospf-1-area-0.0.0.0] network 20.1.1.0 0.0.0.255 [CE1-ospf-1-area-0.0.0.0] network 100.1.1.0 0.0.0.255 [CE1-ospf-1-area-0.0.0.0] quit [CE1-ospf-1] quit

# Configure RT0.
<Quidway> system-view [Quidway] sysname RT0 [RT0] interface pos1/0/0 [RT0-Pos1/0/0] ip address [RT0-Pos1/0/0] quit [RT0] interface pos2/0/0 [RT0-Pos2/0/0] ip address [RT0-Pos2/0/0] quit [RT0] ospf [RT0-ospf-1] area 0 [RT0-ospf-1-area-0.0.0.0] [RT0-ospf-1-area-0.0.0.0] [RT0-ospf-1-area-0.0.0.0] [RT0-ospf-1] quit

20.1.1.2 24 30.1.1.1 24

network 20.1.1.0 0.0.0.255 network 30.1.1.0 0.0.0.255 quit

# Configure CE2.
<Quidway> system-view [Quidway] sysname CE2 [CE2] interface pos2/0/0 [CE2-Pos2/0/0] ip address 30.1.1.2 24 [CE2-Pos2/0/0] quit [CE2] interface gigabitethernet1/0/0 [CE2-GigabitEthernet1/0/0] ip address 120.1.1.1 24 [CE2-GigabitEthernet1/0/0] quit [CE2] ospf [CE2-ospf-1] area 0 [CE2-ospf-1-area-0.0.0.0] network 30.1.1.0 0.0.0.255 [CE2-ospf-1-area-0.0.0.0] network 120.1.1.0 0.0.0.255 [CE2-ospf-1-area-0.0.0.0] quit [CE2-ospf-1] quit

2.

Configure BGP/MPLS IP VPN on the backbone, including IGP, MPLS and LDP, and establish the MP-IBGP peer relationship between the PEs. # Configure PE1.
<Quidway> system-view [Quidway] sysname PE1 [PE1] interface loopback 1 [PE1-LoopBack1] ip address 1.1.1.9 32 [PE1-LoopBack1] quit [PE1] mpls lsr-id 1.1.1.9 [PE1] mpls [PE1-mpls] lsp-trigger all [PE1-mpls] quit [PE1] mpls ldp [PE1-mpls-ldp] quit [PE1] interface pos 2/0/0 [PE1-Pos2/0/0] ip address 10.1.1.1 24 [PE1-Pos2/0/0] mpls [PE1-Pos2/0/0] mpls ldp [PE1-Pos2/0/0] quit [PE1] ospf [PE1-ospf-1] area 0 [PE1-ospf-1-area-0.0.0.0] network 1.1.1.9 0.0.0.0 [PE1-ospf-1-area-0.0.0.0] network 10.1.1.0 0.0.0.255 [PE1-ospf-1-area-0.0.0.0] quit [PE1-ospf-1] quit [PE1] bgp 100 [PE1-bgp] peer 3.3.3.9 as-number 100

3-178

Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd.

Issue 03 (2008-09-22)

Quidway NetEngine80E/40E Core Router Configuration Guide - VPN

3 BGP/MPLS IP VPN Configuration

[PE1-bgp] peer 3.3.3.9 connect-interface loopback 1 [PE1-bgp] ipv4-family vpnv4 [PE1-bgp-af-vpnv4] peer 3.3.3.9 enable [PE1-bgp-af-vpnv4] quit [PE1-bgp] quit

# Configure P.
<Quidway> system-view [Quidway] sysname P [P] interface loopback 1 [P-LoopBack1] ip address 2.2.2.9 32 [P-LoopBack1] quit [P] mpls lsr-id 2.2.2.9 [P] mpls [P-mpls] lsp-trigger all [P-mpls] quit [P] mpls ldp [P-mpls-ldp] quit [P] interface pos 1/0/0 [P-Pos1/0/0] ip address 10.1.1.2 24 [P-Pos1/0/0] mpls [P-Pos1/0/0] mpls ldp [P-Pos1/0/0] quit [P] interface pos 2/0/0 [P-Pos2/0/0] ip address 40.1.1.1 24 [P-Pos2/0/0] mpls [P-Pos2/0/0] mpls ldp [P-Pos2/0/0] quit [P] ospf [P-ospf-1] area 0 [P-ospf-1-area-0.0.0.0] network 2.2.2.9 0.0.0.0 [P-ospf-1-area-0.0.0.0] network 10.1.1.0 0.0.0.255 [P-ospf-1-area-0.0.0.0] network 40.1.1.0 0.0.0.255 [P-ospf-1-area-0.0.0.0] quit [P-ospf-1] quit

# Configure PE2.
<Quidway> system-view [Quidway] sysname PE2 [PE2] interface loopback 1 [PE2-LoopBack1] ip address 3.3.3.9 32 [PE2-LoopBack1] quit [PE2] mpls lsr-id 3.3.3.9 [PE2] mpls [PE2-mpls] lsp-trigger all [PE2-mpls] quit [PE2] mpls ldp [PE2-mpls-ldp] quit [PE2] interface pos 2/0/0 [PE2-Pos2/0/0] ip address 40.1.1.2 24 [PE2-Pos2/0/0] mpls [PE2-Pos2/0/0] mpls ldp [PE2-Pos2/0/0] quit [PE2] ospf [PE2-ospf-1] area 0 [PE2-ospf-1-area-0.0.0.0] network 3.3.3.9 0.0.0.0 [PE2-ospf-1-area-0.0.0.0] network 40.1.1.0 0.0.0.255 [PE2-ospf-1-area-0.0.0.0] quit [PE2-ospf-1] quit [PE2] bgp 100 [PE2-bgp] peer 1.1.1.9 as-number 100 [PE2-bgp] peer 1.1.1.9 connect-interface loopback 1 [PE2-bgp] ipv4-family vpnv4 [PE2-bgp-af-vpnv4] peer 1.1.1.9 enable [PE2-bgp-af-vpnv4] quit [PE2-bgp] quit

After the configuration, PE1 and PE2 know the routes of the Loopback interface from each other and establish the MP-IBGP peer relationship.
Issue 03 (2008-09-22) Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd. 3-179

3 BGP/MPLS IP VPN Configuration

Quidway NetEngine80E/40E Core Router Configuration Guide - VPN

3.

Connect PE and CE and configure OSPF between them. # Configure PE1.


[PE1] ip vpn-instance vpn1 [PE1-vpn-instance-vpn1] route-distinguisher 100:1 [PE1-vpn-instance-vpn1] vpn-target 1:1 [PE1-vpn-instance-vpn1] quit [PE1] interface gigabitethernet 1/0/0 [PE1-GigabitEthernet1/0/0] ip binding vpn-instance vpn1 [PE1-GigabitEthernet1/0/0] ip address 100.1.1.2 24 [PE1-GigabitEthernet1/0/0] quit [PE1] ospf 100 vpn-instance vpn1 [PE1-ospf-100] domain-id 10 [PE1-ospf-100] import-route bgp [PE1-ospf-100] area 0 [PE1-ospf-100-area-0.0.0.0] network 100.1.1.0 0.0.0.255 [PE1-ospf-100-area-0.0.0.0] quit [PE1-ospf-100] quit [PE1] bgp 100 [PE1-bgp] ipv4-family vpn-instance vpn1 [PE1-bgp-vpn1] import-route direct [PE1-bgp-vpn1] import-route ospf 100 [PE1-bgp-vpn1] quit [PE1-bgp] quit

# Configure PE2.
[PE2] ip vpn-instance vpn1 [PE2-vpn-instance-vpn1] route-distinguisher 100:2 [PE2-vpn-instance-vpn1] vpn-target 1:1 [PE2-vpn-instance-vpn1] quit [PE2] interface gigabitethernet 1/0/0 [PE2-GigabitEthernet1/0/0] ip binding vpn-instance vpn1 [PE2-GigabitEthernet1/0/0] ip address 120.1.1.2 24 [PE2-GigabitEthernet1/0/0] quit [PE2] ospf 100 vpn-instance vpn1 [PE2-ospf-100] import-route bgp [PE2-ospf-100] domain-id 10 [PE2-ospf-100] area 0 [PE2-ospf-100-area-0.0.0.0] network 120.1.1.0 0.0.0.255 [PE2-ospf-100-area-0.0.0.0] quit [PE2-ospf-100] quit [PE2] bgp 100 [PE2-bgp] ipv4-family vpn-instance vpn1 [PE2-bgp-vpn1] import-route direct [PE2-bgp-vpn1] import-route ospf 100 [PE2-bgp-vpn1] quit [PE2-bgp] quit

After the configuration given above, run the display ip routing-table vpn-instance command on PE. You can find that the route to the remote CE is the OSPF route through the customer's network, not the BGP route through the MPLS backbone. CE1 and CE2 can ping through each other. Consider PE1 for an example:
[PE1] display ip routing-table vpn-instance vpn1 Route Flags: R - relied, D - download to fib -----------------------------------------------------------------------------Routing Tables: vpn1 Destinations : 5 Routes : 5 Destination/Mask Proto Pre Cost Flags NextHop Interface 20.1.1.0/24 OSPF 10 2 D 100.1.1.1 GigabitEthernet1/0/0 30.1.1.0/24 OSPF 10 3 D 100.1.1.1 GigabitEthernet1/0/0 100.1.1.0/24 Direct 0 0 D 100.1.1.2 GigabitEthernet1/0/0 100.1.1.2/32 Direct 0 0 D 127.0.0.1 InLoopBack0 120.1.1.0/24 OSPF 10 4 D 100.1.1.1 GigabitEthernet1/0/0

4.
3-180

Configure a sham-link.
Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd. Issue 03 (2008-09-22)

Quidway NetEngine80E/40E Core Router Configuration Guide - VPN


NOTE

3 BGP/MPLS IP VPN Configuration

To forward the VPN traffic through the MPLS backbone network, configure the cost of the sham link less than that of the OSPF route through the user network. The common method is increases the cost of the forwarding interface of private network.

# Configure CE1.
[CE1] interface pos 2/0/0 [CE1-Pos2/0/0] ospf cost 10

# Configure CE2.
[CE2] interface pos 2/0/0 [CE2-Pos2/0/0] ospf cost 10

# Configure PE1.
[PE1] interface loopback 10 [PE1-LoopBack10] ip binding [PE1-LoopBack10] ip address [PE1-LoopBack10] quit [PE1] ospf 100 [PE1-ospf-100] area 0 [PE1-ospf-100-area-0.0.0.0] [PE1-ospf-100-area-0.0.0.0] [PE1-ospf-100] quit vpn-instance vpn1 5.5.5.5 32

sham-link 5.5.5.5 6.6.6.6 cost 1 quit

# Configure PE2.
[PE2] interface loopback 10 [PE2-LoopBack10] ip binding [PE2-LoopBack10] ip address [PE2-LoopBack10] quit [PE2] ospf 100 [PE2-ospf-100] area 0 [PE2-ospf-100-area-0.0.0.0] [PE2-ospf-100-area-0.0.0.0] [PE2-ospf-100] quit vpn-instance vpn1 6.6.6.6 32

sham-link 6.6.6.6 5.5.5.5 cost 1 quit

5.

Verify the configuration. After the configuration given above, run the display ip routing-table vpn-instance command on PE again. You can find that the route to the remote CE is a BGP route through the MPLS backbone. There is also a route to the destination of the sham-link. Consider PE1 as an example:
[PE1] display ip routing-table vpn-instance vpn1 Route Flags: R - relied, D - download to fib -----------------------------------------------------------------------------Routing Tables: vpn1 Destinations : 8 Routes : 8 Destination/Mask Proto Pre Cost Flags NextHop Interface 5.5.5.5/32 Direct 0 0 D 127.0.0.1 InLoopBack0 6.6.6.6/32 BGP 255 0 RD 3.3.3.9 Pos2/0/0 20.1.1.0/24 OSPF 10 11 D 100.1.1.1 GigabitEthernet1/0/0 30.1.1.0/24 OSPF 100 12 RD 3.3.3.9 Pos2/0/0 100.1.1.0/24 Direct 0 0 D 100.1.1.2 GigabitEthernet1/0/0 100.1.1.2/32 Direct 0 0 D 127.0.0.1 InLoopBack0 120.1.1.0/24 BGP 255 0 RD 3.3.3.9 Pos2/0/0 120.1.1.1/32 BGP 255 0 RD 3.3.3.9 Pos2/0/0

Run the display ip routing-table command on the CEs. You can find that the cost of the OSPF route to the remote CE has changed to 3, and the next hop is changed to the GigabitEthernet interface of the connected PE. That is, the VPN traffic to the remote CE is forwarded through the MPLS backbone. Consider CE1 as an example:
[CE1] display ip routing-table Route Flags: R - relied, D - download to fib

Issue 03 (2008-09-22)

Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd.

3-181

3 BGP/MPLS IP VPN Configuration

Quidway NetEngine80E/40E Core Router Configuration Guide - VPN

-----------------------------------------------------------------------------Routing Tables: Public Destinations : 11 Routes : 11 Destination/Mask Proto Pre Cost Flags NextHop Interface 5.5.5.5/32 O_ASE 150 1 D 100.1.1.2 GigabitEthernet1/0/0 6.6.6.6/32 O_ASE 150 1 D 100.1.1.2 GigabitEthernet1/0/0 20.1.1.0/24 Direct 0 0 D 20.1.1.1 Pos2/0/0 20.1.1.1/32 Direct 0 0 D 127.0.0.1 InLoopBack0 20.1.1.2/32 Direct 0 0 D 20.1.1.2 Pos2/0/0 30.1.1.0/24 OSPF 10 11 D 100.1.1.2 GigabitEthernet1/0/0 100.1.1.0/24 Direct 0 0 D 100.1.1.1 GigabitEthernet1/0/0 100.1.1.1/32 Direct 0 0 D 127.0.0.1 InLoopBack0 120.1.1.0/24 OSPF 10 3 D 100.1.1.2 GigabitEthernet1/0/0 120.1.1.1/32 O_ASE 150 1 D 100.1.1.2 GigabitEthernet1/0/0 127.0.0.0/8 Direct 0 0 D 127.0.0.1 InLoopBack0 127.0.0.1/32 Direct 0 0 D 127.0.0.1 InLoopBack0
NOTE

The cost of the OSPF route from CE1 to CE2 = the cost from CE1 to PE1 + the cost of sham link + the cost from PE2 to CE2 = 1 + 1 + 1 =3.

Run the tracert command to find the data from CE1 to CE2 pass through CE1 interface, GE 1/0/0, which is attached with PE1. That is, the VPN traffic is transmitted through the MPLS backbone.
[CE1] tracert 120.1.1.1 traceroute to 120.1.1.1(120.1.1.1) 30 hops max,40 bytes packet 1 100.1.1.2 47 ms 31 ms 31 ms 2 120.1.1.2 94 ms 94 ms 94 ms 3 120.1.1.1 125 ms 156 ms 125 ms [CE1] tracert 30.1.1.2 traceroute to 30.1.1.2(30.1.1.2) 30 hops max,40 bytes packet 1 20.1.1.2 80 ms 60 ms 60 ms 2 30.1.1.2 100 ms 90 ms 130 ms

Run the display ospf sham-link command on the PE to find the information of the shamlink. Consider PE1 for example:
[PE1] display ospf sham-link OSPF Process 1 with Router ID 1.1.1.9 Sham link: Area NeighborId Source-IP Destination-IP State Cost OSPF Process 100 with Router ID 100.1.1.2 Sham link: Area NeighborId Source-IP Destination-IP State Cost 0.0.0.0 6.6.6.6 5.5.5.5 6.6.6.6 P-2-P 1

Run the display ospf sham-link area command, and you can find that the state of the peer end is "Full".
[PE1] display ospf sham-link area 0 OSPF Process 1 with Router ID 1.1.1.9 OSPF Process 100 with Router ID 5.5.5.5 Sham-Link: 5.5.5.5 --> 6.6.6.6 NeighborID: 6.6.6.6, State: Full Area: 0.0.0.0 Cost: 10 State: P-2-P, Type: Sham Timers: Hello 10 , Dead 40 , Retransmit 5 , Transmit Delay 1

Run the display ospf routing command on the CE device. It shows that the route of remote CE is considered as the intra-area route.
[CE1] display ospf routing OSPF Process 1 with Router ID 100.1.1.1 Routing Tables Routing for Network Destination Cost Type NextHop

AdvRouter

Area

3-182

Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd.

Issue 03 (2008-09-22)

Quidway NetEngine80E/40E Core Router Configuration Guide - VPN

3 BGP/MPLS IP VPN Configuration


6.6.6.6 100.1.1.1 30.1.1.1 100.1.1.1 NextHop 100.1.1.2 100.1.1.2 100.1.1.2 100.1.1.2 0.0.0.0 0.0.0.0 0.0.0.0 0.0.0.0 AdvRouter 5.5.5.5 5.5.5.5 6.6.6.6 6.6.6.6

120.1.1.0/24 3 Transit 100.1.1.2 20.1.1.0/24 10 Stub 20.1.1.1 30.1.1.0/24 11 Stub 20.1.1.2 100.1.1.0/24 1 Transit 100.1.1.1 Routing for ASEs Destination Cost Type Tag 120.1.1.1/32 1 Type2 3489661028 6.6.6.6/32 1 Type2 3489661028 5.5.5.5/32 1 Type2 3489661028 100.1.1.1/32 1 Type2 3489661028 Total Nets: 8 Intra Area: 4 Inter Area: 0 ASE: 4 NSSA: 0

Configuration Files
l

Configuration file of PE1


# sysname PE1 # ip vpn-instance vpn1 route-distinguisher 100:1 vpn-target 1:1 export-extcommunity vpn-target 1:1 import-extcommunity # mpls lsr-id 1.1.1.9 mpls lsp-trigger all # mpls ldp # interface GigabitEthernet1/0/0 ip binding vpn-instance vpn1 ip address 100.1.1.2 255.255.255.0 # interface Pos2/0/0 link-protocol ppp ip address 10.1.1.1 255.255.255.0 mpls mpls ldp # interface LoopBack1 ip address 1.1.1.9 255.255.255.255 # interface LoopBack10 ip binding vpn-instance vpn1 ip address 5.5.5.5 255.255.255.255 # bgp 100 peer 3.3.3.9 as-number 100 peer 3.3.3.9 connect-interface LoopBack1 # ipv4-family unicast undo synchronization peer 3.3.3.9 enable # ipv4-family vpnv4 policy vpn-target peer 3.3.3.9 enable # ipv4-family vpn-instance vpn1 import-route direct import-route ospf 100 # ospf 1 area 0.0.0.0 network 1.1.1.9 0.0.0.0 network 10.1.1.0 0.0.0.255 # ospf 100 vpn-instance vpn1

Issue 03 (2008-09-22)

Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd.

3-183

3 BGP/MPLS IP VPN Configuration


import-route bgp domain-id 0.0.0.10 area 0.0.0.0 network 100.1.1.0 0.0.0.255 sham-link 5.5.5.5 6.6.6.6 cost 1 # return l

Quidway NetEngine80E/40E Core Router Configuration Guide - VPN

Configuration file of P
# sysname P # mpls lsr-id 2.2.2.9 mpls lsp-trigger all # mpls ldp # interface Pos1/0/0 link-protocol ppp ip address 10.1.1.2 255.255.255.0 mpls mpls ldp # interface Pos2/0/0 link-protocol ppp ip address 40.1.1.1 255.255.255.0 mpls mpls ldp # interface LoopBack1 ip address 2.2.2.9 255.255.255.255 # ospf 1 area 0.0.0.0 network 2.2.2.9 0.0.0.0 network 10.1.1.0 0.0.0.255 network 40.1.1.0 0.0.0.255 # return

Configuration file of PE2


# sysname PE2 # ip vpn-instance vpn1 route-distinguisher 100:2 vpn-target 1:1 export-extcommunity vpn-target 1:1 import-extcommunity # mpls lsr-id 3.3.3.9 mpls lsp-trigger all # mpls ldp # interface GigabitEthernet1/0/0 ip binding vpn-instance vpn1 ip address 120.1.1.2 255.255.255.0 # interface Pos2/0/0 link-protocol ppp ip address 40.1.1.2 255.255.255.0 mpls mpls ldp # interface LoopBack1 ip address 3.3.3.9 255.255.255.255 # interface LoopBack10

3-184

Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd.

Issue 03 (2008-09-22)

Quidway NetEngine80E/40E Core Router Configuration Guide - VPN


ip binding vpn-instance vpn1 ip address 6.6.6.6 255.255.255.255 # bgp 100 peer 1.1.1.9 as-number 100 peer 1.1.1.9 connect-interface LoopBack1 # ipv4-family unicast undo synchronization peer 1.1.1.9 enable # ipv4-family vpnv4 policy vpn-target peer 1.1.1.9 enable # ipv4-family vpn-instance vpn1 import-route direct import-route ospf 100 # ospf 1 area 0.0.0.0 network 3.3.3.9 0.0.0.0 network 40.1.1.0 0.0.0.255 # ospf 100 vpn-instance vpn1 import-route bgp domain-id 0.0.0.10 area 0.0.0.0 network 120.1.1.0 0.0.0.255 sham-link 6.6.6.6 5.5.5.5 cost 1 # return l

3 BGP/MPLS IP VPN Configuration

Configuration file of CE1


# sysname CE1 # interface GigabitEthernet1/0/0 ip address 100.1.1.1 255.255.255.0 # interface Pos2/0/0 link-protocol ppp ip address 20.1.1.1 255.255.255.0 ospf cost 10 # ospf 1 area 0.0.0.0 network 100.1.1.0 0.0.0.255 network 20.1.1.0 0.0.0.255 # return

Configuration file of CE2


# sysname CE2 # interface GigabitEthernet1/0/0 ip address 120.1.1.1 255.255.255.0 # interface Pos2/0/0 link-protocol ppp ip address 30.1.1.2 255.255.255.0 ospf cost 10 # ospf 1 area 0.0.0.0 network 30.1.1.0 0.0.0.255 network 120.1.1.0 0.0.0.255 #

Issue 03 (2008-09-22)

Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd.

3-185

3 BGP/MPLS IP VPN Configuration


return l

Quidway NetEngine80E/40E Core Router Configuration Guide - VPN

Configuration file of RT0


# sysname RT0 # interface Pos1/0/0 link-protocol ppp ip address 20.1.1.2 255.255.255.0 # interface Pos2/0/0 link-protocol ppp ip address 30.1.1.1 255.255.255.0 # ospf 1 area 0.0.0.0 network 20.1.1.0 0.0.0.255 network 30.1.1.0 0.0.0.255 # return

3.21.12 Example for Configuring Multi-VPN-Instance CE


Networking Requirements
As shown in Figure 3-13, consider PE1, and PE2 as PE devices, and CE1, CE2, MCE, CE3 and CE4 as CE devices. Assume that PE1 is attached to CE1 and CE2. PE2 is attached to MCE with two physical circuits. MCE is attached to CE3 and CE4. There is a certain LAN containing CE1 and CE2. Another LAN contains MCE, CE3 and CE4. CE1 and CE3 belong to vpna, while CE2 and CE4 belong to vpnb. vpna and vpnb use different VPN targets. The users residing in the same VPN can mutually access, but those in different VPNs cannot mutually access. So, the services of different VPNs in LAN are isolated from each other. Here, the MCE is a high capability device. So it is used as VPN multiple instances switching point. Figure 3-13 Networking diagram of example for Multi-VPN-Instance CE
vpna CE1
POS1/0/0 10.1.1.1/24 POS1/0/0 10.1.1.2/24 Loopback1 1.1.1.9./32 POS2/0/0 10.2.1.2/24 POS1/0/0 10.2.1.1/24 Loopback1 2.2.2.9./32 POS3/0/0 172.1.1.1/24 POS2/0/0 192.1.1.1/24 POS1/0/0 192.1.1.2/24

vpna CE3
POS1/0/0 10.3.1.1/24 POS3/0/0 10.3.1.2/24

vpna MCE vpnb


POS4/0/0 10.4.1.2/24 POS1/0/0 10.4.1.1/24

PE1

POS1/0/0 172.1.1.2/24

PE2

POS3/0/0 POS2/0/0 192.2.1.1/24 192.2.1.2/24

CE2 vpnb

CE4 vpnb

3-186

Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd.

Issue 03 (2008-09-22)

Quidway NetEngine80E/40E Core Router Configuration Guide - VPN

3 BGP/MPLS IP VPN Configuration

Configuration Roadmap
The configuration roadmap is as follows: 1. 2. 3. Configure OSPF between the PEs. Configure the MP-IBGP for PEs to distribute VPN routes known from CEs to each other. Set up EBGP peer relationship between the PE and the connected CE to import the VPN routes to the VPN routing table of the PE. Configure the OSPF multi-instance between MCE and PE2 to switch VPN routes. Configure RIPv2 between MCE and CE3 to switch VPN routes. Configure RIPv2 between MCE and CE4 to switch VPN routes.
NOTE

When configuring OSPF multi-instance between MCE and PE2, configure as follows:
l

In the OSPF view of the PE2, (This OSPF process refers to the process used for the configuration of OSPF multi-instance) import the BGP route. Therefore, the MCE obtains the VPN routes that PE1 has learned from CE1 or CE2. Import the OSPF routes (This OSPF process refers to the process used by the configuration of OSPF multi-instance) in the BGP view of PE2. In this way, PE1 obtains the VPN route from the MCE.

Data Preparation
To complete this configuration, prepare the following data:
l

A VPN instance for each isolated service is created on PE1, PE2 and MCE. Set the name, the RD and the VPN target for these VPN instances. Note that, VPN targets of different VPN instances differ from each other. The VPN targets of the same VPN instance are identical. For different OSPF multi-instances, the OSPF process numbers must be different. On the MCE, the RIP process numbers used for importing the VPN routes of the CE3 should differ from that of the CE4.

l l

Configuration Procedure
1. Run OSPF on routers of the backbone network. The detailed configuration procedure is not mentioned here. After this configuration, the PEs can learn the loopback1 address of each other. Consider PE2 as an example:
<PE2> display ip routing-table Route Flags: R - relied, D - download to fib -----------------------------------------------------------------------------Routing Tables: Public Destinations : 7 Routes : 7 Destination/Mask Proto Pre Cost Flags NextHop Interface 1.1.1.9/32 OSPF 10 2 D 172.1.1.1 Pos1/0/0 2.2.2.9/32 Direct 0 0 D 127.0.0.1 InLoopBack0 127.0.0.0/8 Direct 0 0 D 127.0.0.1 InLoopBack0 127.0.0.1/32 Direct 0 0 D 127.0.0.1 InLoopBack0 172.1.1.0/24 Direct 0 0 D 172.1.1.2 Pos1/0/0 172.1.1.1/32 Direct 0 0 D 172.1.1.1 Pos1/0/0 172.1.1.2/32 Direct 0 0 D 127.0.0.1 InLoopBack0

2.

Enable MPLS and MPLS LDP for PEs to set up an LSP between PEs. The detailed configuration procedure is not mentioned here. After this configuration, PEs can learn the loopback1 address of each other. Run the display mpls ldp session command

Issue 03 (2008-09-22)

Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd.

3-187

3 BGP/MPLS IP VPN Configuration

Quidway NetEngine80E/40E Core Router Configuration Guide - VPN

on the PE. You can find that the session status of the MPLS LDP between the PEs is "operational". Consider PE2 as an example:
<PE2> display mpls ldp session LDP Session(s) in Public Network -------------------------------------------------------------------------Peer-ID Status LAM SsnRole SsnAge KA-Sent/Rcv -------------------------------------------------------------------------1.1.1.9:0 Operational DU Active 000:00:04 17/17 -------------------------------------------------------------------------TOTAL: 1 session(s) Found. LAM : Label Advertisement Mode SsnAge Unit : DDD:HH:MM

3.

Configure VPN instances for PEs. # Configure PE1.


<PE1> system-view [PE1] ip vpn-instance vpna [PE1-vpn-instance-vpna] route-distinguisher 100:1 [PE1-vpn-instance-vpna] vpn-target 111:1 both [PE1-vpn-instance-vpna] quit [PE1] ip vpn-instance vpnb [PE1-vpn-instance-vpnb] route-distinguisher 100:2 [PE1-vpn-instance-vpnb] vpn-target 222:2 both [PE1-vpn-instance-vpnb] quit [PE1] interface pos1/0/0 [PE1-Pos1/0/0] ip binding vpn-instance vpna [PE1-Pos1/0/0] ip address 10.1.1.2 24 [PE1-Pos1/0/0] quit [PE1] interface pos2/0/0 [PE1-Pos2/0/0] ip binding vpn-instance vpnb [PE1-Pos2/0/0] ip address 10.2.1.2 24 [PE1-Pos2/0/0] quit

# Configure PE2.
<PE2> system-view [PE2] ip vpn-instance vpna [PE2-vpn-instance-vpna] route-distinguisher 200:1 [PE2-vpn-instance-vpna] vpn-target 111:1 both [PE2-vpn-instance-vpna] quit [PE2] ip vpn-instance vpnb [PE2-vpn-instance-vpnb] route-distinguisher 200:2 [PE2-vpn-instance-vpnb] vpn-target 222:2 both [PE2-vpn-instance-vpnb] quit [PE2] interface pos2/0/0 [PE2-Pos2/0/0] ip binding vpn-instance vpna [PE2-Pos2/0/0] ip address 192.1.1.1 24 [PE2-Pos2/0/0] quit [PE2]interface pos3/0/0 [PE2-Pos3/0/0] ip binding vpn-instance vpnb [PE2-Pos3/0/0] ip address 192.2.1.1 24 [PE2-Pos3/0/0] quit

4.

Configure the VPN instance for MCE.


<Quidway> system-view [Quidway] sysname MCE [MCE] ip vpn-instance vpna [MCE-vpn-instance-vpna] route-distinguisher 100:1 [MCE-vpn-instance-vpna] vpn-target 111:1 both [MCE-vpn-instance-vpna] quit [MCE] ip vpn-instance vpnb [MCE-vpn-instance-vpnb] route-distinguisher 100:2 [MCE-vpn-instance-vpnb] vpn-target 222:2 both [MCE-vpn-instance-vpnb] quit [MCE] interface pos3/0/0 [MCE-Pos3/0/0] ip binding vpn-instance vpna [MCE-Pos3/0/0] ip address 10.3.1.2 24 [MCE-Pos3/0/0] quit

3-188

Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd.

Issue 03 (2008-09-22)

Quidway NetEngine80E/40E Core Router Configuration Guide - VPN


[MCE] interface pos4/0/0 [MCE-Pos4/0/0] ip binding [MCE-Pos4/0/0] ip address [MCE-Pos4/0/0] quit [MCE] interface pos1/0/0 [MCE-Pos1/0/0] ip binding [MCE-Pos1/0/0] ip address [MCE-Pos1/0/0] quit [MCE] interface pos2/0/0 [MCE-Pos2/0/0] ip binding [MCE-Pos2/0/0] ip address [MCE-Pos2/0/0] quit

3 BGP/MPLS IP VPN Configuration

vpn-instance vpnb 10.4.1.2 24 vpn-instance vpna 192.1.1.2 24 vpn-instance vpnb 192.2.1.2 24

5.

Set up MP-IBGP peer relationship between PE1 and PE2, and set up EBGP peer relationship between PE1 and CE1, and between PE1 and CE2. The detailed configuration procedure is not mentioned here. After this configuration, run the display bgp vpnv4 all peer command on PE1. You can find the status of IBGP peer relationship between PE1 and PE2 is "established". The state of EBGP peer relationship between PE1 and CE1, and between PE1 and CE2 are "established".
[PE1] display bgp vpnv4 all peer BGP local router ID : 1.1.1.9 Local AS number : 100 Total number of peers : 3 Peer V AS MsgRcvd MsgSent 2.2.2.9 4 100 13 10 Peer of vpn instance : vpn instance vpna : 10.1.1.1 4 65410 9 11 vpn instance vpnb : 10.2.1.1 4 65420 9 12

Peers in established state : 3 OutQ Up/Down State PrefRcv 0 00:03:45 Established 6 0 0 00:04:14 Established 00:04:09 Established 2 2

6.

Configure OSPF multi-instance between PE2 and MCE. # Configure PE2.


<PE2> system-view [PE2] ospf 100 vpn-instance vpna [PE2-ospf-100] area 0 [PE2-ospf-100-area-0.0.0.0] network 192.1.1.0 0.0.0.255 [PE2-ospf-100-area-0.0.0.0] quit [PE2-ospf-100] import-route bgp [PE2-ospf-100] quit [PE2] ospf 200 vpn-instance vpnb [PE2-ospf-200] area 0 [PE2-ospf-200-area-0.0.0.0] network 192.2.1.0 0.0.0.255 [PE2-ospf-200-area-0.0.0.0] quit [PE2-ospf-200] import-route bgp [PE2-ospf-200] quit [PE2] bgp 100 [PE2-bgp] ipv4-family vpn-instance vpna [PE2-bgp-vpna] import-route ospf 100 [PE2-bgp-vpna] quit [PE2-bgp] ipv4-family vpn-instance vpnb [PE2-bgp-vpnb] import-route ospf 200 [PE2-bgp-vpnb] quit

# Configure MCE.
<MCE> system-view [MCE] ospf 100 vpn-instance [MCE-ospf-100] area 0 [MCE-ospf-100-area-0.0.0.0] [MCE-ospf-100-area-0.0.0.0] [MCE-ospf-100] quit [MCE] ospf 200 vpn-instance [MCE-ospf-200] area 0 [MCE-ospf-200-area-0.0.0.0] [MCE-ospf-200-area-0.0.0.0] [MCE-ospf-200] quit vpna network 192.1.1.0 0.0.0.255 quit vpnb network 192.2.1.0 0.0.0.255 quit

Issue 03 (2008-09-22)

Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd.

3-189

3 BGP/MPLS IP VPN Configuration

Quidway NetEngine80E/40E Core Router Configuration Guide - VPN

7.

Configure RIPv2 between MCE and CE3, and between MCE and CE4. # Configure MCE.
[MCE] rip 100 [MCE-rip-100] [MCE-rip-100] [MCE-rip-100] [MCE-rip-100] [MCE] rip 200 [MCE-rip-200] [MCE-rip-200] [MCE-rip-200] vpn-instance vpna version 2 network 10.0.0.0 import-route ospf 100 quit vpn-instance vpnb version 2 network 10.0.0.0 import-route ospf 200

# Configure CE3.
<Quidway> system-view [Quidway] sysname CE3 [CE3] rip 100 [CE3-rip-100] version 2 [CE3-rip-100] network 10.0.0.0 [CE3-rip-100] import-route direct

# Configure CE4.
<Quidway> system-view [Quidway] sysname CE4 [CE4] rip 200 [CE4-rip-200] version 2 [CE4-rip-200] network 10.0.0.0 [CE4-rip-200] import-route direct

8.

Skip the test for loop on MCE, and import RIP routes.
<MCE> system-view [MCE] ospf 100 vpn-instance vpna [MCE-ospf-100] vpn-instance-capability simple [MCE-ospf-100] import-route rip 100 [MCE] ospf 200 vpn-instance vpnb [MCE-ospf-200] vpn-instance-capability simple [MCE-ospf-200] import-route rip 200

9.

Verify the configuration. After the configuration given above, run the display ip routing-table vpn-instance command on MCE. You can find MCE has a route to each peer CE. Consider vpna as an example:
[MCE] display ip routing-table vpn-instance vpna Route Flags: R - relied, D - download to fib -----------------------------------------------------------------------------Routing Tables: vpna Destinations : 8 Routes : 8 Destination/Mask Proto Pre Cost Flags NextHop Interface 10.1.1.0/24 O_ASE 150 1 D 192.1.1.1 Pos1/0/0 10.1.1.1/32 O_ASE 150 1 D 192.1.1.1 Pos1/0/0 10.3.1.0/24 Direct 0 0 D 10.3.1.2 Pos3/0/0 10.3.1.1/32 Direct 0 0 D 10.3.1.1 Pos3/0/0 10.3.1.2/32 Direct 0 0 D 127.0.0.1 InLoopBack0 192.1.1.0/24 Direct 0 0 D 192.1.1.2 Pos1/0/0 192.1.1.1/32 Direct 0 0 D 192.1.1.1 Pos1/0/0 192.1.1.2/32 Direct 0 0 D 127.0.0.1 InLoopBack0

Run the display ip routing-table vpn-instance command on the PE. You can find PE has a route to each peer CE. Consider vpna on PE1 as an example:
[PE1] display ip routing-table vpn-instance vpna Route Flags: R - relied, D - download to fib -----------------------------------------------------------------------------Routing Tables: vpna Destinations : 5 Routes : 5 Destination/Mask Proto Pre Cost Flags NextHop Interface

3-190

Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd.

Issue 03 (2008-09-22)

Quidway NetEngine80E/40E Core Router Configuration Guide - VPN


10.1.1.0/24 10.1.1.1/32 10.1.1.2/32 10.3.1.0/24 192.1.1.0/24 Direct Direct Direct BGP BGP 0 0 0 255 255 0 0 0 2 0

3 BGP/MPLS IP VPN Configuration


D D D RD RD 10.1.1.2 10.1.1.1 127.0.0.1 2.2.2.9 2.2.2.9 Pos1/0/0 Pos1/0/0 InLoopBack0 Pos3/0/0 Pos3/0/0

CE1 and CE3 can ping through each other. Also, CE2 and CE4 can ping through each other. Consider CE1 as an example:
[CE1] ping 10.3.1.1 PING 10.3.1.1: 56 data bytes, press CTRL_C to break Reply from 10.3.1.1: bytes=56 Sequence=1 ttl=252 time=125 Reply from 10.3.1.1: bytes=56 Sequence=2 ttl=252 time=125 Reply from 10.3.1.1: bytes=56 Sequence=3 ttl=252 time=125 Reply from 10.3.1.1: bytes=56 Sequence=4 ttl=252 time=125 Reply from 10.3.1.1: bytes=56 Sequence=5 ttl=252 time=125 --- 10.3.1.1 ping statistics --5 packet(s) transmitted 5 packet(s) received 0.00% packet loss round-trip min/avg/max = 125/125/125 ms ms ms ms ms ms

The CE1 and CE3 can ping through CE2 and CE4. Consider the display of ping CE4 on CE1 as an example:
[CE1] ping 10.4.1.1 PING 10.4.1.1: 56 data bytes, press CTRL_C to break Request time out Request time out Request time out Request time out Request time out --- 10.4.1.1 ping statistics --5 packet(s) transmitted 0 packet(s) received 100.00% packet loss

Configuration Files
l

Configuration file of CE1


# sysname CE1 # interface Pos1/0/0 link-protocol ppp ip address 10.1.1.1 255.255.255.0 # bgp 65410 peer 10.1.1.2 as-number 100 # ipv4-family unicast undo synchronization import-route direct peer 10.1.1.2 enable # return

Configuration file of CE2


# sysname CE2 # interface Pos1/0/0 link-protocol ppp ip address 10.2.1.1 255.255.255.0 # bgp 65420 peer 10.2.1.2 as-number 100 # ipv4-family unicast

Issue 03 (2008-09-22)

Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd.

3-191

3 BGP/MPLS IP VPN Configuration


undo synchronization import-route direct peer 10.2.1.2 enable # return l

Quidway NetEngine80E/40E Core Router Configuration Guide - VPN

Configuration file of PE1


# sysname PE1 # ip vpn-instance vpna route-distinguisher 100:1 vpn-target 111:1 export-extcommunity vpn-target 111:1 import-extcommunity # ip vpn-instance vpnb route-distinguisher 100:2 vpn-target 222:2 export-extcommunity vpn-target 222:2 import-extcommunity # mpls lsr-id 1.1.1.9 mpls lsp-trigger all # mpls ldp # interface Pos1/0/0 link-protocol ppp ip binding vpn-instance vpna ip address 10.1.1.2 255.255.255.0 # interface Pos2/0/0 link-protocol ppp ip binding vpn-instance vpnb ip address 10.2.1.2 255.255.255.0 # interface Pos3/0/0 link-protocol ppp ip address 172.1.1.1 255.255.255.0 mpls mpls ldp # interface LoopBack1 ip address 1.1.1.9 255.255.255.255 # bgp 100 peer 2.2.2.9 as-number 100 peer 2.2.2.9 connect-interface LoopBack1 # ipv4-family unicast undo synchronization peer 2.2.2.9 enable # ipv4-family vpnv4 policy vpn-target peer 2.2.2.9 enable # ipv4-family vpn-instance vpna peer 10.1.1.1 as-number 65410 import-route direct # ipv4-family vpn-instance vpnb peer 10.2.1.1 as-number 65420 import-route direct # ospf 1 area 0.0.0.0 network 1.1.1.9 0.0.0.0 network 172.1.1.0 0.0.0.255 #

3-192

Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd.

Issue 03 (2008-09-22)

Quidway NetEngine80E/40E Core Router Configuration Guide - VPN


return l

3 BGP/MPLS IP VPN Configuration

Configuration file of PE2


# sysname PE2 # ip vpn-instance vpna route-distinguisher 200:1 vpn-target 111:1 export-extcommunity vpn-target 111:1 import-extcommunity # ip vpn-instance vpnb route-distinguisher 200:2 vpn-target 222:2 export-extcommunity vpn-target 222:2 import-extcommunity # mpls lsr-id 2.2.2.9 mpls lsp-trigger all # mpls ldp # interface Pos1/0/0 link-protocol ppp ip address 172.1.1.2 255.255.255.0 mpls mpls ldp # interface Pos2/0/0 link-protocol ppp ip binding vpn-instance vpna ip address 192.1.1.1 255.255.255.0 # interface Pos3/0/0 link-protocol ppp ip binding vpn-instance vpnb ip address 192.2.1.1 255.255.255.0 # interface LoopBack1 ip address 2.2.2.9 255.255.255.255 # bgp 100 peer 1.1.1.9 as-number 100 peer 1.1.1.9 connect-interface LoopBack1 # ipv4-family unicast undo synchronization peer 1.1.1.9 enable # ipv4-family vpnv4 policy vpn-target peer 1.1.1.9 enable # ipv4-family vpn-instance vpna import-route ospf 100 # ipv4-family vpn-instance vpnb import-route ospf 200 # ospf 1 area 0.0.0.0 network 2.2.2.9 0.0.0.0 network 172.1.1.0 0.0.0.255 # ospf 100 vpn-instance vpna import-route bgp area 0.0.0.0 network 192.1.1.0 0.0.0.255 # ospf 200 vpn-instance vpnb

Issue 03 (2008-09-22)

Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd.

3-193

3 BGP/MPLS IP VPN Configuration


import-route bgp area 0.0.0.0 network 192.2.1.0 0.0.0.255 # return l

Quidway NetEngine80E/40E Core Router Configuration Guide - VPN

Configuration file of MCE


# sysname MCE # ip vpn-instance vpna route-distinguisher 100:1 vpn-target 111:1 export-extcommunity vpn-target 111:1 import-extcommunity # ip vpn-instance vpnb route-distinguisher 200:2 vpn-target 222:2 export-extcommunity vpn-target 222:2 import-extcommunity # interface Pos1/0/0 link-protocol ppp ip binding vpn-instance vpna ip address 192.1.1.2 255.255.255.0 # interface Pos2/0/0 link-protocol ppp ip binding vpn-instance vpnb ip address 192.2.1.2 255.255.255.0 # interface Pos3/0/0 link-protocol ppp ip binding vpn-instance vpna ip address 10.3.1.2 255.255.255.0 # interface Pos4/0/0 link-protocol ppp ip binding vpn-instance vpnb ip address 10.4.1.2 255.255.255.0 # ospf 100 vpn-instance vpna import-route rip 100 vpn-instance-capability simple area 0.0.0.0 network 192.1.1.0 0.0.0.255 # ospf 200 vpn-instance vpnb import-route rip 200 vpn-instance-capability simple area 0.0.0.0 network 192.2.1.0 0.0.0.255 # rip 100 vpn-instance vpna version 2 network 10.0.0.0 import-route ospf 100 # rip 200 vpn-instance vpnb version 2 network 10.0.0.0 import-route ospf 200 # return

Configuration file of CE3


# sysname CE3 # interface Pos1/0/0 link-protocol ppp

3-194

Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd.

Issue 03 (2008-09-22)

Quidway NetEngine80E/40E Core Router Configuration Guide - VPN


ip address 10.3.1.1 255.255.255.0 # rip 100 version 2 network 10.0.0.0 import-route direct # return l

3 BGP/MPLS IP VPN Configuration

Configuration file of CE4


# sysname CE4 # interface Pos1/0/0 link-protocol ppp ip address 10.4.1.1 255.255.255.0 # rip 200 version 2 network 10.0.0.0 import-route direct # return

3.21.13 Example for Configuring PBR to VPN


Networking Requirements
As shown in Figure 3-14,CE1 and CE3 belong to VPN1, and CE2 belongs to VPN2. The PC1 and the PC2 access the network through the CE1. The IP address of PC1 is 100.1.1.11 and that of PC2 is 100.1.1.12. The default gateway of PC1 and PC2 is 100.1.1.1/24. PC1 can access both VPN1 and VPN2. PC2 can access only VPN1.

Issue 03 (2008-09-22)

Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd.

3-195

3 BGP/MPLS IP VPN Configuration

Quidway NetEngine80E/40E Core Router Configuration Guide - VPN

Figure 3-14 Networking diagram of configuring PBR to VPN


CE3 VPN1
Loopback1 1.1.1.9/32 Loopback1 2.2.2.9/32 POS1/0/0 10.3.1.1/24

Backbone
POS2/0/0 172.1.1.1/24

POS3/0/0 10.3.1.2/24 POS1/0/0 10.2.1.2/24

POS1/0/0 10.1.1.2/24 POS1/0/0 10.1.1.1/24

POS2/0/0 172.1.1.2/24

PE1

PE2

CE1 VPN1
GE2/0/0 100.1.1.1/24

POS1/0/0 10.2.1.1/24

VPN2

GE2/0/0

CE2 200.1.1.1/24

PC1
100.1.1.11/24

PC2
100.1.1.12/24

Configuration Roadmap
The configuration roadmap is as follows: 1. 2. 3. 4. Configure VPN instance vpn1 on PE1 and configure CE1 to access PE1. Configure VPN instances vpn1 and vpn2 on PE2. CE3 accesses vpn1; CE2 accesses vpn2. Create a VPN group on PE1 and add vpn2 to the VPN group. Configure VPN instance vpn2 on PE1.Configure a traffic policy and apply the policy. Redirect packets sent from PC1 to 10.2.1.0/24 to the VPN group. Configure static routes on PEs so that packets returned from vpn2 can access PC1.

Data Preparation
To configure PBR to VPN, you need the following data:
l l l l

MPLS LSR-ID on PEs VPN instance names, RDs, and VPN targets on PEs ACL number and rules Traffic class, traffic behavior, and traffic policy

Configuration Procedure
1. Configure OSPF and MPLS LDP. # Configure PE1.
3-196 Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd. Issue 03 (2008-09-22)

Quidway NetEngine80E/40E Core Router Configuration Guide - VPN

3 BGP/MPLS IP VPN Configuration

<Quidway> system-view [Quidway] sysname PE1 [PE1] interface loopback 1 [PE1-LoopBack1] ip address 1.1.1.9 32 [PE1-LoopBack1] quit [PE1] mpls lsr-id 1.1.1.9 [PE1] mpls [PE1-mpls] quit [PE1] mpls ldp [PE1-mpls-ldp] quit [PE1] interface pos2/0/0 [PE1-Pos2/0/0] ip address 172.1.1.1 24 [PE1-Pos2/0/0] mpls [PE1-Pos2/0/0] mpls ldp [PE1-Pos2/0/0] undo shutdown [PE1-Pos2/0/0] quit [PE1] ospf [PE1-ospf-1] area 0 [PE1-ospf-1-area-0.0.0.0] network 1.1.1.9 0.0.0.0 [PE1-ospf-1-area-0.0.0.0] network 172.1.1.0 0.0.0.255 [PE1-ospf-1-area-0.0.0.0] quit [PE1-ospf-1] quit

# Configure PE2.
<Quidway> system-view [Quidway] sysname PE2 [PE2] interface loopback 1 [PE2-LoopBack1] ip address 2.2.2.9 32 [PE2-LoopBack1] quit [PE2] mpls lsr-id 2.2.2.9 [PE2] mpls [PE2-mpls] quit [PE2] mpls ldp [PE2-mpls-ldp] quit [PE2] interface pos2/0/0 [PE2-Pos2/0/0] ip address 172.1.1.2 24 [PE2-Pos2/0/0] mpls [PE2-Pos2/0/0] mpls ldp [PE2-Pos2/0/0] undo shutdown [PE2-Pos2/0/0] quit [PE2] ospf [PE2-ospf-1] area 0 [PE2-ospf-1-area-0.0.0.0] network 2.2.2.9 0.0.0.0 [PE2-ospf-1-area-0.0.0.0] network 172.1.1.0 0.0.0.255 [PE2-ospf-1-area-0.0.0.0] quit [PE2-ospf-1] quit

2.

Establish the MP-IBGP relationship between PEs to advertise VPN-IPv4 routes. # Configure PE1.
[PE1] bgp 100 [PE1-bgp] peer 2.2.2.9 as-number 100 [PE1-bgp] peer 2.2.2.9 connect-interface loopback 1 [PE1-bgp] ipv4-family vpnv4 [PE1-bgp-af-vpnv4] peer 2.2.2.9 enable [PE1-bgp-af-vpnv4] quit [PE1-bgp] quit

# Configure PE2.
[PE2] bgp 100 [PE2-bgp] peer 1.1.1.9 as-number 100 [PE2-bgp] peer 1.1.1.9 connect-interface LoopBack 1 [PE2-bgp] ipv4-family vpnv4 [PE2-bgp-af-vpnv4] peer 1.1.1.9 enable [PE2-bgp-af-vpnv4] quit [PE2-bgp] quit

3.

Configure VPN instances.

Issue 03 (2008-09-22)

Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd.

3-197

3 BGP/MPLS IP VPN Configuration

Quidway NetEngine80E/40E Core Router Configuration Guide - VPN

Configure VPN instance vpn1 on PE1 to access CE1. Configure VPN instance vpn1 on PE2 to access CE3. Configure VPN instance vpn2 on PE2 to access CE2. Configure the default route to the remote CE on the CE1. # Configure PE1.
[PE1] ip vpn-instance vpn1 [PE1-vpn-instance-vpn1] route-distinguisher 100:1 [PE1-vpn-instance-vpn1] vpn-target 1:1 [PE1-vpn-instance-vpn1] quit [PE1] interface pos 1/0/0 [PE1-Pos1/0/0] ip binding vpn-instance vpn1 [PE1-Pos1/0/0] ip address 10.1.1.2 24 [PE1-Pos1/0/0] undo shutdown

# Configure PE2.
[PE2] ip vpn-instance vpn1 [PE2-vpn-instance-vpn1] route-distinguisher 100:1 [PE2-vpn-instance-vpn1] vpn-target 1:1 [PE2-vpn-instance-vpn1] quit [PE2] ip vpn-instance vpn2 [PE2-vpn-instance-vpn2] route-distinguisher 100:2 [PE2-vpn-instance-vpn2] vpn-target 2:2 [PE2-vpn-instance-vpn2] quit [PE2] interface pos 1/0/0 [PE2-Pos1/0/0] ip binding vpn-instance vpn2 [PE2-Pos1/0/0] ip address 10.2.1.2 24 [PE2-Pos1/0/0] undo shutdown [PE2-Pos1/0/0] quit [PE2] interface pos 3/0/0 [PE2-Pos3/0/0] ip binding vpn-instance vpn1 [PE2-Pos3/0/0] ip address 10.3.1.2 24 [PE2-Pos3/0/0] undo shutdown [PE2-Pos3/0/0] quit

# Configure CE1.
<CE1> system-view [CE1] interface pos 1/0/0 [CE1-Pos1/0/0] ip address 10.1.1.1 24 [CE1-Pos1/0/0] undo shutdown [CE1-Pos1/0/0] quit [CE1] interface gigabitethernet 2/0/0 [CE1-GigabitEthernet2/0/0] ip address 100.1.1.1 24 [CE1-GigabitEthernet2/0/0] undo shutdown [CE1-GigabitEthernet2/0/0] quit [CE1] ip route-static 0.0.0.0 0 10.1.1.2

# Configure CE2.
<CE2> system-view [CE2] interface pos 1/0/0 [CE2-Pos1/0/0] ip address 10.2.1.1 24 [CE2-Pos1/0/0] undo shutdown [CE2-Pos1/0/0] quit [CE2] interface gigabitethernet 2/0/0 [CE2-GigabitEthernet2/0/0] ip address 200.1.1.1 24 [CE2-GigabitEthernet2/0/0] undo shutdown [CE2-GigabitEthernet2/0/0] quit

# Configure CE3.
<CE3> system-view [CE3] interface pos 1/0/0 [CE3-Pos1/0/0] ip address 10.3.1.1 24 [CE3-Pos1/0/0] undo shutdown [CE3-Pos1/0/0] quit

4.

Set up the EBGP relationship between PEs and CEs. # Configure CE1.
[CE1] bgp 600

3-198

Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd.

Issue 03 (2008-09-22)

Quidway NetEngine80E/40E Core Router Configuration Guide - VPN

3 BGP/MPLS IP VPN Configuration

[CE1-bgp] peer 10.1.1.2 as-number 100 [CE1-bgp] import-route direct [CE1-bgp] quit [CE1] interface gigabitethernet 2/0/0 [CE1-GigabitEthernet2/0/0] ip address 100.1.1.1 24 [CE1-GigabitEthernet2/0/0] undo shutdown [CE1-GigabitEthernet2/0/0] quit

# Configure PE1.
[PE1] bgp 100 [PE1-bgp] ipv4-family vpn-instance vpn1 [PE1-bgp-vpn1] peer 10.1.1.1 as-number 600 [PE1-bgp-vpn1] import-route direct [PE1-bgp-vpn1] quit [PE1-bgp] quit

# Configure CE2.
[CE2] bgp [CE2-bgp] [CE2-bgp] [CE2-bgp] 700 peer 10.2.1.2 as-number 100 import-route direct quit

# Configure CE3.
[CE3] bgp [CE3-bgp] [CE3-bgp] [CE3-bgp] 800 peer 10.3.1.2 as-number 100 import-route direct quit

# Configure PE2.
[PE2] bgp 100 [PE2-bgp] ipv4-family vpn-instance vpn1 [PE2-bgp-vpn1] peer 10.3.1.1 as-number 800 [PE2-bgp-vpn1] import-route direct [PE2-bgp-vpn1] quit [PE2-bgp] ipv4-family vpn-instance vpn2 [PE2-bgp-vpn2] peer 10.2.1.1 as-number 700 [PE2-bgp-vpn2] import-route direct [PE2-bgp-vpn2] quit [PE2-bgp] quit

After the preceding configuration, CE1 can ping through CE3 instead of CE2. Run the display bgp vpnv4 all peer command on PE2 and you can view that the status of PE2 BGP peers is Established. The display is as follows:
[PE2] display bgp vpnv4 all peer BGP local router ID : 2.2.2.9 Local AS number : 100 Total number of peers : 3 Peers in established state : 3 Peer V AS MsgRcvd MsgSent OutQ Up/Down State PrefRcv 1.1.1.9 4 100 19 23 0 00:15:40 Established 14 Peer of vpn instance : vpn instance vpn1 : 10.3.1.1 4 800 14 7 0 00:03:51 Established 10 vpn instance vpn2 : 10.2.1.1 4 700 12 11 0 00:04:14 Established 5

5.

Configure PBR to VPN on PE1. # Configure VPN instance vpn2.


[PE1] ip vpn-instance vpn2 [PE1-vpn-instance-vpn2] route-distinguisher 100:22 [PE1-vpn-instance-vpn2] vpn-target 2:2 [PE1-vpn-instance-vpn2] quit

# Set an ACL rule.


[PE1] acl 3000 [PE1-acl-adv-3000] rule 1 permit ip source 100.1.1.11 0 destination 200.1.1.0 0.0.0.255 [PE1-acl-adv-3000] quit

Issue 03 (2008-09-22)

Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd.

3-199

3 BGP/MPLS IP VPN Configuration

Quidway NetEngine80E/40E Core Router Configuration Guide - VPN

# Configure a static route so that PC1 can access VPN2 and the return packet can find a correct route to PC1 in VPN1 routing table on PE1.
[PE1] ip route-static vpn-instance vpn2 100.1.1.0 24 vpn-instance vpn1 10.1.1.1

# Import the configured static route into BGP and advertise it to PE2.
[PE1] bgp 100 [PE1-bgp] ipv4-family vpn-instance vpn2 [PE1-bgp-vpn2] import-route static [PE1-bgp-vpn2] import-route direct [PE1-bgp-vpn2] quit [PE1-bgp] quit

# Create a VPN group named vg1.


[PE1] vpn-group vg1 vpn-instance vpn2

# Configure a traffic policy to redirect the packets sent by PC1 to the VPN group vg1.
[PE1] traffic classifier c1 [PE1-classifier-c1] if-match acl 3000 [PE1-classifier-c1] quit [PE1] traffic behavior b1 [PE1-behavior-b1] redirect vpn-group vg1 [PE1-behavior-b1] quit [PE1] traffic policy p1 [PE1-trafficpolicy-p1] classifier c1 behavior b1 [PE1-trafficpolicy-p1] quit

# Apply the traffic policy to POS 1/0/0 and activate the policy.
[PE1] interface pos1/0/0 [PE1-Pos1/0/0] traffic-policy p1 inbound [PE1-Pos1/0/0] quit

# Configure the default route on each host.


<C:\> route add 0.0.0.0 mask 0.0.0.0 100.1.1.1

6.

Verify the configuration. After the configuration, PC1 can ping through CE2.
C:\> ping 200.1.1.1 Pinging 200.1.1.1 with 32 bytes of data: Reply from 200.1.1.1: bytes=32 time=4ms TTL=255 Reply from 200.1.1.1: bytes=32 time=2ms TTL=255 Reply from 200.1.1.1: bytes=32 time=2ms TTL=255 Reply from 200.1.1.1: bytes=32 time=2ms TTL=255 Ping statistics for 200.1.1.1: Packets: Sent = 4, Received = 4, Lost = 0 (0% loss), Approximate round trip times in milli-seconds: Minimum = 2ms, Maximum = 4ms, Average = 2ms

PC2 cannot ping through CE2.


C:\>ping 200.1.1.1 Pinging 200.1.1.1 with 32 bytes of data: Request timed out. Request timed out. Request timed out. Request timed out. Ping statistics for 200.1.1.1: Packets: Sent = 4, Received = 0, Lost = 4 (100% loss), Approximate round trip times in milli-seconds: Minimum = 0ms, Maximum = 0ms, Average = 0ms

Configuration Files
l

Configuration file of CE1


# sysname CE1 # interface GigabitEthernet2/0/0

3-200

Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd.

Issue 03 (2008-09-22)

Quidway NetEngine80E/40E Core Router Configuration Guide - VPN


undo shutdown ip address 100.1.1.1 255.255.255.0 # interface Pos1/0/0 undo shutdown link-protocol ppp ip address 10.1.1.1 255.255.255.0 # bgp 600 peer 10.1.1.2 as-number 100 # ipv4-family unicast undo synchronization import-route direct peer 10.1.1.2 enable # ip route-static 0.0.0.0 0 10.1.1.2 # return l

3 BGP/MPLS IP VPN Configuration

Configuration file of PE1


# sysname PE1 # vpn-group vg1 vpn1 vpn2 # ip vpn-instance vpn1 route-distinguisher 100:1 vpn-target 1:1 export-extcommunity vpn-target 1:1 import-extcommunity # ip vpn-instance vpn2 route-distinguisher 100:22 vpn-target 2:2 export-extcommunity vpn-target 2:2 import-extcommunity # mpls lsr-id 1.1.1.9 mpls # mpls ldp # acl number 3000 rule 1 permit ip source 100.1.1.11 0 destination 200.1.1.0 0.0.0.255 # traffic classifier c1 if-match acl 3000 # traffic behavior b1 redirect vpn-group vg1 # traffic policy p1 classifier c1 behavior b1 # interface Pos1/0/0 undo shutdown link-protocol ppp ip binding vpn-instance vpn1 ip address 10.1.1.2 255.255.255.0 traffic-policy p1 inbound # interface Pos2/0/0 undo shutdown link-protocol ppp ip address 172.1.1.1 255.255.255.0 mpls mpls ldp # interface LoopBack1 ip address 1.1.1.9 255.255.255.255 #

Issue 03 (2008-09-22)

Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd.

3-201

3 BGP/MPLS IP VPN Configuration

Quidway NetEngine80E/40E Core Router Configuration Guide - VPN

bgp 100 peer 2.2.2.9 as-number 100 peer 2.2.2.9 connect-interface LoopBack1 # ipv4-family unicast undo synchronization peer 2.2.2.9 enable # ipv4-family vpnv4 policy vpn-target peer 2.2.2.9 enable # ipv4-family vpn-instance vpn1 peer 10.1.1.1 as-number 600 import-route direct # ipv4-family vpn-instance vpn2 import-route static import-route direct # ospf 1 area 0.0.0.0 network 1.1.1.9 0.0.0.0 network 172.1.1.0 0.0.0.255 # ip route-static vpn-instance vpn2 100.1.1.0 24 vpn-instance vpn1 10.1.1.1 # return l

Configuration file of PE2


# sysname PE2 # ip vpn-instance vpn1 route-distinguisher 100:1 vpn-target 1:1 export-extcommunity vpn-target 1:1 import-extcommunity # ip vpn-instance vpn2 route-distinguisher 100:2 vpn-target 2:2 export-extcommunity vpn-target 2:2 import-extcommunity # mpls lsr-id 2.2.2.9 mpls # mpls ldp # interface Pos1/0/0 undo shutdown link-protocol ppp ip binding vpn-instance vpn2 ip address 10.2.1.1 255.255.255.0 # interface Pos2/0/0 undo shutdown link-protocol ppp ip address 172.1.1.2 255.255.255.0 mpls mpls ldp # interface Pos3/0/0 undo shutdown link-protocol ppp ip binding vpn-instance vpn1 ip address 10.3.1.1 255.255.255.0 # interface LoopBack1 ip address 2.2.2.9 255.255.255.255 #

3-202

Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd.

Issue 03 (2008-09-22)

Quidway NetEngine80E/40E Core Router Configuration Guide - VPN


bgp 100 peer 1.1.1.9 as-number 100 peer 1.1.1.9 connect-interface LoopBack1 # ipv4-family unicast undo synchronization peer 1.1.1.9 enable # ipv4-family vpnv4 policy vpn-target peer 1.1.1.9 enable # ipv4-family vpn-instance vpn1 peer 10.3.1.1 as-number 800 import-route direct # ipv4-family vpn-instance vpn2 peer 10.2.1.1 as-number 700 import-route direct # ospf 1 area 0.0.0.0 network 2.2.2.9 0.0.0.0 network 172.1.1.0 0.0.0.255 # return l

3 BGP/MPLS IP VPN Configuration

Configuration file of CE2


# sysname CE2 # interface GigabitEthernet2/0/0 undo shutdown ip address 200.1.1.1 255.255.255.0 # interface Pos1/0/0 undo shutdown link-protocol ppp ip address 10.2.1.1 255.255.255.0 # bgp 700 peer 10.2.1.2 as-number 100 # ipv4-family unicast undo synchronization import-route direct peer 10.2.1.2 enable # return

Configuration file of CE3


# sysname CE3 # interface Pos1/0/0 undo shutdown link-protocol ppp ip address 10.3.1.1 255.255.255.0 # bgp 800 peer 10.3.1.2 as-number 100 # ipv4-family unicast undo synchronization import-route direct peer 10.3.1.2 enable # return

Issue 03 (2008-09-22)

Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd.

3-203

3 BGP/MPLS IP VPN Configuration


l

Quidway NetEngine80E/40E Core Router Configuration Guide - VPN

Configuration file of Host


route add 0.0.0.0 mask 0.0.0.0 100.1.1.1

3.21.14 Example for Connecting VPN and Internet


Networking Requirements
As shown in Figure 3-15, CE1 and CE2 on the private network can mutually access. Meanwhile a proxy server with the public network address is attached with CE1. Thus, users of CE1 can access Internet through this proxy server. In this example, the P device serves as a substitute for the Internet. Figure 3-15 Example of enabling VPN users to access the public network

Loopback1 1.1.1.1/32

Loopback1 2.2.2.2/32 POS1/0/0 100.1.1.2/24

Loopback1 3.3.3.3/32 POS1/0/0 100.2.1.2/24

PE1
POS1/0/0 10.1.1.2/24 POS1/0/0 10.1.1.1/24 GE2/0/0 100.3.1.2/24

PE2
POS2/0/0 10.2.1.2/24 POS1/0/0 10.2.1.1/24

POS2/0/0 100.1.1.1/24

P Internet AS100

POS2/0/0 10.2.1.1/24

CE1

Agent Server VPN1 AS 65410


100.3.1.1/24

CE2 VPN1 AS 65420

Configuration Roadmap
In this configuration, configure the L3VPN first. It needs the following static routes: 1. 2. 3. Add a default route on CE1. The next hop is PE1. Add a default route from the VPN device to the Internet on PE1. The next hop is P. Thus, the traffic of the proxy server reaches the Internet. Add a static route from the Internet to the proxy server on PE1 and the next hop is CE1. Use IGP to advertise this route to the Internet, Thus, the traffic of Internet reaches the server attached with CE1.

Data Preparation
To configure BGP/MPLS IP VPN, you need the following data:
l l l

MPLS LSR ID on the PEs and the Ps RD of VPN VPN-Target of VPN


Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd. Issue 03 (2008-09-22)

3-204

Quidway NetEngine80E/40E Core Router Configuration Guide - VPN

3 BGP/MPLS IP VPN Configuration

Configuration Procedure
1. Configure IGP. Assign IP addresses for physical interfaces and loopback interfaces on the backbone network. Run IGP on each router of the backbone so that PE1, P and PE2 can ping through each other, and know the loopback address of each other. The detailed configuration procedure is not mentioned here. 2. Set up an MPLS LDP LSP and MP-IBGP peer relationship. Set up an MPLS LSP and MP-IBGP peer relationship between the PEs. The detailed configuration procedure is not mentioned here. After the configuration given above, run the display mpls ldp session command on P. You can find the LDP session "Status" between PE1 and P, and that between PE2 and P is "Operational". The display on P is as follows:
<P> display mpls ldp session LDP Session(s) in Public Network -------------------------------------------------------------------------Peer-ID Status LAM SsnRole SsnAge KA-Sent/Rcv 1.1.1.1:0 Operational DU Active 000:00:05 23/23 3.3.3.3:0 Operational DU Passive 000:00:04 18/18 -------------------------------------------------------------------------TOTAL: 2 session(s) Found. LAM : Label Advertisement Mode SsnAge Unit : DDD:HH:MM

Run the display bgp vpnv4 all peer command on PE. You can find that the MP-IBGP peer relationship state is "Established". Consider PE1 as an example:
<PE1> display bgp vpnv4 all peer BGP local router ID : 1.1.1.1 Local AS number : 100 Total number of peers : 1 Peer V AS MsgRcvd 3.3.3.3 4 100 6

Peers in established state : 1 MsgSent OutQ Up/Down State PrefRcv 8 0 00:03:48 Established

3.

Create VPN instances and establishing EBGP. Create the VPN instance named VPN1 on PE and bind it with the interface attached with the CE. Establish the EBGP peer relationship between PE1 and CE1, and that between PE2 and CE2. In this manner, the routes on the CE can be imported to the PE. The detailed configuration procedure is not mentioned. After the configuration given above, run the display ip vpn-instance command on PE. You can find the "VPN instance names" contains VPN1. Consider PE1 as an example:
[PE1] display ip vpn-instance Total VPN-Instances configured : 1 VPN-Instance Name RD vpn1 100:1 Creation Time 2007/01/08 18:40:57

Run the display bgp vpnv4 all peer on PE to display the status of IBGP and EBGP peers both of which are "established". Consider PE1 as an example:
<PE1> display bgp vpnv4 all peer BGP local router ID : 1.1.1.1 Local AS number : 100 Total number of peers : 2 Peer V AS MsgRcvd 3.3.3.3 4 100 127 BGP local router ID : 1.1.1.1 Local AS number : 100

Peers in established state : 2 MsgSent OutQ Up/Down State PrefRcv 134 0 01:39:44 Established 2

Issue 03 (2008-09-22)

Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd.

3-205

3 BGP/MPLS IP VPN Configuration


Total number of peers : 2 Peer V AS MsgRcvd Peer of vpn instance : vpn instance vpn1 : 10.1.1.1 4 65410 107

Quidway NetEngine80E/40E Core Router Configuration Guide - VPN


Peers in established state : 2 OutQ Up/Down State PrefRcv 0 01:26:33 Established 3

MsgSent

110

4.

Configure the static route to enable VPN to access the public network. # Configure a default route on CE1and the next hop is PE1.
<CE1> system-view [CE1] ip route-static 0.0.0.0 0 10.1.1.2

# Configure PE1. # Configure a default route from the proxy server of the VPN site to Internet. The next hop is P. Specify the address of the next hop as public network address. That is, add a keyword public after the next hop address in the command.
<PE1> system-view [PE1] ip route-static vpn-instance vpn1 0.0.0.0 0 100.1.1.2 public

# Configure a static route back to the proxy server. The next hop is CE1.
[PE1] ip route-static 100.3.1.1 24 vpn-instance vpn1 10.1.1.1

# Configure the static route to the proxy server on P.


<P> system-view [P] ip route-static 100.3.1.1 24 100.1.1.1

# Configure the proxy server. Set the IP address of the proxy server as 100.3.1.1/24. Set its default gateway as CE1, that is, 100.3.1.2/24. A proxy software should also be run on the proxy server. 5. Verify the configuration. Run the display ip routing-table vpn-instance command on PE1. You can find a default route, with next hop being 100.1.1.2 and the egress being POS 2/0/0, exists in the VPN routing table.
[PE1] display ip routing-table vpn-instance vpn1 Route Flags: R - relied, D - download to fib -----------------------------------------------------------------------------Routing Tables: vpn1 Destinations : 7 Routes : 7 Destination/Mask Proto Pre Cost Flags NextHop Interface 0.0.0.0/0 Static 60 0 RD 100.1.1.2 Pos2/0/0 10.1.1.0/24 Direct 0 0 D 10.1.1.2 Pos1/0/0 10.1.1.1/32 Direct 0 0 D 10.1.1.1 Pos1/0/0 10.1.1.2/32 Direct 0 0 D 127.0.0.1 InLoopBack0 10.2.1.0/24 BGP 255 0 RD 3.3.3.3 Pos2/0/0 10.2.1.1/32 BGP 255 0 RD 3.3.3.3 Pos2/0/0 100.3.1.1/32 BGP 255 0 D 10.1.1.1 Pos1/0/0

Run the display ip routing-table command on PE1 to display that the route to the proxy server exists in the public network routing table, and the IP address of next hop is 10.1.1.1.
[PE1] display ip routing-table Route Flags: R - relied, D - download to fib -----------------------------------------------------------------------------Routing Tables: Public Destinations : 10 Routes : 10 Destination/Mask Proto Pre Cost Flags NextHop Interface 1.1.1.1/32 Direct 0 0 D 127.0.0.1 InLoopBack0 2.2.2.2/32 OSPF 10 2 D 100.1.1.2 Pos2/0/0 3.3.3.3/32 OSPF 10 3 D 100.1.1.2 Pos2/0/0 100.1.1.0/24 Direct 0 0 D 100.1.1.1 Pos2/0/0 100.1.1.1/32 Direct 0 0 D 127.0.0.1 InLoopBack0 100.1.1.2/32 Direct 0 0 D 100.1.1.2 Pos2/0/0 100.2.1.0/24 OSPF 10 2 D 100.1.1.2 Pos2/0/0 100.3.1.0/24 Static 60 0 D 10.1.1.1 Pos1/0/0 127.0.0.0/8 Direct 0 0 D 127.0.0.1 InLoopBack0 127.0.0.1/32 Direct 0 0 D 127.0.0.1 InLoopBack0

3-206

Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd.

Issue 03 (2008-09-22)

Quidway NetEngine80E/40E Core Router Configuration Guide - VPN

3 BGP/MPLS IP VPN Configuration

P can ping through the proxy server.


[P] ping 100.3.1.1 PING 100.3.1.1: 56 data bytes, press CTRL_C to break Reply from 100.3.1.1: bytes=56 Sequence=1 ttl=254 time=62 Reply from 100.3.1.1: bytes=56 Sequence=2 ttl=254 time=62 Reply from 100.3.1.1: bytes=56 Sequence=3 ttl=254 time=62 Reply from 100.3.1.1: bytes=56 Sequence=4 ttl=254 time=62 Reply from 100.3.1.1: bytes=56 Sequence=5 ttl=254 time=62 --- 100.3.1.1 ping statistics --5 packet(s) transmitted 5 packet(s) received 0.00% packet loss round-trip min/avg/max = 62/62/62 ms ms ms ms ms ms

Also, the proxy server can access P.

Configuration Files
l

Configuration file of CE1


# sysname CE1 # interface Pos1/0/0 link-protocol ppp ip address 10.1.1.1 255.255.255.0 # interface GE2/0/0 ip address 100.3.1.1 255.255.255.0 # bgp 65410 peer 10.1.1.2 as-number 100 # ipv4-family unicast undo synchronization import-route direct peer 10.1.1.2 enable # ip route-static 0.0.0.0 0.0.0.0 10.1.1.2 # return

Configuration file of PE1


# sysname PE1 # ip vpn-instance vpn1 route-distinguisher 100:1 vpn-target 1:1 export-extcommunity vpn-target 1:1 import-extcommunity # mpls lsr-id 1.1.1.1 mpls lsp-trigger all # mpls ldp # interface Pos1/0/0 link-protocol ppp ip binding vpn-instance vpn1 ip address 10.1.1.2 255.255.255.0 # interface Pos2/0/0 link-protocol ppp ip address 100.1.1.1 255.255.255.0 mpls mpls ldp # interface LoopBack1

Issue 03 (2008-09-22)

Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd.

3-207

3 BGP/MPLS IP VPN Configuration

Quidway NetEngine80E/40E Core Router Configuration Guide - VPN

ip address 1.1.1.1 255.255.255.255 # bgp 100 peer 3.3.3.3 as-number 100 peer 3.3.3.3 connect-interface LoopBack1 # ipv4-family unicast undo synchronization peer 3.3.3.3 enable # ipv4-family vpnv4 policy vpn-target peer 3.3.3.3 enable # ipv4-family vpn-instance vpn1 peer 10.1.1.1 as-number 65410 import-route static import-route direct # ospf 1 area 0.0.0.0 network 1.1.1.1 0.0.0.0 network 100.1.1.0 0.0.0.255 # ip route-static 100.3.1.0 255.255.255.0 Pos1/0/0 10.1.1.1 ip route-static vpn-instance vpn1 0.0.0.0 0.0.0.0 100.1.1.2 public # return l

Configuration file of P
# sysname P # mpls lsr-id 2.2.2.2 mpls lsp-trigger all # mpls ldp # interface Pos1/0/0 link-protocol ppp ip address 100.1.1.2 255.255.255.0 mpls mpls ldp # interface Pos2/0/0 link-protocol ppp ip address 100.2.1.1 255.255.255.0 mpls mpls ldp # interface LoopBack1 ip address 2.2.2.2 255.255.255.255 # ospf 1 area 0.0.0.0 network 2.2.2.2 0.0.0.0 network 100.1.1.0 0.0.0.255 network 100.2.1.0 0.0.0.255 # ip route-static 100.3.1.0 255.255.255.0 100.1.1.1 # return

Configuration file of PE2


# sysname PE2 # ip vpn-instance vpn1 route-distinguisher 100:2

3-208

Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd.

Issue 03 (2008-09-22)

Quidway NetEngine80E/40E Core Router Configuration Guide - VPN


vpn-target 1:1 export-extcommunity vpn-target 1:1 import-extcommunity # mpls lsr-id 3.3.3.3 mpls lsp-trigger all # mpls ldp # interface Pos1/0/0 link-protocol ppp ip address 100.2.1.2 255.255.255.0 mpls mpls ldp # interface Pos2/0/0 link-protocol ppp ip binding vpn-instance vpn1 ip address 10.2.1.2 255.255.255.0 # interface LoopBack1 ip address 3.3.3.3 255.255.255.255 # bgp 100 peer 1.1.1.1 as-number 100 peer 1.1.1.1 connect-interface LoopBack1 # ipv4-family unicast undo synchronization peer 1.1.1.1 enable # ipv4-family vpnv4 policy vpn-target peer 1.1.1.1 enable # ipv4-family vpn-instance vpn1 peer 10.2.1.1 as-number 65420 import-route direct # ospf 1 area 0.0.0.0 network 3.3.3.3 0.0.0.0 network 100.2.1.0 0.0.0.255 # return l

3 BGP/MPLS IP VPN Configuration

Configuration file of CE2


# sysname CE2 # interface Pos1/0/0 link-protocol ppp ip address 10.2.1.1 255.255.255.0 # bgp 65420 peer 10.2.1.2 as-number 100 # ipv4-family unicast undo synchronization import-route direct peer 10.2.1.2 enable # return

3.21.15 Example for Configuring a Dual-Homed CE

Issue 03 (2008-09-22)

Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd.

3-209

3 BGP/MPLS IP VPN Configuration

Quidway NetEngine80E/40E Core Router Configuration Guide - VPN

Networking Requirements
With the development of the telecommunication services, all the telecommunication services will be carried on the universal IP network. Some important services such as 3G/NGN, IPTV media traffic, VIP customer VPN require high reliability of the network. To promote the network reliability, besides considering the reliability of the network devices, the link and network reliability such as fast route convergence, fault detection, fast reroute, and backup must be taken into consideration. For the access layer, the dual-homed CE is a common solution for improving the network reliability. A dual-homed CE refers to a CE that is connected with two PEs, which belong to the same VPN with the CE. The dual-homed CE accesses the backbone network through two links that can either perform load balancing or work as the active and standby link. As shown in Figure 3-16, CE1 resides in site1 of vpn1. CE2 resides in site2 of vpn1. CE1 accesses the PE1 and PE2 in dual-homed mode. The VPN2 access the PE3 and PE4 in dualhomed mode. If the data traffic from the CE1 to the CE2 is large while that from the CE2 to the CE1 is small, the traffic data from CE1 to CE2 can be configured to be transmitted in load-balancing mode. In addition, the data traffic from the CE2 to CE1 is transmitted through the PE4 instead of the PE3, which works as a backup. Figure 3-16 Networking diagram for the dual-homed CE
VPN backbone AS 100
Loopback1 Loopback1 Loopback1

GE1/0/0

POS2/0/0 POS1/0/0

POS2/0/0 POS1/0/0

GE2/0/0

CE1
GE1/0/0 GE2/0/0 GE3/0/0 GE1/0/0

PE1

P1

PE3

CE2
GE1/0/0 GE2/0/0 GE3/0/0 GE2/0/0

PE2
POS2/0/0 POS1/0/0 Loopback1

P2
POS2/0/0 POS1/0/0

PE4

vpn1 site1 AS 65410

Loopback1

vpn1 site2
Loopback1

AS 65420

Device CE1 GE2/0/0 GE3/0/0 PE1 GE1/0/0 POS2/0/0 PE2 GE1/0/0 POS2/0/0 P1

Interface GE1/0/0 10.2.1.1/30 10.5.1.1/24 Loopback1 10.1.1.2/30 100.1.1.1/30 Loopback1 10.2.1.2/30 100.2.1.1/30 Loopback1

IP address 10.1.1.1/30

1.1.1.1/32

2.2.2.2/32

5.5.5.5/32

3-210

Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd.

Issue 03 (2008-09-22)

Quidway NetEngine80E/40E Core Router Configuration Guide - VPN


POS1/0/0 POS2/0/0 P2 POS1/0/0 POS2/0/0 PE3 POS1/0/0 GE2/0/0 PE4 POS1/0/0 GE2/0/0 CE2 GE2/0/0 GE3/0/0 100.1.1.2/30 100.3.1.1/30 Loopback1 100.3.1.1/30 100.4.1.1/30 Loopback1 100.3.1.2/30 10.3.1.1/30 Loopback1 100.4.1.2/30 10.4.1.1/30 GE1/0/0 10.4.1.2/30 10.6.1.1/24

3 BGP/MPLS IP VPN Configuration

6.6.6.6/32

3.3.3.3/32

4.4.4.4/32

10.3.1.2/30

Configuration Roadmap
The configuration roadmap is as follows: 1. 2. 3. Configure the basic BGP/MPLS IP VPN. Enable load balancing for the data traffic to the CE2 in the BGP view on the CE1. Enlarge the MED value of the BGP-VPN route on the PE3 to ensure the next hop of the route selected by the CE2 to the users that access the CE1 is PE4.

Configuration Procedure
1. Configure IGP on the MPLS backbone network to ensure the communication between the PEs and Ps. # Configure PE1. # Configure the IP addresses of the interfaces. The IP address of the loopback interface has 32-bit mask.
<Quidway> system-view [Quidway] sysname PE1 [PE1] interface loopback 1 [PE1-LoopBack1] ip address 1.1.1.1 32 [PE1-LoopBack1] quit [PE1] interface pos2/0/0 [PE1-Pos2/0/0] ip address 100.1.1.1 30 [PE1-Pos2/0/0] quit

# Configure IS-IS to advertise the routes of the interfaces.


[PE1] isis 1 [PE1-isis-1] network-entity 10.0000.0000.0001.00 [PE1-isis-1] quit [PE1] interface loopback 1 [PE1-LoopBack1] isis enable 1 [PE1-LoopBack1] quit [PE1] interface pos2/0/0 [PE1-Pos2/0/0] isis enable 1 [PE1-Pos2/0/0] quit

# Configure PE2. # Configure the IP addresses of the interfaces. The IP address of the loopback interface has 32-bit mask.
<Quidway> system-view [Quidway] sysname PE2

Issue 03 (2008-09-22)

Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd.

3-211

3 BGP/MPLS IP VPN Configuration


[PE2] interface loopback 1 [PE2-LoopBack1] ip address 2.2.2.2 32 [PE2-LoopBack1] quit [PE2] interface pos2/0/0 [PE2-Pos2/0/0] ip address 100.2.1.1 30 [PE2-Pos2/0/0] quit

Quidway NetEngine80E/40E Core Router Configuration Guide - VPN

# Configure IS-IS to advertise the routes of the interfaces.


[PE2] isis 1 [PE2-isis-1] network-entity 10.0000.0000.0002.00 [PE2-isis-1] quit [PE2] interface loopback 1 [PE2-LoopBack1] isis enable 1 [PE2-LoopBack1] quit [PE2] interface pos2/0/0 [PE2-Pos2/0/0] isis enable 1 [PE2-Pos2/0/0] quit

# Configure P1. # Configure the IP addresses of the interfaces. The IP address of the loopback interface has 32-bit mask.
<Quidway> system-view [Quidway] sysname P1 [P1] interface loopback 1 [P1-LoopBack1] ip address 5.5.5.5 32 [P1-LoopBack1] quit [P1] interface pos 1/0/0 [P1-Pos1/0/0] ip address 100.1.1.2 30 [P1-Pos1/0/0] quit [P1] interface pos 2/0/0 [P1-Pos2/0/0] ip address 100.3.1.1 30 [P1-Pos2/0/0] quit

# Configure IS-IS to advertise the routes of the interfaces.


[P1] isis 1 [P1-isis-1] network-entity 10.0000.0000.0005.00 [P1-isis-1] quit [P1] interface loopback 1 [P1-LoopBack1] isis enable 1 [P1-LoopBack1] quit [P1] interface pos1/0/0 [P1-Pos1/0/0] isis enable 1 [P1-Pos1/0/0] quit [P1] interface pos2/0/0 [P1-Pos2/0/0] isis enable 1 [P1-Pos2/0/0] quit

# Configure P2. # Configure the IP addresses of the interfaces. The IP address of the loopback interface has 32-bit mask.
<Quidway> system-view [Quidway] sysname P2 [P2] interface loopback 1 [P2-LoopBack1] ip address 6.6.6.6 32 [P2-LoopBack1] quit [P2] interface pos 1/0/0 [P2-Pos1/0/0] ip address 100.2.1.2 30 [P2-Pos1/0/0] quit [P2] interface pos 2/0/0 [P2-Pos2/0/0] ip address 100.4.1.1 30 [P2-Pos2/0/0] quit

# Configure IS-IS to advertise the routes of the interfaces.


[P2] isis 1 [P2-isis-1] network-entity 10.0000.0000.0006.00 [P2-isis-1] quit [P2] interface loopback 1

3-212

Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd.

Issue 03 (2008-09-22)

Quidway NetEngine80E/40E Core Router Configuration Guide - VPN


[P2-LoopBack1] isis enable 1 [P2-LoopBack1] quit [P2] interface pos1/0/0 [P2-Pos1/0/0] isis enable 1 [P2-Pos1/0/0] quit [P2] interface pos2/0/0 [P2-Pos2/0/0] isis enable 1 [P2-Pos2/0/0] quit

3 BGP/MPLS IP VPN Configuration

# Configure PE3. # Configure the IP addresses of the interfaces. The IP address of the loopback interface has 32-bit mask.
<Quidway> system-view [Quidway] sysname PE3 [PE3] interface loopback 1 [PE3-LoopBack1] ip address 3.3.3.3 32 [PE3-LoopBack1] quit [PE3] interface pos1/0/0 [PE3-Pos1/0/0] ip address 100.3.1.2 30 [PE3-Pos1/0/0] quit

# Configure IS-IS to advertise the routes of the interfaces.


[PE3] isis 1 [PE3-isis-1] network-entity 10.0000.0000.0003.00 [PE3-isis-1] quit [PE3] interface loopback 1 [PE3-LoopBack1] isis enable 1 [PE3-LoopBack1] quit [PE3] interface pos1/0/0 [PE3-Pos1/0/0] isis enable 1 [PE3-Pos1/0/0] quit

# Configure PE4. # Configure the IP addresses of the interfaces. The IP address of the loopback interface has 32-bit mask.
<Quidway> system-view [Quidway] sysname PE4 [PE4] interface loopback 1 [PE4-LoopBack1] ip address 2.2.2.2 32 [PE4-LoopBack1] quit [PE4] interface pos2/0/0 [PE4-Pos2/0/0] ip address 100.2.1.1 30 [PE4-Pos2/0/0] quit

# Configure IS-IS to advertise the routes of the interfaces.


[PE4] isis 1 [PE4-isis-1] network-entity 10.0000.0000.0002.00 [PE4-isis-1] quit [PE4] interface loopback 1 [PE4-LoopBack1] isis enable 1 [PE4-LoopBack1] quit [PE4] interface pos2/0/0 [PE4-Pos2/0/0] isis enable 1 [PE4-Pos2/0/0] quit

After the configuration is complete, run the display ip routing-table command. You can find the PE1 and PE3, the PE2 and PE4 has learned the Loopback1 routes between each other. Take the PE1 as an example:
[PE1] display ip routing-table Route Flags: R - relied, D - download to fib -----------------------------------------------------------------------------Routing Tables: Public Destinations : 9 Routes : 9 Destination/Mask Proto Pre Cost Flags NextHop Interface 1.1.1.1/32 Direct 0 0 D 127.0.0.1 InLoopBack0

Issue 03 (2008-09-22)

Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd.

3-213

3 BGP/MPLS IP VPN Configuration


3.3.3.3/32 5.5.5.5/32 100.1.1.0/30 100.1.1.1/32 100.1.1.2/32 100.3.1.0/30 127.0.0.0/8 127.0.0.1/32 ISIS ISIS Direct Direct Direct ISIS Direct Direct 15 15 0 0 0 15 0 0 20 10 0 0 0 20 0 0

Quidway NetEngine80E/40E Core Router Configuration Guide - VPN


D D D D D D D D 100.1.1.2 100.1.1.2 100.1.1.1 127.0.0.1 100.1.1.2 100.1.1.2 127.0.0.1 127.0.0.1 Pos2/0/0 Pos2/0/0 Pos2/0/0 InLoopBack0 Pos2/0/0 Pos2/0/0 InLoopBack0 InLoopBack0

2.

Configure the basic MPLS capability and MPLS LDP on the MPLS backbone network and set up the LDP LSP. # Configure PE1. # Enable MPLS and LDP. Specify the LSR-ID as the address of the loopback interface and trigger the LSP setup.
[PE1] mpls lsr-id 1.1.1.1 [PE1] mpls [PE1-mpls] lsp-trigger all [PE1-mpls] quit [PE1] mpls ldp [PE1-mpls-ldp] quit

# Enable MPLS and LDP on the interfaces of the backbone network.


[PE1] interface pos 2/0/0 [PE1-Pos2/0/0] mpls [PE1-Pos2/0/0] mpls ldp [PE1-Pos2/0/0] quit

# Configure PE2. # Enable MPLS and LDP. Specify the LSR-ID as the address of the loopback interface and trigger the LSP setup.
[PE2] mpls lsr-id 1.1.1.1 [PE2] mpls [PE2-mpls] lsp-trigger all [PE2-mpls] quit [PE2] mpls ldp [PE2-mpls-ldp] quit

# Enable MPLS and LDP on the interfaces of the backbone network.


[PE2] interface pos 2/0/0 [PE2-Pos2/0/0] mpls [PE2-Pos2/0/0] mpls ldp [PE2-Pos2/0/0] quit

# Configure P1. # Enable MPLS and LDP. Specify the LSR-ID as the address of the loopback interface and trigger the LSP setup.
[P1] mpls lsr-id 5.5.5.5 [P1] mpls [P1-mpls] lsp-trigger all [P1-mpls] quit [P1] mpls ldp [P1-mpls-ldp] quit

# Enable MPLS and LDP on the interfaces of the backbone network.


[P1] interface pos [P1-Pos1/0/0] mpls [P1-Pos1/0/0] mpls [P1-Pos1/0/0] quit [P1] interface pos [P1-Pos2/0/0] mpls [P1-Pos2/0/0] mpls [P1-Pos2/0/0] quit 1/0/0 ldp 2/0/0 ldp

# Configure P2.
3-214 Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd. Issue 03 (2008-09-22)

Quidway NetEngine80E/40E Core Router Configuration Guide - VPN

3 BGP/MPLS IP VPN Configuration

# Enable MPLS and LDP. Specify the LSR-ID as the address of the loopback interface and trigger the LSP setup.
[P2] mpls lsr-id 5.5.5.5 [P2] mpls [P2-mpls] lsp-trigger all [P2-mpls] quit [P2] mpls ldp [P2-mpls-ldp] quit

# Enable MPLS and LDP on the interfaces of the backbone network.


[P2] interface pos [P2-Pos1/0/0] mpls [P2-Pos1/0/0] mpls [P2-Pos1/0/0] quit [P2] interface pos [P2-Pos2/0/0] mpls [P2-Pos2/0/0] mpls [P2-Pos2/0/0] quit 1/0/0 ldp 2/0/0 ldp

# Configure PE3. # Enable MPLS and LDP. Specify the LSR-ID as the address of the loopback interface and trigger the LSP setup.
[PE3] mpls lsr-id 3.3.3.3 [PE3] mpls [PE3-mpls] lsp-trigger all [PE3-mpls] quit [PE3] mpls ldp [PE3-mpls-ldp] quit

# Enable MPLS and LDP on the interfaces of the backbone network.


[PE3] interface pos 1/0/0 [PE3-Pos1/0/0] mpls [PE3-Pos1/0/0] mpls ldp [PE3-Pos1/0/0] quit

# Configure PE4. # Enable MPLS and LDP. Specify the LSR-ID as the address of the loopback interface and trigger the LSP setup.
[PE4] mpls lsr-id 4.4.4.4 [PE4] mpls [PE4-mpls] lsp-trigger all [PE4-mpls] quit [PE4] mpls ldp [PE4-mpls-ldp] quit

# Enable MPLS and LDP on the interfaces of the backbone network.


[PE4] interface pos 1/0/0 [PE4-Pos1/0/0] mpls [PE4-Pos1/0/0] mpls ldp [PE4-Pos1/0/0] quit

After the configuration is complete, the PE1 and P, P and PE2 can set up the LDP session. After running the display mpls ldp session command, you can view the Status item is displayed as "Operational". Running the display mpls ldp lsp command, you can view information about the LDP LSP setup. Take PE1 as an example:
<PE1> display mpls ldp session LDP Session(s) in Public Network -----------------------------------------------------------------------------Peer-ID Status LAM SsnRole SsnAge KA-Sent/Rcv -----------------------------------------------------------------------------5.5.5.5:0 Operational DU Passive 000:07:02 1688/1688

Issue 03 (2008-09-22)

Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd.

3-215

3 BGP/MPLS IP VPN Configuration

Quidway NetEngine80E/40E Core Router Configuration Guide - VPN

-----------------------------------------------------------------------------TOTAL: 1 session(s) Found. LAM : Label Advertisement Mode SsnAge Unit : DDD:HH:MM <PE1> display mpls ldp lsp LDP LSP Information -----------------------------------------------------------------------------SN DestAddress/Mask In/OutLabel Next-Hop In/Out-Interface -----------------------------------------------------------------------------1 1.1.1.1/32 3/NULL 127.0.0.1 P2/0/0/InLoop0 2 3.3.3.3/32 NULL/1025 100.1.1.2 -------/P2/0/0 3 5.5.5.5/32 NULL/3 100.1.1.2 -------/P2/0/0 *4 100.1.1.0/30 Liberal 5 100.3.1.0/30 NULL/3 100.1.1.2 -------/P2/0/0 -----------------------------------------------------------------------------TOTAL: 4 Normal LSP(s) Found. TOTAL: 1 Liberal LSP(s) Found. A '*' before an LSP means the LSP is not established A '*' before a Label means the USCB or DSCB is stale

3.

Configure the VPN instance on the PE devices and configure the CEs to access the PEs. # Configure PE1. # Configure vpn1 and specify RD and VPN target. The import VPN target of the PE and the export VPN target of the MP-BGP peer PE must be the same. The export VPN target of the PE and the import VPN target of the MP-BGP peer PE must be the same. Thus, sites within a VPN can access each other.
[PE1] ip vpn-instance vpn1 [PE1-vpn-instance-vpn1] route-distinguisher 100:1 [PE1-vpn-instance-vpn1] vpn-target 1:1 both [PE1-vpn-instance-vpn1] quit

# Bind the interfaces connected with the CE with corresponding VPN and configure IP addresses.
[PE1] interface gigabitethernet 1/0/0 [PE1-GigabitEthernet1/0/0] ip binding vpn-instance vpn1 [PE1-GigabitEthernet1/0/0] ip address 10.1.1.2 30 [PE1-GigabitEthernet1/0/0] quit

# Configure PE2. # Configure vpn1 and specify RD and VPN target. The import VPN target of the PE and the export VPN target of the MP-BGP peer PE must be the same. The export VPN target of the PE and the import VPN target of the MP-BGP peer PE must be the same. Thus, sites within a VPN can access each other.
[PE2] ip vpn-instance vpn1 [PE2-vpn-instance-vpn1] route-distinguisher 100:2 [PE2-vpn-instance-vpn1] vpn-target 1:1 both [PE2-vpn-instance-vpn1] quit

# Bind the interfaces connected with the CE with corresponding VPN and configure IP addresses.
[PE2] interface gigabitethernet 1/0/0 [PE2-GigabitEthernet1/0/0] ip binding vpn-instance vpn1 [PE2-GigabitEthernet1/0/0] ip address 10.2.1.2 30 [PE2-GigabitEthernet1/0/0] quit

# Configure PE3. # Configure vpn1 and specify RD and VPN-Target. The import VPN target of the PE and the export VPN target of the MP-BGP peer PE must be the same. The export VPN target of the PE and the import VPN target of the MP-BGP peer PE must be the same. Thus, sites within a VPN can access each other.
3-216 Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd. Issue 03 (2008-09-22)

Quidway NetEngine80E/40E Core Router Configuration Guide - VPN

3 BGP/MPLS IP VPN Configuration

[PE3] ip vpn-instance vpn1 [PE3-vpn-instance-vpn1] route-distinguisher 100:3 [PE3-vpn-instance-vpn1] vpn-target 1:1 both [PE3-vpn-instance-vpn1] quit

# Bind the interfaces connected with the CE with corresponding VPN and configure IP addresses.
[PE3] interface gigabitethernet 2/0/0 [PE3-GigabitEthernet2/0/0] ip binding vpn-instance vpn1 [PE3-GigabitEthernet2/0/0] ip address 10.3.1.1 30 [PE3-GigabitEthernet2/0/0] quit

# Configure PE4. # Configure vpn1 and specify RD and VPN-Target. The import VPN target of the PE and the export VPN target of the MP-BGP peer PE must be the same. The export VPN target of the PE and the import VPN target of the MP-BGP peer PE must be the same. Thus, sites within a VPN can access each other.
[PE4] ip vpn-instance vpn1 [PE4-vpn-instance-vpn1 route-distinguisher 100:4 [PE4-vpn-instance-vpn1] vpn-target 1:1 both [PE4-vpn-instance-vpn1] quit

# Bind the interfaces connected with the CE with corresponding VPN and configure IP addresses.
[PE4] interface gigabitethernet 2/0/0 [PE4-GigabitEthernet2/0/0] ip binding vpn-instance vpn1 [PE4-GigabitEthernet2/0/0] ip address 10.4.1.1 30 [PE4-GigabitEthernet2/0/0] quit

# Configure the IP addresses of the CE interfaces as shown in Figure 3-16. The configuration is not mentioned here. After the configuration is complete, running the display ip vpn-instance verbose command on the PE devices, you can view the configuration of the VPN instance. Take the PE1 as an example:
<PE1> display ip vpn-instance verbose Total VPN-Instances configured : 1 VPN-Instance Name and ID : vpn1, 1 Create date : 2006/09/18 14:17:15 Up time : 0 days, 07 hours, 23 minutes and 53 seconds Route Distinguisher : 100:1 Export VPN Targets : 1:1 Import VPN Targets : 1:1 Label policy : label per route Interfaces : GigabitEthernet1/0/0

4.

Configure EBGP between the PEs and the CEs to import the VPN routes. # Configure CE1. # Enable BGP, specify the PE1 and the PE2 as the EBGP peer, and import the direct route.
[CE1] bgp [CE1-bgp] [CE1-bgp] [CE1-bgp] [CE1-bgp] 65410 peer 10.1.1.2 as-number 100 peer 10.2.1.2 as-number 100 import-route direct quit

# Configure PE1. # Enable BGP.


[PE1] bgp 100

# Enter the view of the BGP-VPN instance. Specify the CE as the EBGP peer and import the direct route.
[PE1-bgp] ipv4-family vpn-instance vpn1 [PE1-bgp-vpn1] peer 10.1.1.1 as-number 65410

Issue 03 (2008-09-22)

Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd.

3-217

3 BGP/MPLS IP VPN Configuration


[PE1-bgp-vpn1] import-route direct [PE1-bgp-vpn1] quit

Quidway NetEngine80E/40E Core Router Configuration Guide - VPN

# Configure PE2. # Enable BGP.


[PE2] bgp 100

# Enter the view of the BGP-VPN instance. Specify the CE as the EBGP peer and import the direct route.
[PE2-bgp] ipv4-family vpn-instance vpn1 [PE2-bgp-vpn1] peer 10.2.1.1 as-number 65410 [PE2-bgp-vpn1] import-route direct [PE2-bgp-vpn1] quit

# Configure CE2. # Enable BGP, specify the PE3 and the PE4 as the EBGP peer, and import the direct route.
[CE2] bgp [CE2-bgp] [CE2-bgp] [CE2-bgp] [CE2-bgp] 65420 peer 10.3.1.1 as-number 100 peer 10.4.1.1 as-number 100 import-route direct quit

# Configure PE3. # Enable BGP.


[PE3] bgp 100

# Enter the view of the BGP-VPN instance. Specify the CE as the EBGP peer and import the direct route.
[PE3-bgp] ipv4-family vpn-instance vpn1 [PE3-bgp-vpn1] peer 10.3.1.2 as-number 65420 [PE3-bgp-vpn1] import-route direct [PE3-bgp-vpn1] quit

# Configure PE4. # Enable BGP.


[PE4] bgp 100

# Enter the view of the BGP-VPN instance. Specify the CE as the EBGP peer and import the direct route.
[PE4-bgp] ipv4-family vpn-instance vpn1 [PE4-bgp-vpn1] peer 10.4.1.2 as-number 65420 [PE4-bgp-vpn1] import-route direct [PE4-bgp-vpn1] quit

After the configuration is complete, running the display bgp vpnv4 vpn-instance vpninstance-name peer command on the PE devices, you can view the BGP peer is set up between the PEs and the CEs. The peer status is "Established". Take the peer relationship between the PE1 and the CE1 as an example:
[PE1] display bgp vpnv4 vpn-instance vpn1 peer BGP local router ID : 1.1.1.1 Local AS number : 100 Total number of peers : 1 Peers in established state : 1 Peer V AS MsgRcvd MsgSent OutQ Up/Down State PrefRcv 10.1.1.1 4 65410 408 435 0 06:16:09 Established 5

PEs can successfully ping the CEs that the PEs access. Take the PE1 as an example:
<PE1> ping -vpn-instance vpn1 10.1.1.1 PING 10.1.1.1: 56 data bytes, press CTRL_C to break Reply from 10.1.1.1: bytes=56 Sequence=1 ttl=255 Reply from 10.1.1.1: bytes=56 Sequence=2 ttl=255 Reply from 10.1.1.1: bytes=56 Sequence=3 ttl=255 Reply from 10.1.1.1: bytes=56 Sequence=4 ttl=255 Reply from 10.1.1.1: bytes=56 Sequence=5 ttl=255 time=80 time=20 time=30 time=50 time=30 ms ms ms ms ms

3-218

Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd.

Issue 03 (2008-09-22)

Quidway NetEngine80E/40E Core Router Configuration Guide - VPN


--- 10.1.1.1 ping statistics --5 packet(s) transmitted 5 packet(s) received 0.00% packet loss round-trip min/avg/max = 20/42/80 ms

3 BGP/MPLS IP VPN Configuration

5.

Set up the MP-IBGP peer relationship between the PEs. # Configure PE1. # Specify the remote PE3 as the IBGP peer. Configure the loopback interface to set up the IBGP connection.
[PE1] bgp 100 [PE1-bgp] peer 3.3.3.3 as-number 100 [PE1-bgp] peer 3.3.3.3 connect-interface loopback 1

# Enter the VPNV4 address family view and enable the exchange of the VPN IPv4 routing information between the peers.
[PE1-bgp] ipv4-family vpnv4 [PE1-bgp-af-vpnv4] peer 3.3.3.3 enable [PE1-bgp-af-vpnv4] quit

# Configure PE3. # Specify the remote PE1 as the IBGP peer. Configure the loopback interface to set up the IBGP connection.
[PE3] bgp 100 [PE3-bgp] peer 1.1.1.1 as-number 100 [PE3-bgp] peer 1.1.1.1 connect-interface loopback 1

# Enter the VPNV4 address family view and enable the exchange of the VPN IPv4 routing information between the peers.
[PE3-bgp] ipv4-family vpnv4 [PE3-bgp-af-vpnv4] peer 1.1.1.1 enable [PE3-bgp-af-vpnv4] quit

# Configure PE2. # Specify the remote PE4 as the IBGP peer. Configure the loopback interface to set up the IBGP connection.
[PE2] bgp 100 [PE2-bgp] peer 4.4.4.4 as-number 100 [PE2-bgp] peer 4.4.4.4 connect-interface loopback 1

# Enter the VPNV4 address family view and enable the exchange of the VPN IPv4 routing information between the peers.
[PE2-bgp] ipv4-family vpnv4 [PE2-bgp-af-vpnv4] peer 4.4.4.4 enable [PE2-bgp-af-vpnv4] quit

# Configure PE4. # Specify the remote PE2 as the IBGP peer. Configure the loopback interface to set up the IBGP connection.
[PE4] bgp 100 [PE4-bgp] peer 2.2.2.2 as-number 100 [PE4-bgp] peer 2.2.2.2 connect-interface loopback 1

# Enter the VPNV4 address family view and enable the exchange of the VPN IPv4 routing information between the peers.
[PE4-bgp] ipv4-family vpnv4 [PE4-bgp-af-vpnv4] peer 2.2.2.2 enable [PE4-bgp-af-vpnv4] quit

After the configuration is complete, running the display bgp peer or the display bgp vpnv4 all peer commands on the PE devices, you can find the BGP peer relationship is set up between the PEs. The peer status is "Established".
Issue 03 (2008-09-22) Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd. 3-219

3 BGP/MPLS IP VPN Configuration

Quidway NetEngine80E/40E Core Router Configuration Guide - VPN

<PE1> display bgp peer BGP local router ID : 1.1.1.1 Local AS number : 100 Total number of peers : 1 Peers in established state : 1 Peer V AS MsgRcvd MsgSent OutQ Up/Down State PrefRcv 3.3.3.3 4 100 2 6 0 00:00:12 Established 0 <PE1> display bgp vpnv4 all peer BGP local router ID : 1.1.1.1 Local AS number : 100 Total number of peers : 2 Peers in established state : 2 Peer V AS MsgRcvd MsgSent OutQ Up/Down State PrefRcv 3.3.3.3 4 100 12 18 0 00:09:38 Established 0 Peer of vpn instance: vpn instance vpn1 : 10.1.1.1 4 65410 25 25 0 00:17:57 Established 1

6.

Enable load balancing for the traffic from the CE1 to the CE2 on the CE1.
[CE1] bgp 65410 [CE1-bgp] ipv4-family unicast [CE1-bgp-af-ipv4] maximum load-balancing 2

7.

Configure routing policy. Enlarge the MED value of the vpn1 route of the PE3 and ensure the traffic from the CE2 to the CE1 can pass through the PE4. PE3 works as a backup.
[PE3] route-policy policy1 permit node 10 [PE3-route-policy] apply cost 120 [PE3-route-policy] quit [PE3] bgp 100 [PE3-bgp] ipv4-family vpn-instance vpn1 [PE3-bgp-vpn1] peer 10.3.1.2 route-policy policy1 export

Check the BGP routing table of the CE2. You can find, for the route to 1.5.1.0/30, the MED value advertised by the PE3 is 120. This value is larger than the MED value advertised by the PE4. therefore, the MED value advertised by the PE4 is chosen. By default, the MED value is 0.
[CE2] display bgp routing-table Total Number of Routes: 22 BGP Local router ID is 10.2.1.1 Status codes: * - valid, > - best, d - damped, h - history, i - internal, s - suppressed, S - Stale Origin : i - IGP, e - EGP, ? - incomplete Network NextHop MED LocPrf PrefVal Path/Ogn *> 1.5.1.0/24 10.4.1.1 0 100 65410? * 10.3.1.1 120 0 100 65410? *> 1.6.1.1/32 0.0.0.0 0 0 ? *> 1.6.1.1/32 0.0.0.0 0 0 ? *> 10.1.1.0/30 10.3.1.1 120 0 100? * 10.4.1.1 0 100 65410? *> 10.1.1.1/32 10.3.1.1 120 0 100? *> 10.1.1.2/32 10.4.1.1 0 100 65410? *> 10.2.1.0/30 10.4.1.1 0 100? * 10.3.1.1 120 0 100 65410? *> 10.2.1.1/32 10.4.1.1 0 100? *> 10.2.1.2/32 10.3.1.1 120 0 100 65410? *> 10.3.1.0/30 0.0.0.0 0 0 ? * 10.3.1.1 120 0 100? *> 10.3.1.1/32 0.0.0.0 0 0 ? *> 10.3.1.2/32 0.0.0.0 0 0 ? * 10.3.1.1 120 0 100? *> 10.4.1.0/30 0.0.0.0 0 0 ? * 10.4.1.1 0 0 100? *> 10.4.1.1/32 0.0.0.0 0 0 ? *> 10.4.1.2/32 0.0.0.0 0 0 ? * 10.4.1.1 0 0 100?

8.

Verify the configuration. If the configuration succeeds, you can obtain the following display.

3-220

Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd.

Issue 03 (2008-09-22)

Quidway NetEngine80E/40E Core Router Configuration Guide - VPN

3 BGP/MPLS IP VPN Configuration

Run the display ip routing-table command on the CE devices. You can find the routes to the users that access the peer CE2. The routes are in load-balancing mode.
[CE1] display ip routing-table Route Flags: R - relied, D - download to fib -----------------------------------------------------------------------------Routing Tables: Public Destinations : 17 Routes : 18 Destination/Mask Proto Pre Cost Flags NextHop Interface 1.5.1.0/24 Direct 0 0 D 1.5.1.1 Gigabitethernet3/0/0 1.5.1.1/32 Direct 0 0 D 127.0.0.1 InLoopBack0 1.6.1.0/24 BGP 255 0 D 10.1.1.2 Gigabitethernet1/0/0 BGP 255 0 D 10.2.1.2 Gigabitethernet2/0/0 10.1.1.0/30 Direct 0 0 D 10.1.1.1 Gigabitethernet1/0/0 10.1.1.1/32 Direct 0 0 D 127.0.0.1 InLoopBack0 10.1.1.2/32 Direct 0 0 D 10.1.1.2 Gigabitethernet1/0/0 10.2.1.0/30 Direct 0 0 D 10.2.1.1 Gigabitethernet2/0/0 10.2.1.1/32 Direct 0 0 D 127.0.0.1 InLoopBack0 10.2.1.2/32 Direct 0 0 D 10.2.1.2 Gigabitethernet2/0/0 10.3.1.0/30 BGP 255 0 D 10.1.1.2 Gigabitethernet1/0/0 10.3.1.1/32 BGP 255 0 D 10.2.1.2 Gigabitethernet2/0/0 10.3.1.2/32 BGP 255 0 D 10.1.1.2 Gigabitethernet1/0/0 10.4.1.0/30 BGP 255 0 D 10.2.1.2 Gigabitethernet2/0/0 10.4.1.1/32 BGP 255 0 D 10.1.1.2 Gigabitethernet1/0/0 10.4.1.2/32 BGP 255 0 D 10.2.1.2 Gigabitethernet2/0/0 127.0.0.0/8 Direct 0 0 D 127.0.0.1 InLoopBack0 127.0.0.1/32 Direct 0 0 D 127.0.0.1 InLoopBack0

Run the load-balance packet all command in the system view on the CE1. Then run the tracert command. You can find the packets are transmitted in packet-by-packet load balancing mode.
[CE1] tracert 1.6.1.1 traceroute to 1.6.1.1 (1.6.1.1) 30 hops max,40 bytes packet 1 10.1.1.2 280 ms 10.2.1.2 50 ms 10.1.1.2 60 ms 2 10.4.1.1 130 ms 10.3.1.1 150 ms 10.4.1.1 130 ms 3 10.3.1.2 190 ms 10.4.1.2 150 ms 10.3.1.2 160 ms

Run the display ip routing-table command on the CE2 devices. You can find the routes to the users that access the peer CE1. The next hop of the route is 10.4.1.1. The next hop is the IP address of the interface through which the PE4 accesses the CE2.
[CE2] display ip routing-table Route Flags: R - relied, D - download to fib -----------------------------------------------------------------------------Routing Tables: Public Destinations : 17 Routes : 17 Destination/Mask Proto Pre Cost Flags NextHop Interface 1.5.1.0/24 BGP 255 0 D 10.4.1.1 Gigabitethernet2/0/0 1.6.1.0/24 Direct 0 0 D 1.6.1.1 Gigabitethernet3/0/0 1.6.1.1/32 Direct 0 0 D 127.0.0.1 InLoopBack0 10.1.1.0/30 BGP 255 100 D 10.3.1.1 Gigabitethernet1/0/0 10.1.1.1/32 BGP 255 100 D 10.3.1.1 Gigabitethernet1/0/0

Issue 03 (2008-09-22)

Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd.

3-221

3 BGP/MPLS IP VPN Configuration


10.1.1.2/32 BGP Gigabitethernet2/0/0 10.2.1.0/30 BGP Gigabitethernet2/0/0 10.2.1.1/32 BGP Gigabitethernet2/0/0 10.2.1.2/32 BGP Gigabitethernet1/0/0 10.3.1.0/30 Direct Gigabitethernet1/0/0 10.3.1.1/32 Direct Gigabitethernet1/0/0 10.3.1.2/32 Direct 10.4.1.0/30 Direct Gigabitethernet2/0/0 10.4.1.1/32 Direct Gigabitethernet2/0/0 10.4.1.2/32 Direct 127.0.0.0/8 Direct 127.0.0.1/32 Direct 255 255 255 255 0 0 0 0 0 0 0 0 0 0 0 100 0 0 0 0 0 0 0 0

Quidway NetEngine80E/40E Core Router Configuration Guide - VPN


D D D D D D 10.4.1.1 10.4.1.1 10.4.1.1 10.3.1.1 10.3.1.2 10.3.1.1 InLoopBack0

D 127.0.0.1 D 10.4.1.2 D D D D 10.4.1.1 127.0.0.1 127.0.0.1 127.0.0.1

InLoopBack0 InLoopBack0 InLoopBack0

Configuration Files
l

Configuration file of the CE1


# sysname CE1 # interface Gigabitethernet1/0/0 ip address 10.1.1.1 255.255.255.252 # interface Gigabitethernet2/0/0 ip address 10.2.1.1 255.255.255.252 # interface Gigabitethernet3/0/0 ip address 1.5.1.1 255.255.255.0 # bgp 65410 peer 10.1.1.2 as-number 100 peer 10.2.1.2 as-number 100 # ipv4-family unicast undo synchronization import-route direct maximum load-balancing 2 peer 10.1.1.2 enable peer 10.2.1.2 enable # load-balance packet all # return

Configuration file of the PE1


# sysname PE1 # ip vpn-instance vpn1 route-distinguisher 100:1 vpn-target 1:1 export-extcommunity vpn-target 1:1 import-extcommunity # mpls lsr-id 1.1.1.1 mpls lsp-trigger all # mpls ldp # isis 1 network-entity 10.0000.0000.0001.00 #

3-222

Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd.

Issue 03 (2008-09-22)

Quidway NetEngine80E/40E Core Router Configuration Guide - VPN


interface Gigabitethernet1/0/0 ip binding vpn-instance vpn1 ip address 10.1.1.2 255.255.255.252 # interface Pos2/0/0 link-protocol ppp ip address 100.1.1.1 255.255.255.252 isis enable 1 mpls mpls ldp # interface LoopBack1 ip address 1.1.1.1 255.255.255.255 isis enable 1 # bgp 100 peer 3.3.3.3 as-number 100 peer 3.3.3.3 connect-interface LoopBack1 # ipv4-family unicast undo synchronization peer 3.3.3.3 enable # ipv4-family vpnv4 policy vpn-target peer 3.3.3.3 enable # ipv4-family vpn-instance vpn1 peer 10.1.1.1 as-number 65410 import-route direct # Return l

3 BGP/MPLS IP VPN Configuration

Configuration file of the PE2


# sysname PE2 # ip vpn-instance vpn1 route-distinguisher 100:2 vpn-target 1:1 export-extcommunity vpn-target 1:1 import-extcommunity # mpls lsr-id 2.2.2.2 mpls lsp-trigger all # mpls ldp # isis 1 network-entity 10.0000.0000.0002.00 # interface Gigabitethernet1/0/0 ip binding vpn-instance vpn1 ip address 10.2.1.2 255.255.255.252 # interface Pos2/0/0 link-protocol ppp ip address 100.2.1.1 255.255.255.252 isis enable 1 mpls mpls ldp # interface LoopBack1 ip address 2.2.2.2 255.255.255.255 isis enable 1 # bgp 100 peer 4.4.4.4 as-number 100 peer 4.4.4.4 connect-interface LoopBack1 #

Issue 03 (2008-09-22)

Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd.

3-223

3 BGP/MPLS IP VPN Configuration


ipv4-family unicast undo synchronization peer 4.4.4.4 enable # ipv4-family vpnv4 policy vpn-target peer 4.4.4.4 enable # ipv4-family vpn-instance vpn1 peer 10.2.1.1 as-number 65410 import-route direct # Return l

Quidway NetEngine80E/40E Core Router Configuration Guide - VPN

Configuration file of the P1


# sysname P1 # mpls lsr-id 5.5.5.5 mpls lsp-trigger all # mpls ldp # isis 1 network-entity 10.0000.0000.0005.00 # interface Pos1/0/0 link-protocol ppp ip address 100.1.1.2 255.255.255.252 isis enable 1 mpls mpls ldp # interface Pos2/0/0 link-protocol ppp ip address 100.3.1.1 255.255.255.252 isis enable 1 mpls mpls ldp # interface LoopBack1 ip address 5.5.5.5 255.255.255.255 isis enable 1 # Return

Configuration file of the P2


# sysname P2 # mpls lsr-id 6.6.6.6 mpls lsp-trigger all # mpls ldp # isis 1 network-entity 10.0000.0000.0006.00 # interface Pos1/0/0 link-protocol ppp ip address 100.2.1.2 255.255.255.252 isis enable 1 mpls mpls ldp # interface Pos2/0/0 link-protocol ppp ip address 100.4.1.1 255.255.255.252

3-224

Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd.

Issue 03 (2008-09-22)

Quidway NetEngine80E/40E Core Router Configuration Guide - VPN


isis enable 1 mpls mpls ldp # interface LoopBack1 ip address 6.6.6.6 255.255.255.255 isis enable 1 # Return l

3 BGP/MPLS IP VPN Configuration

Configuration file of the PE3


sysname PE3 # ip vpn-instance vpn1 route-distinguisher 100:3 vpn-target 1:1 export-extcommunity vpn-target 1:1 import-extcommunity # mpls lsr-id 3.3.3.3 mpls lsp-trigger all # mpls ldp # isis 1 network-entity 10.0000.0000.0003.00 # interface Pos1/0/0 link-protocol ppp ip address 100.3.1.2 255.255.255.252 isis enable 1 mpls mpls ldp # interface Gigabitethernet2/0/0 ip binding vpn-instance vpn1 ip address 10.3.1.1 255.255.255.252 # interface LoopBack1 ip address 3.3.3.3 255.255.255.255 isis enable 1 # bgp 100 peer 1.1.1.1 as-number 100 peer 1.1.1.1 connect-interface LoopBack1 # ipv4-family unicast undo synchronization peer 1.1.1.1 enable # ipv4-family vpnv4 policy vpn-target peer 1.1.1.1 enable # ipv4-family vpn-instance vpn1 peer 10.3.1.2 as-number 65420 peer 10.3.1.2 route-policy policy1 export import-route direct # route-policy policy1 permit node 10 apply cost 120 # Return

Configuration file of the PE4


# sysname PE4 # ip vpn-instance vpn1 route-distinguisher 100:4

Issue 03 (2008-09-22)

Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd.

3-225

3 BGP/MPLS IP VPN Configuration


vpn-target 1:1 export-extcommunity vpn-target 1:1 import-extcommunity # mpls lsr-id 4.4.4.4 mpls lsp-trigger all # mpls ldp # isis 1 network-entity 10.0000.0000.0004.00 # interface Pos1/0/0 link-protocol ppp ip address 100.4.1.2 255.255.255.252 isis enable 1 mpls mpls ldp # interface Gigabitethernet2/0/0 ip binding vpn-instance vpn1 ip address 10.4.1.1 255.255.255.252 # interface LoopBack1 ip address 4.4.4.4 255.255.255.255 isis enable 1 # bgp 100 peer 2.2.2.2 as-number 100 peer 2.2.2.2 connect-interface LoopBack1 # ipv4-family unicast undo synchronization peer 2.2.2.2 enable # ipv4-family vpnv4 policy vpn-target peer 2.2.2.2 enable # ipv4-family vpn-instance vpn1 peer 10.4.1.2 as-number 65420 import-route direct # Return l

Quidway NetEngine80E/40E Core Router Configuration Guide - VPN

Configuration file of the CE2


# sysname CE2 # interface Gigabitethernet1/0/0 ip address 10.3.1.2 255.255.255.252 # interface Gigabitethernet2/0/0 ip address 10.4.1.2 255.255.255.252 # interface Gigabitethernet3/0/0 ip address 1.6.1.1 255.255.255.0 # bgp 65420 peer 10.3.1.1 as-number 100 peer 10.4.1.1 as-number 100 # ipv4-family unicast undo synchronization import-route direct peer 10.3.1.1 enable peer 10.4.1.1 enable # Return

3-226

Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd.

Issue 03 (2008-09-22)

Quidway NetEngine80E/40E Core Router Configuration Guide - VPN

3 BGP/MPLS IP VPN Configuration

3.21.16 Example for Configuring Load Balancing Among EBGP and IBGP Routes When CEs Are Dual-Homed
Networking Requirements
As shown in Figure 3-17, CE1 and CE2 belong to the same VPN instance. CE1 accesses the network respectively through PE3 in AS 100 and PE2 in AS 200. That is, CE1 is dual-homed to PE3 and PE2. CE2 accesses the network through PE1 in AS 100. The Inter-AS BGP/MPLS IP VPN is implemented using Option C so that load balancing can be implemented among EBGP and IBGP routes. Figure 3-17 Networking diagram of configuring load balancing among EBGP and IBGP routes when CEs are dual-homed
AS 65002 CE2
GE1/0/0 10.3.1.2/24

BGP/MPLS Backbone AS 100


Loopback1 2.2.2.9/32

BGP/MPLS Backbone AS 200


Loopback1 3.3.3.9/32 POS2/0/0 192.1.1.2/24 POS1/0/0 162.1.1.1/24 Loopback1 4.4.4.9/32 ASBR-PE2 POS1/0/0 162.1.1.2/24 GE2/0/0 10.2.1.1/24 GE2/0/0 10.2.1.2/24

POS1/0/0 172.1.1.1/24 GE3/0/0 10.3.1.1/24 Loopback1 1.1.1.9/32

POS2/0/0 192.1.1.1/24

ASBR -PE1
POS1/0/0 172.1.1.2/24

PE2

PE1

POS2/0/0 192.2.1.1/24

POS2/0/0 192.2.1.2/24

PE3

GE1/0/0 10.1.1.1/24

GE1/0/0 10.1.1.2/24

Loopback1 5.5.5.9/32

AS 65001

CE1

Configuration Roadmap
The configuration roadmap is as follows: 1. Establish the MP-EBGP peer relationship between the PEs in different ASs. Since the PEs are generally not directly connected, you also need to configure the maximum hops between the PEs for them to set up an EBGP connection. Configure a routing policy on the ASBR PE: Allocate MPLS labels to the the routes received by the PE in the local AS before advertising the route to the remote ASBR PE; allocate new MPLS labels to the labeled IPv4 routes advertised to the PE in the local AS.
Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd. 3-227

2.

Issue 03 (2008-09-22)

3 BGP/MPLS IP VPN Configuration

Quidway NetEngine80E/40E Core Router Configuration Guide - VPN

3. 4. 5.

Configure the PEs to exchange the labeled IPv4 routes with the ASBR PEs in the local AS. Enable the capability of exchanging the labeled IPv4 routes between the local ASBR PE and the remote ASBR PE. In the BGP-VPN instance view of PE1, enable load balancing among EBGP and IBGP routes to CE1.

Data Preparation
To complete the configuration, you need the following data.
l l l l

MPLS LSR IDs of PEs and ASBR-PEs Names of VPN instance created on PEs, RD, and VPN target Routing policies configured on ASBR-PEs Maximum number of EBGP and IBGP routes that perform load balancing

Configuration Procedures
1. Configure IGP on the MPLS backbone networks in AS 100 and AS 200 to implement interconnection between PEs and ASBR-PEs in each MPLS backbone network. Take OSPF as an example. The detailed configuration procedure is not mentioned here.
NOTE

Advertise the IP address of the loopback interface used as the LSR-ID through OSPF.

After the configuration, the OSPF neighbor relationship can be established between the ASBR-PEs and the PEs in the same AS. Running the display ospf peer command, you can find that the neighbor status is Full. Take the display on PE2 as an example.
<PE2> display ospf peer OSPF Process 1 with Router ID 4.4.4.9 Neighbors Area 0.0.0.0 interface 162.1.1.1(Pos1/0/0)'s neighbors Router ID: 3.3.3.9 Address: 162.1.1.2 GR State: Normal State: Full Mode:Nbr is Master Priority: 1 DR: None BDR: None MTU: 0 Dead timer due in 31 sec Neighbor is up for 00:28:11 Authentication Sequence: [ 0 ]

The ASBR-PEs and the PEs in the same AS can learn the IP address of loopback1 from each other and ping through each other. 2. Configure basic MPLS functions and MPLS LDP on the MPLS backbone networks of AS 100 and AS 200 to establish LDP LSPs. For detailed procedures, see Example for Configuring Inter-AS VPN Option A. 3. Configure the IBGP peer relationship of between AS 100 and AS 200 in the the IPv4 address family view. For detailed configurations, see the following configuration files. 4. Configure the VPN instance on the PEs and configure the CEs to access the instances.
NOTE

VPN-Target attributes of the VPN instances of the PEs in different ASs must match each other.

3-228

Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd.

Issue 03 (2008-09-22)

Quidway NetEngine80E/40E Core Router Configuration Guide - VPN

3 BGP/MPLS IP VPN Configuration

For detailed configurations, see the following configuration files. 5. Enable the capability of exchanging labeled IPv4 routes. For detailed configuration procedures, see Example for Configuring Inter-AS VPN Option C. 6. Establish the MP-EBGP peer relationship between PE1 and PE2. # Configure PE1.
[PE1] bgp 100 [PE1-bgp] peer 4.4.4.9 as-number 200 [PE1-bgp] peer 4.4.4.9 connect-interface LoopBack 1 [PE1-bgp] peer 4.4.4.9 ebgp-max-hop 10 [PE1-bgp] ipv4-family vpnv4 [PE1-bgp-af-vpnv4] peer 4.4.4.9 enable [PE1-bgp-af-vpnv4] quit [PE1-bgp] quit

# Configure PE2.
[PE2] bgp 200 [PE2-bgp] peer 1.1.1.9 as-number 100 [PE2-bgp] peer 1.1.1.9 connect-interface LoopBack 1 [PE2-bgp] peer 1.1.1.9 ebgp-max-hop 10 [PE2-bgp] ipv4-family vpnv4 [PE2-bgp-af-vpnv4] peer 1.1.1.9 enable [PE2-bgp-af-vpnv4] quit [PE2-bgp] quit

7.

Configure load balancing among EBGP and IBGP routes on PE1. # Configure PE1.
[PE1] bgp 100 [PE1-bgp] ipv4-family vpn-instance vpn3 [PE1-bgp-vpn3] load-balancing as-path-ignore [PE1-bgp-vpn3] maximum load-balancing eibgp 2 [PE1-bgp-vpn3] quit [PE1-bgp] quit

8.

Verify the configuration. After the preceding configurations, you can view that load balancing is performed among EBGP and IBGP routes on PE1.
<PE1> display ip routing-table vpn-instance vpn3 Route Flags: R - relay, D - download to fib -----------------------------------------------------------------------------Routing Tables: vpn3 Destinations : 9 Routes : 11 Destination/Mask 10.1.1.0/24 10.1.1.1/32 10.1.1.2/32 10.2.1.0/24 Proto BGP BGP BGP BGP BGP BGP BGP BGP Direct Pre 255 255 255 255 255 255 255 255 0 Cost 0 0 0 0 0 0 0 0 0 0 0 Flags NextHop RD RD RD RD RD RD RD RD D D D 5.5.5.9 4.4.4.9 4.4.4.9 5.5.5.9 5.5.5.9 4.4.4.9 5.5.5.9 4.4.4.9 10.3.1.1 127.0.0.1 10.3.1.2 Interface Pos2/0/0 Pos1/0/0 Pos1/0/0 Pos2/0/0 Pos2/0/0 Pos1/0/0 Pos2/0/0 Pos1/0/0 InLoopBack0

10.2.1.1/32 10.2.1.2/32 10.3.1.0/24 GigabitEthernet3/0/0 10.3.1.1/32 Direct 0 10.3.1.2/32 Direct 0 GigabitEthernet3/0/0

Configuration Files
l

Configuration file of PE1


Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd. 3-229

Issue 03 (2008-09-22)

3 BGP/MPLS IP VPN Configuration


# sysname PE1 # ip vpn-instance vpn3 route-distinguisher 300:1 vpn-target 1:1 export-extcommunity vpn-target 1:1 import-extcommunity # mpls lsr-id 1.1.1.9 mpls # mpls ldp # interface Pos1/0/0 link-protocol ppp ip address 172.1.1.1 255.255.255.0 mpls mpls ldp # interface GigabitEthernet3/0/0 ip binding vpn-instance vpn3 ip address 10.3.1.1 255.255.255.0 # interface Pos2/0/0 link-protocol ppp ip address 192.2.1.1 255.255.255.0 mpls mpls ldp # interface LoopBack1 ip address 1.1.1.9 255.255.255.255 # bgp 100 peer 2.2.2.9 as-number 100 peer 2.2.2.9 connect-interface LoopBack1 peer 4.4.4.9 as-number 200 peer 4.4.4.9 ebgp-max-hop 10 peer 4.4.4.9 connect-interface LoopBack1 peer 5.5.5.9 as-number 100 peer 5.5.5.9 connect-interface LoopBack1 # ipv4-family unicast undo synchronization import-route direct peer 2.2.2.9 enable peer 2.2.2.9 label-route-capability peer 4.4.4.9 enable peer 5.5.5.9 enable # ipv4-family vpnv4 policy vpn-target peer 4.4.4.9 enable peer 5.5.5.9 enable # ipv4-family vpn-instance vpn3 import-route direct maximum load-balancing eibgp 2 load-balancing as-path-ignore peer 10.3.1.2 as-number 65002 # ospf 1 area 0.0.0.0 network 1.1.1.9 0.0.0.0 network 172.1.1.0 0.0.0.255 network 192.2.1.0 0.0.0.255 # return l

Quidway NetEngine80E/40E Core Router Configuration Guide - VPN

Configuration file of ASBR-PE1

3-230

Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd.

Issue 03 (2008-09-22)

Quidway NetEngine80E/40E Core Router Configuration Guide - VPN


# sysname ASBR-PE1 # mpls lsr-id 2.2.2.9 mpls lsp-trigger all # mpls ldp # interface Pos1/0/0 link-protocol ppp ip address 172.1.1.2 255.255.255.0 mpls mpls ldp # interface Pos2/0/0 link-protocol ppp ip address 192.1.1.1 255.255.255.0 mpls # interface LoopBack1 ip address 2.2.2.9 255.255.255.255 # bgp 100 peer 1.1.1.9 as-number 100 peer 1.1.1.9 connect-interface LoopBack1 peer 192.1.1.2 as-number 200 # ipv4-family unicast undo synchronization network 1.1.1.9 255.255.255.255 network 172.1.1.0 255.255.255.0 import-route direct peer 1.1.1.9 enable peer 1.1.1.9 route-policy policy2 export peer 1.1.1.9 label-route-capability peer 192.1.1.2 enable peer 192.1.1.2 route-policy policy1 export peer 192.1.1.2 label-route-capability # ospf 1 area 0.0.0.0 network 2.2.2.9 0.0.0.0 network 172.1.1.0 0.0.0.255 # route-policy policy1 permit node 1 apply mpls-label # route-policy policy2 permit node 1 if-match mpls-label apply mpls-label # return l

3 BGP/MPLS IP VPN Configuration

Configuration file of ASBR-PE2


# sysname ASBR-PE2 # mpls lsr-id 3.3.3.9 mpls lsp-trigger all # mpls ldp # interface Pos1/0/0 link-protocol ppp ip address 162.1.1.1 255.255.255.0 mpls mpls ldp #

Issue 03 (2008-09-22)

Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd.

3-231

3 BGP/MPLS IP VPN Configuration

Quidway NetEngine80E/40E Core Router Configuration Guide - VPN

interface Pos2/0/0 link-protocol ppp ip address 192.1.1.2 255.255.255.0 mpls # interface LoopBack1 ip address 3.3.3.9 255.255.255.255 # bgp 200 peer 4.4.4.9 as-number 200 peer 4.4.4.9 connect-interface LoopBack1 peer 192.1.1.1 as-number 100 # ipv4-family unicast undo synchronization network 4.4.4.9 255.255.255.255 network 162.1.1.0 255.255.255.0 import-route direct peer 4.4.4.9 enable peer 4.4.4.9 route-policy policy4 export peer 4.4.4.9 label-route-capability peer 192.1.1.1 enable peer 192.1.1.1 route-policy policy3 export peer 192.1.1.1 label-route-capability # ospf 1 area 0.0.0.0 network 3.3.3.9 0.0.0.0 network 162.1.1.0 0.0.0.255 # route-policy policy3 permit node 1 apply mpls-label # route-policy policy4 permit node 1 if-match mpls-label apply mpls-label # return l

Configuration file of PE2


# sysname PE2 # ip vpn-instance vpn3 route-distinguisher 300:1 vpn-target 1:1 export-extcommunity vpn-target 1:1 import-extcommunity # mpls lsr-id 4.4.4.9 mpls lsp-trigger all # mpls ldp # interface Pos1/0/0 link-protocol ppp ip address 162.1.1.2 255.255.255.0 mpls mpls ldp # interface GigabitEthernet2/0/0 ip binding vpn-instance vpn3 ip address 10.2.1.1 255.255.255.0 # interface LoopBack1 ip address 4.4.4.9 255.255.255.255 # bgp 200 peer 1.1.1.9 as-number 100 peer 1.1.1.9 ebgp-max-hop 10

3-232

Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd.

Issue 03 (2008-09-22)

Quidway NetEngine80E/40E Core Router Configuration Guide - VPN


peer 1.1.1.9 connect-interface LoopBack1 peer 3.3.3.9 as-number 200 peer 3.3.3.9 connect-interface LoopBack1 peer 10.2.1.2 as-number 65001 # ipv4-family unicast undo synchronization peer 1.1.1.9 enable peer 3.3.3.9 enable peer 3.3.3.9 label-route-capability peer 10.2.1.2 enable # ipv4-family vpnv4 policy vpn-target peer 1.1.1.9 enable # ipv4-family vpn-instance vpn3 import-route direct peer 10.2.1.2 as-number 65001 # ospf 1 area 0.0.0.0 network 4.4.4.9 0.0.0.0 network 162.1.1.0 0.0.0.255 # return l

3 BGP/MPLS IP VPN Configuration

Configuration file of PE3


# sysname PE3 # ip vpn-instance vpn3 route-distinguisher 300:1 vpn-target 1:1 export-extcommunity vpn-target 1:1 import-extcommunity # mpls lsr-id 5.5.5.9 mpls # mpls ldp # interface Pos2/0/0 link-protocol ppp ip address 192.2.1.2 255.255.255.0 mpls mpls ldp # interface GigabitEthernet1/0/0 ip binding vpn-instance vpn3 ip address 10.1.1.1 255.255.255.0 # interface LoopBack1 ip address 5.5.5.9 255.255.255.255 # bgp 100 peer 1.1.1.9 as-number 100 peer 1.1.1.9 connect-interface LoopBack1 peer 10.1.1.2 as-number 65001 # ipv4-family unicast undo synchronization import-route direct peer 1.1.1.9 enable # ipv4-family vpnv4 policy vpn-target peer 1.1.1.9 enable # ipv4-family vpn-instance vpn3 import-route direct

Issue 03 (2008-09-22)

Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd.

3-233

3 BGP/MPLS IP VPN Configuration


peer 10.1.1.2 as-number 65001 # ospf 1 area 0.0.0.0 network 5.5.5.9 0.0.0.0 network 192.2.1.0 0.0.0.255 # return l

Quidway NetEngine80E/40E Core Router Configuration Guide - VPN

Configuration file of CE1


# sysname CE1 # interface GigabitEthernet1/0/0 ip address 10.1.1.2 255.255.255.0 # interface GigabitEthernet2/0/0 ip address 10.2.1.2 255.255.255.0 # bgp 65001 peer 10.1.1.1 as-number 100 peer 10.2.1.1 as-number 200 # ipv4-family unicast undo synchronization import-route direct peer 10.1.1.1 enable peer 10.2.1.1 enable # return

Configuration file of CE2


# sysname CE2 # interface GigabitEthernet1/0/0 ip address 10.3.1.2 255.255.255.0 # bgp 65002 peer 10.3.1.1 as-number 100 # ipv4-family unicast undo synchronization peer 10.3.1.1 enable # return

3.21.17 Example for Configuring the IP FRR of the Private Network


Networking Requirements
As shown in Figure 3-18, configure the backup egress and the backup nexthop on PE to configure link B as the backup of link A. When some defects occur to link A, the flow switches onto link B.

3-234

Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd.

Issue 03 (2008-09-22)

Quidway NetEngine80E/40E Core Router Configuration Guide - VPN

3 BGP/MPLS IP VPN Configuration

Figure 3-18 Configure IP FRR on the private network


CE1
GE1/0/0 10.1.1.2/30 GE1/0/0 10.1.1.1/30 GE2/0/0 10.3.1.1/30

vpn1 site

GE1/0/0 10.3.1.2/30

VPN backbone

PE
GE2/0/0 10.2.1.1/30

Link_A Link_B
GE1/0/0 10.2.1.2/30

RTA
GE2/0/0 10.4.1.2/30 GE2/0/0 10.4.1.1/30

GE3/0/0 10.5.1.1/24

CE2

Configuration Roadmap
The configuration roadmap is as follows: 1. 2. 3. 4. Enable the OSPF on every device. Configure vpn1 on PE, bind GE1/0/0 and GE2/0/0 with vpn1, and configure OSPF multiinstances. Configure the cost value on GE2/0/0 on PE and RTA to make OSPF choose link A preferentially. Configure the IP FRR of the private network on PE. When the IP FRR is unnecessary; run the undo ip frr command to disable the action.

Data Preparation
To complete the configuration, you need the following data:
l

On PE, the VPN instance name is vpn1, route-distinguisher is 100:1 and VPN-target is 111:1. Enable area0 and area1 of OSPF. The cost value of GE2/0/0 on PE and RTA is 100.

Configuration Procedure
1. 2. Configure the IP address on every interface (omitted). Configure OSPF on CE1, CE2 and RTA (omitted). After the configuration, CE1, CE2, and RTA can learn the interface addresses from each other. Take CE1 as an example:
<CE1> display ip routing-table Route Flags: R - relied, D - download to fib -----------------------------------------------------------------------------Routing Tables: Public Destinations : 9 Routes : 9 Destination/Mask Proto Pre Cost Flags NextHop Interface 10.1.1.0/30 Direct 0 0 D 10.1.1.2 GigabitEthernet1/0/0 10.1.1.2/32 Direct 0 0 D 127.0.0.1 InLoopBack0 10.3.1.0/30 Direct 0 0 D 10.3.1.1 GigabitEthernet2/0/0 10.3.1.1/32 Direct 0 0 D 127.0.0.1 InLoopBack0

Issue 03 (2008-09-22)

Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd.

3-235

3 BGP/MPLS IP VPN Configuration


10.2.1.0/30 OSPF GigabitEthernet2/0/0 10.4.1.0/30 OSPF GigabitEthernet2/0/0 10.5.1.0/24 OSPF GigabitEthernet2/0/0 127.0.0.0/8 Direct 127.0.0.1/32 Direct 10 10 10 0 0 2 2 2 0 0

Quidway NetEngine80E/40E Core Router Configuration Guide - VPN


D D D D D 10.3.1.2 10.3.1.2 10.3.1.2 127.0.0.1 127.0.0.1 InLoopBack0 InLoopBack0

3.

Configure VPN instance and OSPF multi-instance on PE. # Configure vpn1 on PE and bind GE 1/0/0 and GE 2/0/0 on vpn1.
<PE> system-view [PE] ip vpn-instance vpn1 [PE-vpn-instance-vpn1] route-distinguisher 100:1 [PE-vpn-instance-vpn1] vpn-target 111:1 [PE-vpn-instance-vpn1] quit [PE] interface gigabitethernet 1/0/0 [PE-GigabitEthernet1/0/0] ip binding vpn-instance vpn1 [PE-GigabitEthernet1/0/0] ip address 10.1.1.1 30 [PE-GigabitEthernet1/0/0] quit [PE] interface gigabitethernet 2/0/0 [PE-GigabitEthernet2/0/0] ip binding vpn-instance vpn1 [PE-GigabitEthernet2/0/0] ip address 10.2.1.1 30 [PE-GigabitEthernet2/0/0] quit

# Configure OSPF multi-instance on PE.


[PE] ospf vpn-instance vpn1 [PE-ospf-1] area 0 [PE-ospf-1-area-0.0.0.0] network 10.1.1.0 0.0.0.3 [PE-ospf-1-area-0.0.0.0] network 10.2.1.0 0.0.0.3

4.

Configure the cost value on the OSPF interface. # Configure the cost value on GigabitEthernet 2/0/0 of PE to enable OSPF to choose the link A preferentially.
[PE] interface gigabitethernet 2/0/0 [PE-GigabitEthernet2/0/0] ospf cost 100 [PE-GigabitEthernet2/0/0] quit

# Configure the cost value on GigabitEthernet 2/0/0 of RTA to make OSPF choose the link A preferentially.
[RTA] interface gigabitethernet 2/0/0 [RTA-GigabitEthernet2/0/0] ospf cost 100 [RTA-GigabitEthernet2/0/0] quit

5.

Configure a routing policy. # Configure the routing policy on PE and the backup next hop and backup egress, and configure an if-match clause to limit the application scope.
[PE] ip ip-prefix [PE] route-policy [PE-route-policy] [PE-route-policy] [PE-route-policy] [PE-route-policy] frr1 permit 10.5.1.1 24 ip_frr_rp permit node 10 if-match ip-prefix frr1 apply backup-nexthop 10.2.1.2 apply backup-interface gigabitethernet2/0/0 quit

6.

Enable the IP FRR of the private network.


[PE] ip vpn-instance vpn1 [PE-vpn-instance-vpn1] ip frr route-policy ip_frr_rp [PE-vpn-instance-vpn1] quit

# Check information about the backup egress and the backup next hop.
<PE> display ip routing-table vpn-instance vpn1 10.5.1.0 verbose Routing Table : vpn1 Summary Count : 1 Destination: 10.5.1.0/24 Protocol: OSPF Process ID: 1 Preference: 10 Cost: 3

3-236

Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd.

Issue 03 (2008-09-22)

Quidway NetEngine80E/40E Core Router Configuration Guide - VPN


NextHop: State: Tag: Label: RelayNextHop: TunnelID: BkNextHop: BkLabel: BkPETunnelID: 10.1.1.2 Neighbour: Active Adv Age: 0 Priority: NULL QoSInfo: 0.0.0.0 Interface: 0x0 10.2.1.2 BkInterface: NULL SecTunnelID: 0x0 BkPESecTunnelID:

3 BGP/MPLS IP VPN Configuration


0.0.0.0 00h00m03s 0 0x0 GigabitEthetnet1/0/0 GigabitEthetnet2/0/0 0x0 0x0

7.

Run the undo ip frr command to disable the IP FRR when it is unnecessary.
[PE] ip vpn-instance vpn1 [PE-vpn-instance-vpn1] undo ip frr

8.

Check information about the backup egress and the backup next hop after disabling the IP FRR.
<PE> display ip routing-table vpn-instance vpn1 10.5.1.0 verbose Routing Table : vpn1 Summary Count : 1 Destination: 10.5.1.0/24 Protocol: OSPF Process ID: 1 Preference: 10 Cost: 3 NextHop: 10.1.1.2 Neighbour: 0.0.0.0 State: Active Adv Age: 00h49m33s Tag: 0 Priority: 0 Label: NULL QoSInfo: 0x0 RelayNextHop: 0.0.0.0 Interface: GigabitEthernet1/0/0 TunnelID: 0x0

Configuration Files
l

Configuration file of PE
# sysname PE # ip vpn-instance vpn1 route-distinguisher 100:1 ip frr route-policy ip_frr_rp vpn-target 111:1 export-extcommunity vpn-target 111:1 import-extcommunity # interface GigabitEthernet1/0/0 ip binding vpn-instance vpn1 ip address 10.1.1.1 255.255.255.252 # interface GigabitEthernet2/0/0 ip binding vpn-instance vpn1 ip address 10.2.1.1 255.255.255.252 ospf cost 100 # ospf 1 vpn-instance vpn1 area 0.0.0.0 network 10.1.1.0 0.0.0.3 network 10.2.1.0 0.0.0.3 # ip ip-prefix frr1 permit 10.5.1.1 24 # route-policy ip_frr_rp permit node 10 if-match ip-prefix frrl apply backup-nexthop 10.2.1.2 apply backup-interface GigabitEthernet2/0/0 # return

Configuration file of CE1


# sysname CE1 #

Issue 03 (2008-09-22)

Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd.

3-237

3 BGP/MPLS IP VPN Configuration


interface GigabitEthernet1/0/0 ip address 10.1.1.2 255.255.255.252 # interface GigabitEthernet2/0/0 ip address 10.3.1.1 255.255.255.252 # ospf 1 area 0.0.0.0 network 10.1.1.0 0.0.0.3 network 10.3.1.0 0.0.0.3 # return l

Quidway NetEngine80E/40E Core Router Configuration Guide - VPN

Configuration file of CE2


# sysname CE2 # interface GigabitEthernet1/0/0 ip address 10.2.1.2 255.255.255.252 # interface GigabitEthernet2/0/0 ip address 10.4.1.1 255.255.255.252 # ospf 1 area 0.0.0.0 network 10.2.1.0 0.0.0.3 network 10.4.1.0 0.0.0.3 # return

Configuration file of RTA


# sysname RTA # interface GigabitEthernet1/0/0 ip address 10.3.1.2 255.255.255.252 # interface GigabitEthernet2/0/0 ip address 10.4.1.2 255.255.255.252 ospf cost 100 # interface GigabitEthernet3/0/0 ip address 10.5.1.1 255.255.255.0 # ospf 1 area 0.0.0.0 network 10.3.1.0 0.0.0.3 network 10.4.1.0 0.0.0.3 area 0.0.0.2 network 10.5.1.0 0.0.0.255 # return

3.21.18 Example for Configuring VPN FRR


Networking Requirements
As shown in Figure 3-19, configure the backup nexthop on PE1 and configure PE3 as the backup of PE2. When some defects occur to PE2, the flow switches onto PE3.

3-238

Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd.

Issue 03 (2008-09-22)

Quidway NetEngine80E/40E Core Router Configuration Guide - VPN

3 BGP/MPLS IP VPN Configuration

Figure 3-19 Configuring the VPN FRR


Loopback1 2.2.2.2/32

VPN backbone

Loopback1 POS1/0/0 1.1.1.1/32 AS100 100.1.1.2/30 POS2/0/0 100.1.1.1/30 Link_A

PE2

GE2/0/0 10.1.1.2/30 GE1/0/0 10.1.1.1/30

vpn1 site AS65410


GE3/0/0 10.3.1.1/24

PE1
POS3/0/0 100.2.1.1/30

CE Link_B
POS1/0/0 100.2.1.2/30 GE2/0/0 10.2.1.2/30 GE2/0/0 10.2.1.1/30

PE3
Loopback1 3.3.3.3/32

Configuration Roadmap
The configuration roadmap is as follows: 1. 2. 3. 4. 5. Configure OSPF on the MPLS backbone (PE1, PE2 and PE3) to realize the backbone interconnection. Configure the basic MPLS function on the MPLS backbone and enable the MPLS LDP to set up an LSP. Configure the VPN instances on every PE device (PE1, PE2 and PE3), and connect CE1 with PE2 and PE3. Establish the EBGP peers between PE and CE1. Import the VPN routing and establish the MP-IBGP peers among PEs. Configure the VPN FRR routing policy on PE1. Configure the backup nexthop. Enable the VPN FRR. When the VPN FRR is unnecessary; run the undo vpn frr command to disable the action.

Data Preparation
To complete the configuration, you need the following data:
l

The number of the AS where the PE devices are located is 100. The number of the AS where the CE device is located is 65410. The names of the VPN instances on the PE devices. The name of the routing policy on the PE1 and the name of the IP prefix are configured.

l l

Configuration Procedure
1. 2. 3. Configure the IP address on every interface (omitted). Configure OSPF on the MPLS backbone to realize the interconnection of the PEs on backbone (omitted). Configure the MPLS and MPLS LDP on the MPLS backbone, and establish the LDP LSP. # Configure the PE1.
<PE1> system-view

Issue 03 (2008-09-22)

Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd.

3-239

3 BGP/MPLS IP VPN Configuration


[PE1] mpls lsr-id 1.1.1.1 [PE1] mpls [PE1-mpls] lsp-trigger all [PE1-mpls] quit [PE1] mpls ldp [PE1-mpls-ldp] quit [PE1] interface pos2/0/0 [PE1-Pos2/0/0] mpls [PE1-Pos2/0/0] mpls ldp [PE1-Pos2/0/0] quit [PE1] interface pos3/0/0 [PE1-Pos3/0/0] mpls [PE1-Pos3/0/0] mpls ldp [PE1-Pos3/0/0] quit

Quidway NetEngine80E/40E Core Router Configuration Guide - VPN

# Configure the PE2.


<PE2> system-view [PE2] mpls lsr-id 2.2.2.2 [PE2] mpls [PE2-mpls] lsp-trigger all [PE2-mpls] quit [PE2] mpls ldp [PE2-mpls-ldp] quit [PE2] interface pos1/0/0 [PE2-Pos1/0/0] mpls [PE2-Pos1/0/0] mpls ldp [PE2-Pos1/0/0] quit

# Configure the PE3.


<PE3> system-view [PE3] mpls lsr-id 3.3.3.3 [PE3] mpls [PE3-mpls] lsp-trigger all [PE3-mpls] quit [PE3] mpls ldp [PE3-mpls-ldp] quit [PE3] interface pos1/0/0 [PE3-Pos1/0/0] mpls [PE3-Pos1/0/0] mpls ldp [PE3-Pos1/0/0] quit

Run the display mpls lsp command on the PEs. You can view the LSPs between PE1 and PE2, and between PE1 and PE3 are established. Take PE1 as an example:
[PE1] display mpls lsp ---------------------------------------------------------------------LSP Information: LDP LSP ---------------------------------------------------------------------FEC In/Out Label In/Out IF Vrf Name 3.3.3.3/32 NULL/3 -/P3/0/0 1.1.1.1/32 3/NULL -/100.1.1.0/30 3/NULL -/3.3.3.3/32 1024/3 -/P3/0/0 100.2.1.0/30 3/NULL -/2.2.2.2/32 NULL/3 -/P2/0/0 2.2.2.2/32 1025/3 -/P2/0/0

4.

Configure the VPN instances on the PE devices and connect the CE with the PE2 and PE3. # Configure the PE1.
[PE1] ip vpn-instance vpn1 [PE1-vpn-instance-vpn1] route-distinguisher 100:1 [PE1-vpn-instance-vpn1] vpn-target 111:1 [PE1-vpn-instance-vpn1] quit

# Configure the PE2.


[PE2] ip vpn-instance vpn1 [PE2-vpn-instance-vpn1] route-distinguisher 100:2

3-240

Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd.

Issue 03 (2008-09-22)

Quidway NetEngine80E/40E Core Router Configuration Guide - VPN

3 BGP/MPLS IP VPN Configuration

[PE2-vpn-instance-vpn1] vpn-target 111:1 [PE2-vpn-instance-vpn1] quit [PE2] interface gigabitethernet2/0/0 [PE2-GigabitEthernet2/0/0] ip binding vpn-instance vpn1 [PE2-GigabitEthernet2/0/0] ip address 10.1.1.2 30 [PE2-GigabitEthernet2/0/0] quit

# Configure the PE3.


[PE3] ip vpn-instance vpn1 [PE3-vpn-instance-vpn1] route-distinguisher 100:3 [PE3-vpn-instance-vpn1] vpn-target 111:1 [PE3-vpn-instance-vpn1] quit [PE3] interface gigabitethernet2/0/0 [PE3-GigabitEthernet2/0/0] ip binding vpn-instance vpn1 [PE3-GigabitEthernet2/0/0] ip address 10.2.1.2 30 [PE3-GigabitEthernet2/0/0] quit

5.

Import VPN routes on all PEs. Set up EBGP peer between PE2 and CE, between PE3 and CE. # Configure the PE1.
[PE1] bgp 100 [PE1-bgp] ipv4-family vpn-instance vpn1 [PE1-bgp-vpn1] import-route direct [PE1-bgp-vpn1] quit

# Configure the PE2.


[PE2] bgp 100 [PE2-bgp] ipv4-family vpn-instance vpn1 [PE2-bgp-vpn1] peer 10.1.1.1 as-number 65410 [PE2-bgp-vpn1] import-route direct [PE2-bgp-vpn1] quit

# Configure the PE3.


[PE3] bgp 100 [PE3-bgp] ipv4-family vpn-instance vpn1 [PE3-bgp-vpn1] peer 10.2.1.1 as-number 65410 [PE3-bgp-vpn1] import-route direct [PE3-bgp-vpn1] quit

# Configure the CE.


<CE> system-view [CE] bgp 65410 [CE-bgp] peer 10.1.1.2 as-number 100 [CE-bgp] peer 10.2.1.2 as-number 100 [CE-bgp] import-route direct [CE-bgp] network 10.3.1.0 24 [CE-bgp] quit

After the configuration, run the display bgp vpnv4 all peer command on the PEs. You can view that the EBGP peer is established between the PEs and the CEs, and the peer status is "Established". Take PE2 as an example:
[PE2] display bgp vpnv4 all peer BGP local router ID : 2.2.2.2 Local AS number : 100 Total number of peers : 2 Peer V AS MsgRcvd Peer of vpn instance : vpn instance vpn1 : 10.1.1.1 4 65410 46

MsgSent 46

Peers in established state : 2 OutQ Up/Down State PrefRcv 0 00:37:41 Established 5

6.

Establish the MP-IBGP peers among the PEs. # Configure the PE1.
[PE1] bgp 100 [PE1-bgp] peer 2.2.2.2 as-number 100 [PE1-bgp] peer 2.2.2.2 connect-interface loopback 1

Issue 03 (2008-09-22)

Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd.

3-241

3 BGP/MPLS IP VPN Configuration

Quidway NetEngine80E/40E Core Router Configuration Guide - VPN

[PE1-bgp] peer 3.3.3.3 as-number 100 [PE1-bgp] peer 3.3.3.3 connect-interface loopback 1 [PE1-bgp] ipv4-family vpnv4 [PE1-bgp-af-vpnv4] peer 2.2.2.2 enable [PE1-bgp-af-vpnv4] peer 3.3.3.3 enable [PE1-bgp-af-vpnv4] quit

# Configure the PE2.


[PE2] bgp 100 [PE2-bgp] peer 1.1.1.1 as-number 100 [PE2-bgp] peer 1.1.1.1 connect-interface loopback 1 [PE2-bgp] ipv4-family vpnv4 [PE2-bgp-af-vpnv4] peer 1.1.1.1 enable [PE2-bgp-af-vpnv4] quit

# Configure the PE3.


[PE3] bgp 100 [PE3-bgp] peer 1.1.1.1 as-number 100 [PE3-bgp] peer 1.1.1.1 connect-interface loopback 1 [PE3-bgp] ipv4-family vpnv4 [PE3-bgp-af-vpnv4] peer 1.1.1.1 enable [PE3-bgp-af-vpnv4] quit

After the configuration, run the display bgp vpnv4 all peer command on the PEs. You can view that the MP-IBGP peer is established between the PEs, and the peer status is "Established". Take PE1 as an example:
[PE1] display bgp vpnv4 all peer BGP local router ID : 1.1.1.1 Local AS number : 100 Total number of peers : 2 Peer V AS MsgRcvd 2.2.2.2 4 100 20 3.3.3.3 4 100 24

MsgSent 17 19

Peers in established state : 2 OutQ Up/Down State PrefRcv 0 00:13:26 Established 5 0 00:17:18 Established 5

7.

Configure the VPN FRR routing policy.


[PE1] ip ip-prefix [PE1] route-policy [PE1-route-policy] [PE1-route-policy] [PE1-route-policy] vpn_frr_list permit 2.2.2.2 32 vpn_frr_rp permit node 10 if-match ip next-hop ip-prefix vpn_frr_list apply backup-nexthop 3.3.3.3 quit

8.

Enable the VPN FRR.


[PE1] ip vpn-instance vpn1 [PE1-vpn-instance-vpn1] vpn frr route-policy vpn_frr_rp [PE1-vpn-instance-vpn1] quit

Check the information about the backup next hop, the backup label and the backup Tunnel ID.
<PE1> display ip routing-table vpn-instance vpn1 10.3.1.0 verbose Routing Table : vpn1 Summary Count : 2 Destination: 10.3.1.0/24 Protocol: BGP Process ID: 0 Preference: 255 Cost: 0 NextHop: 3.3.3.3 Neighbour: 3.3.3.3 State: Inactive Adv GotQ Age: 00h17m56s Tag: 0 Priority: 0 Label: 15362 QoSInfo: 0x0 RelayNextHop: 0.0.0.0 Interface: Pos3/0/0 TunnelID: 0x6002000 Destination: 10.3.1.0/24 Protocol: BGP Process ID: 0 Preference: 255 Cost: 0 NextHop: 2.2.2.2 Neighbour: 2.2.2.2 State: Active Adv GotQ Age: 00h15m06s Tag: 0 Priority: 0

3-242

Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd.

Issue 03 (2008-09-22)

Quidway NetEngine80E/40E Core Router Configuration Guide - VPN


Label: RelayNextHop: TunnelID: BkNextHop: BkLabel: BkPETunnelID: 15361 0.0.0.0 0x6002002 3.3.3.3 15362 0x6002000

3 BGP/MPLS IP VPN Configuration


QoSInfo: 0x0 Interface: Pos2/0/0 BkInterface: SecTunnelID: 0x0 BkPESecTunnelID: 0x0

9.

Run the undo vpn frr command to disable VPN FRR when it is unnecessary.
[PE1] ip vpn-instance vpn1 [PE1-vpn-instance-vpn1] undo vpn frr [PE1-vpn-instance-vpn1] quit

After disabling VPN FRR, check information about the backup next hop, the backup label and the backup Tunnel ID.
<PE1> display ip routing-table vpn-instance vpn1 10.3.1.0 verbose Routing Table : vpn1 Summary Count : 2 Destination: 10.3.1.0/24 Protocol: BGP Process ID: 0 Preference: 255 Cost: 0 NextHop: 3.3.3.3 Neighbour: 3.3.3.3 State: Inactive Adv GotQ Age: 00h19m05s Tag: 0 Priority: 0 Label: 15362 QoSInfo: 0x0 RelayNextHop: 0.0.0.0 Interface: Pos3/0/0 TunnelID: 0x6002000 Destination: 10.3.1.0/24 Protocol: BGP Process ID: 0 Preference: 255 Cost: 0 NextHop: 2.2.2.2 Neighbour: 2.2.2.2 State: Active Adv GotQ Age: 00h00m10s Tag: 0 Priority: 0 Label: 15361 QoSInfo: 0x0 RelayNextHop: 0.0.0.0 Interface: Pos2/0/0 TunnelID: 0x6002002

Configuration Files
l

Configuration file of the PE1


# sysname PE1 # ip vpn-instance vpn1 route-distinguisher 100:1 vpn frr route-policy vpn_frr_rp vpn-target 111:1 export-extcommunity vpn-target 111:1 import-extcommunity # mpls lsr-id 1.1.1.1 mpls lsp-trigger all # mpls ldp # interface Pos2/0/0 link-protocol ppp ip address 100.1.1.1 255.255.255.252 mpls mpls ldp # interface Pos3/0/0 link-protocol ppp ip address 100.2.1.1 255.255.255.252 mpls mpls ldp # interface LoopBack1 ip address 1.1.1.1 255.255.255.255

Issue 03 (2008-09-22)

Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd.

3-243

3 BGP/MPLS IP VPN Configuration

Quidway NetEngine80E/40E Core Router Configuration Guide - VPN

# bgp 100 peer 2.2.2.2 as-number 100 peer 2.2.2.2 connect-interface LoopBack1 peer 3.3.3.3 as-number 100 peer 3.3.3.3 connect-interface LoopBack1 # ipv4-family unicast undo synchronization peer 2.2.2.2 enable peer 3.3.3.3 enable # ipv4-family vpnv4 policy vpn-target peer 2.2.2.2 enable peer 3.3.3.3 enable # ipv4-family vpn-instance vpn1 import-route direct # ospf 1 area 0.0.0.0 network 100.1.1.0 0.0.0.3 network 100.2.1.0 0.0.0.3 network 1.1.1.1 0.0.0.0 # ip ip-prefix vpn_frr_list permit 2.2.2.2 32 # route-policy vpn_frr_rp permit node 10 if-match ip next-hop ip-prefix vpn_frr_list apply backup-nexthop 3.3.3.3 # return l

Configuration file of the PE2


# sysname PE2 # ip vpn-instance vpn1 route-distinguisher 100:2 vpn-target 111:1 export-extcommunity vpn-target 111:1 import-extcommunity # mpls lsr-id 2.2.2.2 mpls lsp-trigger all # mpls ldp # interface Pos1/0/0 link-protocol ppp ip address 100.1.1.2 255.255.255.252 mpls mpls ldp # interface GigabitEthernet2/0/0 ip binding vpn-instance vpn1 ip address 10.1.1.2 255.255.255.252 # interface LoopBack1 ip address 2.2.2.2 255.255.255.255 # bgp 100 peer 1.1.1.1 as-number 100 peer 1.1.1.1 connect-interface LoopBack0 # ipv4-family unicast undo synchronization peer 1.1.1.1 enable #

3-244

Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd.

Issue 03 (2008-09-22)

Quidway NetEngine80E/40E Core Router Configuration Guide - VPN


ipv4-family vpnv4 policy vpn-target peer 1.1.1.1 enable # ipv4-family vpn-instance vpn1 peer 10.1.1.1 as-number 65410 import-route direct # ospf 1 area 0.0.0.0 network 100.1.1.0 0.0.0.3 network 2.2.2.2 0.0.0.0 # return l

3 BGP/MPLS IP VPN Configuration

Configuration file of the PE3


# sysname PE3 # ip vpn-instance vpn1 route-distinguisher 100:3 vpn-target 111:1 export-extcommunity vpn-target 111:1 import-extcommunity # mpls lsr-id 3.3.3.3 mpls lsp-trigger all # mpls ldp # interface Pos1/0/0 link-protocol ppp ip address 100.2.1.2 255.255.255.252 mpls mpls ldp # interface GigabitEthernet2/0/0 ip binding vpn-instance vpn1 ip address 10.2.1.2 255.255.255.252 # interface LoopBack1 ip address 3.3.3.3 255.255.255.255 # bgp 100 peer 1.1.1.1 as-number 100 peer 1.1.1.1 connect-interface LoopBack1 # ipv4-family unicast undo synchronization peer 1.1.1.1 enable # ipv4-family vpnv4 policy vpn-target peer 1.1.1.1 enable # ipv4-family vpn-instance vpn1 peer 10.2.1.1 as-number 65410 import-route direct # ospf 1 area 0.0.0.0 network 100.2.1.0 0.0.0.3 network 3.3.3.3 0.0.0.0 # Return

Configuration file of the CE


# sysname CE #

Issue 03 (2008-09-22)

Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd.

3-245

3 BGP/MPLS IP VPN Configuration


interface GigabitEthernet1/0/0 ip address 10.1.1.1 255.255.255.252 # interface GigabitEthernet2/0/0 ip address 10.2.1.1 255.255.255.252 # interface GigabitEthernet3/0/0 ip address 10.3.1.1 255.255.255.0 # bgp 65410 peer 10.1.1.2 as-number 100 peer 10.2.1.2 as-number 100 # ipv4-family unicast undo synchronization network 10.3.1.0 255.255.255.0 import-route direct peer 10.1.1.2 enable peer 10.2.1.2 enable # return

Quidway NetEngine80E/40E Core Router Configuration Guide - VPN

3.21.19 Example for Configuring VPN GR


Networking Requirements
Figure 3-20 shows that CE1 and CE2 belong to the same VPN. PE1, P and PE2 are the devices of the VPN backbone network. They are in the same AS and interconnected by running IS-IS. CE1 is connected with PE1 and BGP is run between them. CE2 is connected with PE2 and OSPF is run between them. Figure 3-20 Networking diagram of the VPN GR
Loopback1 1.1.1.9/32 POS2/0/0 100.1.1.1/30 POS1/0/0 10.1.1.2/30 POS1/0/0 10.1.1.1/30 POS1/0/0 100.1.1.2/30 Loopback1 2.2.2.9/32 POS1/0/0 100.2.1.2/30 POS2/0/0 100.2.1.1/30 Loopback1 3.3.3.9/32

PE1

PE2

POS2/0/0 10.2.1.2/30 POS1/0/0 10.2.1.1/30

CE1

CE2

Configuration Roadmap
The configuration roadmap is as follows: 1. 2. 3. 4. 5.
3-246

Configure the BGP/MPLS IP VPN. Configure the IGP GR of the backbone network. Configure the MPLS LDP GR of the backbone network. Configure the GR of the routing protocol between the PE and the CE. Configure the BGP GR.
Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd. Issue 03 (2008-09-22)

Quidway NetEngine80E/40E Core Router Configuration Guide - VPN

3 BGP/MPLS IP VPN Configuration

Data Preparation
To complete the configuration, you need the following data:
l l

Name of the VPN instance, RD and VPN Target attribute Interval for re-establishing the GR session of IS-IS (In this example, the default value 300 seconds is adopted.) The reconnection time of the MPLS LDP session (In this example, the default value 300 seconds is adopted) and the validity period of the MPLS LDP session (In this example, the default value 600 seconds is adopted.) Maximum time of re-establishing the GR session (In this example, the default value 150 seconds is adopted.) Time of waiting for the End-of-Rib (In this example, the default value 600 seconds is adopted.) Data for running the routing protocol between the PE and the CE (In this example, BGP is run between CE1 and PE1, and the OSPF multi-instance is run between CE2 and PE2.) Data for running IGP on the backbone network (In this example, IS-IS is adopted.)

Configuration Procedure
1. Configure the BGP/MPLS IP VPN. IS-IS is adopted as the IGP protocol on the backbone network, enable LDP between PE1 and PE2 and establish the MP-IBGP peer relationship. # Configure PE1.
<Quidway> system-view [Quidway] sysname PE1 [PE1] interface loopback 1 [PE1-LoopBack1] ip address 1.1.1.9 32 [PE1-LoopBack1] quit [PE1] mpls lsr-id 1.1.1.9 [PE1] mpls [PE1-mpls] lsp-trigger all [PE1-mpls] quit [PE1] mpls ldp [PE1-mpls-ldp] quit [PE1] isis 1 [PE1-isis-1] network-entity 10.0000.0000.0001.00 [PE1-isis-1] quit [PE1] interface loopback 1 [PE1-LoopBack1] isis enable 1 [PE1-LoopBack1] quit [PE1] interface pos 2/0/0 [PE1-Pos2/0/0] ip address 100.1.1.1 30 [PE1-Pos2/0/0] isis enable 1 [PE1-Pos2/0/0] mpls [PE1-Pos2/0/0] mpls ldp [PE1-Pos2/0/0] quit [PE1] bgp 100 [PE1-bgp] peer 3.3.3.9 as-number 100 [PE1-bgp] peer 3.3.3.9 connect-interface loopback 1 [PE1-bgp] ipv4-family vpnv4 [PE1-bgp-af-vpnv4] peer 3.3.3.9 enable [PE1-bgp-af-vpnv4] quit [PE1-bgp] quit

# Configure P.
<Quidway> system-view [Quidway] sysname P [P] interface loopback 1

Issue 03 (2008-09-22)

Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd.

3-247

3 BGP/MPLS IP VPN Configuration

Quidway NetEngine80E/40E Core Router Configuration Guide - VPN

[P-LoopBack1] ip address 2.2.2.9 32 [P-LoopBack1] quit [P] mpls lsr-id 2.2.2.9 [P] mpls [P-mpls] lsp-trigger all [P-mpls] quit [P] mpls ldp [P-mpls-ldp] quit [P] isis 1 [P-isis-1] network-entity 10.0000.0000.0002.00 [P-isis-1] quit [P] interface loopback 1 [P-LoopBack1] isis enable 1 [P-LoopBack1] quit [P] interface pos 1/0/0 [P-Pos1/0/0] ip address 100.1.1.2 30 [P-Pos1/0/0] isis enable 1 [P-Pos1/0/0] mpls [P-Pos1/0/0] mpls ldp [P-Pos1/0/0] quit [P] interface pos 2/0/0 [P-Pos2/0/0] ip address 100.2.1.1 30 [P-Pos2/0/0] isis enable 1 [P-Pos2/0/0] mpls [P-Pos2/0/0] mpls ldp [P-Pos2/0/0] quit

# Configure PE2.
<Quidway> system-view [Quidway] sysname PE2 [PE2] interface loopback 1 [PE2-LoopBack1] ip address 3.3.3.9 32 [PE2-LoopBack1] quit [PE2] mpls lsr-id 3.3.3.9 [PE2] mpls [PE2-mpls] lsp-trigger all [PE2-mpls] quit [PE2] mpls ldp [PE2-mpls-ldp] quit [PE2] isis 1 [PE2-isis-1] network-entity 10.0000.0000.0003.00 [PE2-isis-1] quit [PE2] interface loopback 1 [PE2-LoopBack1] isis enable 1 [PE2-LoopBack1] quit [PE2] interface pos 1/0/0 [PE2-Pos1/0/0] ip address 100.2.1.2 30 [PE2-Pos1/0/0] isis enable 1 [PE2-Pos1/0/0] mpls [PE2-Pos1/0/0] mpls ldp [PE2-Pos1/0/0] quit [PE2] bgp 100 [PE2-bgp] peer 1.1.1.9 as-number 100 [PE2-bgp] peer 1.1.1.9 connect-interface loopback 1 [PE2-bgp] ipv4-family vpnv4 [PE2-bgp-af-vpnv4] peer 1.1.1.9 enable [PE2-bgp-af-vpnv4] quit [PE2-bgp] quit

After the configuration, running the display mpls ldp session command on PE1 or PE2, you can view that the LDP session is set up with the status as Operational. Running the display bgp vpnv4 all peer command, you can view that peer relationship of BGP is set up with the status as Established. Running the display isis peer command, you can view that the adjacency relationship is set up with the status as Up. 2. Configure a VPN instance and configure it to access the CE.

3-248

Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd.

Issue 03 (2008-09-22)

Quidway NetEngine80E/40E Core Router Configuration Guide - VPN

3 BGP/MPLS IP VPN Configuration

Configure a VPN instance vpn1 on PE1 and configure it to access the CE1. Configure a VPN instance vpn1 on PE2 and configure it to access the CE2. Configure BGP between CE1 and PE1 and configure OSPF between CE2 and PE2. # Configure CE1.
<Quidway> system-view [Quidway] sysname CE1 [CE1] interface pos 1/0/0 [CE1-Pos1/0/0] ip address 10.1.1.1 30 [CE1-Pos1/0/0] quit [CE1] bgp 65410 [CE1-bgp] peer 10.1.1.2 as-number 100 [CE1-bgp] import-route direct [CE1-bgp] quit

# Configure PE1.
[PE1] ip vpn-instance vpn1 [PE1-vpn-instance-vpn1] route-distinguisher 100:1 [PE1-vpn-instance-vpn1] vpn-target 111:1 [PE1-vpn-instance-vpn1] quit [PE1] interface pos 1/0/0 [PE1-Pos1/0/0] ip binding vpn-instance vpn1 [PE1-Pos1/0/0] ip address 10.1.1.2 30 [PE1-Pos1/0/0] quit [PE1] bgp 100 [PE1-bgp] ipv4-family vpn-instance vpn1 [PE1-bgp-vpn1] peer 10.1.1.1 as-number 65410 [PE1-bgp-vpn1] import-route direct [PE1-bgp-vpn1] quit [PE1-bgp] quit

# Configure PE2.
[PE2] ip vpn-instance vpn1 [PE2-vpn-instance-vpn1] route-distinguisher 100:2 [PE2-vpn-instance-vpn1] vpn-target 111:1 [PE2-vpn-instance-vpn1] quit [PE2] interface pos 2/0/0 [PE2-Pos2/0/0] ip binding vpn-instance vpn1 [PE2-Pos2/0/0] ip address 10.2.1.2 30 [PE2-Pos2/0/0] quit [PE2] ospf 2 vpn-instance vpn1 [PE2-ospf-2] area 0 [PE2-ospf-2-area-0.0.0.0] network 10.2.1.0 0.0.0.3 [PE2-ospf-2-area-0.0.0.0] quit [PE2-ospf-2] import-route bgp [PE2-ospf-2] quit [PE2] bgp 100 [PE2-bgp] ipv4-family vpn-instance vpn1 [PE2-bgp-vpn1] import-route ospf 2 [PE2-bgp-vpn1] import-route direct [PE2-bgp-vpn1] quit [PE2-bgp] quit

# Configure CE2.
<Quidway> system-view [Quidway] sysname CE2 [CE2] interface pos 1/0/0 [CE2-Pos1/0/0] ip address [CE2-Pos1/0/0] quit [CE2] ospf 2 [CE2-ospf-2] area 0 [CE2-ospf-2-area-0.0.0.0] [CE2-ospf-2-area-0.0.0.0] [CE2-ospf-2] import-route [CE2-ospf-2] quit

10.2.1.1 30

network 10.2.1.0 0.0.0.3 quit direct

After the configuration of the BGP/MPLS IP VPN, CE1 and CE2 can communicate. 3.
Issue 03 (2008-09-22)

Configure the IGP GR on the backbone network.


Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd. 3-249

3 BGP/MPLS IP VPN Configuration

Quidway NetEngine80E/40E Core Router Configuration Guide - VPN

Configure the IGP GR on PE1, P and PE2 on the backbone network. # Configure PE1.
[PE1] isis 1 [PE1-isis-1] graceful-restart [PE1-isis-1] quit

# Configure P.
[P] isis 1 [P-isis-1] graceful-restart [P-isis-1] quit

# Configure PE2.
[PE2] isis 1 [PE2-isis-1] graceful-restart [PE2-isis-1] quit

Running the display isis graceful-restart status command on PE1, P and PE2 on the backbone network, you can view that the configuration of the IS-IS GR succeeds. Take the display of PE1 as an example:
[PE1] display isis graceful-restart status Restart information for ISIS(1) ------------------------------IS-IS(1) Level-1 Restart Status Restart Interval: 300 SA Bit Supported Total Number of Interfaces = 2 Restart Status: RESTART COMPLETE IS-IS(1) Level-2 Restart Status Restart Interval: 300 SA Bit Supported Total Number of Interfaces = 2 Restart Status: RESTART COMPLETE

4.

Configure the MPLS LDP GR on the backbone network. Configure the MPLS LDP GR on PE1, P and PE2 on the backbone network. # Configure PE1.
[PE1] mpls ldp [PE1-mpls-ldp] graceful-restart [PE1-mpls-ldp] quit

# Configure P.
[P] mpls ldp [P-mpls-ldp] graceful-restart [P-mpls-ldp] quit

# Configure PE2.
[PE2] mpls ldp [PE2-mpls-ldp] graceful-restart [PE2-mpls-ldp] quit

5.

Configure the GR of the routing protocol between the PE and the CE. Configure the BGP GR on PE1 and CE1 and configure the OSPF GR on PE2 and the CE2. # Configure PE1.
[PE1] bgp 100 [PE1-bgp] graceful-restart [PE1-bgp] quit

# Configure CE1.
[CE1] bgp 65410 [CE1-bgp] graceful-restart [CE1-bgp] quit

# Configure PE2.
3-250 Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd. Issue 03 (2008-09-22)

Quidway NetEngine80E/40E Core Router Configuration Guide - VPN


[PE2] ospf 2 [PE2-ospf-2] [PE2-ospf-2] [PE2-ospf-2] [PE2-ospf-2]

3 BGP/MPLS IP VPN Configuration


vpn-instance vpn1 enable link-local-signaling enable out-of-band-resynchronization graceful-restart quit

# Configure CE2.
[CE2] ospf 2 [CE2-ospf-2] [CE2-ospf-2] [CE2-ospf-2] [CE2-ospf-2] enable link-local-signaling enable out-of-band-resynchronization graceful-restart quit

Running the display ospf brief command on PE2 or CE2, you can view that the configuration of the OSPF GR succeeds. Take the display of PE2 as an example:
[PE2] display ospf brief OSPF Process 2 with Router ID 10.2.1.2 OSPF Protocol Information RouterID: 10.2.1.2 Border Router: AREA Route Tag: 3489661028 PE Device, Multi-VPN-Instance is enabled Link-local signaling capable Out-of-band resynchronize capable Graceful restart capable Graceful restart Helper filter capable, filter: Applications Supported: MPLS Traffic-Engineering Spf-schedule-interval: 5 Default ASE parameters: Metric: 1 Tag: 1 Type: 2 Route Preference: 10 ASE Route Preference: 150 SPF Computation Count: 6 RFC 1583 Compatible Area Count: 1 Nssa Area Count: 0 ExChange/Loading Neighbors: 0 Area: 0.0.0.0 (MPLS TE not enabled) Authtype: None Area flag: Normal SPF scheduled Count: 6 ExChange/Loading Neighbors: 0 Interface: 10.2.1.2 (Pos2/0/0) --> 10.2.1.1 Cost: 1 State: P-2-P Type: PTP MTU: Timers: Hello 10, Dead 40, Poll 120, Retransmit

AS

No Filter

1500 5, Transmit Delay 1

6.

Configure the BGP GR on the PE. After the BGP GR is configured on PE1 in Step 5, configure the BGP GR on PE2. # Configure PE2.
[PE2] bgp 100 [PE2-bgp] graceful-restart [PE2-bgp] quit

Run the display bgp vpnv4 all peer verbose command on PE1, you can view that the configurations of the IBGP GR between PE1 and PE2 and the EBGP GR between PE1 and CE1 succeed.
[PE1] display bgp vpnv4 all peer verbose Peer: 3.3.3.9 Local: 1.1.1.9 Type: IBGP link BGP version 4, remote router ID 3.3.3.9 BGP current state: Established, Up for 00h23m47s BGP current event: RecvKeepalive BGP last state: OpenConfirm Port: Local - 52845 Remote - 179 Configured: Active Hold Time: 180 sec Keepalive Time:60 sec Received : Active Hold Time: 180 sec Negotiated: Active Hold Time: 180 sec Keepalive Time:60 sec Peer optional capabilities: Peer supports bgp multi-protocol extension

Issue 03 (2008-09-22)

Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd.

3-251

3 BGP/MPLS IP VPN Configuration

Quidway NetEngine80E/40E Core Router Configuration Guide - VPN

Peer supports bgp route refresh capability Graceful Restart Capability: advertised and received Restart Timer Value received from Peer: 150 seconds GR Capability received from Peer for following Address families: IPv4 Unicast (Forwarding State) VPNv4 (Forwarding State) Address family IPv4 Unicast: advertised and received Address family VPNv4: advertised and received Received: Total 32 messages, Update messages 4 Sent: Total 33 messages, Update messages 4 Minimum time between advertisement runs is 15 seconds Optional capabilities: Route refresh capability has been enabled Connect-interface has been configured Peer Preferred Value: 0 Routing policy configured: No routing policy is configured VPN instance: vpn1 Peer: 10.1.1.1 Local: 1.1.1.9 Type: EBGP link BGP version 4, remote router ID 10.1.1.1 BGP current state: Established, Up for 00h43m05s BGP current event: KATimerExpired BGP last state: OpenConfirm Port: Local - 50390 Remote - 179 Configured: Active Hold Time: 180 sec Keepalive Time:60 sec Received : Active Hold Time: 180 sec Negotiated: Active Hold Time: 180 sec Keepalive Time:60 sec Peer optional capabilities: Peer supports bgp multi-protocol extension Peer supports bgp route refresh capability Graceful Restart Capability: advertised and received Restart Timer Value received from Peer: 150 seconds GR Capability received from Peer for following Address families: IPv4 Unicast (Forwarding State) Address family IPv4 Unicast: advertised and received Received: Total 58 messages, Update messages 3 Sent: Total 64 messages, Update messages 6 Minimum time between advertisement runs is 30 seconds Optional capabilities: Route refresh capability has been enabled Peer Preferred Value: 0 Routing policy configured: No routing policy is configured

7.

Verify the Configuration. # Run the display switchover state command on PE1 to view the SMB status and the display is as follows:
Info:HA FSM State, Realtime and routine backup.

Performing the AMB/SMB switchover on PE1, you can find communication between the CE site and the CE2 site is not interrupted.
[PE1] slave switchover Caution!!! Confirm switch slave to master[Y/N]?y
NOTE

On CE1, PE1, PE2 and CE2, if two or more neighboring devices perform the AMB/SMB switchover at the same time, the traffic may be broken.

Configuration Files
l

Configuration file of PE1


# sysname PE1 # ip vpn-instance vpn1

3-252

Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd.

Issue 03 (2008-09-22)

Quidway NetEngine80E/40E Core Router Configuration Guide - VPN


route-distinguisher 100:1 vpn-target 111:1 export-extcommunity vpn-target 111:1 import-extcommunity # mpls lsr-id 1.1.1.9 mpls lsp-trigger all # mpls ldp graceful-restart # isis 1 network-entity 10.0000.0000.0001.00 graceful-restart # interface Pos1/0/0 link-protocol ppp ip binding vpn-instance vpn1 ip address 10.1.1.2 255.255.255.252 # interface Pos2/0/0 link-protocol ppp ip address 100.1.1.1 255.255.255.252 isis enable 1 mpls mpls ldp # interface LoopBack1 ip address 1.1.1.9 255.255.255.255 isis enable 1 # bgp 100 graceful-restart peer 3.3.3.9 as-number 100 peer 3.3.3.9 connect-interface LoopBack1 # ipv4-family vpnv4 policy vpn-target peer 3.3.3.9 enable # ipv4-family vpn-instance vpn1 peer 10.1.1.1 as-number 65410 import-route direct # return l

3 BGP/MPLS IP VPN Configuration

Configuration file of P
# sysname P # mpls lsr-id 2.2.2.9 mpls lsp-trigger all # mpls ldp graceful-restart # isis 1 network-entity 10.0000.0000.0002.00 graceful-restart # interface Pos1/0/0 link-protocol ppp ip address 100.1.1.2 255.255.255.252 isis enable 1 mpls mpls ldp # interface Pos2/0/0 link-protocol ppp

Issue 03 (2008-09-22)

Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd.

3-253

3 BGP/MPLS IP VPN Configuration


ip address 100.2.1.1 255.255.255.252 isis enable 1 mpls mpls ldp # interface LoopBack1 ip address 2.2.2.9 255.255.255.255 isis enable 1 # return l

Quidway NetEngine80E/40E Core Router Configuration Guide - VPN

Configuration file of PE2


# sysname PE2 # ip vpn-instance vpn1 route-distinguisher 100:2 vpn-target 111:1 export-extcommunity vpn-target 111:1 import-extcommunity # mpls lsr-id 3.3.3.9 mpls lsp-trigger all # mpls ldp graceful-restart # isis 1 network-entity 10.0000.0000.0003.00 graceful-restart # interface Pos1/0/0 link-protocol ppp ip address 100.2.1.2 255.255.255.252 isis enable 1 mpls mpls ldp # interface Pos2/0/0 link-protocol ppp ip binding vpn-instance vpn1 ip address 10.2.1.2 255.255.255.252 # interface LoopBack1 ip address 3.3.3.9 255.255.255.255 isis enable 1 # bgp 100 graceful-restart peer 1.1.1.9 as-number 100 peer 1.1.1.9 connect-interface LoopBack1 # ipv4-family vpnv4 policy vpn-target peer 1.1.1.9 enable # ipv4-family vpn-instance vpn1 import-route ospf 2 import-route direct # ospf 2 vpn-instance vpn1 enable link-local-signaling enable out-of-band-resynchronization graceful-restart import-route bgp area 0.0.0.0 network 10.2.1.0 0.0.0.3 # return

3-254

Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd.

Issue 03 (2008-09-22)

Quidway NetEngine80E/40E Core Router Configuration Guide - VPN


l

3 BGP/MPLS IP VPN Configuration

Configuration file of CE1


# sysname CE1 # interface Pos1/0/0 link-protocol ppp ip address 10.1.1.1 255.255.255.252 # bgp 65410 graceful-restart peer 10.1.1.2 as-number 100 import-route direct # return

Configuration file of CE2


# sysname CE2 # interface Pos1/0/0 link-protocol ppp ip address 10.2.1.1 255.255.255.252 # ospf 2 import-route direct enable link-local-signaling enable out-of-band-resynchronization graceful-restart area 0.0.0.0 network 10.2.1.0 0.0.0.3 # return

3.21.20 Example for Configuring the VPN with Double Reflectors


Networking Requirements
The VPN with double reflectors is to choose two P devices in the same AS as the route reflectors. The two reflectors can back up each other and reflect the public network route and the VPNv4 route. The double reflector can improve the network reliability.

Issue 03 (2008-09-22)

Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd.

3-255

3 BGP/MPLS IP VPN Configuration

Quidway NetEngine80E/40E Core Router Configuration Guide - VPN

Figure 3-21 Networking diagram of the VPN with double reflectors


Loopback1 2.2.2.9/32 Loopback1 3.3.3.9/32 POS2/0/0 POS1/0/0 100.2.3.1/24 100.2.3.2/24 POS3/0/0 100.2.4.1/24

RR1
POS1/0/0 100.1.2.2/24 POS1/0/0 100.1.2.1/24 Loopback1 1.1.1.9/32

RR2
POS2/0/0 100.3.4.1/24 POS1/0/0 100.3.4.2/24 Loopback1 4.4.4.9/32

AS100

POS3/0/0 100.1.3.2/24

PE1

POS3/0/0 100.1.3.1/24 POS2/0/0 10.1.1.2/24 POS1/0/0 10.1.1.1/24

POS3/0/0 100.2.4.2/24 POS2/0/0 10.2.1.2/24 POS1/0/0 10.2.1.1/24

PE2

AS65410 CE1 CE2

AS65420

In Figure 3-21:
l l

PE1, PE2, RR1 and RR2 are located within the backbone network AS100. CE1 and CE2 belong to the vpna.

It is required to configure the RR1 and RR2 as the double reflectors.

Configuration Roadmap
The configuration roadmap is as follows: 1. 2. 3. 4. 5. Set up the MP-IBGP connection between the PE and the reflectors. (There is no need to set up the MP-IBGP connection between PEs.) Set up the EBGP connection between the PE and the CE. Configure the MPLS LSP on the public network tunnel and enable the MPLS LDP on the devices and interfaces along LSP. Configure the RR1 and RR2 to back up each other and configure the same reflector ID on them. Configure the RR1 and RR2 to restore all the VPNv4 routing information. Configure the ASBR-PE to receive all the VPNv4 routing information and not to filter the routing information according to the VPN-target.
NOTE

There must be at least two paths without shared network segments and nodes between the P device that works as the reflector and the PE device.

Data Preparation
To configure the double reflectors, you need the data for the VPN and BGP configuration.

3-256

Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd.

Issue 03 (2008-09-22)

Quidway NetEngine80E/40E Core Router Configuration Guide - VPN

3 BGP/MPLS IP VPN Configuration

Configuration Procedure
1. Configure IGP on the MPLS backbone network to interconnect the devices along the LSP In this example, OSPF is adopted and the detailed configuration is not mentioned here.
NOTE

The address of the loopback interface as the LSR ID should be advertised.

After the configuration, the devices along the LSP can learn the address of the loopback interface of each other. Consider the display on the PE1 as an example.
<PE1> display ip routing-table Route Flags: R - relied, D - download to fib -----------------------------------------------------------------------------Routing Tables: Public Destinations : 15 Routes : 17 Destination/Mask Proto Pre Cost Flags NextHop Interface 1.1.1.9/32 Direct 0 0 D 127.0.0.1 InLoopBack0 2.2.2.9/32 OSPF 10 2 D 100.1.2.2 Pos1/0/0 3.3.3.9/32 OSPF 10 2 D 100.1.3.2 Pos3/0/0 4.4.4.9/32 OSPF 10 3 D 100.1.3.2 Pos3/0/0 OSPF 10 3 D 100.1.2.2 Pos1/0/0 100.1.2.0/24 Direct 0 0 D 100.1.2.1 Pos1/0/0 100.1.2.1/32 Direct 0 0 D 127.0.0.1 InLoopBack0 100.1.2.2/32 Direct 0 0 D 100.1.2.2 Pos1/0/0 100.1.3.0/24 Direct 0 0 D 100.1.3.1 Pos3/0/0 100.1.3.1/32 Direct 0 0 D 127.0.0.1 InLoopBack0 100.1.3.2/32 Direct 0 0 D 100.1.3.2 Pos3/0/0 100.2.3.0/24 OSPF 10 2 D 100.1.3.2 Pos3/0/0 OSPF 10 2 D 100.1.2.2 Pos1/0/0 100.2.4.0/24 OSPF 10 2 D 100.1.2.2 Pos1/0/0 100.3.4.0/24 OSPF 10 2 D 100.1.3.2 Pos3/0/0 127.0.0.0/8 Direct 0 0 D 127.0.0.1 InLoopBack0 127.0.0.1/32 Direct 0 0 D 127.0.0.1 InLoopBack0

2.

Set up the LSP tunnel on the MPLS backbone network. Enable MPLS and the MPLS LDP on the devices and interfaces along the LSP. The detailed configuration is not mentioned here. After the configuration, run the display mpls ldp session command on the PE and RR. You can see that the "Session State" is "Operational" in the display. Consider the display on the PE1 and the RR1 as examples.
[PE1] display mpls ldp session LDP Session(s) in Public Network ---------------------------------------------------------------------Peer-ID Status LAM SsnRole SsnAge KA-Sent/Rcv ---------------------------------------------------------------------2.2.2.9:0 Operational DU Passive 000:00:01 8/8 3.3.3.9:0 Operational DU Passive 000:00:00 4/4 ---------------------------------------------------------------------TOTAL: 2 session(s) Found. LAM : Label Advertisement Mode SsnAge Unit : DDD:HH:MM [RR1] display mpls ldp session LDP Session(s) in Public Network ---------------------------------------------------------------------Peer-ID Status LAM SsnRole SsnAge KA-Sent/Rcv ---------------------------------------------------------------------1.1.1.9:0 Operational DU Active 000:00:02 11/11 3.3.3.9:0 Operational DU Passive 000:00:01 8/8 4.4.4.9:0 Operational DU Passive 000:00:00 4/4 ---------------------------------------------------------------------TOTAL: 3 session(s) Found. LAM : Label Advertisement Mode SsnAge Unit : DDD:HH:MM

3.
Issue 03 (2008-09-22)

Configure the VPN instance on the PE device.


Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd. 3-257

3 BGP/MPLS IP VPN Configuration

Quidway NetEngine80E/40E Core Router Configuration Guide - VPN

For the detailed configuration, see Example for Configuring BGP/MPLS IP VPN. 4. Setting up the EBGP peer relationship between the PE and the CE and importing the VPN route For the detailed configuration, see Example for Configuring BGP/MPLS IP VPN. 5. Setting up the MP-IBGP peer relationship between the PE and the reflectors # Configure PE1.
<PE1> system-view [PE1] bgp 100 [PE1-bgp] peer 2.2.2.9 as-number 100 [PE1-bgp] peer 2.2.2.9 connect-interface loopback 1 [PE1-bgp] peer 3.3.3.9 as-number 100 [PE1-bgp] peer 3.3.3.9 connect-interface loopback 1 [PE1-bgp] ipv4-family vpnv4 [PE1-bgp-af-vpnv4] peer 2.2.2.9 enable [PE1-bgp-af-vpnv4] peer 3.3.3.9 enable [PE1-bgp-af-vpnv4] quit

# Configure RR1.
<RR1> system-view [RR1] bgp 100 [RR1-bgp] group rr1 internal [RR1-bgp] peer rr1 connect-interface loopback 1 [RR1-bgp] ipv4-family vpnv4 [RR1-bgp-af-vpnv4] peer rr1 enable [RR1-bgp-af-vpnv4] peer 1.1.1.9 group rr1 [RR1-bgp-af-vpnv4] peer 3.3.3.9 group rr1 [RR1-bgp-af-vpnv4] peer 4.4.4.9 group rr1 [RR1-bgp-af-vpnv4] quit [RR1-bgp] quit

# Configure RR2.
<RR2> system-view [RR2] bgp 100 [RR2-bgp] group rr2 internal [RR2-bgp] peer rr2 connect-interface loopback 1 [RR2-bgp] ipv4-family vpnv4 [RR2-bgp-af-vpnv4] peer rr2 enable [RR2-bgp-af-vpnv4] peer 1.1.1.9 group rr2 [RR2-bgp-af-vpnv4] peer 2.2.2.9 group rr2 [RR2-bgp-af-vpnv4] peer 4.4.4.9 group rr2 [RR2-bgp-af-vpnv4] quit [RR2-bgp] quit

# Configure PE2. The configuration of PE2 is similar to that of PE1 and is not mentioned here. After the configuration, run the display bgp vpnv4 all peer command on the PE device. You can see that the IBGP peer relationship is set up between the PE and the reflectors. The status of the relationship is "Established". The EBGP peer relationship has been set up between the PE and the CE. Consider the display on the PE1 and RR1 as examples.
<PE1> display bgp vpnv4 all peer BGP local router ID : 1.1.1.9 Local AS number : 100 Total number of peers : 3 Peers in established state : 3 Peer V AS MsgRcvd MsgSent OutQ Up/Down State PrefRcv 2.2.2.9 4 100 2 4 0 00:00:31 Established 0 3.3.3.9 4 100 3 5 0 00:01:23 Established 0 Peer of vpn instance : vpn instance vpna : 10.1.1.1 4 65410 79 82 0 01:13:29 Established 0

6.
3-258

Configure the reflector function on RR1 and RR2


Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd. Issue 03 (2008-09-22)

Quidway NetEngine80E/40E Core Router Configuration Guide - VPN

3 BGP/MPLS IP VPN Configuration

# Configure RR1.
[RR1] bgp 100 [RR1-bgp] ipv4-family vpnv4 [RR1-bgp-af-vpnv4] reflector cluster-id 100 [RR1-bgp-af-vpnv4] peer rr1 reflect-client [RR1-bgp-af-vpnv4] undo policy vpn-target [RR1-bgp-af-vpnv4] quit

# Configure RR2.
[RR2] bgp 100 [RR2-bgp] ipv4-family vpnv4 [RR2-bgp-af-vpnv4] reflector cluster-id 100 [RR2-bgp-af-vpnv4] peer rr2 reflect-client [RR2-bgp-af-vpnv4] undo policy vpn-target [RR2-bgp-af-vpnv4] quit

7.

Verify the Configuration. On checking the VPN routing table on the PE, you can find the route to the remote CE. Consider the PE1 as an example.
<PE1> display ip routing-table vpn-instance vpna Route Flags: R - relied, D - download to fib -----------------------------------------------------------------------------Routing Tables: vpna Destinations : 5 Routes : 5 Destination/Mask Proto Pre Cost Flags NextHop Interface 10.1.1.0/24 Direct 0 0 D 10.1.1.2 Pos2/0/0 10.1.1.1/32 Direct 0 0 D 10.1.1.1 Pos2/0/0 10.1.1.2/32 Direct 0 0 D 127.0.0.1 InLoopBack0 10.2.1.0/24 BGP 255 0 RD 4.4.4.9 Pos3/0/0 10.2.1.1/32 BGP 255 0 RD 4.4.4.9 Pos3/0/0

CE1 and CE2 can ping each other successfully. It means that the reflectors are configured successfully. After the shutdown command is used on the POS 3/0/0 of the PE1 and the PE2 respectively, the CE1 and the CE2 can ping each other successfully. It means that the double reflectors are configured successfully.

Configuration Files
l

Configuration file of PE1


# sysname PE1 # ip vpn-instance vpna route-distinguisher 100:1 vpn-target 1:1 export-extcommunity vpn-target 1:1 import-extcommunity # mpls lsr-id 1.1.1.9 mpls lsp-trigger all # mpls ldp # interface Pos1/0/0 link-protocol ppp ip address 100.1.2.1 255.255.255.0 mpls mpls ldp # interface Pos2/0/0 link-protocol ppp ip binding vpn-instance vpna ip address 10.1.1.2 255.255.255.0 #

Issue 03 (2008-09-22)

Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd.

3-259

3 BGP/MPLS IP VPN Configuration


interface Pos3/0/0 link-protocol ppp ip address 100.1.3.1 255.255.255.0 mpls mpls ldp # interface LoopBack1 ip address 1.1.1.9 255.255.255.255 # bgp 100 peer 2.2.2.9 as-number 100 peer 2.2.2.9 connect-interface LoopBack1 peer 3.3.3.9 as-number 100 peer 3.3.3.9 connect-interface LoopBack1 # ipv4-family unicast undo synchronization peer 2.2.2.9 enable peer 3.3.3.9 enable # ipv4-family vpnv4 policy vpn-target peer 2.2.2.9 enable peer 3.3.3.9 enable # ipv4-family vpn-instance vpna peer 10.1.1.1 as-number 65410 import-route direct # ospf 1 area 0.0.0.0 network 1.1.1.9 0.0.0.0 network 100.1.2.0 0.0.0.255 network 100.1.3.0 0.0.0.255 # return l

Quidway NetEngine80E/40E Core Router Configuration Guide - VPN

Configuration file of RR1


# sysname RR1 # mpls lsr-id 2.2.2.9 mpls lsp-trigger all # mpls ldp # interface Pos1/0/0 link-protocol ppp ip address 100.1.2.2 255.255.255.0 mpls mpls ldp # interface Pos2/0/0 link-protocol ppp ip address 100.2.3.1 255.255.255.0 mpls mpls ldp # interface Pos3/0/0 link-protocol ppp ip address 100.2.4.1 255.255.255.0 mpls mpls ldp # interface LoopBack1 ip address 2.2.2.9 255.255.255.255 # bgp 100 peer 4.4.4.9 as-number 100

3-260

Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd.

Issue 03 (2008-09-22)

Quidway NetEngine80E/40E Core Router Configuration Guide - VPN


peer 1.1.1.9 as-number 100 peer 3.3.3.9 as-number 100 group rr1 internal peer rr1 connect-interface LoopBack1 # ipv4-family unicast undo synchronization undo peer 4.4.4.9 enable undo peer 1.1.1.9 enable undo peer 3.3.3.9 enable peer rr1 enable # ipv4-family vpnv4 reflector cluster-id 100 undo policy vpn-target peer rr1 enable peer rr1 reflect-client peer 1.1.1.9 enable peer 1.1.1.9 group rr1 peer 3.3.3.9 enable peer 3.3.3.9 group rr1 peer 4.4.4.9 enable peer 4.4.4.9 group rr1 # ospf 1 area 0.0.0.0 network 100.1.2.0 0.0.0.255 network 100.2.3.0 0.0.0.255 network 100.2.4.0 0.0.0.255 network 2.2.2.9 0.0.0.0 # return l

3 BGP/MPLS IP VPN Configuration

Configuration file of RR2


# sysname RR2 # mpls lsr-id 3.3.3.9 mpls lsp-trigger all # mpls ldp # interface Pos1/0/0 link-protocol ppp ip address 100.2.3.2 255.255.255.0 mpls mpls ldp # interface Pos2/0/0 link-protocol ppp ip address 100.3.4.1 255.255.255.0 mpls mpls ldp # interface Pos3/0/0 link-protocol ppp ip address 100.1.3.2 255.255.255.0 mpls mpls ldp # interface LoopBack1 ip address 3.3.3.9 255.255.255.255 # bgp 100 peer 4.4.4.9 as-number 100 peer 1.1.1.9 as-number 100 peer 2.2.2.9 as-number 100 group rr2 internal peer rr2 connect-interface LoopBack1

Issue 03 (2008-09-22)

Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd.

3-261

3 BGP/MPLS IP VPN Configuration


# ipv4-family unicast undo synchronization undo peer 4.4.4.9 enable undo peer 1.1.1.9 enable undo peer 2.2.2.9 enable peer rr2 enable # ipv4-family vpnv4 reflector cluster-id 100 undo policy vpn-target peer rr2 enable peer rr2 reflect-client peer 1.1.1.9 enable peer 1.1.1.9 group rr2 peer 2.2.2.9 enable peer 2.2.2.9 group rr2 peer 4.4.4.9 enable peer 4.4.4.9 group rr2 # ospf 1 area 0.0.0.0 network 100.2.3.0 0.0.0.255 network 100.3.4.0 0.0.0.255 network 100.1.3.0 0.0.0.255 network 3.3.3.9 0.0.0.0 # return l

Quidway NetEngine80E/40E Core Router Configuration Guide - VPN

Configuration file of PE2


# sysname PE2 # ip vpn-instance vpna route-distinguisher 100:1 vpn-target 1:1 export-extcommunity vpn-target 1:1 import-extcommunity # mpls lsr-id 4.4.4.9 mpls lsp-trigger all # mpls ldp # interface Pos1/0/0 link-protocol ppp ip address 100.3.4.2 255.255.255.0 mpls mpls ldp # interface Pos2/0/0 link-protocol ppp ip binding vpn-instance vpna ip address 10.2.1.2 255.255.255.0 # interface Pos3/0/0 link-protocol ppp ip address 100.2.4.2 255.255.255.0 mpls mpls ldp # interface LoopBack1 ip address 4.4.4.9 255.255.255.255 # bgp 100 peer 2.2.2.9 as-number 100 peer 2.2.2.9 connect-interface LoopBack1 peer 3.3.3.9 as-number 100 peer 3.3.3.9 connect-interface LoopBack1 #

3-262

Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd.

Issue 03 (2008-09-22)

Quidway NetEngine80E/40E Core Router Configuration Guide - VPN


ipv4-family unicast undo synchronization peer 2.2.2.9 enable peer 3.3.3.9 enable # ipv4-family vpnv4 policy vpn-target peer 3.3.3.9 enable peer 2.2.2.9 enable # ipv4-family vpn-instance vpna peer 10.2.1.1 as-number 65420 import-route direct # ospf 1 area 0.0.0.0 network 4.4.4.9 0.0.0.0 network 100.3.4.0 0.0.0.255 network 100.2.4.0 0.0.0.255 # return l

3 BGP/MPLS IP VPN Configuration

Configuration file of CE1


# sysname CE1 # interface Pos1/0/0 link-protocol ppp ip address 10.1.1.1 255.255.255.0 # bgp 65410 peer 10.1.1.2 as-number 100 # ipv4-family unicast undo synchronization peer 10.1.1.2 enable # return

Configuration file of CE2


# sysname CE2 # interface Pos1/0/0 link-protocol ppp ip address 10.2.1.1 255.255.255.0 # bgp 65420 peer 10.2.1.2 as-number 100 # ipv4-family unicast undo synchronization peer 10.2.1.2 enable # return

3.21.21 Example for Configuring VPN-Route Convergence Priorities


Networking Requirements
As shown in Figure 3-22, CE1 and CE2 belong to a VPN named vpna. The networking schemes are as follows:
Issue 03 (2008-09-22) Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd. 3-263

3 BGP/MPLS IP VPN Configuration


l l

Quidway NetEngine80E/40E Core Router Configuration Guide - VPN

Inter-AS VPN Option B is adopted. The path PE1 - ASBR1 - ASBR2 - PE2 is the primary link, while the path PE1 - ASBR3 ASBR4 - PE2 is the backup link. CE1 and CE2 can communicate.

If the primary link fails, data of vpna is preferentially switched to the backup link. Figure 3-22 Networking diagram for inter-AS VPN Option B
Loopback0 Loopback0

Loopback0

POS1/0/0

POS1/0/1 POS1/0/0

POS1/0/1

Loopback0 POS1/0/0

PE1

POS2/0/0

ASBR1 AS100

ASBR2 ASBR4

PE2

AS200 ASBR3
POS1/0/1 POS1/0/1 GE2/0/0

POS2/0/1 GE1/0/0

POS1/0/0

POS1/0/0

POS1/0/1

GE1/0/0

Loopback0

Loopback0

GE1/0/0

CE1

CE2

Device PE1 GE1/0/0 POS2/0/0 POS2/0/1 ASBR1 POS1/0/0 POS1/0/1 ASBR2 POS1/0/0 POS1/0/1 ASBR3 POS1/0/0 POS1/0/1 ASBR4 POS1/0/0 POS1/0/1 PE2 POS1/0/0 POS1/0/1 GE12/0/0 CE1 CE2

Interface Loopback0 10.1.1.2/24 100.1.1.1/30 100.1.2.1/30 Loopback0 100.1.1.2/30 100.1.3.1/30 Loopback0 100.1.3.2/30 100.1.5.1/30 Loopback0 100.1.2.2/30 100.1.4.1/30 Loopback0 100.1.4.2/30 100.1.6.1/30 Loopback0 100.1.5.2/30 100.1.6.2/30 10.1.2.2/24 GE1/0/0 GE1/0/0

IP address 1.1.1.1/32

2.2.2.2/32

3.3.3.3/32

4.4.4.4/32

5.5.5.5/32

6.6.6.6/32

10.1.1.1/24 10.1.2.1/24

3-264

Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd.

Issue 03 (2008-09-22)

Quidway NetEngine80E/40E Core Router Configuration Guide - VPN

3 BGP/MPLS IP VPN Configuration

Configuration Roadmap
The configuration roadmap is as follows: 1. 2. 3. 4. Configure inter-AS VPN Option B. Configure RD filters and routing policies for all the PEs and ASBRs on the primary link. Define convergence priorities for vpna. Apply the routing policy, which ensures vpna routes received from the local CE and vpna routes received from the peer PE with high priority, to the VPN instance of the PEs Apply the routing policy, which ensures vpna routes received from the intra-AS PE and vpna routes received from the neighboring ASBR with high priority, in the BGP VPNv4 view on the ASBRs.

Data Preparation
To complete the configuration, you need the following data:
l l l

MPLS LSR-ID of the PEs and the ASBRs Name of the VPN instance created on PE1 and PE2, RD, and VPN target Routing policy (EBGP in this example) that guides the route exchange between the PEs and the CEs Convergence priority for each VPN instance Name of the RD filter and the routing policy

l l

Configuration Procedure
1. Configure IGP on the MPLS backbone networks of AS100 and AS200 to ensure the PEs and the ASBRs can communicate. OSPF is adopted as the IGP protocol in this example. The detailed configuration is not mentioned here.
NOTE

During the configuration, advertise the 32-bit addresses of the loopback interfaces that serve as LSR IDs through OSPF.

After the configuration, run the display ospf peer command. You can view that the OSPF neighbor relationship is set up between the ASBRs and the PEs of the same AS, and the neighbor status is Full. The ASBRs and the PEs of the same AS can learn the loopback addresses from each other. In addition, the ASBRs and the PEs of the same AS can successfully ping each other. 2. Configure the basic MPLS capability and MPLS LDP on the MPLS backbone networks of AS100 and AS200 and set up MPLS LDP LSPs. # Configure the basic MPLS capability on PE1 and enable MPLS and MPLS LDP on the interfaces that connect ASBR1 and ASBR3.
<PE1> system-view [PE1] mpls lsr-id 1.1.1.1 [PE1] mpls [PE1-mpls] lsp-trigger all [PE1-mpls] quit [PE1] mpls ldp [PE1-mpls-ldp] quit [PE1] interface pos2/0/0 [PE1-Pos2/0/0] mpls

Issue 03 (2008-09-22)

Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd.

3-265

3 BGP/MPLS IP VPN Configuration


[PE1-Pos2/0/0] mpls ldp [PE1-Pos2/0/0] quit [PE1] interface pos2/0/1 [PE1-Pos2/0/1] mpls [PE1-Pos2/0/1] mpls ldp [PE1-Pos2/0/1] quit

Quidway NetEngine80E/40E Core Router Configuration Guide - VPN

# Perform the same configuration on all the ASBRs and PE2:


l

Configure the basic MPLS capability on ASBR1 and enable MPLS and MPLS LDP on the ASBR1 interface that connects PE1. Configure the basic MPLS capability on ASBR2 and enable MPLS and MPLS LDP on the ASBR2 interfaces that connects PE2. Configure the basic MPLS capability on ASBR3 and enable MPLS and MPLS LDP on the ASBR3 interfaces that connects PE1. Configure the basic MPLS capability on ASBR4 and enable MPLS and MPLS LDP on the ASBR4 interfaces that connects PE2. Configure the basic MPLS capability on PE2 and enable MPLS and MPLS LDP on the PE2 interfaces that connect ASBR2 and ASBR4.

The detailed configuration is not mentioned here. After the configuration, running the display mpls ldp session command on each device, you can view that the LDP session is set up between the PEs and the ASBRs of the same AS, and "Status" is Operational. Take PE1 as an example:
[PE1] display mpls ldp session LDP Session(s) in Public Network -------------------------------------------------------------------------Peer-ID Status LAM SsnRole SsnAge KA-Sent/Rcv -------------------------------------------------------------------------2.2.2.2:0 Operational DU Passive 000:01:02 17/17 4.4.4.4:0 Operational DU Passive 000:00:02 9/9 -------------------------------------------------------------------------TOTAL: 2 session(s) Found. LAM : Label Advertisement Mode SsnAge Unit : DDD:HH:MM

3.

Configure VPN instances for PE1 and PE2 and configure PE1 and PE2 to access CE1 and CE2. # Configure PE1 to set up the EBGP peer relationship with CE1.
[PE1] ip vpn-instance vpna [PE1-vpn-instance-vpna] route-distinguisher 100:1 [PE1-vpn-instance-vpna] vpn-target 1:1 both [PE1-vpn-instance-vpna] quit [PE1] interface gigabitethernet 1/0/0 [PE1-GigabitEthernet1/0/0] ip binding vpn-instance vpna [PE1-GigabitEthernet1/0/0] ip address 10.1.1.2 24 [PE1-GigabitEthernet1/0/0] quit [PE1] bgp 100 [PE1-bgp] ipv4-family vpn-instance vpna [PE1-bgp-vpna] peer 10.1.1.1 as-number 65000 [PE1-bgp-vpna] import-route direct [PE1-bgp-vpna] quit [PE1-bgp] quit

# Configure CE1.
<CE1> system-view [CE1] interface gigabitethernet 1/0/0 [CE1-GigabitEthernet1/0/0] ip address 10.1.1.1 24 [CE1-GigabitEthernet1/0/0] quit [CE1] bgp 65000 [CE1-bgp] peer 10.1.1.2 as-number 100 [CE1-bgp] import-route direct

3-266

Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd.

Issue 03 (2008-09-22)

Quidway NetEngine80E/40E Core Router Configuration Guide - VPN


[CE1-bgp] quit
NOTE

3 BGP/MPLS IP VPN Configuration

The configuration on CE2 and PE2 is similar to that on CE1 and PE1, and is not mentioned here. Route distinguisher (RD) on PE2 is configured as 100:2.

After the configuration, run the display bgp vpnv4 vpn-instance vpn-instance-name peer command. You can view that the BGP peer relationship is set up between the PEs and the CEs, and the peer status is Established. Take PE1 as an example:
[PE1] display bgp vpnv4 vpn-instance vpna peer BGP local router ID : 1.1.1.1 Local AS number : 100 Total number of peers : 1 Peers in established state : 1 Peer V AS MsgRcvd MsgSent OutQ Up/Down State PrefRcv 10.1.1.1 4 65000 10 10 0 00:07:10 Established 0

4.

Set up the MP-IBGP peer relationship between the PEs and the ASBRs of the same AS. # Configure PE1 to set up the MP-IBGP peer relationship with ASBR1 and ASBR3.
[PE1] bgp 100 [PE1-bgp] peer 2.2.2.2 as-number 100 [PE1-bgp] peer 2.2.2.2 connect-interface loopback 0 [PE1-bgp] peer 4.4.4.4 as-number 100 [PE1-bgp] peer 4.4.4.4 connect-interface loopback 0 [PE1-bgp] ipv4-family vpnv4 [PE1-bgp-af-vpnv4] peer 2.2.2.2 enable [PE1-bgp-af-vpnv4] peer 4.4.4.4 enable [PE1-bgp-af-vpnv4] quit

# Configure ASBR1 to set up the MP-IBGP peer relationship with PE1. The configuration on ASBR3 and ASBR1 is similar to that on ASBR1, and is not mentioned here.
<ASBR1> system-view [ASBR1] bgp 100 [ASBR1-bgp] peer 1.1.1.1 as-number 100 [ASBR1-bgp] peer 1.1.1.1 connect-interface loopback 0 [ASBR1-bgp] ipv4-family vpnv4 [ASBR1-bgp-af-vpnv4] peer 1.1.1.1 enable [ASBR1-bgp-af-vpnv4] quit [ASBR1-bgp] quit
NOTE

The configuration on PE2, ASBR2, and ASBR4 is similar to that on PE1, ASBR1, and ASBR3, and is not mentioned here.

After the configuration, run the display bgp vpnv4 all peer command. You can view that the BGP peer relationship is set up between the PEs and the CEs, and between the PEs and the ASBRs, and the peer status is Established. Take PE1 as an example:
[PE1] display bgp vpnv4 all peer BGP local router ID : 1.1.1.1 Local AS number : 100 Total number of peers : 3 Peer V AS MsgRcvd 2.2.2.2 4 100 8 0 4.4.4.4 4 100 3 0 Peer of vpn instance: vpn instance vpna : 10.1.1.1 4 65000 13

Peers in established state : 3 MsgSent OutQ Up/Down State PrefRcv 19 0 00:32:36 Established 7 0 00:01:36 Established

13

0 00:04:00 Established

5.

Configure the ASBRs of the inter-AS VPN Option B. # On ASBR1, enalbe MPLS on the interface that connects ASBR1 and ASBR2.
[ASBR1] interface pos 1/0/1

Issue 03 (2008-09-22)

Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd.

3-267

3 BGP/MPLS IP VPN Configuration


[ASBR1-Pos1/0/1] ip address 100.1.3.1 30 [ASBR1-Pos1/0/1] mpls [ASBR1-Pos1/0/1] quit

Quidway NetEngine80E/40E Core Router Configuration Guide - VPN

# On ASBR1, set up the MP-EBGP peer relationship with ASBR2 and disable the VPNtarget filtration on received IPv4 VPN routes.
[ASBR1] bgp 100 [ASBR1-bgp] peer 100.1.3.2 as-number 200 [ASBR1-bgp] ipv4-family vpnv4 [ASBR1-bgp-af-vpnv4] peer 100.1.3.2 enable [ASBR1-bgp-af-vpnv4] undo policy vpn-target [ASBR1-bgp-af-vpnv4] quit [ASBR1-bgp] quit
NOTE

The configuration on ASBR2, ASBR3, and ASBR4 is similar to that on ASBR1, and is not mentioned here.

After the configuration, run the display bgp vpnv4 all routing-table command on the ASBRs. You can view the IPv4 VPN routes on the ASBRs. Take ASBR1 as an example:
[ASBR1] display bgp vpnv4 all routing-table BGP Local router ID is 2.2.2.2 Status codes: * - valid, > - best, d - damped, h - history, i - internal, s - suppressed, S - Stale Origin : i - IGP, e - EGP, ? - incomplete Total number of routes from all PE: 4 Route Distinguisher: 100:1 Network NextHop MED LocPrf PrefVal Path/Ogn *>i 10.1.1.0/24 1.1.1.1 0 100 0 ? *>i 10.1.1.1/32 1.1.1.1 0 100 0 ? Route Distinguisher: 100:2 Network NextHop MED LocPrf PrefVal Path/Ogn *> 10.1.2.0/24 100.1.3.2 0 200? *> 10.1.2.1/32 100.1.3.2 0 200?

The CEs can learn the routes from each other. Take CE1 as an example:
[CE1] display ip routing-table Route Flags: R - relied, D - download to fib -----------------------------------------------------------------------------Routing Tables: Public Destinations : 5 Routes : 5 Destination/Mask Proto Pre Cost Flags NextHop Interface 10.1.1.0/24 Direct 0 0 D 10.1.1.1 GigabitEthernet1/0/0 10.1.1.1/32 Direct 0 0 D 127.0.0.1 InLoopBack0 10.1.2.0/24 BGP 255 0 D 10.1.1.2 GigabitEthernet1/0/0 127.0.0.0/8 Direct 0 0 D 127.0.0.1 InLoopBack0 127.0.0.1/32 Direct 0 0 D 127.0.0.1 InLoopBack0

CE1 and CE2 can successfully ping each other. 6. Configure RD filters and routing policies. # Configure RD filters and routing policies on PE1, PE2, ASBR1, and ASBR2. Configure the convergence priority of the IPv4 VPN routes that match the RD filter to 2. (By default, the convergence priority of the VPNv4 route is 0.) The configuration on PE2 is similar to that on PE1, and is not mentioned here. # Configure PE1.
<PE1> system-view [PE1] ip rd-filter 1 permit 100:1 100:2 [PE1] route-policy policy1 permit node 1 [PE1-route-policy] if-match rd-filter 1

3-268

Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd.

Issue 03 (2008-09-22)

Quidway NetEngine80E/40E Core Router Configuration Guide - VPN


[PE1-route-policy] apply convergence-priority 2

3 BGP/MPLS IP VPN Configuration

# Configure ASBR1.
<ASBR1> system-view [ASBR1] ip rd-filter [ASBR1] route-policy [ASBR1-route-policy] [ASBR1-route-policy] [ASBR1-route-policy] [ASBR1] ip rd-filter [ASBR1] route-policy [ASBR1-route-policy] [ASBR1-route-policy] 1 permit 100:1 policy1 permit node 1 if-match rd-filter 1 apply convergence-priority 2 quit 2 permit 100:2 policy2 permit node 1 if-match rd-filter 2 apply convergence-priority 2

# Configure ASBR2.
<ASBR2> system-view [ASBR2] ip rd-filter [ASBR2] route-policy [ASBR2-route-policy] [ASBR2-route-policy] [ASBR2-route-policy] [ASBR2] ip rd-filter [ASBR2] route-policy [ASBR2-route-policy] [ASBR2-route-policy] 1 permit 100:1 policy1 permit node 1 if-match rd-filter 1 apply convergence-priority 2 quit 2 permit 100:2 policy2 permit node 1 if-match rd-filter 2 apply convergence-priority 2

7.

Apply the routing policy on PE1, PE2, ASBR1 and ASBR2. # Apply the import routing policy in the VPN instance view on PE1.
[PE1] ip vpn-instance vpna [PE1-vpn-instance-vpna] import route-policy policy1

# Apply the import routing policy in the BGP VPNv4 address family view on ASBR1.
[ASBR1] bgp 100 [ASBR1-bgp] ipv4-family vpnv4 [ASBR1-bgp-af-vpnv4] peer 1.1.1.1 route-policy policy1 import [ASBR1-bgp-af-vpnv4] peer 100.1.3.2 route-policy policy2 import

# Apply the import routing policy in the BGP VPNv4 address family view on ASBR2.
[ASBR2] bgp 200 [ASBR2-bgp] ipv4-family vpnv4 [ASBR2-bgp-af-vpnv4] peer 100.1.3.1 route-policy policy1 import [ASBR2-bgp-af-vpnv4] peer 6.6.6.6 route-policy policy2 import

# Apply the import routing policy in the VPN instance view on PE2.
[PE2] ip vpn-instance vpna [PE2-vpn-instance-vpna] import route-policy policy1

8.

Verify the configuration. You can view the convergence priority of the VPN in the VPNv4 routing table of ASBR1 and ASBR2.
<ASBR2> display bgp vpnv4 all routing-table 10.1.1.0 Total routes of Route Distinguisher(100:1): 1 BGP routing table entry information of 10.1.1.0/24: Label information (Received/Applied): 15360/15362 From: 100.1.3.1 (100.1.3.1) Original nexthop: 1100.1.3.1 Ext-Community: <1 : 1> Convergence Priority: 2 AS-path Nil, origin incomplete, MED 0, localpref 100, pref-val 0, valid, internal, best, pre 255 Advertised to such 1 peers: 6.6.6.6 <ASBR2> display bgp vpnv4 all routing-table 10.1.2.0 Total routes of Route Distinguisher(100:2): 1 BGP routing table entry information of 10.1.2.0/24: Label information (Received/Applied): 15360/15362 From: 6.6.6.6 (6.6.6.6)

Issue 03 (2008-09-22)

Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd.

3-269

3 BGP/MPLS IP VPN Configuration

Quidway NetEngine80E/40E Core Router Configuration Guide - VPN

Original nexthop: 6.6.6.6 Ext-Community: <1 : 1> Convergence Priority: 2 AS-path Nil, origin incomplete, MED 0, localpref 100, pref-val 0, valid, internal, best, pre 255 Advertised to such 1 peers: 100.1.3.1

Configuration Files
l

Configuration file of PE1


# sysname PE1 # ip vpn-instance vpna route-distinguisher 100:1 import route-policy policy1 vpn-target 1:1 export-extcommunity vpn-target 1:1 import-extcommunity # mpls lsr-id 1.1.1.1 mpls lsp-trigger all # mpls ldp # interface GigabitEthernet1/0/0 ip binding vpn-instance vpna ip address 10.1.1.2 255.255.255.0 # interface Pos2/0/0 link-protocol ppp ip address 100.1.1.1 255.255.255.252 mpls mpls ldp # interface Pos2/0/1 link-protocol ppp ip address 100.1.2.1 255.255.255.252 mpls mpls ldp # interface LoopBack0 ip address 1.1.1.1 255.255.255.255 # bgp 100 peer 2.2.2.2 as-number 100 peer 2.2.2.2 connect-interface LoopBack0 peer 4.4.4.4 as-number 100 peer 4.4.4.4 connect-interface LoopBack0 # ipv4-family unicast undo synchronization peer 2.2.2.2 enable peer 4.4.4.4 enable # ipv4-family vpnv4 policy vpn-target peer 2.2.2.2 enable peer 4.4.4.4 enable # ipv4-family vpn-instance vpna peer 10.1.1.1 as-number 65000 import-route direct # ospf 1 area 0.0.0.0 network 1.1.1.1 0.0.0.0 network 100.1.1.0 0.0.0.255

3-270

Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd.

Issue 03 (2008-09-22)

Quidway NetEngine80E/40E Core Router Configuration Guide - VPN


network 100.1.2.0 0.0.0.255 # route-policy policy1 permit node 1 if-match rd-filter 1 apply convergence-priority 2 # ip rd-filter 1 permit 100:1 100:2 # return l

3 BGP/MPLS IP VPN Configuration

Configuration file of ASBR1


# sysname ASBR1 # mpls lsr-id 2.2.2.2 mpls lsp-trigger all # mpls ldp # interface Pos1/0/0 link-protocol ppp ip address 100.1.1.2 255.255.255.252 mpls mpls ldp # interface Pos1/0/1 link-protocol ppp ip address 100.1.3.1 255.255.255.252 mpls # interface LoopBack0 ip address 2.2.2.2 255.255.255.255 # bgp 100 peer 1.1.1.1 as-number 100 peer 1.1.1.1 connect-interface LoopBack0 peer 100.1.3.2 as-number 200 # ipv4-family unicast undo synchronization peer 1.1.1.1 enable peer 100.1.3.2 enable # ipv4-family vpnv4 undo policy vpn-target peer 1.1.1.1 enable peer 1.1.1.1 route-policy policy1 import peer 100.1.3.2 enable peer 100.1.3.2 route-policy policy1 import # ospf 1 area 0.0.0.0 network 2.2.2.2 0.0.0.0 network 100.1.1.0 0.0.0.255 # route-policy policy1 permit node 1 if-match rd-filter 1 apply convergence-priority 2 route-policy policy2 permit node 1 if-match rd-filter 2 apply convergence-priority 2 # ip rd-filter 1 permit 100:1 ip rd-filter 2 permit 100:2 # return

Configuration file of ASBR2


#

Issue 03 (2008-09-22)

Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd.

3-271

3 BGP/MPLS IP VPN Configuration

Quidway NetEngine80E/40E Core Router Configuration Guide - VPN

sysname ASBR2 # mpls lsr-id 3.3.3.3 mpls lsp-trigger all # mpls ldp # interface Pos1/0/0 link-protocol ppp ip address 100.1.3.2 255.255.255.252 mpls # interface Pos1/0/1 link-protocol ppp ip address 100.1.5.1 255.255.255.252 mpls mpls ldp # # interface LoopBack0 ip address 3.3.3.3 255.255.255.255 # bgp 200 peer 6.6.6.6 as-number 200 peer 6.6.6.6 connect-interface LoopBack0 peer 100.1.3.1 as-number 100 # ipv4-family unicast undo synchronization peer 6.6.6.6 enable peer 100.1.3.1 enable # ipv4-family vpnv4 undo policy vpn-target peer 6.6.6.6 enable peer 6.6.6.6 route-policy policy2 import peer 100.1.3.1 enable peer 100.1.3.1 route-policy policy1 import # ospf 1 area 0.0.0.0 network 3.3.3.3 0.0.0.0 network 100.1.5.0 0.0.0.255 # route-policy policy1 permit node 1 if-match rd-filter 1 apply convergence-priority 2 route-policy policy2 permit node 1 if-match rd-filter 2 apply convergence-priority 2 # ip rd-filter 1 permit 100:1 ip rd-filter 2 permit 100:2 # return l

Configuration file of ASBR3


# sysname ASBR3 # mpls lsr-id 4.4.4.4 mpls lsp-trigger all # mpls ldp # interface Pos1/0/0 link-protocol ppp ip address 100.1.2.2 255.255.255.252

3-272

Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd.

Issue 03 (2008-09-22)

Quidway NetEngine80E/40E Core Router Configuration Guide - VPN


mpls mpls ldp # interface Pos1/0/1 link-protocol ppp ip address 100.1.4.1 255.255.255.252 mpls # interface LoopBack0 ip address 4.4.4.4 255.255.255.255 # bgp 100 peer 1.1.1.1 as-number 100 peer 1.1.1.1 connect-interface LoopBack0 peer 100.1.4.2 as-number 200 # ipv4-family unicast undo synchronization peer 1.1.1.1 enable peer 100.1.4.2 enable # ipv4-family vpnv4 undo policy vpn-target peer 1.1.1.1 enable peer 100.1.4.2 enable # ospf 1 area 0.0.0.0 network 4.4.4.4 0.0.0.0 network 100.1.2.0 0.0.0.255 # return l

3 BGP/MPLS IP VPN Configuration

Configuration file of ASBR4


# sysname ASBR4 # mpls lsr-id 5.5.5.5 mpls lsp-trigger all # mpls ldp # interface Pos1/0/0 link-protocol ppp ip address 100.1.4.2 255.255.255.252 mpls # interface Pos1/0/1 link-protocol ppp ip address 100.1.6.1 255.255.255.252 mpls mpls ldp # interface LoopBack0 ip address 5.5.5.5 255.255.255.255 # bgp 200 peer 6.6.6.6 as-number 200 peer 6.6.6.6 connect-interface LoopBack0 peer 100.1.4.1 as-number 100 # ipv4-family unicast undo synchronization peer 6.6.6.6 enable peer 100.1.4.1 enable # ipv4-family vpnv4 undo policy vpn-target peer 6.6.6.6 enable

Issue 03 (2008-09-22)

Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd.

3-273

3 BGP/MPLS IP VPN Configuration


peer 100.1.4.1 enable # ospf 1 area 0.0.0.0 network 5.5.5.5 0.0.0.0 network 100.1.6.0 0.0.0.255 # return l

Quidway NetEngine80E/40E Core Router Configuration Guide - VPN

Configuration file of PE2


# sysname PE2 # ip vpn-instance vpna route-distinguisher 100:2 import route-policy policy1 vpn-target 1:1 export-extcommunity vpn-target 1:1 import-extcommunity # mpls lsr-id 6.6.6.6 mpls lsp-trigger all # mpls ldp # interface Pos1/0/0 link-protocol ppp ip address 100.1.5.2 255.255.255.252 mpls mpls ldp # interface Pos1/0/1 link-protocol ppp ip address 100.1.6.2 255.255.255.252 mpls mpls ldp # interface GigabitEthernet2/0/0 ip binding vpn-instance vpna ip address 10.1.2.2 255.255.255.0 # interface LoopBack0 ip address 6.6.6.6 255.255.255.255 # bgp 200 peer 3.3.3.3 as-number 200 peer 3.3.3.3 connect-interface LoopBack0 peer 5.5.5.5 as-number 200 peer 5.5.5.5 connect-interface LoopBack0 # ipv4-family unicast undo synchronization peer 3.3.3.3 enable peer 5.5.5.5 enable # ipv4-family vpnv4 policy vpn-target peer 3.3.3.3 enable peer 5.5.5.5 enable # ipv4-family vpn-instance vpna peer 10.1.2.1 as-number 65000 import-route direct # ospf 1 area 0.0.0.0 network 6.6.6.6 0.0.0.0 network 100.1.5.0 0.0.0.255 network 100.1.6.0 0.0.0.255 #

3-274

Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd.

Issue 03 (2008-09-22)

Quidway NetEngine80E/40E Core Router Configuration Guide - VPN


route-policy policy1 permit node 1 if-match rd-filter 1 apply convergence-priority 2 # ip rd-filter 1 permit 100:1 100:2 # return l

3 BGP/MPLS IP VPN Configuration

Configuration file of CE1


# sysname CE1 # interface GigabitEthernet1/0/0 ip address 10.1.1.1 255.255.255.0 # bgp 65000 peer 10.1.1.2 as-number 100 # ipv4-family unicast undo synchronization import-route direct peer 10.1.1.2 enable # return

Configuration file of CE2


# sysname CE2 # interface GigabitEthernet1/0/0 ip address 10.1.2.1 255.255.255.0 # bgp 65000 peer 10.1.2.2 as-number 200 # ipv4-family unicast undo synchronization import-route direct peer 10.1.2.2 enable # return

Issue 03 (2008-09-22)

Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd.

3-275

Quidway NetEngine80E/40E Core Router Configuration Guide - VPN

4 BGP/MPLS IPv6 VPN Configuration

BGP/MPLS IPv6 VPN Configuration

About This Chapter


This chapter describes the principle, application and configuration for BGP MPLS IPv6 VPN. 4.1 Overview This section describes the principle and concepts of the BGP/MPLS IPv6 VPN 4.2 Configuring IPv6 VPN Instances This section describes how to configure an IPv6 VPN instance for VPN. 4.3 Configuring Basic BGP/MPLS IPv6 VPN This section describes how to configure basic BGP/MPLS IPv6 VPN. 4.4 Configuring Hub&Spoke This section describes how to configure Hub&Spoke. 4.5 Configuring Inter-AS IPv6 VPN-Option A This section describes how to configure inter-AS IPv6 VPN-Option A. 4.6 Configuring Inter-AS IPv6 VPN-Option B This section describes how to configure inter-AS IPv6 VPN-Option B. 4.7 Configuring Inter-AS IPv6 VPN-Option C This section describes how to configure inter-AS IPv6 VPN-Option C. 4.8 Configuring Carrier's Carrier This section describes how to deploy VPN in the carrier's carrier network. 4.9 Configuring Route Reflection for BGP IPv6 VPN Routes This section describes how to configure the IPv6 VPN BGP route reflection. 4.10 Maintaining BGP/MPLS IPv6 VPN This section describes how to maintain BGP/MPLS IPv6 VPN. 4.11 Configuration Examples This section provides several configuration examples.

Issue 03 (2008-09-22)

Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd.

4-1

4 BGP/MPLS IPv6 VPN Configuration

Quidway NetEngine80E/40E Core Router Configuration Guide - VPN

4.1 Overview
This section describes the principle and concepts of the BGP/MPLS IPv6 VPN 4.1.1 Introduction to BGP/MPLS IPv6 VPN 4.1.2 BGP/MPLS IPv6 VPN Features Supported by the NE80E/40E

4.1.1 Introduction to BGP/MPLS IPv6 VPN


As an enhancement of IPv4, IPv6 is an Internet protocol of the next generation. IPv6 provides the more address spaces and enhanced security functions, and supports more access users and devices in the Internet than IPv4. The Virtual Private Network (VPN) is a virtual private communication network built over public networks such as the Internet. Users located in different areas can exchange data through the public networks. The difference between the IPv4 VPN and IPv6 VPN lies in the type of the packets, that is, IPv4 packets or IPv6 packets, sent from the CE to the PE. At present, IPv6 VPN services are implemented over the IPv4 backbone network of the SP. In this case, the PE must support the IPv4/IPv6 dual stack operations because the backbone network is an IPv4 network and the client sites use the IPv6 address family, as shown in Figure 4-1. Any network protocol that can bear IPv6 traffic can run between the CEs and the PEs. PE interfaces connected to the client run IPv6; PE interfaces connected to the public network run IPv4. Figure 4-1 Schematic diagram of the IPv6 VPN over the IPv4 public network
IPv4 VPN backbone P PE P PE PE CE IPv6 VPN site

CE IPv6 VPN site

CE IPv6 VPN site

Through the Multiprotocol Extensions for Border Gateway Protocol version 4 (MP BGPv4), the IPv6 VPN advertises IPv6 VPN routing information in the backbone network, triggers MPLS to allocate labels for IPv6 packets to mark the packets, and uses LSPs to transmit private network data in the backbone network. The implementation principle of an IPv6 VPN is similar to that of a BGP/MPLS IP VPN. Currently, the NE80E/40E supports the following IPv6 VPN networking schemes:
4-2 Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd. Issue 03 (2008-09-22)

Quidway NetEngine80E/40E Core Router Configuration Guide - VPN


l l l l l

4 BGP/MPLS IPv6 VPN Configuration

Intranet VPN Extranet VPN Hub&Spoke Inter-AS VPN (both inter-AS and multi-AS backbones) Carriers' Carrier

For description about these networking schemes, refer to the chapter "BGP/MPLS IP VPN Configuration" in this manual.

4.1.2 BGP/MPLS IPv6 VPN Features Supported by the NE80E/40E


Basic Networking
The NE80E/40E supports the VPN route exchange between PEs through MP-IBGP. To ensure that a PE and a CE can exchange routes, you can configure the static route, RIPng multi-instance, IS-IS multi-instance, or BGP4+. The NE80E/40E uses VPN targets to control the transmission of VPN routes; thus, multiple VPN networking topologies. Generally, LSPs or MPLS TE tunnels are configured as the tunnels of VPN backbone networks. If PEs support MPLS functions and Ps support IP functions rather than MPLS functions, GRE tunnels can be configured.

Typical Networking
The NE80E/40E supports the following typical VPN networking:
l

Inter-AS VPN If a VPN backbone network span multiple ASs, the inter-AS VPN must be configured. The inter-AS VPN is classified into Option A, Option B, and Option C.

Carrier's carrier If a carrier's network has multiple ASs and requires other carriers' networks to complete a backbone network, the networking of carrier's carrier can be deployed.

Reliability
To improve the reliability of a VPN, generally, the following networking modes are adopted.
l

The backbone network is an MPLS network, in which the devices on the backbone layer are fully connected. The devices on the backbone layer are generally connected through high-speed interfaces. If the number of PEs is large, use the BGP route reflector to reflect IPv6 VPN routes to decrease the number of MP IBGP connections. The convergence layer is of either a mesh topology or a ring topology. The dual-homed CE or multi-homed CE is configured on the access layer.

l l

4.2 Configuring IPv6 VPN Instances


This section describes how to configure an IPv6 VPN instance for VPN. 4.2.1 Establishing the Configuration Task
Issue 03 (2008-09-22) Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd. 4-3

4 BGP/MPLS IPv6 VPN Configuration

Quidway NetEngine80E/40E Core Router Configuration Guide - VPN

4.2.2 Creating an IPv6 VPN Instance 4.2.3 Configuring Route Related Attributes of an IPv6 VPN Instance 4.2.4 Configuring MPLS Label Allocation Based on the IPv6 VPN Instance 4.2.5 Checking the Configuration

4.2.1 Establishing the Configuration Task


Applicable Environment
The IPv6 VPN instance is used to isolate the IPv6 VPN routes and the public routes. In all the BGP/MPLS IPv6 VPN networking scenarios, you should configure IPv6 VPN instances. Similar to the IPv4 VPN instance, the IPv6 VPN instance implements isolation of address spaces through the RD, and controls VPN membership and routing rules through the VPN-Target attribute. To control the advertisement of IPv6 VPN routes more accurately with the VPN target attribute, use import and export routing policies. The import routing policy is used to filter the routes imported to the VPN instance. The export routing policy is used to filter the routes exported to other PEs.

Pre-configuration Tasks
Before configuring an IPv6 VPN instance, complete the following tasks:
l l

Enable IPv6 Configure routing policies if required

Data Preparation
To configure IPv6 VPN instances, you need the following data. No. 1 2 3 4 5 Data Name and RD of the IPv6 VPN instance Description of the IPv6 VPN instance (optional) VPN-Target The maximum number of routes allowed by the IPv6 VPN instance (optional) Routing policy that controls the receiving and sending of IPv6 VPN routes (optional)

4.2.2 Creating an IPv6 VPN Instance


Context
Do as follows on the routers.
4-4 Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd. Issue 03 (2008-09-22)

Quidway NetEngine80E/40E Core Router Configuration Guide - VPN

4 BGP/MPLS IPv6 VPN Configuration

Procedure
Step 1 Run:
system-view

The system view is displayed. Step 2 Run:


ipv6 vpn6-instance vpn6-instance-name

An IPv6 VPN instance is created and the IPv6 VPN instance view is displayed. Step 3 Run:
route-distinguisher route-distinguisher

The RD for the IPv6 VPN instance is configured. An IPv6 VPN instance takes effect only after the RD is configured. Before configuring the RD, you may configure only the description for the IPv6 VPN instance. Step 4 Run:
description description-information

The description for the IPv6 VPN instance is configured. This step is optional. This describes the relationship between an IPv6 VPN instance and a certain IPv6 VPN. You should set the appropriate description for the IPv6 VPN instance. ----End

4.2.3 Configuring Route Related Attributes of an IPv6 VPN Instance


Context
Do as follows on the routers.

Procedure
Step 1 Run:
system-view

The system view is displayed. Step 2 Run:


ipv6 vpn6-instance vpn6-instance-name

The IPv6 VPN instance view is displayed. Step 3 Run:


vpn-target vpn-target &<1-8> [ both | export-extcommunity | import-extcommunity ]

An IPv6 VPN-Target extended community is created for the IPv6 VPN instance. You can configure a maximum of eight IPv6 VPN-Targets with a command and a maximum of 16 IPv6 VPN-Targets for an IPv6 VPN instance.
Issue 03 (2008-09-22) Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd. 4-5

4 BGP/MPLS IPv6 VPN Configuration

Quidway NetEngine80E/40E Core Router Configuration Guide - VPN

Step 4 Run:
routing-table limit number { alert-percent | simply-alert }

The maximum number of routes of the IPv6 VPN instance is configured. This step is optional. You can define the maximum number of routes that can be supported by an IPv6 VPN instance to avoid a PE importing too many routes of the IPv6 VPN instance. The maximum number of routes supported by a PE varies with the product. Step 5 Run:
import route-policy policy-name

An import routing policy is created. This step is optional. Step 6 Run:


export route-policy policy-name

An export routing policy is created. This step is optional. ----End

4.2.4 Configuring MPLS Label Allocation Based on the IPv6 VPN Instance
Context
Do as follows on the routers.

Procedure
Step 1 Run:
system-view

The system view is displayed. Step 2 Run:


ipv6 vpn6-instance vpn6-instance-name

The IPv6 VPN instance view is displayed. Step 3 Run:


apply-label per-instance

The label is allocated based on VPN instance. That is, all the routes in an IPv6 VPN instance use the same label. The MPLS labels are generally allocated on a one label per route basis. When the number of routes becomes more, the Incoming Label Map (ILM) of a router needs to maintain more insegment entries accordingly. This puts a higher requirement for the capacity of the router.
4-6 Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd. Issue 03 (2008-09-22)

Quidway NetEngine80E/40E Core Router Configuration Guide - VPN

4 BGP/MPLS IPv6 VPN Configuration

The NE80E/40E provides the feature of the MPLS label allocation based on the IPv6 VPN instance, that is, one label per IPv6 VPN instance. All the routes of an IPv6 VPN instance share the same label. ----End

4.2.5 Checking the Configuration


Run the following commands to check the previous configuration. Action Check detailed information about the IPv6 VPN instance. Check brief information about the IPv6 VPN instance. Command display ipv6 vpn6-instance verbose vpn6instance-name display ipv6 vpn6-instance brief vpn6-instancename

Run the display ipv6 vpn6-instance brief command. If brief information including the RD and creating time about the VPN instance is displayed, it means the configuration succeeds. For example:
<Quidway> display ipv6 vpn6-instance brief vpn1 VPN6-Instance Name RD vpn1 1:1 Creation Time 2006/11/20 14:41:28

Run the display ipv6 vpn6-instance verbose command. If detailed information including creating date, period during which the VPN instance is Up, the RD value, VPN target, and the policy for label allocation about the VPN instance is displayed, it means the configuration succeeds. For example:
<Quidway> display ipv6 vpn6-instance verbose vpn1 VPN6-Instance Name and ID: vpn1, 1 Create date: 2006/11/20 14:41:28 Up time: 0 days, 00 hours, 11 minutes and 00 seconds Route Distinguisher: 1:1 Label policy: label per route Tunnel Policy: policy1 Interfaces: GigabitEthernet1/0/0

4.3 Configuring Basic BGP/MPLS IPv6 VPN


This section describes how to configure basic BGP/MPLS IPv6 VPN. 4.3.1 Establishing the Configuration Task 4.3.2 Configuring an IPv6 VPN Instance 4.3.3 Binding an IPv6 VPN Instance with an Interface 4.3.4 Configuring MP-IBGP Between PEs 4.3.5 Configuring a Routing Protocol Between PE and CE 4.3.6 Checking the Configuration
Issue 03 (2008-09-22) Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd. 4-7

4 BGP/MPLS IPv6 VPN Configuration

Quidway NetEngine80E/40E Core Router Configuration Guide - VPN

4.3.1 Establishing the Configuration Task


Applicable Environment
The BGP/MPLS IPv6 VPN networking mentioned in this section involves only a carrier and an MPLS backbone network (not inter-provider), and LSP serves as the public tunnel. The functions of the PE, the P and the CE are simple. None of them serves as both the PE and the CE. Certain special BGP/MPLS IPv6 VPN networking scenarios such as, inter-provider VPN and Carrier's Carrier need additional configurations. For more information, see the related sections in this chapter. When configuring the BGP/MPLS IPv6 VPN, management of the advertisement of VPN routes on the MPLS backbone networks is a key task, including the management of routes advertisement between the PE and the CE, and between the PEs. For the route exchange between the PE and the CE, you can configure static routes, RIPng multiinstance, IS-ISv6 multi-instance or BGP4+ according to the networking situations. The MPIBGP is adopted between the PEs.

Pre-configuration Tasks
Before configuring basic BGP/MPLS IPv6 VPN, complete the following tasks:
l l l l l

Enabling IPv6 on the PEs Configuring IGP for the MPLS backbone network (PE, P) to implement IP connectivity Configuring the basic MPLS capabilities for the MPLS backbone network (PE, P) Configuring the tunnels between PEs (LSP, GRE or MPLS TE) Configuring the IPv6 addresses for the CE interface attached to PE

Data Preparation
To configure basic BGP/MPLS IPv6 VPN, you need the following data. No. 1 Data including: To configure an IPv6 VPN instance, you need the following data:
l l l l

Name and RD of the IPv6 VPN instance Description of the IPv6 VPN instance (optional) VPN Target Routing policy that controls the receiving and sending of IPv6 VPN routes (optional) The maximum number of routes allowed by the IPv6 VPN instance (optional)

2 3 4

IPv6 addresses of the PE interfaces attached to the CE IPv6 addresses of the CE interfaces attached to the PE Routing protocol between the PE and the CE, such as static route, RIPng, IS-ISv6, or BGP4+
Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd. Issue 03 (2008-09-22)

4-8

Quidway NetEngine80E/40E Core Router Configuration Guide - VPN

4 BGP/MPLS IPv6 VPN Configuration

No. 5 6

Data AS number of the PE IP address and interface of the PE to establish the BGP peers

4.3.2 Configuring an IPv6 VPN Instance


Context
For the details, see configuring IPv6 VPN Instances.

4.3.3 Binding an IPv6 VPN Instance with an Interface


Context
Do as follows on the PE devices connected with CE devices.

Procedure
Step 1 Run:
system-view

The system view is displayed. Step 2 Run:


interface interface-type interface-number

The interface view is displayed. Step 3 Run:


ipv6 enable

The IPv6 function is enabled on the interface. Step 4 Run:


ipv6 binding vpn6-instance vpn6-instance-name

The interface is bound with the IPv6 VPN instance.


NOTE

Running the ipv6 binding vpn6-instance command deletes the Layer 3 features such as IPv6 address and IPv6 routing protocols. They need to be re-configured if required.

After the interface connected with CE is bound with the IPv6 VPN instance, the interface becomes a private-network interface. The packets received on the interface are forwarded based on the forwarding information of the IPv6 VPN instance. ----End

4.3.4 Configuring MP-IBGP Between PEs


Issue 03 (2008-09-22) Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd. 4-9

4 BGP/MPLS IPv6 VPN Configuration

Quidway NetEngine80E/40E Core Router Configuration Guide - VPN

Context
Do as follows on the PE devices connected with CE devices.

Procedure
Step 1 Run:
system-view

The system view is displayed. Step 2 Run:


bgp as-number

The BGP view is displayed. Step 3 Run:


peer peer-ipv4-address as-number as-number

The remote PE is specified as the peer. Step 4 Run:


peer peer--address connect-interface loopback interface-number

The interface is used to set up TCP connections. Step 5 Run:


ipv6-family vpnv6

The BGP IPv6 VPN address family view is displayed. Step 6 Run:
peer peer-ipv4-address enable

The VPN-IPv6 routing exchange on the peer is enabled. ----End

4.3.5 Configuring a Routing Protocol Between PE and CE


Context
Choose one of the following configurations as required:
l l l l

Configuring BGP4+ Between PE and CE Configuring Static Routes Between PE and CE Configuring RIPng Between PE and CE Configuring IS-ISv6 Between PE and CE

Procedure
l Configuring BGP4+ Between PE and CE Configuring PE 1. Run:
system-view

4-10

Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd.

Issue 03 (2008-09-22)

Quidway NetEngine80E/40E Core Router Configuration Guide - VPN

4 BGP/MPLS IPv6 VPN Configuration

The system view is displayed. 2. Run:


bgp as-number

The BGP view is displayed. 3. Run:


ipv6-family vpn6-instance vpn6-instance-name

The BGP IPv6 VPN instance view is displayed. 4. Run:


peer peer-ipv6-address as-number number

The CE is specified as an IPv6 VPN peer. 5. Run:


peer { ipv6-address | group-name } ebgp-max-hop [ number ]

The maximum hop of the EBGP peer is configured. This step is optional. Generally, the EBGP peers have directly connected physical links between each other. If not, you must use the peer ebgp-max-hop command to permit the EBGP peers to set up the TCP connection through multiple hops. 6. Run:
import-route direct [ med value | route-policy policy-name ]*

The routes to the local CE are imported. The PE must import the routes of the local CEs into the IPv6 VPN routing table and advertise them to the peer PE. The type of routes to be imported in Step 6 may be different. 7. Run:
peer peer-ipv6-address allow-as-loop [ number ]

Routing loop is allowed. This step is optional. Step 7 applies to the Hub and Spoke networking. The BGP uses the AS number to detect a routing loop. In the case of Hub and Spoke networking, however, if EBGP runs between the PE and the CE at the Hub site, the Hub-PE carries the local AS number when advertising routes to the Hub-CE. Therefore, the PE denies the subsequent update from the Hub-CE, because it contains the local AS number. To ensure proper transmission of routes in the Hub and Spoke scenario, configure all the BGP peers along the path, used for the Hub-CE to advertise private network routes to the Spoke-CE, to accept the routes which have the AS number repeated once. 8. Run:
peer peer-ipv6-address substitute-as

The function of substituting AS numbers of BGP is enabled. This step is optional.


Issue 03 (2008-09-22) Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd. 4-11

4 BGP/MPLS IPv6 VPN Configuration

Quidway NetEngine80E/40E Core Router Configuration Guide - VPN

Step 8 is used for the networking scenario where physically dispersed CEs use the same AS number. The configuration is run on the PE. Configuring CE 1. Run:
system-view

The system view is displayed. 2. Run:


bgp as-number

The BGP view is displayed. 3. Run:


router-id ipv4-address

The router ID is configured. This step is optional. If the CE device has no interface configured with an IPv4 address, configure a router ID. 4. Run:
peer peer-ipv6-address as-number as-number

The PE is specified as the peer. 5. Run:


ipv6-family unicast

The BGP-IPv6 address family view is displayed. 6. Run:


peer peer-ipv6-address enable

The exchange of BGP routes with the peer is enabled. 7. Run:


peer { ipv6-address | group-name } ebgp-max-hop [ number ]

The maximum hop of the EBGP peer is configured. This step is optional. Generally, the EBGP peers have directly connected physical links between each other. If not, you must use the peer ebgp-max-hop command to permit the EBGP peers to set up the TCP connection through multiple hops. 8. Run:
import-route { direct | static | ripng process-id | ospfv3 process-id | isis process-id } [ med value | route-policy policy-name ]*

The address of the VPN network segment is advertised to the connected PE, and then is advertised by the PE to the peer CE. The type of the imported route varies with networking modes. l Configuring Static Routes Between PE and CE The configurations on the CE is the same as the ordinary IPv6 static routes and are not mentioned here.
4-12 Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd. Issue 03 (2008-09-22)

Quidway NetEngine80E/40E Core Router Configuration Guide - VPN


NOTE

4 BGP/MPLS IPv6 VPN Configuration

For the detailed configuration about the IPv6 static route, refer to the Quidway NetEngine80E/40E Router Configuration Guide - IP Routing.

1.

Run:
system-view

The system view is displayed. 2. Run:


ipv6 route-static vpn6-instance vpn6-instance-name dest-ipv6-address masklength { interface-type interface-number [ nexthop-ipv6-address ] | vpn6instance vpn6-destination-name nexthop-ipv6-address | nexthop-ipv6address [ public ] } [ preference value ] [ tag tag ] [ description text ]

The static route is configured for the IPv6 VPN instance. 3. Run:
bgp as-number

The BGP view is displayed. 4. Run:


ipv6-family vpn6-instance vpn6-instance-name

The BGP-IPv6-VPN instance view is displayed. 5. Run:


import-route static [ med value ] [ route-policy policy-name ]

The configured static route is imported to the routing table of BGP-IPv6-VPN instance. l Configuring RIPng Between PE and CE The configurations on the CE are similar to the configuration of common RIPng and are not mentioned here.
NOTE

For the detailed configuration about RIPng, refer to the Quidway NetEngine80E/40E Router Configuration Guide IP Routing Volume.

Do as follows on the PE. 1. Run:


system-view

The system view is displayed. 2. Run:


ripng process-id vpn6-instance vpn6-instance-name

A RIPng instance is created between PE and CE and the RIPng view is displayed. A RIPng multi-instance process can only belong to on IPv6 VPN instance. If a RIPng process is not bound to an IPv6 VPN instance when the process is enabled, the process is classified as a public network process. If only one RIPng process (including public network process and multi-instance process) is run on a router, you need not specify process-id, that is, the default process ID 1 is adopted. 3. Run:
import-route bgp [ cost value ] [ route-policy policy-name ]

Issue 03 (2008-09-22)

Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd.

4-13

4 BGP/MPLS IPv6 VPN Configuration

Quidway NetEngine80E/40E Core Router Configuration Guide - VPN

The BGP routes are imported. After the execution of the import-route bgp command in the RIPng view, the PE imports the VPN-IPv6 routes learnt from the remote PE into the RIPng and further advertises them to its CE. 4. Run:
quit

Return to the system view. 5. Run:


interface interface-type interface-number

The interface view of interface connecting CE is displayed. 6. Run:


ripng process-id enable

RIPng is configured on the interface. 7. Run:


quit

Return to the system view. 8. Run:


bgp as-number

The BGP view is displayed. 9. Run:


ipv6-family vpn6-instance vpn6-instance-name

The BGP-IPv6-VPN instance view is displayed. 10. Run:


import-route ripng process-id [ med value ] [ route-policy policy-name ]

The RIP routes are imported into the routing table of BGP-IPv6 VPN instance. After the running of the import-route ripng command in the BGP-IPv6 VPN view, the PE imports the RIPng routes learnt from its CE into BGP, forms them into VPNIPv6 routes and advertise them to the peer PE. l Configuring IS-ISv6 Between PE and CE You can configure the common IS-ISv6 on the CE. The configurations on CE are not mentioned here.
NOTE

For the detailed configuration about IS-ISv6, refer to the Quidway NetEngine80E/40E Router Configuration Guide - IP Routing.

Do as follows on the PE. 1. Run:


system-view

The system view is displayed. 2. Run:


isis process-id vpn6-instance vpn6-instance-name

4-14

Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd.

Issue 03 (2008-09-22)

Quidway NetEngine80E/40E Core Router Configuration Guide - VPN

4 BGP/MPLS IPv6 VPN Configuration

The IS-IS instance between the PE and the CE is created and the IS-IS view is displayed. An IS-IS multi-instance process can only belong to on IPv6 VPN instance. If an ISIS process is not bound to an IPv6 VPN instance when the process is enabled, the process is classified as a public network process. If only one IS-IS process (including public network process and multi-instance process) is run on a router, you need not specify process-id, that is, the default process ID 1 is adopted. 3. Run:
network-entity net

The Network Entity Title (NET) is configured. The NET defines the system ID of the router and the address of the local IS-IS area. A maximum of three NETs can be configured for a process on a router. 4. (Optional) Run:
is-level { level-1 | level-1-2 | level-2 }

The level of the router is configured. By default, the level of a router is level-1-2. 5. Run:
ipv6 enable

IPv6 is enabled for the IS-IS process. IPv6 can be enabled for an IS-IS process only after IPv6 is enabled in the system view. 6. Run:
import-route bgp [ cost value ] [ cost-type { external | internal } ] [ level-1 | level-1-2 | level-2 ] [ route-policy policy-name ] [ tag tagvalue ]

The BGP route is imported. 7. Run:


quit

Return to the system view. 8. Run:


interface interface-type interface-number

The interface view is displayed. 9. Run:


isis ipv6 enable [ process-id ]

IS-IS IPv6 is enabled on the interface. 10. Run:


quit

Return to the system view. 11. Run:


bgp as-number

The BGP view is displayed.


Issue 03 (2008-09-22) Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd. 4-15

4 BGP/MPLS IPv6 VPN Configuration

Quidway NetEngine80E/40E Core Router Configuration Guide - VPN

12. Run:
ipv6-family vpn6-instance vpn6-instance-name

The BGP IPv6 VPN instance view is displayed. 13. Run:


import-route isis process-id [ med med ] [ route-policy policy-name ]

The IS-IS route is installed to the BGP IPv6 VPN routing table. ----End

4.3.6 Checking the Configuration


Run the following commands to check the previous configuration. Action View the routing table of the specified IPv6 VPN instance on PE. View the routing table on CE. Command display ipv6 routing-table vpn6-instance vpn6instance-name display ipv6 routing-table

Run the display ipv6 routing-table vpn6-instance vpn6-instance-name command. If the VPN routes related to the CE are displayed, it means the configuration succeeds. Run the display ipv6 routing-table command. If the routes to the peer CE are displayed on the CE, it means the configuration succeeds.

4.4 Configuring Hub&Spoke


This section describes how to configure Hub&Spoke. 4.4.1 Establishing the Configuration Task 4.4.2 Creating IPv6 VPN Instances 4.4.3 Configuring Route Related Attributes of an IPv6 VPN Instance 4.4.4 Binding an IPv6 VPN Instance with an Interface 4.4.5 Configuring MP-IBGP Between Hub-PE and Spoke-PE 4.4.6 Configuring Routing Between PE and CE 4.4.7 Checking the Configuration

4.4.1 Establishing the Configuration Task


Applicable Environment
If it is required that all the users must access to a central access control device, the Hub&Spoke networking is adopted. In the Hub&spoke network, all the Spoke stations communicate through the Hub station.
4-16 Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd. Issue 03 (2008-09-22)

Quidway NetEngine80E/40E Core Router Configuration Guide - VPN

4 BGP/MPLS IPv6 VPN Configuration

Pre-configuration Tasks
Before configuring basic Hub&Spoke, complete the following tasks:
l l

Configuring IGP on PE devices and P devices in the MPLS backbone network Configuring basic MPLS capability on PE devices and P devices in the MPLS backbone network Configuring the tunnels between the PE devices Configuring the IPv6 addresses, through which the CE devices access the PE devices, on the CE devices

l l

Data Preparation
To configure Hub&Spoke, you need the following data. No. 1 Data To configure an IPv6 VPN instance, you need the following data:
l l l l

Name and RD of the IPv6 VPN instance Description of the IPv6 VPN instance (optional) VPN Target Routing policy that controls the receiving and sending of IPv6 VPN routes (optional) The maximum number of routes allowed by the IPv6 VPN instance (optional)

2 3 4

IPv6 addresses of the PE interfaces attached to the CE IPv6 addresses of the CE interfaces attached to the PE Data for the configurations of routing protocols (static route, RIPng, IS-ISv6, or BGP4+) between Hub-PE and Hub-CE, and between Spoke-PE and Spoke-CE

4.4.2 Creating IPv6 VPN Instances


Context
Configure the IPv6 VPN instance on each Spoke-PE and Hub-PE. Every Spoke-PE is configured with an IPv6 VPN instance, while each Hub-PE is configured with the following two IPv6 VPN instances (VPN-spoke and VPN-hub):
l l

VPN-spoke: It receives and maintains all the VPN-IPv6 routes. VPN-hub: It maintains the routes of all the Hub stations and Spoke stations and advertises those routes to all the Spoke-PEs.
NOTE

Step 1 to 6 describes how to configure an IPv6 VPN instance. Different IPv6 VPN instances on a device are different in names, RDs, and description.

Issue 03 (2008-09-22)

Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd.

4-17

4 BGP/MPLS IPv6 VPN Configuration

Quidway NetEngine80E/40E Core Router Configuration Guide - VPN

Procedure
Step 1 Run:
system-view

The system view is displayed. Step 2 Run:


ipv6 vpn6-instance vpn6-instance-name

An IPv6 VPN instance is created and the IPv6 VPN instance view is displayed. Step 3 Run:
route-distinguisher route-distinguisher

The RD is configured for the IPv6 VPN instance. An IPv6 VPN instance takes effect only after the RD is configured. Before configuring the RD, you may configure only the description for the IPv6 VPN instance. Step 4 Run:
description description-information

The description for the IPv6 VPN instance is configured. This step is optional. This describes the relationship between an IPv6 VPN instance and a certain IPv6 VPN. You should set the appropriate description for the IPv6 VPN instance. Step 5 Run:
apply-label per-instance

The label is allocated based on IPv6 VPN instance. That is, all the routes in a VPN instance use the same label. This step is optional. The MPLS labels are generally allocated on one label per route. The NE80E/40E provides the feature of the MPLS label allocation based on the VPN instance, that is, one label per VPN instance. All the routes of a VPN instance share the same label. Step 6 Run:
routing-table limit number { alert-percent | simply-alert }

The maximum number of routes of the IPv6 VPN instance is configured. This step is optional. You can define the maximum number of routes that can be supported by an IPv6 VPN instance to avoid a PE importing too many routes of the IPv6 VPN instance. The maximum number of routes supported by a PE varies with the product. ----End

4.4.3 Configuring Route Related Attributes of an IPv6 VPN Instance


Procedure
l
4-18

Configuring Hub-PE
Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd. Issue 03 (2008-09-22)

Quidway NetEngine80E/40E Core Router Configuration Guide - VPN

4 BGP/MPLS IPv6 VPN Configuration

1.

Run
system-view

The system view is displayed. 2. Run


ipv6 vpn6-instance vpn6-instance-name1

The IPv6 VPN instance view of VPN-spoke is displayed. 3. Run


vpn-target vpn-target1 &<1-8> import-extcommunity

The VPN target extended community for the IPv6 VPN instance is created. The VPNIPv6 routes advertised by all the Spoke-PEs are imported. vpn-target1 lists the export community attribute of vpn-target advertised by all the Spoke-PEs. 4. Run
import route-policy policy-name

The import routing policy of the IPv6 VPN instance is configured. This step is optional. 5. Run
export route-policy policy-name

The export routing policy of the VPN instance is configured. This step is optional. 6. Run
quit

Return to the system view. 7. Run


ipv6 vpn6-instance vpn6-instance-name2

The IPv6 VPN instance view of the VPN Hub is displayed. 8. Run
vpn-target vpn-target2 &<1-8> export-extcommunity

The VPN target extended community is configured to advertise the routes of all the Hub stations and Spoke stations. vpn-target2 is a list that contains all the import VPN targets of all the Spoke-PEs. 9. Run
import route-policy policy-name

The import routing policy of the IPv6 VPN instance is configured. This step is optional. 10. Run
export route-policy policy-name

The export routing policy of the IPv6 VPN instance is configured. This step is optional. l Configuring Spoke-PE 1. Run
system-view

The system view is displayed.


Issue 03 (2008-09-22) Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd. 4-19

4 BGP/MPLS IPv6 VPN Configuration

Quidway NetEngine80E/40E Core Router Configuration Guide - VPN

2.

Run
ipv6 vpn6-instance vpn6-instance-name

The IPv6 VPN instance view of the VPN Spoke is displayed. 3. Run
vpn-target vpn-target2 &<1-8> import-extcommunity

The VPN target extended community for the VPN instance is created. The VPN-IPv6 routes advertised by the Hub-PE are imported. vpn-target2 is the export community attribute of vpn-target advertised by the HubPE. 4. Run
vpn-target vpn-target1 &<1-8> export-extcommunity

The VPN target extended community for the VPN instance is created. The IPv6 routes of stations the Spoke-PE accesses are advertised. 5. Run
import route-policy policy-name

The import routing policy of the IPv6 VPN instance is configured. This step is optional. 6. Run
export route-policy policy-name

The export routing policy of the IPv6 VPN instance is configured. This step is optional. ----End

4.4.4 Binding an IPv6 VPN Instance with an Interface


Context
The configuration on the Hub-PE involves two interfaces or sub-interfaces: one is bound with the VPN Spoke and receives the routes advertised by the Spoke-PE; the other is bound with the VPN-Hub and advertises the routes of the Hub and all the Spokes. Do as follows on the Hub-PE and all the Spoke-PEs.

Procedure
Step 1 Run
system-view

The system view is displayed. Step 2 Run


interface interface-type interface-number

The interface view is displayed. Step 3 Run


ipv6 enable

The IPv6 function is enabled on the interface.


4-20 Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd. Issue 03 (2008-09-22)

Quidway NetEngine80E/40E Core Router Configuration Guide - VPN

4 BGP/MPLS IPv6 VPN Configuration

Step 4 Run
ipv6 binding vpn6-instance vpn6-instance-name

The interface is bound with the IPv6 VPN instance.


NOTE

Running the ipv6 binding vpn6-instance command deletes the Layer 3 features such as IPv6 address and IPv6 routing protocols. They need to be re-configured if required.

After the interface connected with CE is bound with the IPv6 VPN instance, the interface becomes a private-network interface. The packets received on the interface are forwarded based on the forwarding information of the IPv6 VPN instance. ----End

4.4.5 Configuring MP-IBGP Between Hub-PE and Spoke-PE


Context
The Hub-PE must set up the MP-IBGP peer with all the Spoke-PEs. Spoke-PEs need not set up the MP-IBGP peer between each other. Do as follows on the Hub-PE and the Spoke-PE.

Procedure
Step 1 Run
system-view

The system view is displayed. Step 2 Run


bgp as-number

The BGP view is displayed. Step 3 Run


peer peer-ipv4-address as-number as-number

The remote PE is specified as the peer. Step 4 Run


peer peer-ipv4-address connect-interface loopback interface-number

The interface to set up the TCP connection is specified. Step 5 Run


ipv6-family vpnv6

The BGP IPv6 VPN address family view is displayed. Step 6 Run
peer peer-ipv4-address enable

The VPN-IPv6 routing information is exchanged between the peers. ----End


Issue 03 (2008-09-22) Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd. 4-21

4 BGP/MPLS IPv6 VPN Configuration

Quidway NetEngine80E/40E Core Router Configuration Guide - VPN

4.4.6 Configuring Routing Between PE and CE


Context
The Hub-PE and the Hub-CE can exchange routes in the following ways:
l

Configuring EBGP between the Hub-PE and the Hub-CE In this way, BGP4+, RIPng multi-instance, IS-ISv6 multi-instance or static routes can be adopted between the Spoke-PE and the Spoke-CE. To set up the EBGP peer between the Hub-PE and the Hub-CE, run the peer ipv6address allow-as-loop [ number ] command in the BGP-IPv6-VPN instance view to allow the routing loop.

Configuring IGP between the Hub-PE and the Hub-CE In this way, instead of BGP4+, RIPng multi-instance, IS-ISv6 multi-instance or static routes are adopted between the Spoke-PE and the Spoke-CE.

Configuring static routes between the Hub-PE and the Hub-CE If the Hub-CE uses the default route to access the Hub-PE, to advertise the default route to all the Spoke-PEs, do as follows on the Hub-PE:

Run the ipv6 route-static vpn6-instance vpn6-instance-name :: 0 nexthop-address command in the system view. vpn6-instance-name refers to the VPN-Hub. Run the network :: 0 command in the BGP-IPv6-VPN address family to advertise the default route to all the Spoke-PEs through MP-BGP.

Choose one of the preceding methods as required. For detailed configurations, see Configuring a Routing Policy Between PE and CE.

4.4.7 Checking the Configuration


Run the following commands to check the previous configuration. Action Check routing information about the VPN Spoke on the Hub-PE. Check routing information about the VPN Hub on the Hub-PE. Check routing information on the Hub-CE and all the Spoke-CEs. Command display ipv6 routing-table vpn6-instance vpn6-instance-name display ipv6 routing-table vpn6-instance vpn6-instance-name display ipv6 routing-table

Run the preceding commands. If the routing table of the VPN Spoke has routes to all the Spoke stations, and the routing table of the VPN Hub has routes to the Hub and all the Spoke stations, it means the configuration succeeds. Additionally, Hub-CE and all the Spoke-CEs have routes to the Hub and all the Spoke stations.
4-22 Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd. Issue 03 (2008-09-22)

Quidway NetEngine80E/40E Core Router Configuration Guide - VPN

4 BGP/MPLS IPv6 VPN Configuration

4.5 Configuring Inter-AS IPv6 VPN-Option A


This section describes how to configure inter-AS IPv6 VPN-Option A. 4.5.1 Establishing the Configuration Task 4.5.2 Configuring Inter-AS IPv6 VPN Option A 4.5.3 Checking the Configuration

4.5.1 Establishing the Configuration Task


Applicable Environment
If the MPLS backbone network bearing the VPN-IPv6 routes cross multiple ASs, you must configure the inter-AS VPNs. The inter-AS VPN-Option A is convenient to implement and is suitable when certain VPNs and VPN-IPv6 routes are configured on the PE. In VPN-Option A, the Autonomous System Boundary Routers (ASBRs) must support the IPv6 VPN instances and can manage IPv6 routes. In addition, the ASBRs must reserve special interfaces including sub-interfaces and physical interfaces for each inter-AS IPv6 VPN. Option A, therefore, requires high performance of the ASBRs. No inter-AS configuration is needed on the ASBRs.

Pre-configuration Tasks
Before configuring the IPv6 VPN-Option A, complete the following tasks:
l

Configuring IGP for MPLS backbone networks in each AS to realize IP connectivity of the backbones in one AS Enabling MPLS on the PEs and the ASBR PEs Setting up the LSP tunnelbetween the PE and the ASBR PE in the same AS Configuring the IPv6 address for the CE interface connected the PE Configuring the IPv6 address of the CE interface through which the CE accesses the PE

l l l l

Data Preparation
To configure inter-AS IPv6 VPN-Option A, you need the following data:

Issue 03 (2008-09-22)

Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd.

4-23

4 BGP/MPLS IPv6 VPN Configuration

Quidway NetEngine80E/40E Core Router Configuration Guide - VPN

No. 1

Data To configure the VPN instance on the PE and the ASBR PE, you need the following data:
l l l l

Name and RD of the IPv6 VPN instance Description of the IPv6 VPN instance (optional) VPN Target Routing policy that controls the receiving and sending of IPv6 VPN routes (optional) Tunnel policy (optional) The maximum number of routes allowed by the IPv6 VPN instance (optional)

l l

2 3 4 5 6

IPv6 addresses of the PE interfaces attached to the CE AS number of the PE IPv6 addresses of the interfaces connected the ASBR PEs Routing protocol adopted between the PE and the CE: static route, RIPng, IS-ISv6 or BGP4+ IPv4 addresses and interfaces between the PE and ASBR PE to establish the MPIBGP peers

4.5.2 Configuring Inter-AS IPv6 VPN Option A


Context
Inter-AS IPv6 VPN-Option A is easy to deploy. When the amount of the IPv6 VPNs and the VPN-IPv6 routes on the PE is small, the Option A can be adopted. The configurations of the inter-AS VPN-Option A are as follows:
l l l

Configuring Basic BGP/MPLS IPv6 VPN on each AS Configuring ASBR-PE by considering the peer ASBR-PE as its CE Configuring IPv6 VPN instances for the PE and the ASBR-PE separately The VPN instance for PE is used to access CE; that for ASBR-PE is used to access its peer ASBR-PE.
NOTE

In inter-AS VPN-Option A mode, for the same IPv6 VPN, the VPN targets of IPv6 VPN instance on ASBRPE and the PE must be matched in an AS. This is not required for the PEs in different ASs.

4.5.3 Checking the Configuration


Run the following commands to check the previous configuration.

4-24

Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd.

Issue 03 (2008-09-22)

Quidway NetEngine80E/40E Core Router Configuration Guide - VPN

4 BGP/MPLS IPv6 VPN Configuration

Action Check information about the BGP peers on the PE or the ASBR PE. Check the VPN-IPv6 routes on the PE or the ASBR-PE. Check the VPN routing table on the PE or the ASBR PE.

Command display bgp vpnv6 all peer display bgp vpnv6 all routing-table display ipv6 routing-table vpn6-instance [ vpn6instance-name ]

Run the display bgp vpnv6 all peer command. If the BGP IPv6 VPN peer relationship between the ASBR-PE and the PE is "Established", it means the configuration succeeds. Run the display bgp vpnv6 all routing-table command. If the VPN-IPv6 routes of the ASBRPE are displayed, it means the configuration succeeds. Running the display ipv6 routing-table vpn6-instance command, you can view IPv6 VPN routes in the VPN routing table of the PE and the ASBR PE.

4.6 Configuring Inter-AS IPv6 VPN-Option B


This section describes how to configure inter-AS IPv6 VPN-Option B. 4.6.1 Establishing the Configuration Task 4.6.2 Configuring MP-IBGP Between PE and ASBR PE 4.6.3 Configuring MP-EBGP Between ASBR PEs 4.6.4 Controlling the Receiving and Sending of VPN Routes 4.6.5 Storing Information About the IPv6 VPN Instance on the ASBR PEs 4.6.6 Configuring Routing Between PE and CE 4.6.7 Checking the Configuration

4.6.1 Establishing the Configuration Task


Applicable Environment
If the MPLS backbone network bearing VPN-IPv6 routes crosses multiple ASs, the inter-AS VPN is needed. If the ASBR can manage VPN-IPv6 routes, however, there are no enough interfaces for each inter-AS IPv6 VPN, the inter-AS VPN-Option B is adopted. In this option, the ASBR is involved in maintaining and advertising VPN-IPv6 routes.

Pre-configuration Tasks
Before configuring inter-AS IPv6 VPN-Option B, complete the following tasks:
Issue 03 (2008-09-22) Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd. 4-25

4 BGP/MPLS IPv6 VPN Configuration


l

Quidway NetEngine80E/40E Core Router Configuration Guide - VPN

Configuring IGP for MPLS backbone networks in each AS to realize IP connectivity of the backbones in one AS Configuring basic MPLS capability for the MPLS backbone network Configuring MPLS LDP to establish LDP LSP for the MPLS backbone network Creating an IPv6 VPN Instance on the PE devices connected with the CE devices and Binding an IPv6 VPN Instance with an Interface Configuring the IPv6 addresses of the CE interfaces through which the CE accesses the PE

l l l

Data Preparation
To configure inter-AS IPv6 VPN-Option B, you need the following data: No. 1 Data To configure the VPN instance on the PE, you need the following data:
l l l l

Name and RD of the IPv6 VPN instance Description of the IPv6 VPN instance (optional) VPN Target Routing policy that controls the receiving and sending of IPv6 VPN routes (optional) The maximum number of routes allowed by the IPv6 VPN instance (optional)

2 3 4 5 6

IPv6 addresses of the PE interfaces attached to the CE AS number of the PE IPv4 addresses of the interfaces connected the ASBR PEs Routing protocol adopted between the PE and the CE: static route, RIPng, IS-ISv6 or BGP4+ IPv4 addresses and interfaces setting up the MP-IBGP peer between the PE and the ASBR PE

4.6.2 Configuring MP-IBGP Between PE and ASBR PE


Context
Do as follows on the PE and the ASBR PE in the same AS.

Procedure
Step 1 Run
system-view

The system view is displayed. Step 2 Run:


bgp as-number

4-26

Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd.

Issue 03 (2008-09-22)

Quidway NetEngine80E/40E Core Router Configuration Guide - VPN

4 BGP/MPLS IPv6 VPN Configuration

The BGP view is displayed. Step 3 Run


peer peer-ipv4-address as-number as-number

The peer ASBR PE is specified as the IBGP peer. Step 4 Run


peer peer-ipv4-address connect-interface loopback interface-number

The address of the loopback interface is specified as the source address of the BGP session. Step 5 Run
ipv6-family vpnv6

The BGP IPv6 VPN address family is displayed. Step 6 Run


peer peer-ipv4-address enable

The exchange of VPN-IPv6 routes with the peer PE or the ASBR PE is enabled. ----End

4.6.3 Configuring MP-EBGP Between ASBR PEs


Context
Do as follows on the ASBR PE.

Procedure
Step 1 Run
system-view

The system view is displayed. Step 2 Run


interface interface-type interface-number

The view of the interface connected with the ASBR PE interface is displayed. Step 3 Run
ip address ipv4-address { mask | mask-length }

The IPv4 address of the interface is configured. Step 4 Run


mpls

MPLS is enabled on the interface. Step 5 Run


quit

Return to the system view. Step 6 Run


bgp as-number

Issue 03 (2008-09-22)

Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd.

4-27

4 BGP/MPLS IPv6 VPN Configuration

Quidway NetEngine80E/40E Core Router Configuration Guide - VPN

The BGP view is displayed. Step 7 Run


peer peer-ipv4-address as-number as-number

The peer ASBR PE is specified as the EBGP peer. Step 8 Run


ipv6-family vpnv6

The BGP IPv6 VPN address family is displayed. Step 9 Run


peer peer-address enable

The exchange of VPN-IPv6 routes with the peer ASBR PE is enabled. ----End

4.6.4 Controlling the Receiving and Sending of VPN Routes


Context
There are several methods for controlling the receiving and sending of VPN routes on the ASBR PE. Without VPN Target Filtering is one for controlling the receiving and sending of VPN routes. Do as follows on the ASBR PE.

Procedure
Step 1 Run
system-view

The system view is displayed. Step 2 Run


bgp as-number

The BGP view is displayed. Step 3 Run


ipv6-family vpnv6

The BGP IPv6 VPN address family is displayed. Step 4 Run


undo policy vpn-target

The VPN-IPv6 routes are not filtered by the VPN target. By default, the PE performs VPN target filtering on the received VPN-IPv6 routes. The routes passing the filter is added to the routing table, and the others are discarded. If the PE is not configured with IPv6 VPN instance, or the IPv6 VPN instance is not configured with the VPNTarget, the PE discards all the received VPN-IPv6 routes. In the inter-AS VPN-Option B mode, if the ASBR-PE does not store information about the IPv6 VPN instance, the ASBR-PE must save all the VPN-IPv6 routing information and advertise it
4-28 Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd. Issue 03 (2008-09-22)

Quidway NetEngine80E/40E Core Router Configuration Guide - VPN

4 BGP/MPLS IPv6 VPN Configuration

to the peer ASBR-PE. In this case, the ASBR-PE should receive all the VPN-IPv6 routing information without the VPN-Target filtering. ----End

4.6.5 Storing Information About the IPv6 VPN Instance on the ASBR PEs
Context
Do as follows on the ASBR PE.

Procedure
Step 1 Run
system-view

The system view is displayed. Step 2 Run


ipv6 vpn6-instance vpn6-instance-name

An IPv6 VPN instance is created and the IPv6 VPN instance view is displayed. If the VPN receives and sends the VPN-IPv6 routing information through the ASBR-PE, configure the corresponding instance on the ASBR-PE. Otherwise, the instance is not needed. Step 3 Run
route-distinguisher route-distinguisher

The RD is configured for the IPv6 VPN instance. Step 4 Run


vpn-target vpn-target &<1-8> import-extcommunity

The VPN target extended community for the VPN instance is created. For the same VPN in the inter-AS VPN-Option B mode, the VPN targets of the ASBR-PE and the PE in an AS should match with each other. The VPN targets of the PE in different Ass must match with each other likewise. Step 5 Run
routing-table limit number { alert-percent | simply-alert }

The maximum number of routes is configured for the IPv6 VPN instance. This step is optional. Step 6 Run
import route-policy policy-name

An import routing policy is created for the IPv6 VPN instance. (optional) Step 7 Run
export route-policy policy-name

Issue 03 (2008-09-22)

Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd.

4-29

4 BGP/MPLS IPv6 VPN Configuration

Quidway NetEngine80E/40E Core Router Configuration Guide - VPN

An export routing policy is created for the IPv6 VPN instance. (optional). ----End

4.6.6 Configuring Routing Between PE and CE


Context
Choose one of the preceding methods as required. For detailed configurations, see Configuring a Routing Protocol Between PE and CE.

4.6.7 Checking the Configuration


Run the following commands to check the previous configuration. Action Check the VPN-IPv6 routing table on the PE or the ASBR PE. Check information about all the BGP peers on the PE or the ASBR PE. Check the VPN routing table on the PE. Command display bgp vpnv6 all routing-table display bgp vpnv6 all peer display ipv6 routing-table vpn6-instance [ vpn6-instance-name ]

Run the display bgp vpnv6 all routing-table command on the ASBR PE. If the IPv6 routes of the VPN are displayed, it means the configuration succeeds. Run the display bgp vpnv6 all peer command on the PE or the ASBR PE. If the status of the IBGP peer is "Established", and the status of the EBGP peer is "Established", it means the configuration succeeds. Run the display ipv6 routing-table vpn6-instance command on the PE. If the relevant IPv6 VPN routes are displayed, it means the configuration succeeds.

4.7 Configuring Inter-AS IPv6 VPN-Option C


This section describes how to configure inter-AS IPv6 VPN-Option C. 4.7.1 Establishing the Configuration Task 4.7.2 Enabling the Exchange of Labeled IPv4 Routes 4.7.3 Configuring a Routing Policy to Control Label Distribution 4.7.4 Establishing the MP-EBGP Peer Between PEs 4.7.5 Configuring Routing Between PE and CE 4.7.6 Checking the Configuration
4-30 Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd. Issue 03 (2008-09-22)

Quidway NetEngine80E/40E Core Router Configuration Guide - VPN

4 BGP/MPLS IPv6 VPN Configuration

4.7.1 Establishing the Configuration Task


Applicable Environment
If the MPLS backbone network bearing VPN-IPv6 routes crosses multiple ASs, the inter-AS VPN is needed. If each AS has a large amount of VPN-IPv6 routes to be exchanged, the VPN-Option C can be adopted to prevent the ASBR PE becoming a bottleneck of the network.

Pre-configuration Tasks
Before configuring inter-AS IPv6 VPN-Option C, complete the following tasks:
l

Configuring IGP for MPLS backbone networks in each AS to realize IP connectivity of the backbones in one AS Configuring basic MPLS capability for the MPLS backbone network Configuring MPLS LDP to establish LDP LSP for the MPLS backbone network Configuring the IBGP peer relationship between the PE and the ASBR of the same AS Creating an IPv6 VPN Instance on the PE devices connected with the CE devices and Binding an IPv6 VPN Instance with an Interface Configuring the IPv6 addresses of the CE interfaces through which the CE accesses the PE

l l l l

Data Preparation
To configure inter-AS IPv6 VPN-Option C, you need the following data: No. 1 Data To configure the IPv6 VPN instance on the PE, you need the following data:
l l l l

Name and RD of the IPv6 VPN instance Description of the IPv6 VPN instance (optional) VPN Target Routing policy that controls the receiving and sending of IPv6 VPN routes (optional) The maximum number of routes allowed by the IPv6 VPN instance (optional)

2 3 4 5 6 7

IPv6 addresses of the PE interfaces attached to the CE AS number of the PEs IPv4 addresses of the interfaces connected the ASBR PEs Routing policy configured on the ASBR PE Routing protocol adopted between the PE and the CE: static route, RIPng, IS-ISv6 or BGP4+ IPv4 addresses and interfaces setting up the IBGP peer between the PE and the ASBR PE

Issue 03 (2008-09-22)

Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd.

4-31

4 BGP/MPLS IPv6 VPN Configuration

Quidway NetEngine80E/40E Core Router Configuration Guide - VPN

4.7.2 Enabling the Exchange of Labeled IPv4 Routes


Procedure
l Configuring the PE 1. Run
system-view

The system view is displayed. 2. Run


bgp as-number

The BGP view is displayed. 3. Run


peer peer-ipv4-address label-route-capability

The exchange of the labeled IPv4 routes with the ASBR PE in the same AS is enabled. l Configuring the ASBR PE 1. Run
system-view

The system view is displayed. 2. Run


interface interface-type interface-number

The view of the interface connected with the peer ASBR PE is displayed. 3. Run
ip address ipv4-address { mask | mask-length }

The IPv4 address of the interface is configured. 4. Run


mpls

MPLS is enabled on the interface. 5. Run


quit

Return to the system view. 6. Run


bgp as-number

The BGP view is displayed. 7. Run


peer peer-ipv4-address label-route-capability

The Capability of exchanging the labeled IPv4 routes with the PE of the same AS is enabled. In the Option C solution, you must establish an inter-AS VPN LSP. The related PEs and the ASBRs exchange public network routes with the MPLS labels. The ASBR-PE establishes an EBGP peer relationship with the remote ASBR-PE to switch labeled IPv4 routes.
4-32 Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd. Issue 03 (2008-09-22)

Quidway NetEngine80E/40E Core Router Configuration Guide - VPN

4 BGP/MPLS IPv6 VPN Configuration

The public network routes with the MPLS labels are advertised by the MP-BGP. According to RFC 3107 (Carrying Label Information in BGP-4), the label mapping information of a route is carried by advertising BGP updates. This feature is implemented through BGP extension attributes, which requires BGP peers to process the labeled IPv4 routes. By default, BGP peers cannot process labeled IPv4 routes. 8. Run
peer peer-ipv4-address as-number as-number

The peer ASBR PE is specified as the EBGP peer. 9. Run


peer peer-ipv4-address label-route-capability

The exchange of the labeled IPv4 routes with the peer ASBR PE is enabled. ----End

4.7.3 Configuring a Routing Policy to Control Label Distribution


Context
The MPLS label distribution for IPv4 routes is controlled by the routing policy. Labels are distributed to the routes that satisfy certain requirements. By default, the IPv4 routes do not carry the MPLS label. Do as follows on the ASBR PE.

Procedure
l Creating a Routing Policy 1. Run
system-view

The system view is displayed. 2. Run


route-policy policy-name1 permit node seq-number

The routing policy applied to the local PE is created. The MPLS labels are allocated to the labeled IPv4 routes advertised to the PEs in the same AS. 3. Run
if-match mpls-label

The IPv4 routes with labels are matched. 4. Run


apply mpls-label

The label is allocated to the IPv4 route. 5. Run


quit

Issue 03 (2008-09-22)

Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd.

4-33

4 BGP/MPLS IPv6 VPN Configuration

Quidway NetEngine80E/40E Core Router Configuration Guide - VPN

Return to the system view. 6. Run


route-policy policy-name2 permit node seq-number

The routing policy applied to the peer ASBR PE is created. The MPLS labels are allocated to the routes that are received from the PEs in the same AS and are sent to the peer ASBR PE, 7. Run
apply mpls-label

The label is allocated to the IPv4 route. l Applying Routing Policies 1. Run
system-view

The system view is displayed. 2. Run


bgp as-number

The BGP view is displayed. 3. Run


peer peer-ipv4-address route-policy policy-name1 export

The routing policy adopted when the route is advertised to the local PE is configured. 4. Run
peer peer-ipv4-address route-policy policy-name2 export

The routing policy adopted when the route is advertised to the peer ASBR PE is configured. ----End

4.7.4 Establishing the MP-EBGP Peer Between PEs


Context
Do as follows on the ASBRs.

Procedure
l Configuring the ASBR PEs 1. Run
system-view

The system view is displayed. 2. Run


bgp as-number

The BGP view is displayed. 3. Run


network ip-address [ mask | mask-length ] [ route-policy route-policyname ]

4-34

Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd.

Issue 03 (2008-09-22)

Quidway NetEngine80E/40E Core Router Configuration Guide - VPN

4 BGP/MPLS IPv6 VPN Configuration

The address of the network segment that connects the two ASBRs is configured. 4. Run
network ip-address [ mask | mask-length ] [ route-policy route-policyname ]

The address of the loopback interface, which sets up the BGP session, on the PE within the AS is advertised. l Configuring the PEs 1. Run
system-view

The system view is displayed. 2. Run


bgp as-number

The BGP view is displayed. 3. Run


peer peer-ipv4-address as-number as-number

The peer PE is specified as the EBGP peer. 4. Run


peer peer-ipv4-address ebgp-max-hop [ hop-count ]

The maximum hop of the EBGP peer is configured. PEs of different ASs are generally not directly connected. To set up the EBGP peer between PEs of different ASs, configure the maximum hop between PEs and ensure PEs are reachable. 5. Run
ipv6-family vpnv6

The BGP IPv6 VPN address family is displayed. 6. Run


peer peer-ipv6-address enable

The exchange of IPv6 VPN routes with the peer PE is enabled. 7. Run
peer peer-ipv6-address next-hop-invariable

The next hop is not changed when the route is advertised to the EBGP peer. ----End

4.7.5 Configuring Routing Between PE and CE


Context
Choose one of the preceding methods as required. For detailed configurations, see Configuring a Routing Protocol Between PE and CE.

4.7.6 Checking the Configuration


Run the following commands to check the previous configuration.
Issue 03 (2008-09-22) Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd. 4-35

4 BGP/MPLS IPv6 VPN Configuration

Quidway NetEngine80E/40E Core Router Configuration Guide - VPN

Action Check the BGP peers on the PE. Check the VPN-IPv6 routing table on the PE or the ASBR PE. Check information about the labels of the IPv4 routes on the ASBR PE. Check the VPN-IPv6 routing table on the PE.

Command display bgp vpnv6 all peer display bgp vpnv6 all routing-table display bgp routing-table label display ipv6 routing-table vpn6-instance [ vpn6-instance-name ]

Run the display bgp vpnv6 all peer command on the PE. If the status of the EBGP peer between PEs is "Established", it means the configuration succeeds. Running the display bgp vpnv6 all routing-table command on the PE and the ASBR PE, you can view that the PE has the VPN-IPv6 routes while the ASBR PE has no VPN-IPv6 route. Run the display bgp routing-table label command on the ASBR PE. If information about the label of the IPv4 route is displayed, it means the configuration succeeds. Run the display ipv6 routing-table vpn6-instance command on the PE. If the VPN routes to related CEs are displayed, it means the configuration succeeds.

4.8 Configuring Carrier's Carrier


This section describes how to deploy VPN in the carrier's carrier network. 4.8.1 Establishing the Configuration Task 4.8.2 Configuring Level 2 Carrier CE to Access Level 1 Carrier PE (Intra-AS) 4.8.3 Configuring Level 2 Carrier CE to Access Level 1 Carrier PE (Inter-AS) 4.8.4 Configuring Level 2 Carrier's Customer to Access Level 2 Carrier PE 4.8.5 Configuring External Route Exchanges Between Level 2 Carrier PEs 4.8.6 Checking the Configuration

4.8.1 Establishing the Configuration Task


Applicable Environment
If the BGP/MPLS IPv6 VPN users are also service providers, who provide common Internet services or BGP/MPLS IPv6 VPN services for their customers, you can use the carriers carrier configuration. In this situation:
l

The Level 1 carrier network is the IPv4 network.


Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd. Issue 03 (2008-09-22)

4-36

Quidway NetEngine80E/40E Core Router Configuration Guide - VPN


l l

4 BGP/MPLS IPv6 VPN Configuration

The Level 2 carrier network is the IPv4 network. The users of the Level 2 carrier network is the IPv6 network.

Pre-configuration Tasks
Before configuring the carrier's carrier, complete the following tasks:
l

Configuring IGP for the Level 1 carrier's MPLS backbone network to implement the IP connectivity of the backbone network Configuring the MPLS basic capacity and the LDP for the Level 1 carrier's MPLS backbone network and establish the LSP Establishing the MP-IBGP connection between the Level 1 carrier PEs Configuring the IGP for the Level 2 carrier's IP network or MPLS network to the IP connectivity Configuring the MPLS basic capacity and LDP for the Level 2 carrier network and establish the LSP if the Level 2 carrier provides the BGP/MPLS IPv6 VPN services

l l

Data Preparation
To configure the carrier's carrier, you need the following data. No. 1 2 3 4 5 6 Data Name, RD and VPN-Target of the IPv4 VPN instance used by the Level 1 carrier CE to access the Level 1 carrier PE Name, RD and VPN-Target of the IPv6 VPN instance used by the Level 2 carrier PE to access the Level 1 carrier CE IPv4 addresses of each interface on the Level 1 carrier PE, and the Level 2 carrier CE and PE AS number of the Level 1 carrier network and that of the Level 2 carrier network Name and number of the routing policy used when the Level 1 and Level 2 carrier have different AS numbers The maximum hops of the EBGP connection allowed for the Level 2 carrier network (inter-AS)

4.8.2 Configuring Level 2 Carrier CE to Access Level 1 Carrier PE (Intra-AS)


Procedure
l Creating a VPN Instance on Level 1 Carrier PE 1. Run
system-view

Issue 03 (2008-09-22)

Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd.

4-37

4 BGP/MPLS IPv6 VPN Configuration

Quidway NetEngine80E/40E Core Router Configuration Guide - VPN

The system view is displayed. 2. Run:


ip vpn-instance vpn-instance-name

A VPN instance is created and the VPN instance view is displayed. 3. Run:
route-distinguisher route-distinguisher-name

The RD of a VPN instance is configured. 4. Run:


vpn-target vpn-target &<1-8> [ both | export-extcommunity | importextcommunity ]

The VPN-Target is configured for the VPN instance. 5. Run:


quit

Return to the system view. 6. Run:


interface interface-type interface-number

The view of the interface connected to Level 2 carrier CE is displayed. 7. Run:


ip binding vpn-instance vpn-instance-name

The interface is bound with the VPN instance. 8. Run:


ip address ip-address { mask | mask-length }

The IP address is configured for the interface. l Configuring LDP and IGP on Level 1 Carrier PE 1. Run:
system-view

The system view is displayed. 2. Run:


mpls ldp vpn-instance vpn-instance-name

LDP is enabled for the created VPN instance. 3. Run:


quit

Return to the system view. 4. Run:


interface interface-type interface-number

The view of interface connected to Level 2 carrier CE is displayed. 5. Run:


mpls

MPLS is enabled on the interface. 6. Run:


mpls ldp

4-38

Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd.

Issue 03 (2008-09-22)

Quidway NetEngine80E/40E Core Router Configuration Guide - VPN

4 BGP/MPLS IPv6 VPN Configuration

LDP is enabled on the interface.


NOTE

If the interface is bound with a VPN instance and enabled with LDP, the LSR cannot use the LSR ID, but the IP address of the current interface to establish the LDP session. You cannot configure the mpls ldp transport-address command and the undo mpls ldp transportaddress command on the interface bound with a VPN instance.

7.

Run:
quit

Return to the system view. 8. Configure the IGP protocol between the Level 1 carrier PE and the Level 2 carrier CE. The RIP multi-instance, the OSPF multi-instance or the IS-IS multi-instance can be used on PE as the IGP protocol between the PE and the Level 2 carrier CE. The detailed configuration is not mentioned here. l Configuring LDP and IGP on the Level 1 Carrier CE 1. Run:
system-view

The system view is displayed. 2. Run:


interface interface-type interface-number

The view of interface connected to the Level 1 carrier PE is displayed. 3. Run:


ip address ip-address { mask | mask-length }

An IP address for the interface is configured. 4. Run:


mpls

MPLS is enabled on the interface. 5. Run:


mpls ldp

LDP is enabled on the interface. 6. Run:


mpls ldp transport-address interface

The IP address of the current interface is used to establish an LDP session. 7. Run:
quit

Return to the system view. 8. Configure IGP between the Level 2 carrier CE and the Level 1 carrier PE. RIP, OSPF or IS-IS can be used on the CE as an IGP protocol between the CE and the Level 1 carrier PE. The detailed configuration is not mentioned here. ----End
Issue 03 (2008-09-22) Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd. 4-39

4 BGP/MPLS IPv6 VPN Configuration

Quidway NetEngine80E/40E Core Router Configuration Guide - VPN

4.8.3 Configuring Level 2 Carrier CE to Access Level 1 Carrier PE (Inter-AS)


Procedure
l Creating VPN-Instance on the Level 1 Carrier PE 1. Run:
system-view

The system view is displayed. 2. Run:


ip vpn-instance vpn-instance-name

A VPN instance is created and the VPN instance view is displayed. 3. Run:
route-distinguisher route-distinguisher-name

The RD of the VPN instance is configured. 4. Run:


vpn-target vpn-target &<1-8> [ both | export-extcommunity | importextcommunity ]

The VPN-Targets are configured for the VPN instance. 5. Run:


quit

Return to the system view. 6. Run:


interface interface-type interface-number

The view of interface connected to the Level 2 carrier CE is displayed. 7. Run:


ip binding vpn-instance vpn-instance-name

The interface is bound with a VPN instance. 8. Run:


ip address ip-address { mask | mask-length }

An IP address is configured for the interface. 9. Run:


mpls

MPLS is enabled on the interface. l Configuring Labeled BGP on the Level 1 Carrier PE 1. Run:
system-view

The system view is displayed. 2. Run:


route-policy policy-name permit node seq-number

A routing policy is created for the Level 2 carrier CE.


4-40 Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd. Issue 03 (2008-09-22)

Quidway NetEngine80E/40E Core Router Configuration Guide - VPN

4 BGP/MPLS IPv6 VPN Configuration

3.

Run:
apply mpls-label

Labels are allocated to IPv4 routes. 4. Run:


quit

Return to the system view. 5. Run:


bgp as-number1

The BGP view is displayed. 6. Run:


ipv4-family vpn-instance vpn-instance-name

The BGP VPN instance view is displayed. 7. Run:


peer peer-address as-number as-number2

The Level 2 carrier CE is specified as the EBGP peer. 8. Run:


peer peer-address label-route-capability

The function of exchanging labeled IPv4 routes is enabled. 9. Run:


peer peer-address route-policy policy-name export

Labels are assigned to routes advertised to the Level 2 carrier CE. 10. Run:
import-route direct

Direct routes are imported. l Configuring Labeled BGP on the Level 2 Carrier CE Between It and the Level 1 Carrier PE 1. Run:
system-view

The system view is displayed. 2. Run:


interface interface-type interface-number

The view of the interface connected to the Level 1 carrier PE is displayed. 3. Run:
ip address ip-address { mask | mask-length }

An IP address is configured for the interface. 4. Run:


mpls

MPLS is enabled on the interface. 5. Run:


quit

Issue 03 (2008-09-22)

Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd.

4-41

4 BGP/MPLS IPv6 VPN Configuration

Quidway NetEngine80E/40E Core Router Configuration Guide - VPN

Return to the system view. 6. Run:


route-policy policy-name1 permit node seq-number

The routing policy is created for the Level 1 carrier PE. 7. Run:
apply mpls-label

Labels are assigned for IPv4 routes. 8. Run:


quit

Return to the system view. 9. Run:


bgp as-number2

The BGP view is displayed. 10. Run:


peer peer-address as-number as-number1

The Level 1 carrier PE is specified as the EBGP peer. 11. Run:


peer peer-address label-route-capability

The function of exchanging labeled IPv4 routes is enabled. 12. Run:


peer peer-address route-policy policy-name1 export

Labels are assigned to the routes advertised to the Level 1 carrier PE. l Configuring Labeled BGP on the Level 2 Carrier CE Between the Level 2 Carrier PE 1. Run:
system-view

The system view is displayed. 2. Run:


route-policy policy-name2 permit node seq-number

A routing policy is created for the Level 2 carrier PE. 3. Run:


if-match mpls-label

The labeled IPv4 route is matched. 4. Run:


apply mpls-label

Labels are assigned to IPv4 routes. 5. Run:


quit

Return to the system view. 6. Run:


bgp as-number2

4-42

Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd.

Issue 03 (2008-09-22)

Quidway NetEngine80E/40E Core Router Configuration Guide - VPN

4 BGP/MPLS IPv6 VPN Configuration

The BGP view is displayed. 7. Run:


peer peer-address as-number as-number2

The Level 2 carrier PE is configured as the IBGP peer. 8. Run:


peer peer-address connect-interface loopback interface-number

The interface used to set up the TCP connection is specified. 9. Run:


peer peer-address label-route-capability

The function of exchange labeled IPv4 routes is enabled. 10. Run:


peer peer-address route-policy policy-name2 export

Labels are assigned to the labeled IPv4 routes advertised to the Level 2 carrier PE. 11. Run:
import-route direct

Import direct routes. 12. Run:


import-route protocol process-id

Import internal routes of the Level 2 carrier network. In Step 12, the imported route type depends on the type of IGP running on the Level 2 carrier MPLS network. l Configuring Labeled BGP on the Level 2 Carrier PE 1. Run:
system-view

The system view is displayed. 2. Run:


bgp as-number2

The BGP view is displayed. 3. Run:


peer peer-address as-number as-number2

The Level 2 carrier CE is specified as the IBGP peer. 4. Run:


peer peer-address connect-interface loopback interface-number

The interface used to set up the TCP connection is specified. 5. Run:


peer peer-address label-route-capability

The function of exchanging labeled IPv4 routes is enabled. ----End


Issue 03 (2008-09-22) Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd. 4-43

4 BGP/MPLS IPv6 VPN Configuration

Quidway NetEngine80E/40E Core Router Configuration Guide - VPN

4.8.4 Configuring Level 2 Carrier's Customer to Access Level 2 Carrier PE


Procedure
l Level 2 Carrier Is Common ISP In this case, the Level 2 carrier PE is configured regardless of the BGP/MPLS IPv6 VPN. The detailed configuration is not mentioned here. l Level 2 Carrier Provides BGP/MPLS IPv6 VPN Services In this case, see the configuration between the PE and the CE in Configuring Basic BGP/ MPLS IPv6 VPN. ----End

4.8.5 Configuring External Route Exchanges Between Level 2 Carrier PEs


Context
When configuring route exchange of the Level 2 carrier PE, select one of the following configurations based on the service type provided by the Level 2 carrier for customers.
l l

The Level 2 Carrier Is Common ISP The Level 2 Carrier Provides BGP/MPLS IPv6 VPN Services

Do as follows on the Level 2 carrier PE.

Procedure
l The Level 2 Carrier Is Common ISP 1. Run:
system-view

The system view is displayed. 2. Run:


bgp as-number

The BGP view is displayed. 3. Run:


peer peer-address as-number as-number

The remote PE is specified as the BGP peer. 4. Run:


peer peer-address connect-interface loopback interface-number

The interface to set up the TCP connections is specified. 5. Run:


peer peer-address ebgp-max-hop [ hop-count ]

The number of maximum hops of the EBGP connection is configured. (optional)


4-44 Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd. Issue 03 (2008-09-22)

Quidway NetEngine80E/40E Core Router Configuration Guide - VPN

4 BGP/MPLS IPv6 VPN Configuration

To establish EBGP peer relationship between the Level 2 carrier PEs, you must configure Step 5. l The Level 2 Carrier Provides BGP/MPLS IPv6 VPN Services 1. Run:
system-view

The system view is displayed. 2. Run:


bgp as-number

The BGP view is displayed. 3. Run:


peer peer-address as-number as-number

The remote PE is specified as the BGP peer. 4. Run:


peer peer-address connect-interface loopback interface-number

The interface to set up the TCP connections is specified. 5. Run:


peer peer-address ebgp-max-hop [ hop-count ]

The number of maximum hops of the EBGP connection is configured. If the MP-EBGP peer relationship exists between the Level 2 carrier PEs, you need to configure Step 5. 6. Run:
ipv6-family vpnv6

The BGP IPv6 VPN address family is displayed. 7. Run:


peer peer-address enable

The function of exchanging VPN-IPv6 routes with the peer is enabled. ----End

4.8.6 Checking the Configuration


Run the following commands to check the previous configuration. Action Check the public routing tables on the CEs and PEs of the Level 1 carrier and PEs of the Level 2 carrier. Check the routing tables on the CEs of the Level 2 carrier. Check the private routing tables on the PEs of the Level 1 carrier.
Issue 03 (2008-09-22)

Command display ip routing-table

display ipv6 routing-table display ip routing-table vpn-instance vpninstance-name


4-45

Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd.

4 BGP/MPLS IPv6 VPN Configuration

Quidway NetEngine80E/40E Core Router Configuration Guide - VPN

Action Check the private routing tables on the PEs of the Level 2 carrier.

Command display ipv6 routing-table vpn6-instance vpn6-instance-name

Run the display ip routing-table command on the PEs and CEs of the Level 1 carrier and the Level 2 carrier. You can view the following:
l

The public routing table of the Level 1 carrier PE contains only the routes of the Level 1 carrier network. The public routing table of the Level 1 carrier CE and that of the Level 2 carrier PE contain the internal routes of the Level 2 carrier network.

Running the display ipv6 routing-table command on the CE of the Level 2 carrier network, you can view the routes to the related remote CEs exist between the CEs of the Level 2 carrier. Running the display ip routing-table vpn-instance command on the PEs of the Level 1 carrier network, you can view the VPN routing table contains the internal routes of the Level 2 carrier network. Running display ipv6 routing-table vpn6-instance command on the PEs of the Level 2 carrier network, you can find the IPv6 VPN routing table contains the routes of the remote IPv6 VPN users, that is, the external routes of the Level 2 carrier.

4.9 Configuring Route Reflection for BGP IPv6 VPN Routes


This section describes how to configure the IPv6 VPN BGP route reflection. 4.9.1 Establishing the Configuration Task 4.9.2 Configuring the Client PEs to Establish MP IBGP Connections with the RR 4.9.3 Configuring the RR to Establish MP IBGP Connections with All Client PEs 4.9.4 Configuring Route Reflection for BGP IPv6 VPN Routes 4.9.5 Checking the Configuration

4.9.1 Establishing the Configuration Task


Applicable Environment
The BGP speaker does not advertise the routes learned from IBGP devices to its IBGP peers. To make a PE advertise the routes of the VPN that the PE accesses to the BGP VPNv6 peers in the same AS, the PE must establish IBGP connections with all peers to directly exchange VPN routing information. That is, MP IBGP peers must establish full connections between each other. Suppose there are n PEs (including ASBR PEs) in an AS, n (n-1)/2 MP IBGP connections need to be established. A large number of IBGP peers consume a great amount of network resources. The Route Reflector (RR) can solve this problem. In an AS, one router severs as the RR to reflect IPv6 VPN routes and the other PEs and ASBR PEs serve as the clients, which are called Client PEs. An RR can be a P, PE, ASBR PE, or other devices. To relieve the burden of an RR, you can configure the RR to maintain routing information instead of forwarding user data.
4-46 Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd. Issue 03 (2008-09-22)

Quidway NetEngine80E/40E Core Router Configuration Guide - VPN

4 BGP/MPLS IPv6 VPN Configuration

The introduction of the RR reduces the number of MP IBGP connections. This lightens the burden of PEs and facilitates network maintenance and management.

Pre-configuration Tasks
Before configuring the route reflection for BGP IPv6 VPN routes, complete the following tasks:
l

Enable IPv6 globally on the PE, and enable IPv6 on the interface that need be configured with IPv6. Configuring the routing protocol for the MPLS backbone network to implement IP interworking between routers in the backbone network Establishing LSP tunnels between the RR and all PEs serving as the clients

Data Preparation
To configure route reflection for BGP IPv6 VPN routes, you need the following data. No. 1 2 3 Data Local AS number and peer AS number Type and number of the interfaces used to set up the TCP connection IP address of the peer

4.9.2 Configuring the Client PEs to Establish MP IBGP Connections with the RR
Context
Do as follows on all Client PEs:

Procedure
Step 1 Run:
system-view

The system view is displayed. Step 2 Run:


bgp as-number

The BGP view is displayed. Step 3 Run:


peer peer-ipv4-address as-number as-number

The RR is specified as the BGP peer. Step 4 Run:


peer peer-ipv4-address connect-interface interface-type interface-number

The interface is specified as an interface to establish the TCP connection.


Issue 03 (2008-09-22) Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd. 4-47

4 BGP/MPLS IPv6 VPN Configuration

Quidway NetEngine80E/40E Core Router Configuration Guide - VPN

The IP address of the interface must be the same as the MPLS LSR ID. It is recommended to specify a loopback interface to establish the TCP connection. Step 5 Run:
ipv6-family vpnv6

The BGP IPv6 VPN address family view is displayed. Step 6 Run:
peer peer-ipv4-address enable

The capability of exchanging IPv6 VPN routes between the Client PE and the RR is enabled. ----End

4.9.3 Configuring the RR to Establish MP IBGP Connections with All Client PEs
Context
Choose one of the following schemes to configure the RR to establish MP IBGP connections with the Client PEs.

Procedure
l Configuring the RR to Establish MP IBGP Connections with the Peer Group 1. Run:
system-view

The system view is displayed. 2. Run:


bgp as-number

The BGP view is displayed. 3. Run:


group group-name [ internal ]

An IBGP peer group is created. 4. Run:


peer ip-address group group-name

The peer is added to the peer group. 5. Run:


peer group-name connect-interface interface-type interface-number

The interface is specified as an interface to establish the TCP connection. The IP address of the interface must be the same as the MPLS LSR ID. It is recommended to specify a loopback interface to establish the TCP connection. 6. Run:
ipv6-family vpnv6

The BGP IPv6 VPN address family view is displayed. 7. Run:


peer group-name enable

4-48

Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd.

Issue 03 (2008-09-22)

Quidway NetEngine80E/40E Core Router Configuration Guide - VPN

4 BGP/MPLS IPv6 VPN Configuration

The capability of exchanging IPv6 VPN routes between the RR and the peer group is enabled. 8. Run:
peer ip-address group group-name

The peer is added to the peer group. l Configuring the RR to Establish an MP IBGP Connection with Each Client PE 1. Run:
system-view

The system view is displayed. 2. Run:


bgp as-number

The BGP view is displayed. 3. Run:


peer peer-ipv4-address as-number as-number

The Client PE is specified as the BGP peer. 4. Run:


peer peer-ipv4-address connect-interface interface-type interface-number

The interface is specified as an interface to establish the TCP connection. The IP address of the interface must be the same as the MPLS LSR ID. It is recommended to specify a loopback interface to establish the TCP connection. 5. Run:
ipv6-family vpnv6

The BGP IPv6 VPN address family view is displayed. 6. Run:


peer peer-ipv6-address enable

The capability of exchanging IPv6 VPN routes between the RR and the Client PE is enabled. ----End

4.9.4 Configuring Route Reflection for BGP IPv6 VPN Routes


Context
Do as follows on the RR:

Procedure
Step 1 Run:
system-view

The system view is displayed. Step 2 Run:


bgp as-number

Issue 03 (2008-09-22)

Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd.

4-49

4 BGP/MPLS IPv6 VPN Configuration

Quidway NetEngine80E/40E Core Router Configuration Guide - VPN

The BGP view is displayed. Step 3 Run:


ipv6-family vpnv6

The BGP IPv6 VPN address family view is displayed. Step 4 Enable the route reflection for BGP IPv6 VPN routes on the RR.
l

Run the peer { group-name | peer-ipv4-address } reflect-client command to enable the route reflection if the RR establishes the MP IBGP connection with the peer group consisting of all Client PEs. Run the peer peer-ipv4-address reflect-client command repeatedly to enable the route reflection if the RR establishes the MP IBGP connection with each PE rather than peer group.

Step 5 Run:
undo policy vpn-target

The filtering of IPv6 VPN routes based on the VPN target is disabled. Step 6 (Optional) Run:
rr-filter extended-list-number

The reflection policy is configured for the RR. ----End

4.9.5 Checking the Configuration


Run the following commands to check the preceding configuration. Action View information about the BGP IPv6 VPN peer on the RR or the Client PEs. View information about the IPv6 VPN routes received from the peer or the IPv6 VPN routes advertised to the peer on the RR or the Client PEs. View information about the IPv6 VPN peer group on the RR. Command display bgp vpnv6 all peer [ [ ipv4address ] verbose ] display bgp vpnv6 all routing-table peer peer-ipv4-address { advertisedroutes | received-routes } [ statistics ] display bgp vpnv6 all group [ groupname ]

If the configurations succeed,


l

You can find that the status of the MP IBGP connections between the RR and all Client PEs is "Established" after running the display bgp vpnv6 all peer command on the RR or Client PEs. You can find that the RR and each Client PE can receive and send IPv6 VPN routing information between each other after running the display bgp vpnv6 all routing-table peer command on the RR or the Client PEs.
Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd. Issue 03 (2008-09-22)

4-50

Quidway NetEngine80E/40E Core Router Configuration Guide - VPN


l

4 BGP/MPLS IPv6 VPN Configuration

If the peer group is configured, you can view information about the group members and find that the status of the BGP connections between the RR and the group members is "Established" after running the display bgp vpnv6 all group command on the RR.

4.10 Maintaining BGP/MPLS IPv6 VPN


This section describes how to maintain BGP/MPLS IPv6 VPN. 4.10.1 Displaying BGP/MPLS IPv6 VPN Information 4.10.2 Checking the Network Connectivity and Reachability 4.10.3 Resetting BGP Statistics of IPv6 VPN Instance 4.10.4 Resetting BGP Connections 4.10.5 Debugging BGP/MPLS IPv6 VPN

4.10.1 Displaying BGP/MPLS IPv6 VPN Information


Run the following display commands in any view to check the running configuration of the BGP/MPLS IPv6 VPN. For more information, refer to the Quidway NetEngine80E/40E Router Command Reference. Action View the IP routing table of an IPv6 VPN instance. View IPv6 VPN instance information. View information of the BGP IPv6 VPN routing table. Command display ipv6 routing-table vpn6-instance vpn6-instance-name [ [ filter-option ] [ verbose ] | statistics ] display ipv6 vpn6-instance [ verbose | brief ] [ vpn6-instance-name ] display bgp vpnv6 { all | route-distinguisher route-distinguisher | vpn6-instance vpn6instance-name } routing-table destinationaddress { mask | mask-length } display bgp vpnv6 { all | route-distinguisher route-distinguisher | vpn6-instance vpn6instance-name } routing-table statistics [ match-options ] display bgp vpnv6 { all | route-distinguisher route-distinguisher | vpn6-instance vpn6instance-name } routing-table [ match-options ] display bgp vpnv6 { all | vpn6-instance vpn6instance-name } group [ group-name ] display bgp vpnv6 { all | vpn6-instance vpn6instance-name } peer [ [ peer-address ] verbose ]
4-51

View the statistics about the BGP VPNIPv6 routing table.

View information of the BGP VPN-IPv6 routing table. View BGP IPv6 VPN peer group information. View BGP IPv6 VPN peer information.

Issue 03 (2008-09-22)

Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd.

4 BGP/MPLS IPv6 VPN Configuration

Quidway NetEngine80E/40E Core Router Configuration Guide - VPN

Action View VPN-IPv6 routing information advertised. View AS path information of BGP VPNIPv6. View BGP peer's log information of specified IPv6 VPN instance.

Command display bgp vpnv6 { all | vpn6-instance vpn6instance-name } network display bgp vpnv6 { all | vpn6-instance vpn6instance-name } paths [ as-regular-expression ] display bgp vpnv6 vpn6-instance vpn6instance-name peer { group-name | peeraddress } log-info

4.10.2 Checking the Network Connectivity and Reachability


Action Check whether the IPv6 network is correctly set up to send IPv6 packets from the transmitting end to the destination address. Check the gateways through which the IPv6 packets are sent from the transmitting end to the destination address. Check whether the IPv4 backbone network is correctly set up to send IPv4 packets from the transmitting end to the destination address. Check the gateways through which the IPv4 packets are sent from the transmitting end of the IPv4 backbone network to the destination address of the IPv4 backbone network. Command ping ipv6 [ -a source-ipv6-address | -c echonumber | -m wait-time | -s byte-number | -t time-out | -tc traffic-class | vpn6-instance vpn6-instancename ]* dest-ipv6-address [ -i interface-type interface-number ] tracert ipv6 [ -f first-hop-limit | -m max-hop-limit | p port-number | -q probes | -w wait-time | vpn6instance vpn6-instance-name ]* { ipv6-address | host-name } ping [ ip ] [ -a source-ip-address | -c count | -d | -f | h ttl-value | -i interface-type interface-number | -m time | -n | -p pattern | -q | -r | -s packetsize | -t timeout | -tos tos-value | -v | -vpn-instance vpninstance-name ] * dest-address tracert [ -a source-ip-address | -f first-TTL | -m maxTTL | -p port | -q nqueries | -vpn-instance vpninstance-name | -w timeout ] * dest-address

After the VPN configuration, using the ping command without vpn6-instance vpn6-instancename on PE device, you can check whether the PE and the CE that belongs to the same VPN can communicate with each other. If the ping fails, you can use the tracert command with vpn6instance vpn6-instance-name to locate the fault. If multiple interfaces bound with the same VPN exist on the PE, specify the source IP address, that is -a source-ipv6-address when you ping the remote CE that accesses the peer PE. If you do not specify a source IP address, the PE chooses an IPv6 address of the interface bound with the VPN on the PE as the source address of the ICMPv6 packet randomly. If the selected interface is Down, the ICMP packet sent back from the peer PE is discarded.
4-52 Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd. Issue 03 (2008-09-22)

Quidway NetEngine80E/40E Core Router Configuration Guide - VPN


NOTE

4 BGP/MPLS IPv6 VPN Configuration

By default, as for the MPLS TTL timeout packet with level 1 label, the router returns the ICMPv6 packet according to the local IP route, which is the route of the public network. However, no VPN route exists in the public-network routing table of the ASBR PE. Therefore, the ICMPv6 packet is discarded when it is sent from the ASBR PE or returns to the ASBR PE. In this situation, the ping command can succeed. For inter-AS VPN, when you perform the tracert operation, to check the correct path that the carrier network forwards the private-network packets, it is recommended to configure the undo ttl expiration command on ASBR PEs.

4.10.3 Resetting BGP Statistics of IPv6 VPN Instance


Run the following reset commands in user view to clear the BGP statistics of the IPv6 VPN instance. Action Clear statistics of the BGP routes flap for a specified IPv6 VPN instance. Clear dampening information of an IPv6 VPN instance. Command reset bgp vpn6-instance vpn6-instance-name peeraddress flap-info reset bgp vpn6-instance vpn6-instance-name dampening [ ipv6-address [ mask | mask-length ] ]

4.10.4 Resetting BGP Connections


When the BGP configuration changes, you can use the soft reset or reset BGP connections to let the new configurations take effect. Soft reset requires the BGP peers have route refreshment capability (supporting Route-Refresh messages). Do as follows in the user view. Action Trigger the inbound soft reset of IPv6 VPN instance's BGP connection. Trigger the outbound soft reset of IPv6 VPN instance's BGP connection. Trigger the inbound soft reset of BGP VPNv6 connection. Trigger the outbound soft reset of BGP VPNv6 connection. Reset BGP connections of an IPv6 VPN instance. Command refresh bgp vpn6-instance vpn6-instance-name { all | peer-address | group group-name | internal | external } import refresh bgp vpn6-instance vpn6-instance-name { all | peer-address | group group-name | internal | external } export refresh bgp vpnv6 { all | peer-ipv4-address | group group-name | internal | external } import refresh bgp vpnv6 { all | peer-ipv4-address | group group-name | internal | external } export reset bgp vpn6-instance vpn6-instance-name { asnumber | peer-ipv6-address | group group-name | all | internal | external }
4-53

Issue 03 (2008-09-22)

Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd.

4 BGP/MPLS IPv6 VPN Configuration

Quidway NetEngine80E/40E Core Router Configuration Guide - VPN

Action Reset BGP VPNv6 connections.

Command reset bgp vpnv6 { as-number | peer-ipv4-address | group group-name | all | internal | external }

4.10.5 Debugging BGP/MPLS IPv6 VPN

CAUTION
Enabling the debugging affects the system performance. After debugging, run the undo debugging all command to disable it at once. Run the following debugging commands in user view to debug BGP/MPLS IPv6 VPN and to locate the fault. For more information, see the chapter "Maintenance and Debugging" in the Quidway NetEngine80E/40E Router Configuration Guide - System Management. Action Enable the debugging of BGP peers in an IPv6 VPN instance. Enable the packet debugging of BGP peers in an IPv6 VPN instance. Enable the BGP Update packets debugging of IPv6 VPN instances. Enable the BGP Update packets debugging of VPN-IPv6 routes. Enable the BGP Update packets debugging of labeled routes. Command debugging bgp vpn6-instance vpn6-instance-name ipv6-address { all | event | timer } debugging bgp vpn6-instance vpn6-instance-name ipv6-address { keepalive | open | packet | raw-packet | route-refresh } [ receive | send ] [ verbose ] debugging bgp update vpn6-instance vpn6-instancename peer ipv6-address [ ipv6-prefix ipv6-prefixname ] [ receive | send ] [ verbose ] debugging bgp update vpnv6 [ peer ipv4-address ] [ receive | send ] [ verbose ] debugging bgp update label-route [ peer peer-ipv4address ] [ acl acl-number | ip-prefix ipv4-prefixname ] [ receive | send ] [ verbose ]

4.11 Configuration Examples


This section provides several configuration examples. 4.11.1 Example for Configuring BGP/MPLS IPv6 VPN 4.11.2 Example for Configuring Hub and Spoke (BGP4+ Between the PE and the CE) 4.11.3 Example for Configuring Hub and Spoke (Default Route Between the Hub-PE and the Hub-CE)
4-54 Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd. Issue 03 (2008-09-22)

Quidway NetEngine80E/40E Core Router Configuration Guide - VPN

4 BGP/MPLS IPv6 VPN Configuration

4.11.4 Example for Configuring Inter-AS VPN Option A 4.11.5 Example for Configuring Inter-AS VPN Option B 4.11.6 Example for Configuring Inter-AS VPN Option C 4.11.7 Example for Configuring Carrier's Carrier in a Same AS 4.11.8 Example for Configuring the Carrier's Carrier (Inter-AS) 4.11.9 Example for Configuring Route Reflector in an IPv6 VPN

4.11.1 Example for Configuring BGP/MPLS IPv6 VPN


Networking Requirements
As shown in Figure 4-2:
l l

CE1 and CE3 are in vpna while CE2 and CE4 are in vpnb. Users in different VPN cannot access each other. GE 2/0/0 on each CE is the interface of the internal network.

In this example, different ways for exchanging routes are adopted according to the AS to which the directly-connected PEs and CEs belong to.
l l l l

Intercommunication between PE1 and CE1 is implemented through the BGP4+. Intercommunication between PE1 and CE2 is implemented through the IPv6 static route. Intercommunication between PE2 and CE3 is implemented through the IS-ISv6. Intercommunication between PE2 and CE4 is implemented through the RIPng.

You can choose one of the preceding ways as required by the actual networking. Figure 4-2 BGP/MPLS IPv6 VPN networking diagram
AS: 65410 vpna CE1
GE1/0/0 2001::1 Loopback1 2.2.2.9/32 POS1/0/0 PE1 192.168.1.2/24 POS3/0/0 192.168.1.1/24 POS2/0/0 PE2 192.168.2.1/24 POS3/0/0 192.168.2.2/24 GE2/0/0 1998::1/64

AS: 100
GE2/0/0 1999::1/64

vpnb

CE4
GE1/0/0 2005::1

GE1/0/0 2001::2 Loopback1 1.1.1.9/32 GE2/0/0 2003::2

GE1/0/0 2005::2 Loopback1 3.3.3.9/32 GE2/0/0 2004::2

P AS: 100

MPLS backbone

GE1/0/0 2003::1

CE2 vpnb

GE2/0/0 1998::1/64

GE2/0/0 1999::1/64

GE1/0/0 2004::1

CE3 vpna

AS: 65420

AS: 100

Issue 03 (2008-09-22)

Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd.

4-55

4 BGP/MPLS IPv6 VPN Configuration

Quidway NetEngine80E/40E Core Router Configuration Guide - VPN

Configuration Roadmap
The configuration roadmap is as follows: 1. 2. 3. 4. Configure IGP on IPv4 backbone to implement the IP connectivity of the backbone network. Configure the basic MPLS capability and MPLS LDP on PEs and Ps. Configure MP-IBGP between PE1 and PE2 to exchange the VPN-IPv6 routing information through BGP. Configure IPv6 routing protocol on the PEs and CEs to ensure the PEs and the CEs can exchange the IPv6 routes

Data Preparation
To configure BGP/MPLS IPv6 VPN, you need the following data:
l l

AS number of the PE and the CE RD, Export VPN Target and import VPN Target of the IPv6 VPN instance

Configuration Procedures
1. Configure the IPv6 packet forwarding for each CE and PE. # Enable the IPv6 packet forwarding on CE1.
[CE1] ipv6

The configurations on the CE2 to CE4, and PE1 to PE2 are similar and are not mentioned here. 2. Configure the IP address for each interface. Configure the IPv4/IPv6 address and mask for each interface including the loopback interface as shown in Figure 4-2 (except for the PE interfaces that connect the CEs) # Configure the IPv6 address on the interface of the CE1.
<CE1> system-view [CE1] interface gigabitethernet 1/0/0 [CE1-GigabitEthernet1/0/0] ipv6 enable [CE1-GigabitEthernet1/0/0] ipv6 address 2001::1 64 [CE1-GigabitEthernet1/0/0] quit

The configurations on the other interfaces are similar and are not mentioned here. 3. Configure IGP on MPLS backbone network. # Configure IPv4 IGP on the PE1. IS-IS is adopted in this example.
<PE1> system-view [PE1] isis 1 [PE1-isis-1] network-entity 10.1111.1111.1111.00 [PE1-isis-1] quit [PE1] interface pos 3/0/0 [PE1-Pos3/0/0] isis enable 1 [PE1-Pos3/0/0] quit [PE1] interface loopback 1 [PE1-LoopBack1] isis enable 1 [PE1-LoopBack1] quit

# Configure IS-IS on the P.


<P> system-view [P] isis 1 [P-isis-1] network-entity 20.2222.2222.2222.00 [P-isis-1] quit [P] interface pos 1/0/0

4-56

Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd.

Issue 03 (2008-09-22)

Quidway NetEngine80E/40E Core Router Configuration Guide - VPN


[P-Pos1/0/0] isis enable 1 [P-Pos1/0/0] quit [P] interface pos 2/0/0 [P-Pos2/0/0] isis enable 1 [P-Pos2/0/0] quit [P] interface loopback 1 [P-LoopBack1] isis enable 1 [P-LoopBack1] quit

4 BGP/MPLS IPv6 VPN Configuration

# Configure IS-IS on the PE2.


<PE2> system-view [PE2] isis 1 [PE2-isis-1] network-entity 30.3333.3333.3333.00 [PE2-isis-1] quit [PE2] interface pos 3/0/0 [PE2-Pos3/0/0] isis enable 1 [PE2-Pos3/0/0] quit [PE2] interface loopback 1 [PE2-LoopBack1] isis enable 1 [PE2-LoopBack1] quit

After the configuration, the PE1, P and PE2 can learn routes including the loopback routes between each other. You can view this by using the display ip routing-table command. Take the PE1 as an example:
[PE1] display ip routing-table Routing Tables: Public Destinations: 9 Destination/Mask Proto Pre 1.1.1.9/32 Direct 0 2.2.2.9/32 ISIS 15 3.3.3.9/32 ISIS 15 127.0.0.0/8 Direct 0 127.0.0.1/32 Direct 0 192.168.1.0/24 Direct 0 192.168.1.1/32 Direct 0 192.168.1.2/32 Direct 0 192.168.2.0/24 ISIS 15 Routes: 9 Cost 0 10 20 0 0 0 0 0 20

Flags D D D D D D D D D

NextHop 127.0.0.1 192.168.1.2 192.168.1.2 127.0.0.1 127.0.0.1 192.168.1.1 127.0.0.1 192.168.1.2 192.168.1.2

Interface InLoopBack0 Pos3/0/0 Pos3/0/0 InLoopBack0 InLoopBack0 Pos3/0/0 InLoopBack0 Pos3/0/0 Pos3/0/0

4.

Create a tunnel between the PE1 and PE2. In this example, LDP LSP is adopted. # Enable MPLS and MPLS LDP on the PE1.
[PE1] mpls lsr-id 1.1.1.9 [PE1] mpls [PE1-mpls] quit [PE1] mpls ldp [PE1-mpls-ldp] quit [PE1] interface pos 3/0/0 [PE1-Pos3/0/0] mpls [PE1-Pos3/0/0] mpls ldp

# Enable MPLS and MPLS LDP on the P.


[P] mpls lsr-id 2.2.2.9 [P] mpls [P-mpls] quit [P] mpls ldp [P-mpls-ldp] quit [P] interface pos 1/0/0 [P-Pos1/0/0] mpls [P-Pos1/0/0] mpls ldp [P-Pos1/0/0] quit [P] interface pos 2/0/0 [P-Pos2/0/0] mpls

[P-Pos2/0/0] mpls ldp # Enable MPLS and MPLS LDP on the PE2.
[PE2] mpls lsr-id 3.3.3.9

Issue 03 (2008-09-22)

Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd.

4-57

4 BGP/MPLS IPv6 VPN Configuration


[PE2] mpls [PE2-mpls] quit [PE2] mpls ldp [PE2-mpls-ldp] quit [PE2] interface pos 3/0/0 [PE2-Pos3/0/0] mpls [PE2-Pos3/0/0] mpls ldp

Quidway NetEngine80E/40E Core Router Configuration Guide - VPN

After the configuration, the LDP LSP should be set up between the PE1 and the PE2. Run the display mpls ldp lsp command, you can view information about the LDP LSP setup. Take the PE1 as an example:
[PE1] display mpls ldp lsp LDP LSP Information -------------------------------------------------------------------------SN DestAddress/Mask In/OutLabel Next-Hop In/Out-Interface -------------------------------------------------------------------------1 1.1.1.9/32 3/NULL 127.0.0.1 Pos3/0/0/InLoop0 2 2.2.2.9/32 NULL/3 192.168.1.2 -------/Pos3/0/0 3 3.3.3.9/32 NULL/1024 192.168.1.2 -------/Pos3/0/0 -------------------------------------------------------------------------A '*' before an LSP means the LSP is not established A '*' before a Label means the USCB or DSCB is stale

5.

Configure the IPv6 VPN instance on the PE1 and the PE2. # Configure the IPv6 VPN instance named vpna on the PE1.
[PE1] ipv6 vpn6-instance [PE1-vpn6-instance-vpna] [PE1-vpn6-instance-vpna] [PE1-vpn6-instance-vpna] [PE1-vpn6-instance-vpna] vpna route-distinguisher 100:1 vpn-target 22:22 export-extcommunity vpn-target 33:33 import-extcommunity quit

# Bind the PE1 interface that is directly connected with the CE1 with the IPv6 VPN instance vpna.
[PE1] interface gigabitethernet [PE1-GigabitEthernet1/0/0] ipv6 [PE1-GigabitEthernet1/0/0] ipv6 [PE1-GigabitEthernet1/0/0] ipv6 [PE1-GigabitEthernet1/0/0] quit 1/0/0 enable binding vpn6-instance vpna address 2001::2 64

# Configure the IPv6 VPN instance named vpnb on the PE1.


[PE1] ipv6 vpn6-instance [PE1-vpn6-instance-vpnb] [PE1-vpn6-instance-vpnb] [PE1-vpn6-instance-vpnb] [PE1-vpn6-instance-vpnb] vpnb route-distinguisher 200:1 vpn-target 44:44 export-extcommunity vpn-target 55:55 import-extcommunity quit

# Bind the PE1 interface that is directly connected with the CE2 with the IPv6 VPN instance vpnb.
[PE1] interface gigabitethernet [PE1-GigabitEthernet2/0/0] ipv6 [PE1-GigabitEthernet2/0/0] ipv6 [PE1-GigabitEthernet2/0/0] ipv6 [PE1-GigabitEthernet2/0/0] quit 2/0/0 enable binding vpn6-instance vpnb address 2003::2 64

# Configure the IPv6 VPN instance named vpna on the PE2.


[PE2] ipv6 vpn6-instance [PE2-vpn6-instance-vpna] [PE2-vpn6-instance-vpna] [PE2-vpn6-instance-vpna] [PE2-vpn6-instance-vpna] vpna route-distinguisher 300:1 vpn-target 33:33 export-extcommunity vpn-target 22:22 import-extcommunity quit

# Bind the PE2 interface that is directly connected with the CE3 with the IPv6 VPN instance vpna.
[PE2] interface gigabitethernet 2/0/0 [PE2-GigabitEthernet2/0/0] ipv6 enable [PE2-GigabitEthernet2/0/0] ipv6 binding vpn6-instance vpna

4-58

Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd.

Issue 03 (2008-09-22)

Quidway NetEngine80E/40E Core Router Configuration Guide - VPN

4 BGP/MPLS IPv6 VPN Configuration

[PE2-GigabitEthernet2/0/0] ipv6 address 2004::2 64 [PE2-GigabitEthernet2/0/0] quit

# Configure the IPv6 VPN instance named vpnb on the PE2.


[PE2] ipv6 vpn6-instance [PE2-vpn6-instance-vpnb] [PE2-vpn6-instance-vpnb] [PE2-vpn6-instance-vpnb] [PE2-vpn6-instance-vpnb] vpnb route-distinguisher 400:1 vpn-target 55:55 export-extcommunity vpn-target 44:44 import-extcommunity quit

# Bind the PE2 interface that is directly connected with the CE4 with the IPv6 VPN instance vpnb.
[PE2] interface gigabitethernet [PE2-GigabitEthernet1/0/0] ipv6 [PE2-GigabitEthernet1/0/0] ipv6 [PE2-GigabitEthernet1/0/0] ipv6 [PE2-GigabitEthernet1/0/0] quit 1/0/0 enable binding vpn6-instance vpnb address 2005::2 64

After the configuration, run the display ipv6 vpn6-instance verbose command on each PE to view the configuration about the IPv6 VPN instance. You can find that the PE can successfully ping the CE that the PE accesses. Take the PE1 as an example:
[PE1] display ipv6 vpn6-instance verbose Total VPN6-Instances configured: 2 VPN6-Instance Name and ID: vpna, 1 Create date: 2006/06/17 15:38:28 Up time: 0 days, 00 hours, 07 minutes and 34 seconds Route Distinguisher: 100:1 Export VPN Targets: 22:22 Import VPN Targets: 33:33 Label policy: label per route Interfaces: GigabitEthernet1/0/0 VPN6-Instance Name and ID: vpnb, 2 Create date: 2006/06/17 15:40:18 Up time: 0 days, 00 hours, 05 minutes and 44 seconds Route Distinguisher: 200:1 Export VPN Targets: 44:44 Import VPN Targets: 55:55 Label policy: label per route Interfaces: GigabitEthernet2/0/0 [PE1] ping ipv6 vpn6-instance vpna 2001::1 PING 2001::1: 56 data bytes, press CTRL_C to break Reply from 2001::1 bytes=56 Sequence=1 hop limit=64 time = 47 ms Reply from 2001::1 bytes=56 Sequence=2 hop limit=64 time = 31 ms Reply from 2001::1 bytes=56 Sequence=3 hop limit=64 time = 62 ms Reply from 2001::1 bytes=56 Sequence=4 hop limit=64 time = 62 ms Reply from 2001::1 bytes=56 Sequence=5 hop limit=64 time = 31 ms --- 2001::1 ping statistics --5 packet(s) transmitted 5 packet(s) received 0.00% packet loss round-trip min/avg/max = 31/46/62 ms

6.

Create the IPv6 VPN peer relationship between the PE1 and the PE2. # Configure BGP on the PE1.
[PE1] bgp 100 [PE1-bgp] peer 3.3.3.9 as-number 100 [PE1-bgp] peer 3.3.3.9 connect-interface loopback 1 [PE1-bgp] ipv6-family vpnv6 [PE1-bgp-af-vpnv6] peer 3.3.3.9 enable [PE1-bgp-af-vpnv6] quit

# Configure BGP on the PE2.


Issue 03 (2008-09-22) Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd. 4-59

4 BGP/MPLS IPv6 VPN Configuration

Quidway NetEngine80E/40E Core Router Configuration Guide - VPN

[PE2] bgp 100 [PE2-bgp] peer 1.1.1.9 as-number 100 [PE2-bgp] peer 1.1.1.9 connect-interface loopback 1 [PE2-bgp] ipv6-family vpnv6 [PE2-bgp-af-vpnv6] peer 1.1.1.9 enable [PE2-bgp-af-vpnv6] quit

After the configuration, you can run the display bgp vpnv6 all peer command on each PE to check information about the VPNv6 peer setup. Take the PE1 as an example:
[PE1] display bgp vpnv6 all peer BGP local router ID: 1.1.1.9 Local AS number: 100 Total number of peers: 1 Peer V AS MsgRcvd 3.3.3.9 4 100 3

Peers in established state: 1 MsgSent OutQ Up/Down State PrefRcv 3 0 00:02:19 Established 0

From the preceding display, you can view that the VPNv6 peer relationship between the PE1 and the PE2 is established. 7. Configure BGP4+ on the PE1 and the CE1. # Configure EBGP on the PE1.
[PE1] bgp 100 [PE1-bgp] ipv6-family vpn6-instance vpna [PE1-bgp6-vpna] peer 2001::1 as-number 65410 [PE1-bgp6-vpna] import-route direct [PE1-bgp6-vpna] quit [PE1-bgp] quit

# Configure EBGP on the CE1.


[CE1] bgp 65410 [CE1-bgp] router-id 10.10.10.10 [CE1-bgp] peer 2001::2 as-number 100 [CE1-bgp] ipv6-family unicast [CE1-bgp-af-ipv6] peer 2001::2 enable [CE1-bgp-af-ipv6] import-route direct [CE1-bgp-af-ipv6] quit [CE1-bgp] quit

After the configuration, you can run the display bgp vpnv6 vpn6-instance vpnv6-instancename peer command on the PE1 to check information about the peer setup.
[PE1] display bgp vpnv6 vpn6-instance vpna peer BGP local router ID: 1.1.1.9 Local AS number: 100 Total number of peers: 1 Peers in established state: 1 Peer V AS MsgRcvd MsgSent OutQ Up/Down State PrefRcv 2001::1 4 65410 10 9 0 00:06:10 Established 1

Alternatively, you can run the display bgp ipv6 peer on the CE1 to check information about the peer setup.
[CE1] display bgp ipv6 peer BGP local router ID: 10.10.10.10 Local AS number: 65410 Total number of peers: 1 Peer V AS MsgRcvd 2001::2 4 100 2

Peers in established state: 1 MsgSent OutQ Up/Down State PrefRcv 3 0 00:00:32 Established 0

From the preceding display, you can view that the EBGP connection is set up between the PE1 and the CE1. 8. Configure the static route between the PE1 and the CE2. # Configure the Ipv6 static route for the VPNv6 instance named vpnb on the PE1.
[PE1] ipv6 route-static vpn6-instance vpnb 1998:: 64 2003::1

# Import the static route and the direct route into BGP on the PE1.
[PE1] bgp 100

4-60

Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd.

Issue 03 (2008-09-22)

Quidway NetEngine80E/40E Core Router Configuration Guide - VPN


[PE1-bgp] ipv6-family vpn6-instance vpnb [PE1-bgp6-vpnb] import-route static [PE1-bgp6-vpnb] import-route direct [PE1-bgp6-vpnb] quit [PE1-bgp] quit

4 BGP/MPLS IPv6 VPN Configuration

# Configure the Ipv6 default route on the CE2.


[CE2] ipv6 route-static :: 0 2003::2

9.

Configure IS-ISv6 between the PE2 and the CE3. # Configure IS-ISv6 on the PE2.
[PE2] isis 10 vpn6-instance vpna [PE2-isis-10] network-entity 30.4444.4444.4444.4444.00 [PE2-isis-10] ipv6 enable [PE2-isis-10] ipv6 import-route bgp [PE2-isis-10] quit [PE2] interface gigabitethernet 2/0/0 [PE2-GigabitEthernet2/0/0] isis ipv6 enable 10

# Import IS-ISv6 into BGP on the PE2.


[PE2] bgp 100 [PE2-bgp] ipv6-family vpn6-instance vpna [PE2-bgp6-vpna] import-route isis 10 [PE2-bgp6-vpna] quit [PE2-bgp] quit

# Configure IS-ISv6 on the CE3.


[CE3] isis 10 [CE3-isis-10] network-entity 30.2222.2222.2222.00 [CE3-isis-10] ipv6 enable [CE3-isis-10] quit [CE3] interface gigabitethernet 1/0/0 [CE3-GigabitEthernet1/0/0] isis ipv6 enable 10 [CE3-GigabitEthernet1/0/0] quit [CE3] interface gigabitethernet 2/0/0 [CE3-GigabitEthernet2/0/0] isis ipv6 enable 10 [CE3-GigabitEthernet2/0/0] quit

10. Configure RIPng between the PE2 and the CE4. # Configure RIPng on the PE2.
[PE2] ripng 100 vpn6-instance vpnb [PE2-ripng-100] import-route bgp [PE2-ripng-100] quit [PE2] interface gigabitethernet 1/0/0 [PE2-GigabitEthernet1/0/0] ripng 100 enable [PE2-GigabitEthernet1/0/0] quit

# Import RIPng into BGP on the PE2.


[PE2] bgp 100 [PE2-bgp] ipv6-family vpn6-instance vpnb [PE2-bgp6-vpnb] import-route ripng 100

# Configure RIPng on the CE2.


[CE4] ripng 100 [CE4-ripng-100] quit [CE4] interface gigabitethernet 1/0/0 [CE4-GigabitEthernet1/0/0] ripng 100 enable [CE4-GigabitEthernet1/0/0] quit [CE4] interface gigabitethernet 2/0/0 [CE4-GigabitEthernet2/0/0] ripng 100 enable [CE4-GigabitEthernet2/0/0] quit

11. Verify the configuration. After the configuration is complete, the CEs that are allowed to communicate can learn routes from each other. Run the display ipv6 routing-table vpn6-instance command on each PE to check the routes of the VPNv6 instances. You can also use the ping or the tracert command to testify the network connectivity.
Issue 03 (2008-09-22) Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd. 4-61

4 BGP/MPLS IPv6 VPN Configuration

Quidway NetEngine80E/40E Core Router Configuration Guide - VPN

Alternatively, you can run the display ipv6 routing-table command on each CE to view the routing table. You can also use the ping or the tracert command to testify the network connectivity. Take the PE1 and the CE1 as examples:
[PE1] ping ipv6 vpn6-instance vpna 1999::1 PING 1999::1: 56 data bytes, press CTRL_C Reply from 1999::1 bytes=56 Sequence=1 hop limit=63 time = Reply from 1999::1 bytes=56 Sequence=2 hop limit=63 time = Reply from 1999::1 bytes=56 Sequence=3 hop limit=63 time = Reply from 1999::1 bytes=56 Sequence=4 hop limit=63 time = Reply from 1999::1 bytes=56 Sequence=5 hop limit=63 time = --- 1999::1 ping statistics --5 packet(s) transmitted 5 packet(s) received 0.00% packet loss round-trip min/avg/max = 94/94/94 ms [CE1] tracert ipv6 1999::1 traceroute to 1999::1 30 hops max,60 bytes 1 2001::2 62 ms 31 ms 32 ms 2 2004::2 101 ms 94 ms 98 ms 3 1999::1 156 ms 157 ms 171 ms to break 94 ms 94 ms 94 ms 94 ms 94 ms

packet

1999::1/64 also exists on the CE4. Run the display ipv6 statistics command on the CE3 and the CE4 to check the change of the number of received and sent ICMPv6 packets. From the display, you can see the packets are sent to the correct interfaces. The VPN sites that are not allowed to communicate are isolated from each other.

Configuration Files
l

Configuration file of PE1


# sysname PE1 # ipv6 # ipv6 vpn6-instance vpna route-distinguisher 100:1 vpn-target 22:22 export-extcommunity vpn-target 33:33 import-extcommunity # ipv6 vpn6-instance vpnb route-distinguisher 200:1 vpn-target 44:44 export-extcommunity vpn-target 55:55 import-extcommunity # mpls lsr-id 1.1.1.9 mpls # mpls ldp # isis 1 network-entity 10.1111.1111.1111.00 # interface GigabitEthernet1/0/0 undo shutdown ipv6 enable ipv6 binding vpn6-instance vpna ipv6 address 2001::2/64 # interface GigabitEthernet2/0/0 undo shutdown

4-62

Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd.

Issue 03 (2008-09-22)

Quidway NetEngine80E/40E Core Router Configuration Guide - VPN

4 BGP/MPLS IPv6 VPN Configuration

ipv6 enable ipv6 binding vpn6-instance vpnb ipv6 address 2003::2/64 # interface Pos3/0/0 link-protocol ppp undo shutdown ip address 192.168.1.1 255.255.255.0 isis enable 1 mpls mpls ldp # interface LoopBack1 ip address 1.1.1.9 255.255.255.255 isis enable 1 # bgp 100 peer 3.3.3.9 as-number 100 peer 3.3.3.9 connect-interface LoopBack1 # ipv4-family unicast undo synchronization peer 3.3.3.9 enable # ipv6-family vpnv6 policy vpn-target peer 3.3.3.9 enable # ipv6-family vpn6-instance vpna import-route direct peer 2001::1 as-number 65410 # ipv6-family vpn6-instance vpnb import-route direct import-route static # ipv6 route-static vpn6-instance vpnb 1998:: 64 2003::1 # return l

Configuration file of P
# sysname P # mpls lsr-id 2.2.2.9 mpls # mpls ldp # isis 1 network-entity 20.2222.2222.2222.00 # interface Pos1/0/0 link-protocol ppp undo shutdown ip address 192.168.1.2 255.255.255.0 isis enable 1 mpls mpls ldp # interface Pos2/0/0 link-protocol ppp undo shutdown ip address 192.168.2.1 255.255.255.0 isis enable 1 mpls mpls ldp # interface LoopBack1 ip address 2.2.2.9 255.255.255.255

Issue 03 (2008-09-22)

Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd.

4-63

4 BGP/MPLS IPv6 VPN Configuration


isis enable 1 # return l

Quidway NetEngine80E/40E Core Router Configuration Guide - VPN

Configuration file of PE2


# sysname PE2 # ipv6 # ipv6 vpn6-instance vpna route-distinguisher 300:1 vpn-target 33:33 export-extcommunity vpn-target 22:22 import-extcommunity # ipv6 vpn6-instance vpnb route-distinguisher 400:1 vpn-target 55:55 export-extcommunity vpn-target 44:44 import-extcommunity # mpls lsr-id 3.3.3.9 mpls # mpls ldp # isis 1 network-entity 30.3333.3333.3333.00 # isis 10 vpn6-instance vpna network-entity 30.4444.4444.4444.4444.00 # ipv6 enable topology standard ipv6 import-route bgp # # interface GigabitEthernet1/0/0 undo shutdown ipv6 enable ipv6 binding vpn6-instance vpnb ipv6 address 2005::2/64 ripng 100 enable # interface GigabitEthernet2/0/0 undo shutdown ipv6 enable ipv6 binding vpn6-instance vpna ipv6 address 2004::2/64 isis ipv6 enable 10 # interface Pos3/0/0 link-protocol ppp undo shutdown ip address 192.168.2.2 255.255.255.0 isis enable 1 mpls mpls ldp # interface LoopBack1 ip address 3.3.3.9 255.255.255.255 isis enable 1 # bgp 100 peer 1.1.1.9 as-number 100 peer 1.1.1.9 connect-interface LoopBack1 # ipv4-family unicast undo synchronization peer 1.1.1.9 enable # ipv6-family vpnv6

4-64

Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd.

Issue 03 (2008-09-22)

Quidway NetEngine80E/40E Core Router Configuration Guide - VPN


policy vpn-target peer 1.1.1.9 enable # ipv6-family vpn6-instance vpna import-route isis 10 # ipv6-family vpn6-instance vpnb import-route ripng 100 # ripng 100 vpn6-instance vpnb import-route bgp # return l

4 BGP/MPLS IPv6 VPN Configuration

Configuration file of CE1


# sysname CE1 # ipv6 # interface GigabitEthernet1/0/0 undo shutdown ipv6 enable ipv6 address 2001::1/64 # interface GigabitEthernet2/0/0 undo shutdown ipv6 ebable ipv6 address 1998::1/64 # bgp 65410 router-id 10.10.10.10 peer 2001::2 as-number 100 # ipv6-family unicast undo synchronization import-route direct peer 2001::2 enable # return

Configuration file of CE2


# sysname CE2 # ipv6 # interface GigabitEthernet1/0/0 undo shutdown ipv6 enable ipv6 address 2003::1/64 # interface GigabitEthernet2/0/0 undo shutdown ipv6 enable ipv6 address 1998::1/64 # ipv6 route-static :: 0 2003::2 # return

Configuration file of CE3


# sysname CE3 # ipv6 # isis 10 network-entity 30.2222.2222.2222.00 #

Issue 03 (2008-09-22)

Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd.

4-65

4 BGP/MPLS IPv6 VPN Configuration


ipv6 enable topology standard # # interface GigabitEthernet1/0/0 undo shutdown ipv6 enable ipv6 address 2004::1/64 isis ipv6 enable 10 # interface GigabitEthernet2/0/0 undo shutdown ipv6 enable ipv6 address 1999::1/64 isis ipv6 enable 10 # return l

Quidway NetEngine80E/40E Core Router Configuration Guide - VPN

Configuration file of CE4


# sysname CE4 # ipv6 # interface GigabitEthernet1/0/0 undo shutdown ipv6 enable ipv6 address 2005::1/64 ripng 100 enable # interface GigabitEthernet2/0/0 undo shutdown ipv6 enable ipv6 address 1999::1/64 ripng 100 enable # ripng 100 # return

4.11.2 Example for Configuring Hub and Spoke (BGP4+ Between the PE and the CE)
Networking Requirements
As shown in Figure 4-3, the communication between the Spoke-CEs is controlled by the HubCE in the central site. That is, the traffic between the Spoke-CEs is forwarded by not only the Hub-PEs but also the Hub-CE. It is required that between the Hub-PE and the Hub-CE, and between the Spoke-PE and the Spoke-CE, routing information is exchanged by using BGP4+.

4-66

Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd.

Issue 03 (2008-09-22)

Quidway NetEngine80E/40E Core Router Configuration Guide - VPN

4 BGP/MPLS IPv6 VPN Configuration

Figure 4-3 Hub and Spoke networking diagram


AS: 65430 Hub-CE
GE1/0/0 2003::1/64 GE3/0/0 2003::2/64

GE2/0/0 2004::1/64 GE4/0/0 2004::2/64

Hub-PE
POS1/0/0 10.1.1.2/24 Loopback1 1.1.1.9/32 POS2/0/0 10.1.1.1/24 GE1/0/0 2001::2/64 POS2/0/0 11.1.1.2/24 Loopback1 2.2.2.9/32 Loopback1 3.3.3.9/32 POS2/0/0 11.1.1.1/24

Spoke-PE1 Backbone AS100

Spoke-PE2 GE1/0/0
2002::2/64

GE1/0/0 2001::1/64

GE1/0/0 2002::1/64

Spoke-CE1 AS: 65410

SpokeCE2 AS: 65420

Configuration Roadmap
The configuration roadmap is as follows: 1. 2. Set up the IBGP peer relationship between the Hub-PE and Spoke-PE. (Do not set up the tunnel and the IBGP peer relationship between the Spoke-PEs.) Create two IPv6 VPN instances, namely, vpn_in and vpn_out on the Hub-PE. Set the VPNTarget community attribute received by vpn_in as those advertised by two Spoke-PEs. Set the VPN target community attribute advertised by vpn_out to be the VPN target community attribute received by the two Spoke-PEs and to be different from the attributes received by vpn_out. Create an IPv6 VPN instance on the Spoke-PE. Set the imported VPN target community attribute to be the one that advertised by vpn_out. Set the advertised VPN target community attribute to be the one received by vpn_in. Configure BGP4+ between the CE and the PE. Configure Hub-PE to receive the route with the AS repeated for one time.

3.

4. 5.

Data Preparation
To configure the hub and spoke, you need the following data:
l

MPLS LSR IDs on the PE


Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd. 4-67

Issue 03 (2008-09-22)

4 BGP/MPLS IPv6 VPN Configuration


l

Quidway NetEngine80E/40E Core Router Configuration Guide - VPN

The IPv6 VPN instance names of the Hub-PE and Spoke-PE, RD and the VPN-Target

Configuration Procedures
1. Configure IGP to implement the inter-networking between the Hub-PE and the Spoke-PE in the backbone network. The OSPF is used in this example, and the specific configuration procedures are not mentioned. After the configuration, the OSPF neighbor relationship is established between the PEs. After running the display ospf peer command, you can see that the status of the neighbor is Full. After running the display ip routing-table command on the PE, you can see the imported loopback routes of the peer. 2. Configure the basic MPLS capabilities and MPLS LDP on the backbone networks and establish LDP LSP. The specific configuration procedures are not mentioned here. After the configuration, LDP neighbor relationship is established between the Hub-PE and the Spoke-PE. After running the display mpls ldp session command on each device, you can see that the field of Session State is "Operational". 3. Configure IPv6 VPN instances on each PE and connect the CE to the PE.
NOTE

The VPN targets of the two IPv6 VPN instances on the Hub-PE are the VPN targets advertised by the two Spoke-PEs. In addition, the exported VPN targets are different from the imported VPN targets.

Configure the IPv6 VPN instance for the Spoke-PE and import the VPN target that is the VPN target advertised by the Hub-PE. # Configure Spoke-PE1.
<Spoke-PE1> system-view [Spoke-PE1] ipv6 vpn6-instance vpna [Spoke-PE1-vpn6-instance-vpna] route-distinguisher 100:1 [Spoke-PE1-vpn6-instance-vpna] vpn-target 100:1 export-extcommunity [Spoke-PE1-vpn6-instance-vpna] vpn-target 200:1 import-extcommunity [Spoke-PE1-vpn6-instance-vpna] quit [Spoke-PE1] interface gigabitethernet 1/0/0 [Spoke-PE1-GigabitEthernet1/0/0] ipv6 enable [Spoke-PE1-GigabitEthernet1/0/0] ipv6 binding vpn6-instance vpna [Spoke-PE1-GigabitEthernet1/0/0] ipv6 address 2001::2 64 [Spoke-PE1-GigabitEthernet1/0/0] quit

# Configure Spoke-PE2.
<Spoke-PE2> system-view [Spoke-PE2] ipv6 vpn6-instance vpna [Spoke-PE2-vpn6-instance-vpna] route-distinguisher 100:3 [Spoke-PE2-vpn6-instance-vpna] vpn-target 100:1 export-extcommunity [Spoke-PE2-vpn6-instance-vpna] vpn-target 200:1 import-extcommunity [Spoke-PE2-vpn6-instance-vpna] quit [Spoke-PE2] interface gigabitethernet 1/0/0 [Spoke-PE2-GigabitEthernet1/0/0] ipv6 enable [Spoke-PE2-GigabitEthernet1/0/0] ipv6 binding vpn6-instance vpna [Spoke-PE2-GigabitEthernet1/0/0] ipv6 address 2002::2 64 [Spoke-PE2-GigabitEthernet1/0/0] quit

# Configure Hub-PE.
<Hub-PE> system-view

4-68

Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd.

Issue 03 (2008-09-22)

Quidway NetEngine80E/40E Core Router Configuration Guide - VPN

4 BGP/MPLS IPv6 VPN Configuration

[Hub-PE] ipv6 vpn6-instance vpn_in [Hub-PE-vpn6-instance-vpn_in] route-distinguisher 100:21 [Hub-PE-vpn6-instance-vpn_in] vpn-target 100:1 import-extcommunity [Hub-PE-vpn6-instance-vpn_in] quit [Hub-PE] ipv6 vpn6-instance vpn_out [Hub-PE-vpn6-instance-vpn_out] route-distinguisher 100:22 [Hub-PE-vpn6-instance-vpn_out] vpn-target 200:1 export-extcommunity [Hub-PE-vpn6-instance-vpn_out] quit [Hub-PE] interface gigabitethernet 3/0/0 [Hub-PE-GigabitEthernet3/0/0] ipv6 enable [Hub-PE-GigabitEthernet3/0/0] ipv6 binding vpn6-instance vpn_in [Hub-PE-GigabitEthernet3/0/0] ipv6 address 2003::2 64 [Hub-PE-GigabitEthernet3/0/0] quit [Hub-PE] interface gigabitethernet 4/0/0 [Hub-PE-GigabitEthernet4/0/0] ipv6 enable [Hub-PE-GigabitEthernet4/0/0] ipv6 binding vpn6-instance vpn_out [Hub-PE-GigabitEthernet4/0/0] ipv6 address 2004::2 64 [Hub-PE-GigabitEthernet4/0/0] quit

# Configure IPv6 addresses of the CE interfaces as shown in Figure 4-3. The configuration procedures are not mentioned here. After the configuration, run the display ipv6 vpn6-instance verbose command on the PE devices, and you can see the configurations of IPv6 VPN instances. Take the Hub-PE as an example:
[Hub-PE] display ipv6 vpn6-instance verbose Total VPN6-Instances configured: 2 VPN6-Instance Name and ID: vpn_in, 1 Create date: 2006/10/12 13:13:32 Up time: 0 days, 00 hours, 09 minutes and 40 seconds Route Distinguisher: 100:21 Import VPN Targets: 100:1 Label policy: label per route Interfaces: GigabitEthernet3/0/0 VPN6-Instance Name and ID: vpn_out, 2 Create date: 2006/10/12 13:13:38 Up time: 0 days, 00 hours, 09 minutes and 34 seconds Route Distinguisher: 100:22 Export VPN Targets: 200:1 Label policy: label per route Interfaces: GigabitEthernet4/0/0

4.

Establish EBGP peers between the PE and the CE and import the VPN routes. # Configure Spoke-CE1.
<Spoke-CE1> system-view [Spoke-CE1] bgp 65410 [Spoke-CE1-bgp] router-id 10.10.10.10 [Spoke-CE1-bgp] peer 2001::2 as-number 100 [Spoke-CE1-bgp] ipv6-family unicast [Spoke-CE1-bgp-af-ipv6] peer 2001::2 enable [Spoke-CE1-bgp-af-ipv6] import-route direct [Spoke-CE1-bgp-af-ipv6] quit [Spoke-CE1-bgp] quit

# Configure Spoke-PE 1.
[Spoke-PE1] bgp 100 [Spoke-PE1-bgp] ipv6-family vpn6-instance vpna [Spoke-PE1-bgp6-vpna] peer 2001::1 as-number 65410 [Spoke-PE1-bgp6-vpna] import-route direct [Spoke-PE1-bgp6-vpna] quit [Spoke-PE1-bgp] quit

# Configure Spoke-CE 2.
<Spoke-CE2> system-view [Spoke-CE2] bgp 65420 [Spoke-CE2-bgp] router-id 20.20.20.20 [Spoke-CE2-bgp] peer 2002::2 as-number 100

Issue 03 (2008-09-22)

Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd.

4-69

4 BGP/MPLS IPv6 VPN Configuration


[Spoke-CE2-bgp] ipv6-family unicast [Spoke-CE2-bgp-af-ipv6] peer 2002::2 enable [Spoke-CE2-bgp-af-ipv6] import-route direct [Spoke-CE2-bgp-af-ipv6] quit [Spoke-CE2-bgp] quit

Quidway NetEngine80E/40E Core Router Configuration Guide - VPN

# Configure Spoke-PE 2.
[Spoke-PE2] bgp 100 [Spoke-PE2-bgp] ipv6-family vpn6-instance vpna [Spoke-PE2-bgp6-vpna] peer 2001::1 as-number 65420 [Spoke-PE2-bgp6-vpna] import-route direct [Spoke-PE2-bgp6-vpna] quit [Spoke-PE2-bgp] quit

# Configure Hub-CE.
<Hub-CE1> system-view [Hub-CE] bgp 65430 [Hub-CE-bgp] router-id 30.30.30.30 [Hub-CE-bgp] peer 2003::2 as-number 100 [Hub-CE-bgp] peer 2004::2 as-number 100 [Hub-CE-bgp] ipv6-family unicast [Hub-CE-bgp-af-ipv6] peer 2003::2 enable [Hub-CE-bgp-af-ipv6] peer 2004::2 enable [Hub-CE-bgp-af-ipv6] import-route direct [Hub-CE-bgp-af-ipv6] quit [Hub-CE-bgp] quit

# Configure Hub-PE.
[Hub-PE] bgp 100 [Hub-PE-bgp] ipv6-family vpn6-instance vpn_in [Hub-PE-bgp6-vpn_in] peer 2003::1 as-number 65430 [Hub-PE-bgp6-vpn_in] import-route direct [Hub-PE-bgp6-vpn_in] quit [Hub-PE-bgp] ipv6-family vpn6-instance vpn_out [Hub-PE-bgp6-vpn_out] peer 2004::1 as-number 65430 [Hub-PE-bgp6-vpn_out] peer 2004::1 allow-as-loop 1 [Hub-PE-bgp6-vpn_out] import-route direct [Hub-PE-bgp6-vpn_out] quit [Hub-PE-bgp] quit

After the configuration, run the display bgp vpnv6 all peer command on each PE devices and you can see that the BGP peer relationship is established between the PE and the CE. Each PE can ping through its attached CEs using the ping ipv6 vpn6-instance command. Take the Hub-PE as an example:
[Hub-PE] ping ipv6 vpn6-instance vpn_in -a 2003::2 2003::1 PING 2003::1 : 56 data bytes, press CTRL_C to break Reply from 2003::1 bytes=56 Sequence=1 hop limit=64 time = 31 ms Reply from 2003::1 bytes=56 Sequence=2 hop limit=64 time = 31 ms Reply from 2003::1 bytes=56 Sequence=3 hop limit=64 time = 31 ms Reply from 2003::1 bytes=56 Sequence=4 hop limit=64 time = 31 ms Reply from 2003::1 bytes=56 Sequence=5 hop limit=64 time = 31 ms --- 2003::1 ping statistics --5 packet(s) transmitted 5 packet(s) received 0.00% packet loss round-trip min/avg/max = 31/31/31 ms [Hub-PE] ping ipv6 vpn6-instance vpn_out -a 2004::2 2004::1 PING 2004::1 : 56 data bytes, press CTRL_C to break Reply from 2004::1 bytes=56 Sequence=1 hop limit=64 time = 31 ms Reply from 2004::1 bytes=56 Sequence=2 hop limit=64 time = 31 ms Reply from 2004::1

4-70

Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd.

Issue 03 (2008-09-22)

Quidway NetEngine80E/40E Core Router Configuration Guide - VPN


bytes=56 Sequence=3 hop limit=64 Reply from 2004::1 bytes=56 Sequence=4 hop limit=64 Reply from 2004::1 bytes=56 Sequence=5 hop limit=64 --- 2004::1 ping statistics --5 packet(s) transmitted 5 packet(s) received 0.00% packet loss round-trip min/avg/max = 31/31/31
NOTE

4 BGP/MPLS IPv6 VPN Configuration


time = 31 ms time = 31 ms time = 31 ms

ms

When using the ping ipv6 vpn6-instance command to ping the CE that accesses the peer PE, specify the source IPv6 address, that is, specify the parameter -a source-ipv6-address in the ping ipv6 -a source-ipv6-address dest-ipv6-address vpn6-instance vpn6-instance-name command if multiple interfaces bound with the same VPN exist on the PE. Otherwise, the ping may fail.

5.

Establish MP-IBGP peers between the PEs.


NOTE

You need not allow the AS number to be repeated once on the Spoke-PE because a router does not check the AS-PATH attribute when the router receives the routes advertised by the IBGP peer.

# Configure Spoke-PE 1.
[Spoke-PE1] bgp 100 [Spoke-PE1-bgp] peer 2.2.2.9 as-number 100 [Spoke-PE1-bgp] peer 2.2.2.9 connect-interface loopback 1 [Spoke-PE1-bgp] ipv6-family vpnv6 [Spoke-PE1-bgp-af-vpnv6] peer 2.2.2.9 enable [Spoke-PE1-bgp-af-vpnv6] quit

# Configure Spoke-PE 2.
[Spoke-PE2] bgp 100 [Spoke-PE2-bgp] peer 2.2.2.9 as-number 100 [Spoke-PE2-bgp] peer 2.2.2.9 connect-interface loopback 1 [Spoke-PE2-bgp] ipv6-family vpnv6 [Spoke-PE2-bgp-af-vpnv6] peer 2.2.2.9 enable [Spoke-PE2-bgp-af-vpnv6] quit

# Configure Hub-PE.
[Hub-PE] bgp 100 [Hub-PE-bgp] peer 1.1.1.9 as-number 100 [Hub-PE-bgp] peer 1.1.1.9 connect-interface loopback 1 [Hub-PE-bgp] peer 3.3.3.9 as-number 100 [Hub-PE-bgp] peer 3.3.3.9 connect-interface loopback 1 [Hub-PE-bgp] ipv6-family vpnv6 [Hub-PE-bgp-af-vpnv6] peer 1.1.1.9 enable [Hub-PE-bgp-af-vpnv6] peer 3.3.3.9 enable [Hub-PE-bgp-af-vpnv6] quit

After the configuration, run the display bgp peer or display bgp vpnv6 all peer command on each PE device. You can see the BGP peer relationship is established between the PEs. 6. Verify the configuration. After the configuration, the Spoke-CEs can ping through each other. Run the tracert command, and you can see that the traffic between Spoke-CEs is forwarded through HubCE. You can also deduce the number of forwarding devices between Spoke-CEs based on the TTL in the Ping result. Take Spoke-CE 1 as an example:
[Spoke-CE1] ping ipv6 2002::1 PING 2002::1 : 56 data bytes, press CTRL_C to break Reply from 2002::1 bytes=56 Sequence=1 hop limit=59 time = 187 ms Reply from 2002::1 bytes=56 Sequence=2 hop limit=59 time = 187 ms Reply from 2002::1

Issue 03 (2008-09-22)

Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd.

4-71

4 BGP/MPLS IPv6 VPN Configuration

Quidway NetEngine80E/40E Core Router Configuration Guide - VPN


187 ms 187 ms 187 ms

bytes=56 Sequence=3 hop limit=59 time = Reply from 2002::1 bytes=56 Sequence=4 hop limit=59 time = Reply from 2002::1 bytes=56 Sequence=5 hop limit=59 time = --- 2002::1 ping statistics --5 packet(s) transmitted 5 packet(s) received 0.00% packet loss round-trip min/avg/max = 187/187/187 ms [Spoke-CE1] tracert ipv6 2002::1 traceroute to 2002::1 30 hops max,60 bytes 1 2001::2 31 ms 31 ms 32 ms 2 2004::2 93 ms 94 ms 110 ms 3 2004::1 93 ms 94 ms 94 ms 4 2003::2 94 ms 93 ms 94 ms 5 2002::2 156 ms 157 ms 156 ms 6 2002::1 187 ms 188 ms 187 ms

packet

Run the display bgp ipv6 routing-table command on Spoke-CE, and you can see that there are repetitive AS numbers in AS paths of the BGP routes toward the remote SpokeCE. Take Spoke-CE 1 as an example:
[Spoke-CE1] display bgp ipv6 routing-table Total Number of Routes: 8 BGP Local router ID is 10.10.10.10 Status codes: * - valid, > - best, d - damped, h - history, i - internal, s - suppressed, S - Stale Origin : i - IGP, e - EGP, ? - incomplete *> Network : ::1 PrefixLen : NextHop : :: LocPrf : MED : 0 PrefVal : Label : Path/Ogn : ? *> Network : 2001:: PrefixLen : NextHop : :: LocPrf : MED : 0 PrefVal : Label : Path/Ogn : ? * NextHop : 2001::2 LocPrf : MED : 0 PrefVal : Label : Path/Ogn : 100 ? *> Network : 2001::1 PrefixLen : NextHop : :: LocPrf : MED : 0 PrefVal : Label : Path/Ogn : ? *> Network : 2002:: PrefixLen : NextHop : 2001::2 LocPrf : MED : PrefVal : Label : Path/Ogn : 100 65430 100 ? *> Network : 2003:: PrefixLen : NextHop : 2001::2 LocPrf : MED : PrefVal : Label : Path/Ogn : 100 65430 ? *> Network : 2004:: PrefixLen : NextHop : 2001::2 LocPrf : MED : PrefVal : Label : Path/Ogn : 100 ? *> Network : FE80:: PrefixLen : NextHop : :: LocPrf : MED : 0 PrefVal : Label :

128 0 64 0

0 128 0 64 0 64 0 64 0 10 0

4-72

Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd.

Issue 03 (2008-09-22)

Quidway NetEngine80E/40E Core Router Configuration Guide - VPN


Path/Ogn : ?

4 BGP/MPLS IPv6 VPN Configuration

Configuration Files
l

Configuration file of Spoke-CE 1


# sysname Spoke-CE1 # ipv6 # interface GigabitEthernet1/0/0 undo shutdown ipv6 enable ipv6 address 2001::1/64 # bgp 65410 router-id 10.10.10.10 peer 2001::2 as-number 100 # ipv6-family unicast undo synchronization import-route direct peer 2001::2 enable # return

Configuration file of Spoke-PE 1


# sysname Spoke-PE1 # ipv6 # ipv6 vpn6-instance vpna route-distinguisher 100:1 vpn-target 100:1 export-extcommunity vpn-target 200:1 import-extcommunity # mpls lsr-id 1.1.1.9 mpls lsp-trigger all # mpls ldp # interface GigabitEthernet1/0/0 undo shutdown ipv6 enable ipv6 binding vpn6-instance vpna ipv6 address 2001::2/64 # interface Pos2/0/0 link-protocol ppp undo shutdown ip address 10.1.1.1 255.255.255.0 mpls mpls ldp # interface LoopBack1 ip address 1.1.1.9 255.255.255.255 # bgp 100 peer 2.2.2.9 as-number 100 peer 2.2.2.9 connect-interface LoopBack1 # ipv4-family unicast undo synchronization peer 2.2.2.9 enable # ipv6-family vpnv6 policy vpn-target

Issue 03 (2008-09-22)

Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd.

4-73

4 BGP/MPLS IPv6 VPN Configuration


peer 2.2.2.9 enable # ipv6-family vpn6-instance vpna peer 2001::1 as-number 65410 import-route direct # ospf 1 area 0.0.0.0 network 10.1.1.0 0.0.0.255 network 1.1.1.9 0.0.0.0 # return l

Quidway NetEngine80E/40E Core Router Configuration Guide - VPN

Configuration file of Spoke-PE 2


# sysname Spoke-PE2 # ipv6 # ipv6 vpn6-instance vpna route-distinguisher 100:3 vpn-target 100:1 export-extcommunity vpn-target 200:1 import-extcommunity # mpls lsr-id 3.3.3.9 mpls lsp-trigger all # mpls ldp # interface GigabitEthernet1/0/0 undo shutdown ipv6 enable ipv6 binding vpn6-instance vpna ipv6 address 2002::2/64 # interface Pos2/0/0 link-protocol ppp undo shutdown ip address 11.1.1.1 255.255.255.0 mpls mpls ldp # interface LoopBack1 ip address 3.3.3.9 255.255.255.255 # bgp 100 peer 2.2.2.9 as-number 100 peer 2.2.2.9 connect-interface LoopBack1 # ipv4-family unicast undo synchronization peer 2.2.2.9 enable # ipv6-family vpnv6 policy vpn-target peer 2.2.2.9 enable # ipv6-family vpn6-instance vpna peer 2002::1 as-number 65420 import-route direct # ospf 1 area 0.0.0.0 network 3.3.3.9 0.0.0.0 network 11.1.1.0 0.0.0.255 # return

Configuration file of Spoke-CE 2


Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd. Issue 03 (2008-09-22)

4-74

Quidway NetEngine80E/40E Core Router Configuration Guide - VPN


# sysname Spoke-CE2 # ipv6 # interface GigabitEthernet1/0/0 undo shutdown ipv6 enable ipv6 address 2002::1/64 # bgp 65420 router-id 20.20.20.20 peer 2002::2 as-number 100 # ipv6-family unicast undo synchronization import-route direct peer 2002::2 enable # return l

4 BGP/MPLS IPv6 VPN Configuration

Configuration file of Hub-CE


# sysname Hub-CE # ipv6 # interface GigabitEthernet1/0/0 undo shutdown ipv6 enable ipv6 address 2003::1/64 # interface GigabitEthernet2/0/0 undo shutdown ipv6 enable ipv6 address 2004::1/64 # bgp 65430 router-id 30.30.30.30 peer 2003::2 as-number 100 peer 2004::2 as-number 100 # ipv6-family unicast undo synchronization import-route direct peer 2003::2 enable peer 2004::2 enable # return

Configuration file of Hub-PE


# sysname Hub-PE # ipv6 # ipv6 vpn6-instance vpn_in route-distinguisher 100:21 vpn-target 100:1 import-extcommunity # ipv6 vpn6-instance vpn_out route-distinguisher 100:22 vpn-target 200:1 export-extcommunity # mpls lsr-id 2.2.2.9 mpls lsp-trigger all # mpls ldp #

Issue 03 (2008-09-22)

Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd.

4-75

4 BGP/MPLS IPv6 VPN Configuration


interface GigabitEthernet3/0/0 undo shutdown ipv6 enable ipv6 binding vpn6-instance vpn_in ipv6 address 2003::2/64 # interface GigabitEthernet4/0/0 undo shutdown ipv6 enable ipv6 binding vpn6-instance vpn_out ipv6 address 2004::2/64 # interface Pos1/0/0 link-protocol ppp undo shutdown ip address 10.1.1.2 255.255.255.0 mpls mpls ldp # interface Pos2/0/0 link-protocol ppp undo shutdown ip address 11.1.1.2 255.255.255.0 mpls mpls ldp # interface LoopBack1 ip address 2.2.2.9 255.255.255.255 # bgp 100 peer 1.1.1.9 as-number 100 peer 1.1.1.9 connect-interface LoopBack1 peer 3.3.3.9 as-number 100 peer 3.3.3.9 connect-interface LoopBack1 # ipv4-family unicast undo synchronization peer 1.1.1.9 enable peer 3.3.3.9 enable # ipv6-family vpnv6 policy vpn-target peer 1.1.1.9 enable peer 3.3.3.9 enable # ipv6-family vpn6-instance vpn_in peer 2003::1 as-number 65430 import-route direct # ipv6-family vpn6-instance vpn_out peer 2004::1 as-number 65430 peer 2004::1 allow-as-loop import-route direct # ospf 1 area 0.0.0.0 network 2.2.2.9 0.0.0.0 network 10.1.1.0 0.0.0.255 network 11.1.1.0 0.0.0.255 # return

Quidway NetEngine80E/40E Core Router Configuration Guide - VPN

4.11.3 Example for Configuring Hub and Spoke (Default Route Between the Hub-PE and the Hub-CE)

4-76

Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd.

Issue 03 (2008-09-22)

Quidway NetEngine80E/40E Core Router Configuration Guide - VPN

4 BGP/MPLS IPv6 VPN Configuration

Networking Requirements
As shown in Figure 4-4, the communication between the Spoke-CEs is controlled by the HubCE in the central site. That is, the traffic between the Spoke-CEs is forwarded by not only the Hub-PEs but also the Hub-CE. It is required that the default route is used between the Hub-PE and the Hub-CE. Figure 4-4 Hub&Spoke networking diagram
AS: 65430 Hub-CE
GE1/0/0 2003::1/64 GE3/0/0 2003::2/64

GE2/0/0 2004::1/64 GE4/0/0 2004::2/64

Hub-PE
POS1/0/0 10.1.1.2/24 Loopback1 1.1.1.9/32 POS2/0/0 10.1.1.1/24 GE1/0/0 2001::2/64 POS2/0/0 11.1.1.2/24 Loopback1 2.2.2.9/32 Loopback1 3.3.3.9/32 POS2/0/0 11.1.1.1/24

Spoke-PE1 Backbone AS100

Spoke-PE2 GE1/0/0
2002::2/64

GE1/0/0 2001::1/64

GE1/0/0 2002::1/64

Spoke-CE1 AS: 65410

SpokeCE2 AS: 65420

Configuration Roadmap
The configuration roadmap is as follows: 1. 2. Set up the IBGP peer relationship between the Hub-PE and Spoke-PE. (Do not set up the IBGP peer relationship between the Spoke-PEs.) Create two IPv6 VPN instances, namely, vpn_in and vpn_out on the Hub-PE. Set the VPNTarget community attribute received by vpn_in as those advertised by two Spoke-PEs. Set the VPN target community attribute advertised by vpn_out to be the VPN target community attribute received by the two Spoke-PEs and to be different from the attributes received by vpn_out. Create an IPv6 VPN instance on the Spoke-PE. The VPN-target attribute received by the instance is that advertised by vpn_out; the VPN-target attribute advertised by the instance is that received by vpn_in. Configure the default route as follows:
Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd. 4-77

3.

4.
Issue 03 (2008-09-22)

4 BGP/MPLS IPv6 VPN Configuration


l

Quidway NetEngine80E/40E Core Router Configuration Guide - VPN

Configure the IPv6 default route on the Hub-PE with the next hop address is the IPv6 address of the Hub-PE interface bound with vpn_in. Configure the default route on the Hub-PE with the next hop being Hub-CE. Run the network :: 0 command on the Hub-PE in the BGP VPN6 instance address family view of the vpn_out to advertise the default route to all the Spokes.

l l

5.

Configure EBGP4+ between the CE and the PE.

Data Preparation
To configure the hub and spoke, you need the following data:
l l

MPLS LSR-ID of the PE The IPv6 VPN instance name of the Hub-PE and Spoke-PE, RD and the VPN-Target

Configuration Procedures
1. Configure IGP to implement the inter-networking between the Hub-PE and the Spoke-PE in the backbone network. The OSPF is used in this example, and the specific configuration procedures are not mentioned. After the configuration, the OSPF neighbor relationship is established between the PEs. After running the display ospf peer command, you can see that the status of the neighbor is Full. After running the display ip routing-table command on the PE, you can see the imported loopback routes of the peer. 2. Configure the basic MPLS capabilities and MPLS LDP on the backbone networks to establish LDP LSP. The specific configuration procedures are not mentioned here. After the configuration, LDP neighbor relationship is established between the Hub-PE and the Spoke-PE. After running the display mpls ldp session command on each device, you can see that the status of the session is "Operational". 3. Configure IPv6 VPN instances on each PE and connect the CE to the PE. Configure the IPv6 VPN instance for the Spoke-PE and import the VPN target that is the VPN target advertised by the Hub-PE. # Configure Spoke-PE1.
[Spoke-PE1] ipv6 vpn6-instance vpna [Spoke-PE1-vpn6-instance-vpna] route-distinguisher 100:1 [Spoke-PE1-vpn6-instance-vpna] vpn-target 100:1 export-extcommunity [Spoke-PE1-vpn6-instance-vpna] vpn-target 200:1 import-extcommunity [Spoke-PE1-vpn6-instance-vpna] quit [Spoke-PE1] interface gigabitethernet 1/0/0 [Spoke-PE1-GigabitEthernet1/0/0] ipv6 binding vpn6-instance vpna [Spoke-PE1-GigabitEthernet1/0/0] ipv6 address 2001::2 64 [Spoke-PE1-GigabitEthernet1/0/0] quit

# Configure Spoke-PE2.
[Spoke-PE2] ipv6 vpn6-instance [Spoke-PE2-vpn6-instance-vpna] [Spoke-PE2-vpn6-instance-vpna] [Spoke-PE2-vpn6-instance-vpna] [Spoke-PE2-vpn6-instance-vpna] vpna route-distinguisher 100:3 vpn-target 100:1 export-extcommunity vpn-target 200:1 import-extcommunity quit

4-78

Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd.

Issue 03 (2008-09-22)

Quidway NetEngine80E/40E Core Router Configuration Guide - VPN

4 BGP/MPLS IPv6 VPN Configuration

[Spoke-PE2] interface gigabitethernet 1/0/0 [Spoke-PE2-GigabitEthernet1/0/0] ipv6 binding vpn6-instance vpna [Spoke-PE2-GigabitEthernet1/0/0] ipv6 address 2002::2 64 [Spoke-PE2-GigabitEthernet1/0/0] quit

# Configure Hub-PE.
[Hub-PE] ipv6 vpn6-instance vpn_in [Hub-PE-vpn6-instance-vpn_in] route-distinguisher 100:21 [Hub-PE-vpn6-instance-vpn_in] vpn-target 100:1 import-extcommunity [Hub-PE-vpn6-instance-vpn_in] quit [Hub-PE] ipv6 vpn6-instance vpn_out [Hub-PE-vpn6-instance-vpn_out] route-distinguisher 100:22 [Hub-PE-vpn6-instance-vpn_out] vpn-target 200:1 export-extcommunity [Hub-PE-vpn6-instance-vpn_out] quit [Hub-PE] interface gigabitethernet 3/0/0 [Hub-PE-GigabitEthernet3/0/0] ipv6 binding vpn6-instance vpn_in [Hub-PE-GigabitEthernet3/0/0] ipv6 address 2003::2 64 [Hub-PE-GigabitEthernet3/0/0] quit [Hub-PE] interface gigabitethernet 4/0/0 [Hub-PE-GigabitEthernet4/0/0] ipv6 binding vpn6-instance vpn_out [Hub-PE-GigabitEthernet4/0/0] ipv6 address 2004::2 64 [Hub-PE-GigabitEthernet4/0/0] quit

# Configure IPv6 addresses of the CE interfaces as shown in Figure 4-4. The configuration procedures are not mentioned here. After the configuration, run the display ipv6 vpn6-instance verbose command on the PE devices, and you can see the configurations of IPv6 VPN instances. Take Hub-PE as an example:
[Hub-PE] display ipv6 vpn6-instance verbose Total VPN6-Instances configured : 2 VPN6-Instance Name and ID : vpn_in, 1 Create date : 2006/10/12 13:13:32 Up time : 0 days, 00 hours, 09 minutes and 40 seconds Route Distinguisher : 100:21 Import VPN Targets : 100:1 Label policy : label per route Interfaces : GigabitEthernet3/0/0 VPN6-Instance Name and ID : vpn_out, 2 Create date : 2006/10/12 13:13:38 Up time : 0 days, 00 hours, 09 minutes and 34 seconds Route Distinguisher : 100:22 Export VPN Targets : 200:1 Label policy : label per route Interfaces : GigabitEthernet4/0/0

4.

Establish EBGP peers between the Spoke-PE and the Spoke-CE and import the VPN routes. # Configure Spoke-CE1.
<Spoke-CE1> system-view [Spoke-CE1] bgp 65410 [Spoke-CE1-bgp] router-id 10.10.10.10 [Spoke-CE1-bgp] peer 2001::2 as-number 100 [Spoke-CE1-bgp] ipv6-family unicast [Spoke-CE1-bgp-af-ipv6] peer 2001::2 enable [Spoke-CE1-bgp-af-ipv6] import-route direct [Spoke-CE1-bgp-af-ipv6] quit [Spoke-CE1-bgp] quit

# Configure Spoke-PE1.
[Spoke-PE1] bgp 100 [Spoke-PE1-bgp] ipv6-family vpn6-instance vpna [Spoke-PE1-bgp6-vpna] peer 2001::1 as-number 65410 [Spoke-PE1-bgp6-vpna] import-route direct [Spoke-PE1-bgp6-vpna] quit [Spoke-PE1-bgp] quit

# Configure Spoke-CE2.
Issue 03 (2008-09-22) Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd. 4-79

4 BGP/MPLS IPv6 VPN Configuration


<Spoke-CE2> system-view [Spoke-CE2] bgp 65420 [Spoke-CE2-bgp] router-id 20.20.20.20 [Spoke-CE2-bgp] peer 2002::2 as-number 100 [Spoke-CE2-bgp] ipv6-family unicast [Spoke-CE2-bgp-af-ipv6] peer 2002::2 enable [Spoke-CE2-bgp-af-ipv6] import-route direct [Spoke-CE2-bgp-af-ipv6] quit [Spoke-CE2-bgp] quit

Quidway NetEngine80E/40E Core Router Configuration Guide - VPN

# Configure Spoke-PE2.
[Spoke-PE2] bgp 100 [Spoke-PE2-bgp] ipv6-family vpn6-instance vpna [Spoke-PE2-bgp6-vpna] peer 2001::1 as-number 65420 [Spoke-PE2-bgp6-vpna] import-route direct [Spoke-PE2-bgp6-vpna] quit [Spoke-PE2-bgp] quit

After the configuration, run the display bgp vpnv6 all peer command on the PE devices, and you can see the BGP peer relationship is set up between the PEs and the CEs. The peer status is Established. The PEs can successfully ping the CEs that the PEs access by using the ping ipv6 vpn6-instance command.
NOTE

When using the ping ipv6 vpn6-instance command to ping the CE that accesses the peer PE, specify the source IPv6 address, that is, specify the parameter -a source-ipv6-address in the ping ipv6 -a source-ipv6-address dest-ipv6-address vpn6-instance vpn6-instance-name command if multiple interfaces bound with the same VPN exist on the PE. Otherwise, the ping may fail.

5.

Configure the default route on the Hub-PE and the Hub-CE. # Configure Hub-CE.
[Spoke-CE1] ipv6 route-static :: 0 2003::2

# Configure Hub-PE. # Configure the default route for vpn_out with the next hop being the Hub-CE.
[Hub-PE] ipv6 route-static vpn6-instance vpn_out :: 0 2004::1

# Advertise the default route through MP-IBGP.


[Hub-PE] bgp 100 [Hub-PE-bgp] ipv6-family vpn6-instance vpn_out [Hub-PE-bgp6-vpn_out] network :: 0

#Advertise the direct route through MP-IBGP.


[Hub-PE-bgp6-vpn_out] import-route direct [Hub-PE-bgp6-vpn_out] quit [Hub-PE-bgp] quit

6.

Set up the MP-IBGP peer relationship between the PEs.


NOTE

You need not allow the AS number to be repeated once on the Spoke-PE because a router does not check the AS-PATH attribute when the router receives the routes advertised by the IBGP peer.

# Configure Spoke-PE1.
[Spoke-PE1] bgp 100 [Spoke-PE1-bgp] peer 2.2.2.9 as-number 100 [Spoke-PE1-bgp] peer 2.2.2.9 connect-interface loopback 1 [Spoke-PE1-bgp] ipv6-family vpnv6 [Spoke-PE1-bgp-af-vpnv6] peer 2.2.2.9 enable [Spoke-PE1-bgp-af-vpnv6] quit

# Configure Spoke-PE2.
[Spoke-PE2] bgp [Spoke-PE2-bgp] [Spoke-PE2-bgp] [Spoke-PE2-bgp] 100 peer 2.2.2.9 as-number 100 peer 2.2.2.9 connect-interface loopback 1 ipv6-family vpnv6

4-80

Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd.

Issue 03 (2008-09-22)

Quidway NetEngine80E/40E Core Router Configuration Guide - VPN


[Spoke-PE2-bgp-af-vpnv6] peer 2.2.2.9 enable [Spoke-PE2-bgp-af-vpnv6] quit

4 BGP/MPLS IPv6 VPN Configuration

# Configure Hub-PE.
[Hub-PE] bgp 100 [Hub-PE-bgp] peer 1.1.1.9 as-number 100 [Hub-PE-bgp] peer 1.1.1.9 connect-interface loopback 1 [Hub-PE-bgp] peer 3.3.3.9 as-number 100 [Hub-PE-bgp] peer 3.3.3.9 connect-interface loopback 1 [Hub-PE-bgp] ipv6-family vpnv6 [Hub-PE-bgp-af-vpnv6] peer 1.1.1.9 enable [Hub-PE-bgp-af-vpnv6] peer 3.3.3.9 enable [Hub-PE-bgp-af-vpnv6] quit

After the configuration, run the display bgp vpnv6 all peer command on each PE device. You can see the BGP peer relationship is set up between the PEs. 7. Verify the configuration. After the configuration, check the BGP VPN-IPv6 routes on the Spoke-PE, you can find the vpn_out default route on the Hub-PE has been advertised to each Spoke-PE. Take Spoke-PE1 as an example:
[Spoke-PE1] display bgp vpnv6 all routing-table BGP Local router ID is 1.1.1.1 Status codes: * - valid, > - best, d - damped, h - history, i - internal, s - suppressed, S - Stale Origin : i - IGP, e - EGP, ? - incomplete Total number of routes from all PE: 2 Route Distinguisher: 100:22 *>i Network : :: PrefixLen : NextHop : ::FFFF:3.3.3.3 LocPrf : MED : 0 PrefVal : Label : 15365 Path/Ogn : i *>i Network : 2004:: PrefixLen : NextHop : ::FFFF:3.3.3.3 LocPrf : MED : 0 PrefVal : Label : 15364 Path/Ogn : ? Total routes of vpn6-instance vpna: 6 *>i Network : :: PrefixLen : NextHop : ::FFFF:3.3.3.3 LocPrf : MED : 0 PrefVal : Label : 15365 Path/Ogn : i *> Network : 2001:: PrefixLen : NextHop : :: LocPrf : MED : 0 PrefVal : Label : NULL Path/Ogn : ? * NextHop : 2001::1 LocPrf : MED : 0 PrefVal : Label : NULL Path/Ogn : 65410 ? *> Network : 2001::2 PrefixLen : NextHop : :: LocPrf : MED : 0 PrefVal : Label : NULL Path/Ogn : ? *>i Network : 2004:: PrefixLen : NextHop : ::FFFF:3.3.3.3 LocPrf : MED : 0 PrefVal : Label : 15364 Path/Ogn : ? *> Network : FE80:: PrefixLen : NextHop : :: LocPrf : MED : 0 PrefVal : Label : NULL

0 100 0 64 100 0

0 100 0 64 0

0 128 0 64 100 0 10 0

Issue 03 (2008-09-22)

Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd.

4-81

4 BGP/MPLS IPv6 VPN Configuration


Path/Ogn : ?

Quidway NetEngine80E/40E Core Router Configuration Guide - VPN

The Spoke-CEs can ping through each other. Run the tracert command, and you can see that the traffic between Spoke-CEs is forwarded through Hub-CE. You can also deduce the number of forwarding devices between Spoke-CEs based on the TTL in the Ping result. Take Spoke-CE1 as an example:
[Spoke-CE1] ping ipv6 2002::1 PING 2002::1 : 56 data bytes, press CTRL_C to break Reply from 2002::1 bytes=56 Sequence=1 hop limit=59 time = 187 ms Reply from 2002::1 bytes=56 Sequence=2 hop limit=59 time = 187 ms Reply from 2002::1 bytes=56 Sequence=3 hop limit=59 time = 187 ms Reply from 2002::1 bytes=56 Sequence=4 hop limit=59 time = 187 ms Reply from 2002::1 bytes=56 Sequence=5 hop limit=59 time = 187 ms --- 2002::1 ping statistics --5 packet(s) transmitted 5 packet(s) received 0.00% packet loss round-trip min/avg/max = 187/187/187 ms [Spoke-CE1] tracert ipv6 2002::1 traceroute to 2002::1 30 hops max,60 bytes packet 1 2001::2 16 ms 31 ms 16 ms 2 2004::2 78 ms 62 ms 63 ms 3 2004::1 62 ms 63 ms 62 ms 4 2003::2 63 ms 62 ms 63 ms 5 2002::2 109 ms 94 ms 109 ms 6 2002::1 125 ms 141 ms 125 ms

Run the display bgp ipv6 routing-table command on the Spoke-CE, and you can see that the default route advertised by peer Spoke-PE through BGP. Running the display ipv6 routing-table command, you can find the default route with the next hop being the peer Spoke-PE. Take Spoke-CE1 as an example:
[Spoke-CE1] display bgp ipv6 routing-table Total Number of Routes: 6 BGP Local router ID is 10.10.10.10 Status codes: * - valid, > - best, d - damped, h - history, i - internal, s - suppressed, S - Stale Origin : i - IGP, e - EGP, ? - incomplete *> Network : :: PrefixLen : 0 NextHop : 2001::2 LocPrf : MED : PrefVal : 0 Label : Path/Ogn : 100 ? *> Network : ::1 PrefixLen : 128 NextHop : :: LocPrf : MED : 0 PrefVal : 0 Label : Path/Ogn : ? *> Network : 2001:: PrefixLen : 64 NextHop : :: LocPrf : MED : 0 PrefVal : 0 Label : Path/Ogn : ? * NextHop : 2001::2 LocPrf : MED : 0 PrefVal : 0 Label : Path/Ogn : 100 ? *> Network : 2001::1 PrefixLen : 128 NextHop : :: LocPrf : MED : 0 PrefVal : 0 Label :

4-82

Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd.

Issue 03 (2008-09-22)

Quidway NetEngine80E/40E Core Router Configuration Guide - VPN


Path/Ogn : ? Network : FE80:: NextHop : :: MED : 0 Label : Path/Ogn : ? [Spoke-CE1] display ipv6 routing-table Routing Table : Public Destinations : 6 Routes : 6 Destination : :: NextHop : 2001::2 Interface : Serial6/0/0 State : Active Adv Tunnel ID : 0x0 Age : 8568sec Destination : ::1 NextHop : ::1 Interface : InLoopBack0 State : Active NoAdv Tunnel ID : 0x0 Age : 14437sec Destination : 2001:: NextHop : 2001::1 Interface : Serial6/0/0 State : Active Adv Tunnel ID : 0x0 Age : 9500sec Destination : 2001::1 NextHop : ::1 Interface : InLoopBack0 State : Active NoAdv Tunnel ID : 0x0 Age : 9500sec Destination : 2004:: NextHop : 2001::2 Interface : Serial6/0/0 State : Active Adv Tunnel ID : 0x0 Age : 9410sec Destination : FE80:: NextHop : :: Interface : NULL0 State : Active NoAdv Tunnel ID : 0x0 Age : 9502sec *>

4 BGP/MPLS IPv6 VPN Configuration

PrefixLen : 10 LocPrf : PrefVal : 0

PrefixLength Preference Protocol Cost Label PrefixLength Preference Protocol Cost Label PrefixLength Preference Protocol Cost Label PrefixLength Preference Protocol Cost Label PrefixLength Preference Protocol Cost Label PrefixLength Preference Protocol Cost Label

: : : : : : : : : : : : : : : : : : : : : : : : : : : : : :

0 255 BGP 0 NULL 128 0 Direct 0 NULL 64 0 Direct 0 NULL 128 0 Direct 0 NULL 64 255 BGP 0 NULL 10 0 Direct 0 NULL

Configuration Files
l

Configuration file of Spoke-CE1


# sysname Spoke-CE1 # ipv6 # interface GigabitEthernet1/0/0 ipv6 address 2001::1/64 # bgp 65410 router-id 10.10.10.10 peer 2001::2 as-number 100 # ipv6-family unicast undo synchronization import-route direct peer 2001::2 enable # return

Issue 03 (2008-09-22)

Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd.

4-83

4 BGP/MPLS IPv6 VPN Configuration


l

Quidway NetEngine80E/40E Core Router Configuration Guide - VPN

Configuration file of Spoke-PE1


# sysname Spoke-PE1 # ipv6 # ipv6 vpn6-instance vpna route-distinguisher 100:1 vpn-target 100:1 export-extcommunity vpn-target 200:1 import-extcommunity # mpls lsr-id 1.1.1.9 mpls lsp-trigger all # mpls ldp # interface GigabitEthernet1/0/0 ipv6 binding vpn6-instance vpna ipv6 address 2001::2/64 # interface Pos2/0/0 link-protocol ppp ip address 10.1.1.1 255.255.255.0 mpls mpls ldp # interface LoopBack1 ip address 1.1.1.9 255.255.255.255 # bgp 100 peer 2.2.2.9 as-number 100 peer 2.2.2.9 connect-interface LoopBack1 # ipv4-family unicast undo synchronization peer 2.2.2.9 enable # ipv6-family vpnv6 policy vpn-target peer 2.2.2.9 enable # ipv6-family vpn6-instance vpna peer 2001::1 as-number 65410 import-route direct # ospf 1 area 0.0.0.0 network 10.1.1.0 0.0.0.255 network 1.1.1.9 0.0.0.0 # return

Configuration file of Spoke-PE2


# sysname Spoke-PE2 # ipv6 # ipv6 vpn6-instance vpna route-distinguisher 100:3 vpn-target 100:1 export-extcommunity vpn-target 200:1 import-extcommunity # mpls lsr-id 3.3.3.9 mpls lsp-trigger all # mpls ldp

4-84

Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd.

Issue 03 (2008-09-22)

Quidway NetEngine80E/40E Core Router Configuration Guide - VPN


# interface GigabitEthernet1/0/0 ipv6 binding vpn6-instance vpna ipv6 address 2002::2/64 # interface Pos2/0/0 link-protocol ppp ip address 11.1.1.1 255.255.255.0 mpls mpls ldp # interface LoopBack1 ip address 3.3.3.9 255.255.255.255 # bgp 100 peer 2.2.2.9 as-number 100 peer 2.2.2.9 connect-interface LoopBack1 # ipv4-family unicast undo synchronization peer 2.2.2.9 enable # ipv6-family vpnv6 policy vpn-target peer 2.2.2.9 enable # ipv6-family vpn6-instance vpna peer 2002::1 as-number 65420 import-route direct # ospf 1 area 0.0.0.0 network 3.3.3.9 0.0.0.0 network 11.1.1.0 0.0.0.255 # return l

4 BGP/MPLS IPv6 VPN Configuration

Configuration file of Spoke-CE2


# sysname Spoke-CE2 # ipv6 # interface GigabitEthernet1/0/0 ipv6 address 2002::1/64 # bgp 65420 router-id 20.20.20.20 peer 2002::2 as-number 100 # ipv6-family unicast undo synchronization import-route direct peer 2002::2 enable # return

Configuration file of Hub-CE


# sysname Hub-CE # ipv6 # interface GigabitEthernet1/0/0 ipv6 address 2003::1/64 # interface GigabitEthernet2/0/0 ipv6 address 2004::1/64 # ipv6 route-static :: 0 2003::2

Issue 03 (2008-09-22)

Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd.

4-85

4 BGP/MPLS IPv6 VPN Configuration


# return l

Quidway NetEngine80E/40E Core Router Configuration Guide - VPN

Configuration file of Hub-PE


# sysname Hub-PE # ipv6 # ipv6 vpn6-instance vpn_in route-distinguisher 100:21 vpn-target 100:1 import-extcommunity # ipv6 vpn6-instance vpn_out route-distinguisher 100:22 vpn-target 200:1 export-extcommunity # mpls lsr-id 2.2.2.9 mpls lsp-trigger all # mpls ldp # interface GigabitEthernet3/0/0 ipv6 binding vpn6-instance vpn_in ipv6 address 2003::2/64 # interface GigabitEthernet4/0/0 ipv6 binding vpn6-instance vpn_out ipv6 address 2004::2/64 # interface Pos1/0/0 link-protocol ppp ip address 10.1.1.2 255.255.255.0 mpls mpls ldp # interface Pos2/0/0 link-protocol ppp ip address 11.1.1.2 255.255.255.0 mpls mpls ldp # interface LoopBack1 ip address 2.2.2.9 255.255.255.255 # bgp 100 peer 1.1.1.9 as-number 100 peer 1.1.1.9 connect-interface LoopBack1 peer 3.3.3.9 as-number 100 peer 3.3.3.9 connect-interface LoopBack1 # ipv4-family unicast undo synchronization peer 1.1.1.9 enable peer 3.3.3.9 enable # ipv6-family vpnv6 policy vpn-target peer 1.1.1.9 enable peer 3.3.3.9 enable # ipv6-family vpn6-instance vpn_out network :: 0 import-route direct # ospf 1 area 0.0.0.0 network 2.2.2.9 0.0.0.0 network 10.1.1.0 0.0.0.255

4-86

Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd.

Issue 03 (2008-09-22)

Quidway NetEngine80E/40E Core Router Configuration Guide - VPN

4 BGP/MPLS IPv6 VPN Configuration

network 11.1.1.0 0.0.0.255 # ipv6 route-static vpn6-instance vpn_out :: 0 2004::1 # return

4.11.4 Example for Configuring Inter-AS VPN Option A


Networking Requirements
As shown in Figure 4-5, CE1 and CE2 belong to the same VPN. The CE1 accesses the network through the PE1 in AS 100 and the CE2 accesses the network through the PE2 in AS 200. The inter-AS BGP/MPLS IPv6 VPN is implemented using Option A. That is, VRF-to-VRF method is used to manage the VPN routes. Figure 4-5 Networking diagram 1 of inter-AS VPN
BGP/MPLS Backbone AS 100 BGP/MPLS Backbone AS 200

Loopback1 2.2.2.9/32

Loopback1 3.3.3.9/32 POS2/0/0 2003::2/64

POS2/0/0 POS1/0/0 2003::1/64 172.1.1.1/24 Loopback1 ASBR -PE1 1.1.1.9/32

POS1/0/0 162.1.1.1/24 Loopback1 ASBR-PE2 4.4.4.9/32 POS1/0/0 162.1.1.2/24 GE2/0/0 2002::2/64 GE1/0/0 2002::1/64

PE1

POS1/0/0 172.1.1.2/24 GE2/0/0 2001::2/64 GE1/0/0 2001::1/64

PE2

CE1 AS 65001

CE2 AS 65002

Configuration Roadmap
The configuration roadmap is as follows: 1. 2. Set up the EBGP peer relationship between the PE and the CE. Set up the MP-IBGP peer relationship between the PE and the ASBR-PE. Create the IPv6 VPN instance on two ASBR-PEs and bind the instance to the interface that is connected with another ASBR-PE and set up the EBGP peer relationship between ASBRPEs.

Data Preparation
To complete the configuration, you need the following data:
l

MPLS LSR-ID of the PE and the ASBR-PE


Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd. 4-87

Issue 03 (2008-09-22)

4 BGP/MPLS IPv6 VPN Configuration


l

Quidway NetEngine80E/40E Core Router Configuration Guide - VPN

The IPv6 VPN instance names of the PE and the ASBR-PE, RD and the VPN-Target

Configuration Procedures
1. Configure IGP on the MPLS backbone of AS 100 and AS 200 respectively to make ASBRPE and PE can reach each other in the same AS. OSPF is used as the IGP in this example, the configuration procedure is not mentioned.
NOTE

The 32-bit address of the loopback interface used as LSR ID should be advertised by OSPF.

After the configuration, the OSPF neighbor relationship should be established between the ASBR-PE and the PE of the same AS. Run the display ospf peer command to find that the OSPF neighbor relationship is in "Full" state. The ASBR-PE and the PE in the same AS can learn the Loopback interface address of each other and can ping through each other. 2. Configure basic MPLS capability and MPLS LDP on the MPLS backbone of AS 100 and AS 200 respectively to set up LDP LSP. # Configure basic MPLS capability on PE1 and LDP is enabled on the interface connecting ASBR-PE1.
[PE1] mpls lsr-id 1.1.1.9 [PE1] mpls [PE1-mpls] lsp-trigger all [PE1-mpls] quit [PE1] mpls ldp [PE1-mpls-ldp] quit [PE1] interface pos1/0/0 [PE1-Pos1/0/0] mpls [PE1-Pos1/0/0] mpls ldp [PE1-Pos1/0/0] quit

# Configure basic MPLS capability on ASBR-PE1 and LDP is enabled on the interface connecting PE1.
[ASBR-PE1] mpls lsr-id 2.2.2.9 [ASBR-PE1] mpls [ASBR-PE1-mpls] lsp-trigger all [ASBR-PE1-mpls] quit [ASBR-PE1] mpls ldp [ASBR-PE1-mpls-ldp] quit [ASBR-PE1] interface pos1/0/0 [ASBR-PE1-Pos1/0/0] mpls [ASBR-PE1-Pos1/0/0] mpls ldp [ASBR-PE1-Pos1/0/0] quit

# Configure basic MPLS capability on ASBR-PE2 and LDP is enabled on the interface connecting PE2.
[ASBR-PE2] mpls lsr-id 3.3.3.9 [ASBR-PE2] mpls [ASBR-PE2-mpls] lsp-trigger all [ASBR-PE2-mpls] quit [ASBR-PE2] mpls ldp [ASBR-PE2-mpls-ldp] quit [ASBR-PE2] interface pos1/0/0 [ASBR-PE2-Pos1/0/0] mpls [ASBR-PE2-Pos1/0/0] mpls ldp [ASBR-PE2-Pos1/0/0] quit

# Configure basic MPLS capability on PE2 and LDP is enabled on the interface connecting ASBR-PE2.
[PE2] mpls lsr-id 4.4.4.9 [PE2] mpls [PE2-mpls] lsp-trigger all

4-88

Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd.

Issue 03 (2008-09-22)

Quidway NetEngine80E/40E Core Router Configuration Guide - VPN


[PE2-mpls] quit [PE2] mpls ldp [PE2-mpls-ldp] quit [PE2] interface pos1/0/0 [PE2-Pos1/0/0] mpls [PE2-Pos1/0/0] mpls ldp [PE2-Pos1/0/0] quit

4 BGP/MPLS IPv6 VPN Configuration

After the configuration, the LDP neighbor relationship should be established between the PE and the ASBR-PE in the same AS. Running the display mpls ldp session command on the routers, you can find the session state is "Operational" in the output information. Take PE1 as an example.
[PE1] display mpls ldp session LDP Session(s) in Public Network -------------------------------------------------------------------------Peer-ID Status LAM SsnRole SsnAge KA-Sent/Rcv -------------------------------------------------------------------------2.2.2.9:0 Operational DU Passive 000:00:02 9/9 -------------------------------------------------------------------------LAM : Label Advertisement Mode SsnAge Unit : DDD:HH:MM

3.

Configure basic BGP/MPLS IPv6 VPN on the MPLS backbone of AS 100 and AS 200 respectively.
NOTE

The VPN-Targets of the IPv6 VPN instances of the ASBR-PE and the PE in the same AS should be matched. In different ASs, the matching of the VPN-Target attributes of the PEs is unnecessary.

# Configure CE1.
[CE1] interface gigabitethernet 1/0/0 [CE1-GigabitEthernet1/0/0] ipv6 address 2001::1 64 [CE1-GigabitEthernet1/0/0] quit [CE1] bgp 65001 [CE1-bgp] router-id 10.10.10.10 [CE1-bgp] peer 2001::2 as-number 100 [CE1-bgp] ipv6-family unicast [CE1-bgp-af-ipv6] peer 2001::2 enable [CE1-bgp-af-ipv6] import-route direct [CE1-bgp-af-ipv6] quit [CE1-bgp] quit

# Configure PE1 to set up the EBGP peer relationship with CE1.


[PE1] ipv6 vpn6-instance vpn1 [PE1-vpn6-instance-vpn1] route-distinguisher 100:1 [PE1-vpn6-instance-vpn1] vpn-target 1:1 both [PE1-vpn6-instance-vpn1] quit [PE1] interface gigabitethernet 2/0/0 [PE1-GigabitEthernet2/0/0] ipv6 binding vpn6-instance vpn1 [PE1-GigabitEthernet2/0/0] ipv6 address 2001::2 64 [PE1-GigabitEthernet2/0/0] quit [PE1] bgp 100 [PE1-bgp] ipv6-family vpn6-instance vpn1 [PE1-bgp6-vpn1] peer 2001::1 as-number 65001 [PE1-bgp6-vpn1] import-route direct [PE1-bgp6-vpn1] quit [PE1-bgp] quit

# Configure PE1 to set up the MP-IBGP peer relationship with ASBR-PE1.


[PE1] bgp 100 [PE1-bgp] peer 2.2.2.9 as-number 100 [PE1-bgp] peer 2.2.2.9 connect-interface loopback 1 [PE1-bgp] ipv6-family vpnv6 [PE1-bgp-af-vpnv6] peer 2.2.2.9 enable [PE1-bgp-af-vpnv6] quit

# Configure ASBR-PE1 to set up the MP-IBGP peer relationship with PE1.


[ASBR-PE1] bgp 100

Issue 03 (2008-09-22)

Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd.

4-89

4 BGP/MPLS IPv6 VPN Configuration

Quidway NetEngine80E/40E Core Router Configuration Guide - VPN

[ASBR-PE1-bgp] peer 1.1.1.9 as-number 100 [ASBR-PE1-bgp] peer 1.1.1.9 connect-interface loopback 1 [ASBR-PE1-bgp] ipv6-family vpnv6 [ASBR-PE1-bgp-af-vpnv6] peer 1.1.1.9 enable [ASBR-PE1-bgp-af-vpnv6] quit [ASBR-PE1-bgp] quit
NOTE

The configurations of CE2, PE2 and ASBR-PE2 are similar to that of CE1, PE1 and ASBR-PE1 and are not mentioned here.

After the above configurations, run the display bgp vpnv6 vpn6-instance peer. You can find the BGP relationship between PE and CE is set up, that is the "State" in display is "Established". Run display bgp vpnv6 all peer to find the BGP peer relationship is "Established" between the PE and the CE, and between the PE and the ASBR-PE. Take PE1 as an example.
[PE1] display bgp vpnv6 vpn6-instance vpn1 peer BGP local router ID : 1.1.1.9 Local AS number : 100 Total number of peers : 1 Peers in established state : 1 Peer V AS MsgRcvd MsgSent OutQ Up/Down State PrefRcv 2001::1 4 65001 14 12 0 00:08:36 Established 1 [PE1] display bgp vpnv6 all peer BGP local router ID : 1.1.1.9 Local AS number : 100 Total number of peers : 2 Peers in established state : 2 Peer V AS MsgRcvd MsgSent OutQ Up/Down State PrefRcv 2.2.2.9 4 100 13 12 0 00:09:10 Established 0 Peer of vpn6 instance : vpn6 instance vpn1 : 2001::1 4 65001 17 14 0 00:11:09 Established 1

4.

Configure inter-AS VPN in VRF-to-VRF mode. # Configure ASBR-PE1. Create an IPv6 VPN instance and bind it to the interface connecting ASBR-PE2. (ASBR-PE1 regards ASBR-PE2 as its own CE.)
[ASBR-PE1] ipv6 vpn6-instance vpn1 [ASBR-PE1-vpn6-instance-vpn1] route-distinguisher 100:2 [ASBR-PE1-vpn6-instance-vpn1] vpn-target 1:1 both [ASBR-PE1-vpn6-instance-vpn1] quit [ASBR-PE1] interface pos 2/0/0 [ASBR-PE1-Pos2/0/0] ipv6 binding vpn6-instance vpn1 [ASBR-PE1-Pos2/0/0] ipv6 address 2003::1 64 [ASBR-PE1-Pos2/0/0] quit

# Configure ASBR-PE2. Create an IPv6 VPN instance and bind it to the interface connecting ASBR-PE1. (ASBR-PE2 regards ASBR-PE1 as its CE.)
[ASBR-PE2] ipv6 vpn6-instance vpn1 [ASBR-PE2-vpn6-instance-vpn1] route-distinguisher 200:2 [ASBR-PE2-vpn6-instance-vpn1] vpn-target 2:2 both [ASBR-PE2-vpn6-instance-vpn1] quit [ASBR-PE2] interface pos 2/0/0 [ASBR-PE2-Pos2/0/0] ipv6 binding vpn6-instance vpn1 [ASBR-PE2-Pos2/0/0] ipv6 address 2003::2 64 [ASBR-PE2-Pos2/0/0] quit

# Configure ASBR-PE1 to set up the EBGP peer relationship with ASBR-PE2.


[ASBR-PE1] bgp 100 [ASBR-PE1-bgp] ipv6-family vpn6-instance vpn1 [ASBR-PE1-bgp6-vpn1] peer 2003::2 as-number 200 [ASBR-PE1-bgp6-vpn1] import-route direct [ASBR-PE1-bgp6-vpn1] quit [ASBR-PE1-bgp] quit

# Configure ASBR-PE2 to set up the EBGP peer relationship with ASBR-PE1.


[ASBR-PE2] bgp 200 [ASBR-PE2-bgp] ipv6-family vpn6-instance vpn1

4-90

Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd.

Issue 03 (2008-09-22)

Quidway NetEngine80E/40E Core Router Configuration Guide - VPN

4 BGP/MPLS IPv6 VPN Configuration

[ASBR-PE2-bgp6-vpn1] peer 2003::1 as-number 100 [ASBR-PE2-bgp6-vpn1] import-route direct [ASBR-PE2-bgp6-vpn1] quit [ASBR-PE2-bgp] quit

After the above configuration, run the display bgp vpnv6 vpn6-instance peer command, and you can see that the BGP peer relationship is established between the ASBR-PEs. 5. Verify the configuration. After the above configuration, the CEs learn interface routes of each other. CE1 and CE2 can ping through each other. Take CE1 as an example.
[CE1] display ipv6 routing-table Routing Table : Public Destinations : 4 Routes : 4 Destination : ::1 NextHop : ::1 Interface : InLoopBack0 State : Active NoAdv Tunnel ID : 0x0 Age : 10889sec Destination : 2001:: NextHop : 2001::1 Interface : GigabitEthernet1/0/0 State : Active Adv Tunnel ID : 0x0 Age : 789sec Destination : 2001::1 NextHop : ::1 Interface : InLoopBack0 State : Active NoAdv Tunnel ID : 0x0 Age : 789sec Destination : FE80:: NextHop : :: Interface : NULL0 State : Active NoAdv Tunnel ID : 0x0 Age : 792sec [CE1] ping ipv6 2002::1 PING 2002::1 : 56 data bytes, press CTRL_C to break Reply from 2002::1 bytes=56 Sequence=1 hop limit=60 time = 94 ms Reply from 2002::1 bytes=56 Sequence=2 hop limit=60 time = 109 ms Reply from 2002::1 bytes=56 Sequence=3 hop limit=60 time = 110 ms Reply from 2002::1 bytes=56 Sequence=4 hop limit=60 time = 94 ms Reply from 2002::1 bytes=56 Sequence=5 hop limit=60 time = 110 ms --- 2002::1 ping statistics --5 packet(s) transmitted 5 packet(s) received 0.00% packet loss round-trip min/avg/max = 94/103/110 ms

PrefixLength Preference Protocol Cost Label PrefixLength Preference Protocol Cost Label PrefixLength Preference Protocol Cost Label PrefixLength Preference Protocol Cost Label

: : : : : : : : : : : : : : : : : : : :

128 0 Direct 0 NULL 64 0 Direct 0 NULL 128 0 Direct 0 NULL 10 0 Direct 0 NULL

Run the display ipv6 routing-table vpn6-instance command on ASBR-PE to see the information of the IPv6 VPN routing table.
[ASBR-PE1] display ipv6 routing-table vpn6-instance vpn1 Routing Table : vpn1 Destinations : 5 Routes : 5 Destination : 2001:: PrefixLength NextHop : ::FFFF:1.1.1.9 Preference Interface : NULL0 Protocol State : Active Adv GotQ Cost Tunnel ID : 0x6002000 Label Age : 1937sec

: : : : :

64 255 BGP 0 15360

Issue 03 (2008-09-22)

Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd.

4-91

4 BGP/MPLS IPv6 VPN Configuration


Destination NextHop Interface State Tunnel ID Age Destination NextHop Interface State Tunnel ID Age Destination NextHop Interface State Tunnel ID Age Destination NextHop Interface State Tunnel ID Age : : : : : : : : : : : : : : : : : : : : : : : : 2002:: 2003::2 Pos2/0/0 Active Adv 0x0 432sec 2003:: 2003::1 Pos2/0/0 Active Adv 0x0 1435sec 2003::1 ::1 InLoopBack0 Active NoAdv 0x0 1436sec FE80:: :: NULL0 Active NoAdv 0x0 1438sec

Quidway NetEngine80E/40E Core Router Configuration Guide - VPN


PrefixLength Preference Protocol Cost Label PrefixLength Preference Protocol Cost Label PrefixLength Preference Protocol Cost Label PrefixLength Preference Protocol Cost Label : : : : : : : : : : : : : : : : : : : : 64 255 BGP 0 NULL 64 0 Direct 0 NULL 128 0 Direct 0 NULL 10 0 Direct 0 NULL

Run the display bgp vpnv6 all routing-table command on the ASBR-PE, and you can see the VPN-IPv6 routes on the ASBR-PE.
[ASBR-PE1] display bgp vpnv6 all routing-table BGP Local router ID is 2.2.2.9 Status codes: * - valid, > - best, d - damped, h - history, i - internal, s - suppressed, S - Stale Origin : i - IGP, e - EGP, ? - incomplete Total number of routes from all PE: 1 Route Distinguisher: 100:1 *>i Network : 2001:: PrefixLen : NextHop : ::FFFF:1.1.1.9 LocPrf : MED : 0 PrefVal : Label : 15360 Path/Ogn : ? Total routes of vpn6-instance vpn1: 6 *>i Network : 2001:: PrefixLen : NextHop : ::FFFF:1.1.1.9 LocPrf : MED : 0 PrefVal : Label : 15360 Path/Ogn : ? *> Network : 2002:: PrefixLen : NextHop : 2003::2 LocPrf : MED : PrefVal : Label : NULL Path/Ogn : 200 ? *> Network : 2003:: PrefixLen : NextHop : :: LocPrf : MED : 0 PrefVal : Label : NULL Path/Ogn : ? * NextHop : 2003::2 LocPrf : MED : 0 PrefVal : Label : NULL Path/Ogn : 200 ? *> Network : 2003::1 PrefixLen : NextHop : :: LocPrf : MED : 0 PrefVal : Label : NULL Path/Ogn : ? *> Network : FE80:: PrefixLen : NextHop : :: LocPrf : MED : 0 PrefVal : Label : NULL

64 100 0

64 100 0 64 0 64 0

0 128 0 10 0

4-92

Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd.

Issue 03 (2008-09-22)

Quidway NetEngine80E/40E Core Router Configuration Guide - VPN


Path/Ogn : ?

4 BGP/MPLS IPv6 VPN Configuration

Configuration Files
l

Configuration file of CE1


# sysname CE1 # ipv6 # interface GigabitEthernet1/0/0 ipv6 address 2001::1/64 # bgp 65001 router-id 10.10.10.10 peer 2001::2 as-number 100 # ipv6-family unicast undo synchronization import-route direct peer 2001::2 enable # return

Configuration file of PE1


# sysname PE1 # ipv6 # ipv6 vpn6-instance vpn1 route-distinguisher 100:1 vpn-target 1:1 export-extcommunity vpn-target 1:1 import-extcommunity # mpls lsr-id 1.1.1.9 mpls lsp-trigger all # mpls ldp # interface GigabitEthernet2/0/0 ipv6 binding vpn6-instance vpn1 ipv6 address 2001::2/64 # interface Pos1/0/0 link-protocol ppp ip address 172.1.1.2 255.255.255.0 mpls mpls ldp # interface LoopBack1 ip address 1.1.1.9 255.255.255.255 # bgp 100 peer 2.2.2.9 as-number 100 peer 2.2.2.9 connect-interface LoopBack1 # ipv4-family unicast undo synchronization peer 2.2.2.9 enable # ipv6-family vpnv6 policy vpn-target peer 2.2.2.9 enable # ipv6-family vpn6-instance vpn1 peer 2001::1 as-number 65001 import-route direct

Issue 03 (2008-09-22)

Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd.

4-93

4 BGP/MPLS IPv6 VPN Configuration


# ospf 1 area 0.0.0.0 network 1.1.1.9 0.0.0.0 network 172.1.1.0 0.0.0.255 # return l

Quidway NetEngine80E/40E Core Router Configuration Guide - VPN

Configuration file of ASBR-PE 1


# sysname ASBR-PE1 # ipv6 vpn6-instance vpn1 route-distinguisher 100:2 vpn-target 1:1 export-extcommunity vpn-target 1:1 import-extcommunity # ipv6 # mpls lsr-id 2.2.2.9 mpls lsp-trigger all # mpls ldp # interface Pos1/0/0 link-protocol ppp ip address 172.1.1.1 255.255.255.0 mpls mpls ldp # interface Pos2/0/0 link-protocol ppp ipv6 binding vpn6-instance vpn1 ipv6 address 2003::1/64 # interface LoopBack1 ip address 2.2.2.9 255.255.255.255 # bgp 100 peer 1.1.1.9 as-number 100 peer 1.1.1.9 connect-interface LoopBack1 # ipv4-family unicast undo synchronization import-route direct peer 1.1.1.9 enable # ipv6-family vpnv6 policy vpn-target peer 1.1.1.9 enable # ipv6-family vpn6-instance vpn1 peer 2003::2 as-number 200 import-route direct # ospf 1 area 0.0.0.0 network 2.2.2.9 0.0.0.0 network 172.1.1.0 0.0.0.255 # return

Configuration file of ASBR-PE2


# sysname ASBR-PE2 # ipv6 vpn6-instance vpn1 route-distinguisher 200:2 vpn-target 2:2 export-extcommunity

4-94

Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd.

Issue 03 (2008-09-22)

Quidway NetEngine80E/40E Core Router Configuration Guide - VPN


vpn-target 2:2 import-extcommunity # ipv6 # mpls lsr-id 3.3.3.9 mpls lsp-trigger all # mpls ldp # interface Pos1/0/0 link-protocol ppp ip address 162.1.1.1 255.255.255.0 mpls mpls ldp # interface Pos2/0/0 link-protocol ppp ipv6 binding vpn6-instance vpn1 ipv6 address 2003::2/64 # interface LoopBack1 ip address 3.3.3.9 255.255.255.255 # bgp 200 peer 4.4.4.9 as-number 200 peer 4.4.4.9 connect-interface LoopBack1 # ipv4-family unicast undo synchronization peer 4.4.4.9 enable # ipv6-family vpnv6 policy vpn-target peer 4.4.4.9 enable # ipv6-family vpn6-instance vpn1 peer 2003::1 as-number 100 import-route direct # ospf 1 area 0.0.0.0 network 3.3.3.9 0.0.0.0 network 162.1.1.0 0.0.0.255 # return l

4 BGP/MPLS IPv6 VPN Configuration

Configuration file of PE2


# sysname PE2 # ipv6 vpn6-instance vpn1 route-distinguisher 200:1 vpn-target 2:2 export-extcommunity vpn-target 2:2 import-extcommunity # ipv6 # mpls lsr-id 4.4.4.9 mpls lsp-trigger all # mpls ldp # interface GigabitEthernet2/0/0 ipv6 binding vpn6-instance vpn1 ipv6 address 2002::2/64 # interface Pos1/0/0 link-protocol ppp

Issue 03 (2008-09-22)

Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd.

4-95

4 BGP/MPLS IPv6 VPN Configuration


ip address 162.1.1.2 255.255.255.0 mpls mpls ldp # interface LoopBack1 ip address 4.4.4.9 255.255.255.255 # bgp 200 peer 3.3.3.9 as-number 200 peer 3.3.3.9 connect-interface LoopBack1 # ipv4-family unicast undo synchronization peer 3.3.3.9 enable # ipv6-family vpnv6 policy vpn-target peer 3.3.3.9 enable # ipv6-family vpn6-instance vpn1 peer 2002::1 as-number 65002 import-route direct # ospf 1 area 0.0.0.0 network 4.4.4.9 0.0.0.0 network 162.1.1.0 0.0.0.255 # return l

Quidway NetEngine80E/40E Core Router Configuration Guide - VPN

Configuration file of CE2


# sysname CE2 # ipv6 # interface GigabitEthernet1/0/0 ipv6 address 2002::1/64 # bgp 65002 router-id 20.20.20.20 peer 2002::2 as-number 200 # ipv6-family unicast undo synchronization import-route direct peer 2002::2 enable # return

4.11.5 Example for Configuring Inter-AS VPN Option B


Networking Requirements
As shown in Figure 4-6, the CE1 and the CE2 belong to the same VPN. The CE1 accesses the network through the PE1 in the AS 100. The CE2 accesses the network through the PE2 in the AS 200. The two VPN sites use the IPv6 addresses.

4-96

Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd.

Issue 03 (2008-09-22)

Quidway NetEngine80E/40E Core Router Configuration Guide - VPN

4 BGP/MPLS IPv6 VPN Configuration

Figure 4-6 Networking diagram 2 of inter-AS VPN


BGP/MPLS Backbone AS 100 BGP/MPLS Backbone AS 200

Loopback1 2.2.2.9/32

Loopback1 3.3.3.9/32 POS2/0/0 192.1.1.2/24

POS2/0/0 POS1/0/0 192.1.1.1/24 172.1.1.1/24 Loopback1 ASBR -PE1 1.1.1.9/32

POS1/0/0 162.1.1.1/24 Loopback1 ASBR-PE2 4.4.4.9/32 POS1/0/0 162.1.1.2/24 GE2/0/0 2002::2/64 GE1/0/0 2002::1/64

PE1

POS1/0/0 172.1.1.2/24 GE2/0/0 2001::2/64 GE1/0/0 2001::1/64

PE2

CE1 AS 65001

CE2 AS 65002

The inter-AS BGP/MPLS IPv6 VPN is implemented using Option B:


l l

ASBR-PE1 switches VPN-IPv6 routes with ASBR-PE2 by MP-EBGP. ASBR-PEs do not perform VPN-Target filtering on the received VPN-IPv6 routes.

Configuration Roadmap
The configuration roadmap is as follows: 1. 2. 3. 4. Configure IGP on the backbone network to interconnect the ASBR-PE and the PE and set up MPLS LDP LSP between PE and ASBR PE. Set up the EBGP peer relationship between the PE and the CE. Set up the MP-IBGP peer relationship between the PE and the ASBR-PE. Configure the IPv6 VPN instance on the PE. (There is no need to configure the IPv6 VPN instance on the ASBR-PE.) Enable MPLS on the interfaces that are connected with ASBR-PEs. Set up the MP-EBGP peer relationship between ASBR-PEs. Do not configure VPN-Target filtration on the received VPN-IPv6 routes.

Data Preparation
To complete the configuration, you need the following data:
l l

MPLS LSR-IDs on the PEs and the ASBR-PEs The names, RDs and VPN-Targets of the IPv6 VPN instance configured on the PE1 and PE2

Configuration Procedures
1. Configure IGP on MPLS backbone of AS 100 and AS 200 respectively to make the PE and the ASBR-PE reach each other in the same AS.
Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd. 4-97

Issue 03 (2008-09-22)

4 BGP/MPLS IPv6 VPN Configuration

Quidway NetEngine80E/40E Core Router Configuration Guide - VPN

OSPF is used as the IGP in this example, the configuration procedure is not mentioned here.
NOTE

The address of the loopback interface in 32-bit used as the LSR ID should be advertised by OSPF.

After the configuration, the OSPF neighbor relationship should be established between the ASBR-PE and the PE of the same AS. Run the display ospf peer command to find that the status of the OSPF neighbor relationship is "Full". The ASBR-PE and the PE in the same AS can learn the Loopback addresses of each other and can ping through each other. 2. Configure MPLS basic capability and MPLS LDP on the backbone of AS 100 and AS 200 respectively to set up an LDP LSP. For configuration procedures, see Example for Configuring Inter-AS VPN Option A. 3. Configure basic BGP/MPLS IPv6 VPN on the backbone of AS 100 and AS 200 respectively.
NOTE

The VPN-Target of the IPv6 VPN instances on the PE1 and the PE2 should be matched.

For the configuration procedure, see the configuration files. 4. Configure inter-AS VPN-Option B mode. # Configure ASBR-PE1. Enable MPLS on POS2/0/0 connected with ASBR-PE2.
<ASBR-PE1> system-view [ASBR-PE1] interface pos 2/0/0 [ASBR-PE1-Pos2/0/0] ip address 192.1.1.1 24 [ASBR-PE1-Pos2/0/0] mpls [ASBR-PE1-Pos2/0/0] quit

# Configure ASBR-PE1. Establish MP-EBGP peer with ASBR-PE2 and perform no VPNTarget filtering on the received VPN-IPv6 routes.
[ASBR-PE1] bgp 100 [ASBR-PE1-bgp] peer 192.1.1.2 as-number 200 [ASBR-PE1-bgp] ipv6-family vpnv6 [ASBR-PE1-bgp-af-vpnv6] peer 192.1.1.2 enable [ASBR-PE1-bgp-af-vpnv6] undo policy vpn-target [ASBR-PE1-bgp-af-vpnv6] quit [ASBR-PE1-bgp] quit
NOTE

The configurations of ASBR-PE2 are similar to that of ASBR-PE1 and are not mentioned here.

5.

Verify the configuration. After the above configuration, the CEs can learn the interface routes of each other. CE1 and CE2 can be pinged successfully on each other. Take CE1 as an example.
[CE1] display ipv6 routing-table Routing Table : Public Destinations : 5 Routes : 5 Destination : ::1 NextHop : ::1 Interface : InLoopBack0 State : Active NoAdv Tunnel ID : 0x0 Age : 4662sec Destination : 2001:: NextHop : 2001::1 Interface : GigabitEthernet1/0/0 State : Active Adv Tunnel ID : 0x0

PrefixLength Preference Protocol Cost Label PrefixLength Preference Protocol Cost Label

: : : : : : : : : :

128 0 Direct 0 NULL 64 0 Direct 0 NULL

4-98

Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd.

Issue 03 (2008-09-22)

Quidway NetEngine80E/40E Core Router Configuration Guide - VPN

4 BGP/MPLS IPv6 VPN Configuration

Age : 1252sec Destination : 2001::1 NextHop : ::1 Interface : InLoopBack0 State : Active NoAdv Tunnel ID : 0x0 Age : 1252sec Destination : 2002:: NextHop : 2001::2 Interface : GigabitEthernet1/0/0 State : Active Adv Tunnel ID : 0x0 Age : 118sec Destination : FE80:: NextHop : :: Interface : NULL0 State : Active NoAdv Tunnel ID : 0x0 Age : 1255sec [CE1] ping ipv6 2002::1 PING 2002::1 : 56 data bytes, press CTRL_C to Reply from 2002::1 bytes=56 Sequence=1 hop limit=62 time = 125 Reply from 2002::1 bytes=56 Sequence=2 hop limit=62 time = 109 Reply from 2002::1 bytes=56 Sequence=3 hop limit=62 time = 109 Reply from 2002::1 bytes=56 Sequence=4 hop limit=62 time = 109 Reply from 2002::1 bytes=56 Sequence=5 hop limit=62 time = 110 --- 2002::1 ping statistics --5 packet(s) transmitted 5 packet(s) received 0.00% packet loss round-trip min/avg/max = 109/112/125 ms

PrefixLength Preference Protocol Cost Label PrefixLength Preference Protocol Cost Label PrefixLength Preference Protocol Cost Label break ms ms ms ms ms

: : : : : : : : : : : : : : :

128 0 Direct 0 NULL 64 255 BGP 0 NULL 10 0 Direct 0 NULL

Run the display bgp vpnv6 all routing-table command on the ASBR-PE, and you can see the VPN-IPv6 routes on the ASBR-PE. Take ASBR-PE1 for an example.
[ASBR-PE1] display bgp vpnv6 all routing-table BGP Local router ID is 2.2.2.9 Status codes: * - valid, > - best, d - damped, h - history, i - internal, s - suppressed, S - Stale Origin : i - IGP, e - EGP, ? - incomplete Total number of routes from all PE: 2 Route Distinguisher: 100:1 *>i Network : 2001:: PrefixLen : NextHop : ::FFFF:1.1.1.9 LocPrf : MED : 0 PrefVal : Label : 15360 Path/Ogn : ? Route Distinguisher: 200:1 *> Network : 2002:: PrefixLen : NextHop : ::FFFF:192.1.1.2 LocPrf : MED : PrefVal : Label : 15361 Path/Ogn : 200 ?

64 100 0

64 0

Configuration Files
l

Configuration file of CE1


# sysname CE1 # ipv6 #

Issue 03 (2008-09-22)

Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd.

4-99

4 BGP/MPLS IPv6 VPN Configuration


interface GigabitEthernet1/0/0 ipv6 address 2001::1/64 # bgp 65001 router-id 10.10.10.10 peer 2001::2 as-number 100 # ipv6-family unicast undo synchronization import-route direct peer 2001::2 enable # return l

Quidway NetEngine80E/40E Core Router Configuration Guide - VPN

Configuration file of PE1


# sysname PE1 # ipv6 vpn6-instance vpn1 route-distinguisher 100:1 vpn-target 1:1 export-extcommunity vpn-target 1:1 import-extcommunity # ipv6 # mpls lsr-id 1.1.1.9 mpls lsp-trigger all # mpls ldp # interface GigabitEthernet2/0/0 ipv6 binding vpn6-instance vpn1 ipv6 address 2001::2/64 # interface Pos1/0/0 link-protocol ppp ip address 172.1.1.2 255.255.255.0 mpls mpls ldp # interface LoopBack1 ip address 1.1.1.9 255.255.255.255 # bgp 100 peer 2.2.2.9 as-number 100 peer 2.2.2.9 connect-interface LoopBack1 # ipv4-family unicast undo synchronization peer 2.2.2.9 enable # ipv6-family vpnv6 policy vpn-target peer 2.2.2.9 enable # ipv6-family vpn6-instance vpn1 peer 2001::1 as-number 65001 import-route direct # ospf 1 area 0.0.0.0 network 1.1.1.9 0.0.0.0 network 172.1.1.0 0.0.0.255 # return

Configuration file of ASBR-PE1


# sysname ASBR-PE1

4-100

Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd.

Issue 03 (2008-09-22)

Quidway NetEngine80E/40E Core Router Configuration Guide - VPN


# ipv6 # mpls lsr-id 2.2.2.9 mpls lsp-trigger all # mpls ldp # interface Pos1/0/0 link-protocol ppp ip address 172.1.1.1 255.255.255.0 mpls mpls ldp # interface Pos2/0/0 link-protocol ppp ip address 192.1.1.1 255.255.255.0 mpls # interface LoopBack1 ip address 2.2.2.9 255.255.255.255 # bgp 100 peer 192.1.1.2 as-number 200 peer 1.1.1.9 as-number 100 peer 1.1.1.9 connect-interface LoopBack1 # ipv4-family unicast undo synchronization peer 192.1.1.2 enable peer 1.1.1.9 enable # ipv6-family vpnv6 undo policy vpn-target peer 1.1.1.9 enable peer 192.1.1.2 enable # ospf 1 area 0.0.0.0 network 2.2.2.9 0.0.0.0 network 172.1.1.0 0.0.0.255 # return l

4 BGP/MPLS IPv6 VPN Configuration

Configuration file of ASBR-PE2


# sysname ASBR-PE2 # ipv6 # mpls lsr-id 3.3.3.9 mpls lsp-trigger all # mpls ldp # interface Pos1/0/0 link-protocol ppp ip address 162.1.1.1 255.255.255.0 mpls mpls ldp # interface Pos2/0/0 link-protocol ppp ip address 192.1.1.2 255.255.255.0 mpls # interface LoopBack1 ip address 3.3.3.9 255.255.255.255

Issue 03 (2008-09-22)

Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd.

4-101

4 BGP/MPLS IPv6 VPN Configuration


# bgp 200 peer 192.1.1.1 as-number 100 peer 4.4.4.9 as-number 200 peer 4.4.4.9 connect-interface LoopBack1 # ipv4-family unicast undo synchronization peer 192.1.1.1 enable peer 4.4.4.9 enable # ipv6-family vpnv6 undo policy vpn-target peer 4.4.4.9 enable peer 192.1.1.1 enable # ospf 1 area 0.0.0.0 network 3.3.3.9 0.0.0.0 network 162.1.1.0 0.0.0.255 # return l

Quidway NetEngine80E/40E Core Router Configuration Guide - VPN

Configuration file of PE2


# sysname PE2 # ipv6 vpn6-instance vpn1 route-distinguisher 200:1 vpn-target 1:1 export-extcommunity vpn-target 1:1 import-extcommunity # ipv6 # mpls lsr-id 4.4.4.9 mpls lsp-trigger all # mpls ldp # interface GigabitEthernet2/0/0 ipv6 binding vpn6-instance vpn1 ipv6 address 2002::2/64 # interface Pos1/0/0 link-protocol ppp ip address 162.1.1.2 255.255.255.0 mpls mpls ldp # interface LoopBack1 ip address 4.4.4.9 255.255.255.255 # bgp 200 peer 3.3.3.9 as-number 200 peer 3.3.3.9 connect-interface LoopBack1 # ipv4-family unicast undo synchronization peer 3.3.3.9 enable # ipv6-family vpnv6 policy vpn-target peer 3.3.3.9 enable # ipv6-family vpn6-instance vpn1 peer 2002::1 as-number 65002 import-route direct # ospf 1

4-102

Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd.

Issue 03 (2008-09-22)

Quidway NetEngine80E/40E Core Router Configuration Guide - VPN


area 0.0.0.0 network 4.4.4.9 0.0.0.0 network 162.1.1.0 0.0.0.255 # return l

4 BGP/MPLS IPv6 VPN Configuration

Configuration file of CE2


# sysname CE2 # ipv6 # interface GigabitEthernet1/0/0 ipv6 address 2002::1/64 # bgp 65002 router-id 20.20.20.20 peer 2002::2 as-number 200 # ipv6-family unicast undo synchronization import-route direct peer 2002::2 enable # return

4.11.6 Example for Configuring Inter-AS VPN Option C


Networking Requirements
See Figure 4-7 for the networking diagram. CE1 and CE2 belong to the same VPN. The CE1 accesses the network through the PE1 in AS 100 and the CE2 accesses the network through the PE2 in AS 200. Two private network sites use the IPv6 addresses. The inter-AS BGP/MPLS IPv6 VPN is implemented using Option C. Figure 4-7 Networking diagram 3 of inter-AS VPN
BGP/MPLS Backbone AS 100 BGP/MPLS Backbone AS 200

Loopback1 2.2.2.9/32

Loopback1 3.3.3.9/32 POS2/0/0 192.1.1.2/24

POS2/0/0 POS1/0/0 192.1.1.1/24 172.1.1.1/24 Loopback1 ASBR -PE1 1.1.1.9/32

POS1/0/0 162.1.1.1/24 Loopback1 ASBR-PE2 4.4.4.9/32 POS1/0/0 162.1.1.2/24 GE2/0/0 2002::2/64 GE1/0/0 2002::1/64

PE1

POS1/0/0 172.1.1.2/24 GE2/0/0 2001::2/64 GE1/0/0 2001::1/64

PE2

CE1 AS 65001

CE2 AS 65002

Issue 03 (2008-09-22)

Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd.

4-103

4 BGP/MPLS IPv6 VPN Configuration

Quidway NetEngine80E/40E Core Router Configuration Guide - VPN

Configuration Roadmap
The configuration roadmap is as follows: 1. 2. Set up the MP-EBGP peer relationship between PEs in different ASs and configure the maximum hops between PEs to set up the EBGP relationship Configuring the routing policy on the ASBR-PEs; assigning MPLS labels to the routes received from the PE in the local AS when advertising them to the remote ASBR-PE; assigning new MPLS labels to the routes advertised to the PE in the local AS if they are labeled IPv4 routes Configuring the PE and the ASBR-PE of the local AS to exchange the labeled IPv4 route Configuring the ASBR-PE and the peer ASBR-PE to exchange the labeled IPv4 route

3. 4.

Data Preparation
To complete the configuration, you need the following data:
l l l

MPLS LSR-IDs of the PEs and the ASBR-PEs The names, RDs and the VPN-Targets of IPv6 VPN instance configured on the PEs Two tunnel policies configured on the ASBR-PEs

Configuration Procedures
1. Configure IGP on the backbone of AS 100 and AS 200 respectively to make the PE and the ASBR-PE can reach each other in the same AS. OSPF is used as IGP in this example, and the configuration procedure is not mentioned here.
NOTE

The loopback interface address in 32-bit used as the LSR ID should be advertised by OSPF.

After the configuration, the OSPF neighbor relationship should be established between the ASBR-PE and the PE of the same AS. Run the display ospf peer command to find the status of the OSPF neighbor relationship as "Full". Take PE1 as an example:
<PE1> display ospf peer OSPF Process 1 with Router ID 1.1.1.9 Neighbors Area 0.0.0.0 interface 172.1.1.2(Pos1/0/0)'s neighbors Router ID: 2.2.2.9 Address: 172.1.1.1 GR State: Normal State: Full Mode:Nbr is Master Priority: 1 DR: None BDR: None MTU: 0 Dead timer due in 31 sec Neighbor is up for 00:28:11 Authentication Sequence: [ 0 ]

The ASBR PE and the PE in the same AS can learn the IP address of Loopback1 from each other and they can successfully ping each other. 2. Configure MPLS basic capability and MPLS LDP on the backbone of AS 100 and AS 200 respectively to set up an LDP LSP. For configuration procedures, see Example for Configuring Inter-AS VPN Option A. 3. Configure VPN for the AS100 and the AS200.
l

Configuring the VPN instance on the PE1 and the PE2 and bind the VPN instance with the interface on the connected CE
Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd. Issue 03 (2008-09-22)

4-104

Quidway NetEngine80E/40E Core Router Configuration Guide - VPN


l

4 BGP/MPLS IPv6 VPN Configuration

Configuring the routing protocol or the static route between the PE1 and the CE1, and between the PE2 and the CE (BGP4+ is adopted in this example.) Setting up the IBGP relationship between the PE1 and the ASBR-PE1, and between the PE2 and the ASBR-PE2
NOTE

The VPN-Targets of IPv6 VPN instances on the PEs in the different ASs should be matched.

For configuration procedures, see Example for Configuring Inter-AS VPN Option A. 4. Configure switch of labeled IPv4 routes. # Configure PE1. Enable to switch labeled IPv4 routes with ASBR-PE1.
[PE1] bgp 100 [PE1-bgp] peer 2.2.2.9 label-route-capability [PE1-bgp] quit

# Configure ASBR-PE1. Enable MPLS on POS 2/0/0 that is connected with the ASBRPE2.
[ASBR-PE1] interface pos 2/0/0 [ASBR-PE1-Pos2/0/0] ip address 192.1.1.1 24 [ASBR-PE1-Pos2/0/0] mpls [ASBR-PE1-Pos2/0/0] quit

# Configure ASBR-PE1. Create route policies.


[ASBR-PE1] route-policy [ASBR-PE1-route-policy] [ASBR-PE1-route-policy] [ASBR-PE1] route-policy [ASBR-PE1-route-policy] [ASBR-PE1-route-policy] [ASBR-PE1-route-policy] policy1 permit node 1 apply mpls-label quit policy2 permit node 1 if-match mpls-label apply mpls-label quit

# Configure ASBR-PE1. Apply route policies to the routes advertised to PE1 and enable to exchange IPv4 routes with label with PE1.
[ASBR-PE1] bgp 100 [ASBR-PE1-bgp] peer 1.1.1.9 route-policy policy2 export [ASBR-PE1-bgp] peer 1.1.1.9 label-route-capability

# Configure ASBR-PE1. Apply route policies to the routes advertised to ASBR-PE2 and enable to switch label IPv4 routes with ASBR-PE2.
[ASBR-PE1-bgp] [ASBR-PE1-bgp] [ASBR-PE1-bgp] [ASBR-PE1-bgp] peer 192.1.1.2 as-number 200 peer 192.1.1.2 route-policy policy1 export peer 192.1.1.2 label-route-capability quit

# Configure ASBR-PE1. Advertise the Loopback address of PE1 to ASBR-PE2, and then to PE2.
[ASBR-PE1] bgp [ASBR-PE1-bgp] [ASBR-PE1-bgp] [ASBR-PE1-bgp]
NOTE

100 network 192.1.1.0 24 network 1.1.1.9 32 quit

The configurations of PE2 and ASBR-PE2 are similar to that of PE1 and ASBR-PE1 and are not mentioned here.

5.

Establish MP-EBGP peers between PE1 and PE2. # Configure PE1.


[PE1] bgp 100 [PE1-bgp] peer 4.4.4.9 as-number 200 [PE1-bgp] peer 4.4.4.9 connect-interface LoopBack 1 [PE1-bgp] peer 4.4.4.9 ebgp-max-hop 10 [PE1-bgp] ipv6-family vpnv6 [PE1-bgp-af-vpnv6] peer 4.4.4.9 enable

Issue 03 (2008-09-22)

Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd.

4-105

4 BGP/MPLS IPv6 VPN Configuration


[PE1-bgp-af-vpnv6] quit [PE1-bgp] quit

Quidway NetEngine80E/40E Core Router Configuration Guide - VPN

# Configure PE2.
[PE2] bgp 200 [PE2-bgp] peer 1.1.1.9 as-number 100 [PE2-bgp] peer 1.1.1.9 connect-interface LoopBack 1 [PE2-bgp] peer 1.1.1.9 ebgp-max-hop 10 [PE2-bgp] ipv6-family vpnv6 [PE2-bgp-af-vpnv6] peer 1.1.1.9 enable [PE2-bgp-af-vpnv6] quit [PE2-bgp] quit

6.

Verify the configuration. After the above configuration, the CEs can learn interface routes of each other. CE1 and CE2 can ping through each other. Take CE1 as an example:
[CE1] display ipv6 routing-table Routing Table : Public Destinations : 5 Routes : 5 Destination : ::1 NextHop : ::1 Interface : InLoopBack0 State : Active NoAdv Tunnel ID : 0x0 Age : 8366sec Destination : 2001:: NextHop : 2001::1 Interface : GigabitEthernet1/0/0 State : Active Adv Tunnel ID : 0x0 Age : 4956sec Destination : 2001::1 NextHop : ::1 Interface : InLoopBack0 State : Active NoAdv Tunnel ID : 0x0 Age : 4956sec Destination : 2002:: NextHop : 2001::2 Interface : GigabitEthernet1/0/0 State : Active Adv Tunnel ID : 0x0 Age : 76sec Destination : FE80:: NextHop : :: Interface : NULL0 State : Active NoAdv Tunnel ID : 0x0 Age : 4960sec [CE1] ping ipv6 2002::1 PING 2002::1 : 56 data bytes, press CTRL_C to break Reply from 2002::1 bytes=56 Sequence=1 hop limit=62 time = 109 ms Reply from 2002::1 bytes=56 Sequence=2 hop limit=62 time = 125 ms Reply from 2002::1 bytes=56 Sequence=3 hop limit=62 time = 94 ms Reply from 2002::1 bytes=56 Sequence=4 hop limit=62 time = 109 ms Reply from 2002::1 bytes=56 Sequence=5 hop limit=62 time = 109 ms --- 2002::1 ping statistics --5 packet(s) transmitted 5 packet(s) received 0.00% packet loss round-trip min/avg/max = 94/109/125 ms

PrefixLength Preference Protocol Cost Label PrefixLength Preference Protocol Cost Label PrefixLength Preference Protocol Cost Label PrefixLength Preference Protocol Cost Label PrefixLength Preference Protocol Cost Label

: : : : : : : : : : : : : : : : : : : : : : : : :

128 0 Direct 0 NULL 64 0 Direct 0 NULL 128 0 Direct 0 NULL 64 255 BGP 0 NULL 10 0 Direct 0 NULL

4-106

Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd.

Issue 03 (2008-09-22)

Quidway NetEngine80E/40E Core Router Configuration Guide - VPN

4 BGP/MPLS IPv6 VPN Configuration

There is no VPN-IPv6 route on the ASBR-PEs. Run the display bgp routing-table label command on the ASBR-PE to see the label information of the routes. Take ASBR-PE1 as an example:
[ASBR-PE1] display bgp routing-table label Total Number of Routes: 4 BGP Local router ID is 2.2.2.9 Status codes: * - valid, > - best, d - damped, h - history, i - internal, s - suppressed, S - Stale Origin : i - IGP, e - EGP, ? - incomplete Network NextHop In/Out Label *> 1.1.1.9 172.1.1.2 15362/NULL *> 4.4.4.9 192.1.1.2 15361/15361 *> 192.1.1.0 192.1.1.1 15360/NULL * 192.1.1.2 NULL/15360

Configuration Files
l

Configuration file of CE1


# sysname CE1 # ipv6 # interface GigabitEthernet1/0/0 ipv6 address 2001::1/64 # bgp 65001 router-id 10.10.10.10 peer 2001::2 as-number 100 # ipv6-family unicast undo synchronization import-route direct peer 2001::2 enable # return

Configuration file of PE1


# sysname PE1 # ipv6 vpn6-instance vpn1 route-distinguisher 100:1 vpn-target 1:1 export-extcommunity vpn-target 1:1 import-extcommunity # ipv6 # mpls lsr-id 1.1.1.9 mpls lsp-trigger all # mpls ldp # interface GigabitEthernet2/0/0 ipv6 binding vpn6-instance vpn1 ipv6 address 2001::2/64 # interface Pos1/0/0 link-protocol ppp ip address 172.1.1.2 255.255.255.0 mpls mpls ldp # interface LoopBack1 ip address 1.1.1.9 255.255.255.255 #

Issue 03 (2008-09-22)

Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd.

4-107

4 BGP/MPLS IPv6 VPN Configuration


bgp 100 peer 4.4.4.9 as-number 200 peer 4.4.4.9 ebgp-max-hop 10 peer 4.4.4.9 connect-interface LoopBack1 peer 2.2.2.9 as-number 100 peer 2.2.2.9 connect-interface LoopBack1 # ipv4-family unicast undo synchronization peer 4.4.4.9 enable peer 2.2.2.9 enable peer 2.2.2.9 label-route-capability # ipv6-family vpnv6 policy vpn-target peer 4.4.4.9 enable # ipv6-family vpn6-instance vpn1 peer 2001::1 as-number 65001 import-route direct # ospf 1 area 0.0.0.0 network 1.1.1.9 0.0.0.0 network 172.1.1.0 0.0.0.255 # return l

Quidway NetEngine80E/40E Core Router Configuration Guide - VPN

Configuration file of ASBR-PE1


# sysname ASBR-PE1 # mpls lsr-id 2.2.2.9 mpls lsp-trigger all # mpls ldp # interface Pos1/0/0 link-protocol ppp ip address 172.1.1.1 255.255.255.0 mpls mpls ldp # interface Pos2/0/0 link-protocol ppp ip address 192.1.1.1 255.255.255.0 mpls # interface LoopBack1 ip address 2.2.2.9 255.255.255.255 # bgp 100 peer 192.1.1.2 as-number 200 peer 1.1.1.9 as-number 100 peer 1.1.1.9 connect-interface LoopBack1 # ipv4-family unicast undo synchronization network 192.1.1.0 255.255.255.0 network 1.1.1.9 255.255.255.255 peer 192.1.1.2 enable peer 192.1.1.2 route-policy policy1 export peer 192.1.1.2 label-route-capability peer 1.1.1.9 enable peer 1.1.1.9 route-policy policy2 export peer 1.1.1.9 label-route-capability # ospf 1 area 0.0.0.0

4-108

Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd.

Issue 03 (2008-09-22)

Quidway NetEngine80E/40E Core Router Configuration Guide - VPN


network 2.2.2.9 0.0.0.0 network 172.1.1.0 0.0.0.255 # route-policy policy1 permit node 1 apply mpls-label route-policy policy2 permit node 1 if-match mpls-label apply mpls-label # return l

4 BGP/MPLS IPv6 VPN Configuration

Configuration file of ASBR-PE2


# sysname ASBR-PE2 # mpls lsr-id 3.3.3.9 mpls lsp-trigger all # mpls ldp # interface Pos1/0/0 link-protocol ppp ip address 162.1.1.1 255.255.255.0 mpls mpls ldp # interface Pos2/0/0 link-protocol ppp ip address 192.1.1.2 255.255.255.0 mpls # interface LoopBack1 ip address 3.3.3.9 255.255.255.255 # bgp 200 peer 192.1.1.1 as-number 100 peer 4.4.4.9 as-number 200 peer 4.4.4.9 connect-interface LoopBack1 # ipv4-family unicast undo synchronization network 192.1.1.0 255.255.255.0 network 4.4.4.9 255.255.255.255 peer 192.1.1.1 enable peer 192.1.1.1 route-policy policy1 export peer 192.1.1.1 label-route-capability peer 4.4.4.9 enable peer 4.4.4.9 route-policy policy2 export peer 4.4.4.9 label-route-capability # ospf 1 area 0.0.0.0 network 3.3.3.9 0.0.0.0 network 162.1.1.0 0.0.0.255 # route-policy policy1 permit node 1 apply mpls-label route-policy policy2 permit node 1 if-match mpls-label apply mpls-label # return

Configuration file of PE2


# sysname PE2 # ipv6 vpn6-instance vpn1 route-distinguisher 200:1

Issue 03 (2008-09-22)

Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd.

4-109

4 BGP/MPLS IPv6 VPN Configuration


vpn-target 1:1 export-extcommunity vpn-target 1:1 import-extcommunity # ipv6 # mpls lsr-id 4.4.4.9 mpls lsp-trigger all # mpls ldp # interface GigabitEthernet2/0/0 ipv6 binding vpn6-instance vpn1 ipv6 address 2002::2/64 # interface Pos1/0/0 link-protocol ppp ip address 162.1.1.2 255.255.255.0 mpls mpls ldp # interface LoopBack1 ip address 4.4.4.9 255.255.255.255 # bgp 200 peer 1.1.1.9 as-number 100 peer 1.1.1.9 ebgp-max-hop 10 peer 1.1.1.9 connect-interface LoopBack1 peer 3.3.3.9 as-number 200 peer 3.3.3.9 connect-interface LoopBack1 # ipv4-family unicast undo synchronization peer 1.1.1.9 enable peer 3.3.3.9 enable peer 3.3.3.9 label-route-capability # ipv6-family vpnv6 policy vpn-target peer 1.1.1.9 enable # ipv6-family vpn6-instance vpn1 peer 2002::1 as-number 65002 import-route direct # ospf 1 area 0.0.0.0 network 4.4.4.9 0.0.0.0 network 162.1.1.0 0.0.0.255 # return l

Quidway NetEngine80E/40E Core Router Configuration Guide - VPN

Configuration file of CE2


# sysname CE2 # ipv6 # interface GigabitEthernet1/0/0 ipv6 address 2002::1/64 # bgp 65002 router-id 20.20.20.20 peer 2002::2 as-number 200 # ipv6-family unicast undo synchronization import-route direct peer 2002::2 enable #

4-110

Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd.

Issue 03 (2008-09-22)

Quidway NetEngine80E/40E Core Router Configuration Guide - VPN


return

4 BGP/MPLS IPv6 VPN Configuration

4.11.7 Example for Configuring Carrier's Carrier in a Same AS


Networking Requirements
The Level 1 carrier and the Level 2 carrier are in the same AS. The Level 2 carrier provides the BGP/MPLS IPv6 VPN service for its customers. In Figure 4-8:
l l l

PE1 and PE2 are PEs of the Level 1 carrier's backbone. CE1 and CE2 belong to the Level 2 carrier and access the backbone of Level 1 carrier. PE3 and PE4 belong to the Level 2 carrier and provide access service for Level 2 carrier's customer. CE3 and CE4 are the Level 2 carrier's customer.

Figure 4-8 Networking diagram of carrier's carrier configuration


Provider carrier
Loopback1 3.3.3.9/32 POS2/0/0 30.1.1.1/24 POS1/0/0 30.1.1.2/24 Loopback1 4.4.4.9/32

PE1
POS1/0/0 11.1.1.2/24

PE2
POS2/0/0 21.1.1.1/24

Loopback1 Customer carrier 1.1.1.9/32 POS2/0/0 10.1.1.1/24

AS: 100

AS: 100 Customer carrier Loopback1


POS2/0/0 11.1.1.1/24 POS1/0/0 21.1.1.2/24 6.6.6.9/32 POS2/0/0 20.1.1.2/24

PE3 GE1/0/0
2001::2/64

POS1/0/0 10.1.1.2/24

CE1
Loopback1 2.2.2.9/32

CE2

POS2/0/0 20.1.1.1/24 GE1/0/0 Loopback1 2002::2/64 5.5.5.9/32

PE4

MP-IBGP
GE1/0/0 2001::1/64 GE1/0/0 2002::1/64

CE3

AS:65410

AS:65420

CE4

Configuration Roadmap
The configuration roadmap is as follows: 1.
Issue 03 (2008-09-22)

The two types of routes are exchanged as follows:


Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd. 4-111

4 BGP/MPLS IPv6 VPN Configuration


l

Quidway NetEngine80E/40E Core Router Configuration Guide - VPN

The exchange of the internal routes of the level 2 carrier on the backbone network of level 1 carrier: configuring the level 2 carrier to access the level 1 carrier as the level 1 carrier's CE The exchange of the external routes of the level 2 carrier between the PE devices of the level 2 carrier: setting up the MP-IBGP peer relationship between the PE devices (PE3 and PE4) of the level 2 carrier

2.

Configuring the carrier's carrier of the same AS and configuring IGP and LDP between the PE of the level 1 carrier and the CE of the level 2 carrier

Data Preparation
To configure the carrier's carrier in the same AS, you need the following data:
l

MPLS LSR-ID on the PE of the level 1 carrier, MPLS LSR-IDs on the PE and the CE of the level 2 carrier Data for configuring IGP (The IS-IS process number of the IGP protocol running on the PE and the CE of the level 2 carrier is the same with that used when the CE of the level 2 carrier accesses the level 1 carrier. However, it is different from that on the PE of the level 1 carrier.) The name of the IPv6 VPN instance configured on the PE, RD and the VPN-Target

Configuration Procedures
1. Configure the BGP/MPLS IP VPN on Level 1 carrier's backbone. Adopt IS-IS as the IGP, enable the LDP between PE1 and PE2 and establish MP-IBGP peer relationship between them. # Configure PE1
<Quidway> system-view [Quidway] sysname PE1 [PE1] interface loopback 1 [PE1-LoopBack1] ip address 3.3.3.9 32 [PE1-LoopBack1] quit [PE1] mpls lsr-id 3.3.3.9 [PE1] mpls [PE1-mpls] lsp-trigger all [PE1-mpls] quit [PE1] mpls ldp [PE1-mpls-ldp] quit [PE1] isis 1 [PE1-isis-1] network-entity 10.0000.0000.0004.00 [PE1-isis-1] quit [PE1] interface loopback 1 [PE1-LoopBack1] isis enable 1 [PE1-LoopBack1] quit [PE1] interface pos 2/0/0 [PE1-Pos2/0/0] ip address 30.1.1.1 24 [PE1-Pos2/0/0] isis enable 1 [PE1-Pos2/0/0] mpls [PE1-Pos2/0/0] mpls ldp [PE1-Pos2/0/0] quit [PE1] bgp 100 [PE1-bgp] peer 4.4.4.9 as-number 100 [PE1-bgp] peer 4.4.4.9 connect-interface loopback 1 [PE1-bgp] ipv4-family vpnv4 [PE1-bgp-af-vpnv4] peer 4.4.4.9 enable [PE1-bgp-af-vpnv4] quit [PE1-bgp] quit

4-112

Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd.

Issue 03 (2008-09-22)

Quidway NetEngine80E/40E Core Router Configuration Guide - VPN


NOTE

4 BGP/MPLS IPv6 VPN Configuration

The configuration of PE2 is similar to that of PE1 and is not mentioned here.

After the configuration, run the display mpls ldp session command on PE1 or PE2, to find that the LDP session has been established successfully. Run the display bgp peer command to find that the BGP peer relationship has been established. Run the display isis peer command to find that the IS-IS neighbor has been set up. Take PE1 as an example:
[PE1] display isis peer Peer information for ISIS(1) ---------------------------System Id Interface Circuit Id State HoldTime Type PRI 0000.0000.0005 Pos2/0/0 002 Up 29s L2(L1L2) -[PE1] display mpls ldp session LDP Session(s) in Public Network ---------------------------------------------------------------Peer-ID Status LAM SsnRole SsnAge KA-Sent/Rcv ---------------------------------------------------------------4.4.4.9:0 Operational DU Active 000:00:01 8/8 ---------------------------------------------------------------TOTAL: 1 session(s) Found. LAM : Label Advertisement Mode SsnAge Unit : DDD:HH:MM [PE1] display bgp vpnv4 all peer BGP local router ID : 3.3.3.9 Local AS number : 100 Total number of peers : 1 Peers in established state : 1 Peer V AS MsgRcvd MsgSent OutQ Up/Down State PrefRcv 4.4.4.9 4 100 162 145 0 02:12:47 Established 0

2.

Configure Level 2 carrier's network. Adopt IS-IS as the IGP and enable LDP between PE3 and CE1, PE4 and CE2 respectively # Configure PE3.
<Quidway> system-view [Quidway] sysname PE3 [PE3] interface loopback 1 [PE3-LoopBack1] ip address 1.1.1.9 32 [PE3-LoopBack1] quit [PE3] mpls lsr-id 1.1.1.9 [PE3] mpls [PE3-mpls] lsp-trigger all [PE3-mpls] quit [PE3] mpls ldp [PE3-mpls-ldp] quit [PE3] isis 2 [PE3-isis-2] network-entity 10.0000.0000.0001.00 [PE3-isis-2] quit [PE3] interface loopback 1 [PE3-LoopBack1] isis enable 2 [PE3-LoopBack1] quit [PE3] interface pos 2/0/0 [PE3-Pos2/0/0] ip address 10.1.1.1 24 [PE3-Pos2/0/0] isis enable 2 [PE3-Pos2/0/0] mpls [PE3-Pos2/0/0] mpls ldp [PE3-Pos2/0/0] quit

# Configure CE1.
<Quidway> system-view [Quidway] sysname CE1 [CE1] interface loopback 1 [CE1-LoopBack1] ip address 2.2.2.9 32 [CE1-LoopBack1] quit [CE1] mpls lsr-id 2.2.2.9 [CE1] mpls [CE1-mpls] lsp-trigger all

Issue 03 (2008-09-22)

Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd.

4-113

4 BGP/MPLS IPv6 VPN Configuration

Quidway NetEngine80E/40E Core Router Configuration Guide - VPN

[CE1-mpls] quit [CE1] mpls ldp [CE1-mpls-ldp] quit [CE1] isis 2 [CE1-isis-2] network-entity 10.0000.0000.0002.00 [CE1-isis-2] quit [CE1] interface loopback 1 [CE1-LoopBack1] isis enable 2 [CE1-LoopBack1] quit [CE1] interface pos 1/0/0 [CE1-Pos1/0/0] ip address 10.1.1.2 24 [CE1-Pos1/0/0] isis enable 2 [CE1-Pos1/0/0] mpls [CE1-Pos1/0/0] mpls ldp [CE1-Pos1/0/0] quit

After the configuration, the LDP session and IS-IS neighbor relationship should be established between the PE3 and the CE1.
NOTE

The configurations of PE4 and CE2 are similar to those of PE3 and CE1. Their configurations are not mentioned here.

3.

Configure CEs of the Level 2 carrier to access PEs of the Level 1 carrier. # Configure PE1.
[PE1] ip vpn-instance vpn1 [PE1-vpn-instance-vpn1] route-distinguisher 200:1 [PE1-vpn-instance-vpn1] vpn-target 1:1 both [PE1-vpn-instance-vpn1] quit [PE1] bgp 100 [PE1-bgp] ipv4-family vpn-instance vpn1 [PE1-bgp6-vpn1] import-route isis 2 [PE1-bgp6-vpn1] quit [PE1-bgp] quit [PE1] mpls ldp vpn-instance vpn1 [PE1-mpls-ldp-vpn-instance-vpn1] quit [PE1] isis 2 vpn-instance vpn1 [PE1-isis-2] network-entity 10.0000.0000.0003.00 [PE1-isis-2] import-route bgp [PE1-isis-2] quit [PE1] interface pos 1/0/0 [PE1-Pos1/0/0] ip binding vpn-instance vpn1 [PE1-Pos1/0/0] ip address 11.1.1.2 24 [PE1-Pos1/0/0] isis enable 2 [PE1-Pos1/0/0] mpls [PE1-Pos1/0/0] mpls ldp [PE1-Pos1/0/0] mpls ldp transport-address interface

# Configure CE1.
[CE1] interface pos 2/0/0 [CE1-Pos2/0/0] ip address 11.1.1.1 24 [CE1-Pos2/0/0] isis enable 2 [CE1-Pos2/0/0] mpls [CE1-Pos2/0/0] mpls ldp [CE1-Pos2/0/0] mpls ldp transport-address interface [CE1-Pos2/0/0] quit

After the configuration, the LDP session and IS-IS neighbor relationship should be established between PE1 and CE1.
NOTE

The configurations of PE2 and CE2 are similar to those of PE1 and CE1. Their configurations are not mentioned here.

4.

Configure the Level 2 carrier's CE and PE so that the CE can access the PE. # Configure CE3.
<Quidway> system-view

4-114

Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd.

Issue 03 (2008-09-22)

Quidway NetEngine80E/40E Core Router Configuration Guide - VPN

4 BGP/MPLS IPv6 VPN Configuration

[Quidway] sysname CE3 [CE3] interface gigabitethernet 1/0/0 [CE3-GigabitEthernet1/0/0] ipv6 address 2001::1 64 [CE3-GigabitEthernet1/0/0] quit [CE3] bgp 65410 [CE3-bgp] router-id 10.10.10.10 [CE3-bgp] peer 2001::2 as-number 100 [CE3-bgp] ipv6-family unicast [CE3-bgp-af-ipv6] peer 2001::2 enable [CE3-bgp-af-ipv6] import-route direct [CE3-bgp-af-ipv6] quit [CE3-bgp] quit

# Configure PE3.
[PE3] ipv6 vpn6-instance vpn1 [PE3-vpn6-instance-vpn1] route-distinguisher 100:1 [PE3-vpn6-instance-vpn1] vpn-target 1:1 both [PE3-vpn6-instance-vpn1] quit [PE3] interface gigabitethernet 1/0/0 [PE3-GigabitEthernet1/0/0] ipv6 binding vpn6-instance vpn1 [PE3-GigabitEthernet1/0/0] ipv6 address 2001::2 64 [PE3-GigabitEthernet1/0/0] quit [PE3] bgp 100 [PE3-bgp] ipv6-family vpn6-instance vpn1 [PE3-bgp6-vpn1] peer 2001::1 as-number 65410 [PE3-bgp6-vpn1] import-route direct [PE3-bgp6-vpn1] quit [PE3-bgp] quit
NOTE

The configurations of PE4 and CE4 are similar to those of PE3 and CE3. Their configurations are not mentioned here.

Then run the display bgp vpnv6 vpn6-instance vpn1 peer command on PE3 and PE4, or run the display bgp ipv6 peer command on CE3 and CE3. You can view that the status of the BGP peer relationship between PE3 and CE3, and that between PE4 and CE4 are "Established". 5. Establish MP-IBGP peers between Level 2 carrier's PEs to exchange VPN routes of Level 2 carrier's CEs. # Configure PE3.
[PE3] bgp 100 [PE3-bgp] peer 6.6.6.9 as-number 100 [PE3-bgp] peer 6.6.6.9 connect-interface loopback 1 [PE3-bgp] ipv6-family vpnv6 [PE3-bgp-af-vpnv6] peer 6.6.6.9 enable [PE3-bgp-af-vpnv6] quit [PE3-bgp] quit
NOTE

The configuration of the PE4 is similar to that of the PE3 and is not mentioned here.

Then run the display bgp vpnv6 vpn6-instance vpn1 peer command on PE3 and PE4. You can view that the MP-IBGP peer relationship between PE3 and PE4 is "Established". 6. Verify the configuration. After all the configurations, run the display ip routing-table command on PE1 and PE2 to find that the public routing table on PE1 and PE2 contains only the Level 1 carrier's routes. Take PE1 as an example:
[PE1] display ip routing-table Routing Tables: Public Destinations : 7 Destination/Mask Proto Pre 3.3.3.9/32 Direct 0 Routes : 7 Cost Flags NextHop 0 D 127.0.0.1

Interface InLoopBack0

Issue 03 (2008-09-22)

Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd.

4-115

4 BGP/MPLS IPv6 VPN Configuration


4.4.4.9/32 30.1.1.0/24 30.1.1.1/32 30.1.1.2/32 127.0.0.0/8 127.0.0.1/32 ISIS Direct Direct Direct Direct Direct 15 0 0 0 0 0 10 0 0 0 0 0

Quidway NetEngine80E/40E Core Router Configuration Guide - VPN


D D D D D D 30.1.1.2 30.1.1.1 127.0.0.1 30.1.1.2 127.0.0.1 127.0.0.1 Pos2/0/0 Pos2/0/0 InLoopBack0 Pos2/0/0 InLoopBack0 InLoopBack0

Run the display ip routing-table vpn-instance command on PE1 and PE2, to find that the VPN routing table contains the internal routes of the Level 2 carrier. Take PE1 as an example:
[PE1] display ip routing-table vpn-instance vpn1 Routing Tables: vpn1 Destinations : 11 Routes : 11 Destination/Mask Proto Pre Cost Flags NextHop Interface 1.1.1.9/32 ISIS 15 20 D 11.1.1.1 Pos1/0/0 2.2.2.9/32 ISIS 15 10 D 11.1.1.1 Pos1/0/0 5.5.5.9/32 BGP 255 0 RD 4.4.4.9 Pos2/0/0 6.6.6.9/32 BGP 255 0 RD 4.4.4.9 Pos2/0/0 10.1.1.0/24 ISIS 15 20 D 11.1.1.1 Pos1/0/0 11.1.1.0/24 Direct 0 0 D 11.1.1.1 Pos1/0/0 11.1.1.1/32 Direct 0 0 D 127.0.0.1 InLoopBack0 11.1.1.2/32 Direct 0 0 D 11.1.1.2 Pos1/0/0 20.1.1.0/24 BGP 255 0 RD 4.4.4.9 Pos2/0/0 21.1.1.0/24 BGP 255 0 RD 4.4.4.9 Pos2/0/0

Run the display ip routing-table command on CE1 and CE2 to find that the public routing table contains internal routes of the Level 2 carrier. Take CE1 as an example:
[CE1] display ip routing-table Routing Tables: Public Destinations : 15 Routes : 15 Destination/Mask Proto Pre Cost Flags NextHop 1.1.1.9/32 ISIS 15 10 D 10.1.1.2 2.2.2.9/32 Direct 0 0 D 127.0.0.1 5.5.5.9/32 ISIS 15 74 D 11.1.1.2 6.6.6.9/32 ISIS 15 74 D 11.1.1.2 10.1.1.0/24 Direct 0 0 D 10.1.1.2 10.1.1.1/32 Direct 0 0 D 10.1.1.1 10.1.1.2/32 Direct 0 0 D 127.0.0.1 11.1.1.0/24 Direct 0 0 D 11.1.1.1 11.1.1.1/32 Direct 0 0 D 127.0.0.1 11.1.1.2/32 Direct 0 0 D 11.1.1.2 20.1.1.0/24 ISIS 15 74 D 11.1.1.2 21.1.1.0/24 ISIS 15 74 D 11.1.1.2 127.0.0.0/8 Direct 0 0 D 127.0.0.1 127.0.0.1/32 Direct 0 0 D 127.0.0.1

Interface Pos1/0/0 InLoopBack0 Pos2/0/0 Pos2/0/0 Pos1/0/0 Pos1/0/0 InLoopBack0 Pos2/0/0 InLoopBack0 Pos2/0/0 Pos2/0/0 Pos2/0/0 InLoopBack0 InLoopBack0

Run the display ip routing-table command on PE3 and PE4 to find that the internal routes of the Level 2 carrier are contained in the public routing table. Take PE3 as an example:
[PE3] display ip routing-table Routing Tables: Public Destinations : 13 Routes : 13 Destination/Mask Proto Pre Cost Flags NextHop 1.1.1.9/32 Direct 0 0 D 127.0.0.1 2.2.2.9/32 ISIS 15 10 D 10.1.1.2 5.5.5.9/32 ISIS 15 84 D 10.1.1.2 6.6.6.9/32 ISIS 15 84 D 10.1.1.2 10.1.1.0/24 Direct 0 0 D 10.1.1.1 10.1.1.1/32 Direct 0 0 D 127.0.0.1 10.1.1.2/32 Direct 0 0 D 10.1.1.2 11.1.1.0/24 ISIS 15 20 D 10.1.1.2 20.1.1.0/24 ISIS 15 84 D 10.1.1.2 20.1.1.1/32 BGP 255 0 RD 6.6.6.9 21.1.1.0/24 ISIS 15 84 D 10.1.1.2 127.0.0.0/8 Direct 0 0 D 127.0.0.1

Interface InLoopBack0 Pos2/0/0 Pos2/0/0 Pos2/0/0 Pos2/0/0 InLoopBack0 Pos2/0/0 Pos2/0/0 Pos2/0/0 Pos2/0/0 Pos2/0/0 InLoopBack0

4-116

Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd.

Issue 03 (2008-09-22)

Quidway NetEngine80E/40E Core Router Configuration Guide - VPN


127.0.0.1/32 Direct 0 0

4 BGP/MPLS IPv6 VPN Configuration


D 127.0.0.1 InLoopBack0

Run the display ipv6 routing-table vpn6-instance command on PE3 and PE4 to find that the routes of the remote CEs, that is, the external routes of the Level 2 carrier, are contained in the VPN routing table. Take PE3 as an example:
[PE3] display ipv6 routing-table vpn6-instance vpn1 Routing Table : vpn1 Destinations : 4 Routes : 4 Destination : 2001:: NextHop : 2001::2 Interface : GigabitEthetnet1/0/0 State : Active Adv Tunnel ID : 0x0 Age : 59114sec Destination : 2001::2 NextHop : ::1 Interface : InLoopBack0 State : Active NoAdv Tunnel ID : 0x0 Age : 59114sec Destination : 2002:: NextHop : ::FFFF:6.6.6.9 Interface : NULL0 State : Active Adv GotQ Tunnel ID : 0x6002015 Age : 143sec Destination : FE80:: NextHop : :: Interface : NULL0 State : Active NoAdv Tunnel ID : 0x0 Age : 59120sec

PrefixLength Preference Protocol Cost Label PrefixLength Preference Protocol Cost Label PrefixLength Preference Protocol Cost Label PrefixLength Preference Protocol Cost Label

: : : : : : : : : : : : : : : : : : : :

64 0 Direct 0 NULL 128 0 Direct 0 NULL 64 255 BGP 0 15360 10 0 Direct 0 NULL

PE3 and PE4 can ping through each other.


[PE3] ping 20.1.1.2 PING 20.1.1.2: 56 data bytes, press CTRL_C to break Reply from 20.1.1.2: bytes=56 Sequence=1 ttl=252 time=127 ms Reply from 20.1.1.2: bytes=56 Sequence=2 ttl=252 time=97 ms Reply from 20.1.1.2: bytes=56 Sequence=3 ttl=252 time=83 ms Reply from 20.1.1.2: bytes=56 Sequence=4 ttl=252 time=70 ms Reply from 20.1.1.2: bytes=56 Sequence=5 ttl=252 time=60 ms --- 20.1.1.2 ping statistics --5 packet(s) transmitted 5 packet(s) received 0.00% packet loss round-trip min/avg/max = 60/87/127 ms

CE3 and CE4 can ping through each other.


[CE3] ping ipv6 2002::1 PING 2002::1 : 56 data bytes, press CTRL_C to Reply from 2002::1 bytes=56 Sequence=1 hop limit=62 time = 141 Reply from 2002::1 bytes=56 Sequence=2 hop limit=62 time = 157 Reply from 2002::1 bytes=56 Sequence=3 hop limit=62 time = 141 Reply from 2002::1 bytes=56 Sequence=4 hop limit=62 time = 141 Reply from 2002::1 bytes=56 Sequence=5 hop limit=62 time = 141 --- 2002::1 ping statistics --5 packet(s) transmitted 5 packet(s) received 0.00% packet loss round-trip min/avg/max = 141/144/157 ms break ms ms ms ms ms

Issue 03 (2008-09-22)

Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd.

4-117

4 BGP/MPLS IPv6 VPN Configuration

Quidway NetEngine80E/40E Core Router Configuration Guide - VPN

Configuration Files
l

Configuration file of CE3


# sysname CE3 # ipv6 # interface GigabitEthernet1/0/0 ipv6 address 2001::1/64 # bgp 65410 router-id 10.10.10.10 peer 2001::2 as-number 100 # ipv6-family unicast undo synchronization import-route direct peer 2001::2 enable # return

Configuration file of PE3


# sysname PE3 # ipv6 vpn6-instance vpn1 route-distinguisher 100:1 vpn-target 1:1 export-extcommunity vpn-target 1:1 import-extcommunity # ipv6 # mpls lsr-id 1.1.1.9 mpls lsp-trigger all # mpls ldp # isis 2 network-entity 10.0000.0000.0001.00 # interface GigabitEthernet1/0/0 ipv6 binding vpn6-instance vpn1 ipv6 address 2001::2/64 # interface Pos2/0/0 link-protocol ppp ip address 100.1.1.1 255.255.255.0 isis enable 2 mpls mpls ldp # interface LoopBack1 ip address 1.1.1.9 255.255.255.255 isis enable 2 # bgp 100 peer 6.6.6.9 as-number 100 peer 6.6.6.9 connect-interface LoopBack1 # ipv4-family unicast undo synchronization peer 6.6.6.9 enable # ipv6-family vpnv6 policy vpn-target peer 6.6.6.9 enable #

4-118

Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd.

Issue 03 (2008-09-22)

Quidway NetEngine80E/40E Core Router Configuration Guide - VPN


ipv6-family vpn6-instance vpn1 peer 2001::1 as-number 65410 import-route direct # return l

4 BGP/MPLS IPv6 VPN Configuration

Configuration file of CE1


# sysname CE1 # mpls lsr-id 2.2.2.9 mpls lsp-trigger all # mpls ldp # isis 2 network-entity 10.0000.0000.0002.00 # interface Pos1/0/0 link-protocol ppp ip address 10.1.1.2 255.255.255.0 isis enable 2 mpls mpls ldp # interface Pos2/0/0 link-protocol ppp ip address 11.1.1.1 255.255.255.0 isis enable 2 mpls mpls ldp mpls ldp transport-address interface # interface LoopBack1 ip address 2.2.2.9 255.255.255.255 isis enable 2 # return

Configuration file of PE1


# sysname PE1 # ip vpn-instance vpn1 route-distinguisher 200:1 vpn-target 1:1 export-extcommunity vpn-target 1:1 import-extcommunity # mpls lsr-id 3.3.3.9 mpls lsp-trigger all # mpls ldp # mpls ldp vpn-instance vpn1 # isis 1 network-entity 10.0000.0000.0004.00 # isis 2 vpn-instance vpn1 network-entity 10.0000.0000.0003.00 import-route bgp # interface Pos1/0/0 link-protocol ppp ip binding vpn-instance vpn1 ip address 11.1.1.2 255.255.255.0 isis enable 2 mpls

Issue 03 (2008-09-22)

Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd.

4-119

4 BGP/MPLS IPv6 VPN Configuration


mpls ldp # interface Pos2/0/0 link-protocol ppp ip address 30.1.1.1 255.255.255.0 isis enable 1 mpls mpls ldp # interface LoopBack1 ip address 3.3.3.9 255.255.255.255 isis enable 1 # bgp 100 peer 4.4.4.9 as-number 100 peer 4.4.4.9 connect-interface LoopBack1 # ipv4-family unicast undo synchronization peer 4.4.4.9 enable # ipv4-family vpnv4 policy vpn-target peer 4.4.4.9 enable # ipv4-family vpn-instance vpn1 import-route isis 2 # return l

Quidway NetEngine80E/40E Core Router Configuration Guide - VPN

Configuration file of PE2


# sysname PE2 # ip vpn-instance vpn1 route-distinguisher 200:2 vpn-target 1:1 export-extcommunity vpn-target 1:1 import-extcommunity # mpls lsr-id 4.4.4.9 mpls lsp-trigger all # mpls ldp # mpls ldp vpn-instance vpn1 # isis 1 network-entity 10.0000.0000.0005.00 # isis 2 vpn-instance vpn1 network-entity 10.0000.0000.0006.00 import-route bgp # interface Pos1/0/0 link-protocol ppp ip address 30.1.1.2 255.255.255.0 isis enable 1 mpls mpls ldp # interface Pos2/0/0 link-protocol ppp ip binding vpn-instance vpn1 ip address 21.1.1.1 255.255.255.0 isis enable 2 mpls mpls ldp # interface LoopBack1

4-120

Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd.

Issue 03 (2008-09-22)

Quidway NetEngine80E/40E Core Router Configuration Guide - VPN


ip address 4.4.4.9 255.255.255.255 isis enable 1 # bgp 100 peer 3.3.3.9 as-number 100 peer 3.3.3.9 connect-interface LoopBack1 # ipv4-family unicast undo synchronization peer 3.3.3.9 enable # ipv4-family vpnv4 policy vpn-target peer 3.3.3.9 enable # ipv4-family vpn-instance vpn1 import-route isis 2 # return l

4 BGP/MPLS IPv6 VPN Configuration

Configuration file of CE2


# sysname CE2 # mpls lsr-id 5.5.5.9 mpls lsp-trigger all # mpls ldp # isis 2 network-entity 10.0000.0000.0007.00 # interface Pos1/0/0 link-protocol ppp ip address 21.1.1.2 255.255.255.0 isis enable 2 mpls mpls ldp mpls ldp transport-address interface # interface Pos2/0/0 link-protocol ppp ip address 20.1.1.1 255.255.255.0 isis enable 2 mpls mpls ldp # interface LoopBack1 ip address 5.5.5.9 255.255.255.255 isis enable 2 # return

Configuration file of PE4


# sysname PE4 # ipv6 vpn6-instance vpn1 route-distinguisher 100:2 vpn-target 1:1 export-extcommunity vpn-target 1:1 import-extcommunity # ipv6 # mpls lsr-id 6.6.6.9 mpls lsp-trigger all # mpls ldp

Issue 03 (2008-09-22)

Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd.

4-121

4 BGP/MPLS IPv6 VPN Configuration


# isis 2 network-entity 10.0000.0000.0008.00 # interface GigabitEthernet1/0/0 ipv6 binding vpn6-instance vpn1 ipv6 address 2002::2/64 # interface Pos2/0/0 link-protocol ppp ip address 20.1.1.2 255.255.255.0 isis enable 2 mpls mpls ldp # interface LoopBack1 ip address 6.6.6.9 255.255.255.255 isis enable 2 # bgp 100 peer 1.1.1.9 as-number 100 peer 1.1.1.9 connect-interface LoopBack1 # ipv4-family unicast undo synchronization import-route direct peer 1.1.1.9 enable # ipv6-family vpnv6 policy vpn-target peer 1.1.1.9 enable # ipv6-family vpn6-instance vpn1 peer 2002::1 as-number 65420 import-route direct # return l

Quidway NetEngine80E/40E Core Router Configuration Guide - VPN

Configuration file of CE4


# sysname CE4 # ipv6 # interface GigabitEthernet1/0/0 ipv6 address 2002::1/64 # bgp 65420 router-id 20.20.20.20 peer 2002::2 as-number 100 # ipv6-family unicast undo synchronization import-route direct peer 2002::2 enable # return

4.11.8 Example for Configuring the Carrier's Carrier (Inter-AS)


Networking Requirements
As shown in Figure 4-9, the Level 1 carrier and the Level 2 carrier are in different ASs. The Level 2 carrier provides BGP/MPLS IPv6 VPN service for its customers. The only difference from section Example for Configuring Carrier's Carrier in a Same AS is that the Level 1 carrier and the Level 2 carrier in this example are in different ASs.
4-122 Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd. Issue 03 (2008-09-22)

Quidway NetEngine80E/40E Core Router Configuration Guide - VPN

4 BGP/MPLS IPv6 VPN Configuration

Figure 4-9 Networking diagram of the carrier's carrier configuration (inter-AS)


AS:100 AS:100 Provider carrier
Loopback1 3.3.3.9/32 POS2/0/0 30.1.1.1/24 POS1/0/0 30.1.1.2/24 Loopback1 4.4.4.9/32

PE1
POS1/0/0 11.1.1.2/24

PE2
POS2/0/0 21.1.1.1/24

Loopback1 Customer carrier 1.1.1.9/32 POS2/0/0 10.1.1.1/24 POS1/0/0 10.1.1.2/24 GE1/0/0 2001::2/64

AS: 200

AS: 300 Customer carrier Loopback1


POS2/0/0 11.1.1.1/24 POS1/0/0 21.1.1.2/24 6.6.6.9/32 POS2/0/0 20.1.1.2/24

CE1
Loopback1 2.2.2.9/32

CE2

PE3

POS2/0/0 20.1.1.1/24 GE1/0/0 Loopback1 2002::2/64 5.5.5.9/32

PE4

MP-EBGP
GE1/0/0 2001::1/64 GE1/0/0 2002::1/64

CE3

AS:65410

AS:65420

CE4

Configuration Roadmap
The configuration roadmap is as follows: 1. The two types of routes are exchanged as follows:
l

The exchange of the internal routes of the level 2 carrier on the backbone network of level 1 carrier: configuring the level 2 carrier to access the level 1 carrier as the level 1 carrier's CE The exchange of the external routes of the level 2 carrier between the PE devices of the level 2 carrier: setting up the MP-EBGP peer relationship between the PE devices (PE3 and PE4) of the level 2 carrier

2.

Configuring the labeled MP-EBGP between the PE of the level 1 carrier and the CE of the level 2 carrier that are located in different ASs

Data Preparation
To configure the inter-AS carrier's carrier, you need the following data:
l

MPLS LSR-ID on the PE of the level 1 carrier, MPLS LSR-IDs on the PE and the CE of the level 2 carrier Data for configuring IGP (The IS-IS process number of the IGP protocol running on the PE and the CE of the level 2 carrier is the same with that used when the CE of the level 2
Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd. 4-123

Issue 03 (2008-09-22)

4 BGP/MPLS IPv6 VPN Configuration

Quidway NetEngine80E/40E Core Router Configuration Guide - VPN

carrier accesses the level 1 carrier. However, it is different from that on the PE of the level 1 carrier.)
l l

The name of the IPv6 VPN instance configured on the PE, RD and VPN-Target Two routing policies configured on the CE of the level 2 carrier

Configuration Procedures
1. Configure BGP/MPLS IP VPN on the Level 1 carrier backbone network, using IS-IS as IGP protocol of the backbone network. Enable LDP between PE1 and PE2, and establish MP-IBGP peer relationship. The configuration procedures are similar to those in Example for Configuring Carrier's Carrier in a Same AS, the specific configuration procedures are not mentioned here.
NOTE

During the IGP protocol configuration, the Loopback interface address in 32-bit of each PE needs to be advertised.

2.

Configure the Level 2 carrier network. Use IS-IS as the IGP protocol. Enable LDP between the PE3 and the CE1, and between the PE4 and the CE2 respectively. The configuration procedures are similar to those in Example for Configuring Carrier's Carrier in a Same AS and not mentioned here.
NOTE

During the IGP protocol configuration, the Loopback interface address in 32-bit of each PE and CE needs to be advertised.

3.

Configure the Level 2 carrier CE to access the Level 1 carrier PE. Configure the exchange of labeled IPv4 routes between them. # Configure CE1 to exchange labeled IPv4 routes with PE3 and PE1.
<CE1> system-view [CE1] interface pos 2/0/0 [CE1-Pos2/0/0] ip address 11.1.1.1 24 [CE1-Pos2/0/0] mpls [CE1-Pos2/0/0] quit [CE1] route-policy policy1 permit node 1 [CE1-route-policy] apply mpls-label [CE1-route-policy] quit [CE1] route-policy policy2 permit node 1 [CE1-route-policy] if-match mpls-label [CE1-route-policy] apply mpls-label [CE1-route-policy] quit [CE1] bgp 200 [CE1-bgp] peer 1.1.1.9 as-number 200 [CE1-bgp] peer 1.1.1.9 connect-interface loopback 1 [CE1-bgp] peer 1.1.1.9 route-policy policy2 export [CE1-bgp] peer 1.1.1.9 label-route-capability [CE1-bgp] peer 11.1.1.2 as-number 100 [CE1-bgp] peer 11.1.1.2 route-policy policy1 export [CE1-bgp] peer 11.1.1.2 label-route-capability [CE1-bgp] import-route isis 2 [CE1-bgp] quit

# Configure PE1 to exchange labeled IPv4 routes with CE1.


<PE1> system-view [PE1] ip vpn-instance vpn1 [PE1-vpn-instance-vpn1] route-distinguisher 200:1 [PE1-vpn-instance-vpn1] vpn-target 1:1 both [PE1-vpn-instance-vpn1] quit [PE1] interface pos 1/0/0 [PE1-Pos1/0/0] ip binding vpn-instance vpn1 [PE1-Pos1/0/0] ip address 11.1.1.2 24

4-124

Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd.

Issue 03 (2008-09-22)

Quidway NetEngine80E/40E Core Router Configuration Guide - VPN

4 BGP/MPLS IPv6 VPN Configuration

[PE1-Pos1/0/0] mpls [PE1-Pos1/0/0] quit [PE1] route-policy policy1 permit node 1 [PE1-route-policy] apply mpls-label [PE1-route-policy] quit [PE1] bgp 100 [PE1-bgp] ipv4-family vpn-instance vpn1 [PE1-bgp-vpn1] peer 11.1.1.1 as-number 200 [PE1-bgp-vpn1] peer 11.1.1.1 route-policy policy1 export [PE1-bgp-vpn1] peer 11.1.1.1 label-route-capability [PE1-bgp-vpn1] import-route direct [PE1-bgp-vpn1] quit [PE1-bgp] quit

# Configure PE3 to exchange labeled IPv4 routes with CE1.


<PE3> system-view [PE3] bgp 200 [PE3-bgp] peer 2.2.2.9 as-number 200 [PE3-bgp] peer 2.2.2.9 connect-interface loopback 1 [PE3-bgp] peer 2.2.2.9 label-route-capability [PE3-bgp] quit

After the above configuration, the BGP peer relationship is established between CE1 and PE3, and between CE1 and PE1.
[CE1] display bgp vpnv4 all peer BGP local router ID : 2.2.2.9 Local AS number : 200 Total number of peers : 2 Peer V AS MsgRcvd MsgSent 1.1.1.9 4 200 7 8 11.1.1.2 4 100 3 4
NOTE

Peers in established state : 2 OutQ Up/Down State PrefRcv 0 00:04:07 Established 0 0 00:00:08 Established 0

The configuration procedures of PE4, CE2 and PE2 are similar to those of PE3, CE1 and PE1, and are not mentioned here.

4.

Configure the Level 2 carrier's customer to access the Level 2 carrier PE. The specific configuration procedures are the same as those in Example for Configuring Carrier's Carrier in a Same AS and are not mentioned here.

5.

Establish MP-EBGP peer relationship between the Level 2 carrier PEs to exchange VPN routes of the Level 2 carrier's customer. # Configure PE3.
<PE3> system-view [PE3] bgp 200 [PE3-bgp] peer 6.6.6.9 as-number 300 [PE3-bgp] peer 6.6.6.9 connect-interface loopback 1 [PE3-bgp] peer 6.6.6.9 ebgp-max-hop 10 [PE3-bgp] ipv6-family vpnv6 [PE3-bgp-af-vpnv6] peer 6.6.6.9 enable [PE3-bgp-af-vpnv6] quit [PE3-bgp] quit

# Configure PE4.
<PE4> system-view [PE4] bgp 300 [PE4-bgp] peer 1.1.1.9 as-number 200 [PE4-bgp] peer 1.1.1.9 connect-interface loopback 1 [PE4-bgp] peer 1.1.1.9 ebgp-max-hop 10 [PE4-bgp] ipv6-family vpnv6 [PE4-bgp-af-vpnv6] peer 1.1.1.9 enable [PE4-bgp-af-vpnv6] quit [PE4-bgp] quit

6.

Verifying the configuration. After the configuration, run the display ip routing-table command on PE1 and PE2 to see that the public routing table contains only the routes of the Level 1 carrier network.

Issue 03 (2008-09-22)

Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd.

4-125

4 BGP/MPLS IPv6 VPN Configuration

Quidway NetEngine80E/40E Core Router Configuration Guide - VPN

Take PE1 as an example:


[PE1] display ip routing-table Routing Tables: Public Destinations : 7 Destination/Mask Proto Pre 3.3.3.9/32 Direct 0 4.4.4.9/32 ISIS 15 30.1.1.0/24 Direct 0 30.1.1.1/32 Direct 0 30.1.1.2/32 Direct 0 127.0.0.0/8 Direct 0 127.0.0.1/32 Direct 0 Routes : 7 Cost Flags 0 D 10 D 0 D 0 D 0 D 0 D 0 D

NextHop 127.0.0.1 30.1.1.2 30.1.1.1 127.0.0.1 30.1.1.2 127.0.0.1 127.0.0.1

Interface InLoopBack0 Pos2/0/0 Pos2/0/0 InLoopBack0 Pos2/0/0 InLoopBack0 InLoopBack0

Run the display ip routing-table vpn-instance command on PE1 and PE2 to see that the VPN routing table does not contain internal routes of the Level 2 carrier. Take PE1 as an example:
[PE1] display ip routing-table vpn-instance vpn1 Routing Tables: vpn1 Destinations : 13 Routes : 13 Destination/Mask Proto Pre Cost Flags 1.1.1.9/32 BGP 255 10 D 2.2.2.9/32 BGP 255 0 D 5.5.5.9/32 BGP 255 0 RD 6.6.6.9/32 BGP 255 10 RD 10.1.1.0/24 BGP 255 0 D 11.1.1.0/24 Direct 0 0 D 11.1.1.1/32 Direct 0 0 D 11.1.1.2/32 Direct 0 0 D 20.1.1.0/24 BGP 255 0 RD 21.1.1.0/24 BGP 255 0 RD 21.1.1.2/32 BGP 255 0 RD

NextHop 11.1.1.1 11.1.1.1 4.4.4.9 4.4.4.9 11.1.1.1 11.1.1.2 11.1.1.1 127.0.0.1 4.4.4.9 4.4.4.9 4.4.4.9

Interface Pos1/0/0 Pos1/0/0 Pos2/0/0 Pos2/0/0 Pos1/0/0 Pos1/0/0 Pos1/0/0 InLoopBack0 Pos2/0/0 Pos2/0/0 Pos2/0/0

Run the display ip routing-table command on CE1 and CE2 to see that the public routing table contains internal routes of the Level 2 carrier. Take CE1 as an example:
[CE1] display ip routing-table Routing Tables: Public Destinations : 16 Destination/Mask Proto Pre 1.1.1.9/32 ISIS 15 2.2.2.9/32 Direct 0 5.5.5.9/32 BGP 255 6.6.6.9/32 BGP 255 10.1.1.0/24 Direct 0 10.1.1.1/32 Direct 0 10.1.1.2/32 Direct 0 11.1.1.0/24 Direct 0 11.1.1.1/32 Direct 0 11.1.1.2/32 Direct 0 20.1.1.0/24 BGP 255 21.1.1.0/24 BGP 255 21.1.1.2/32 BGP 255 127.0.0.0/8 Direct 0 127.0.0.1/32 Direct 0 Routes : 16 Cost Flags 10 D 0 D 0 D 0 D 0 D 0 D 0 D 0 D 0 D 0 D 0 D 0 D 0 D 0 D 0 D

NextHop 10.1.1.1 127.0.0.1 11.1.1.2 11.1.1.2 10.1.1.2 10.1.1.1 127.0.0.1 11.1.1.1 127.0.0.1 11.1.1.2 11.1.1.2 11.1.1.2 11.1.1.2 127.0.0.1 127.0.0.1

Interface Pos1/0/0 InLoopBack0 Pos2/0/0 Pos2/0/0 Pos1/0/0 Pos1/0/0 InLoopBack0 Pos2/0/0 InLoopBack0 Pos2/0/0 Pos2/0/0 Pos2/0/0 Pos2/0/0 InLoopBack0 InLoopBack0

Run the display ip routing-table command on PE3 and PE4 to see that the public routing table contains the internal route of the Level 2 carrier. Take PE3 as an example:
[PE3] display ip routing-table Routing Tables: Public Destinations : 15 Destination/Mask Proto Pre 1.1.1.9/32 Direct 0 2.2.2.9/32 ISIS 15 5.5.5.9/32 BGP 255 6.6.6.9/32 BGP 255 Routes : 15 Cost Flags 0 D 10 D 0 RD 0 RD

NextHop 127.0.0.1 10.1.1.2 2.2.2.9 2.2.2.9

Interface InLoopBack0 Pos2/0/0 Pos2/0/0 Pos2/0/0

4-126

Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd.

Issue 03 (2008-09-22)

Quidway NetEngine80E/40E Core Router Configuration Guide - VPN


10.1.1.0/24 10.1.1.1/32 10.1.1.2/32 11.1.1.0/24 11.1.1.1/32 20.1.1.0/24 21.1.1.0/24 21.1.1.2/32 127.0.0.0/8 127.0.0.1/32 Direct Direct Direct BGP BGP BGP BGP BGP Direct Direct 0 0 0 255 255 255 255 255 0 0 0 0 0 0 0 0 0 0 0 0

4 BGP/MPLS IPv6 VPN Configuration


D D D RD RD RD RD RD D D 10.1.1.1 127.0.0.1 10.1.1.2 6.6.6.9 6.6.6.9 2.2.2.9 2.2.2.9 2.2.2.9 127.0.0.1 127.0.0.1 Pos2/0/0 InLoopBack0 Pos2/0/0 Pos2/0/0 Pos2/0/0 Pos2/0/0 Pos2/0/0 Pos2/0/0 InLoopBack0 InLoopBack0

Running the display ipv6 routing-table vpn6-instance command on PE3 and PE4 to see that the external routes of the Level 2 carrier are contained in the VPN routing table. Take PE3 as an example:
[PE3] display ipv6 routing-table vpn6-instance vpn1 Routing Table : vpn1 Destinations : 4 Routes : 4 Destination : 2001:: NextHop : 2001::2 Interface : GigabitEthetnet1/0/0 State : Active Adv Tunnel ID : 0x0 Age : 65664sec Destination : 2001::2 NextHop : ::1 Interface : InLoopBack0 State : Active NoAdv Tunnel ID : 0x0 Age : 65664sec Destination : 2002:: NextHop : ::FFFF:6.6.6.9 Interface : NULL0 State : Active Adv GotQ Tunnel ID : 0x6002694 Age : 161sec Destination : FE80:: NextHop : :: Interface : NULL0 State : Active NoAdv Tunnel ID : 0x0 Age : 65668sec

PrefixLength Preference Protocol Cost Label PrefixLength Preference Protocol Cost Label PrefixLength Preference Protocol Cost Label PrefixLength Preference Protocol Cost Label

: : : : : : : : : : : : : : : : : : : :

64 0 Direct 0 NULL 128 0 Direct 0 NULL 64 255 BGP 0 15360 10 0 Direct 0 NULL

PE3 and PE4 can ping through each other.


[PE3] ping 20.1.1.2 PING 20.1.1.2: 56 data bytes, press CTRL_C to break Reply from 20.1.1.2: bytes=56 Sequence=1 ttl=251 time=116 ms Reply from 20.1.1.2: bytes=56 Sequence=2 ttl=251 time=92 ms Reply from 20.1.1.2: bytes=56 Sequence=3 ttl=251 time=118 ms Reply from 20.1.1.2: bytes=56 Sequence=4 ttl=251 time=103 ms Reply from 20.1.1.2: bytes=56 Sequence=5 ttl=251 time=121 ms --- 20.1.1.2 ping statistics --5 packet(s) transmitted 5 packet(s) received 0.00% packet loss round-trip min/avg/max = 92/110/121 ms

CE3 and CE4 can ping through each other.


[CE3] ping ipv6 2002::1 PING 2002::1 : 56 data bytes, press CTRL_C to Reply from 2002::1 bytes=56 Sequence=1 hop limit=62 time = 140 Reply from 2002::1 bytes=56 Sequence=2 hop limit=62 time = 141 Reply from 2002::1 bytes=56 Sequence=3 hop limit=62 time = 141 Reply from 2002::1 bytes=56 Sequence=4 hop limit=62 time = 140 Reply from 2002::1 bytes=56 Sequence=5 hop limit=62 time = 156 break ms ms ms ms ms

Issue 03 (2008-09-22)

Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd.

4-127

4 BGP/MPLS IPv6 VPN Configuration


--- 2002::1 ping statistics --5 packet(s) transmitted 5 packet(s) received 0.00% packet loss round-trip min/avg/max = 140/143/156 ms

Quidway NetEngine80E/40E Core Router Configuration Guide - VPN

Configuration Files
l

Configuration file of CE3


# sysname CE3 # interface GigabitEthernet1/0/0 ipv6 address 2001::1/64

ipv6
# bgp 65410 router-id 10.10.10.10 peer 2001::2 as-number 200 # ipv6-family unicast undo synchronization import-route direct peer 2001::2 enable # return l

Configuration file of PE3


# sysname PE3 # ipv6 vpn6-instance vpn1 route-distinguisher 100:1 vpn-target 1:1 export-extcommunity vpn-target 1:1 import-extcommunity # ipv6 # mpls lsr-id 1.1.1.9 mpls lsp-trigger all # mpls ldp # isis 2 network-entity 10.0000.0000.0001.00 # interface GigabitEthernet1/0/0 ipv6 binding vpn6-instance vpn1 ipv6 address 2001::2/64 # interface Pos2/0/0 link-protocol ppp ip address 10.1.1.1 255.255.255.0 isis enable 2 mpls mpls ldp mpls ldp transport-address interface # interface LoopBack1 ip address 1.1.1.9 255.255.255.255 isis enable 2 # bgp 200 peer 2.2.2.9 as-number 200 peer 2.2.2.9 connect-interface LoopBack1 peer 6.6.6.9 as-number 300

4-128

Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd.

Issue 03 (2008-09-22)

Quidway NetEngine80E/40E Core Router Configuration Guide - VPN


peer 6.6.6.9 ebgp-max-hop 10 peer 6.6.6.9 connect-interface LoopBack1 # ipv4-family unicast undo synchronization peer 2.2.2.9 enable peer 2.2.2.9 label-route-capability peer 6.6.6.9 enable # ipv6-family vpnv6 policy vpn-target peer 6.6.6.9 enable # ipv6-family vpn6-instance vpn1 peer 2001::1 as-number 65410 import-route direct # return l

4 BGP/MPLS IPv6 VPN Configuration

Configuration file of CE1


# sysname CE1 # mpls lsr-id 2.2.2.9 mpls lsp-trigger all # mpls ldp # isis 2 network-entity 10.0000.0000.0002.00 # interface Pos1/0/0 link-protocol ppp ip address 10.1.1.2 255.255.255.0 isis enable 2 mpls mpls ldp mpls ldp transport-address interface # interface Pos2/0/0 link-protocol ppp ip address 11.1.1.1 255.255.255.0 mpls # interface LoopBack1 ip address 2.2.2.9 255.255.255.255 isis enable 2 # bgp 200 peer 11.1.1.2 as-number 100 peer 1.1.1.9 as-number 200 peer 1.1.1.9 connect-interface LoopBack1 # ipv4-family unicast undo synchronization import-route isis 2 peer 11.1.1.2 enable peer 11.1.1.2 route-policy policy1 export peer 11.1.1.2 label-route-capability peer 1.1.1.9 enable peer 1.1.1.9 route-policy policy2 export peer 1.1.1.9 label-route-capability # route-policy policy1 permit node 1 apply mpls-label route-policy policy2 permit node 2 if-match mpls-label apply mpls-label #

Issue 03 (2008-09-22)

Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd.

4-129

4 BGP/MPLS IPv6 VPN Configuration


return l

Quidway NetEngine80E/40E Core Router Configuration Guide - VPN

Configuration file of PE1


# sysname PE1 # ip vpn-instance vpn1 route-distinguisher 200:1 vpn-target 1:1 export-extcommunity vpn-target 1:1 import-extcommunity # mpls lsr-id 3.3.3.9 mpls lsp-trigger all # mpls ldp # isis 1 network-entity 10.0000.0000.0004.00 # interface Pos1/0/0 link-protocol ppp ip binding vpn-instance vpn1 ip address 11.1.1.2 255.255.255.0 mpls # interface Pos2/0/0 link-protocol ppp ip address 30.1.1.1 255.255.255.0 isis enable 1 mpls mpls ldp # interface LoopBack1 ip address 3.3.3.9 255.255.255.255 isis enable 1 # bgp 100 peer 4.4.4.9 as-number 100 peer 4.4.4.9 connect-interface LoopBack1 # ipv4-family unicast undo synchronization peer 4.4.4.9 enable # ipv4-family vpnv4 policy vpn-target peer 4.4.4.9 enable # ipv4-family vpn-instance vpn1 peer 11.1.1.1 as-number 200 peer 11.1.1.1 route-policy policy1 export peer 11.1.1.1 label-route-capability import-route direct # route-policy policy1 permit node 1 apply mpls-label # return

Configuration file of PE2


# sysname PE2 # ip vpn-instance vpn1 route-distinguisher 200:2 vpn-target 1:1 export-extcommunity vpn-target 1:1 import-extcommunity # mpls lsr-id 4.4.4.9

4-130

Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd.

Issue 03 (2008-09-22)

Quidway NetEngine80E/40E Core Router Configuration Guide - VPN


mpls lsp-trigger all # mpls ldp # isis 1 network-entity 10.0000.0000.0005.00 # interface Pos1/0/0 link-protocol ppp ip address 30.1.1.2 255.255.255.0 isis enable 1 mpls mpls ldp # interface Pos2/0/0 link-protocol ppp ip binding vpn-instance vpn1 ip address 21.1.1.1 255.255.255.0 mpls # interface LoopBack1 ip address 4.4.4.9 255.255.255.255 isis enable 1 # bgp 100 peer 3.3.3.9 as-number 100 peer 3.3.3.9 connect-interface LoopBack1 # ipv4-family unicast undo synchronization peer 3.3.3.9 enable # ipv4-family vpnv4 policy vpn-target peer 3.3.3.9 enable # ipv4-family vpn-instance vpn1 peer 21.1.1.2 as-number 300 peer 21.1.1.2 route-policy policy1 export peer 21.1.1.2 label-route-capability import-route direct # route-policy policy1 permit node 1 apply mpls-label # return l

4 BGP/MPLS IPv6 VPN Configuration

Configuration file of CE2


# sysname CE2 # mpls lsr-id 5.5.5.9 mpls lsp-trigger all # mpls ldp # isis 2 network-entity 10.0000.0000.0006.00 # interface Pos1/0/0 link-protocol ppp ip address 21.1.1.2 255.255.255.0 mpls # interface Pos2/0/0 link-protocol ppp ip address 20.1.1.1 255.255.255.0 isis enable 2

Issue 03 (2008-09-22)

Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd.

4-131

4 BGP/MPLS IPv6 VPN Configuration


mpls mpls ldp mpls ldp transport-address interface # interface LoopBack1 ip address 5.5.5.9 255.255.255.255 isis enable 2 # bgp 300 peer 21.1.1.1 as-number 100 peer 6.6.6.9 as-number 300 peer 6.6.6.9 connect-interface LoopBack1 # ipv4-family unicast undo synchronization import-route isis 2 peer 21.1.1.1 enable peer 21.1.1.1 route-policy policy1 export peer 21.1.1.1 label-route-capability peer 6.6.6.9 enable peer 6.6.6.9 route-policy policy2 export peer 6.6.6.9 label-route-capability # route-policy policy1 permit node 1 apply mpls-label route-policy policy2 permit node 1 if-match mpls-label apply mpls-label # return l

Quidway NetEngine80E/40E Core Router Configuration Guide - VPN

Configuration file of PE4


# sysname PE4 # ipv6 vpn6-instance vpn1 route-distinguisher 100:2 vpn-target 1:1 export-extcommunity vpn-target 1:1 import-extcommunity # ipv6 # mpls lsr-id 6.6.6.9 mpls lsp-trigger all # mpls ldp # isis 2 network-entity 10.0000.0000.0007.00 # interface GigabitEthernet1/0/0 ipv6 binding vpn6-instance vpn1 ipv6 address 2002::2/64 # interface Pos2/0/0 link-protocol ppp ip address 20.1.1.2 255.255.255.0 isis enable 2 mpls mpls ldp mpls ldp transport-address interface # interface LoopBack1 ip address 6.6.6.9 255.255.255.255 isis enable 2 # bgp 300 peer 5.5.5.9 as-number 300 peer 5.5.5.9 connect-interface LoopBack1

4-132

Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd.

Issue 03 (2008-09-22)

Quidway NetEngine80E/40E Core Router Configuration Guide - VPN


peer 1.1.1.9 as-number 200 peer 1.1.1.9 ebgp-max-hop 10 peer 1.1.1.9 connect-interface LoopBack1 # ipv4-family unicast undo synchronization peer 5.5.5.9 enable peer 5.5.5.9 label-route-capability peer 1.1.1.9 enable # ipv6-family vpnv6 policy vpn-target peer 1.1.1.9 enable # ipv6-family vpn6-instance vpn1 peer 2002::1 as-number 65420 import-route direct # return l

4 BGP/MPLS IPv6 VPN Configuration

Configuration file of CE4


# sysname CE4 # ipv6 # interface GigabitEthernet1/0/0 ipv6 address 2002::1/64 # bgp 65420 router-id 20.20.20.20 peer 2002::2 as-number 300 # ipv6-family unicast undo synchronization import-route direct peer 2002::2 enable # return

4.11.9 Example for Configuring Route Reflector in an IPv6 VPN


Networking Requirements
To improve the reliability of a VPN, you can choose the P devices or the PE devices as the route reflector to reflect the IPv6 VPN routes. As shown in Figure 4-10, CE1 and CE2 belong to VPNA
l l

PE1, PE2, and RR1 are located within the backbone network AS100. CE1 and CE2 belong to the VPNA.

It is required to configure the RR1 as the reflector.

Issue 03 (2008-09-22)

Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd.

4-133

4 BGP/MPLS IPv6 VPN Configuration

Quidway NetEngine80E/40E Core Router Configuration Guide - VPN

Figure 4-10 Networking diagram of RR VPN


Loopback1 2.2.2.9/32

POS1/0/0 100.1.2.2/24

POS2/0/0 100.2.3.1/24

RR1
POS1/0/0 100.1.2.1/24 Loopback1 1.1.1.9/32

AS100 PE1 PE2

POS1/0/0 100.2.3.2/24 Loopback1 3.3.3.9/32

POS2/0/0 2001::2/64 POS1/0/0 2001::1/64

POS2/0/0 2002::2/64 POS1/0/0 2002::1/64

CE1 AS65410

CE1 AS65420

Configuration Roadmap
The configuration roadmap is as follows: 1. 2. 3. 4. Set up the MP-IBGP connection between the PE and the reflector. (There is no need to set up the MP-IBGP connection between PEs.) Set up the EBGP connection between the PE and the CE. Configure the MPLS LSP on the public network tunnel and enable the MPLS LDP on the devices and interfaces along LSP. Configure the RR1 to back up VPN-IPv6 routes from PE1 and PE2 to advertise to PE. RR must receive all the IPv6 VPN routing information without any filtration by VPN target.

Data Preparation
To complete the configuration, you need the following data:
l l l

MPLS LSR IDs of the PE and the ASBR Names, RDs, and VPN targets of the VPN instances created on PE1 and PE2 Routing protocol used to exchange routing information between the PE and CE (EBGP in this example) Convergence priorities of the routes in the VPN instances Name of the RD filter and the name of the routing policy

l l

Configuration Procedures
1. Configure IGP on the MPLS backbone network to interconnect the devices along the LSP. In this example, OSPF is adopted and the detailed configuration is not mentioned here.
NOTE

The address of the loopback interface as the LSR ID should be advertised.

4-134

Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd.

Issue 03 (2008-09-22)

Quidway NetEngine80E/40E Core Router Configuration Guide - VPN

4 BGP/MPLS IPv6 VPN Configuration

After the configuration, the devices along the LSP can learn the address of the loopback interface of each other. Take the display on the PE1 as an example.
<PE1> display ip routing-table Routing Tables: Public Destinations : 9 Destination/Mask Proto Pre 1.1.1.9/32 Direct 0 2.2.2.9/32 OSPF 10 3.3.3.9/32 OSPF 10 100.1.2.0/24 Direct 0 100.1.2.1/32 Direct 0 100.1.2.2/32 Direct 0 100.2.3.0/24 OSPF 10 127.0.0.0/8 Direct 0 127.0.0.1/32 Direct 0 Routes : 9 Cost Flags 0 D 1 D 3 D 0 D 0 D 0 D 2 D 0 D 0 D

NextHop 127.0.0.1 100.1.2.2 100.1.2.2 100.1.2.1 127.0.0.1 100.1.2.2 100.1.2.2 127.0.0.1 127.0.0.1

Interface InLoopBack0 Pos1/0/0 Pos1/0/0 Pos1/0/0 InLoopBack0 Pos1/0/0 Pos1/0/0 InLoopBack0 InLoopBack0

2.

Set up the LSP tunnel on the MPLS backbone network. Enable MPLS and the MPLS LDP on the devices and interfaces along the LSP. The detailed configuration is not mentioned here. After the configuration, run the display mpls ldp session command on the PE and RR. You can see that the "Session State" is "Operational" in the display. Take the display on the PE1 and the RR1 as examples.
[PE1] display mpls ldp session LDP Session(s) in Public Network ---------------------------------------------------------------------Peer-ID Status LAM SsnRole SsnAge KA-Sent/Rcv ---------------------------------------------------------------------2.2.2.9:0 Operational DU Passive 000:00:01 8/8 ---------------------------------------------------------------------LAM : Label Advertisement Mode SsnAge Unit : DDD:HH:MM [RR] display mpls ldp session LDP Session(s) in Public Network ---------------------------------------------------------------------Peer-ID Status LAM SsnRole SsnAge KA-Sent/Rcv ---------------------------------------------------------------------1.1.1.9:0 Operational DU Active 000:00:02 11/11 3.3.3.9:0 Operational DU Passive 000:00:01 8/8 ---------------------------------------------------------------------LAM : Label Advertisement Mode SsnAge Unit : DDD:HH:MM

3. 4. 5.

Configure the IPv6 VPN instance on the PE device. For the detailed configuration, see Example for Configuring BGP/MPLS IPv6 VPN. Set up the EBGP peer relationship between the PE and the CE and import the VPN routes. For the detailed configuration, see Configuring BGP4+ Between PE and CE. Set up the MP-IBGP peer relationship between the PE and the reflectors. # Configure PE1.
[PE1] bgp 100 [PE1-bgp] peer 2.2.2.9 as-number 100 [PE1-bgp] peer 2.2.2.9 connect-interface loopback 1 [PE1-bgp] ipv6-family vpnv6 [PE1-bgp-af-vpnv6] peer 2.2.2.9 enable [PE1-bgp-af-vpnv6] quit

# Configure RR.
<RR> system-view [RR] bgp 100 [RR-bgp] peer 1.1.1.9 [RR-bgp] peer 1.1.1.9 [RR-bgp] peer 3.3.3.9 [RR-bgp] peer 3.3.3.9 as-number 100 connect-interface loopback 1 as-number 100 connect-interface loopback 1

Issue 03 (2008-09-22)

Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd.

4-135

4 BGP/MPLS IPv6 VPN Configuration


[RR-bgp] ipv6-family vpnv6 [RR-bgp-af-vpnv6] peer 1.1.1.9 enable [RR-bgp-af-vpnv6] peer 3.3.3.9 enable [RR-bgp-af-vpnv6] quit [RR-bgp] quit

Quidway NetEngine80E/40E Core Router Configuration Guide - VPN

# Configure PE2. The configuration of PE2 is similar to that of PE1 and is not mentioned here. After the configuration, run the display bgp vpnv6 all peer command on the PE device. You can see that the IBGP peer relationship is set up between the PE and the reflectors. The status of the relationship is "Established". The EBGP peer relationship has been set up between the PE and the CE. Take the display on the PE1 and RR as examples.
<PE1> display bgp vpnv6 all peer BGP local router ID : 1.1.1.9 Local AS number : 100 Total number of peers : 2 Peer V AS MsgRcvd 2.2.2.9 4 100 15 Peer of vpn6 instance : vpn6 instance VPNA : 2001::1 4 65410 9

MsgSent 17 10

Peers in established state : 2 OutQ Up/Down State PrefRcv 0 00:13:11 Established 0 0 00:06:41 Established 0

6.

Configure the reflector function on RR. # Configure RR.


[RR] bgp 100 [RR-bgp] ipv6-family vpnv6 [RR-bgp-af-vpnv6] reflector cluster-id 100 [RR-bgp-af-vpnv6] peer 1.1.1.9 reflect-client [RR-bgp-af-vpnv6] peer 3.3.3.9 reflect-client [RR-bgp-af-vpnv6] undo policy vpn-target [RR-bgp-af-vpnv6] quit

7.

Check the configuration. On checking the VPN routing table on the PE, you can find the route to the remote CE. Take the PE1 as an example.
<PE1> display ipv6 routing-table vpn6-instance VPNA Routing Table : VPNA Destinations : 4 Routes : 4 Destination : 2001:: NextHop : 2001::2 Interface : Pos2/0/0 State : Active Adv Tunnel ID : 0x0 Age : 10936sec Destination : 2001::2 NextHop : ::1 Interface : InLoopBack0 State : Active NoAdv Tunnel ID : 0x0 Age : 10936sec Destination : 2002:: NextHop : ::FFFF:4.4.4.9 Interface : NULL0 State : Active Adv GotQ Tunnel ID : 0x6002d20 Age : 1753sec Destination : FE80:: NextHop : :: Interface : NULL0 State : Active NoAdv Tunnel ID : 0x0 Age : 10940sec

PrefixLength Preference Protocol Cost Label PrefixLength Preference Protocol Cost Label PrefixLength Preference Protocol Cost Label PrefixLength Preference Protocol Cost Label

: : : : : : : : : : : : : : : : : : : :

64 0 Direct 0 NULL 128 0 Direct 0 NULL 64 255 BGP 0 15360 10 0 Direct 0 NULL

4-136

Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd.

Issue 03 (2008-09-22)

Quidway NetEngine80E/40E Core Router Configuration Guide - VPN

4 BGP/MPLS IPv6 VPN Configuration

CE1 and CE2 can ping each other successfully. It means that the reflector is configured successfully.

Configuration Files
l

Configuration file of PE1


# sysname PE1 # ipv6 vpn6-instance VPNA route-distinguisher 100:1 vpn-target 1:1 export-extcommunity vpn-target 1:1 import-extcommunity # ipv6 # mpls lsr-id 1.1.1.9 mpls lsp-trigger all # mpls ldp # interface Pos1/0/0 link-protocol ppp ip address 100.1.2.1 255.255.255.0 mpls mpls ldp # interface Pos2/0/0 link-protocol ppp ipv6 binding vpn6-instance VPNA ipv6 address 2001::2/64 # interface LoopBack1 ip address 1.1.1.9 255.255.255.255 # bgp 100 peer 2.2.2.9 as-number 100 peer 2.2.2.9 connect-interface LoopBack1 # ipv4-family unicast undo synchronization peer 2.2.2.9 enable # ipv6-family vpnv6 policy vpn-target peer 2.2.2.9 enable # ipv6-family vpn6-instance VPNA peer 2001::1 as-number 65410 import-route direct # ospf 1 area 0.0.0.0 network 1.1.1.9 0.0.0.0 network 100.1.2.0 0.0.0.255 # return

Configuration file of RR
# sysname RR # ipv6 # mpls lsr-id 2.2.2.9 mpls lsp-trigger all

Issue 03 (2008-09-22)

Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd.

4-137

4 BGP/MPLS IPv6 VPN Configuration


# mpls ldp # interface Pos1/0/0 link-protocol ppp ip address 100.1.2.2 255.255.255.0 mpls mpls ldp # interface Pos2/0/0 link-protocol ppp ip address 100.2.3.1 255.255.255.0 mpls mpls ldp # interface LoopBack1 ip address 2.2.2.9 255.255.255.255 # bgp 100 peer 1.1.1.9 as-number 100 peer 3.3.3.9 as-number 100 peer 1.1.1.9 connect-interface LoopBack1 peer 3.3.3.9 connect-interface LoopBack1 # ipv4-family unicast undo synchronization peer 1.1.1.9 enable peer 3.3.3.9 enable # ipv6-family vpnv6 undo policy vpn-target peer 1.1.1.9 enable peer 1.1.1.9 reflect-client peer 3.3.3.9 enable peer 3.3.3.9 reflect-client # ospf 1 area 0.0.0.0 network 100.1.2.0 0.0.0.255 network 100.2.3.0 0.0.0.255 network 2.2.2.9 0.0.0.0 # return l

Quidway NetEngine80E/40E Core Router Configuration Guide - VPN

Configuration file of PE2


# sysname PE2 # ipv6 vpn6-instance VPNA route-distinguisher 100:1 vpn-target 1:1 export-extcommunity vpn-target 1:1 import-extcommunity # ipv6 # mpls lsr-id 4.4.4.9 mpls lsp-trigger all # mpls ldp # interface Pos1/0/0 link-protocol ppp ip address 100.2.3.2 255.255.255.0 mpls mpls ldp # interface Pos2/0/0 link-protocol ppp ipv6 binding vpn6-instance VPNA

4-138

Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd.

Issue 03 (2008-09-22)

Quidway NetEngine80E/40E Core Router Configuration Guide - VPN


ipv6 address 2002::2/64 # interface LoopBack1 ip address 4.4.4.9 255.255.255.255 # bgp 100 peer 2.2.2.9 as-number 100 peer 2.2.2.9 connect-interface LoopBack1 # ipv4-family unicast undo synchronization peer 2.2.2.9 enable # ipv6-family vpnv6 policy vpn-target peer 2.2.2.9 enable # ipv6-family vpn6-instance VPNA peer 2002::1 as-number 65420 import-route direct # ospf 1 area 0.0.0.0 network 4.4.4.9 0.0.0.0 network 100.2.3.0 0.0.0.255 # return l

4 BGP/MPLS IPv6 VPN Configuration

Configuration file of CE1


# sysname CE1 # ipv6 # interface Pos1/0/0 link-protocol ppp ipv6 address 2001::1/64 # bgp 65410 peer 2001::2 as-number 100 # ipv6-family unicast undo synchronization peer 2001::2 enable # return

Configuration file of CE2


# sysname CE2 # ipv6 # interface Pos1/0/0 link-protocol ppp ipv6 address 2002::1/64 # bgp 65420 peer 2002::2 as-number 100 # ipv6-family unicast undo synchronization peer 2002::2 enable # return

Issue 03 (2008-09-22)

Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd.

4-139

Quidway NetEngine80E/40E Core Router Configuration Guide - VPN

5 VLL Configuration

5
About This Chapter

VLL Configuration

This chapter describes the principle, application and configuration for various VLL technologies. 5.1 Overview This section describes the basic principle of VLL. 5.2 Configuring CCC VLL This section describes how to configure CCC VLL. 5.3 Configuring the SVC VLL This section describes how to configure SVC VLL. 5.4 Configuring Martini VLL This section describes how to configure Martini VLL. 5.5 Configuring Kompella VLL This section describes how to configure Kompella VLL. 5.6 Configuring VLL IP Interworking This section describes how to configure VLL IP interworking. 5.7 Configuring Inter-AS Martini VLL This section describes how to configure the inter-AS Martini VLL. 5.8 Configuring the Inter-AS Kompella VLL This section describes how to configure the inter-AS Kompella VLL. 5.9 Configuring VLL FRR This section describes how to configure VLL FRR. 5.10 Maintaining VLL This section describes how to maintain VLL. 5.11 Configuration Examples This section provides several configuration examples of VLL.

Issue 03 (2008-09-22)

Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd.

5-1

5 VLL Configuration

Quidway NetEngine80E/40E Core Router Configuration Guide - VPN

5.1 Overview
This section describes the basic principle of VLL. 5.1.1 Introduction to VLL 5.1.2 VLL Features Supported by the NE80E/40E

5.1.1 Introduction to VLL


Traditional VPNs are based on Asynchronous Transfer Mode (ATM) or Frame Relay (FR) , where different VPNs can share the network structure of carriers. Traditional VPNs have the following disadvantages:
l

Dependence on special media (such as ATM or FR): The carriers must establish ATM networks or FR networks for ATM-based or FR-based VPNs across the country. This is a waste of network construction. Complicated VPN structure: when a site is added to an existing VPN, it is necessary to modify the configuration of all the edge nodes that access the VPN site.

To avoid the preceding disadvantages, new solutions are introduced. Virtual Leased Line (VLL) based on Multiprotocol Label Switching (MPLS) L2VPN is one of the solutions.
NOTE

VLL in this chapter refers to VLL based on MPLS L2VPN, unless otherwise specified.

The VLL provides Layer 2 VPN services on the MPLS network. It allows the establishment of L2VPNs on different media including ATM, FR, VLAN, Ethernet and PPP. At the same time, the MPLS network provides traditional IP services, MPLS L3VPN, traffic engineering and QoS. The VLL transfers Layer 2 data of the user transparently on the MPLS network. The MPLS network is a Layer 2 switching network used to establish Layer 2 connections between nodes. Consider ATM as an example. Configure an ATM virtual circuit for each Customer Edge device (CE) to communicate with another CE device through the MPLS network, similar to that through the ATM network.
NOTE

In VLL, the concepts and the principles of CE, PE and P are similar to that in BGP/MPLS L3VPN.

5-2

Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd.

Issue 03 (2008-09-22)

Quidway NetEngine80E/40E Core Router Configuration Guide - VPN

5 VLL Configuration

Figure 5-1 Networking diagram of the access of CE adopting ATM


CE VPN A

CE VPN A

TM

M AT

VC

VC

P LS

PE

PE
V C
AT M

AT M

P CE VPN B

PE

CE VPN B

Compared with BGP/MPLS VPN, VLL has the following advantages:


l

High scalability: The VLL establishes layer 2 link relationships. It does not import and manage the routing information of the user. It significantly reduces the load of the PE device and SP network. This enables the carrier to support more VPNs and more users. Reliability and guaranteed security of private routing information: The VLL cannot obtain and process VPN routing information because it is not imported. Support for network layer protocols such as IP, IPX, and SNA.

Figure 5-2 shows the model of VLL. Figure 5-2 VLL model

AC

VC Tunnel

AC

CE

PE

MPLS Network

PE

CE

Attachment Circuit (AC) : AC is an independent link or circuit that connects CE and PE. The AC interface may be a physical interface or a logical interface. The AC attributes include the encapsulation type, MTU and interface parameters of specified link type. Virtual Circuit (VC) : It refers to a kind of logical connection between two PEs. Tunnel (Network Tunnel) : It transmits the user data transparently.

l l

Through the label stack, VLL can realize the transparent transmission of user datagram in an MPLS network.

Issue 03 (2008-09-22)

Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd.

5-3

5 VLL Configuration
l

Quidway NetEngine80E/40E Core Router Configuration Guide - VPN

Outer label: The label, which is also called tunnel label, is used in transferring packets from one PE to another. Inner label: The label, which is also called VC label in VLL, is used to identify different links between VPNs. The PE on the receiver side transfers packets to the corresponding CE according to the VC label.

Figure 5-3 shows the packet label change in the forwarding process. Figure 5-3 VLL label processing
CE 1 PE 1 P PE 2 CE 2

L2PDU

T V

L2PDU

T' V

L2PDU

L2PDU

Figure 5-3 shows the Layer 2 Protocol Data Unit (PDU) that is the link layer packet. Here, T represents Tunnel label; V represents VC label; T indicates that the outer label is substituted in the forwarding process.

5.1.2 VLL Features Supported by the NE80E/40E


CCC VLL
The Circuit Cross Connect (CCC) realizes the VLL by static configuration. Unlike common VLL, the CCC adopts one label to transfer user data, so it uses the LSP exclusively. These LSPs can only be used to transfer the data of this CCC link, and cannot be used in other VLL links, BGP/MPLS VPN, or used to transfer common IP packets. The two types of CCC connection are as follows:
l

Local connection: refers to the connection between two local CEs. The two CEs are connected to the same PE. Similar to a layer 2 switch, PE can directly transport packets without configuring static LSP. Remote connection: refers to the connection between local CE and remote CE. The two CEs are on different PEs. In this case, static LSP configuration is needed to transfer packets from one PE to another PE. Configuration command is run on the PE to map the static LSP to the CCC connection.

SVC VLL
The SVC implements VLL through static configuration. The SVC transfers L2VPN information without using the signaling protocols. The VC label needs to be configured manually. While creating the static L2VC connection of SVC, specify the tunnel type (LDP LSP, GRE or CR LSP) and enable the load balancing by configuring the tunnel policy. The SVC supports inter-AS L2VPN in multi-hop mode. It does not support local connection.
NOTE

The labels used by CCC and SVC range from 16 to 1023. They are in the same label space with those reserved for static LSPs.

5-4

Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd.

Issue 03 (2008-09-22)

Quidway NetEngine80E/40E Core Router Configuration Guide - VPN

5 VLL Configuration

Martini VLL
The Martini mode implements the L2VPN by setting up a point-to-point link. It takes LDP as the signaling protocol to transfer Layer 2 information and VC labels. The Martini VLL adopts VC-type plus VC-ID to identify a VC between two CEs.
l

VC-type: indicates the type of the VC, such as ATM (atm-aal5-sdu, atm-trans-cell), Ethernet, PPP and HDLC. VC-ID: VC-ID of each VC in the same VC-type must be unique in the whole PE.

The PEs connecting two CEs exchange VC labels through LDP, and bind the corresponding CE by VC-ID. A VC is set up when all the following conditions are satisfied:
l l l

The tunnel between the two PEs is successfully created. The label exchange and the binding with CE are completed. The state of the two interfaces of AC is Up.

In order to exchange VC labels between PEs, the Martini extends LDP by adding the FEC type in the VC FEC. For remote connections, the two PEs that exchange the VC label cannot be directly connected; therefore, the remote LDP session must be set up to convey the VC FEC and the VC label. Martini supports inter-AS L2VPN in multi-hop mode. However, it does not support local connection.

Kompella VLL
The Kompella mode takes BGP as the signaling protocol to transfer Layer 2 information and VC labels. It realizes the L2VPN by means of end-to-end (CE to CE) in the MPLS network. The Kompella VLL is different from Martini. That is, it does not operate on the connection between the CEs directly. It allocates different VPNs in the whole SP network and encodes each CE in the VPN. Similar to BGP/MPLS VPN, the Kompella VLL uses VPN targets to identify different VPNs that make the VPN networking more flexible. To connect two CEs, you need to configure the local CE ID and remote CE ID on the PE. The Kompella supports both local and remote connections. It supports inter-AS L2VPN in the following two modes:
l l

Multi-hop mode: adopts routes with BGP label. MP-EBGP mode: saves label block on the ASBR.

The Kompella VLL adopts the label block to allocate the labels. Through the label blocks, labels can be allocated to connections at the same time. Users specify the local CE range that indicates the number of CEs that can be connected with this CE. The PE assigns a label block for this CE. The size of the label block is equal to the CE range. In this manner, the users can reserve some extra labels for the VPN for future use. On a short term basis, it is a waste of label resources, but it reduces the workload of VPN deployment and configuration in expansion. Suppose an enterprise VPN has 10 CEs and the number may increase to 20 due to its service expansion in future. The CE range of each CE can be set to 20 to meet future expansion. If the
Issue 03 (2008-09-22) Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd. 5-5

5 VLL Configuration

Quidway NetEngine80E/40E Core Router Configuration Guide - VPN

VPN adds nodes in the future, it is necessary to modify the configuration of the PE that is directly connected with the new CE, without modifying other PEs.

L2VPN Internetworking
If the link types of CEs at the two ends of an L2VPN are different, use the L2VPN internetworking feature. According to the recommendation in draft-kompella-ppvpn-l2vpn, IP-internetworking should be used as the encapsulation type of the L2VPN interface on the PE to set up an L2VPN connection. In this case, Layer 3 data (IP packets) can be delivered transparently across the MPLS network. When the L2VPN internetworking feature is adopted,
l

You need to encapsulate the L2VPN interface on the PE at the two ends with IPinternetworking. The PE begins to establish the L2VPN connection after the physical status of the interfaces goes up. The PE allows L2VPN forwarding once the L2VPN connection is established. In this case, the system considers the physical link for transparent transmission available irrespective of whether the status of the link layer protocol is up or down. After the status of both the AC and L2VPN tunnel goes up, the CEs at the two ends can transmit and receive IP packets.

After the L2VPN connection is established, the IP packets are processed as follows:
l

On receiving an IP packet from the CE, the PE decapsulates the link layer packet and delivers the IP packet to the MPLS network. The IP packet is transparently transported to the peer PE across the MPLS network. The peer PE re-encapsulates the IP packet according to its own link layer protocol type, and then sends the encapsulated packet to the CE connected with it. The link layer control packet sent by the CE is processed by the PE and does not enter the MPLS network. All non-IP packets (such as MPLS and IPX packets) are discarded and none of them is transferred across the MPLS network.
NOTE

l l

Unless otherwise stated, the PE in the CE-PE configuration refers to the local PE.

Different link layer protocols process MPLS L2VPN internetworking in different ways:
l

Ethernet and VLAN The following interfaces used in L2VPN can be encapsulated with IP-internetworking:

Interfaces and sub-interfaces of Ethernet type Interfaces and sub-interfaces of Gigabit Ethernet type Interfaces of Virtual-Ethernet (VE) type Eth-Trunk interface and its sub-interface There is no need to assign an IP address to the Ethernet interface of the PE. No route is generated even if an IP address has been assigned.
Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd. Issue 03 (2008-09-22)

Note that:

5-6

Quidway NetEngine80E/40E Core Router Configuration Guide - VPN


5 VLL Configuration

The Ethernet interface of the PE processes only the ARP packets and the IP packets. The PE does not update the dynamic MAC entry when receiving IP packets from the CE. You can not encapsulate an ATM interface or an ATM sub interface as IPinternetworking when the VE interface associated with the same PVC is also encapsulated as IP-internetworking. The ARP entries of the L2VPN Ethernet interface with IP-internetworking are different from those of the L2VPN Ethernet interface without IP-internetworking. The L2VPN incoming interface with IP-internetworking on the PE uses the MAC address of the PE to respond to the ARP request packet from the CE irrespective of the destination IP address of the packet. An Ethernet interface or sub interface of the PE can be connected only with one CE and cannot be connected with multiple CEs or other devices through a hub or a LAN switch. Otherwise, the PE may learn useless MAC addresses, resulting in forwarding failure. The L2VPN supports two types of authentication protocols, Password Authentication Protocol (PAP) and Challenge Handshake Authentication Protocol (CHAP). The authentication mode can be local, RADIUS or HWTACACS. The L2VPN internetworking supports the STAC-LZS compression. It does not support the IPHC and VJ compression. The IP address of PE and CE can be assigned y PE or by CE. The address assignment mechanism is the same as that in ordinary situations. The L2VPN internetworking supports transparent transmission of IP packets from the local CE to the remote CE. It does not support transparent transmission of MPLS, ISIS, and IPX packets. If these protocols are configured on the interface, the system still negotiates their NCPs but does not forward their data packets.
NOTE

The ARP processing is as follows:

PPP

It is recommended to assign the IP address to the PE through CE for PPP links. This can avoid address collision on the PE, and is also convenient for the deployment of the network.

Inter-AS VLL
The realization of an inter-AS VLL depends on the actual environment. In CCC mode, the label is of single layer. Therefore, the inter-AS can be realized after the static LSP is set up between the ASBRs. SVC, Martini and Kompella modes can realize the inter-AS Option A (VRF-to-VRF) . In the L2VPN networking, the link type between the ASBRs and that of the VC must be the same. In the inter-AS Option A, each ASBR must reserve a sub-interface for each inter-AS VC. If the number of the inter-AS VCs is small, the Option A can be adopted. Compared with the L3VPN, the inter-AS Option A of the L2VPN consume more resources. Option C is a better solution. The SP network devices need only set up the outer tunnel on the PEs of different ASs. The ASBR need not maintain information about the inter-AS L2VPN. The ASBR also need not reserve interfaces for the inter-AS L2VPN. The L2VPN information is exchanged only between PEs. Thus, the resources consumption decreases.

Issue 03 (2008-09-22)

Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd.

5-7

5 VLL Configuration

Quidway NetEngine80E/40E Core Router Configuration Guide - VPN

VLL FRR
With the wide applications of VLLs, the requirement for the reliability of VLLs becomes increasingly high, especially for L2VPNs that carry real-time services such as VoIP and IPTV. Virtual Lease Line Fast Reroute (VLL FRR) is one of the solutions to increasing the reliability of L2VPNs. VLL FRR detects faults in L2VPNs through the Operations, Administration and Maintenance (OAM) and BFD, advertises the faults, and fast switches traffic. PW FRR is mainly used in the following networking modes:
l

Symmetrically dual-homed CEs The CEs at the two ends are dual-homed to the corresponding PEs through two ACs, as shown in Figure 5-4. Figure 5-4 Symmetrically dual-homed CEs
PE1 P1 PE4

AC1 CE1 AC2 Site1 PE2

VPN backbone

AC4 CE2

P2

PE3

AC3 Site2

Asymmetrically connected CEs One CE is connected to a PE through an AC and the other CE is dual-homed to PEs through two ACs, as shown in Figure 5-5. Figure 5-5 Asymmetrically connected CEs
P1 PE1 VPN backbone AC1 AC3 Site1 P2 PE3 Site2 PE2

AC2 CE2

CE1

In the scenario shown in Figure 5-5, you need to note the following:
l

When a CE is connected to a PE through an Ethernet link, networking between homogeneous services instead of internetworking can be configured on the PE.
Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd. Issue 03 (2008-09-22)

5-8

Quidway NetEngine80E/40E Core Router Configuration Guide - VPN


l

5 VLL Configuration

When a CE is connected to a PE through a PPP, or HDLC link, the following situations occur:

Internetworking rather than networking between homogenous services can be configured on the PE. Primary and secondary IP addresses can be configured on the CE1 interfaces connecting CE1 to PE1. The traffic with the primary IP address is forwarded by the master PW and the traffic with the secondary IP address is forwarded by the backup PW. CEs can advertise routes to each other by using OSPF, but OSPF does not support the advertisement of the routes with secondary IP addresses. If a device configured with the secondary IP address is connected to other devices, the device cannot forward routes.

5.2 Configuring CCC VLL


This section describes how to configure CCC VLL. 5.2.1 Establishing the Configuration Task 5.2.2 Enabling the MPLS L2VPN 5.2.3 Creating a Local CCC Connection 5.2.4 Creating a Remote CCC Connection 5.2.5 Checking the Configuration

5.2.1 Establishing the Configuration Task


Applicable Environment
CCC is suitable for the small-scale MPLS network with simple topology. CCC needs manual configuration and does not need the signaling negotiation and the exchange of control packets. CCC features little resources consumption. However, CCC is inconvenient to maintain and has little extensibility. You need to configure the PE interface connected to the CE (namely the AC interface) before configuring a Circuit Cross Connect (CCC). Configuration of the sub-interface is required if the link type is VLAN. If the link type is ATM, you need to configure the virtual circuit. Both the ATM sub interface and ATM main interface can serve as the CE interface in VLL.
NOTE

VLL supports Ethernet interface or sub interface, GE interface or sub interface, POS interface, serial interface, and ATM interface or sub interfaces.

The VLAN can use only the Ethernet sub interface as the CE interface. If the Ethernet main interface serves as the CE interface, the system defaults its encapsulation type as Ethernet, rather than VLAN. In VLL, configure only one virtual circuit for each sub interface. If there are two or more virtual circuits, only the first one is valid.

Pre-configuration Tasks
Before configuring CCC L2VPN, you need to complete the following tasks:
Issue 03 (2008-09-22) Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd. 5-9

5 VLL Configuration
l l

Quidway NetEngine80E/40E Core Router Configuration Guide - VPN

Configuring basic MPLS capability for the MPLS backbone network (PE or P) Configuring sub-interfaces when the AC type is VLAN, configuring VCs when the AC type is ATM
NOTE

For the configuration of VLAN sub-interface and ATM Virtual Channel, refer to the chapter "VLAN Configuration" in the Quidway NetEngine80E/40E Router Configuration Guide - LAN Access and MAN Access and the chapter "ATM Configuration" in the Quidway NetEngine80E/40E Router Configuration Guide - WAN Access.

Data Preparations
To configure CCC VLL, you need the following data. No. 1 2 3 4 5 Data Name of the CCC connection Connection type: local connection or remote connection Local CCC connection: the type and number of the incoming and outgoing interfaces Remote CCC connection: the type and number of the incoming interface, next hop address or the type and number of outgoing interface Remote CCC connection: the in-label and out-label values of LSRs

Choose Creating a Local CCC Connection or Creating a Remote CCC Connection according to the required connection type.

5.2.2 Enabling the MPLS L2VPN


Context
Do as follows on the PEs of the two ends of the VC:

Procedure
Step 1 Run:
system-view

The system view is displayed. Step 2 Run:


mpls l2vpn

The MPLS L2VPN is configured. ----End

5.2.3 Creating a Local CCC Connection


5-10 Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd. Issue 03 (2008-09-22)

Quidway NetEngine80E/40E Core Router Configuration Guide - VPN

5 VLL Configuration

Context
The local CCC connection is bidirectional, and thus only one connection is required. Do as follows on the PEs:

Procedure
Step 1 Run:
system-view

The system view is displayed. Step 2 Run:


ccc ccc-connection-name interface interface-type interface-number out-interface interface-type interface-number

A local CCC connection is created. After the configuration mentioned above on the PE, a local CCC connection is created. ----End

5.2.4 Creating a Remote CCC Connection


Procedure
l Configuring the PE Do as follows on the PEs of the two ends of the VC: 1. Run:
system-view

The system view is displayed. 2. Run:


ccc ccc-connection-name interface interface-type interface-number inlabel in-label-value out-label out-label-value { nexthop ip-address | outinterface interface-type interface-number } [ control-word | no-controlword ]

A remote CCC connection is configured. When configuring PE and P, if the outgoing interface is of non-Point-to-Point (P2P) type (such as Ethernetand ATM), you must specify the next hop address for the outgoing interface by specifying nexthop. In the NE80E/40E, for a PE, only the inner label and outer label rather than two static LSPs need be configured for a remote CCC connection. Exclusively used by this CCC connection, the inner label serves as the static LSP. l Configuring P Do as follows on the Ps that the VC passes through: 1. Run:
system-view

The system view is displayed.


Issue 03 (2008-09-22) Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd. 5-11

5 VLL Configuration

Quidway NetEngine80E/40E Core Router Configuration Guide - VPN

2.

Run:
static-lsp transit lsp-name incoming-interface interface-type interfacenumber in-label in-label { nexthop next-hop-addr | outgoing-interface interface-type interface-number } out-label out-label

The P device is configured as a transit LSR of the static LSP. It is not necessary to configure static LSPs on the PEs for the CCC connection. You should configure a bidirectional transit static LSP on all the P devices between the PEs. These LSPs are used to transfer the data of this CCC exclusively. Furthermore, MPLS L2VPN need not be enabled on the P devices. ----End

5.2.5 Checking the Configuration


Run the following commands to check the previous configuration. Action View the CCC connection information. View the interface information of the CCC connection. Command display ccc [ ccc-name | type { local | remote } ] display l2vpn ccc-interface vc-type ccc [ down | up ]

Run the display ccc command. You can find that the status of the CCC VC is Up. For example: Information about the local connection is as follows:
<Quidway> display ccc total ccc vc : 1 local ccc vc : 1, 1 up remote ccc vc : 0, 0 up name: CE1-CE2, type: local, state: up, intf1: Pos1/0/0 (up), intf2: Pos2/0/0 (up)

Information about the remote connection is as follows:


<Quidway> display ccc total ccc vc : 1; local ccc vc : 0, 0 up remote ccc vc : 1, 1 up name: CE1-CE2, type: remote, state: up, intf: Pos1/0/0 (up), in-label: 100 , out-label: 200 , out-interface : Pos2/0/0

Run the display l2vpn ccc-interface vc-type ccc command. You can find that the VC type is CCC and the VC status is Up. For example:
<Quidway> display l2vpn ccc-interface vc-type all Total ccc-interface of CCC : 1 up (1), down (0) Interface Encap Type Pos1/0/0 ppp

State up

VC Type ccc

5.3 Configuring the SVC VLL


This section describes how to configure SVC VLL.

5-12

Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd.

Issue 03 (2008-09-22)

Quidway NetEngine80E/40E Core Router Configuration Guide - VPN

5 VLL Configuration

5.3.1 Establishing the Configuration Task 5.3.2 Enabling MPLS L2VPN 5.3.3 Creating an SVC VLL Connection 5.3.4 Checking the Configuration

5.3.1 Establishing the Configuration Task


Applicable Environment
The setup process of the SVC outer label (public network tunnel) is the same as that of the Martini. Inner label is manually specified, without the signaling transmission of the VC label, during the VC configuration. The SVC does not use signaling protocols to transfer L2VPN information. Packets are transported between the PEs through tunnels. The SVC supports multiple types of tunnels such as LDP LSP, GRE and CR-LSP. By default, the LDP LSP tunnel is used.

Pre-configuration Tasks
Before configuring SVC VLL, you need to complete the following tasks:
l

Configuring the static route or IGP for the MPLS backbone network (PE and P) to implement IP connectivity Enabling the MPLS for PEs Establishing a tunnel between PEs according to the tunnel policy Configuring sub-interfaces when the AC type is VLAN, configuring VCs when the AC type is ATM
NOTE

l l l

For the configuration of VLAN sub interface and ATM virtual channel, refer to the chapter "VLAN Configuration" in the Quidway NetEngine80E/40E Router Configuration Guide - LAN Access and MAN Access and the chapter "ATM Configuration" in the Quidway NetEngine80E/40E Router Configuration Guide - WAN Access.

Data Preparation
To configure the SVC VLL, you need the following data. No. 1 2 3 4 Data Type and number of the interface accessing CE Destination LSR ID of SVC In-label and out-label values of L2VPN connection Tunnel policy of the SVC

Issue 03 (2008-09-22)

Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd.

5-13

5 VLL Configuration

Quidway NetEngine80E/40E Core Router Configuration Guide - VPN

5.3.2 Enabling MPLS L2VPN


Context
Do as follows on the PEs of the two ends of the VC:

Procedure
Step 1 Run:
system-view

The system view is displayed. Step 2 Run:


mpls l2vpn

The MPLS L2VPN is enabled. ----End

5.3.3 Creating an SVC VLL Connection


Context
Do as follows on the PEs of the two ends of the VC:

Procedure
Step 1 Run:
system-view

The system view is displayed. Step 2 Run:


interface interface-type interface-number

The view of the interface accessing CE is displayed. Step 3 Run:


mpls static-l2vc destination destination-router-id transmit-vpn-label transmitlabel-value receive-vpn-label receive-label-value [ tunnel-policy policy-name | [ control-word | no-control-word ] | [ raw | tagged | ip-interworking ] ] *

An SVC VLL connection is created.


NOTE

The parameters raw and tagged are needed only for the Ethernet link.

----End

5.3.4 Checking the Configuration


Run the following commands to check the previous configuration.
5-14 Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd. Issue 03 (2008-09-22)

Quidway NetEngine80E/40E Core Router Configuration Guide - VPN

5 VLL Configuration

Action Check the SVC L2VPN connection information on the PE. Check the interface information of the SVC connections in Up/Down state.

Command display mpls static-l2vc [ interface interface-type interface-number ] display l2vpn ccc-interface vc-type static-l2vc [ down | up ]

Run the display mpls static-l2vc command. You can find that the VC status is Up. For example:
<Quidway> display mpls Total svc connections: *Client Interface AC Status VC State VC ID VC Type Destination Transmit VC Label Receive VC Label Control Word VCCV Capability Tunnel Policy Name Traffic Behavior PW Template Name Main or Secondary Create time UP time Last change time static-l2vc 1, 1 up, 0 down : Pos1/0/0 is up : up : up : 0 : PPP : 3.3.3.9 : 100 : 200 : Disable : Disable : -: -: -: Main : 0 days, 0 hours, 6 minutes, 44 seconds : 0 days, 0 hours, 6 minutes, 44 seconds : 0 days, 0 hours, 6 minutes, 44 seconds

Run the display l2vpn ccc-interface vc-type static-vc up command. You can find that the VC type is SVC and the status is Up. For example:
<Quidway> display l2vpn ccc-interface vc-type static-vc up Total ccc-interface of SVC VC: 1 up (1), down (0) Interface Encap Type State Pos1/0/0 ppp up

VC Type static-vc

5.4 Configuring Martini VLL


This section describes how to configure Martini VLL. 5.4.1 Establishing the Configuration Task 5.4.2 Enabling MPLS L2VPN 5.4.3 Creating a Martini VLL Connection 5.4.4 Checking the Configuration

5.4.1 Establishing the Configuration Task


Applicable Environment
In Martini mode, double-layer labels are adopted. The inner label uses the extended LDP as the signaling protocol to transmit the Layer 2 information and the VC label.
Issue 03 (2008-09-22) Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd. 5-15

5 VLL Configuration

Quidway NetEngine80E/40E Core Router Configuration Guide - VPN

In Martini mode, an LSP between two PEs can be shared by multiple VCs. Information about the VC label and LSP is stored only on the PE devices. The P devices do not store any Layer 2 VPN information. Therefore, Martini mode features excellent extensibility. When a new VC is needed, you only need to configure a unidirectional VC on each PE device of the two ends. The network operation is not affected. Compared with Kompella mode, Martini mode uses LDP rather than BGP as the signaling protocol, which ensures Martini mode to be independent of the refresh mechanism. Therefore, Martini mode can feel the faults swiftly.

Pre-configuration Tasks
Before configuring Martini VLL, you need to complete the following tasks:
l

Configuring the static route or IGP for the MPLS backbone network (PE or P) to implement IP connectivity Enabling MPLS for PEs Establishing an LDP session between PEs which are connected directly, or establishing a remote LDP session between PEs which are connected indirectly Establishing a tunnel between PEs according to the tunnel policy Configuring a sub interface for the VLAN access of CE and configuring VC for the ATM access of CE
NOTE

l l

l l

For the configuration of VLAN sub interface and ATM virtual channel, refer to the chapter "VLAN Configuration" in the Quidway NetEngine80E/40E Router Configuration Guide - LAN Access and MAN Access and the chapter "ATM Configuration" in the Quidway NetEngine80E/40E Router Configuration Guide - WAN Access.

Data Preparation
To configure Martini VLL, you need the following data. No. 1 2 3 Data Type and number of the interface accessing CE Destination address and VC ID of L2VC Tunnel policy

5.4.2 Enabling MPLS L2VPN


Context
Do as follows on the PEs of the two ends of the VC:

Procedure
Step 1 Run:
system-view

5-16

Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd.

Issue 03 (2008-09-22)

Quidway NetEngine80E/40E Core Router Configuration Guide - VPN

5 VLL Configuration

The system view is displayed. Step 2 Run:


mpls l2vpn

The MPLS L2VPN is enabled. ----End

5.4.3 Creating a Martini VLL Connection


Context
Do as follows on the PEs of the two ends of the VC:

Procedure
Step 1 Run:
system-view

The system view is displayed. Step 2 Run:


mpls l2vpn

The MPLS L2VPN view is displayed. Step 3 Run:


mpls l2vpn default martini

The mode is switched to Martini.


NOTE

By default, the system adopts the PWE3 mode. The PWE3 mode supports the Notification packet while the Martini mode does not support the Notification packet. For the detail about the Notification packet, refer to "PWE3 Configuration." If the opposite PE does not support the Notification packet, use the mpls l2vpn default martini command to switch the system mode to Martini.

Step 4 Run:
quit

Return to the system view. Step 5 Run:


interface interface-type interface-number

The view of the interface accessing CE is displayed. Step 6 Run:


mpls l2vc { ip-address | pw-template pw-template-name } * vc-id [ [ control-word | no-control-word ] | [ raw | tagged | ip-interworking | ip-layer2 ] | tunnel-policy policy-name] *

A Martini VLL connection is created.


NOTE

The parameters raw and tagged are needed only for the Ethernet link.

Issue 03 (2008-09-22)

Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd.

5-17

5 VLL Configuration

Quidway NetEngine80E/40E Core Router Configuration Guide - VPN

Martini VLL requires that the VC ID of the same encapsulation type on a PE must be unique. The modification of encapsulation might cause VC ID collision. For example, the interfaces POS 1/0/0 and POS 2/0/0 are encapsulated in HDLC and PPP separately and each creates an LDP connection with VC ID being 1. If you modify the link layer encapsulation type of POS 2/0/0 to HDLC: there are two CCC-HDLC encapsulated LDP connections. The VC IDs of both are 1. To avoid collision, the LDP connection on POS 2/0/0 is deleted automatically. ----End

5.4.4 Checking the Configuration


Run the following commands to check the previous configuration. Action Check the Martini VLL connection information on the local PE. Or check the peer Martini VLL connection information on the local PE. Check the Martini VLL connection brief information on the local PE. Command display mpls l2vc [ vc-id | interface interfacetype interface-number ] display mpls l2vc remote-info [ vc-id ] display mpls l2vc brief

Run the display mpls l2vc command. You can find that destination is the peer IP address of the specified VC and VC state is up. For example:
<Quidway> display mpls l2vc total LDP VC : 1 1 up 0 down *client interface : GigabitEthernet1/0/0.1 session state : up AC status : up VC state : up VC ID : 101 VC type : VLAN destination : 3.3.3.9 local VC label : 21504 remote VC label : 21504 control word : disable forwarding entry : existent local group ID : 0 manual fault : not set active state : active link state : up local VC MTU : 1500 remote VC MTU : 1500 tunnel policy name : -traffic behavior name: -PW template name : -primary or secondary : primary create time : 0 days, 0 hours, 6 minutes, 48 seconds up time : 0 days, 0 hours, 5 minutes, 9 seconds last change time : 0 days, 0 hours, 5 minutes, 9 seconds

Run the display mpls l2vc remote-info command. You can find that the peer address is the peer address of the specified VC. For example:
<Quidway> display mpls l2vc remote-info Total remote ldp vc : 1 Transport Group Peer Remote

Remote

MTU/

5-18

Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd.

Issue 03 (2008-09-22)

Quidway NetEngine80E/40E Core Router Configuration Guide - VPN


VC ID 101 ID 0 Addr 3.3.3.9 Encap vlan VC Label 21504

5 VLL Configuration
Bit CELLS Bit Bit 0 1500 0 0

Run the display mpls l2vc brief command. You can find that destination is the peer IP address of the specified VC and VC state is up. For example:
<Quidway> display mpls l2vc brief Total ldp vc : 1 1 up 0 down *Client Interface VC State VC ID VC Type Destination : : : : : GigabitEthernet1/0/0.1 up 101 VLAN 3.3.3.9

5.5 Configuring Kompella VLL


This section describes how to configure Kompella VLL. 5.5.1 Establishing the Configuration Task 5.5.2 Enabling MPLS L2VPN 5.5.3 Configuring BGP/MPLS L2VPN 5.5.4 Configuring a VPN 5.5.5 Creating a CE Connection 5.5.6 (Optional) Configuring BGP L2VPN Features 5.5.7 Checking the Configuration

5.5.1 Establishing the Configuration Task


Applicable Environment
The Kompella VLL uses BGP as the signaling protocol to transfer L2VPN information between PEs. Similar to BGP/MPLS VPN, Kompella mode uses the VPN target to control the receiving and sending of the VPN routes. This brings about great flexibility. The Kompella mode adopts the label block. Each CE is allocated with a label block that decides this CE can set up how many connections with other CEs. This permits some additional label to the VPN for the future extensibility. The PEs calculate the inner label according to the label block. The Kompella mode supports the local and the remote connection, inter-AS Kompella VLL Option A, and Option C.

Pre-configuration Tasks
Before configuring Kompella VLL, complete the following tasks:
l

Configuring the static route or IGP for the MPLS backbone network (PE and P) to implement IP connectivity
Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd. 5-19

Issue 03 (2008-09-22)

5 VLL Configuration
l l l

Quidway NetEngine80E/40E Core Router Configuration Guide - VPN

Enabling MPLS for the PE and P Establishing tunnels (CR-LSP, GRE, or LSP) between PEs according to the tunnel policy Configuring sub-interfaces when the AC type is VLAN, configuring VCs when the AC type is ATM
NOTE

For the local connection, the IGP and LDP configurations are not required.

Data Preparation
To configure Kompella VLL, you need the following data. No. 1 2 3 4 Data AS number of local PE and peer PE Name, RD and VPN-Target of the L2VPN connection CE name, CE ID and CE range CE offset

5.5.2 Enabling MPLS L2VPN


Context
Do as follows on the PEs of the two ends of the VC:

Procedure
Step 1 Run:
system-view

The system view is displayed. Step 2 Run:


mpls l2vpn

The MPLS L2VPN is enabled. ----End

5.5.3 Configuring BGP/MPLS L2VPN


Context
Do as follows on the PEs of the two ends of the VC:
5-20 Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd. Issue 03 (2008-09-22)

Quidway NetEngine80E/40E Core Router Configuration Guide - VPN

5 VLL Configuration

Procedure
Step 1 Run:
system-view

The system view is displayed. Step 2 Run:


bgp as-number

The BGP view is displayed. Step 3 Run:


peer peer-address as-number as-number

A remote PE is specified as the peer. Step 4 Run:


peer peer-address connect-interface loopback interface-number

An interface to create the TCP connection is specified. The loopback interface address with 32-bit mask must be used to establish the MP-IBGP peer relationship between the PEs. This can avoid a situation of packets being unable to find the correct route due to route aggregation. The route to the loopback interface is advertised to the peer PE through IGP on the MPLS backbone network. Step 5 Run:
l2vpn-family

The BGP L2VPN address family view is displayed. Step 6 Run:


peer peer-address enable

The specified peer is enabled. For local connection, the configuration in this section is not required. ----End

5.5.4 Configuring a VPN


Context
The MTU for the VPN should be consistent in the whole network. If the MTU of the same VPN on two PEs differs, these two PEs cannot exchange reachability information and cannot set up connections. Devices of some manufacturers do not support the MTU matching check in the L2VPN instance. When Huawei products are connected with non-Huawei products in Kompella mode, you can choose one of the following configurations on the NE80E/40E:
l l

Configure the MTU of the L2VPN on the PE to be the same as that of non-Huawei products. Use the ignore-mtu-match command to ignore the MTU matching check.

The Kompella VLL must create an L2VPN instance on the PE for each directly connected CE. When an L2VPN is created, the specified encapsulation type must be consistent with that of the CE interface.
Issue 03 (2008-09-22) Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd. 5-21

5 VLL Configuration

Quidway NetEngine80E/40E Core Router Configuration Guide - VPN

The configuration and usage of the VPN target and RD are completely the same as that of the BGP/MPLS VPN. It means that the configuration and usage of the VPN target and RD are omitted here except one point: For Kompella VLL, you must configure RD before configuring the other commands. The RD cannot be changed once it is configured. The only way to modify RD is to delete this VLL and re-create one. Do as follows on the PEs of the two ends of the VC:

Procedure
Step 1 Run:
system-view

The system view is displayed. Step 2 Run:


mpls l2vpn l2vpn-name encapsulation { atm-1to1-vcc | atm-1to1-vpc | atm-aal5-sdu | atm-nto1-vcc | atm-nto1-vpc | ppp | hdlc | ethernet | vlan } [ control-word | nocontrol-word ]

A VPN is created and the MPLS L2VPN view is displayed. Step 3 Run:
route-distinguisher route-distinguisher

The RD for L2VPN is configured. Step 4 (Optional) Run:


mtu mtu-value

The Layer 2 MTU is set for the VPN. Step 5 (Optional) Run:
ignore-mtu-match

The MTU matching check is ignored. Step 6 Run:


vpn-target vpn-target &<1-16> [ both | export-extcommunity | import-extcommunity ]

The VPN target is configured. ----End

5.5.5 Creating a CE Connection


Context
Do as follows on the PEs of the two ends of the VC:

Procedure
Step 1 Run:
system-view

The system view is displayed.


5-22 Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd. Issue 03 (2008-09-22)

Quidway NetEngine80E/40E Core Router Configuration Guide - VPN

5 VLL Configuration

Step 2 Run:
mpls l2vpn l2vpn-name

The MPLS-L2VPN view is displayed. Step 3 Run:


ce ce-name id ce-id [ range ce-range | [ default-offset ce-offset ] ]

A CE is specified and the MPLS-L2VPN-CE view is displayed. The CE ID is used to uniquely identify a CE in a VPN. It is recommended to encode CE ID with continuous numbers starting from 1. The CE range indicates the maximum number of CEs that this CE can connect with. According to the prediction of the VPN expansion, configure the CE range more than what is required. This can reduce the configuration modification when CE devices are added in the VPN in future. You can increase only the CE range. For example, if the original CE range is 10, you can increase it to 20, but cannot reduce it to 5. When the CE range is modified, PE allocates another 10-label block instead of releasing the original label block to allocate a 20-label block. Therefore, the service will not be interrupted by the modification of the CE range. The only way to reduce the CE range is to delete this CE and re-create one. The CE offset is the CE ID of the other local or remote CE that is connected with this CE. Default-offset is the defaulted CE offset. You can specify default-offset as 0 or 1. Its default value is 0. If default-offset is 1, you cannot change it to 0. If the default-offset is 0, the CE offset must be less than the CE range. If the default-offset is 1, the CE offset must be less than or the same as that of the CE range. For the remote connection, the CE offset and the CE ID of the remote CE must be the same. Otherwise, the connection cannot be set up. For the local connection between two CEs, a offset of a CE is the CE ID of the other CE. If the CE offset is not designated:
l l

For the first connection of this CE, the CE offset is the default value of default-offset. For other connections, the CE offset is that of the former connection plus 1. If the CE offset of the former connection plus 1 is equal to this CE ID, then the CE offset is that of the former connection plus 2.

If CE ID starting from 1 is numbered in an incremental sequence and the connection is configured according to this sequence, then the ce-offset parameters of most of the connections can use the default ones. This simplifies the configuration. Step 4 Run:
connection [ ce-offset id ] interface interface-type interface-number [ tunnelpolicy policy-name ] [ raw | tagged ]

A CE connection is created.

Issue 03 (2008-09-22)

Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd.

5-23

5 VLL Configuration
NOTE

Quidway NetEngine80E/40E Core Router Configuration Guide - VPN

All Kompella L2VPN instances and VPLS VSI instances of one device share one label block; therefore, the sum of the ranges of all Kompella L2VPN instances and VPLS VSI instances cannot exceed the size of the label block. Otherwise, the system prompts that the labels cannot be obtained because the required labels exceed the upper limit; thus, allocation of a site ID to a VSI or creation of a CE fails. The permitted maximum label block varies with specific products.

----End

5.5.6 (Optional) Configuring BGP L2VPN Features


Context
To manage L2VPN label blocks, BGP defines a BGP L2VPN sub-address family view. This section generalizes BGP configurations related to Kompella L2VPN. For the applications of each configuration, refer to the related sections.

Procedure
l Configuring BGP L2VPN Route Attributes
NOTE

BGP L2VPN uses the TCP connection the same as the common BGP, and most BGP L2VPN features inherit the common BGP configurations. You need to enable the capability of exchanging L2VPN label blocks between BGP peers in the BGP L2VPN sub-address family view because L2VPN label blocks need to be exchanged.

Configuring the RR to Establish MP IBGP Connections with the Peer Group Add all the client PEs to a peer group and establish an MP-IBGP connection with the peer group. Do as follows on the RR: 1. Run:
system-view

The system view is displayed. 2. Run:


bgp as-number

The BGP view is displayed. 3. Run:


group group-name [ internal ]

An IBGP peer group is created. 4. Run:


peer ip-address group group-name

The peer is added to the peer group. 5. Run:


peer group-name connect-interface interface-type interface-number

5-24

Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd.

Issue 03 (2008-09-22)

Quidway NetEngine80E/40E Core Router Configuration Guide - VPN

5 VLL Configuration

The interface is specified as an interface to establish the TCP connection. The IP address of the interface must be the same as the MPLS LSR ID. It is recommended to specify a loopback interface to establish the TCP connection. 6. Run:
l2vpn-family

The BGP L2VPN sub-address family view is displayed. 7. Run:


peer group-name enable

The capability of exchanging IPv4 VPN routes between the RR and the peer group is enabled. 8. Run:
peer ip-address group group-name

The peer is added to the peer group. l Configuring BGP L2VPN Route Reflection on the RR Do as follows on the RR: 1. Run:
system-view

The system view is displayed. 2. Run:


bgp as-number

The BGP view is displayed. 3. Run:


l2vpn-family

The BGP L2VPN sub-address family view is displayed. 4. Run:


peer { group-name | peer-address } reflect-client

The RR and its client are configured. 5. Run:


undo policy vpn-target

The filtering of L2VPN label blocks based on the VPN target is disabled. 6. (Optional) Run:
rr-filter extended-list-number

The reflection policy is configured for the RR. ----End

5.5.7 Checking the Configuration


Run the following commands to check the previous configuration.
Issue 03 (2008-09-22) Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd. 5-25

5 VLL Configuration

Quidway NetEngine80E/40E Core Router Configuration Guide - VPN

Action View the BGP information of the Kompella VLL. View the connection information of the Kompella VLL. View the L2VPN information on PE. View the route target list of the L2VPN.

Command display bgp l2vpn { all | group [ group-name ] | peer [ [ peer-ip-address ] verbose ] | route-distinguisher routedistinguisher [ ce-id ce-id [ label-offset label-offset ] ] } display mpls l2vpn connection [ vpn-name [ remote-ce ce-id | down | up | verbose ] | summary | interface interface-type interface-number ] display mpls l2vpn [ l2vpn-name [ local-ce | remote-ce ] ] display mpls l2vpn { export-route-target-list | importroute-target-list }

Run the display bgp l2vpn command. You can find that nexthop is the peer address of the VC, route-distinguisher of the L2VPN is correct, and the label allocation is complete. For example:
<Quidway> display bgp l2vpn all BGP Local router ID : 1.1.1.9, local AS number : 100 Origin codes:i - IGP, e - EGP, ? - incomplete bgp.l2vpn: 1 destination Route Distinguisher: 100:1 CE ID Label Offset Label Base nexthop pref 2 0 25600 3.3.3.9 100

as-path

Run the display mpls l2vpn connection command. You can find that VPN name is correctly configured, status of the connection is up, and route-distinguisher is correctly configured. For example:
<Quidway> display mpls l2vpn connection 1 total connections, connections: 1 up, 0 down, 0 local, 1 remote, 0 unknown CE name: ce1, id: 1, Rid type status peer-id route-distinguisher interface primary or not ---------------------------------------------------------------------------2 rmt up 3.3.3.9 100:1 GigabitEthernet1/0/0.1 primary

Run the display mpls l2vpn [ l2vpn-name [ local-ce | remote-ce ] ] command. You can find that route-distinguisher and L2VPN route targets are correctly configured. For example:
<Quidway> display mpls l2vpn vpn1 VPN name: vpn1, encap type: ppp, local ce number(s): 1, remote ce number(s): 1 route distinguisher: 100:1, MTU: 1500 import vpn target: 1:1, export vpn target: 1:1, remote vpn site(s) : no. remote-pe-id route-distinguisher 1 3.3.3.9 100:1

Run the display mpls l2vpn { export-route-target-list | import-route-target-list } command. You can find that the route target is correctly configured. For example:
<Quidway> display import vpn target <Quidway> display export vpn target mpls l2vpn import-route-target-list list: 744:7 745:7 746:7 888:8 VLL export-route-target-list list: 755:7 888:8

5-26

Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd.

Issue 03 (2008-09-22)

Quidway NetEngine80E/40E Core Router Configuration Guide - VPN

5 VLL Configuration

5.6 Configuring VLL IP Interworking


This section describes how to configure VLL IP interworking. 5.6.1 Establishing the Configuration Task 5.6.2 Configuring Local CCC Connection IP-Interworking 5.6.3 Configuring Remote CCC Connection IP-Interworking 5.6.4 Configuring Martini L2VPN IP-Interworking 5.6.5 Configuring Kompella L2VPN IP-Interworking 5.6.6 Configuring the PE to Access the CE Through Ethernet or VLAN 5.6.7 Checking the Configuration

5.6.1 Establishing the Configuration Task


Applicable Environment
If the link types of CEs at the two ends of an VLL are different, you need to use the VLL internetworking feature.

Pre-configuration Tasks
Before configuring VLL internetworking, complete the following tasks:
l

Configuring the static route or IGP for the MPLS backbone network (PE or P) to implement IP connectivity Enabling the MPLS for the PE and P Establishing a tunnel between PEs according to the tunnel policy if it is a remote connection For Martini mode, establishing an LDP session between PEs that are connected directly, or establishing a remote LDP session between PEs that are not connected directly For Kompella mode, establishing the BGP peering session between PEs Configuring sub-interfaces when the AC type is VLAN, configuring VCs when the AC type is ATM
NOTE

l l l

l l

For configuration of VLAN sub interface and ATM virtual channel, refer to the chapter "VLAN Configuration" in the Quidway NetEngine80E/40E Router Configuration Guide - LAN Access and MAN Access and the chapter "ATM Configuration" in the Quidway NetEngine80E/40E Router Configuration Guide - WAN Access.

Data Preparation
To configure VLL internetworking, you need the following data.

Issue 03 (2008-09-22)

Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd.

5-27

5 VLL Configuration

Quidway NetEngine80E/40E Core Router Configuration Guide - VPN

No. 1 2

Data Media for access at two ends MAC address of CE for Ethernet or VLAN access

Other required data is the same as that for the local CCC connection, Martini VLL or Kompella VLL.

5.6.2 Configuring Local CCC Connection IP-Interworking


Context
Do as follows on the local PEs:

Procedure
Step 1 Run:
system-view

The system view is displayed. Step 2 Run:


mpls l2vpn

The MPLS L2VPN is enabled. Step 3 Run


ccc ip-interworking ccc-connection-name interface interface-type interface-number out-interface interface-type interface-number

A local CCC connection is created. ----End

5.6.3 Configuring Remote CCC Connection IP-Interworking


Context
Do as follows on the local PEs:

Procedure
Step 1 Run:
system-view

The system view is displayed. Step 2 Run:


mpls l2vpn

The MPLS L2VPN is enabled.


5-28 Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd. Issue 03 (2008-09-22)

Quidway NetEngine80E/40E Core Router Configuration Guide - VPN

5 VLL Configuration

Step 3 Run
ccc ip-interworking ccc-connection-name interface interface-type interface-number in-label in-label-value out-label out-label-value { nexthop ip-address | outinterface interface-type interface-number } [ control-word | no-control-word ]

A remote CCC connection is created. ----End

5.6.4 Configuring Martini L2VPN IP-Interworking


Context
Do as follows on the local PEs:

Procedure
Step 1 Run:
system-view

The system view is displayed. Step 2 Run:


mpls l2vpn

The MPLS L2VPN is enabled. Step 3 Run:


mpls l2vpn default martini

The mode is switched to Martini. Step 4 Run:


quit

Return to the system view. Step 5 Run:


interface interface-type interface-number

The view of the interface accessing the CE is displayed. Step 6 Run:


mpls l2vc dest-ip-addr vc-id [ group-id group-id ] [ tunnel-policy policy-name ] [ control-word | no-control-word ] ip-interworking

A Martini VLL internetworking connection is created.


NOTE

By default, PWE3 mode is used. PWE3 mode supports Notification packets to negotiate the PW status information. Martini mode does not support Notification packets. For description about Notification packets, refer to the chapter "PWE3 Configuration." If the peer CE does not support Notification packets, use the mpls l2vpn default martini command to switch the system mode to Martini.

----End
Issue 03 (2008-09-22) Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd. 5-29

5 VLL Configuration

Quidway NetEngine80E/40E Core Router Configuration Guide - VPN

5.6.5 Configuring Kompella L2VPN IP-Interworking


Context
Do as follows on the local PEs:

Procedure
Step 1 Run:
system-view

The system view is displayed. Step 2 Run:


mpls l2vpn

The MPLS L2VPN is enabled. Step 3 Run:


quit

Return to the system view. Step 4 Run


mpls l2vpn l2vpn-name encapsulation ip-interworking [ control-word | no-controlword ]

A VPN is created and the MPLS L2VPN view is displayed. ----End

Postrequisite
After the configuration mentioned above, you also need to configure BGP with the L2VPN capacity, VPN and CE connection. These configurations are the same as those for common Kompella L2VPN. For details, see Configuring Kompella VLL.

5.6.6 Configuring the PE to Access the CE Through Ethernet or VLAN


Context
This section discusses the configuration required when the CE accesses the PE through Ethernet or VLAN. The configuration for other link layer protocols is simple. For details, see the examples for L2VPN internetworking configuration in "Configuration Examples." All IP packets received from the remote PE are discarded if all the following conditions are satisfied:
l

The L2VPN Ethernet interface or sub interface is IP-internetworking encapsulated on the PE.
Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd. Issue 03 (2008-09-22)

5-30

Quidway NetEngine80E/40E Core Router Configuration Guide - VPN


l

5 VLL Configuration

The MAC address of the local CE cannot be learned (regardless of in dynamic or static way). The broadcast mode is not enabled.

Do as follows on the local PEs:

Procedure
Step 1 Run:
system-view

The system view is displayed. Step 2 Run:


interface interface-type interface-number

The view of the interface accessing the CE is displayed. Step 3 Choose one of the following commands.
l l

Run the local-ce ip ip-address command to configure an IP address for the CE interface. Run the local-ce mac mac-address command to specify the MAC address of the local CE interface.

Step 4 (Optional) Run:


local-ce mac broadcast

Broadcast is enabled on the interface connected to the local CE. Step 5 (Optional) Run:
ip address remote-ip-address

The IP address of the remote CE is assigned to the interface connected to the local CE. ----End

Postrequisite
The commands mentioned above are valid only for Ethernet-type (such as Ethernet, Gigabit Ethernet and Virtual Ethernet) interfaces that connect the PE and the CE. The IPinternetworking-encapsulated L2VPN connections are forwarded through these interfaces. The following describes the above commands:
l

On the PE, the MAC address of the CE can be configured manually through the local-ce mac command. Once the MAC address is configured, all IP packets sent from the PE to the CE use this MAC address. On the PE, the IP address of the CE can be configured manually through the local-ce ip command. Suppose that the IP address of the CE is configured on the PE. Before sending an IP packet to the CE, the PE searches for the MAC address of the CE, a static or dynamic one. If no MAC address is found, the PE sends the ARP request within which the source and destination IP addresses are both set to the IP address of the CE. After receiving the ARP request, CE regards that there is another device with the same IP address as itself on the network. If the CE supports gratuitous ARP response packet, the PE can learn the MAC address of the local CE. If not, the PE cannot learn the MAC address of the local CE and fails to forward the packet.
Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd. 5-31

Issue 03 (2008-09-22)

5 VLL Configuration
l

Quidway NetEngine80E/40E Core Router Configuration Guide - VPN

The local-ce mac broadcast command enables the broadcast on the PE. Once the broadcast is enabled, when PE sends IP packets to the CE, the broadcast address is taken as the destination MAC address if no static or dynamic MAC address is found and the IP address of the CE is not statically configured.

Run the reset local-ce mac command in user view to clear the MAC address and VLAN ID information that the Ethernet interface dynamically learns from the local CE.
NOTE

Large packets sent from a CE to a PE cannot be forwarded to the PSN because L2VPN does not support packet fragmentation. When configuring the VLL, you are recommended to set the MTU value on the CE interface connecting the PE to 1500 by using the mtu command. As a result, the CE fragments large packets before sending the large packets to the PE. The fragmented packets can be normally forwarded in the public network.

5.6.7 Checking the Configuration


Run the following commands to check the previous configuration. Action For CCC VLLs, check information about CCC connections. For SVC VLLs, check information about VLL connections. For Martini VLLs, check information about VLLs. For Martini VLLs, check brief information about VLLs. For Kompella VLLs, check information about VLL connections. Command display ccc [ ccc-name | type { local | remote } ] display mpls static-l2vc [ interface interface-type interface-number ] display mpls l2vc [ vc-id | interface interface-type interface-number ] display mpls l2vc brief display mpls l2vpn connection [ [ l2vpn-name [ remote-ce ce-offset | down | up | verbose ] ] | summary | [ interface interface-type interfacenumber ] ]

Run the display ccc command, and you can find that the status of the CCC VC is Up. For example:
[Quidway] display ccc total ccc vc : 1 local ccc vc : 0, 0 up remote ccc vc : 1, 1 up name: CE2-CE1, type: remote, state: up, intf: GigabitEthernet2/0/0 (up), in-label: 201 , out-label: 101 , out-interface : Pos1/0/0

Run the display mpls l2vc command, and you can find that destination is the peer IP address of the specified VC, VC state is up, and VC type is IP-interworking. For example:
[Quidway] display mpls l2vc total LDP VC : 1 1 up 0 down *client interface : GigabitEthernet1/0/0 session state : up AC status : up

5-32

Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd.

Issue 03 (2008-09-22)

Quidway NetEngine80E/40E Core Router Configuration Guide - VPN


VC state : VC ID : VC type : destination : local VC label : control word : forwarding entry : local group ID : manual fault : active state : link state : local VC MTU : tunnel policy name : traffic behavior name: PW template name : primary or secondary : create time : up time : last change time :

5 VLL Configuration
up 1 IP-interworking 3.3.3.9 21504 remote VC label : 21504 disable exist 0 not set active up 1500 remote VC MTU : 1500 ---primary 0 days, 0 hours, 5 minutes, 7 seconds 0 days, 0 hours, 0 minutes, 6 seconds 0 days, 0 hours, 0 minutes, 6 seconds

Run the display mpls l2vc brief command. You can find that destination is the peer IP address of the specified VC and VC state is up. For example:
<Quidway> display mpls l2vc brief Total ldp vc : 1 1 up 0 down *Client Interface VC State VC ID VC Type Destination : : : : : GigabitEthernet1/0/0.1 up 101 VLAN 3.3.3.9

Run the display mpls l2vpn connection command, and you can find that VPN name is correctly configured and status of the connection is up. For example: Information about the local connection is as follows:
[Quidway] display mpls l2vpn connection 2 total connections, connections: 2 up, 0 down, 2 local, 0 remote, 0 unknown VPN name: vlantoatm, 2 total connections, connections: 2 up, 0 down, 2 local, 0 remote, 0 unknown CE name: ce1, id: 1, Rid type status peer-id route-distinguisher interface primary or not ---------------------------------------------------------------------------2 loc up ----Atm2/0/0.1 primary CE name: ce2, id: 2, Rid type status peer-id route-distinguisher interface primary or not ---------------------------------------------------------------------------1 loc up ----GigabotEthernet1/0/0.1 primary

Information about the remote connection is as follows:


[Quidway] display mpls l2vpn connection 1 total connections, connections: 1 up, 0 down, 0 local, 1 remote, 0 unknown CE name: ce1, id: 1, Rid type status peer-id route-distinguisher interface primary or not ---------------------------------------------------------------------------2 rmt up 3.3.3.9 100:1 GigabitEthernet1/0/0.1 primary

Issue 03 (2008-09-22)

Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd.

5-33

5 VLL Configuration

Quidway NetEngine80E/40E Core Router Configuration Guide - VPN

5.7 Configuring Inter-AS Martini VLL


This section describes how to configure the inter-AS Martini VLL. 5.7.1 Establishing the Configuration Task 5.7.2 Configuring Inter-AS Option A 5.7.3 Configuring Inter-AS Option C 5.7.4 Checking the Configuration

5.7.1 Establishing the Configuration Task


Applicable Environment
If the MPLS backbone network bearing the Martini VLL spans multiple ASs, you must configure the inter-AS Martini VLL. There are two solutions to the inter-AS Martini VLL:
l

Inter-AS Option A: This solution can be easily implemented. When the number of interAS Martini VLLs on ASBRs is small, Option A is recommended. Inter-AS Option C: In this solution, ASBRs do not need to create or maintain VCs. When each AS has a large number of Martini L2VPN routes to be exchanged, Option C can be used to prevent the ASBR from hindering the network extension.

Pre-configuration Tasks
Before configuring the inter-AS Martini VLL, complete the following tasks:
l

Configuring static routes or IGP on the PE or P devices in the MPLS backbone network of ASs to implement the IP connectivity of the backbone network devices in the same AS Configuring the basic MPLS capability on the MPLS backbone network of each AS Configuring MPLS LDP and establishing LDP LSP for the MPLS backbone of each AS Establishing the IBGP peer relationship between the PE and ASBR in the same AS and the EBGP peer relationship between two ASBRs in different ASs (for Option C)

l l l

Data Preparation
To configure the inter-AS Martini VLL, you need the following data. No. 1 2 3 4 Data Mode of the inter-AS VPN Number of each AS IP addresses of the interfaces between ASBRs (for Option C) Routing policy (for Option C)

5-34

Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd.

Issue 03 (2008-09-22)

Quidway NetEngine80E/40E Core Router Configuration Guide - VPN

5 VLL Configuration

5.7.2 Configuring Inter-AS Option A


Context
The configurations of inter-AS Martini VLL Option A are as follows:
l l

Creating a Martini VLL Connection for each AS Configuring the ASBR by regarding the peer ASBR as the local CE

You do not need to perform inter-AS related configurations on the ASBR or to configure the IP addresses on the ASBR interfaces that directly connect ASBRs. The detailed configurations are not mentioned here.
NOTE

If the inter-AS SVC VLL Option A needs to be configured, create the SVC for each AS. For the detailed configuration, see Creating an SVC VLL Connection.

5.7.3 Configuring Inter-AS Option C


Context

CAUTION
In Option C, do not enable LDP between ASBRs. If LDP is enabled on the interfaces connecting the ASBRs, the LDP session is set up between the ASBRs. The ASBR establishes the egress LSP and sends Mapping messages to the upstream ASBR. After receiving the Mapping message, the upstream ASBR establishes the transit LSP. When a large number of BGP routes exist, enabling LDP on the interfaces connecting the ASBRs leads to the consumption of a great number of LDP labels. To advertise routes destined for the LSR ID of the local PE to a remote P device, you can set up the IBGP peer relationship between a remote ASBR and the remote P device.

Procedure
l Configuring the Capability of Exchanging Labeled IPv4 Routes on the PE Do as follows on the PEs within the area: 1. Run:
system-view

The system view is displayed. 2. Run:


bgp as-number

The BGP view is displayed. 3. Run:


peer peer-address label-route-capability

Issue 03 (2008-09-22)

Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd.

5-35

5 VLL Configuration

Quidway NetEngine80E/40E Core Router Configuration Guide - VPN

The capability of exchanging labeled IPv4 routes between the local AS and the ASBR is enabled. l Configuring the Capability of Exchanging Labeled IPv4 Routes on the ASBR Do as follows on the ASBRs within the area: 1. Run:
system-view

The system view is displayed. 2. Run:


interface interface-type interface-number

The view of the interface that connects the peer ASBR is displayed. 3. Run:
ip address ip-address { mask | mask-length }

The IP address is configured for the interface. 4. Run:


mpls

MPLS is enabled. 5. Run:


quit

Return to the system view. 6. Run:


bgp as-number

The BGP view is displayed. 7. Run:


peer peer-address label-route-capability

The capability of exchanging labeled IPv4 routes between the PEs of the same AS is enabled. 8. Run:
peer peer-address as-number as-number

The peer ASBR is specified as the EBGP peer. 9. Run:


peer peer-address label-route-capability

The capability of exchanging labeled IPv4 routes between the PE and the peer ASBR is enabled. In an inter-AS VPLS using Option C, you must establish an inter-AS LSP. The related PE devices and ASBR devices exchange public network routes with the MPLS labels. The ASBR establishes an EBGP peer relationship with the remote ASBR to exchange the labeled IPv4 routes. The public network routes with the MPLS labels are advertised through MP-BGP. Complying with RFC 3107 (Carrying Label Information in BGP-4), the label mapping information of a route is contained in the BGP Update message (piggyback). This feature is implemented through the BGP extension attribute, which requires BGP peers to process the labeled IPv4 routes.
5-36 Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd. Issue 03 (2008-09-22)

Quidway NetEngine80E/40E Core Router Configuration Guide - VPN

5 VLL Configuration

By default, the BGP peers do not process the labeled IPv4 routes. l Creating a Routing Policy Do as follows on the ASBRs within the area: 1. Run:
system-view

The system view is displayed. 2. Run:


route-policy policy-name1 permit node seq-number

The routing policy applied to the local PE is created. 3. Run:


if-match mpls-label

The labeled IPv4 routes are matched. 4. Run:


apply mpls-label

The label allocation for the IPv4 routes is enabled. 5. Run:


quit

Return to the system view. 6. Run:


route-policy policy-name2 permit node seq-number

The routing policy applied to the peer ASBR is created. 7. Run:


apply mpls-label

The label allocation for the IPv4 routes is enabled. l Applying the Routing Policy Do as follows on the ASBRs within the area: 1. Run:
system-view

The system view is displayed. 2. Run:


bgp as-number

The BGP view is displayed. 3. Run:


peer peer-address route-policy policy-name1 export

The routing policy used when the routes are advertised to the local PE is configured. 4. Run:
peer peer-address route-policy policy-name2 export

The routing policy used when the routes are advertised to the peer ASBR is configured. After the routing policy is applied on the ASBR:
Issue 03 (2008-09-22) Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd. 5-37

5 VLL Configuration

Quidway NetEngine80E/40E Core Router Configuration Guide - VPN

For the routes received on the PE in the local AS, the MPLS label is allocated to the routes when the routes are advertised to the peer ASBR. For the routes advertised to the PE in the local AS, if the routes are labeled IPv4 routes, the MPLS label is allocated to the routes.

The allocation of labels to the IPv4 routes is controlled by the routing policy. The labels are allocated to the routes that satisfy certain conditions. By default, IPv4 routes do not carry MPLS labels. l Establishing the Remote MPLS LDP Sessions Between the PEs Do as follows on the PEs within the AS: 1. Run:
system-view

The system view is displayed. 2. Run:


mpls ldp remote-peer peer-name

The name of the remote LDP session is specified. To exchange PW information between the PEs, the remote MPLS LDP session must be set up between the PEs. 3. Run:
remote-ip ip-address

The remote IP address is specified for the remote LDP session. l Configuring MPLS L2VC Configure VCs on the PEs. For the detailed configurations, see Creating a Martini VLL Connection.
NOTE

If the inter-AS SVC VLL Option C needs to be configured, create the SVC on the PE. For the detailed configuration, see Creating an SVC VLL Connection.

----End

5.7.4 Checking the Configuration


Run the following commands to check the previous configuration. Action Check information about the local PW on the PE. Check information about the remote PW on the PE. Command display mpls l2vc [ vc-id | interface interface-type interface-number ] display mpls l2vc remote-info [ vc-id ]

Run the display mpls l2vc [ vc-id | interface interface-type interface-number ] command. You can see that VC State is up. For example:
5-38 Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd. Issue 03 (2008-09-22)

Quidway NetEngine80E/40E Core Router Configuration Guide - VPN


[Quidway] display mpls l2vc interface gigabitethernet 1/0/0.1 *Client Interface : GigabitEthernet1/0/0.1 is up Session State :UP AC State : up VC State : up VC ID : 100 VC Type : vlan Destination : 192.3.3.3 Local Group ID : 0 Remote Group ID : 0 Local VC Label : 1025 Remote VC Label : 1024 Local VC MTU : 1500 Remote VC MTU : 1500 Local VCCV : Disable Remote VCCV : Disable Local Frag : Disable Remote Frag : Disable Local Ctrl Word : Disable Remote Ctrl Word : Disable Tunnel Policy : -Traffic Behavior : -PW Template Name : -VC tunnel/token info : 1 tunnels/tokens NO.0 TNL Type : lsp , TNL ID : 0x202000 Create time : 0 days, 0 hours, 2 minutes, 27 seconds UP time : 0 days, 0 hours, 1 minutes, 1 seconds Last change time : 0 days, 0 hours, 1 minutes, 1 seconds

5 VLL Configuration

Run the display mpls l2vc remote-info command. You can find that Peer Address is the peer address of the specified VC. For example:
<Quidway> display mpls l2vc remote-info Total remote ldp vc : 1 Transport Group Peer Remote VC ID ID Addr Encap 100 0 3.3.3.9 vlan

Remote VC Label 17408

MTU/ N S Bit CELLS Bit Bit 0 1500 1 0

5.8 Configuring the Inter-AS Kompella VLL


This section describes how to configure the inter-AS Kompella VLL. 5.8.1 Establishing the Configuration Task 5.8.2 Configuring the Inter-AS Kompella VLL Option A 5.8.3 Configuring the Inter-AS Kompella VLL Option C 5.8.4 Checking the Configuration

5.8.1 Establishing the Configuration Task


Applicable Environment
If the MPLS backbone network of the Kompella VLL covers multiple ASs, you must configure the inter-AS Kompella VLL. Three schemes are available for the inter-AS Kompella VLL:
l

Inter-AS VPN-Option A If the number of VPNs and VPN routes on the PE is small, the inter-AS VPN Option A scheme can be used. When this scheme is used, the ASBR must support VPN instances

Issue 03 (2008-09-22)

Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd.

5-39

5 VLL Configuration

Quidway NetEngine80E/40E Core Router Configuration Guide - VPN

and can manage VPN routes. In addition, the ASBR must provide a dedicated interface for each inter-AS VPN. The interface can be a sub-interface, physical interface, or logical interface. Therefore, this scheme puts high requirement on the performance of the ASBR. The ASBR, however, does not need any inter-AS configuration.
l

Inter-AS VPN Option C If each AS has a large number of VPN routes to be exchanged, the VPN Option C can be used to prevent the ASBR PE from becoming a bottleneck of the network. If this scheme is adopted, the VPN routes are exchanged between the ingress PE and egress PE directly, and are not forwarded or stored by the intermediate devices. This scheme is applicable to the scenario of load balancing in the MPLS VPN.

Pre-configuration Tasks
Before configuring the inter-AS Kompella VLL, complete the following tasks:
l

Configuring static routes or IGP on the PE or P devices in the MPLS backbone network of the ASs to implement IP networking of the backbone network devices in the same AS Configuring the basic MPLS capacity on the MPLS backbone network of each AS Configuring MPLS LDP and establishing LDP LSP for the MPLS backbone of each AS Setting up the IBGP peers between the PE and ASBR in the same AS and setting up the EBGP peers between the ASBRs in different ASs (for Option C)

l l l

Data Preparation
To configure the inter-AS Kompella VLL, you need the following data. No. 1 2 3 4 Data Scheme of the inter-AS VPN Number of each AS IP addresses of the interfaces connecting ASBRs (for Option C) Routing policy (for Option C)

5.8.2 Configuring the Inter-AS Kompella VLL Option A


Context
The configurations of the inter-AS Kompella VLL Option A are as follows:
l l

Configuring Kompella VLL for each AS Configuring the ASBR of the remote end as the CE of the local end

You do not need to perform inter-AS related configurations on the ASBR or to configure the IP addresses on the ASBR interfaces that directly connect ASBRs. The configuration details are not mentioned here.
5-40 Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd. Issue 03 (2008-09-22)

Quidway NetEngine80E/40E Core Router Configuration Guide - VPN

5 VLL Configuration

5.8.3 Configuring the Inter-AS Kompella VLL Option C


Context

CAUTION
In Option C, do not enable LDP between ASBRs. If LDP is enabled on the interfaces connecting the ASBRs, the LDP session is set up between the ASBRs. The ASBR establishes the egress LSP and sends a Mapping message to the upstream ASBR. After receiving the Mapping message, the upstream ASBR establishes a transit LSP. When a large number of BGP routes exist, enabling LDP on the interfaces connecting ASBRs leads to the consumption of excessive LDP labels. To advertise routes destined for the LSR ID of the local PE to a remote P device, you can set up the IBGP peer relationship between a remote ASBR and the remote P device.

Procedure
l Configuring the Capability of Exchanging Labeled IPv4 Routes on the PE Side Do as follows on the PEs within the AS: 1. Run:
system-view

The system view is displayed. 2. Run:


bgp as-number

The BGP view is displayed. 3. Run:


peer peer-address label-route-capability

The capability of exchanging labeled IPv4 routes between the local AS and the ASBR is enabled. l Configuring the Capability of Exchanging Labeled IPv4 Routes on the ASBR Side Do as follows on the ASBRs within the AS: 1. Run:
system-view

The system view is displayed. 2. Run:


interface interface-type interface-number

The view of the interface that connects the peer ASBR is displayed. 3. Run:
ip address ip-address { mask | mask-length }

The IP address is configured for the interface. 4. Run:


mpls

Issue 03 (2008-09-22)

Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd.

5-41

5 VLL Configuration

Quidway NetEngine80E/40E Core Router Configuration Guide - VPN

MPLS is enabled. 5. Run:


quit

Return to the system view. 6. Run:


bgp as-number

The BGP view is displayed. 7. Run:


peer peer-address label-route-capability

The capability of exchanging labeled IPv4 routes with the PEs of the same AS is enabled. 8. Run:
peer peer-address label-route-capability

The capability of exchanging labeled IPv4 routes with the peer ASBR is enabled. In the Option C, an inter-AS LSP must be set up. The public routes advertised between the related PEs and the ASBRs carry MPLS label information. If the ASBR and the peer ASBR set up the common EBGP peer relationship, the labeled IPv4 routes can be exchanged. The public routes carrying MPLS labels are advertised by MP BGP. According to RFC 3107 (Carrying Label Information in BGP-4), information about the label mapping of a route can be carried in the BGP route update message. The feature is realized through the BGP extended attribute. The BGP peer is required to possess the capability of processing the labeled IPv4 routes. By default, a BGP peer cannot process labeled IPv4 routes. l Creating a Routing Policy Do as follows on the ASBRs within the AS: 1. Run:
system-view

The system view is displayed. 2. Run:


route-policy policy-name1 permit node seq-number

The routing policy applied to the local PE is created. 3. Run:


if-match mpls-label

The labeled IPv4 routes are matched. 4. Run:


apply mpls-label

The label allocation for the IPv4 routes is enabled. 5. Run:


quit

5-42

Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd.

Issue 03 (2008-09-22)

Quidway NetEngine80E/40E Core Router Configuration Guide - VPN

5 VLL Configuration

Return to the system view. 6. Run:


route-policy policy-name2 permit node seq-number

The routing policy applied to the peer ASBR is created. 7. Run:


apply mpls-label

The label allocation for the IPv4 routes is enabled. l Applying the Routing Policy Do as follows on the ASBRs within the AS: 1. Run:
system-view

The system view is displayed. 2. Run:


bgp as-number

The BGP view is displayed. 3. Run:


peer peer-address route-policy policy-name1 export

The routing policy used when the routes are advertised to the local CE is configured. 4. Run:
peer peer-address route-policy policy-name2 export

The routing policy used when the routes are advertised to the peer ASBR is configured. After the routing policy is applied on the ASBR:

For the routes received from the PE in the local AS, MPLS labels are allocated to the routes when the routes are advertised to the peer ASBR. For the routes advertised to the PE in the local AS, if the routes are labeled IPv4 routes, MPLS labels are allocated to the routes.

The allocation of labels to the IPv4 routes is controlled by the routing policy. Labels are allocated to the routes that satisfy certain conditions. By default, the IPv4 routes do not carry MPLS labels. l l Establishing the EBGP Peer Relationship Between the PEs Configuring the ASBR PE Do as follows on the ASBR PE: 1. 2. Run:
system-view

Run:
bgp as-number

The BGP view is displayed. 3. Run:


network ip-address [ mask | mask-length ] [ route-policy route-policyname ]

Issue 03 (2008-09-22)

Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd.

5-43

5 VLL Configuration

Quidway NetEngine80E/40E Core Router Configuration Guide - VPN

The local PE loopback interface address used in BGP sessions is advertised to the peer ASBR PE. l Configuring the PE Do as follows on the PE that the CE accesses: 1. 2. Run:
system-view

Run:
bgp as-number

The BGP view is displayed. 3. Run:


peer peer-address as-number as-number

The peer PE is specified as the EBGP peer. 4. Run:


peer peer-address ebgp-max-hop [ hop-count ]

The permitted maximum hop in setting up the EBGP peer is set. The PE devices in different ASs are generally indirectly connected. To set up the EBGP peers between these PEs, configure the maximum number of hops between the PEs and ensure that the PE devices are reachable. 5. Run:
l2vpn-family

The BGP-L2VPN address family view is displayed. 6. Run:


peer peer-address enable

The capability of exchanging labeled IPv4 routes with the peer PE is enabled. 7. Run:
peer peer-address next-hop-invariable

The next hop is specified to be unchanged when information about VPLS label blocks is sent to the EBGP peer.
NOTE

Step 7 is required when the VPN IPv4 routes are advertised through the route reflector (RR). When the VPN IPv4 routes are advertised between the RRs, the next hop of the routes cannot be changed. Step 7 is not required generally.

Configuring MPLS L2VC Configure VCs on the PEs. For the detailed configuration, see Configuring Kompella VLL.

----End

5.8.4 Checking the Configuration


Run the following commands to check the previous configuration.
5-44 Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd. Issue 03 (2008-09-22)

Quidway NetEngine80E/40E Core Router Configuration Guide - VPN

5 VLL Configuration

Action Check BGP information about a Kompella VLL. Check information about the Kompella VLLs. Check L2VPN information about a PE. Check the route target list of an L2VPN.

Command display bgp l2vpn { all | group [ group-name ] | peer [ [ peerip-address ] verbose ] | route-distinguisher routedistinguisher [ ce-id ce-id [ label-offset label-offset ] ] } display mpls l2vpn connection [ vpn-name [ remote-ce ce-id | down | up | verbose ] | summary | interface interface-type interface-number ] display mpls l2vpn [ l2vpn-name [ local-ce | remote-ce ] ] display mpls l2vpn { export-route-target-list | import-routetarget-list }

Run the display bgp l2vpn command. You can find that Nexthop is the peer address of the VC, route-distinguisher of the L2VPN is correct, and the label allocation is complete. For example:
<Quidway> display bgp l2vpn all BGP Local router ID : 1.1.1.9, local AS number : 100 Origin codes:i - IGP, e - EGP, ? - incomplete bgp.l2vpn: 1 destination Route Distinguisher: 100:1 CE ID Label Offset Label Base nexthop pref 2 0 25600 3.3.3.9 100

as-path

Run the display mpls l2vpn connection command. You can find that VPN name is correctly configured, Status of the connection is up, and route-distinguisher is correctly configured. For example:
<Quidway> display mpls l2vpn connection 1 total connections, connections: 1 up, 0 down, 0 local, 1 remote, 0 unknown VPN name: vpn1, 1 total connections, connections: 1 up, 0 down, 0 local, 1 remote, 0 unknown CE name: ce1, id: 1, Rid type status peer-id route-distinguisher intf primary or not 2 rmt up 3.3.3.9 100:1 Pos1/0/0 primary

Run the display mpls l2vpn [ l2vpn-name [ local-ce | remote-ce ] ] command. You can find that route-distinguisher and L2VPN route targets are correctly configured. For example:
<Quidway> display mpls l2vpn vpn1 VPN name: vpn1, encap type: ppp, local ce number(s): 1, remote ce number(s): 1 route distinguisher: 100:1, MTU: 1500 import vpn target: 1:1, export vpn target: 1:1, remote vpn site(s) : no. remote-pe-id route-distinguisher 1 3.3.3.9 100:1

Run the display mpls l2vpn { export-route-target-list | import-route-target-list } command. You can find that the route target is correctly configured. For example:
<Quidway> display mpls l2vpn import-route-target-list import vpn target list: 744:7 745:7 746:7 888:8

Issue 03 (2008-09-22)

Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd.

5-45

5 VLL Configuration

Quidway NetEngine80E/40E Core Router Configuration Guide - VPN

5.9 Configuring VLL FRR


This section describes how to configure VLL FRR. 5.9.1 Establishing the Configuration Task 5.9.2 Configuring BFD for PW 5.9.3 Configuring OAM Mapping 5.9.4 (Optional) Configuring the Revertive Switchover Policy 5.9.5 Checking the Configuration

5.9.1 Establishing the Configuration Task


Applicable Environment
VLL FRR is mainly used in the following networking modes:
l l

Symmetrically dual-homed CEs Two communication paths exist between the CEs on the two ends of the VC. One is the master path; the other is a backup path. Asymmetrically connected CEs The CE on one end of the VC accesses the PE of higher reliability through a single reliable link. The CE on the other end is dual-homed to the PE of lower reliability. Thus, two communication paths form between the CEs on the two ends of the VC. The path of higher reliability acts as the master path, and the path with the lower reliability acts as the backup path.

l l

After VLL FRR is configured, L2VPN traffic is rapidly switched to the backup path when a fault occurs on the master path. After the fault on the master path is cleared, the L2VPN traffic is switched back to the master path according to the revertive switchover policy.
NOTE

For asymmetrically connected CEs, the primary and secondary IP addresses need to be configured on the interface on the CE connected to the PE through a single link. When the master path is available, the CE uses the master IP address to communicate with the remote CE. When a fault occurs on the master path, this CE communicates with the remote CE by using the secondary IP address.

Pre-configuration Tasks
Before configuring VLL FRR, complete the following tasks:
l

Configuring a PW on the master path and backup path respectively for the networking where CEs are symmetrically dual-homed to PEs PWs on the master path and backup path can be different. Configuring a master PW and a backup PW for the networking where CEs are asymmetrically connected to PEs The master PW and backup PW must be of the same type.
Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd. Issue 03 (2008-09-22)

l l

5-46

Quidway NetEngine80E/40E Core Router Configuration Guide - VPN


l

5 VLL Configuration

Configuring CEs to exchange routing information by using routing protocols or static routes
NOTE

To configure a PW for PPP, FR, or HDLC in VLL FRR, you must specify the parameter ipinterworking and enable the control word. To configure a Martini VLL or PWE3, you must use the PW template to configure a PW, enable the control word in the PW template, and use BFD to perform Virtual Circuit Connectivity Verification (VCCV). If the IP addresses of the AC interfaces on the two CEs at the both ends of the PW are not in the same network segment, the type of the AC links must be modified to PPP and the ppp peer hostroutesuppress command cannot be used. In the networking where CEs are asymmetrically connected to related PEs, the backup PW cannot transmit data when the master path and backup path work normally. If the AC interface of the backup PW borrows the IP address of the AC interface of the master PW, the following situations occur:
l l l

A permanent switching policy cannot be configured. The local CE has two equal-cost and direct routes to the remote CE. The destination addresses and next hops of the two routes are the same. In fact, the route that passes through the backup PW is invalid. If CEs exchange routing information by using routing protocols, you need to modify the cost or metric of the AC interface of the backup path to be greater than that of the AC interface of the master path. The local CE cannot communicate with the peer CE, but can communicate with other user devices. If CEs use static routes to exchange routing information, you need to modify the preference of the backup route to be lower than that of the primary route (the greater the value, the lower the preference) by using the ip route-static dest-ip-address mask out-interface preference preference-value command.

Data Preparation
To configure VLL FRR, you need the following data. No. 1 2 Data Local and remote discriminators of the BFD session Delay for revertively switching traffic when faults are cleared and the delay for advertising that the fault is cleared (by default, the delay for revertively switching traffic is 30 seconds and the delay for advertising that the fault is cleared is 10 seconds.) Link types of AC interfaces

5.9.2 Configuring BFD for PW


Context
Configuring Static BFD for PW or Configuring BFD for PW as required.

Procedure
l Configuring Static BFD for PW Do as follows on the PE: 1.
Issue 03 (2008-09-22)

Run:
Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd. 5-47

5 VLL Configuration
system-view

Quidway NetEngine80E/40E Core Router Configuration Guide - VPN

The system view is displayed. 2. Run:


bfd

BFD is enabled globally. 3. Run:


quit

Return to the system view. 4. Run:


bfd bfd-name bind pw interface interface-type interface-number [ secondary ]

BFD for PW is configured. secondary is required only for BFD for a backup PW. 5. Run:
discriminator local local-discriminator-value

The local BFD discriminator is set. 6. Run:


discriminator remote remote-discriminator-value

The remote BFD discriminator is set. The local BFD discriminator on the local PE is the same as the remote BFD discriminator on the peer PE; the remote BFD discriminator on the local PE is the same as the local BFD discriminator on the peer PE. 7. Run:
commit

The configurations related to BFD for PW are committed.


NOTE

Once configured, the local and remote BFD discriminators cannot be modified. To modify the local and remote BFD discriminators, run the undo bfd bfd-name command in the system view to delete the configurations related to BFD for PW, and then re-configure the local and remote BFD discriminators. After the PW is deleted, related BFD sessions and configurations are deleted.

Configuring Dynamic BFD for PW Do as follows on the PE: 1. Run:


system-view

The system view is displayed. 2. Run:


bfd

BFD is enabled globally. 3. Run:


quit

5-48

Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd.

Issue 03 (2008-09-22)

Quidway NetEngine80E/40E Core Router Configuration Guide - VPN

5 VLL Configuration

Return to the system view. 4. Run:


interface interface-type interface-number

The AC interface view is displayed. 5. Run:


mpls l2vpn pw bfd [ detect-multiplier multiplier | min-rx-interval rxinterval | min-tx-interval tx-interval ] * [ remote-vcid vc-id ] [ secondary ]

BFD for PW is created. You can use this command to create a BFD session or use this command to adjust BFD parameters. For BFD for multi-hop PW, you must specify remote-vcid, namely, the VC ID of the remote PW. For BFD for a backup PW, secondary must be used.
NOTE

l l

BFD for PW must be configured or deleted on the two PEs simultaneously; otherwise, the PW status on the two PEs may be different. To detect status of the tunnels that carry PWs, you can configure BFD for tunnels. For detailed configurations, refer to the chapters "Basic MPLS Configuration" and "MPLS TE Configuration" in the Quidway NetEngine80E/40E Router Configuration Guide - MPLS.

----End

5.9.3 Configuring OAM Mapping


Context
Do as follows on the PEs of the master path and backup path:

Procedure
Step 1 Run:
system-view

The system view is displayed. Step 2 Run:


interface interface-type interface-number

The AC interface view is displayed. Step 3 Select one of the following configurations to configure the OAM mapping between the AC and PW:
l l

Run the mpls l2vpn oam-mapping auto command to enable OAM mapping automatically. After OAM mapping is automatically enabled, association between the AC and PW is enabled, and PEs can automatically enable AC OAM fault detection and fault advertisement according to the AC type.
Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd. 5-49

Issue 03 (2008-09-22)

5 VLL Configuration
l

Quidway NetEngine80E/40E Core Router Configuration Guide - VPN

AC OAM fault detection refers to the detection of faults over ACs. AC OAM fault advertisement refers to advertising PW faults to CEs. Run the mpls l2vpn oam-mapping command to enable manually configured OAM mapping and enable AC fault detection and fault advertisement based on the AC type.

For PPP links, run the oam { detect lcp-terminal | notify lcp-terminal } * command. For HDLC links, run the oam { detect hello-stop | notify hello-stop } * command.

NOTE

In VLL FRR, PWs are configured with IP-internetworking. CEs cannot negotiate link parameters; therefore, CEs cannot sense faults. As a result, you must configure OAM mapping on the PEs on the master and backup paths. PEs, therefore, can advertise faults to the CEs; otherwise, when a PW fails, the related AC is still in the Up state. This leads to the interruption of services.

----End

5.9.4 (Optional) Configuring the Revertive Switchover Policy


Context
When CEs are asymmetrically connected to PEs, do as follows on the PE (where traffic is switched) to which the CE is connected through a single link:

Procedure
Step 1 Run:
system-view

The system view is displayed. Step 2 Run:


interface interface-type interface-number

The AC interface view is displayed. Step 3 Run:


mpls l2vpn reroute { { delay delay-time | immediately } [ resume resume-time ] | never }

The revertive switchover policy is configured. The types of the revertive switchover on PEs are as follows:
l

Immediate revertive switchover: The local PE immediately switches traffic to the master PW and notifies the fault to the remote PE of the backup PW. The PE notifies the rectification of the fault to the remote PE of the backup PW after the period of resume-time. Delayed revertive switchover: The PE switches traffic to the master PW after the period of delay-time. None revertive switchover: The PE does not switch traffic to the master PW until the backup PW fails.

For an asymmetric PW FRR networking, in which ACs are of the Ethernet type, note the following:
l

If the remote shutdown function is configured on the interface of a PE that connects a CE, you are not recommended to use the policy of immediate revertive switchover, because this
Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd. Issue 03 (2008-09-22)

5-50

Quidway NetEngine80E/40E Core Router Configuration Guide - VPN

5 VLL Configuration

policy may lead to network flapping and traffic loss. On the other hand, you can use the policy of delayed revertive switchover to set delay-time equal to or more than 30 seconds.
l

If the Ethernet OAM function is configured on the interface of a PE that connects a CE, and a revertive switchover policy is also configured, you cannot set resume-time to be 0 seconds, but be equal to or higher than one second.

----End

5.9.5 Checking the Configuration


Run the following commands to check the previous configuration. Action Check information about the local Martini VC. Check information about the peer Martini VC. For Kompella mode, check information about the L2VPN connection. Check information about BFD for PW sessions. Check forwarding information about the L2VPN. For Martini mode, check information about OAM mapping. For Kompella mode, check information about OAM mapping. Command display mpls l2vc [ vc-id | interface interface-type interface-number ] display mpls l2vc remote-info [ vc-id ] display mpls l2vpn connection [ [ l2vpn-name [ remote-ce ce-offset | down | up | verbose ] ] | summary | [ interface interface-type interfacenumber ] ] display bfd session pw interface interface-type interface-number [ secondary] [ verbose ] display mpls l2vpn forwarding-info [ vc-label ] interface interface-type interface-number [ | { begin | exclude | include } regular-expression ] display mpls l2vc oam-mapping [ interface interface-type interface-number ] display mpls l2vpn oam-mapping [ interface interface-type interface-number ]

Run the display mpls l2vc [ vc-id | interface interface-type interface-number ] command, and you can view that the status of the master and backup PWs is up, VC state of the master PW is active, and VC state of the backup PW is inactive. For example:
<Quidway> display mpls l2vc interface pos 1/0/0 *client interface : Pos1/0/0 is up session state : up AC state : up VC state : up VC ID : 100 VC type : IP-interworking destination : 3.3.3.3 local group ID : 0 remote group ID local VC label : 21504 remote VC label local AC OAM State : up local PSN State : up local forwarding state : forwarding remote AC OAM state : up remote PSN state : up

: 0 : 21504

Issue 03 (2008-09-22)

Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd.

5-51

5 VLL Configuration

Quidway NetEngine80E/40E Core Router Configuration Guide - VPN


remote forwarding state: forwarding BFD for PW : enable BFD sessionIndex : 257 BFD state : up manual fault : not set active state : active forwarding entry : exist link state : up local VC MTU : 1500 remote VC MTU : 1500 local VCCV : cw bfd remote VCCV : cw bfd local fragmentantion : disable remote fragmentantion: disable local control word : enable remote control word : enable tunnel policy : p1 traffic behavior : -PW template name : 1to3 primary or secondary : primary VC tunnel/token info : 1 tunnels/tokens NO.0 TNL type : cr lsp, TNL ID : 0x42002002 create time : 0 days, 0 hours, 12 minutes, 47 seconds up time : 0 days, 0 hours, 2 minutes, 11 seconds last change time : 0 days, 0 hours, 2 minutes, 11 seconds *client interface : Pos1/0/0 is up session state : up AC state : up VC state : up VC ID : 200 VC type : IP-interworking destination : 2.2.2.2 local group ID : 0 remote group ID : 0 local VC label : 21505 remote VC label : 21504 local AC OAM state : up local PSN state : up local forwarding state : forwarding remote AC OAM state : up remote PSN state : up remote forwarding state: forwarding BFD for PW : enable BFD sessionIndex : 256 BFD state : up manual fault : not set active state : inactive forwarding entry : existent link state : up local VC MTU : 1500 remote VC MTU : 1500 local VCCV : cw bfd remote VCCV : cw bfd local fragmentation : disable remote fragmentation: disable local control word : enable remote control word : enable tunnel policy : -traffic behavior : -PW template name : 1to2 primary or secondary : secondary VC tunnel/token info : 1 tunnels/tokens NO.0 TNL type : lsp , TNL ID : 0x2002004 create time : 0 days, 0 hours, 12 minutes, 47 seconds up time : 0 days, 0 hours, 1 minutes, 32 seconds last change time : 0 days, 0 hours, 1 minutes, 32 seconds reroute policy : delay 30 s, resume 10 s reason of last reroute : Remote AC fault was resumed time of last reroute : 0 days, 0 hours, 1 minutes, 38 seconds delay timer ID : -rest time :-resume timer ID : -rest time :--

Run the display mpls l2vc remote-info command, and you can view that Peer Addr is the peer address of the specified VC. For example:
<Quidway> display mpls l2vc remote-info Total remote ldp vc : 2 Transport Group Peer Remote Remote VC ID ID Addr Encap VC Label 100 0 3.3.3.3 interworking 21504

C MTU/ N S Bit CELLS Bit Bit 1 1500 1 0

5-52

Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd.

Issue 03 (2008-09-22)

Quidway NetEngine80E/40E Core Router Configuration Guide - VPN


200 0 2.2.2.2 interworking 21504 1

5 VLL Configuration
1500 1 0

Run the display mpls l2vpn connection interface command. You can find that local vc state and remote vc state are both up, the forwarding state of the master PW is true, and the forwarding state of the backup PW is false.
<Quidway> display mpls l2vpn connection interface pos 1/0/0 conn-type: remote local vc state: up remote vc state: up local ce-id: 1 local ce name: ce1 remote ce-id: 2 intf(state,encap): Pos1/0/0(up,interworking) peer id: 3.3.3.3 route-distinguisher: 100:2 local vc label: 25602 remote vc label: 25601 tunnel policy: p1 primary or secondary: primary forwardEntry exist or not: true forward entry active or not:true manual fault set or not: not set AC OAM state: up BFD for PW session index: 256 BFD for PW state: up BFD for LSP state: true Local C bit is set, Remote C bit is set tunnel type: cr lsp, id: 0x42002002 conn-type: remote local vc state: up remote vc state: up local ce-id: 1 local ce name: ce1 remote ce-id: 3 intf(state,encap): Pos1/0/0(up,interworking) peer id: 2.2.2.2 route-distinguisher: 100:3 local vc label: 25603 remote vc label: 25601 tunnel policy: default primary or secondary: secondary forwardEntry exist or not: true forward entry active or not:false manual fault set or not: not set AC OAM state: up BFD for PW session index: 257 BFD for PW state: up BFD for LSP state: true Local C bit is set, Remote C bit is set tunnel type: lsp , id: 0x2002004 Reroute policy : delay 30 s, resume 10 s Reason of last reroute : -Time of last reroute : -- days, -- hours, -- minutes, -- seconds delay timer ID : -rest time :-resume timer ID : -rest time :--

Run the display bfd session pw interface interface-type interface-number [ secondary] [ verbose ] command, and you can view the status of the BFD session, discriminators of the BFD session, the type of the PW that is bound to the BFD session, and the type of the BFD session. For example:
<Quidway> display bfd session pw interface pos 1/0/0 verbose -------------------------------------------------------------------------------Session MIndex : 257 (One Hop) State : Up Name : 1to3 -------------------------------------------------------------------------------Local Discriminator : 13 Remote Discriminator : 31 Session Detect Mode : Asynchronous Mode Without Echo Function

Issue 03 (2008-09-22)

Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd.

5-53

5 VLL Configuration

Quidway NetEngine80E/40E Core Router Configuration Guide - VPN

BFD Bind Type : PW(Master) Bind Session Type : Static Bind Peer Ip Address : 127.0.0.1 NextHop Ip Address : --.--.--.-Bind Interface : Pos1/0/0 FSM Board Id : 1 TOS-EXP : 6 Min Tx Interval (ms) : 1000 Min Rx Interval (ms) : 1000 Actual Tx Interval (ms): 1000 Actual Rx Interval (ms): 1000 Local Detect Multi : 3 Detect Interval (ms) : 3000 Echo Passive : Disable Acl Number : -Proc interface status : Disable Process PST : Enable WTR Interval (ms) : -Local Demand Mode : Disable Active Multi : 3 Last Local Diagnostic : No Diagnostic Bind Application : L2VPN | OAM_MANAGER | MPLSFW Session TX TmrID : -Session Detect TmrID : -Session Init TmrID : -Session WTR TmrID : -Session Echo Tx TmrID : -PDT Index : FSM-0 | RCV-0 | IF-0 | TOKEN-0 Session Description : --------------------------------------------------------------------------------Total UP/DOWN Session Number : 1/0

Run the display mpls l2vpn forwarding-info [ vc-label ] interface interface-type interfacenumber [ | { begin | exclude | include } regular-expression ] command, and you can view that ENTRYTYPE of the master PW is SEND, PWSTATE is ACTIVE, BFDSTATE is UP, and ADMIN is TURE. For example:
<Quidway> display mpls l2vpn forwarding-info interface Pos 1/0/0 The Main PW Forward Infomation : VCLABEL TNLTYPE ENTRYTYPE PWSTATE BFDSTATE ADMIN CTLWORD CC CV TNLID --------------------------------------------------------------------------21504 CRLSP SEND ACTIVE UP UP TRUE 1 8 0x42002002 1 Record(s) Found. The Second PW Forward Infomation : VCLABEL TNLTYPE ENTRYTYPE PWSTATE BFDSTATE ADMIN CTLWORD CC CV TNLID --------------------------------------------------------------------------21504 LSP SEND INACTIVE UP UP TRUE 1 8 0x2002004 1 Record(s) Found.

Run the display mpls l2vc oam-mapping [ interface interface-type interface-number ] command, and you can view that AC OAM State and BFD state are Up. For example:
<Quidway> display mpls l2vc oam-mapping int pos 1/0/0 AC OAM Info: ACFD Index : 0x800 Notify : Enable Detect : Enable AC OAM State : Up OAM-mapping : Enable PSN info: VC-ID : 100 VC status : Primary Active State : Active Link State : Up BFD for PW : Enable BFDSessionIndex:257 ,BFD State : up BFD for LSP : 0 TunnelNum: 1 PSN State : up VC-ID : 200 VC status : Secondary Active State : Inactive Link State : Up BFD for PW : Enable BFDSessionIndex:256 ,BFD State : up BFD for LSP : 0 TunnelNum: 1 PSN State : up

Run the display mpls l2vpn oam-mapping [ interface interface-type interface-number ] command. You can find that AC OAM State, Link State, BFD State, and PSN State are up.
5-54 Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd. Issue 03 (2008-09-22)

Quidway NetEngine80E/40E Core Router Configuration Guide - VPN


<PE1> display mpls l2vpn oam-mapping interface pos 1/0/0 AC OAM Info: ACFD Index : 0x800 Notify : Enable Detect : Enable AC OAM State : Up OAM-mapping : Enable PSN info: Local CE-ID : 1 Remote CE-ID : 2 VC status : Main Link State : Up Active State : Active BFD for PW : Enable BFDSessionIndex:256 ,BFD State : up BFD for LSP : 0 TunnelNum: 1 PSN State : Up Local CE-ID : 1 Remote CE-ID : 3 VC status : Secondary Link State : Up Active State : Inactive BFD for PW : Enable BFDSessionIndex:257 ,BFD State : up BFD for LSP : 0 TunnelNum: 1 PSN State : Up

5 VLL Configuration

Run the manual-set pw-ac-fault command on the AC interface of the master PW, the following situations occur:
l l l

The status of the master PW turns Down. The VC status of the master PW is InActive, and that of the backup PW is Active. L2VPN data is switched to the backup PW.

Run the undo manual-set pw-ac-fault command on the AC interface of the master PW to rectify the fault on the PW, the following situations occur:
l l l

The status of the master PW turns Up. The VC status of the master PW is Active, and the VC status of the backup PW is InActive. L2VPN data is switched to the backup PW.

5.10 Maintaining VLL


This section describes how to maintain VLL. 5.10.1 Resetting BGP L2VPN TCP Connections 5.10.2 Monitoring the Running Status of L2VPN 5.10.3 Debugging VLL

5.10.1 Resetting BGP L2VPN TCP Connections

CAUTION
If the BGP L2VPN application and other applications share the same TCP connection, the reset bgp l2vpn command resets the BGP neighbor relationship of all applications on this TCP connection. So, confirm the action before you use the command.

Issue 03 (2008-09-22)

Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd.

5-55

5 VLL Configuration

Quidway NetEngine80E/40E Core Router Configuration Guide - VPN

After the parameters configured in the BGP L2VPN address family view are modified, you can run the reset bgp l2vpn command to reset the TCP connection of the BGP L2VPN. After that, BGP re-negotiates parameters, re-sends label information, and re-establishes the session. Action Reset BGP L2VPN TCP connections. Command reset bgp l2vpn { as-number | peer-ip-address | all | internal | external }

5.10.2 Monitoring the Running Status of L2VPN


During the routine maintenance, you can run the following commands in any view to know the running status of MPLS L2VPN. Action Check information about the CCC connection. Check information about the SVC VLL connection. Check information about the local Martini VLL connection on the PE. Check brief information about the local Martini VLL connection on the PE. Check BGP information about a Kompella VLL. Check information about a Kompella VLL. Command display ccc [ ccc-name | type { local | remote } ] display mpls static-l2vc [ interface interface-type interface-number ] display mpls l2vc [ vc-id | interface interface-type interface-number ] display mpls l2vc brief

display bgp l2vpn { all | group [ group-name ] | peer [ [ ip-address ] verbose ] | route-distinguisher rd [ ceid ce-id [ label-offset label-offset ] ] } display mpls l2vpn connection [ vpn-name [ remotece ce-offset | down | up | verbose ] | summary | interface interface-type interface-number ]

5.10.3 Debugging VLL

CAUTION
Debugging affects the performance of the system. So, after debugging, run the undo debugging all command to disable it immediately. When a fault occurs, run the following debugging commands in the user view to locate the fault.
5-56 Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd. Issue 03 (2008-09-22)

Quidway NetEngine80E/40E Core Router Configuration Guide - VPN

5 VLL Configuration

For the procedure of displaying the debugging information, refer to the chapter "System Maintenance" in the Quidway NetEngine80E/40E Router Configuration Guide - System Management. Action Enable the debugging of the VLL. Command debugging mpls l2vpn { all | advertisement | download | error | event | oam-mapping | reroute | timer | connections [ interface interface-type interfacenumber ] } debugging bgp update l2vpn [ acl acl-number | ipprefix ip-prefix-name | peer peer-ipv4-address ] [ receive | send ] [ verbose ]

Enable the debugging of BGP Update messages of the Kompella VLL.

5.11 Configuration Examples


This section provides several configuration examples of VLL. 5.11.1 Example for Configuring a Local CCC Connection 5.11.2 Example for Configuring a Remote CCC Connection 5.11.3 Example for Configuring SVC VLL 5.11.4 Example for Configuring Martini VLL 5.11.5 Example for Configuring a Local Kompella VLL Connection 5.11.6 Example for Configuring a Remote Kompella VLL Connection 5.11.7 Example for Configuring VLL Internetworking (Interconnecting Ethernet with PPP by Using the Remote CCC Connection) 5.11.8 Example for Configuring VLL Internetworking (Interconnecting Ethernet with HDLC in Martini Mode) 5.11.9 Example for Configuring VLL Internetworking (Interconnecting VLAN with ATM by Using the Local Kompella Connection) 5.11.10 Example for Configuring VLL Internetworking (Interconnecting VLAN with PPP by Using the Remote Kompella Connection) 5.11.11 Examples for Configuring ACs of L2VPN IP-interworking 5.11.12 Example for Configuring the Inter-AS Martini VLL Option A 5.11.13 Example for Configuring the Inter-AS Martini VLL Option C 5.11.14 Example for Configuring the Inter-AS Kompella VLL Option A 5.11.15 Example for Configuring the Inter-AS Kompella VLL Option C 5.11.16 Example for Configuring Martini VLL FRR (Symmetrically Dual-homed CEs) 5.11.17 Example for Configuring Martini VLL FRR (Asymmetrically Connected CEs) 5.11.18 Example for Configuring Kompella VLL with Two Reflectors
Issue 03 (2008-09-22) Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd. 5-57

5 VLL Configuration

Quidway NetEngine80E/40E Core Router Configuration Guide - VPN

5.11.1 Example for Configuring a Local CCC Connection


Networking Requirements
Figure 5-6 shows the CE is connected with the PE through a POS interface. The packets are encapsulated in PPP over the link layer. A local connection is created between CE1 and CE2. Figure 5-6 Networking diagram of the local CCC connection
CE 2

CCC local connection CE 1


POS 1/0/0 100.1.1.1/24

POS1/0/0 100.1.1.2/24

POS 2/0/0 POS 1/0/0

PE
Loopback1 1.1.1.9/32

Configuration Roadmap
The configuration roadmap is as follows: 1. 2. Configure basic MPLS capability on PE and enable the MPLS L2VPN. Create a local connection from CE1 to CE2 on PE. (Because the local CCC connection is duplex, only one connection is needed.)

Data Preparation
To complete the configuration, you need the IP addresses of the interfaces.

Configuration Procedure
1. Configure CE. # Configure CE1.
<Quidway> system-view [Quidway] sysname CE1 [CE1] interface pos 1/0/0 [CE1-Pos1/0/0] ip address 100.1.1.1 24 [CE1-Pos1/0/0] undo shutdown [CE1-Pos1/0/0] quit

# Configure CE2.
<Quidway> system-view [Quidway] sysname CE2 [CE2] interface pos 1/0/0 [CE2-Pos1/0/0] ip address 100.1.1.2 24 [CE2-Pos1/0/0] undo shutdown [CE2-Pos1/0/0] quit

5-58

Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd.

Issue 03 (2008-09-22)

Quidway NetEngine80E/40E Core Router Configuration Guide - VPN

5 VLL Configuration

2.

Configure PE. # Configure LSR IDs and enable MPLS and MPLS L2VPN.
<Quidway> system-view [Quidway] sysname PE [PE] interface loopback 1 [PE-LoopBack1] ip address 1.1.1.9 32 [PE-LoopBack1] quit [PE] mpls lsr-id 1.1.1.9 [PE] mpls [PE-mpls] quit [PE] mpls l2vpn [PE-l2vpn] quit [PE] interface pos 1/0/0 [PE-Pos1/0/0] undo shutdown [PE-Pos1/0/0] quit [PE] interface pos 2/0/0 [PE-Pos2/0/0] undo shutdown [PE-Pos2/0/0] quit

# Create the local connection from CE1 to CE2.


[PE] ccc ce1-ce2 interface pos 1/0/0 out-interface pos 2/0/0

3.

Verify the configuration. After the configuration is complete, run the display ccc command to view information about the CCC connection on the PE. You can find that a local CCC connection is set up on the PE, and the connection status is Up.
<PE> display ccc total ccc vc : 1 local ccc vc : 1, 1 up remote ccc vc : 0, 0 up name: ce1-ce2, type: local, state: up, intf1: Pos1/0/0 (up), intf2: Pos2/0/0 (up)

Run the display l2vpn ccc-interface vc-type ccc command, and you can find that the VC type is CCC and the status is Up.
<PE> display l2vpn ccc-interface vc-type all Total ccc-interface of CCC : 2 up (2), down (0) Interface Encap Type Pos1/0/0 ppp Pos2/0/0 ppp

State up up

VC Type ccc ccc

Run the display ip routing-table command on the CEs to check the interface routes learned on CE1 and CE2 from each other. CE1 and CE2 can successfully ping each other. Take CE1 as an example:
<CE1> display ip routing-table Route Flags: R - relied, D - download to fib -----------------------------------------------------------------------------Routing Tables: Public Destinations : 5 Routes : 5 Destination/Mask Proto Pre Cost Flags NextHop Interface 100.1.1.0/24 Direct 0 0 D 100.1.1.1 Pos1/0/0 100.1.1.1/32 Direct 0 0 D 127.0.0.1 InLoopBack0 100.1.1.2/32 Direct 0 0 D 100.1.1.2 Pos1/0/0 127.0.0.0/8 Direct 0 0 D 127.0.0.1 InLoopBack0 127.0.0.1/32 Direct 0 0 D 127.0.0.1 InLoopBack0 <CE1> ping 100.1.1.2 PING 100.1.1.2: 56 data bytes, press CTRL_C to break Reply from 100.1.1.2: bytes=56 Sequence=1 ttl=255 time=180 ms Reply from 100.1.1.2: bytes=56 Sequence=2 ttl=255 time=60 ms Reply from 100.1.1.2: bytes=56 Sequence=3 ttl=255 time=10 ms Reply from 100.1.1.2: bytes=56 Sequence=4 ttl=255 time=70 ms Reply from 100.1.1.2: bytes=56 Sequence=5 ttl=255 time=60 ms --- 100.1.1.2 ping statistics --5 packet(s) transmitted

Issue 03 (2008-09-22)

Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd.

5-59

5 VLL Configuration
5 packet(s) received 0.00% packet loss round-trip min/avg/max = 10/76/180 ms

Quidway NetEngine80E/40E Core Router Configuration Guide - VPN

Configuration Files
l

Configuration file of CE1


# sysname CE1 # interface Pos1/0/0 link-protocol ppp undo shutdown ip address 100.1.1.1 255.255.255.0 # return

Configuration file of the PE


# sysname PE # mpls lsr-id 1.1.1.9 mpls # mpls l2vpn # interface Pos1/0/0 link-protocol ppp undo shutdown # interface Pos2/0/0 link-protocol ppp undo shutdown # ccc ce1-ce2 interface Pos1/0/0 out-interface Pos2/0/0 # interface LoopBack1 ip address 1.1.1.9 255.255.255.255 # return

Configuration file of CE2


# sysname CE2 # interface Pos1/0/0 link-protocol ppp undo shutdown ip address 100.1.1.2 255.255.255.0 # return

5.11.2 Example for Configuring a Remote CCC Connection


Networking Requirements
Figure 5-7 shows the CE is connected with PE through POS. PPP is encapsulated at the link layer. The remote CCC connection is established between CE1 and CE2.
l l

Creating a remote CCC connection on PE Configuring two static LSPs on the P device for bidirectional packet transmission
Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd. Issue 03 (2008-09-22)

5-60

Quidway NetEngine80E/40E Core Router Configuration Guide - VPN

5 VLL Configuration

Figure 5-7 Networking diagram of remote CCC connection


CE 1 to CE 2 O-Label 200 I-Label 100 I-Label 200 O-Label 100 O-Label 201 I-Label 101 I-Label 201 O-Label 101

CE 2 to CE 1

Loopback1 1.1.1.9/32

Loopback1 2.2.2.9/32

Loopback1 3.3.3.9/32

P PE 1
POS 1/0/0 POS 2/0/0 10.1.1.1/24 POS 2/0/0 10.1.1.2/24 POS1/0/0 10.2.2.2/24 POS 1/0/0 10.2.2.1/24

PE 2
POS 2/0/0

POS 1/0/0 100.1.1.1/24

CCC rem ote connection

POS 1/0/0 100.1.1.2/24

CE 1

CE 2

Configuration Roadmap
The configuration roadmap is as follows: 1. 2. 3. Configure two static LSPs with opposite directions which work as the data tunnel used by the local CCC connection exclusively. Enable the MPLS L2VPN on PE. (It is not needed on P.) Configure two connections, that is, from CE1 to CE2 and from CE2 to CE1.

Data Preparation
To complete the configuration, you need the following data:
l l

Outer label of the remote CCC connection Inner label of the remote CCC connection

For the settings of the outer label and the inner label, see Figure 5-7.

Configuration Procedure
1. Configure CE. # Configure CE1.
<Quidway> system-view [Quidway] sysname CE1 [CE1] interface pos 1/0/0 [CE1-Pos1/0/0] ip address 100.1.1.1 24 [CE1-Pos1/0/0] undo shutdown [CE1-Pos1/0/0] quit

# Configure CE2.
<Quidway> system-view

Issue 03 (2008-09-22)

Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd.

5-61

5 VLL Configuration
[Quidway] sysname CE2 [CE2] interface pos 1/0/0 [CE2-Pos1/0/0] ip address 100.1.1.2 24 [CE2-Pos1/0/0] undo shutdown [CE2-Pos1/0/0] quit

Quidway NetEngine80E/40E Core Router Configuration Guide - VPN

2.

Configure IP addresses on MPLS backbone network. # Configure PE1.


<Quidway> system-view [Quidway] sysname PE1 [PE1] interface loopback 1 [PE1-LoopBack1] ip address 1.1.1.9 32 [PE1-LoopBack1] quit [PE1] interface pos 2/0/0 [PE1-Pos2/0/0] ip address 10.1.1.1 24 [PE1-Pos2/0/0] undo shutdown [PE1-Pos2/0/0] quit

# Configure P.
<Quidway> system-view [Quidway] sysname P [P] interface loopback 1 [P-LoopBack1] ip address 2.2.2.9 32 [P-LoopBack1] quit [P] interface pos 1/0/0 [P-Pos1/0/0] ip address 10.2.2.2 24 [P-Pos1/0/0] undo shutdown [P-Pos1/0/0] quit [P] interface pos 2/0/0 [P-Pos2/0/0] ip address 10.1.1.2 24 [P-Pos2/0/0] undo shutdown [P-Pos2/0/0] quit

# Configure PE2.
<Quidway> system-view [Quidway] sysname PE2 [PE2] interface loopback 1 [PE2-LoopBack1] ip address 3.3.3.9 32 [PE2-LoopBack1] quit [PE2] interface pos 1/0/0 [PE2-Pos1/0/0] ip address 10.2.2.1 24 [PE2-Pos1/0/0] undo shutdown [PE2-Pos1/0/0] quit

3.

Configure basic MPLS capabilities on MPLS backbone network. # Configure PE1.


[PE1] mpls lsr-id 1.1.1.9 [PE1] mpls [PE1-mpls] quit [PE1] interface pos 2/0/0 [PE1-Pos2/0/0] mpls [PE1-Pos2/0/0] quit

# Configure P.
[P] mpls lsr-id 2.2.2.9 [P] mpls [P-mpls] quit [P] interface pos 1/0/0 [P-Pos1/0/0] mpls [P-Pos1/0/0] quit [P] interface pos 2/0/0 [P-Pos2/0/0] mpls [P-Pos2/0/0] quit

# Configure PE2.
[PE2] mpls lsr-id 3.3.3.9 [PE2] mpls [PE2-mpls] quit

5-62

Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd.

Issue 03 (2008-09-22)

Quidway NetEngine80E/40E Core Router Configuration Guide - VPN


[PE2] interface pos 1/0/0 [PE2-Pos1/0/0] mpls [PE2-Pos1/0/0] quit

5 VLL Configuration

4.

Create the remote CCC connection on PE. # On PE1, enable MPLS L2VPN globally and create the remote CCC connection from CE1 to CE2. Connect the incoming interface of PE1 to CE1 and the outgoing interface of PE1 to the P. Set the incoming label to 100 and the outgoing label to 200.
[PE1] mpls l2vpn [PE1-l2vpn] quit [PE1] interface pos 1/0/0 [PE1-Pos1/0/0] undo shutdown [PE1-Pos1/0/0] quit [PE1] ccc CE1-CE2 interface pos 1/0/0 in-label 100 out-label 200 out-interface pos 2/0/0

# On PE2, enable VLL globally and create the remote CCC connection from CE2 to CE1. Connect the incoming interface of PE2 to CE2 and the outgoing interface of PE2 to the P. Set the incoming label to 201 and the outgoing label to 101.
[PE2] mpls l2vpn [PE2-l2vpn] quit [PE2] interface pos 2/0/0 [PE2-Pos2/0/0] undo shutdown [PE2-Pos2/0/0] quit [PE2] ccc CE2-CE1 interface pos 2/0/0 in-label 201 out-label 101 out-interface pos 1/0/0

5.

Forward static LSP on P. # On the P, configure a static LSP to forward packets from PE1 to PE2, and configure another static LSP to forward packets from PE2 to PE1.
[P] static-lsp transit outgoing-interface pos [P] static-lsp transit outgoing-interface pos PE1-PE2 incoming-interface pos 2/0/0 in-label 200 1/0/0 out-label 201 PE2-PE1 incoming-interface pos 1/0/0 in-label 101 2/0/0 out-label 100

6.

Verify the configuration. After the configuration, run the display ccc command to view information about the CCC connection on the PEs. You can find that a remote CCC connection is set up on PE1 and PE2 respectively.
<PE1> display ccc total ccc vc : 1 local ccc vc : 0, 0 up remote ccc vc : 1, 1 up name: CE1-CE2, type: remote, state: up, intf: Pos1/0/0 (up), in-label: 100 , out-label: 200 , out-interface : Pos2/0/0 <PE2> display ccc total ccc vc : 1 local ccc vc : 0, 0 up remote ccc vc : 1, 1 up name: CE2-CE1, type: remote, state: up, intf: Pos2/0/0 (up), in-label: 201 , out-label: 101 , out-interface : Pos1/0/0

Run the display l2vpn ccc-interface vc-type ccc command, and you can find that the VC type is CCC and the VC status is Up. Take PE1 as an example:
<PE1> display l2vpn ccc-interface vc-type ccc Total ccc-interface of CCC : 1 up (1), down (0) Interface Encap Type Pos1/0/0 ppp

State up

VC Type ccc

Run the display mpls lsp command on the P, and you can find information about the labels and interfaces of the two established static LSPs.
<P> display mpls lsp ----------------------------------------------------------------------

Issue 03 (2008-09-22)

Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd.

5-63

5 VLL Configuration

Quidway NetEngine80E/40E Core Router Configuration Guide - VPN


LSP Information: STATIC LSP ---------------------------------------------------------------------FEC In/Out Label In/Out IF Vrf Name -/200/201 Pos2/0/0/Pos1/0/0 -/101/100 Pos1/0/0/Pos2/0/0

Run the display ip routing-table command on the CEs to check the interface routes learned on CE1 and CE2 from each other. CE1 and CE2 can successfully ping each other. Take CE1 as an example:
<CE1> display ip routing-table Route Flags: R - relied, D - download to fib -----------------------------------------------------------------------------Routing Tables: Public Destinations : 5 Routes : 5 Destination/Mask Proto Pre Cost Flags NextHop Interface 100.1.1.0/24 Direct 0 0 D 100.1.1.1 Pos1/0/0 100.1.1.1/32 Direct 0 0 D 127.0.0.1 InLoopBack0 100.1.1.2/32 Direct 0 0 D 100.1.1.2 Pos1/0/0 127.0.0.0/8 Direct 0 0 D 127.0.0.1 InLoopBack0 127.0.0.1/32 Direct 0 0 D 127.0.0.1 InLoopBack0 <CE1> ping 100.1.1.2 PING 100.1.1.2: 56 data bytes, press CTRL_C to break Reply from 100.1.1.2: bytes=56 Sequence=1 ttl=255 time=58 ms Reply from 100.1.1.2: bytes=56 Sequence=2 ttl=255 time=67 ms Reply from 100.1.1.2: bytes=56 Sequence=3 ttl=255 time=52 ms Reply from 100.1.1.2: bytes=56 Sequence=4 ttl=255 time=69 ms Reply from 100.1.1.2: bytes=56 Sequence=5 ttl=255 time=92 ms --- 100.1.1.2 ping statistics --5 packet(s) transmitted 5 packet(s) received 0.00% packet loss round-trip min/avg/max = 52/67/92 ms

Configuration Files
l

Configuration file of CE1


# sysname CE1 # interface Pos1/0/0 link-protocol ppp undo shutdown ip address 100.1.1.1 255.255.255.0 # return

Configuration file of PE1


# sysname PE1 # mpls lsr-id 1.1.1.9 mpls # mpls l2vpn # interface Pos1/0/0 link-protocol ppp undo shutdown # interface Pos2/0/0 link-protocol ppp undo shutdown ip address 10.1.1.1 255.255.255.0 mpls # ccc CE1-CE2 interface Pos1/0/0 in-label 100 out-label 200 out-interface Pos2/0/0

5-64

Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd.

Issue 03 (2008-09-22)

Quidway NetEngine80E/40E Core Router Configuration Guide - VPN


# interface LoopBack1 ip address 1.1.1.9 255.255.255.255 # return l

5 VLL Configuration

Configuration file of P
# sysname P # mpls lsr-id 2.2.2.9 mpls # interface Pos1/0/0 link-protocol ppp undo shutdown ip address 10.2.2.2 255.255.255.0 mpls # interface Pos2/0/0 link-protocol ppp undo shutdown ip address 10.1.1.2 255.255.255.0 mpls # interface LoopBack1 ip address 2.2.2.9 255.255.255.255 # static-lsp transit PE1-PE2 incoming-interface Pos2/0/0 in-label 200 outgoinginterface Pos1/0/0 out-label 201 static-lsp transit PE2-PE1 incoming-interface Pos1/0/0 in-label 101 outgoinginterface Pos2/0/0 out-label 100 # return

Configuration file of PE2


# sysname PE2 # mpls lsr-id 3.3.3.9 mpls # mpls l2vpn # interface Pos1/0/0 link-protocol ppp undo shutdown ip address 10.2.2.1 255.255.255.0 mpls # interface Pos2/0/0 link-protocol ppp undo shutdown # # ccc CE2-CE1 interface Pos2/0/0 in-label 201 out-label 101 out-interface Pos1/0/0 # interface LoopBack1 ip address 3.3.3.9 255.255.255.255 # return

Configuration file of CE2


# sysname CE2 # interface Pos1/0/0 link-protocol ppp undo shutdown

Issue 03 (2008-09-22)

Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd.

5-65

5 VLL Configuration
ip address 100.1.1.2 255.255.255.0 # return

Quidway NetEngine80E/40E Core Router Configuration Guide - VPN

5.11.3 Example for Configuring SVC VLL


Networking Requirements
Figure 5-8 shows the CEs are connected with PEs through POS interfaces. The packets are encapsulated in PPP over the link layer. SVC L2VPN is established between CE1 and CE2. The SVC connection is created on PE and the VC label is assigned. Figure 5-8 Networking diagram of SVC VLL
Loopback 1 1.1.1.9/32 Loopback 1 2.2.2.9/32 Loopback 1 3.3.3.9/32

PE 1
POS 1/0/0

POS 2/0/0 10.1.1.1/24

POS 2/0/0 10.1.1.2/24

POS 1/0/0 10.2.2.2/24

POS 1/0/0 10.2.2.1/24

PE 2
POS 2/0/0

POS 1/0/0 100.1.1.1/24

SVC connection

POS 1/0/0 100.1.1.2/24

CE 1

CE 2

Configuration Roadmap
The configuration roadmap is as follows: 1. 2. Enable MPLS and the MPLS L2VPN. Create the L2VC connection between PEs and configure the VC label information manually.

Data Preparation
To complete the configuration, you need the label value of the static L2VC connection.
NOTE

The outer label of PE1 is the same as the inner label of PE2; the inner label of PE1 is the same as the outer label of PE2.

Configuration Procedure
1. 2. Configure interface addresses for CE, PE and P as shown in Figure 5-8. The specific configuration procedures are not mentioned here. Configure IGP on MPLS backbone network. (OSPF is used in this instance.) During the OSPF configuration, the 32-bit loopback interface addresses for PE1, P and PE2 should be advertised.
5-66 Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd. Issue 03 (2008-09-22)

Quidway NetEngine80E/40E Core Router Configuration Guide - VPN

5 VLL Configuration

The specific configuration procedures are omitted here. 3. Configure MPLS basic capability and LDP on MPLS backbone network, using the LDP LSP tunnel. # Configure PE1.
[PE1] mpls lsr-id 1.1.1.9 [PE1] mpls [PE1-mpls] quit [PE1] mpls ldp [PE1-mpls-ldp] quit [PE1] interface pos 2/0/0 [PE1-Pos2/0/0] mpls [PE1-Pos2/0/0] mpls ldp [PE1-Pos2/0/0] quit

# Configure P.
[P] mpls lsr-id 2.2.2.9 [P] mpls [P-mpls] quit [P] mpls ldp [P-mpls-ldp] quit [P] interface pos 1/0/0 [P-Pos1/0/0] mpls [P-Pos1/0/0] mpls ldp [P-Pos1/0/0] quit [P] interface pos 2/0/0 [P-Pos2/0/0] mpls [P-Pos2/0/0] mpls ldp [P-Pos2/0/0] quit

# Configure PE2.
[PE2] mpls lsr-id 3.3.3.9 [PE2] mpls [PE2-mpls] quit [PE2] mpls ldp [PE2-mpls-ldp] quit [PE2] interface pos 1/0/0 [PE2-Pos1/0/0] mpls [PE2-Pos1/0/0] mpls ldp [PE2-Pos1/0/0] quit

After the configuration, LDP sessions are set up between PE1, P, and PE2. Run the display mpls ldp session command, and you can view that the status of the LDP session is Operational. Take PE1 as an example:
<PE1> display mpls ldp session LDP Session(s) in Public Network -----------------------------------------------------------------------------Peer-ID Status LAM SsnRole SsnAge KA-Sent/Rcv -----------------------------------------------------------------------------2.2.2.9:0 Operational DU Passive 000:00:05 22/22 -----------------------------------------------------------------------------TOTAL: 1 session(s) Found. LAM : Label Advertisement Mode SsnAge Unit : DDD:HH:MM

Run the display mpls ldp lsp command, and you can view the establishment of the LDP LSP. Take PE1 as an example:
<PE1> display mpls ldp lsp LDP LSP Information -----------------------------------------------------------------------------SN DestAddress/Mask In/OutLabel Next-Hop In/Out-Interface

Issue 03 (2008-09-22)

Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd.

5-67

5 VLL Configuration

Quidway NetEngine80E/40E Core Router Configuration Guide - VPN

-----------------------------------------------------------------------------1 1.1.1.9/32 3/NULL 127.0.0.1 Pos2/0/0/InLoop0 2 2.2.2.9/32 NULL/3 10.1.1.2 -------/Pos2/0/0 3 3.3.3.9/32 NULL/1025 10.1.1.2 -------/Pos2/0/0 -----------------------------------------------------------------------------TOTAL: 3 Normal LSP(s) Found. TOTAL: 0 Liberal LSP(s) Found. A '*' before an LSP means the LSP is not established A '*' before a Label means the USCB or DSCB is stale

4.

Enable MPLS L2VPN on PE and creating a static VC connection. # On PE1, create a static VC on POS 1/0/0 that connects CE1.
[PE1] mpls l2vpn [PE1-l2vpn] quit [PE1] interface pos 1/0/0 [PE1-Pos1/0/0] mpls static-l2vc destination 3.3.3.9 transmit-vpn-label 100 receive-vpn-label 200 [PE1-Pos1/0/0] undo shutdown [PE1-Pos1/0/0] quit

# On PE2, create a static VC on POS 2/0/0 that connects CE2.


[PE2] mpls l2vpn [PE2-l2vpn] quit [PE2] interface pos 2/0/0 [PE2-Pos2/0/0] mpls static-l2vc destination 1.1.1.9 transmit-vpn-label 200 receive-vpn-label 100 [PE2-Pos2/0/0] undo shutdown [PE2-Pos2/0/0] quit

5.

Verify the configuration. Check information about the SVC L2VPN connection on PEs. You can find that a static L2VC is set up. Take PE1 as an example:
<PE1> display mpls static-l2vc interface pos 1/0/0 *Client Interface : Pos1/0/0 is up AC Status : up VC State : up VC ID : 0 VC Type : PPP Destination : 3.3.3.9 Transmit VC Label : 100 Receive VC Label : 200 Control Word : Disable VCCV Capability : Disable Tunnel Policy : -PW Template Name : -Traffic Behavior : -Main or Secondary : Main VC tunnel/token info : 1 tunnels/tokens NO.0 TNL Type : lsp , TNL ID : 0x2002002 Create time : 0 days, 0 hours, 8 minutes, 2 seconds UP time : 0 days, 0 hours, 6 minutes, 12 seconds Last change time : 0 days, 0 hours, 6 minutes, 12 seconds

Run the display l2vpn ccc-interface vc-type static-vc up command, and you can find that the VC type is SVC and the status is Up. Take PE1 as an example:
<PE1> display l2vpn ccc-interface vc-type static-vc up Total ccc-interface of SVC VC: 1 up (1), down (0) Interface Encap Type State Pos1/0/0 ppp up

VC Type static-vc

Run the display ip routing-table command on the CEs to check the interface routes learned on CE1 and CE2 from each other.
5-68 Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd. Issue 03 (2008-09-22)

Quidway NetEngine80E/40E Core Router Configuration Guide - VPN

5 VLL Configuration

Take CE1 as an example:


<CE1> display ip routing-table Route Flags: R - relied, D - download to fib -----------------------------------------------------------------------------Routing Tables: Public Destinations : 5 Routes : 5 Destination/Mask Proto Pre Cost Flags NextHop Interface 100.1.1.0/24 Direct 0 0 D 100.1.1.1 Pos1/0/0 100.1.1.1/32 Direct 0 0 D 127.0.0.1 InLoopBack0 100.1.1.2/32 Direct 0 0 D 100.1.1.2 Pos1/0/0 127.0.0.0/8 Direct 0 0 D 127.0.0.1 InLoopBack0 127.0.0.1/32 Direct 0 0 D 127.0.0.1 InLoopBack0

CE1 and CE2 can successfully ping each other.


<CE1> ping 100.1.1.2 PING 100.1.1.2: 56 data bytes, press CTRL_C to break Reply from 100.1.1.2: bytes=56 Sequence=1 ttl=255 time=46 Reply from 100.1.1.2: bytes=56 Sequence=2 ttl=255 time=91 Reply from 100.1.1.2: bytes=56 Sequence=3 ttl=255 time=74 Reply from 100.1.1.2: bytes=56 Sequence=4 ttl=255 time=88 Reply from 100.1.1.2: bytes=56 Sequence=5 ttl=255 time=82 --- 100.1.1.2 ping statistics --5 packet(s) transmitted 5 packet(s) received 0.00% packet loss round-trip min/avg/max = 46/76/91 ms ms ms ms ms ms

Configuration Files
l

Configuration file of CE1


# sysname CE1 # interface Pos1/0/0 link-protocol ppp undo shutdown ip address 100.1.1.1 255.255.255.0 # return

Configuration file of PE1


# sysname PE1 # mpls lsr-id 1.1.1.9 mpls # mpls l2vpn # mpls ldp # interface Pos1/0/0 link-protocol ppp undo shuddown mpls static-l2vc destination 3.3.3.9 transmit-vpn-label 100 receive-vpn-label 200 # interface Pos2/0/0 link-protocol ppp undo shutdown ip address 10.1.1.1 255.255.255.0 mpls mpls ldp # interface LoopBack1 ip address 1.1.1.9 255.255.255.255 # ospf 1

Issue 03 (2008-09-22)

Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd.

5-69

5 VLL Configuration
area 0.0.0.0 network 1.1.1.9 0.0.0.0 network 10.1.1.0 0.0.0.255 # return l

Quidway NetEngine80E/40E Core Router Configuration Guide - VPN

Configuration file of P
# sysname P # mpls lsr-id 2.2.2.9 mpls # mpls ldp # interface Pos1/0/0 link-protocol ppp undo shutdown ip address 10.2.2.2 255.255.255.0 mpls mpls ldp # interface Pos2/0/0 link-protocol ppp undo shutdown ip address 10.1.1.2 255.255.255.0 mpls mpls ldp # interface LoopBack1 ip address 2.2.2.9 255.255.255.255 # ospf 1 area 0.0.0.0 network 2.2.2.9 0.0.0.0 network 10.1.1.0 0.0.0.255 network 10.2.2.0 0.0.0.255 # return

Configuration file of PE2


# sysname PE2 # mpls lsr-id 3.3.3.9 mpls # mpls l2vpn # mpls ldp # interface Pos1/0/0 link-protocol ppp undo shutdown ip address 10.2.2.1 255.255.255.0 mpls mpls ldp # interface Pos2/0/0 link-protocol ppp undo shutdown mpls static-l2vc destination 1.1.1.9 transmit-vpn-label 200 receive-vpn-label 100 # interface LoopBack1 ip address 3.3.3.9 255.255.255.255 # ospf 1 area 0.0.0.0 network 3.3.3.9 0.0.0.0

5-70

Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd.

Issue 03 (2008-09-22)

Quidway NetEngine80E/40E Core Router Configuration Guide - VPN


network 10.2.2.0 0.0.0.255 # return l

5 VLL Configuration

Configuration file of CE2


# sysname CE2 # interface Pos1/0/0 link-protocol ppp undo shutdown ip address 100.1.1.2 255.255.255.0 # return

5.11.4 Example for Configuring Martini VLL


Networking Requirements
Figure 5-9 shows that CE1 and CE2 access PE1 and PE2 through VLAN respectively. Establish Martini VLL between CE1 and CE2. Figure 5-9 Networking diagram of Martini VLL
Loopback1 1.1.1.9/32 Loopback1 2.2.2.9/32 POS 2/0/0 10.1.1.2/24 POS 2/0/0 10.1.1.1/24 POS 1/0/0 10.2.2.2/24 POS 2/0/0 10.2.2.1/24 Loopback1 3.3.3.9/32

PE 1
GE1/0/0.1 VLAN10 GE1/0/0.1 100.1.1.1/24 VLAN10

PE 2
GE1/0/0.1 VLAN20 GE 1/0/0.1 100.1.1.2/24 VLAN20

Martini

CE 1

CE 2

Configuration Roadmap
The configuration roadmap is as follows: 1. 2. 3. 4. Configure the routing protocol on related devices in the backbone network and enable MPLS. Adopt the default tunnel policy to set up the LSP as the tunnel used to transmit the user data. Enable the MPLS L2VPN and create the VC connection on PE. Configure the VLAN sub-interface on CE.

Data Preparation
To complete the configuration, you need the following data:
l

Number of the VLAN sub-interface


Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd. 5-71

Issue 03 (2008-09-22)

5 VLL Configuration
l l

Quidway NetEngine80E/40E Core Router Configuration Guide - VPN

Name of the PE remote peer VC ID

Configuration Procedure
1. Configure CE. # Configure CE1.
<Quidway> system-view [Quidway] sysname CE1 [CE1] interface gigabitethernet 1/0/0 [CE1-GigabitEthernet1/0/0] undo shutdown [CE1-GigabitEthernet1/0/0] quit [CE1] interface gigabitethernet 1/0/0.1 [CE1-GigabitEthernet1/0/0.1] vlan-type dot1q 10 [CE1-GigabitEthernet1/0/0.1] ip address 100.1.1.1 24 [CE1-GigabitEthernet1/0/0.1] undo shutdown [CE1-GigabitEthernet1/0/0.1] quit

# Configure CE2.
<Quidway> system-view [Quidway] sysname CE2 [CE2] interface gigabitethernet 1/0/0 [CE2-GigabitEthernet1/0/0] undo shutdown [CE2-GigabitEthernet1/0/0] quit [CE2] interface gigabitethernet 1/0/0.1 [CE2-GigabitEthernet1/0/0.1] vlan-type dot1q 20 [CE2-GigabitEthernet1/0/0.1] ip address 100.1.1.2 24 [CE2-GigabitEthernet1/0/0.1] undo shutdown [CE2-GigabitEthernet1/0/0.1] quit

2.

Configure an IGP protocol on the MPLS backbone network. OSPF is used in this example. As shown in Figure 5-9, configure IP addresses for interfaces on PEs and the P. When configuring OSPF, note that the 32-bit loopback interface addresses of PE1, P, and PE2, which are used as LSR IDs, should be advertised. The detailed configurations are not mentioned here. After the configuration, OSPF neighbor relationship is set up between PE1, P, and PE2. Run the display ospf peer command, and you can view that the neighbor status is Full. Run the display ip routing-table command, and you can find that the PEs learn the Loopback1 interface routes from each other.

3.

Configure MPLS basic capability and LDP on MPLS backbone network. # Configure PE1.
[PE1] mpls lsr-id 1.1.1.9 [PE1] mpls [PE1-mpls] quit [PE1] mpls ldp [PE1-mpls-ldp] quit [PE1] interface pos 2/0/0 [PE1-Pos2/0/0] mpls [PE1-Pos2/0/0] mpls ldp [PE1-Pos2/0/0] quit

# Configure P.
[P] mpls lsr-id 2.2.2.9 [P] mpls [P-mpls] quit [P] mpls ldp [P-mpls-ldp] quit [P] interface pos 1/0/0 [P-Pos1/0/0] mpls [P-Pos1/0/0] mpls ldp [P-Pos1/0/0] quit

5-72

Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd.

Issue 03 (2008-09-22)

Quidway NetEngine80E/40E Core Router Configuration Guide - VPN


[P] interface pos 2/0/0 [P-Pos2/0/0] mpls [P-Pos2/0/0] mpls ldp [P-Pos2/0/0] quit

5 VLL Configuration

# Configure PE2.
[PE2] mpls lsr-id 3.3.3.9 [PE2] mpls [PE2-mpls] quit [PE2] mpls ldp [PE2-mpls-ldp] quit [PE2] interface pos 2/0/0 [PE2-Pos2/0/0] mpls [PE2-Pos2/0/0] mpls ldp [PE2-Pos2/0/0] quit

4.

Establish the remote LDP session on PE. # Configure PE1.


[PE1] mpls ldp remote-peer 1 [PE1-mpls-ldp-remote-1] remote-ip 3.3.3.9 [PE1-mpls-ldp-remote-1] quit

# Configure PE2.
[PE2] mpls ldp remote-peer 1 [PE2-mpls-ldp-remote-1] remote-ip 1.1.1.9 [PE2-mpls-ldp-remote-1] quit

After the configuration, run the display mpls ldp session command on PE1 to check the establishment of the LDP session. You can find that the remote LDP session between PE1 and PE2 is newly set up. Take PE1 as an example:
<PE1> display mpls ldp session LDP Session(s) in Public Network -----------------------------------------------------------------------------Peer-ID Status LAM SsnRole SsnAge KA-Sent/Rcv -----------------------------------------------------------------------------2.2.2.9:0 Operational DU Passive 000:00:09 40/40 3.3.3.9:0 Operational DU Passive 000:00:09 37/37 -----------------------------------------------------------------------------TOTAL: 2 session(s) Found. LAM : Label Advertisement Mode SsnAge Unit : DDD:HH:MM

5.

Enable MPLS L2VPN on PE and create the VC connection. # On PE1, create a VC on Gigabit Ethernet 1/0/0.1, which connects CE1.
[PE1] mpls l2vpn [PE1-l2vpn] mpls l2vpn default martini [PE1-l2vpn] quit [PE1] interface gigabitethernet 1/0/0 [PE1-GigabitEthernet1/0/0] undo shutdown [PE1-GigabitEthernet1/0/0] quit [PE1] interface gigabitethernet 1/0/0.1 [PE1-GigabitEthernet1/0/0.1] vlan-type dot1q 10 [PE1-GigabitEthernet1/0/0.1] mpls l2vc 3.3.3.9 101 [PE1-GigabitEthernet1/0/0.1] undo shutdown [PE1-GigabitEthernet1/0/0.1] quit

# On PE2, create a VC on Gigabit Ethernet 1/0/0.1, which connects CE2.


[PE2] mpls l2vpn [PE2-l2vpn] mpls l2vpn default martini [PE2-l2vpn] quit [PE2] interface gigabitethernet 1/0/0 [PE2-GigabitEthernet1/0/0] undo shutdown [PE2-GigabitEthernet1/0/0] quit

Issue 03 (2008-09-22)

Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd.

5-73

5 VLL Configuration

Quidway NetEngine80E/40E Core Router Configuration Guide - VPN


[PE2] interface gigabitethernet 1/0/0.1 [PE2-GigabitEthernet1/0/0.1] vlan-type dot1q 20 [PE2-GigabitEthernet1/0/0.1] mpls l2vc 1.1.1.9 101 [PE2-GigabitEthernet1/0/0.1] undo shutdown [PE2-GigabitEthernet1/0/0.1] quit

6.

Verify the configuration. Check the L2VPN connection on the PEs. You can find that an L2VC is set up and the VC status is Up. Take PE1 as an example:
<PE1> display mpls l2vc interface gigabitethernet 1/0/0.1 *client interface : GigabitEthernet1/0/0.1 is up session state : up AC state : up VC state : up VC ID : 101 VC type : VLAN destination : 3.3.3.9 local group ID : 0 remote group ID : 0 local VC label : 21504 remote VC label : 21504 local AC OAM State : up local PSN State : up local forwarding state : forwarding remote AC OAM state : up remote PSN state : up remote forwarding state: forwarding BFD for PW : disable manual fault : not set active state : active forwarding entry : exist link state : up local VC MTU : 1500 remote VC MTU : 1500 local VCCV : Disable remote VCCV : Disable local control word : disable remote control word : disable tunnel policy name : -traffic behavior name : -PW template name : -primary or secondary : primary VC tunnel/token info : 1 tunnels/tokens NO.0 TNL type : lsp , TNL ID : 0x2002003 create time : 0 days, 0 hours, 4 minutes, 19 seconds up time : 0 days, 0 hours, 2 minutes, 40 seconds last change time : 0 days, 0 hours, 2 minutes, 40 seconds

CE1 and CE2 can successfully ping each other. Take CE1 as an example:
<CE1> ping 100.1.1.2 PING 100.1.1.2: 56 data bytes, press CTRL_C to break Reply from 100.1.1.2: bytes=56 Sequence=1 ttl=255 time=31 ms Reply from 100.1.1.2: bytes=56 Sequence=2 ttl=255 time=10 ms Reply from 100.1.1.2: bytes=56 Sequence=3 ttl=255 time=5 ms Reply from 100.1.1.2: bytes=56 Sequence=4 ttl=255 time=2 ms Reply from 100.1.1.2: bytes=56 Sequence=5 ttl=255 time=28 ms --- 100.1.1.2 ping statistics --5 packet(s) transmitted 5 packet(s) received 0.00% packet loss round-trip min/avg/max = 2/15/31 ms

Configuration Files
l

Configuration file of CE1


# sysname CE1 #

5-74

Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd.

Issue 03 (2008-09-22)

Quidway NetEngine80E/40E Core Router Configuration Guide - VPN


interface GigabitEthernet1/0/0 undo shutdown # interface GigabitEthernet1/0/0.1 undo shutdown vlan-type dot1q 10 ip address 100.1.1.1 255.255.255.0 # return l

5 VLL Configuration

Configuration file of PE1


# sysname PE1 # mpls lsr-id 1.1.1.9 mpls # mpls l2vpn mpls l2vpn default martini # mpls ldp # mpls ldp remote-peer 3.3.3.9 remote-ip 3.3.3.9 # interface GigabitEthernet1/0/0 undo shutdown # interface GigabitEthernet1/0/0.1 undo shutdown vlan-type dot1q 10 mpls l2vc 3.3.3.9 101 # interface Pos2/0/0 link-protocol ppp undo shutdown ip address 10.1.1.1 255.255.255.0 mpls mpls ldp # interface LoopBack1 ip address 1.1.1.9 255.255.255.255 # ospf 1 area 0.0.0.0 network 1.1.1.9 0.0.0.0 network 10.1.1.0 0.0.0.255 # return

Configuration file of P
# sysname P # mpls lsr-id 2.2.2.9 mpls # mpls ldp # interface Pos1/0/0 link-protocol ppp undo shutdown ip address 10.2.2.2 255.255.255.0 mpls mpls ldp # interface Pos2/0/0 link-protocol ppp undo shutdown ip address 10.1.1.2 255.255.255.0

Issue 03 (2008-09-22)

Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd.

5-75

5 VLL Configuration
mpls mpls ldp # interface LoopBack1 ip address 2.2.2.9 255.255.255.255 # ospf 1 area 0.0.0.0 network 2.2.2.9 0.0.0.0 network 10.1.1.0 0.0.0.255 network 10.2.2.0 0.0.0.255 # return l

Quidway NetEngine80E/40E Core Router Configuration Guide - VPN

Configuration file of PE2


# sysname PE2 # mpls lsr-id 3.3.3.9 mpls # mpls l2vpn mpls l2vpn default martini # mpls ldp # mpls ldp remote-peer 1.1.1.9 remote-ip 1.1.1.9 # interface GigabitEthernet1/0/0 undo shutdown # interface GigabitEthernet1/0/0.1 undo shutdown vlan-type dot1q 20 mpls l2vc 1.1.1.9 101 # interface Pos2/0/0 link-protocol ppp undo shutdown ip address 10.2.2.1 255.255.255.0 mpls mpls ldp # interface LoopBack1 ip address 3.3.3.9 255.255.255.255 # ospf 1 area 0.0.0.0 network 3.3.3.9 0.0.0.0 network 10.2.2.0 0.0.0.255 # return

Configuration file of CE2


# sysname CE2 # interface GigabitEthernet1/0/0 undo shutdown # interface GigabitEthernet1/0/0.1 undo shutdown vlan-type dot1q 20 ip address 100.1.1.2 255.255.255.0 # return

5-76

Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd.

Issue 03 (2008-09-22)

Quidway NetEngine80E/40E Core Router Configuration Guide - VPN

5 VLL Configuration

5.11.5 Example for Configuring a Local Kompella VLL Connection


Networking Requirements
Figure 5-10 shows that CE1 and CE2 are connected to the same PE through POS interfaces. A local Kompella VLL connection is established between CE1 and CE2. Figure 5-10 Networking diagram of a local Kompella VLL connection
CE2

Kompella local connection POS1/0/0 30.1.1.1/24 CE1

POS1/0/0 30.1.1.2/24 POS2/0/0

POS1/0/0

PE Loopback1 1.1.1.9/32

Configuration Roadmap
The configuration roadmap is as follows: 1. 2. 3. Enable MPLS on PE. Enable the L2VPN. Connect the VLL instance with CE.

Data Preparation
To configure the Kompella VLL, you need the following data:
l l l

Name of the VPN instance and route distinguisher (RD) Name and number of the CEs (The CE number is unique globally.) Size of the label block (CE range) as required

Configuration Procedure
1. 2. Configure interface addresses for CE1 and CE2 as shown in Figure 5-10. The configuration details are not mentioned here. Configure a local Kompella connection. # Configure the basic MPLS capability.
[PE] interface loopback 1 [PE-LoopBack1] ip address 1.1.1.9 32 [PE-LoopBack1] quit [PE] mpls lsr-id 1.1.1.9 [PE] mpls [PE-mpls] quit

# Configure MPLS L2VPN to connect with the CEs.


Issue 03 (2008-09-22) Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd. 5-77

5 VLL Configuration

Quidway NetEngine80E/40E Core Router Configuration Guide - VPN


[PE] mpls l2vpn [PE-l2vpn] quit [PE] mpls l2vpn vpn1 encapsulation ppp [PE-mpls-l2vpn-vpn1] route-distinguisher 100:1 [PE-mpls-l2vpn-vpn1] ce ce1 id 1 range 10 [PE-mpls-l2vpn-ce-vpn1-ce1] connection ce-offset 2 interface pos 1/0/0 [PE-mpls-l2vpn-ce-vpn1-ce1] quit [PE-mpls-l2vpn-vpn1] ce ce2 id 2 range 10 [PE-mpls-l2vpn-ce-vpn1-ce2] connection ce-offset 1 interface pos 2/0/0 [PE-mpls-l2vpn-ce-vpn1-ce2] quit [PE-mpls-l2vpn-vpn1] quit [PE] interface pos 1/0/0 [PE-Pos1/0/0] undo shutdown [PE-Pos1/0/0] quit [PE] interface pos 2/0/0 [PE-Pos2/0/0] undo shutdown [PE-Pos2/0/0] quit

3.

Verify the configuration. After the configuration, run the display mpls l2vpn connection command on the PEs. You can view that an L2VPN connection is established and the connection status is Up.
<PE> display mpls l2vpn connection 2 total connections, connections: 2 up, 0 down, 2 local, 0 remote, 0 unknown VPN name: vpn1, 2 total connections, connections: 2 up, 0 down, 2 local, 0 remote, 0 unknown CE name: ce1, id: 1, Rid type status peer-id route-distinguisher interface primary or not 2 loc up ----Pos1/0/0 primary CE name: ce2, id: 2, Rid type status peer-id route-distinguisher interface primary or not 1 loc up ----Pos2/0/0 primary

CE1 and CE2 can ping through each other.


<CE1> ping 30.1.1.2 PING 30.1.1.2: 56 data bytes, press CTRL_C to break Reply from 30.1.1.2: bytes=56 Sequence=1 ttl=255 time=24 Reply from 30.1.1.2: bytes=56 Sequence=2 ttl=255 time=26 Reply from 30.1.1.2: bytes=56 Sequence=3 ttl=255 time=24 Reply from 30.1.1.2: bytes=56 Sequence=4 ttl=255 time=51 Reply from 30.1.1.2: bytes=56 Sequence=5 ttl=255 time=48 --- 30.1.1.2 ping statistics --5 packet(s) transmitted 5 packet(s) received 0.00% packet loss round-trip min/avg/max = 24/34/51 ms ms ms ms ms ms

Configuration Files
l

Configuration file of CE1


# sysname CE1 # interface Pos1/0/0 link-protocol ppp undo shutdown ip address 30.1.1.1 255.255.255.0 # return

Configuration file of PE
# sysname PE #

5-78

Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd.

Issue 03 (2008-09-22)

Quidway NetEngine80E/40E Core Router Configuration Guide - VPN


mpls lsr-id 1.1.1.9 mpls # mpls l2vpn # interface Pos1/0/0 link-protocol ppp undo shutdown # interface Pos2/0/0 link-protocol ppp undo shutdown # mpls l2vpn vpn1 encapsulation ppp route-distinguisher 100:1 ce ce1 id 1 range 10 default-offset 0 connection ce-offset 2 interface Pos1/0/0 ce ce2 id 2 range 10 default-offset 0 connection ce-offset 1 interface Pos2/0/0 # # interface LoopBack1 ip address 1.1.1.9 255.255.255.255 # return l

5 VLL Configuration

Configuration file of CE2


# sysname CE2 # interface Pos1/0/0 link-protocol ppp undo shutdown ip address 30.1.1.2 255.255.255.0 # return

5.11.6 Example for Configuring a Remote Kompella VLL Connection


Networking Requirements
Figure 5-11 shows that CE1 and CE2 connect to PE1 and PE2 through POS interfaces respectively. The packets are encapsulated in PPP over the link layer. A remote Kompella VLL connection is established between CE1 and CE2. Figure 5-11 Networking diagram of a remote Kompella VLL connection
Loopback1 1.1.1.9/32 POS 2/0/0 168.1.1.1/24 POS 1/0/0 Loopback1 2.2.2.9/32 POS 1/0/0 168.1.1.2/24 POS 2/0/0 169.1.1.1/24 Loopback1 3.3.3.9/32 POS 1/0/0 169.1.1.2/24

PE 1

PE 2 POS 2/0/0

POS 1/0/0 30.1.1.1/24

Kompella Remote

POS 1/0/0 30.1.1.2/24

CE 1

CE 2

Issue 03 (2008-09-22)

Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd.

5-79

5 VLL Configuration

Quidway NetEngine80E/40E Core Router Configuration Guide - VPN

Configuration Roadmap
The configuration roadmap is as follows: 1. 2. 3. Configure a routing protocol and enable MPLS and LDP on related devices in the backbone network (PEs and P) to implement interworking. Enable MPLS L2VPN and configure the L2VPN capability of BGP between the PEs. Configure VPN instances to connect with the CEs.

Data Preparation
To configure the remote Kompella VLL connection, you need the following data:
l l l l

AS number of BGP Name of the VPN instance, RD, and VPN target Name and number of the CEs (The CE number is unique globally.) Size of the label block (CE range) as required

Configuration Procedure
1. Configure an IP address for each interface on the CEs, PEs, and P as shown in Figure 5-11. The configuration details are not mentioned here. 2. Configure IGP on the MPLS backbone network. OSPF is used as IGP in this example. When configuring OSPF, note that the 32-bit addresses of loopback interfaces of PE1, P, and PE2, which are used as LSR IDs, need be advertised. The configuration details are not mentioned here. After the configuration, run the display ip routing-table command on each LSR. You can view that the LSRs have learnt the routes of the LSR IDs from each other. Take the display on PE1 as an example:
<PE1> display ip routing-table Route Flags: R - relied, D - download to fib -----------------------------------------------------------------------------Routing Tables: Public Destinations : 9 Routes : 9 Destination/Mask Proto Pre Cost Flags NextHop Interface 1.1.1.9/32 Direct 0 0 D 127.0.0.1 InLoopBack0 2.2.2.9/32 OSPF 10 2 D 168.1.1.2 Pos2/0/0 3.3.3.9/32 OSPF 10 3 D 168.1.1.2 Pos2/0/0 127.0.0.0/8 Direct 0 0 D 127.0.0.1 InLoopBack0 127.0.0.1/32 Direct 0 0 D 127.0.0.1 InLoopBack0 168.1.1.0/24 Direct 0 0 D 168.1.1.1 Pos2/0/0 168.1.1.1/32 Direct 0 0 D 127.0.0.1 InLoopBack0 168.1.1.2/32 Direct 0 0 D 168.1.1.2 Pos2/0/0 169.1.1.0/24 OSPF 10 2 D 168.1.1.2 Pos2/0/0

Run the display ospf peer command. You can view that the OSPF neighbor relationship is established and the status is FULL. Take the display on PE1 as an example:
<PE1> display ospf peer OSPF Process 1 with Router ID 1.1.1.9 Neighbors Area 0.0.0.0 interface 168.1.1.1(Pos2/0/0)'s neighbors Router ID: 2.2.2.9 Address: 168.1.1.2 GR State: Normal State: Full Mode:Nbr is Master Priority: 1 DR: None BDR: None MTU: 0

5-80

Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd.

Issue 03 (2008-09-22)

Quidway NetEngine80E/40E Core Router Configuration Guide - VPN


Dead timer due in 36 sec Neighbor is up for 00:07:13 Authentication Sequence: [ 0 ]

5 VLL Configuration

3.

Configure the basic MPLS capability and LDP and establish LDP LSP. The configuration details are not mentioned here. After the configuration, run the display mpls ldp session and display mpls ldp peer commands on each LSR. You can view information about LDP sessions and LDP peers. Take the display on PE1 as an example:
<PE1> display mpls ldp session LDP Session(s) in Public Network -----------------------------------------------------------------------------Peer-ID Status LAM SsnRole SsnAge KA-Sent/Rcv -----------------------------------------------------------------------------2.2.2.9:0 Operational DU Passive 000:00:07 32/32 -----------------------------------------------------------------------------TOTAL: 1 session(s) Found. LAM : Label Advertisement Mode SsnAge Unit : DDD:HH:MM <PE1> display mpls ldp peer LDP Peer Information in Public network -----------------------------------------------------------------------------Peer-ID Transport-Address Discovery-Source -----------------------------------------------------------------------------2.2.2.9:0 2.2.2.9 Pos2/0/0 -----------------------------------------------------------------------------TOTAL: 1 Peer(s) Found.

Run the display mpls lsp command. You can view information about the establishment of LSP. Take the display on PE1 as an example:
<PE1> display mpls lsp ---------------------------------------------------------------------LSP Information: LDP LSP ---------------------------------------------------------------------FEC In/Out Label In/Out IF Vrf Name 1.1.1.9/32 3/NULL -/2.2.2.9/32 NULL/3 -/Pos2/0/0 3.3.3.9/32 NULL/1025 -/Pos2/0/0

4.

Configure the basic L2VPN capability of BGP. # Configure PE1.


[PE1] mpls l2vpn [PE1-l2vpn] quit [PE1] bgp 100 [PE1-bgp] peer 3.3.3.9 as-number 100 [PE1-bgp] peer 3.3.3.9 connect-interface loopback 1 [PE1-bgp] l2vpn-family [PE1-bgp-af-l2vpn] peer 3.3.3.9 enable [PE1-bgp-af-l2vpn] quit [PE1-bgp] quit

# Configure PE2.
[PE2] mpls l2vpn [PE2-l2vpn] quit [PE2] bgp 100 [PE2-bgp] peer 1.1.1.9 as-number 100 [PE2-bgp] peer 1.1.1.9 connect-interface loopback 1 [PE2-bgp] l2vpn-family [PE2-bgp-af-l2vpn] peer 1.1.1.9 enable

Issue 03 (2008-09-22)

Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd.

5-81

5 VLL Configuration
[PE2-bgp-af-l2vpn] quit [PE2-bgp] quit

Quidway NetEngine80E/40E Core Router Configuration Guide - VPN

After the configuration, run the display bgp l2vpn peer command on PE1 and PE2. You can view that the peer relationship is established between the PEs and the peer status is Established. Take the display on PE1 as an example:
<PE1> display bgp l2vpn peer BGP local router ID : 1.1.1.9 Local AS number : 100 Total number of peers : 1 Peer V AS MsgRcvd 3.3.3.9 4 100 9

MsgSent 7

Peers in established state : 1 OutQ Up/Down State PrefRcv 0 00:04:07 Established 0

5.

Configure MPLS L2VPN to connect with the CEs. # Configure PE1.


[PE1] mpls l2vpn vpn1 encapsulation ppp [PE1-mpls-l2vpn-vpn1] route-distinguisher 100:1 [PE1-mpls-l2vpn-vpn1] vpn-target 1:1 [PE1-mpls-l2vpn-vpn1] ce ce1 id 1 range 10 [PE1-mpls-l2vpn-ce-vpn1-ce1] connection ce-offset 2 interface pos 1/0/0 [PE1-mpls-l2vpn-ce-vpn1-ce1] quit [PE1-mpls-l2vpn-vpn1] quit [PE1] interface pos 1/0/0 [PE1-Pos1/0/0] undo shutdown [PE1-Pos1/0/0] quit

# Configure PE2.
[PE2] mpls l2vpn vpn1 encapsulation ppp [PE2-mpls-l2vpn-vpn1] route-distinguisher 100:1 [PE2-mpls-l2vpn-vpn1] vpn-target 1:1 [PE2-mpls-l2vpn-vpn1] ce ce2 id 2 range 10 [PE2-mpls-l2vpn-ce-vpn1-ce2] connection ce-offset 1 interface pos 2/0/0 [PE2-mpls-l2vpn-ce-vpn1-ce2] quit [PE2-mpls-l2vpn-vpn1] quit [PE2] interface pos 2/0/0 [PE2-Pos2/0/0] undo shutdown [PE2-Pos2/0/0] quit

6.

Verify the configuration. After the configuration, run the display mpls l2vpn connection command on the PEs. You can view that an L2VPN connection is established and the connection status is Up. Take the display on PE1 as an example:
<PE1> display mpls l2vpn connection 1 total connections, connections: 1 up, 0 down, 0 local, 1 remote, 0 unknown VPN name: vpn1, 1 total connections, connections: 1 up, 0 down, 0 local, 1 remote, 0 unknown CE name: ce1, id: 1, Rid type status peer-id route-distinguisher interface or not 2 rmt up 3.3.3.9 100:1 Pos1/0/0

primary primary

CE1 and CE2 can ping through each other.


<CE1> ping 30.1.1.2 PING 30.1.1.2: 56 data bytes, press CTRL_C to break Reply from 30.1.1.2: bytes=56 Sequence=1 ttl=255 time=90 Reply from 30.1.1.2: bytes=56 Sequence=2 ttl=255 time=77 Reply from 30.1.1.2: bytes=56 Sequence=3 ttl=255 time=34 Reply from 30.1.1.2: bytes=56 Sequence=4 ttl=255 time=46 Reply from 30.1.1.2: bytes=56 Sequence=5 ttl=255 time=94 --- 30.1.1.2 ping statistics --5 packet(s) transmitted 5 packet(s) received ms ms ms ms ms

5-82

Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd.

Issue 03 (2008-09-22)

Quidway NetEngine80E/40E Core Router Configuration Guide - VPN


0.00% packet loss round-trip min/avg/max = 34/68/94 ms

5 VLL Configuration

Configuration Files
l

Configuration file of CE1


# sysname CE1 # interface Pos1/0/0 link-protocol ppp undo shutdown ip address 30.1.1.1 255.255.255.0 # return

Configuration file of PE1


# sysname PE1 # mpls lsr-id 1.1.1.9 mpls # mpls l2vpn # mpls ldp # interface Pos1/0/0 link-protocol ppp undo shutdown # interface Pos2/0/0 link-protocol ppp undo shutdown ip address 168.1.1.1 255.255.255.0 mpls mpls ldp # mpls l2vpn vpn1 encapsulation ppp route-distinguisher 100:1 vpn-target 1:1 import-extcommunity vpn-target 1:1 export-extcommunity ce ce1 id 1 range 10 default-offset 0 connection ce-offset 2 interface Pos1/0/0 # # interface LoopBack1 ip address 1.1.1.9 255.255.255.255 # bgp 100 peer 3.3.3.9 as-number 100 peer 3.3.3.9 connect-interface LoopBack1 # ipv4-family unicast undo synchronization peer 3.3.3.9 enable # l2vpn-family policy vpn-target peer 3.3.3.9 enable # ospf 1 area 0.0.0.0 network 1.1.1.9 0.0.0.0 network 168.1.1.0 0.0.0.255 # return

Issue 03 (2008-09-22)

Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd.

5-83

5 VLL Configuration
l

Quidway NetEngine80E/40E Core Router Configuration Guide - VPN

Configuration file of P
# sysname P # mpls lsr-id 2.2.2.9 mpls # mpls ldp # interface Pos1/0/0 link-protocol ppp undo shutdown ip address 168.1.1.2 255.255.255.0 mpls mpls ldp # interface Pos2/0/0 link-protocol ppp undo shutdown ip address 169.1.1.1 255.255.255.0 mpls mpls ldp # interface LoopBack1 ip address 2.2.2.9 255.255.255.255 # ospf 1 area 0.0.0.0 network 168.1.1.0 0.0.0.255 network 169.1.1.0 0.0.0.255 network 2.2.2.9 0.0.0.0 # return

Configuration file of PE2


# sysname PE2 # mpls lsr-id 3.3.3.9 mpls # mpls l2vpn # mpls ldp # interface Pos1/0/0 link-protocol ppp undo shutdown ip address 169.1.1.2 255.255.255.0 mpls mpls ldp # interface Pos2/0/0 link-protocol ppp undo shutdown # # mpls l2vpn vpn1 encapsulation ppp route-distinguisher 100:1 vpn-target 1:1 import-extcommunity vpn-target 1:1 export-extcommunity ce ce2 id 2 range 10 default-offset 0 connection ce-offset 1 interface Pos2/0/0 # # interface LoopBack1 ip address 3.3.3.9 255.255.255.255 # bgp 100

5-84

Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd.

Issue 03 (2008-09-22)

Quidway NetEngine80E/40E Core Router Configuration Guide - VPN


peer 1.1.1.9 as-number 100 peer 1.1.1.9 connect-interface LoopBack1 # ipv4-family unicast undo synchronization peer 1.1.1.9 enable # l2vpn-family policy vpn-target peer 1.1.1.9 enable # ospf 1 area 0.0.0.0 network 3.3.3.9 0.0.0.0 network 169.1.1.0 0.0.0.255 # return l

5 VLL Configuration

Configuration file of CE2


# sysname CE2 # interface Pos1/0/0 link-protocol ppp undo shutdown ip address 30.1.1.2 255.255.255.0 # return

5.11.7 Example for Configuring VLL Internetworking (Interconnecting Ethernet with PPP by Using the Remote CCC Connection)
Networking Requirements
In Figure 5-12, CE1 and PE1 are connected through POS interfaces. Packets transmitted over the link layer are encapsulated with PPP.CE2 and PE2 are connected through GE interfaces. To ensure that CE1 and CE2 can communicate, the remote CCC connection and internetworking must be configured on the PEs. In addition, two static LSPs are required on the P to transmit packets in a bidirectional way.

Issue 03 (2008-09-22)

Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd.

5-85

5 VLL Configuration

Quidway NetEngine80E/40E Core Router Configuration Guide - VPN

Figure 5-12 Networking diagram of L2VPN internetworking (Ethernet interconnecting with PPP by using the remote CCC connection)
CE 1 to CE 2 O-Label 200 I-Label 100 Loopback1 1.1.1.9/32 I-Label 200 O-Label 100 O-Label 201 I-Label 101 I-Label 201 O-Label 101

CE 2 to CE 1

Loopback1 2.2.2.9/32

Loopback1 3.3.3.9/32

P PE 1
POS 1/0/0 POS 2/0/0 100.1.1.1/24 POS 2/0/0 100.1.1.2/24 POS1/0/0 100.2.2.2/24 POS 1/0/0 100.2.2.1/24

PE 2
GE 2/0/0

POS 1/0/0 10.1.1.1/24

CCC rem ote connection

GE1/0/0 10.1.1.2/24

CE 1

CE 2

Configuration Roadmap
The configuration roadmap is as follows: 1. 2. 3. Configure two static bidirectional LSPs to work as the data tunnels exclusively used by the local CCC connection. Enable MPLS L2VPN on the PEs. (MPLS L2VPN is not required on the P.) Configure two connections, that is, the connections from CE1 to CE2 and from CE2 to CE1.

Data Preparation
To complete the configuration, you need the outer label and the inner label of the remote CCC connection. Note the mapping between the outer label and the inner label on the PE and the P. For the settings of the outer label and the inner label, see Figure 5-12.

Configuration Procedure
1. Configure the CEs. # Configure CE1.
<Quidway> system-view [Quidway] sysname CE1 [CE1] interface pos 1/0/0 [CE1-Pos1/0/0] ip address 10.1.1.1 24 [CE1-Pos1/0/0] remote address 10.1.1.6 [CE1-Pos1/0/0] mtu 1500 [CE1-Pos1/0/0] shutdown [CE1-Pos1/0/0] undo shutdown [CE1-Pos1/0/0] quit

5-86

Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd.

Issue 03 (2008-09-22)

Quidway NetEngine80E/40E Core Router Configuration Guide - VPN


NOTE

5 VLL Configuration

You are recommended to set the MTU of CE1 and the MTU of PE1 to be the same to avoid the negotiation during forwarding.

# Configure CE2.
<Quidway> system-view [Quidway] sysname CE2 [CE2] interface gigabitethernet 1/0/0 [CE2-GigabitEthernet1/0/0] ip address 10.1.1.2 24 [CE2-GigabitEthernet1/0/0] undo shutdown [CE2-GigabitEthernet1/0/0] quit

2.

Configure an IP address for each interface on the routers in the backbone network. # Configure PE1.
<Quidway> system-view [Quidway] sysname PE1 [PE1] interface loopback 1 [PE1-LoopBack1] ip address 1.1.1.9 32 [PE1-LoopBack1] quit [PE1] interface pos 2/0/0 [PE1-Pos2/0/0] ip address 100.1.1.1 24 [PE1-Pos2/0/0] undo shutdown [PE1-Pos2/0/0] quit [PE1] interface pos 1/0/0 [PE1-Pos1/0/0] ip address ppp-negotiate [PE1-Pos1/0/0] mtu 1500 [PE1-Pos1/0/0] undo shutdown [PE1-Pos1/0/0] quit
NOTE

For PE1, the local attached circuit (AC) is a POS link running PPP, with the default MTU as 4470; the remote AC is an Ethernet link, with the default MTU as 1500. If PEs fail to negotiate the MTU because the MTUs of the ACs on the two ends are different, the VC cannot be established normally. You need to set the MTUs of the ACs on the two ends to be the same (1500).

# Configure P.
<Quidway> system-view [Quidway] sysname P [P] interface loopback 1 [P-LoopBack1] ip address 2.2.2.9 32 [P-LoopBack1] quit [P] interface pos 1/0/0 [P-Pos1/0/0] ip address 100.2.2.2 24 [P-Pos1/0/0] undo shutdown [P-Pos1/0/0] quit [P] interface pos 2/0/0 [P-Pos2/0/0] ip address 100.1.1.2 24 [P-Pos2/0/0] undo shutdown [P-Pos2/0/0] quit

# Configure PE2.
<Quidway> system-view [Quidway] sysname PE2 [PE2] interface loopback 1 [PE2-LoopBack1] ip address 3.3.3.9 32 [PE2-LoopBack1] quit [PE2] interface pos 1/0/0 [PE2-Pos1/0/0] ip address 100.2.2.1 24 [PE2-Pos1/0/0] undo shutdown [PE2-Pos1/0/0] quit

3.

Configure the basic MPLS functions on the MPLS backbone network. # Configure PE1.
[PE1] mpls lsr-id 1.1.1.9 [PE1] mpls [PE1-mpls] quit

Issue 03 (2008-09-22)

Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd.

5-87

5 VLL Configuration
[PE1] interface pos 2/0/0 [PE1-Pos2/0/0] mpls [PE1-Pos2/0/0] quit

Quidway NetEngine80E/40E Core Router Configuration Guide - VPN

# Configure P.
[P] mpls lsr-id 2.2.2.9 [P] mpls [P-mpls] quit [P] interface pos 1/0/0 [P-Pos1/0/0] mpls [P-Pos1/0/0] quit [P] interface pos 2/0/0 [P-Pos2/0/0] mpls [P-Pos2/0/0] quit

# Configure PE2.
[PE2] mpls lsr-id 3.3.3.9 [PE2] mpls [PE2-mpls] quit [PE2] interface pos 1/0/0 [PE2-Pos1/0/0] mpls [PE2-Pos1/0/0] quit

4.

Enable MPLS L2VPN and create a remote CCC connection on the PEs. # Configure PE1. Enable MPLS L2VPN globally and create a remote CCC connection from CE1 to CE2. Connect the incoming interface to CE1 and the outgoing interface to P. Set the incoming label to 100 and the outgoing label to 200.
[PE1] mpls l2vpn [PE1-l2vpn] quit [PE1] ccc ip-interworking CE1-CE2 interface pos 1/0/0 in-label 100 out-label 200 out-interface pos 2/0/0

# Configure PE2. Enable MPLS L2VPN globally and create a remote CCC connection from CE2 to CE1. Connect the incoming interface to CE2 and the outgoing interface to P. Set the incoming label to 201 and the outgoing label to 101.
[PE2] mpls l2vpn [PE2-l2vpn] quit [PE2] ccc ip-interworking CE2-CE1 interface gigabitethernet 2/0/0 in-label 201 out-label 101 out-interface pos 1/0/0 [PE2] interface gigabitethernet 2/0/0 [PE2-GigabitEthernet2/0/0] undo shutdown [PE2-GigabitEthernet2/0/0] local-ce ip 10.1.1.2 [PE2-GigabitEthernet2/0/0] quit

5.

Configure static LSPs on P. # Configure a static LSP on P for forwarding packets from PE1 to PE2, and configure another static LSP for forwarding packets from PE2 to PE1.
[P] static-lsp transit outgoing-interface pos [P] static-lsp transit outgoing-interface pos PE1-PE2 incoming-interface pos 2/0/0 in-label 200 1/0/0 out-label 201 PE2-PE1 incoming-interface pos 1/0/0 in-label 101 2/0/0 out-label 100

6.

Verify the configuration. After the configuration, check information about the CCC connection on the PEs. You can view that a remote CCC connection is established on PE1 and PE2 respectively.
<PE1> display ccc total ccc vc : 1 local ccc vc : 0, 0 up remote ccc vc : 1, 1 up name: CE1-CE2, type: remote, state: up, intf: Pos1/0/0 (up), in-label: 100 , out-label: 200 , out-interface : Pos2/0/0 <PE2> display ccc total ccc vc : 1 local ccc vc : 0, 0 up remote ccc vc : 1, 1 up

5-88

Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd.

Issue 03 (2008-09-22)

Quidway NetEngine80E/40E Core Router Configuration Guide - VPN

5 VLL Configuration

name: CE2-CE1, type: remote, state: up, intf: GigabitEthernet2/0/0 (up), in-label: 201 , out-label: 101 , outinterface : Pos1/0/0

Run the display mpls lsp command on P. You can view information about the labels and interfaces of the two established static LSPs.
<P> display mpls lsp ---------------------------------------------------------------------LSP Information: STATIC LSP ---------------------------------------------------------------------FEC In/Out Label In/Out IF Vrf Name -/200/201 Pos2/0/0/Pos1/0/0 -/101/100 Pos1/0/0/Pos2/0/0

Run the display ip routing-table command on the CEs. You can view the interface routes learned by CE1 and CE2 from each other. Take the display on CE1 as an example:
<CE1> display ip routing-table Route Flags: R - relied, D - download to fib -----------------------------------------------------------------------------Routing Tables: Public Destinations : 5 Routes : 5 Destination/Mask Proto Pre Cost Flags NextHop Interface 10.1.1.0/24 Direct 0 0 D 10.1.1.1 Pos1/0/0 10.1.1.1/32 Direct 0 0 D 127.0.0.1 InLoopBack0 10.1.1.6/32 Direct 0 0 D 10.1.1.6 Pos1/0/0 127.0.0.0/8 Direct 0 0 D 127.0.0.1 InLoopBack0 127.0.0.1/32 Direct 0 0 D 127.0.0.1 InLoopBack0

CE1 and CE2 can ping through each other.


<CE1> ping 10.1.1.2 PING 10.1.1.2: 56 data bytes, press CTRL_C to break Reply from 10.1.1.2: bytes=56 Sequence=1 ttl=255 time=190 Reply from 10.1.1.2: bytes=56 Sequence=2 ttl=255 time=120 Reply from 10.1.1.2: bytes=56 Sequence=3 ttl=255 time=160 Reply from 10.1.1.2: bytes=56 Sequence=4 ttl=255 time=100 Reply from 10.1.1.2: bytes=56 Sequence=5 ttl=255 time=130 --- 10.1.1.2 ping statistics --5 packet(s) transmitted 5 packet(s) received 0.00% packet loss round-trip min/avg/max = 100/140/190 ms ms ms ms ms ms

Configuration Files
l

Configuration file of CE1


# sysname CE1 # interface Pos1/0/0 link-protocol ppp remote address 10.1.1.6 undo shutdown mtu 1500 ip address 10.1.1.1 255.255.255.0 # return

Configuration file of PE1


# sysname PE1 # mpls lsr-id 1.1.1.9 mpls # mpls l2vpn #

Issue 03 (2008-09-22)

Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd.

5-89

5 VLL Configuration

Quidway NetEngine80E/40E Core Router Configuration Guide - VPN


interface Pos1/0/0 link-protocol ppp undo shutdown mtu 1500 ip address ppp-negotiate # interface Pos2/0/0 link-protocol ppp undo shutdown ip address 100.1.1.1 255.255.255.0 mpls # ccc ip-interworking CE1-CE2 interface Pos1/0/0 in-label 100 out-label 200 outinterface Pos2/0/0 # interface LoopBack1 ip address 1.1.1.9 255.255.255.255 # return

Configuration file of P
# sysname P # mpls lsr-id 2.2.2.9 mpls # interface Pos1/0/0 link-protocol ppp undo shutdown ip address 100.2.2.2 255.255.255.0 mpls # interface Pos2/0/0 link-protocol ppp undo shutdown ip address 100.1.1.2 255.255.255.0 mpls # interface LoopBack1 ip address 2.2.2.9 255.255.255.255 # static-lsp transit PE1-PE2 incoming-interface Pos2/0/0 in-label 200 outgoinginterface Pos1/0/0 out-label 201 static-lsp transit PE2-PE1 incoming-interface Pos1/0/0 in-label 101 outgoinginterface Pos2/0/0 out-label 100 # return

Configuration file of PE2


# sysname PE2 # mpls lsr-id 3.3.3.9 mpls # mpls l2vpn # interface Pos1/0/0 link-protocol ppp undo shutdown ip address 100.2.2.1 255.255.255.0 mpls # interface GigabitEthernet2/0/0 undo shutdown local-ce ip 10.1.1.2 # ccc ip-interworking CE2-CE1 interface GigabitEthernet2/0/0 in-label 201 outlabel 101 out-interface Pos1/0/0

5-90

Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd.

Issue 03 (2008-09-22)

Quidway NetEngine80E/40E Core Router Configuration Guide - VPN


# interface LoopBack1 ip address 3.3.3.9 255.255.255.255 # return l

5 VLL Configuration

Configuration file of CE2


# sysname CE2 # interface GigabitEthernet1/0/0 undo shutdown ip address 10.1.1.2 255.255.255.0 # return

5.11.8 Example for Configuring VLL Internetworking (Interconnecting Ethernet with HDLC in Martini Mode)
Networking Requirements
Figure 5-13 shows that CE1 is connected to PE1 through GE interfaces, while CE2 is connected to PE2 through HDLC (POS). Figure 5-13 Networking diagram of IP-interworking Ethernet to HDLC
PE1 PE2 P Loopback1 Loopback1 Loopback1 1.1.1.9/32 2.2.2.9/32 3.3.3.9/32 POS2/0/0 POS2/0/0 169.1.1.1/24 168.1.1.1/24 POS1/0/0 POS1/0/0 GE1/0/0 168.1.1.2/24 169.1.1.2/24 POS2/0/0 Martini GE1/0/0 30.1.1.1/24 CE1 POS1/0/0 30.1.1.2/24 CE2

Configuration Roadmap
The configuration roadmap is as follows: 1. 2. 3. 4. 5. Configure the routing protocol on PEs and Ps in the backbone network and enable MPLS. Set up the remote MPLS LDP session between PEs. Set up the tunnel according to the tunnel policy and create the L2VC connection. Configure the HDLC protocol and ensure the same MTU on the interfaces connecting CE and PE. On PE, statically configure the MAC address and the IP address used when PE sends packets to CE.

Issue 03 (2008-09-22)

Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd.

5-91

5 VLL Configuration

Quidway NetEngine80E/40E Core Router Configuration Guide - VPN

Data Preparation
To interconnect Ethernet with HDLC, you need the following data:
l l l l

Name of the PE remote peer Label value of the L2VC MTU value of the interfaces connected CE and PE MAC address used when PE sends packets to CE

Configuration Procedure
1. Configure IGP on the MPLS backbone network. OSPF is used as IGP in this example. The configuration details are not mentioned here. After the configuration, run the display ip routing-table command on each LSR. You can view that the LSRs have learnt the routes of the LSR IDs from each other. Run the display ospf peer command. You can view that the OSPF neighbor relationship is established between the LSRs and the status is FULL. Take the display on PE1 as an example:
<PE1> display ip routing-table Route Flags: R - relied, D - download to fib -----------------------------------------------------------------------------Routing Tables: Public Destinations : 9 Routes : 9 Destination/Mask Proto Pre Cost Flags NextHop Interface 1.1.1.9/32 Direct 0 0 D 127.0.0.1 InLoopBack0 2.2.2.9/32 OSPF 10 2 D 168.1.1.2 Pos2/0/0 3.3.3.9/32 OSPF 10 3 D 168.1.1.2 Pos2/0/0 127.0.0.0/8 Direct 0 0 D 127.0.0.1 InLoopBack0 127.0.0.1/32 Direct 0 0 D 127.0.0.1 InLoopBack0 168.1.1.0/24 Direct 0 0 D 168.1.1.1 Pos2/0/0 168.1.1.1/32 Direct 0 0 D 127.0.0.1 InLoopBack0 168.1.1.2/32 Direct 0 0 D 168.1.1.2 Pos2/0/0 169.1.1.0/24 OSPF 10 2 D 168.1.1.2 Pos2/0/0

Run the display ospf peer command. You can view that the OSPF neighbor relationship is established between the LSRs and the status is FULL. Take the display on PE1 as an example:
<PE1> display ospf peer OSPF Process 1 with Router ID 1.1.1.9 Neighbors Area 0.0.0.0 interface 168.1.1.1(Pos2/0/0)'s neighbors Router ID: 2.2.2.9 Address: 168.1.1.2 GR State: Normal State: Full Mode:Nbr is Master Priority: 1 DR: None BDR: None MTU: 0 Dead timer due in 30 sec Neighbor is up for 00:04:12

Authentication Sequence: [ 0 ] 2. Configure basic MPLS capability and LDP, and establish LDP LSP and remote LDP session between PE1 and PE2. # Configure PE1.
[PE1] mpls lsr-id 1.1.1.9 [PE1] mpls [PE1-mpls] quit [PE1] mpls ldp [PE1-mpls-ldp] quit [PE1] mpls ldp remote-peer 3.3.3.9 [PE1-mpls-ldp-remote-3.3.3.9] remote-ip 3.3.3.9 [PE1-mpls-ldp-remote-3.3.3.9] quit

5-92

Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd.

Issue 03 (2008-09-22)

Quidway NetEngine80E/40E Core Router Configuration Guide - VPN


[PE1] interface pos 2/0/0 [PE1-Pos2/0/0] mpls [PE1-Pos2/0/0] mpls ldp [PE1-Pos2/0/0] quit

5 VLL Configuration

# Configure P.
[P] mpls lsr-id 2.2.2.9 [P] mpls [P-mpls] quit [P] mpls ldp [P-mpls-ldp] quit [P] interface pos 1/0/0 [P-Pos1/0/0] mpls [P-Pos1/0/0] mpls ldp [P-Pos1/0/0] quit [P] interface pos 2/0/0 [P-Pos2/0/0] mpls [P-Pos2/0/0] mpls ldp [P-Pos2/0/0] quit

# Configure PE2.
[PE2] mpls lsr-id 3.3.3.9 [PE2] mpls [PE2-mpls] quit [PE2] mpls ldp [PE2-mpls-ldp] quit [PE2] mpls ldp remote-peer 1.1.1.9 [PE2-mpls-ldp-remote-1.1.1.9] remote-ip 1.1.1.9 [PE2-mpls-ldp-remote-1.1.1.9] quit [PE2] interface pos 1/0/0 [PE2-Pos1/0/0] mpls [PE2-Pos1/0/0] mpls ldp [PE2-Pos1/0/0] quit

After the configuration, run the display mpls ldp session and display mpls ldp peer commands on each LSR. You can view information about LDP sessions and LDP peers. Take the display on PE1 as an example:
<PE1> display mpls ldp session LDP Session(s) in Public Network -----------------------------------------------------------------------------Peer-ID Status LAM SsnRole SsnAge KA-Sent/Rcv -----------------------------------------------------------------------------2.2.2.9:0 Operational DU Passive 000:00:07 31/31 3.3.3.9:0 Operational DU Passive 000:00:07 29/29 -----------------------------------------------------------------------------TOTAL: 2 session(s) Found. LAM : Label Advertisement Mode SsnAge Unit : DDD:HH:MM <PE1> display mpls ldp peer LDP Peer Information in Public network -----------------------------------------------------------------------------Peer-ID Transport-Address Discovery-Source -----------------------------------------------------------------------------2.2.2.9:0 2.2.2.9 Pos2/0/0 3.3.3.9:0 3.3.3.9 Remote Peer : 3.3.3.9 -----------------------------------------------------------------------------TOTAL: 2 Peer(s) Found.

3.

Configure L2VPN IP-interworking. # Configure CE1.


[CE1] interface gigabitethernet 1/0/0 [CE1-GigabitEthernet1/0/0] ip address 30.1.1.1 24 [CE1-GigabitEthernet1/0/0] undo shutdown

Issue 03 (2008-09-22)

Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd.

5-93

5 VLL Configuration
[CE1-GigabitEthernet1/0/0] quit

Quidway NetEngine80E/40E Core Router Configuration Guide - VPN

# Configure PE1.
[PE1] mpls l2vpn [PE1-l2vpn] mpls l2vpn default martini [PE1-l2vpn] quit [PE1] interface gigabitethernet 1/0/0 [PE1-GigabitEthernet1/0/0] mpls l2vc 3.3.3.9 1 ip-interworking [PE1-GigabitEthernet1/0/0] local-ce ip 30.1.1.1 [PE1-GigabitEthernet1/0/0] undo shutdown [PE1-GigabitEthernet1/0/0] quit

# Configure CE2.
[CE2] interface pos 1/0/0 [CE2-Pos1/0/0] mtu 1500 [CE2-Pos1/0/0] link-protocol hdlc [CE2-Pos1/0/0] ip address 30.1.1.2 24 [CE2-Pos1/0/0] undo shutdown [CE2-Pos1/0/0] quit

# Configure PE2.
[PE2] mpls [PE2-l2vpn] l2vpn default martini [PE2-l2vpn] quit [PE2] interface pos 2/0/0 [PE2-Pos2/0/0] mtu 1500 [PE2-Pos2/0/0] link-protocol hdlc [PE2-Pos2/0/0] mpls l2vc 1.1.1.9 1 ip-interworking [PE2-Pos2/0/0] undo shutdown [PE2-Pos2/0/0] quit

4.

Verify the configuration. After the configuration, run the display mpls l2vc command on the PEs. You can view that the VC status is Up and the VC type is IP-interworking.
<PE1> display mpls l2vc interface gigabitethernet 1/0/0 *client interface : GigabitEthernet1/0/0 is up session state : up AC state : up VC state : up VC ID : 1 VC type : IP-interworking destination : 3.3.3.9 local group ID : 0 remote group ID : 0 local VC label : 21504 remote VC label : 21504 local AC OAM State : up local PSN State : up local forwarding state : forwarding remote AC OAM state : up remote PSN state : up remote forwarding state: forwarding BFD for PW : disable manual fault : not set active state : active forwarding entry : exist link state : up local VC MTU : 1500 remote VC MTU : 1500 local VCCV : Disable remote VCCV : Disable local control word : disable remote control word : disable tunnel policy name : -traffic behavior name : -PW template name : -primary or secondary : primary VC tunnel/token info : 1 tunnels/tokens NO.0 TNL type : lsp , TNL ID : 0x2002003 create time : 0 days, 0 hours, 8 minutes, 50 seconds up time : 0 days, 0 hours, 5 minutes, 24 seconds last change time : 0 days, 0 hours, 5 minutes, 24 seconds

5-94

Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd.

Issue 03 (2008-09-22)

Quidway NetEngine80E/40E Core Router Configuration Guide - VPN

5 VLL Configuration

Run the display interface command on the interfaces that access the PEs. You can view that the status of the L2VPN connection is Up.
<PE1> display interface gigabitethernet 1/0/0 GigabitEthernet1/0/0 current state : UP Line protocol current state : DOWN Description:HUAWEI, Quidway Series, GigabitEthernet1/0/0 Interface Route Port,The Maximum Transmit Unit is 1500 Internet protocol processing : disabled IP Sending Frames' Format is PKTFMT_ETHNT_2, Hardware address is 00e0-c54e-4202 L2VPN interworking connection of the main PW is up L2VPN interworking connection of the second PW is down L2VPN input: 0 packets, 0 discards output: 0 packets, 0 discards QoS max-bandwidth : 100000 Kbps Output queue : (Urgent queue : Size/Length/Discards) 0/50/0 Output queue : (Protocol queue : Size/Length/Discards) 0/1000/0 Output queue : (FIFO queue : Size/Length/Discards) 0/256/0 Hardware address is 00e0-c54e-4202 Input: 0 Bytes, 0 Packets Unicast: 0, Multicast: 0, Broadcast: 0 Output: 0 Bytes, 0 Packets Unicast: 0, Multicast: 0, Broadcast: 0

CE1 and CE2 can ping through each other.


<CE1> ping 30.1.1.2 PING 30.1.1.2: 56 data bytes, press CTRL_C to break Reply from 30.1.1.2: bytes=56 Sequence=1 ttl=255 time=76 Reply from 30.1.1.2: bytes=56 Sequence=2 ttl=255 time=93 Reply from 30.1.1.2: bytes=56 Sequence=3 ttl=255 time=71 Reply from 30.1.1.2: bytes=56 Sequence=4 ttl=255 time=81 Reply from 30.1.1.2: bytes=56 Sequence=5 ttl=255 time=98 --- 30.1.1.2 ping statistics --5 packet(s) transmitted 5 packet(s) received 0.00% packet loss round-trip min/avg/max = 71/83/98 ms ms ms ms ms ms

Configuration Files
l

Configuration file of CE1


# sysname CE1 # interface GigabitEthernet1/0/0 undo shutdown ip address 30.1.1.1 255.255.255.0 # return

Configuration file of PE1


# sysname PE1 # mpls lsr-id 1.1.1.9 mpls # mpls l2vpn mpls l2vpn default martini # mpls ldp # mpls ldp remote-peer 3.3.3.9 remote-ip 3.3.3.9 # interface GigabitEthernet1/0/0 undo shutdown local-ce ip 30.1.1.1

Issue 03 (2008-09-22)

Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd.

5-95

5 VLL Configuration
mpls l2vc 3.3.3.9 1 ip-interworking # interface Pos2/0/0 link-protocol ppp undo shutdown ip address 168.1.1.1 255.255.255.0 mpls mpls ldp # interface LoopBack1 ip address 1.1.1.9 255.255.255.255 # ospf 1 area 0.0.0.0 network 1.1.1.9 0.0.0.0 network 168.1.1.0 0.0.0.255 # return l

Quidway NetEngine80E/40E Core Router Configuration Guide - VPN

Configuration file of P
# sysname P # mpls lsr-id 2.2.2.9 mpls # mpls ldp # interface Pos1/0/0 link-protocol ppp undo shutdown ip address 168.1.1.2 255.255.255.0 mpls mpls ldp # interface Pos2/0/0 link-protocol ppp undo shutdown ip address 169.1.1.1 255.255.255.0 mpls mpls ldp # interface LoopBack1 ip address 2.2.2.9 255.255.255.255 # ospf 1 area 0.0.0.0 network 2.2.2.9 0.0.0.0 network 168.1.1.0 0.0.0.255 network 169.1.1.0 0.0.0.255 # return

Configuration file of PE2


# sysname PE2 # mpls lsr-id 3.3.3.9 mpls # mpls l2vpn mpls l2vpn default martini # mpls ldp # mpls ldp remote-peer 1.1.1.9 remote-ip 1.1.1.9 # interface Pos1/0/0 link-protocol ppp

5-96

Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd.

Issue 03 (2008-09-22)

Quidway NetEngine80E/40E Core Router Configuration Guide - VPN


undo shutdown ip address 169.1.1.2 255.255.255.0 mpls mpls ldp # interface Pos2/0/0 link-protocol hdlc undo shutdown mtu 1500 mpls l2vc 1.1.1.9 1 ip-interworking # interface LoopBack1 ip address 3.3.3.9 255.255.255.255 # ospf 1 area 0.0.0.0 network 3.3.3.9 0.0.0.0 network 169.1.1.0 0.0.0.255 # return l

5 VLL Configuration

Configuration file of CE2


# sysname CE2 # interface Pos1/0/0 link-protocol hdlc undo shutdown mtu 1500 ip address 30.1.1.2 255.255.255.0 # return

5.11.9 Example for Configuring VLL Internetworking (Interconnecting VLAN with ATM by Using the Local Kompella Connection)
Networking Requirements
As shown in Figure 5-14, CE1 is connected to the PE through the GE sub-interface, while CE2 is connected to the PE through the ATM sub-interface. A local Kompella connection is established between CE1 and CE2 for their interworking. Figure 5-14 Networking diagram of IP-interworking VLAN to ATM in Kompella mode
Loopback1 1.1.1.9/32 GE 1/0/0.1 30.1.1.1/24 ATM 1/0/0.1 30.1.1.2/24

GE 1/0/0.1

ATM 2/0/0.1

CE1

PE

CE2

Configuration Roadmap
The configuration roadmap is as follows:
Issue 03 (2008-09-22) Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd. 5-97

5 VLL Configuration

Quidway NetEngine80E/40E Core Router Configuration Guide - VPN

1. 2. 3. 4. 5.

Enable L2VPN. Connect the VPN instance to the CEs and specify the encapsulation type of the L2VPN as IP-interworking. The local connection need not transmit the signaling protocol; therefore, BGP and LSP tunnels are not needed. Configure the VLAN sub-interface on CE1 because CE1 accesses the PE through the GE sub-interface. Configure the VCs because CE2 accesses the PE through the ATM sub-interface.

Data Preparation
To complete the configuration, you need the following data:
l l l l l

ID of the VLAN to which the GE interface belongs ATM VC number VPN instance name, RD, and VPN target Name and number of the CEs (The CE number is unique globally.) Size of the label block (CE range) as required

Configuration Procedure
1. Configure the CEs to access the PE. # Configure CE1.
<Quidway> system-view [Quidway] sysname CE1 [CE1] interface gigabitethernet 1/0/0 [CE1-GigabitEthernet1/0/0] undo shutdown [CE1-GigabitEthernet1/0/0] quit [CE1] interface gigabitethernet 1/0/0.1 [CE1-GigabitEthernet1/0/0.1] vlan-type dot1q 100 [CE1-GigabitEthernet1/0/0.1] ip address 30.1.1.1 255.255.255.0 [CE1-GigabitEthernet1/0/0.1] undo shutdown [CE1-GigabitEthernet1/0/0.1] quit

# Configure CE2.
<Quidway> system-view [Quidway] sysname CE2 [CE2] interface atm 1/0/0 [CE2-Atm1/0/0] undo shutdown [CE2-Atm1/0/0] quit [CE2] interface atm 1/0/0.1 [CE2-Atm1/0/0.1] pvc 1/100 [CE2-atm-pvc-Atm1/0/0.1-1/100] map ip 30.1.1.1 broadcast [CE2-atm-pvc-Atm1/0/0.1-1/100] quit [CE2-Atm1/0/0.1] ip address 30.1.1.2 255.255.255.0 [CE2-Atm1/0/0.1] undo shutdown [CE2-Atm1/0/0.1] quit

# Configure PE.
<Quidway> system-view [Quidway] sysname PE [PE] interface gigabitethernet 1/0/0 [PE-GigabitEthernet1/0/0] undo shutdown [PE-GigabitEthernet1/0/0] quit [PE] interface gigabitethernet 1/0/0.1 [PE-GigabitEthernet1/0/0.1] vlan-type dot1q 100 [PE-GigabitEthernet1/0/0.1] undo shutdown [PE-GigabitEthernet1/0/0.1] quit

5-98

Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd.

Issue 03 (2008-09-22)

Quidway NetEngine80E/40E Core Router Configuration Guide - VPN


[PE] interface atm 2/0/0 [PE-Atm2/0/0] undo shutdown [PE-Atm2/0/0] quit [PE] interface atm 2/0/0.1 p2p [PE-Atm2/0/0.1] pvc 1/100 [PE-atm-pvc-Atm2/0/0.1-1/100] map ip 30.1.1.2 broadcast [PE-atm-pvc-Atm2/0/0.1-1/100] quit [PE-Atm2/0/0.1] undo shutdown [PE-Atm2/0/0.1] quit

5 VLL Configuration

2.

Configure L2VPN IP-interworking. # Configure the basic MPLS capability on the PE.
[PE] interface loopback 1 [PE-LoopBack1] ip address 1.1.1.9 32 [PE-LoopBack1] quit [PE] mpls lsr-id 1.1.1.9 [PE] mpls [PE-mpls] quit

# Configure the local Kompella connection.


[PE] mpls l2vpn [PE-l2vpn] quit [PE] mpls l2vpn vlantoatm encapsulation ip-interworking [PE-mpls-l2vpn-vlantoatm] route-distinguisher 100:1 [PE-mpls-l2vpn-vlantoatm] ce ce1 id 1 range 10 [PE-mpls-l2vpn-ce-vlantoatm-ce1] connection ce-offset 2 interface atm2/0/0.1 [PE-mpls-l2vpn-ce-vlantoatm-ce1] quit [PE-mpls-l2vpn-vlantoatm] ce ce2 id 2 range 10 [PE-mpls-l2vpn-ce-vlantoatm-ce2] connection ce-offset 1 interface gigabitethernet1/0/0.1 [PE-mpls-l2vpn-ce-vlantoatm-ce2] quit [PE-mpls-l2vpn-vlantoatm] quit

# Configure the PE to access the VLAN network.


[PE] interface gigabitethernet 1/0/0.1 [PE-GigabitEthernet1/0/0.1] local-ce ip 30.1.1.1 [PE-GigabitEthernet1/0/0.1] quit

3.

Verify the configuration. After the configuration, run the display mpls l2vpn connection command on the PE. You can view that two local Kompella connections are established and the connection status is Up.
<PE> display mpls l2vpn connection 2 total connections, connections: 2 up, 0 down, 2 local, 0 remote, 0 unknown VPN name: vlantoatm, 2 total connections, connections: 2 up, 0 down, 2 local, 0 remote, 0 unknown CE name: ce1, id: 1, Rid type status peer-id route-distinguisher intf primary or not 2 loc up ----Atm2/0/0.1 primary CE name: ce2, id: 2, Rid type status peer-id route-distinguisher intf primary or not 1 loc up ----GigabitEthernet1/0/0.1 primary

CE1 and CE2 can ping through each other.


<CE1> ping 30.1.1.2 PING 30.1.1.2: 56 data bytes, press CTRL_C to break Reply from 30.1.1.2: bytes=56 Sequence=1 ttl=255 time=52 ms Reply from 30.1.1.2: bytes=56 Sequence=2 ttl=255 time=3 ms Reply from 30.1.1.2: bytes=56 Sequence=3 ttl=255 time=27 ms Reply from 30.1.1.2: bytes=56 Sequence=4 ttl=255 time=26 ms Reply from 30.1.1.2: bytes=56 Sequence=5 ttl=255 time=4 ms --- 30.1.1.2 ping statistics --5 packet(s) transmitted 5 packet(s) received 0.00% packet loss

Issue 03 (2008-09-22)

Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd.

5-99

5 VLL Configuration
round-trip min/avg/max = 3/22/52 ms

Quidway NetEngine80E/40E Core Router Configuration Guide - VPN

Configuration Files
l

Configuration file of CE1


# sysname CE1 # interface GigabitEthernet 1/0/0 undo shutdown # interface GigabitEthernet 1/0/0.1 undo shutdown vlan-type dot1q 100 ip address 30.1.1.1 255.255.255.0 # return

Configuration file of PE
# sysname PE # mpls lsr-id 1.1.1.9 mpls # mpls l2vpn # interface GigabitEthernet1/0/0 undo shutdown # interface GigabitEthernet1/0/0.1 undo shutdown vlan-type dot1q 100 local-ce ip 30.1.1.1 # interface Atm2/0/0 undo shutdown # interface Atm2/0/0.1 p2p undo shutdown pvc 1/100 map ip 30.1.1.2 broadcast # mpls l2vpn vlantoatm encapsulation ip-interworking route-distinguisher 100:1 ce ce1 id 1 range 10 default-offset 0 connection ce-offset 2 interface Atm2/0/0.1 ce ce2 id 2 range 10 default-offset 0 connection ce-offset 1 interface GigaibitEthernet1/0/0.1 # # interface LoopBack1 ip address 1.1.1.9 255.255.255.255 # return

Configuration file of CE2


# sysname CE2 # interface Atm1/0/0.1 undo shutdown ip address 30.1.1.2 255.255.255.0 pvc 1/100 map ip 30.1.1.1 broadcast # return

5-100

Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd.

Issue 03 (2008-09-22)

Quidway NetEngine80E/40E Core Router Configuration Guide - VPN

5 VLL Configuration

5.11.10 Example for Configuring VLL Internetworking (Interconnecting VLAN with PPP by Using the Remote Kompella Connection)
Networking Requirements
In Figure 5-15, CE1 and PE1 are connected through VLAN 10. Packets are encapsulated with PPP on CE2 and PE2.CE1 and CE2 are required to communicate through the MPLS L2VPN interworking by using the remote Kompella connection. PE1, P, and PE2 belong to AS 100, and the P does not support MPLS.GRE tunnels are established between the PEs; thus, CE1 and CE2 can communicate on Layer 2. Figure 5-15 Networking diagram of VLL interworking - VLAN interworking with PPP by using the remote Kompella connection
Loopback1 1.1.1.9/32 Loopback1 2.2.2.9/32 Loopback1 3.3.3.9/32

POS 2/0/0 POS 1/0/0 168.1.1.1/24 168.1.1.2/24 GE1/0/0.1

POS 2/0/0 POS 1/0/0 169.1.1.1/24 169.1.1.2/24

PE 1

PE 2 POS 2/0/0

GE1/0/0.1 30.1.1.1/24

Kom pella rem ote

POS 1/0/0 30.1.1.2/24

CE 1

CE 2

Configuration Roadmap
The configuration roadmap is as follows: 1. 2. Configure routing protocols on the PEs and the P in the backbone network. Establish GRE tunnels on the PEs, with the Loopback 1 address of the local PE as the source address of the tunnel and the Loopback 1 address of the peer PE as the destination address of the tunnel. Create a tunnel policy on the PEs, create GRE tunnels between the PEs, and set the number of tunnels participating in load balancing to 1. Enable L2VPN on the PEs and configure L2VPN in Kompella mode.

3. 4.

Data Preparation
To complete the configuration, you need the following data:
l l l

Name of the tunnel policy AS number of BGP VPN instance name, route distinguisher, and VPN target
Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd. 5-101

Issue 03 (2008-09-22)

5 VLL Configuration
l

Quidway NetEngine80E/40E Core Router Configuration Guide - VPN

CE name, unique CE number, and CE range as required

Configuration Procedure
1. Configure the CEs to access the PEs. # Configure CE1.
<CE1> system-view [CE1] interface gigabitethernet 1/0/0 [CE1-GigabitEthernet1/0/0] undo shutdown [CE1-GigabitEthernet1/0/0] quit [CE1] interface gigabitethernet 1/0/0.1 [CE1-GigabitEthernet1/0/0.1] vlan-type dot1q 10 [CE1-GigabitEthernet1/0/0.1] ip address 30.1.1.1 24 [CE1-GigabitEthernet1/0/0.1] undo shutdown [CE1-GigabitEthernet1/0/0.1] quit

# Configure PE1.
<PE1> system-view [PE1] interface gigabitethernet 1/0/0 [PE1-GigabitEthernet1/0/0] undo shutdown [PE1-GigabitEthernet1/0/0] quit [PE1] interface gigabitethernet 1/0/0.1 [PE1-GigabitEthernet1/0/0.1] vlan-type dot1q 10 [PE1-GigabitEthernet1/0/0.1] local-ce ip 30.1.1.1 [PE1-GigabitEthernet1/0/0.1] undo shutdown [PE1-GigabitEthernet1/0/0.1] quit

# Configure PE2.
<PE2> system-view [PE2] interface pos 2/0/0 [PE2-Pos2/0/0] ip address ppp-negotiate [PE2-Pos2/0/0] mtu 1500 [PE2-Pos2/0/0] undo shutdown [PE2-Pos2/0/0] quit
NOTE

For PE2, the local AC is a POS link running PPP, with the default MTU as 4470; the remote AC is an Ethernet link, with the default MTU as 1500. If PEs fail to negotiate the MTU because the MTUs of the ACs on the two ends are different, the VC cannot be established normally. You need to set the MTUs of the ACs on the two ends to be the same (1500).

# Configure CE2.
<CE2> system-view [CE2] interface pos 1/0/0 [CE2-Pos1/0/0] ip address 30.1.1.2 24 [CE2-Pos1/0/0] remote address 30.1.1.6 [CE2-Pos1/0/0] mtu 1500 [CE2-Pos1/0/0] shutdown [CE2-Pos1/0/0] undo shutdown [CE2-Pos1/0/0] quit
NOTE

You are recommended to set the MTU of CE1 and the MTU of PE1 to be the same to avoid the negotiation during forwarding.

2.

Configure IGP on the MPLS backbone network. OSPF is used as IGP in this example. When configuring OSPF, advertise the 32-bit loopback interface addresses of the PEs and the P, which are used as the LSR IDs. # Configure PE1.
<PE1> system-view [PE1] interface loopback 1 [PE1-LoopBack1] ip address 1.1.1.9 32 [PE1-LoopBack1] quit

5-102

Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd.

Issue 03 (2008-09-22)

Quidway NetEngine80E/40E Core Router Configuration Guide - VPN


[PE1] interface pos 2/0/0 [PE1-Pos2/0/0] ip address 168.1.1.1 24 [PE1-Pos2/0/0] undo shutdown [PE1-Pos2/0/0] quit [PE1] ospf [PE1-ospf-1] area 0 [PE1-ospf-1-area-0.0.0.0] network 1.1.1.9 0.0.0.0 [PE1-ospf-1-area-0.0.0.0] network 168.1.1.0 0.0.0.255 [PE1-ospf-1-area-0.0.0.0] quit [PE1-ospf-1] quit

5 VLL Configuration

# Configure P.
<P> system-view [P] interface loopback 1 [P-LoopBack1] ip address 2.2.2.9 32 [P-LoopBack1] quit [P] interface pos 1/0/0 [P-Pos1/0/0] ip address 168.1.1.2 24 [P-Pos1/0/0] undo shutdown [P-Pos1/0/0] quit [P] interface pos 2/0/0 [P-Pos2/0/0] ip address 169.1.1.1 24 [P-Pos2/0/0] undo shutdown [P-Pos2/0/0] quit [P] ospf [P-ospf-1] area 0 [P-ospf-1-area-0.0.0.0] network 2.2.2.9 0.0.0.0 [P-ospf-1-area-0.0.0.0] network 168.1.1.0 0.0.0.255 [P-ospf-1-area-0.0.0.0] network 169.1.1.0 0.0.0.255 [P-ospf-1-area-0.0.0.0] quit [P-ospf-1] quit

# Configure PE2.
<PE2> system-view [PE2] interface loopback 1 [PE2-LoopBack1] ip address 3.3.3.9 32 [PE2-LoopBack1] quit [PE2] interface pos 1/0/0 [PE2-Pos1/0/0] ip address 169.1.1.2 24 [PE2-Pos1/0/0] undo shutdown [PE2-Pos1/0/0] quit [PE2] ospf [PE2-ospf-1] area 0 [PE2-ospf-1-area-0.0.0.0] network 3.3.3.9 0.0.0.0 [PE2-ospf-1-area-0.0.0.0] network 169.1.1.0 0.0.0.255 [PE2-ospf-1-area-0.0.0.0] quit [PE2-ospf-1] quit

After the configuration, run the display ip routing-table command on each LSR. You can view that the LSRs have learnt the routes of the LSR IDs from each other. Take the display on PE1 as an example:
<PE1> display ip routing-table Route Flags: R - relied, D - download to fib -----------------------------------------------------------------------------Routing Tables: Public Destinations : 9 Routes : 9 Destination/Mask Proto Pre Cost Flags NextHop Interface 1.1.1.9/32 Direct 0 0 D 127.0.0.1 InLoopBack0 2.2.2.9/32 OSPF 10 2 D 168.1.1.2 Pos2/0/0 3.3.3.9/32 OSPF 10 3 D 168.1.1.2 Pos2/0/0 127.0.0.0/8 Direct 0 0 D 127.0.0.1 InLoopBack0 127.0.0.1/32 Direct 0 0 D 127.0.0.1 InLoopBack0 168.1.1.0/24 Direct 0 0 D 168.1.1.1 Pos2/0/0 168.1.1.1/32 Direct 0 0 D 127.0.0.1 InLoopBack0 168.1.1.2/32 Direct 0 0 D 168.1.1.2 Pos2/0/0 169.1.1.0/24 OSPF 10 2 D 168.1.1.2 Pos2/0/0

Issue 03 (2008-09-22)

Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd.

5-103

5 VLL Configuration

Quidway NetEngine80E/40E Core Router Configuration Guide - VPN

Run the display ospf peer command. You can view that the OSPF neighbor relationship is established between the PEs and P and the status is FULL. Take the display on PE1 as an example:
<PE1> display ospf peer OSPF Process 1 with Router ID 1.1.1.9 Neighbors Area 0.0.0.0 interface 168.1.1.1(Pos2/0/0)'s neighbors Router ID: 2.2.2.9 Address: 168.1.1.2 GR State: Normal State: Full Mode:Nbr is Master Priority: 1 DR: None BDR: None MTU: 0 Dead timer due in 35 sec Neighbor is up for 00:04:59 Authentication Sequence: [ 0 ]

3.

Configure the basic MPLS functions on the PEs. # Configure PE1.


[PE1] mpls lsr-id 1.1.1.9 [PE1] mpls [PE1-mpls] quit

# Configure PE2.
[PE2] mpls lsr-id 3.3.3.9 [PE2] mpls [PE2-mpls] quit

4.

Establish GRE tunnels between the PEs. # Configure PE1.


<PE1> system-view [PE1] interface loopback 10 [PE1-LoopBack10] ip address 1.1.1.1 32 [PE1-LoopBack10] target-board 3 [PE1-LoopBack10] binding tunnel gre [PE1-LoopBack10] quit [PE1] ospf [PE1-ospf-1] area 0 [PE1-ospf-1-area-0.0.0.0] network 1.1.1.1 0.0.0.0 [PE1-ospf-1-area-0.0.0.0] quit [PE1-ospf-1] quit [PE1] interface tunnel 3/0/0 [PE1-Tunnel3/0/0] tunnel-protocol gre [PE1-Tunnel3/0/0] source loopback 10 [PE1-Tunnel3/0/0] destination 3.3.3.3 [PE1-Tunnel3/0/0] ip address 40.1.1.1 24 [PE1-Tunnel3/0/0] quit

# Configure PE2.
<PE2> system-view [PE2] interface loopback 10 [PE2-LoopBack10] ip address 3.3.3.3 32 [PE2-LoopBack10] target-board 3 [PE2-LoopBack10] binding tunnel gre [PE2-LoopBack10] quit [PE2] ospf [PE2-ospf-1] area 0 [PE2-ospf-1-area-0.0.0.0] network 3.3.3.3 0.0.0.0 [PE2-ospf-1-area-0.0.0.0] quit [PE2-ospf-1] quit [PE2] interface tunnel 3/0/0 [PE2-Tunnel3/0/0] tunnel-protocol gre [PE2-Tunnel3/0/0] source loopback 10 [PE2-Tunnel3/0/0] destination 1.1.1.1 [PE2-Tunnel3/0/0] ip address 40.1.1.2 24 [PE2-Tunnel3/0/0] quit

After the configuration, two tunnel interfaces become Up. Take the display on PE1 as an example:
5-104 Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd. Issue 03 (2008-09-22)

Quidway NetEngine80E/40E Core Router Configuration Guide - VPN

5 VLL Configuration

[PE1-Tunnel3/0/0] display this interface Tunnel3/0/0 current state : UP Line protocol current state : UP Description : HUAWEI, Quidway Series, Tunnel3/0/0 Interface, Route Port The Maximum Transmit Unit is 1500 bytes Internet Address is 40.1.1.1/24 Encapsulation is TUNNEL, loopback not set Tunnel source 1.1.1.1 (LoopBack10), destination 3.3.3.3 Tunnel protocol/transport GRE/IP, key disabled keepalive disabled Checksumming of packets disabled QoS max-bandwidth : 64 Kbps 300 seconds input rate 0 bytes/sec, 0 packets/sec 300 seconds output rate 0 bytes/sec, 0 packets/sec 63 packets input, 6460 bytes 0 input error 153 packets output, 17316 bytes 15 output error

5.

Create a tunnel policy on the PEs. # Configure PE1.


<PE1> system-view [PE1] tunnel-policy policy1 [PE1-tunnel-policy-policy1] tunnel select-seq gre load-balance-number 1 [PE1] quit

# Configure PE2.
<PE2> system-view [PE2] tunnel-policy policy1 [PE2-tunnel-policy-policy1] tunnel select-seq gre load-balance-number 1 [PE2] quit

6.

Configure the basic BGP L2VPN functions. # Configure PE1.


[PE1] mpls l2vpn [PE1] bgp 100 [PE1-bgp] peer 3.3.3.9 as-number 100 [PE1-bgp] peer 3.3.3.9 connect-interface loopback 1 [PE1-bgp] l2vpn-family [PE1-bgp-af-l2vpn] peer 3.3.3.9 enable [PE1-bgp-af-l2vpn] quit [PE1-bgp] quit

# Configure PE2.
[PE2] mpls l2vpn [PE2] bgp 100 [PE2-bgp] peer 1.1.1.9 as-number 100 [PE2-bgp] peer 1.1.1.9 connect-interface loopback 1 [PE2-bgp] l2vpn-family [PE2-bgp-af-l2vpn] peer 1.1.1.9 enable [PE2-bgp-af-l2vpn] quit [PE2-bgp] quit

After the configuration, run the display bgp l2vpn peer command on PE1 and PE2. You can find that the peer relationship is established between PEs and the peer status is Established. Take the display on PE1 as an example:
<PE1> display bgp l2vpn peer BGP local router ID : 1.1.1.9 Local AS number : 100 Total number of peers : 1 Peer V AS MsgRcvd 3.3.3.9 4 100 2

MsgSent 4

Peers in established state : 1 OutQ Up/Down State PrefRcv 0 00:00:17 Established 0

7.

Create the L2VPN instances on the PEs and configure the CEs to access the L2VPN instances.
Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd. 5-105

Issue 03 (2008-09-22)

5 VLL Configuration

Quidway NetEngine80E/40E Core Router Configuration Guide - VPN

# Configure PE1.
[PE1] mpls l2vpn vpn1 encapsulation ip-interworking [PE1-mpls-l2vpn-vpn1] route-distinguisher 100:1 [PE1-mpls-l2vpn-vpn1] vpn-target 1:1 both [PE1-mpls-l2vpn-vpn1] ce ce1 id 1 range 10 [PE1-mpls-l2vpn-ce-vpn1-ce1] connection ce-offset 2 interface GigabitEthernet 1/0/0.1 tunnel-policy policy1 [PE1-mpls-l2vpn-ce-vpn1-ce1] quit [PE1-mpls-l2vpn-vpn1] quit

# Configure PE2.
[PE2] mpls l2vpn vpn1 encapsulation ip-interworking [PE2-mpls-l2vpn-vpn1] route-distinguisher 100:1 [PE2-mpls-l2vpn-vpn1] vpn-target 1:1 both [PE2-mpls-l2vpn-vpn1] ce ce2 id 2 range 10 [PE2-mpls-l2vpn-ce-vpn1-ce2] connection ce-offset 1 interface pos 2/0/0 tunnelpolicy policy1 [PE2-mpls-l2vpn-ce-vpn1-ce2] quit [PE2-mpls-l2vpn-vpn1] quit

8.

Verify the configuration. After the configuration, run the display mpls l2vpn connection command on the PEs. You can view that an L2VPN connection is established and the connection status is Up. Take the display on PE1 as an example:
<PE1> display mpls l2vpn connection 1 total connections, connections: 1 up, 0 down, 0 local, 1 remote, 0 unknown VPN name: vpn1, 1 total connections, connections: 1 up, 0 down, 0 local, 1 remote, 0 unknown CE name: ce1, id: 1, Rid type status peer-id route-distinguisher interface primary or not 2 rmt up 3.3.3.9 100:1 GigabitEthernet1/0/0.1 primary

CE1 and CE2 can ping through each other.


<CE1> ping 30.1.1.2 PING 30.1.1.2: 56 data bytes, press CTRL_C to break Reply from 30.1.1.2: bytes=56 Sequence=1 ttl=255 time=500 Reply from 30.1.1.2: bytes=56 Sequence=2 ttl=255 time=130 Reply from 30.1.1.2: bytes=56 Sequence=3 ttl=255 time=160 Reply from 30.1.1.2: bytes=56 Sequence=4 ttl=255 time=160 Reply from 30.1.1.2: bytes=56 Sequence=5 ttl=255 time=150 --- 30.1.1.2 ping statistics --5 packet(s) transmitted 5 packet(s) received 0.00% packet loss round-trip min/avg/max = 130/220/500 ms ms ms ms ms ms

Configuration Files
l

Configuration file of CE1


# sysname CE1 # interface GigabitEthernet1/0/0 undo shutdown # interface GigabitEthernet1/0/0.1 undo shutdown vlan-type dot1q 10 ip address 30.1.1.1 255.255.255.0 # return

5-106

Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd.

Issue 03 (2008-09-22)

Quidway NetEngine80E/40E Core Router Configuration Guide - VPN


l

5 VLL Configuration

Configuration file of PE1


# sysname PE1 # mpls lsr-id 1.1.1.9 mpls # mpls l2vpn # interface GigabitEthernet1/0/0 undo shutdown # interface GigabitEthernet1/0/0.1 undo shutdown vlan-type dot1q 10 local-ce ip 30.1.1.1 # interface Pos2/0/0 link-protocol ppp undo shutdown ip address 168.1.1.1 255.255.255.0 # mpls l2vpn vpn1 encapsulation ip-interworking route-distinguisher 100:1 vpn-target 1:1 import-extcommunity vpn-target 1:1 export-extcommunity ce ce1 id 1 range 10 default-offset 0 connection ce-offset 2 interface GigabitEthernet1/0/0.1 tunnel-policy policy1 # # interface LoopBack1 ip address 1.1.1.9 255.255.255.255 # interface LoopBack10 ip address 1.1.1.1 255.255.255.255 target-board 3 binding tunnel gre # interface Tunnel3/0/0 ip address 40.1.1.1 255.255.255.0 tunnel-protocol gre source LoopBack10 destination 3.3.3.3 # bgp 100 peer 3.3.3.9 as-number 100 peer 3.3.3.9 connect-interface LoopBack1 # ipv4-family unicast undo synchronization peer 3.3.3.9 enable # l2vpn-family policy vpn-target peer 3.3.3.9 enable # ospf 1 area 0.0.0.0 network 1.1.1.1 0.0.0.0 network 1.1.1.9 0.0.0.0 network 168.1.1.0 0.0.0.255 # tunnel-policy policy1 tunnel select-seq gre load-balance-number 1 # return

Configuration file of P
Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd. 5-107

Issue 03 (2008-09-22)

5 VLL Configuration
# sysname P # interface Pos1/0/0 link-protocol ppp undo shutdown ip address 168.1.1.2 255.255.255.0 # interface Pos2/0/0 link-protocol ppp undo shutdown ip address 169.1.1.1 255.255.255.0 # interface LoopBack1 ip address 2.2.2.9 255.255.255.255 # ospf 1 area 0.0.0.0 network 2.2.2.9 0.0.0.0 network 168.1.1.0 0.0.0.255 network 169.1.1.0 0.0.0.255 # return l

Quidway NetEngine80E/40E Core Router Configuration Guide - VPN

Configuration file of PE2


# sysname PE2 # mpls lsr-id 3.3.3.9 mpls # mpls l2vpn # interface Pos1/0/0 link-protocol ppp undo shutdown ip address 169.1.1.2 255.255.255.0 # interface Pos2/0/0 link-protocol ppp undo shutdown mtu 1500 ip address ppp-negotiate # mpls l2vpn vpn1 encapsulation ip-interworking route-distinguisher 100:1 vpn-target 1:1 import-extcommunity vpn-target 1:1 export-extcommunity ce ce2 id 2 range 10 default-offset 0 connection ce-offset 1 interface Pos2/0/0 tunnel-policy policy1 # # interface LoopBack1 ip address 3.3.3.9 255.255.255.255 # interface LoopBack10 ip address 3.3.3.3 255.255.255.255 target-board 3 binding tunnel gre # interface Tunnel3/0/0 ip address 40.1.1.2 255.255.255.0 tunnel-protocol gre source LoopBack10 destination 1.1.1.1 # bgp 100 peer 1.1.1.9 as-number 100 peer 1.1.1.9 connect-interface LoopBack1 #

5-108

Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd.

Issue 03 (2008-09-22)

Quidway NetEngine80E/40E Core Router Configuration Guide - VPN


ipv4-family unicast undo synchronization peer 1.1.1.9 enable # l2vpn-family policy vpn-target peer 1.1.1.9 enable # ospf 1 area 0.0.0.0 network 3.3.3.3 0.0.0.0 network 3.3.3.9 0.0.0.0 network 169.1.1.0 0.0.0.255 # tunnel-policy policy1 tunnel select-seq gre load-balance-number 1 # return l

5 VLL Configuration

Configuration file of CE2


# sysname CE2 # interface Pos1/0/0 link-protocol ppp undo shutdown remote address 30.1.1.6 mtu 1500 ip address 30.1.1.2 255.255.255.0 # return

5.11.11 Examples for Configuring ACs of L2VPN IP-interworking


NOTE

l l

The processing for IP-interworking enabled interface is similar on Martini connection and Kompella connection. The following takes the Martini configuration for example. The configuration examples in this section assume that L2VPN is globally enabled on PE and the relevant configurations are omitted here.

PPP Between CE and PE


l

Networking requirements The CE accesses PE through PPP and assigns IP addresses to PE. The LDP session between the local PE and remote PE must be already established. Figure 5-16 Networking diagram of PPP between CE and PE
CE
PPP POS 1/0/0 163.1.1.1/24 POS 1/0/0 163.1.1.2/24 LSR ID: 4.4.4.4

PE1

LSR ID: 5.5.5.5

PE2

Configuration procedures # Configure CE.


[CE] interface pos 1/0/0 [CE-Pos1/0/0] link-protocol ppp [CE-Pos1/0/0] ip address 163.1.1.1 255.255.255.0 [CE-Pos1/0/0] remote address 163.1.1.2 [CE-Pos1/0/0] shutdown

Issue 03 (2008-09-22)

Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd.

5-109

5 VLL Configuration
[CE-Pos1/0/0] undo shutdown [CE-Pos1/0/0] quit

Quidway NetEngine80E/40E Core Router Configuration Guide - VPN

# Configure PE1.
[PE1] interface pos 1/0/0 [PE1-Pos1/0/0] link-protocol ppp [PE1-Pos1/0/0] ip address ppp-negotiate [PE1-Pos1/0/0] mtu 1500 [PE1-Pos1/0/0] mpls l2vc 5.5.5.5 1000 ip-interworking [PE1-Pos1/0/0] undo shutdown [PE1-Pos1/0/0] quit
NOTE

For a PPP link, you need to configure an IP address for the PE interface connected to the CE, the AC link can thus be negotiated through IPCP. If the PE interface connected to the CE does not have an IP address, the negotiation fails and the link layer is unavailable. You can configure the IP address on the PE manually. Alternatively, you can run the ip address ppp-negotiate command on the PE interface connected to the CE or the remote-address command on the CE interface connected to the PE, and then the CE assigns an IP address to the PE.

# Check the result of PPP negotiation.


<PE> display interface pos 1/0/0 Pos1/0/0 current state : UP Line protocol current state : UP Description : HUAWEI, Quidway Series, Serial1/0/0 Interface, Route Port The Maximum Transmit Unit is 1500 bytes, Hold timer is 10(sec) Internet Address is negotiated, 163.1.1.2/32 Link layer protocol is PPP LCP opened, IPCP opened L2VPN interworking connection of the main PW is up L2VPN interworking connection of the second PW is down L2VPN input: 0 packets, 0 discards output: 0 packets, 0 discards QoS max-bandwidth : 64 Kbps Output queue : (Urgent queue : Size/Length/Discards) 0/50/0 Output queue : (Protocol queue : Size/Length/Discards) 0/1000/0 Output queue : (FIFO queue : Size/Length/Discards) 0/256/0 Interface is V35 110 packets input, 1364 bytes 111 packets output, 1374 bytes

If the L2VPN interface in IP interworking mode works normally, you can view the following information:
L2VPN interworking connection of the main PW is up L2VPN interworking connection of the second PW is down L2VPN input: 0 packets, 0 discards output: 0 packets, 0 discards

Furthermore, the IPCP status of the interface must be opened.


NOTE

If a POS link is adopted, the MTU of 1500 bytes is recommended. The default value of MTU on a POS link is 4470 bytes that may be too big for some links of the MPLS network.

ATM Primary Interface Between CE and PE


l

Networking requirements As shown in Figure 5-17, CE accesses PE through ATM.

5-110

Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd.

Issue 03 (2008-09-22)

Quidway NetEngine80E/40E Core Router Configuration Guide - VPN

5 VLL Configuration

Figure 5-17 Networking diagram of ATM primary interface between CE and PE


CE
ATM ATM 1/0/0 100.1.1.1/24 ATM 1/0/0 100.1.1.2/24 LSR ID: 4.4.4.4

PE1

LSR ID: 5.5.5.5

PE2

Configuration procedures # Configure CE.


[CE] interface atm 1/0/0 [CE-Atm1/0/0] pvc 1/500 [CE-atm-pvc-Atm1/0/0-1/500] map ip inarp broadcast [CE-atm-pvc-Atm1/0/0-1/500] quit [CE-Atm1/0/0] ip address 100.1.1.1 255.255.255.0 [CE-Atm1/0/0] undo shutdown [CE-Atm1/0/0] quit

# Configure PE.
[PE] interface atm 1/0/0 [PE-Atm1/0/0] pvc 1/500 [PE-atm-pvc-Atm1/0/0-1/500] map ip inarp broadcast [PE-atm-pvc-Atm1/0/0-1/500] quit [PE-Atm1/0/0] ip address 100.1.1.2 255.255.255.0 [PE-Atm1/0/0] mpls l2vc 5.5.5.5 333 ip-interworking [PE-Atm1/0/0] undo shutdown [PE-Atm1/0/0] quit
NOTE

l l

When using L2VPN IP interworking, you need to configure the IPoA mapping on the PVC. The AAL5 encapsulation type of PVC can be aal5snap, InARP supported.

ATM Sub-interface Between CE and PE


l

Networking requirements As shown in Figure 5-18, CE accesses PE through ATM. The sub-interface is used for the interworking access with the precondition that the primary interface works normally.
NOTE

L2VPN does not support P2MP. Thus, to create the MPLS L2VC on an ATM sub-interface, configure a P2P ATM sub-interface.

Figure 5-18 Networking diagram of ATM sub interface between CE and PE


CE
ATM ATM 1/0/0.1 105.1.1.1/24 LSR ID: 4.4.4.4 ATM 1/0/0.1 105.1.1.2/24

PE1

LSR ID: 5.5.5.5

PE2

Configuration procedures This section describes two ways of configuration.

Configuration with static map on CE # Configure CE.


[CE] interface atm 1/0/0

Issue 03 (2008-09-22)

Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd.

5-111

5 VLL Configuration

Quidway NetEngine80E/40E Core Router Configuration Guide - VPN


[CE-Atm1/0/0] undo shutdown [CE-Atm1/0/0] quit [CE] interface atm 1/0/0.1 p2p [CE-Atm1/0/0.1] pvc 1/105 [CE-atm-pvc-Atm1/0/0.1-1/105] map ip 105.1.1.2 broadcast [CE-atm-pvc-Atm1/0/0.1-1/105] quit [CE-Atm1/0/0.1] ip address 105.1.1.1 255.255.255.0 [CE-Atm1/0/0.1] undo shutdown [CE-Atm1/0/0.1] quit

# Configure PE.
[PE] interface atm 1/0/0 [PE-Atm1/0/0] undo shutdown [PE-Atm1/0/0] quit [PE] interface atm 1/0/0.1 p2p [PE-Atm1/0/0.1] pvc 1/105 [PE-atm-pvc-Atm1/0/0.1-1/105] map ip 105.1.1.1 broadcast [PE-atm-pvc-Atm1/0/0.1-1/105] quit [PE-Atm1/0/0.1] mpls l2vc 5.5.5.5 1000 ip-interworking [PE-Atm1/0/0.1] undo shutdown [PE-Atm1/0/0.1] quit

Create map dynamically with InARP # Configure CE.


[CE] interface atm 1/0/0 [CE-Atm1/0/0] undo shutdown [CE-Atm1/0/0] quit [CE] interface atm 1/0/0.1 p2p [CE-Atm1/0/0.1] pvc 1/103 [CE-atm-pvc-Atm1/0/0.1-1/103] map ip inarp [CE-atm-pvc-Atm1/0/0.1-1/103] quit [CE-Atm1/0/0.1] ip address 105.1.1.1 255.255.255.0 [CE-Atm1/0/0.1] undo shutdown [CE-Atm1/0/0.1] quit

# Configure PE.
[PE] interface atm 1/0/0 [PE-Atm1/0/0] undo shutdown [PE-Atm1/0/0] quit [PE] interface atm 1/0/0.1 p2p [PE-Atm1/0/0.1] pvc 1/103 [PE-atm-pvc-Atm1/0/0.1-1/103] map ip inarp [PE-atm-pvc-Atm1/0/0.1-1/103] quit [PE-Atm1/0/0.1] ip address 105.1.1.2 255.255.255.0 [PE-Atm1/0/0.1] mpls l2vc 5.5.5.5 1000 ip-interworking [PE-Atm1/0/0.1] undo shutdown [PE-Atm1/0/0.1] quit
NOTE

If the mapping is created dynamically through InARP, an IP address should be configured on PE. The IP address is that of the CE interface connected to the remote PE.

5.11.12 Example for Configuring the Inter-AS Martini VLL Option A


Networking Requirements
As shown in Figure 5-19, the Option A scheme is adopted to establish the inter-AS Martini VLL.

5-112

Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd.

Issue 03 (2008-09-22)

Quidway NetEngine80E/40E Core Router Configuration Guide - VPN

5 VLL Configuration

Figure 5-19 Networking diagram of configuring the inter-AS Martini VLL Option A
MPLS backbone AS 100
Loopback0 1.1.1.9/32 POS2/0/0 10.1.1.1/24 Loopback0 2.2.2.9/32

MPLS backbone AS 200


Loopback0 3.3.3.9/32 POS2/0/0 POS1/0/0 POS2/0/0 30.1.1.1/24 POS1/0/0 30.1.1.2/24 POS2/0/0 Loopback0 4.4.4.9/32

PE1

POS1/0/0 10.1.1.2/24 POS1/0/0

ASBR -PE1

ASBR -PE2

PE2

POS1/0/0 100.1.1.1/24

POS1/0/0 100.1.1.2/24

CE1

CE2

The MPLS backbone network in an AS uses IS-IS as the IGP protocol.

Configuration Roadmap
The configuration roadmap is as follows: 1. 2. Run an IGP protocol on the MPLS backbone network so that the routers in the same AS can communicate. Configure the basic MPLS capability on the backbone network and establish dynamic LSPs between the PE and ASBR PE in the same AS. Establish a remote LDP session if the PE and ASBR PE are not directly connected. Establish an MPLS L2VC connection between the PE and ASBR PE in the same AS.

3.

Data Preparation
To complete the configuration, you need the following data:
l l l l

Data needed for configuring IS-IS IP address of the remote peer MPLS LSR IDs on PEs and ASBR PEs L2VC IDs
NOTE

The PE interfaces connected to the CEs need not be configured with IP addresses because the VLL is an emulated Layer 2 service.

Configuration Procedure
1. Configure IGP on the MPLS backbone network. The PEs and ASBR PEs on the backbone network can communicate by using IGP. In this example, IS-IS is used as IGP and the configuration details are not mentioned.
Issue 03 (2008-09-22) Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd. 5-113

5 VLL Configuration

Quidway NetEngine80E/40E Core Router Configuration Guide - VPN

After the configuration, the IS-IS neighbor relationship is established between the ASBR PEs and PEs in the same AS. Run the display isis peer command. You can view that the status of IS-IS neighbors is Up, and the PEs can learn loopback addresses from each other. Take the display on PE1 as an example:
<PE1> display isis peer System Id 0000.0000.0002 -Peer information for ISIS(1) ---------------------------Interface Circuit Id State HoldTime Type Pos2/0/0 0000000001 Up 21s L1L2 PRI

The ASBR PEs and PEs in the same AS can ping through each other. Take the display on PE1 as an example:
<PE1> ping 2.2.2.9 PING 2.2.2.9: 56 data bytes, press CTRL_C to break Reply from 2.2.2.9: bytes=56 Sequence=1 ttl=255 time=180 ms Reply from 2.2.2.9: bytes=56 Sequence=2 ttl=255 time=90 ms Reply from 2.2.2.9: bytes=56 Sequence=3 ttl=255 time=60 ms Reply from 2.2.2.9: bytes=56 Sequence=4 ttl=255 time=60 ms Reply from 2.2.2.9: bytes=56 Sequence=5 ttl=255 time=100 ms --- 2.2.2.9 ping statistics --5 packet(s) transmitted 5 packet(s) received 0.00% packet loss round-trip min/avg/max = 60/98/180 ms

2.

Enable MPLS and configure dynamic LSPs. Configure the basic MPLS capability on the MPLS backbone network. Establish a dynamic LDP LSP between the PE and ASBR PE in the same AS. After this step, an LSP tunnel is established between the PE and ASBR PE in the same AS. Take the display on ASBR-PE1 as an example:
<ASBR-PE1> display mpls ldp session LDP Session(s) in Public Network -----------------------------------------------------------------------------Peer-ID Status LAM SsnRole SsnAge KA-Sent/Rcv -----------------------------------------------------------------------------1.1.1.9:0 Operational DU Active 000:00:19 79/79 -----------------------------------------------------------------------------TOTAL: 1 session(s) Found. LAM : Label Advertisement Mode SsnAge Unit : DDD:HH:MM

3.

Configure the MPLS L2VPN connection. Configure the L2VC connection on the PEs and ASBR PEs and connect the CEs to the PEs. # Configure PE1.
[PE1] mpls l2vpn [PE1-l2vpn] mpls l2vpn default martini [PE1-l2vpn] quit [PE1] interface pos1/0/0 [PE1-Pos1/0/0] mpls l2vc 2.2.2.9 100 [PE1-Pos1/0/0] undo shutdown [PE1-Pos1/0/0] quit

# Configure ASBR-PE1.
[ASBR-PE1] mpls l2vpn [ASBR-PE1-l2vpn] mpls l2vpn default martini [ASBR-PE1-l2vpn] quit [ASBR-PE1] interface pos2/0/0 [ASBR-PE1-Pos2/0/0] mpls l2vc 1.1.1.9 100

5-114

Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd.

Issue 03 (2008-09-22)

Quidway NetEngine80E/40E Core Router Configuration Guide - VPN


[ASBR-PE1-Pos2/0/0] undo shutdown [ASBR-PE1-Pos2/0/0] quit

5 VLL Configuration

# Configure ASBR-PE2.
[ASBR-PE2] mpls l2vpn [ASBR-PE2-l2vpn] mpls l2vpn default martini [ASBR-PE2-l2vpn] quit [ASBR-PE2] interface pos1/0/0 [ASBR-PE2-Pos1/0/0] mpls l2vc 4.4.4.9 100 [ASBR-PE2-Pos1/0/0] undo shutdown [ASBR-PE2-Pos1/0/0] quit

# Configure PE2.
[PE2] mpls l2vpn [PE2-l2vpn] mpls l2vpn default martini [PE2-l2vpn] quit [PE2] interface pos2/0/0 [PE2-Pos2/0/0] mpls l2vc 3.3.3.9 100 [PE2-Pos2/0/0] undo shutdown [PE2-Pos2/0/0] quit

# Configure CE1.
[CE1] interface pos1/0/0 [CE1-Pos1/0/0] ip address 100.1.1.1 255.255.255.0 [CE1-Pos1/0/0] undo shutdown [CE1-Pos1/0/0] quit

# Configure CE2.
[CE2] interface pos1/0/0 [CE2-Pos1/0/0] ip address 100.1.1.2 255.255.255.0 [CE2-Pos1/0/0] undo shutdown [CE2-Pos1/0/0] quit

4.

Verify the configuration. Check information about the L2VPN connection on the PEs. You can view that an L2VC is established and the VC status is Up. Take the display on PE1 as an example:
<PE1> display mpls l2vc interface pos 1/0/0 *client interface : Posl1/0/0 is up session state : up AC state : up VC state : up VC ID : 100 VC type : PPP destination : 2.2.2.9 local group ID : 0 remote local VC label : 21505 remote local AC OAM State : up local PSN State : up local forwarding state : forwarding remote AC OAM state : up remote PSN state : up remote forwarding state: forwarding BFD for PW : disable manual fault : not set active state : active forwarding entry : exist link state : up local VC MTU : 1500 remote local VCCV : Disable remote VCCV : Disable local fragmentantion : disable remote local control word : disable remote tunnel policy : -traffic behavior : -PW template name : -primary or secondary : primary

group ID VC label

: 0 : 21505

VC MTU

: 1500

fragmentantion: disable control word : disable

Issue 03 (2008-09-22)

Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd.

5-115

5 VLL Configuration

Quidway NetEngine80E/40E Core Router Configuration Guide - VPN


VC tunnel/token info : 1 tunnels/tokens NO.0 TNL type : lsp , TNL ID : 0x2002001 create time : 0 days, 0 hours, 5 minutes, 37 seconds up time : 0 days, 0 hours, 4 minutes, 47 seconds last change time : 0 days, 0 hours, 4 minutes, 47 seconds <ASBR-PE2> display mpls l2vc interface pos 1/0/0 *client interface : Pos1/0/0 is up session state : up AC state : up VC state : up VC ID : 100 VC type : PPP destination : 4.4.4.9 local group ID : 0 remote group ID : 0 local VC label : 21505 remote VC label : 21505 local AC OAM State : up local PSN State : up local forwarding state : forwarding remote AC OAM state : up remote PSN state : up remote forwarding state: forwarding BFD for PW : disable manual fault : not set active state : active forwarding entry : exist link state : up local VC MTU : 1500 remote VC MTU : 1500 local VCCV : Disable remote VCCV : Disable local fragmentantion : disable remote fragmentantion: disable local control word : disable remote control word : disable tunnel policy : -traffic behavior : -PW template name : -primary or secondary : primary VC tunnel/token info : 1 tunnels/tokens NO.0 TNL type : lsp , TNL ID : 0x2002001 create time : 0 days, 0 hours, 5 minutes, 31 seconds up time : 0 days, 0 hours, 4 minutes, 54 seconds last change time : 0 days, 0 hours, 4 minutes, 54 seconds

CE1 and CE2 can ping through each other. Take the display on CE1 as an example:
<CE1> ping 100.1.1.2 PING 100.1.1.2: 56 data bytes, press CTRL_C to break Reply from 100.1.1.2: bytes=56 Sequence=1 ttl=255 time=172 Reply from 100.1.1.2: bytes=56 Sequence=2 ttl=255 time=156 Reply from 100.1.1.2: bytes=56 Sequence=3 ttl=255 time=156 Reply from 100.1.1.2: bytes=56 Sequence=4 ttl=255 time=156 Reply from 100.1.1.2: bytes=56 Sequence=5 ttl=255 time=156 --- 100.1.1.2 ping statistics --5 packet(s) transmitted 5 packet(s) received 0.00% packet loss round-trip min/avg/max = 156/159/172 ms ms ms ms ms ms

Configuration Files
l

Configuration file of CE1


# sysname CE1 # interface Pos1/0/0 link-protocol ppp undo shutdown ip address 100.1.1.1 255.255.255.0 #

5-116

Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd.

Issue 03 (2008-09-22)

Quidway NetEngine80E/40E Core Router Configuration Guide - VPN


return l

5 VLL Configuration

Configuration file of PE1


# sysname PE1 # mpls lsr-id 1.1.1.9 mpls # mpls l2vpn mpls l2vpn default martini # mpls ldp # isis 1 network-entity 10.0000.0000.0001.00 # interface Pos1/0/0 link-protocol ppp undo shutdown mpls l2vc 2.2.2.9 100 # interface Pos2/0/0 link-protocol ppp undo shutdown ip address 10.1.1.1 255.255.255.0 isis enable 1 mpls mpls ldp # interface LoopBack0 ip address 1.1.1.9 255.255.255.255 isis enable 1 # return

Configuration file of ASBR-PE1


# sysname ASBR-PE1 # mpls lsr-id 2.2.2.9 mpls # mpls l2vpn mpls l2vpn default martini # mpls ldp # isis 1 network-entity 10.0000.0000.0002.00 # interface Pos1/0/0 link-protocol ppp undo shutdown ip address 10.1.1.2 255.255.255.0 isis enable 1 mpls mpls ldp # interface Pos2/0/0 link-protocol ppp undo shutdown mpls l2vc 1.1.1.9 100 # interface LoopBack0 ip address 2.2.2.9 255.255.255.255 isis enable 1 # return

Issue 03 (2008-09-22)

Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd.

5-117

5 VLL Configuration
l

Quidway NetEngine80E/40E Core Router Configuration Guide - VPN

Configuration file of ASBR-PE2


# sysname ASBR-PE2 # mpls lsr-id 3.3.3.9 mpls # mpls l2vpn mpls l2vpn default martini # mpls ldp # isis 1 network-entity 10.0000.0000.0003.00 # interface Pos1/0/0 link-protocol ppp undo shutdown mpls l2vc 4.4.4.9 100 # interface Pos2/0/0 link-protocol ppp undo shutdown ip address 30.1.1.1 255.255.255.0 isis enable 1 mpls mpls ldp # interface LoopBack0 ip address 3.3.3.9 255.255.255.255 isis enable 1 # return

Configuration file of PE2


# sysname PE2 # mpls lsr-id 4.4.4.9 mpls # mpls l2vpn mpls l2vpn default martini # mpls ldp # isis 1 network-entity 10.0000.0000.0004.00 # interface Pos1/0/0 link-protocol ppp undo shutdown ip address 30.1.1.2 255.255.255.0 isis enable 1 mpls mpls ldp # interface Pos2/0/0 link-protocol ppp undo shutdown mpls l2vc 3.3.3.9 100 # interface LoopBack0 ip address 4.4.4.9 255.255.255.255 isis enable 1 # return

Configuration file of CE2


Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd. Issue 03 (2008-09-22)

5-118

Quidway NetEngine80E/40E Core Router Configuration Guide - VPN


# sysname CE2 # interface Pos1/0/0 link-protocol ppp undo shutdown ip address 100.1.1.2 255.255.255.0 #

5 VLL Configuration

return

5.11.13 Example for Configuring the Inter-AS Martini VLL Option C


Networking Requirements
As shown in Figure 5-20, CE1 and CE2 belong to the same VPN, and access the backbone network through PE1 in AS100 and PE2 in AS200 respectively. The multi-hop mode is adopted to establish the inter-AS Martini L2VPN. Figure 5-20 Networking diagram of configuring the inter-AS Martini VLL Option C
BGP/MPLS Backbone AS 100
Loopback0 1.1.1.9/32 POS2/0/0 10.1.1.1/24 Loopback0 2.2.2.9/32 POS2/0/0 20.1.1.1/24

BGP/MPLS Backbone AS 200


Loopback0 3.3.3.9/32 POS2/0/0 30.1.1.1/24 POS1/0/0 20.1.1.2/24 POS1/0/0 30.1.1.2/24 POS2/0/0 Loopback0 4.4.4.9/32

PE1

POS1/0/0 10.1.1.2/24 POS1/0/0

ASBR -PE1

ASBR -PE2

PE2

POS1/0/0 100.1.1.1/24

POS1/0/0 100.1.1.2/24

CE1

CE2

Configuration Roadmap
The configuration roadmap is as follows: 1. 2. 3. 4. 5.
Issue 03 (2008-09-22)

Run an IGP protocol on the MPLS backbone network so that the routers in the same AS can communicate. Enable MPLS on the backbone network and establish dynamic LSP tunnels between the PEs and ASBR PEs. Establish IBGP peers between the PEs and ASBR PEs in the same AS and EBGP peers between the ASBR PEs. Configure a routing policy and enable the labeled route function on the ASBR PEs. Establish MPLS LDP remote peers between PE1 and PE2.
Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd. 5-119

5 VLL Configuration

Quidway NetEngine80E/40E Core Router Configuration Guide - VPN

6.

Establish an MPLS L2VC connection between PE1 and PE2.

Data Preparation
To complete the configuration, you need the following data:
l l l

Data needed for configuring IS-IS IP addresses of remote peers (IP addresses of the loopback interfaces on the remote peers) MPLS LSR IDs of the PEs and ASBR PEs (IP addresses of the loopback interfaces on the local device) L2VC IDs Routing policy applied to the ASBR PEs IP addresses of the CE interfaces through which the CEs access the PEs
NOTE

l l l

IP addresses of the PE interfaces through which the PEs access the CEs need not be configured.

Configuration Procedure
1. Configure IGP on the MPLS backbone network. The PEs and ASBR PEs on the backbone network can communicate by using IGP. IS-IS is used as IGP in this example. The configuration details are not mentioned here. Note that IS-IS must be enabled on Loopback0. After the configuration, IS-IS peers are established between the ASBR PEs and PEs in the same AS. Run the display isis peer command. You can view that the status of the peers is Up, and the ASBR PEs and PEs can learn the loopback addresses of each other. Take the display on PE1 as an example:
<PE1> display isis peer Peer information for ISIS(1) ---------------------------System Id Interface Circuit Id State HoldTime Type PRI 0000.0000.0002 P2/0/0 001 Up 23s L1L2 -<PE1> display ip routing-table Route Flags: R - relied, D - download to fib -----------------------------------------------------------------------------Routing Tables: Public Destinations : 7 Routes : 7 Destination/Mask Proto Pre Cost Flags NextHop Interface 1.1.1.9/32 Direct 0 0 D 127.0.0.1 InLoopBack0 2.2.2.9/32 ISIS 15 10 D 10.1.1.2 Pos2/0/0 10.1.1.0/24 Direct 0 0 D 10.1.1.1 Pos2/0/0 10.1.1.1/32 Direct 0 0 D 127.0.0.1 InLoopBack0 10.1.1.2/32 Direct 0 0 D 10.1.1.2 Pos2/0/0 127.0.0.0/8 Direct 0 0 D 127.0.0.1 InLoopBack0 127.0.0.1/32 Direct 0 0 D 127.0.0.1 InLoopBack0

The ASBR PEs and PEs in the same AS can ping the Loopback0 address of each other. Take the display on ASBR-PE1 as an example:
<ASBR-PE1> ping 1.1.1.9 PING 1.1.1.9: 56 data bytes, press CTRL_C to break Reply from 1.1.1.9: bytes=56 Sequence=1 ttl=255 time=47 Reply from 1.1.1.9: bytes=56 Sequence=2 ttl=255 time=31 Reply from 1.1.1.9: bytes=56 Sequence=3 ttl=255 time=31 Reply from 1.1.1.9: bytes=56 Sequence=4 ttl=255 time=31 Reply from 1.1.1.9: bytes=56 Sequence=5 ttl=255 time=31 --- 1.1.1.9 ping statistics --ms ms ms ms ms

5-120

Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd.

Issue 03 (2008-09-22)

Quidway NetEngine80E/40E Core Router Configuration Guide - VPN


5 packet(s) transmitted 5 packet(s) received 0.00% packet loss round-trip min/avg/max = 31/34/47 ms

5 VLL Configuration

2.

Enable MPLS and establish tunnels. Enable MPLS and establish LDP LSPs on the ASBR PEs and PEs in the same AS. The configuration details are not mentioned here. After the configuration, LDP peers are established between the PEs and ASBR PEs in the same AS. Run the display mpls ldp session command on each device. You can view that the session status is Operational. Take the display on PE1 as an example:
[PE1] display mpls ldp session LDP Session(s) in Public Network --------------------------------------------------------------------Peer-ID Status LAM SsnRole SsnAge KA-Sent/Rcv ---------------------------------------------------------------------2.2.2.9:0 Operational DU Passive 000:00:00 2/2 ---------------------------------------------------------------------TOTAL: 1 session(s) Found. LAM : Label Advertisement Mode SsnAge Unit : DDD:HH:MM

3.

Configure MP-BGP. Configure MP-IBGP between PE1 and ASBR-PE1, and between PE2 and ASBR-PE2. Configure MP-IBGP between ASBR-PE1 and ASBR-PE2. Note that the Loopback0 route of the PE in the local AS must be advertised to the peer ASBR PE. # Configure PE1.
[PE1] bgp [PE1-bgp] [PE1-bgp] [PE1-bgp] [PE1-bgp] 100 peer 2.2.2.9 as-number 100 peer 2.2.2.9 label-route-capability peer 2.2.2.9 connect-interface LoopBack0 quit

# Configure ASBR-PE1. For the routes received from the PE in the same AS and advertised to the peer ASBR PE, the ASBR PE allocates MPLS labels to the routes. For the labeled IPv4 routes advertised to the PE in the same AS, the ASBR PE allocates new MPLS labels to the routes.
[ASBR-PE1] interface pos 2/0/0 [ASBR-PE1-Pos2/0/0] mpls [ASBR-PE1-Pos2/0/0] undo shutdown [ASBR-PE1-Pos2/0/0] quit [ASBR-PE1] route-policy policy1 permit node 1 [ASBR-PE1-route-policy] if-match mpls-label [ASBR-PE1-route-policy] apply mpls-label [ASBR-PE1-route-policy] quit [ASBR-PE1] route-policy policy2 permit node 1 [ASBR-PE1-route-policy] apply mpls-label [ASBR-PE1-route-policy] quit [ASBR-PE1] bgp 100 [ASBR-PE1-bgp] network 1.1.1.9 32 [ASBR-PE1-bgp] peer 1.1.1.9 as-number 100 [ASBR-PE1-bgp] peer 1.1.1.9 route-policy policy1 export [ASBR-PE1-bgp] peer 1.1.1.9 label-route-capability [ASBR-PE1-bgp] peer 1.1.1.9 connect-interface loopback0 [ASBR-PE1-bgp] peer 20.1.1.2 as-number 200 [ASBR-PE1-bgp] peer 20.1.1.2 route-policy policy2 export [ASBR-PE1-bgp] peer 20.1.1.2 label-route-capability [ASBR-PE1-bgp] quit

# Configure ASBR-PE2.
Issue 03 (2008-09-22) Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd. 5-121

5 VLL Configuration

Quidway NetEngine80E/40E Core Router Configuration Guide - VPN

For the routes received from the PE in the same AS and advertised to the peer ASBR PE, the ASBR PE allocates MPLS labels to the routes. For the labeled IPv4 routes advertised to the PE in the same AS, the ASBR PE allocates new MPLS labels to the routes.
[ASBR-PE2] interface pos 1/0/0 [ASBR-PE2-Pos1/0/0] mpls [ASBR-PE2-Pos1/0/0] undo shutdown [ASBR-PE2-Pos1/0/0] quit [ASBR-PE2] route-policy policy1 permit node 1 [ASBR-PE2-route-policy] if-match mpls-label [ASBR-PE2-route-policy] apply mpls-label [ASBR-PE2-route-policy] quit [ASBR-PE2] route-policy policy2 permit node 1 [ASBR-PE2-route-policy] apply mpls-label [ASBR-PE2-route-policy] quit [ASBR-PE2] bgp 200 [ASBR-PE2-bgp] network 4.4.4.9 32 [ASBR-PE2-bgp] peer 20.1.1.1 as-number 100 [ASBR-PE2-bgp] peer 20.1.1.1 route-policy policy2 export [ASBR-PE2-bgp] peer 20.1.1.1 label-route-capability [ASBR-PE2-bgp] peer 4.4.4.9 as-number 200 [ASBR-PE2-bgp] peer 4.4.4.9 route-policy policy1 export [ASBR-PE2-bgp] peer 4.4.4.9 label-route-capability [ASBR-PE2-bgp] peer 4.4.4.9 connect-interface loopback0 [ASBR-PE2-bgp] quit

# Configure PE2.
[PE2] bgp [PE2-bgp] [PE2-bgp] [PE2-bgp] [PE2-bgp] 200 peer 3.3.3.9 as-number 200 peer 3.3.3.9 label-route-capability peer 3.3.3.9 connect-interface loopback0 quit

After the configuration, run the display bgp peer command on the ASBRs. You can view that the status of the IBGP sessions between the PEs and ASBR PEs in the same AS and the status of the EBGP sessions between the ASBR PEs are Established. Take the display on ASBR-PE1 as an example:
[ASBR-PE1] display bgp peer BGP local router ID : 2.2.2.9 Local AS number : 100 Total number of peers : 2 Peers in established state : 2 Peer V AS MsgRcvd MsgSent OutQ Up/Down State PrefRcv 1.1.1.9 4 100 111 128 0 00:34:24 Established 0 20.1.1.2 4 200 75 89 0 00:38:40 Established 1

4.

Establish remote LDP sessions between PE1 and PE2. # Configure PE1.
[PE1] mpls ldp remote-peer 4.4.4.9 [PE1-mpls-ldp-remote-4.4.4.9] remote-ip 4.4.4.9 [PE1-mpls-ldp-remote-4.4.4.9] quit

# Configure PE2.
[PE2] mpls ldp remote-peer 1.1.1.9 [PE2-mpls-ldp-remote-1.1.1.9] remote-ip 1.1.1.9 [PE2-mpls-ldp-remote-1.1.1.9] quit

After the configuration, LDP peers are established between the PEs and ASBRs in different ASs. Run the display mpls ldp session command on each PE. You can view that the session status is Operational. Take the display on PE1 as an example:
<PE1> display mpls ldp session LDP Session(s) in Public Network -----------------------------------------------------------------------------Peer-ID Status LAM SsnRole SsnAge KA-Sent/Rcv

5-122

Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd.

Issue 03 (2008-09-22)

Quidway NetEngine80E/40E Core Router Configuration Guide - VPN

5 VLL Configuration

-----------------------------------------------------------------------------2.2.2.9:0 Operational DU Passive 000:00:21 87/87 4.4.4.9:0 Operational DU Passive 000:00:18 75/75 -----------------------------------------------------------------------------TOTAL: 2 session(s) Found. LAM : Label Advertisement Mode SsnAge Unit : DDD:HH:MM

5.

Configure L2VPN connections. Configure L2VPN connections on the PEs and connect the CEs to the PEs. # Configure PE1.
[PE1] mpls l2vpn [PE1-l2vpn] mpls l2vpn default martini [PE1-l2vpn] quit [PE1] interface pos 1/0/0 [PE1-Pos1/0/0] mpls l2vc 4.4.4.9 100 [PE1-Pos1/0/0] undo shutdown [PE1-Pos1/0/0] quit

# Configure PE2.
[PE2] mpls l2vpn [PE2-l2vpn] mpls l2vpn default martini [PE2-l2vpn] quit [PE2] interface pos 2/0/0 [PE2-Pos2/0/0] mpls l2vc 1.1.1.9 100 [PE2-Pos2/0/0] undo shutdown [PE2-Pos2/0/0] quit

# Configure CE1.
[CE1] interface pos 1/0/0 [CE1-Pos1/0/0] ip address 100.1.1.1 255.255.255.0 [CE1-Pos1/0/0] undo shutdown [CE1-Pos1/0/0] quit

# Configure CE2.
[CE2] interface pos 1/0/0 [CE2-Pos1/0/0] ip address 100.1.1.2 255.255.255.0 [CE2-Pos1/0/0] undo shutdown [CE2-Pos1/0/0] quit

6.

Verify the configuration. Check information about the L2VPN connection on the PEs. You can view that an L2VC is established and the VC status is Up. Take the display on PE1 as an example:
<PE1> display mpls l2vc interface pos 1/0/0 *client interface : Pos1/0/0 is up session state : up AC state : up VC state : up VC ID : 100 VC type : PPP destination : 4.4.4.9 local group ID : 0 remote group ID local VC label : 21504 remote VC label local AC OAM State : up local PSN State : up local forwarding state : forwarding remote AC OAM state : up remote PSN state : up remote forwarding state: forwarding BFD for PW : disable manual fault : not set active state : active forwarding entry : exist link state : up

: 0 : 21504

Issue 03 (2008-09-22)

Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd.

5-123

5 VLL Configuration
local VC MTU local VCCV remote VCCV local fragmentantion local control word tunnel policy traffic behavior PW template name primary or secondary VC tunnel/token info NO.0 TNL type : lsp create time up time last change time : : : : : : : : : :

Quidway NetEngine80E/40E Core Router Configuration Guide - VPN


1500 remote VC MTU : 1500 Disable Disable disable remote fragmentantion: disable disable remote control word : disable ---primary 1 tunnels/tokens , TNL ID : 0x2002002 : 0 days, 1 hours, 5 minutes, 59 seconds : 0 days, 1 hours, 1 minutes, 43 seconds : 0 days, 1 hours, 1 minutes, 43 seconds

After the configuration, CE1 has the route to CE2, and CE2 has the route to CE1. Take the display on CE1 as an example:
<CE1> display ip routing-table Route Flags: R - relied, D - download to fib -----------------------------------------------------------------------------Routing Tables: Public Destinations : 5 Routes : 5 Destination/Mask Proto Pre Cost Flags NextHop Interface 100.1.1.0/24 Direct 0 0 D 100.1.1.1 Pos1/0/0 100.1.1.1/32 Direct 0 0 D 127.0.0.1 InLoopBack0 100.1.1.2/32 Direct 0 0 D 100.1.1.2 Pos1/0/0 127.0.0.0/8 Direct 0 0 D 127.0.0.1 InLoopBack0 127.0.0.1/32 Direct 0 0 D 127.0.0.1 InLoopBack0

CE1 and CE2 can ping through each other.


<CE1> ping 100.1.1.2 PING 100.1.1.2: 56 data bytes, press CTRL_C to break Reply from 100.1.1.2: bytes=56 Sequence=1 ttl=255 time=125 ms Reply from 100.1.1.2: bytes=56 Sequence=2 ttl=255 time=125 ms Reply from 100.1.1.2: bytes=56 Sequence=3 ttl=255 time=94 ms Reply from 100.1.1.2: bytes=56 Sequence=4 ttl=255 time=125 ms Reply from 100.1.1.2: bytes=56 Sequence=5 ttl=255 time=125 ms --- 100.1.1.2 ping statistics --5 packet(s) transmitted 5 packet(s) received 0.00% packet loss round-trip min/avg/max = 94/118/125 ms

Configuration Files
l

Configuration file of CE1


# sysname CE1 # interface Pos1/0/0 link-protocol ppp undo shutdown ip address 100.1.1.1 255.255.255.0 # return

Configuration file of PE1


# sysname PE1 # mpls lsr-id 1.1.1.9 mpls # mpls l2vpn mpls l2vpn default martini # mpls ldp

5-124

Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd.

Issue 03 (2008-09-22)

Quidway NetEngine80E/40E Core Router Configuration Guide - VPN


# mpls ldp remote-peer 4.4.4.9 remote-ip 4.4.4.9 # isis 1 network-entity 10.0000.0000.0001.00 # interface Pos1/0/0 link-protocol ppp undo shutdown mpls l2vc 4.4.4.9 100 # interface Pos2/0/0 link-protocol ppp undo shutdown ip address 10.1.1.1 255.255.255.0 isis enable 1 mpls mpls ldp # interface LoopBack0 ip address 1.1.1.9 255.255.255.255 isis enable 1 # bgp 100 peer 2.2.2.9 as-number 100 peer 2.2.2.9 connect-interface LoopBack0 # ipv4-family unicast undo synchronization peer 2.2.2.9 enable peer 2.2.2.9 label-route-capability # return l

5 VLL Configuration

Configuration file of ASBR-PE1


# sysname ASBR-PE1 # mpls lsr-id 2.2.2.9 mpls # mpls ldp # isis 1 network-entity 10.0000.0000.0002.00 # interface Pos1/0/0 link-protocol ppp undo shutdown ip address 10.1.1.2 255.255.255.0 isis enable 1 mpls mpls ldp # interface Pos2/0/0 link-protocol ppp undo shutdown ip address 20.1.1.1 255.255.255.0 mpls # interface LoopBack0 ip address 2.2.2.9 255.255.255.255 isis enable 1 # bgp 100 peer 20.1.1.2 as-number 200 peer 1.1.1.9 as-number 100 peer 1.1.1.9 connect-interface LoopBack0 #

Issue 03 (2008-09-22)

Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd.

5-125

5 VLL Configuration
ipv4-family unicast undo synchronization network 1.1.1.9 255.255.255.255 peer 20.1.1.2 enable peer 20.1.1.2 route-policy policy2 export peer 20.1.1.2 label-route-capability peer 1.1.1.9 enable peer 1.1.1.9 route-policy policy1 export peer 1.1.1.9 label-route-capability # route-policy policy1 permit node 1 if-match mpls-label apply mpls-label # route-policy policy2 permit node 1 apply mpls-label # return l

Quidway NetEngine80E/40E Core Router Configuration Guide - VPN

Configuration file of ASBR-PE2


# sysname ASBR-PE2 # mpls lsr-id 3.3.3.9 mpls # mpls ldp # isis 1 network-entity 10.0000.0000.0003.00 # interface Pos1/0/0 link-protocol ppp undo shutdown ip address 20.1.1.2 255.255.255.0 mpls # interface Pos2/0/0 link-protocol ppp undo shutdown ip address 30.1.1.1 255.255.255.0 isis enable 1 mpls mpls ldp # interface LoopBack0 ip address 3.3.3.9 255.255.255.255 isis enable 1 # bgp 200 peer 4.4.4.9 as-number 200 peer 4.4.4.9 connect-interface LoopBack0 peer 20.1.1.1 as-number 100 # ipv4-family unicast undo synchronization network 4.4.4.9 255.255.255.255 peer 4.4.4.9 enable peer 4.4.4.9 route-policy policy1 export peer 4.4.4.9 label-route-capability peer 20.1.1.1 enable peer 20.1.1.1 route-policy policy2 export peer 20.1.1.1 label-route-capability # route-policy policy1 permit node 1 if-match mpls-label apply mpls-label # route-policy policy2 permit node 1 apply mpls-label

5-126

Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd.

Issue 03 (2008-09-22)

Quidway NetEngine80E/40E Core Router Configuration Guide - VPN


# return l

5 VLL Configuration

Configuration file of PE2


# sysname PE2 # mpls lsr-id 4.4.4.9 mpls # mpls l2vpn mpls l2vpn default martini # mpls ldp # mpls ldp remote-peer 1.1.1.9 remote-ip 1.1.1.9 # isis 1 network-entity 10.0000.0000.0004.00 # interface Pos1/0/0 link-protocol ppp undo shutdown ip address 30.1.1.2 255.255.255.0 isis enable 1 mpls mpls ldp # interface Pos2/0/0 link-protocol ppp undo shutdown mpls l2vc 1.1.1.9 100 # interface LoopBack0 ip address 4.4.4.9 255.255.255.255 isis enable 1 # bgp 200 peer 3.3.3.9 as-number 200 peer 3.3.3.9 connect-interface LoopBack0 # ipv4-family unicast undo synchronization peer 3.3.3.9 enable peer 3.3.3.9 label-route-capability # return

Configuration file of CE2


# sysname CE2 # interface Pos1/0/0 link-protocol ppp undo shutdown ip address 100.1.1.2 255.255.255.0 # return

5.11.14 Example for Configuring the Inter-AS Kompella VLL Option A

Issue 03 (2008-09-22)

Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd.

5-127

5 VLL Configuration

Quidway NetEngine80E/40E Core Router Configuration Guide - VPN

Networking Requirements
As shown in Figure 5-21, routers in the MPLS backbone network use OSPF as IGP to realize the communication between the routers in the same AS. The Option A scheme is adopted to establish the inter-AS Kompella VLL. The peer AS is regarded as the CE. Figure 5-21 Networking diagram of configuring the inter-AS Kompella VLL Option A
BGP/MPLS Backbone AS 100
Loopback1 1.1.1.1/32 POS2/0/0 20.1.1.1/30 Loopback1 2.2.2.2/32

BGP/MPLS Backbone AS 200


Loopback1 3.3.3.3/32 POS2/0/0 40.1.1.1/30 POS1/0/0 POS1/0/0 40.1.1.2/30 POS2/0/0 Loopback1 4.4.4.4/32

POS2/0/0

PE1

POS1/0/0 20.1.1.2/30 ASBR -PE1 POS1/0/0

ASBR -PE2

PE2

POS1/0/0 10.1.1.1/24

POS1/0/0 10.1.1.2/24

CE1

CE2

Configuration Roadmap
The configuration roadmap is as follows: 1. 2. 3. 4. Run an IGP protocol on the MPLS backbone network so that the routers in the same AS can communicate. Enable MPLS on the backbone network and establish a dynamic LSP tunnel between the PE and ASBR PE. Establish IBGP peers between the PEs and ASBR PEs in the same AS. Establish the Kompella VLL connection between the PE and ASBR PE in the same AS.

Data Preparation
To complete the configuration, you need the following data:
l l l l

Data needed for configuring OSPF MPLS LSR IDs on the PEs and ASBR PEs VSI names, RDs, and VPN targets on the PEs and ASBR PEs CE connection names, CE IDs, CE range (by default, it is 10), default-offset (it can be 1 or 0; by default, it is 0)
NOTE

The PE interfaces connected to the CEs need not be configured with IP addresses because L2VPN is an emulated Layer 2 service.

5-128

Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd.

Issue 03 (2008-09-22)

Quidway NetEngine80E/40E Core Router Configuration Guide - VPN

5 VLL Configuration

Configuration Procedure
1. Configure IGP on the MPLS backbone network. The PEs and ASBR PEs on the backbone network can communicate by using IGP. OSPF is used as IGP in this example. The configuration details are not mentioned here. Note that the Loopback1 address must be advertised to IBGP peers. The ASBR PEs and PEs in the same AS can learn the Loopback1 address of each other. Run the display ip routing-table command. You can view that the ASBR PEs and PEs learn the Loopback1 address of each other. Take the display on PE1 as an example:
<PE1> display ip routing-table Route Flags: R - relied, D - download to fib -----------------------------------------------------------------------------Routing Tables: Public Destinations : 7 Routes : 7 Destination/Mask Proto Pre Cost Flags NextHop Interface 1.1.1.1/32 Direct 0 0 D 127.0.0.1 InLoopBack0 2.2.2.2/32 OSPF 10 2 D 20.1.1.2 Pos2/0/0 20.1.1.0/30 Direct 0 0 D 20.1.1.1 Pos2/0/0 20.1.1.1/32 Direct 0 0 D 127.0.0.1 InLoopBack0 20.1.1.2/32 Direct 0 0 D 20.1.1.2 Pos2/0/0 127.0.0.0/8 Direct 0 0 D 127.0.0.1 InLoopBack0 127.0.0.1/32 Direct 0 0 D 127.0.0.1 InLoopBack0

The ASBR PEs and PEs in the same AS can ping the Loopback1 address of each other.
<PE1> ping 2.2.2.2 PING 2.2.2.2: 56 data bytes, press CTRL_C to break Reply from 2.2.2.2: bytes=56 Sequence=1 ttl=255 time=90 Reply from 2.2.2.2: bytes=56 Sequence=2 ttl=255 time=90 Reply from 2.2.2.2: bytes=56 Sequence=3 ttl=255 time=60 Reply from 2.2.2.2: bytes=56 Sequence=4 ttl=255 time=90 Reply from 2.2.2.2: bytes=56 Sequence=5 ttl=255 time=60 --- 2.2.2.2 ping statistics --5 packet(s) transmitted 5 packet(s) received 0.00% packet loss round-trip min/avg/max = 60/78/90 ms ms ms ms ms ms

2.

Enable MPLS and establish LSPs. Enable MPLS and establish LDP LSPs on the ASBR PEs and PEs in the same AS. The configuration details are not mentioned here. After the configuration, LDP peers are established between the PEs and ASBR PEs in the same AS. Run the display mpls ldp session command on each device. You can view that the session status is Operational. Take the display on PE1 as an example:
<PE1> display mpls ldp session LDP Session(s) in Public Network --------------------------------------------------------------------Peer-ID Status LAM SsnRole SsnAge KA-Sent/Rcv ---------------------------------------------------------------------2.2.2.2:0 Operational DU Passive 000:01:03 2/2 ---------------------------------------------------------------------TOTAL: 1 session(s) Found. LAM : Label Advertisement Mode SsnAge Unit : DDD:HH:MM

3.

Configure IBGP. Configure MP-IBGP between PE1 and ASBR-PE1, and between PE2 and ASBR-PE2. # Configure PE1.
[PE1] bgp 100

Issue 03 (2008-09-22)

Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd.

5-129

5 VLL Configuration

Quidway NetEngine80E/40E Core Router Configuration Guide - VPN


[PE1-bgp] peer 2.2.2.2 as-number 100 [PE1-bgp] peer 2.2.2.2 connect-interface LoopBack 1 [PE1-bgp] quit

# Configure ASBR-PE1.
[ASBR-PE1] bgp [ASBR-PE1-bgp] [ASBR-PE1-bgp] [ASBR-PE1-bgp] 100 peer 1.1.1.1 as-number 100 peer 1.1.1.1 connect-interface loopback 1 quit

# Configure ASBR-PE2.
[ASBR-PE2] bgp [ASBR-PE2-bgp] [ASBR-PE2-bgp] [ASBR-PE2-bgp] 200 peer 4.4.4.4 as-number 200 peer 4.4.4.4 connect-interface loopback 1 quit

# Configure PE2.
[PE2] bgp [PE2-bgp] [PE2-bgp] [PE2-bgp] 200 peer 3.3.3.3 as-number 200 peer 3.3.3.3 connect-interface loopback 1 quit

After the configuration, run the display bgp peer command. You can view that the status of the IBGP peer between the PE1 and ASBR PE in the same AS is Established. Take the display on PE1 as an example:
[PE1] display bgp peer BGP local router ID : 1.1.1.1 Local AS number : 100 Total number of peers : 1 Peer V AS MsgRcvd 2.2.2.2 4 100 2

MsgSent 3

Peers in established state : 1 OutQ Up/Down State PrefRcv 0 00:00:03 Established 0

4.

Enable BGP peers in the BGP L2VPN address family view. After BGP peers are enabled on the PEs and ASBR PEs in the BGP L2VPN address family view, L2VPN instance information can be exchanged between the PEs and ASBR PEs. # Configure PE1.
[PE1] bgp 100 [PE1-bgp] l2vpn-family [PE1-bgp-af-l2vpn] peer 2.2.2.2 enable

# Configure ASBR-PE1.
[ASBR-PE1] bgp 100 [ASBR-PE1-bgp] l2vpn-family [ASBR-PE1-bgp-af-l2vpn] peer 1.1.1.1 enable

# Configure ASBR-PE2.
[ASBR-PE2] bgp 200 [ASBR-PE2-bgp] l2vpn-family [ASBR-PE2-bgp-af-l2vpn] peer 4.4.4.4 enable

# Configure PE2.
[PE2] bgp 200 [PE2-bgp] l2vpn-family [PE2-bgp-af-l2vpn] peer 3.3.3.3 enable

5.

Establish Kompella L2VPN connections between the PEs. The configuration procedure is as follows:
l l l

Enable MPLS L2VPN on the PEs and ASBR PEs. Create a VPN instance and CE connection on PE1 and PE2. Configure IP addresses in the same network segment for the interfaces through which CE1 and CE2 access the PEs.

# Configure PE1.
5-130 Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd. Issue 03 (2008-09-22)

Quidway NetEngine80E/40E Core Router Configuration Guide - VPN

5 VLL Configuration

[PE1] mpls l2vpn [PE1-l2vpn] quit [PE1] mpls l2vpn vpn1 encapsulation ppp [PE1-mpls-l2vpn-vpn1] route-distinguisher 100:1 [PE1-mpls-l2vpn-vpn1] mtu 1500 [PE1-mpls-l2vpn-vpn1] vpn-target 1:1 both [PE1-mpls-l2vpn-vpn1] ce ce1 id 1 range 10 default-offset 0 [PE1-mpls-l2vpn-ce-vpn1-ce1] connection ce-offset 2 interface pos1/0/0 [PE1-mpls-l2vpn-ce-vpn1-ce1] quit [PE1-mpls-l2vpn-vpn1] quit [PE1] interface pos 1/0/0 [PE1-Pos1/0/0] undo shutdown [PE1-Pos1/0/0] quit

# Configure ASBR-PE1.
[ASBR-PE1] mpls l2vpn [ASBR-PE1-l2vpn] quit [ASBR-PE1] mpls l2vpn vpn1 encapsulation ppp [ASBR-PE1-mpls-l2vpn-vpn1] route-distinguisher 100:2 [ASBR-PE1-mpls-l2vpn-vpn1] mtu 1500 [ASBR-PE1-mpls-l2vpn-vpn1] vpn-target 1:1 both [ASBR-PE1-mpls-l2vpn-vpn1] ce ce2 id 2 range 10 default-offset 0 [ASBR-PE1-mpls-l2vpn-ce-vpn1-ce1] connection ce-offset 1 interface pos2/0/0 [ASBR-PE1-mpls-l2vpn-ce-vpn1-ce1] quit [ASBR-PE1-mpls-l2vpn-vpn1] quit [ASBR-PE1] interface pos 2/0/0 [ASBR-PE1-Pos2/0/0] undo shutdown [ASBR-PE1-Pos2/0/0] quit

# Configure ASBR-PE2.
[ASBR-PE2] mpls l2vpn [ASBR-PE2-l2vpn] quit [ASBR-PE2] mpls l2vpn vpn1 encapsulation ppp [ASBR-PE2-mpls-l2vpn-vpn1] route-distinguisher 200:1 [ASBR-PE2-mpls-l2vpn-vpn1] mtu 1500 [ASBR-PE2-mpls-l2vpn-vpn1] vpn-target 1:1 both [ASBR-PE2-mpls-l2vpn-vpn1] ce ce3 id 3 range 10 default-offset 0 [ASBR-PE2-mpls-l2vpn-ce-vpn1-ce1] connection ce-offset 4 interface pos1/0/0 [ASBR-PE2-mpls-l2vpn-ce-vpn1-ce1] quit [ASBR-PE2-mpls-l2vpn-vpn1] quit [ASBR-PE2] interface pos 1/0/0 [ASBR-PE2-Pos1/0/0] undo shutdown [ASBR-PE2-Pos1/0/0] quit

# Configure PE2.
[PE2] mpls l2vpn [PE2-l2vpn] quit [PE2] mpls l2vpn vpn1 encapsulation ppp [PE2-mpls-l2vpn-vpn1] route-distinguisher 200:2 [PE2-mpls-l2vpn-vpn1] mtu 1500 [PE2-mpls-l2vpn-vpn1] vpn-target 1:1 both [PE2-mpls-l2vpn-vpn1] ce ce4 id 4 range 10 default-offset 0 [PE2-mpls-l2vpn-ce-vpn1-ce1] connection ce-offset 3 interface pos2/0/0 [PE2-mpls-l2vpn-ce-vpn1-ce1] quit [PE2-mpls-l2vpn-vpn1] quit [PE2] interface pos 2/0/0 [PE2-Pos2/0/0] undo shutdown [PE2-Pos2/0/0] quit

# Configure CE1.
[CE1] interface pos 1/0/0 [CE1-Pos1/0/0] ip address 10.1.1.1 255.255.255.0 [CE1-Pos1/0/0] undo shutdown [CE1-Pos1/0/0] quit

# Configure CE2.
[CE2] interface pos 1/0/0 [CE2-Pos1/0/0] ip address 10.1.1.2 255.255.255.0 [CE2-Pos1/0/0] undo shutdown

Issue 03 (2008-09-22)

Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd.

5-131

5 VLL Configuration
[CE2-Pos1/0/0] quit

Quidway NetEngine80E/40E Core Router Configuration Guide - VPN

6.

Verify the configuration. Check information about the L2VPN connection on PE1. You can view that an L2VC is established and the VC status is Up. Take the display on PE1 and ASBR-PE2 as examples. # The display on PE1 is as follows:
<PE1> display mpls l2vpn connection interface pos 1/0/0 conn-type: remote local vc state: up remote vc state: up local ce-id: 1 local ce name: ce1 remote ce-id: 2 intf(state,encap): Pos1/0/0(up,ppp) peer id: 2.2.2.2 route-distinguisher: 100:2 local vc label: 25602 remote vc label: 25601 tunnel policy: default primary or secondary: primary forwardEntry exist or not: true forward entry active or not:true manual fault set or not: not set AC OAM state: up BFD for PW session index: -BFD for PW state: invalid BFD for LSP state: true Local C bit is not set, Remote C bit is not set tunnel type: lsp , id: 0x2002000

# The display on ASBR-PE2 is as follows:


<ASBR-PE2> display mpls l2vpn connection interface pos1/0/0 conn-type: remote local vc state: up remote vc state: up local ce-id: 3 local ce name: ce3 remote ce-id: 4 intf(state,encap): Pos1/0/0(up,ppp) peer id: 4.4.4.4 route-distinguisher: 200:2 local vc label: 25604 remote vc label: 25603 tunnel policy: default primary or secondary: primary forwardEntry exist or not: true forward entry active or not:true manual fault set or not: not set AC OAM state: up BFD for PW session index: -BFD for PW state: invalid BFD for LSP state: true Local C bit is not set, Remote C bit is not set tunnel type: lsp , id: 0x2002001

You can view that reachable routes between CE1 and CE2 exist. Take the display on CE1 as an example:
<CE1> display ip routing-table Route Flags: R - relied, D - download to fib -----------------------------------------------------------------------------Routing Tables: Public Destinations : 5 Routes : 5 Destination/Mask Proto Pre Cost Flags NextHop Interface 10.1.1.0/24 Direct 0 0 D 10.1.1.1 Pos1/0/0 10.1.1.1/32 Direct 0 0 D 127.0.0.1 InLoopBack0 10.1.1.2/32 Direct 0 0 D 10.1.1.2 Pos1/0/0

5-132

Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd.

Issue 03 (2008-09-22)

Quidway NetEngine80E/40E Core Router Configuration Guide - VPN


127.0.0.0/8 127.0.0.1/32 Direct 0 Direct 0 0 0 D D 127.0.0.1 127.0.0.1

5 VLL Configuration
InLoopBack0 InLoopBack0

CE1 and CE2 can ping through each other.


<CE1> ping 10.1.1.2 PING 10.1.1.2: 56 data bytes, press CTRL_C to break Reply from 10.1.1.2: bytes=56 Sequence=1 ttl=255 time=125 ms Reply from 10.1.1.2: bytes=56 Sequence=2 ttl=255 time=125 ms Reply from 10.1.1.2: bytes=56 Sequence=3 ttl=255 time=94 ms Reply from 10.1.1.2: bytes=56 Sequence=4 ttl=255 time=125 ms Reply from 10.1.1.2: bytes=56 Sequence=5 ttl=255 time=125 ms --- 10.1.1.2 ping statistics --5 packet(s) transmitted 5 packet(s) received 0.00% packet loss round-trip min/avg/max = 94/118/125 ms

Configuration Files
l

Configuration files of CE1


# sysname CE1 # interface Pos1/0/0 link-protocol ppp undo shutdown ip address 10.1.1.1 255.255.255.0 # return

Configuration files of PE1


# sysname PE1 # mpls lsr-id 1.1.1.1 mpls # mpls l2vpn # mpls ldp # interface Pos1/0/0 link-protocol ppp undo shutdown # interface Pos2/0/0 link-protocol ppp undo shutdown ip address 20.1.1.1 255.255.255.252 mpls mpls ldp # mpls l2vpn vpn1 encapsulation ppp route-distinguisher 100:1 vpn-target 1:1 import-extcommunity vpn-target 1:1 export-extcommunity ce ce1 id 1 range 10 default-offset 0 connection ce-offset 2 interface Pos1/0/0 # # interface LoopBack1 ip address 1.1.1.1 255.255.255.255 # bgp 100 peer 2.2.2.2 as-number 100 peer 2.2.2.2 connect-interface LoopBack1 # ipv4-family unicast

Issue 03 (2008-09-22)

Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd.

5-133

5 VLL Configuration
undo synchronization peer 2.2.2.2 enable # l2vpn-family policy vpn-target peer 2.2.2.2 enable # # ospf 1 area 0.0.0.0 network 1.1.1.1 0.0.0.0 network 20.1.1.0 0.0.0.3 # return l

Quidway NetEngine80E/40E Core Router Configuration Guide - VPN

Configuration files of ASBR-PE1


# sysname ASBR-PE1 # mpls lsr-id 2.2.2.2 mpls # mpls l2vpn # mpls ldp # interface Pos1/0/0 link-protocol ppp undo shutdown ip address 20.1.1.2 255.255.255.252 mpls mpls ldp # interface Pos2/0/0 link-protocol ppp undo shutdown # mpls l2vpn vpn1 encapsulation ppp route-distinguisher 100:2 vpn-target 1:1 import-extcommunity vpn-target 1:1 export-extcommunity ce ce2 id 2 range 10 default-offset 0 connection ce-offset 1 interface Pos2/0/0 # # interface LoopBack1 ip address 2.2.2.2 255.255.255.255 # bgp 100 peer 1.1.1.1 as-number 100 peer 1.1.1.1 connect-interface LoopBack1 # ipv4-family unicast undo synchronization peer 1.1.1.1 enable # l2vpn-family policy vpn-target peer 1.1.1.1 enable # ospf 1 area 0.0.0.0 network 2.2.2.2 0.0.0.0 network 20.1.1.0 0.0.0.3 # return

Configuration files of ASBR-PE2


# sysname ASBR-PE2

5-134

Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd.

Issue 03 (2008-09-22)

Quidway NetEngine80E/40E Core Router Configuration Guide - VPN


# mpls lsr-id 3.3.3.3 mpls # mpls l2vpn # mpls ldp # interface Pos1/0/0 link-protocol ppp undo shutdown # interface Pos2/0/0 link-protocol ppp undo shutdown ip address 40.1.1.1 255.255.255.252 mpls mpls ldp # interface LoopBack1 ip address 3.3.3.3 255.255.255.255 # bgp 200 peer 4.4.4.4 as-number 200 peer 4.4.4.4 connect-interface LoopBack1 # ipv4-family unicast undo synchronization peer 4.4.4.4 enable # l2vpn-family undo policy vpn-target peer 4.4.4.4 enable # ospf 1 area 0.0.0.0 network 3.3.3.3 0.0.0.0 network 40.1.1.0 0.0.0.3 # mpls l2vpn vpn1 encapsulation ppp route-distinguisher 200:1 vpn-target 1:1 import-extcommunity vpn-target 1:1 export-extcommunity ce ce3 id 3 range 10 default-offset 0 connection ce-offset 4 interface Pos1/0/0 # return l

5 VLL Configuration

Configuration files of PE2


# sysname PE2 # mpls lsr-id 4.4.4.4 mpls # mpls l2vpn # mpls ldp # interface Pos1/0/0 link-protocol ppp undo shutdown ip address 40.1.1.2 255.255.255.252 mpls mpls ldp # interface Pos2/0/0 link-protocol ppp undo shutdown #

Issue 03 (2008-09-22)

Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd.

5-135

5 VLL Configuration

Quidway NetEngine80E/40E Core Router Configuration Guide - VPN


interface LoopBack1 ip address 4.4.4.4 255.255.255.255 # bgp 200 peer 3.3.3.3 as-number 200 peer 3.3.3.3 connect-interface LoopBack1 # ipv4-family unicast undo synchronization peer 3.3.3.3 enable # l2vpn-family policy vpn-target peer 3.3.3.3 enable # ospf 1 area 0.0.0.0 network 40.1.1.0 0.0.0.3 network 4.4.4.4 0.0.0.0 # mpls l2vpn vpn1 encapsulation ppp route-distinguisher 200:2 vpn-target 1:1 import-extcommunity vpn-target 1:1 export-extcommunity ce ce4 id 4 range 10 default-offset 0 connection ce-offset 3 interface Pos2/0/0 # # return

Configuration files of CE2


# sysname CE2 # interface Pos1/0/0 link-protocol ppp undo shutdown ip address 10.1.1.2 255.255.255.0 # return

5.11.15 Example for Configuring the Inter-AS Kompella VLL Option C


Networking Requirements
As shown in Figure 5-22, routers in the MPLS backbone network use OSPF as IGP to realize the communication between the routers in the same AS. The multi-hop mode is adopted to establish the inter-AS Kompella VLL.

5-136

Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd.

Issue 03 (2008-09-22)

Quidway NetEngine80E/40E Core Router Configuration Guide - VPN

5 VLL Configuration

Figure 5-22 Networking diagram of configuring the inter-AS Kompella VLL Option C
BGP/MPLS Backbone AS 100
Loopback1 1.1.1.1/32 POS2/0/0 20.1.1.1/30 Loopback1 2.2.2.2/32 POS2/0/0 30.1.1.1/24 POS1/0/0 30.1.1.2/24

BGP/MPLS Backbone AS 200


Loopback1 3.3.3.3/32 POS2/0/0 40.1.1.1/30 POS1/0/0 40.1.1.2/30 POS2/0/0 Loopback1 4.4.4.4/32

POS1/0/0 20.1.1.2/30 ASBR -PE1 PE1 POS1/0/0

ASBR -PE2

PE2

POS1/0/0 10.1.1.1/24

POS1/0/0 10.1.1.2/24

CE1

CE2

Configuration Roadmap
The configuration roadmap is as follows: 1. 2. 3. 4. 5. 6. Run an IGP protocol on the MPLS backbone network so that the routers in the same AS can communicate. Enable MPLS on the backbone network and establish a dynamic LSP tunnel between the PE and ASBR PE. Establish IBGP peers between the PEs and ASBR PEs in the same AS and EBGP peers between the ASBR PEs. Configure a routing policy and enable the labeled route function on the ASBR PEs. Establish MP-EBGP peers between PE1 and PE2. Establish a Kompella VLL connection between PE1 and PE2.Configure L2VPN instances on the ASBRs.

Data Preparation
To complete the configuration, you need the following data:
l l l l

Data needed for configuring OSPF MPLS LSR IDs on the PEs and ASBR PEs L2VPN instance names, RDs, and VPN target on the PEs CE connection names, CE IDs, CE range (by default, it is 10), default-offset (it can be 1 or 0; by default, it is 0) Routing policy applied to the ASBR PEs
NOTE

The PE interfaces connected to the CEs need not be configured with IP addresses because L2VPN is an emulated Layer 2 service.

Issue 03 (2008-09-22)

Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd.

5-137

5 VLL Configuration

Quidway NetEngine80E/40E Core Router Configuration Guide - VPN

Configuration Procedure
1. Configure IGP on the MPLS backbone network. The PEs and ASBR PEs on the backbone network can communicate by using IGP. OSPF is used as IGP in this example. The configuration details are not mentioned here. Note that the Loopback1 address must be advertised to IBGP peers. After the configuration, the ASBR PEs and PEs in the same AS can learn the Loopback1 address of each other. Run the display ip routing-table command. You can view that the ASBR PEs and PEs learn the Loopback1 address of each other. Take the display on PE1 as an example:
<PE1> display ip routing-table Route Flags: R - relied, D - download to fib -----------------------------------------------------------------------------Routing Tables: Public Destinations : 7 Routes : 7 Destination/Mask Proto Pre Cost Flags NextHop Interface 1.1.1.1/32 Direct 0 0 D 127.0.0.1 InLoopBack0 2.2.2.2/32 OSPF 10 2 D 20.1.1.2 Pos2/0/0 20.1.1.0/30 Direct 0 0 D 20.1.1.1 Pos2/0/0 20.1.1.1/32 Direct 0 0 D 127.0.0.1 InLoopBack0 20.1.1.2/32 Direct 0 0 D 20.1.1.2 Pos2/0/0 127.0.0.0/8 Direct 0 0 D 127.0.0.1 InLoopBack0 127.0.0.1/32 Direct 0 0 D 127.0.0.1 InLoopBack0

The ASBR PEs and PEs in the same AS can ping the Loopback1 address of each other. Take the display on PE1 as an example:
<PE1> ping 2.2.2.2 PING 2.2.2.2: 56 data bytes, press CTRL_C to break Reply from 2.2.2.2: bytes=56 Sequence=1 ttl=255 time=140 ms Reply from 2.2.2.2: bytes=56 Sequence=2 ttl=255 time=30 ms Reply from 2.2.2.2: bytes=56 Sequence=3 ttl=255 time=60 ms Reply from 2.2.2.2: bytes=56 Sequence=4 ttl=255 time=90 ms Reply from 2.2.2.2: bytes=56 Sequence=5 ttl=255 time=60 ms --- 2.2.2.2 ping statistics --5 packet(s) transmitted 5 packet(s) received 0.00% packet loss round-trip min/avg/max = 30/76/140 ms

2.

Enable MPLS and establish LSPs. Enable MPLS and establish LDP LSPs on the ASBR PEs and PEs in the same AS. The configuration details are not mentioned here. After the configuration, LDP peers are established between the PEs and ASBR PEs in the same AS. Run the display mpls ldp session command on each device. You can view that the session status is Operational. Take the display on PE1 as an example:
[PE1] display mpls ldp session LDP Session(s) in Public Network -----------------------------------------------------------------------------Peer-ID Status LAM SsnRole SsnAge KA-Sent/Rcv -----------------------------------------------------------------------------2.2.2.2:0 Operational DU Passive 000:00:03 13/13 -----------------------------------------------------------------------------TOTAL: 1 session(s) Found. LAM : Label Advertisement Mode SsnAge Unit : DDD:HH:MM

5-138

Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd.

Issue 03 (2008-09-22)

Quidway NetEngine80E/40E Core Router Configuration Guide - VPN

5 VLL Configuration

3.

Configure MP-BGP. Configure MP-IBGP between PE1 and ASBR-PE1, and between PE2 and ASBR-PE2. Configure MP-IBGP between ASBR-PE1 and ASBR-PE2. The Loopback1 route of the PE in the local AS must be advertised to the peer ASBR PE. # Configure PE1.
[PE1] bgp [PE1-bgp] [PE1-bgp] [PE1-bgp] [PE1-bgp] 100 peer 2.2.2.2 as-number 100 peer 2.2.2.2 label-route-capability peer 2.2.2.2 connect-interface LoopBack 1 quit

# Configure ASBR-PE1. For the routes received from the PE in the same AS and advertised to the peer ASBR PE, the ASBR PE allocates MPLS labels to the routes. For the labeled IPv4 routes advertised to the PE in the same AS, the ASBR PE allocates new MPLS labels to the routes.
[ASBR-PE1] interface pos 2/0/0 [ASBR-PE1-Pos2/0/0] mpls [ASBR-PE1-Pos2/0/0] undo shutdown [ASBR-PE1-Pos2/0/0] quit [ASBR-PE1] route-policy policy1 permit node 1 [ASBR-PE1-route-policy] if-match mpls-label [ASBR-PE1-route-policy] apply mpls-label [ASBR-PE1-route-policy] quit [ASBR-PE1] route-policy policy2 permit node 1 [ASBR-PE1-route-policy] apply mpls-label [ASBR-PE1-route-policy] quit [ASBR-PE1] bgp 100 [ASBR-PE1-bgp] network 1.1.1.1 32 [ASBR-PE1-bgp] peer 1.1.1.1 as-number 100 [ASBR-PE1-bgp] peer 1.1.1.1 route-policy policy1 export [ASBR-PE1-bgp] peer 1.1.1.1 label-route-capability [ASBR-PE1-bgp] peer 1.1.1.1 connect-interface loopback 1 [ASBR-PE1-bgp] peer 30.1.1.2 as-number 200 [ASBR-PE1-bgp] peer 30.1.1.2 route-policy policy2 export [ASBR-PE1-bgp] peer 30.1.1.2 label-route-capability [ASBR-PE1-bgp] quit

# Configure ASBR-PE2. For the routes received from the PE in the same AS and advertised to the peer ASBR PE, the ASBR PE allocates MPLS labels to the routes. For the labeled IPv4 routes advertised to the PE in the same AS, the ASBR PE allocates new MPLS labels to the routes.
[ASBR-PE2] interface pos 1/0/0 [ASBR-PE2-Pos1/0/0] mpls [ASBR-PE2-Pos1/0/0] undo shutdown [ASBR-PE2-Pos1/0/0] quit [ASBR-PE2] route-policy policy1 permit node 1 [ASBR-PE2-route-policy] if-match mpls-label [ASBR-PE2-route-policy] apply mpls-label [ASBR-PE2-route-policy] quit [ASBR-PE2] route-policy policy2 permit node 1 [ASBR-PE2-route-policy] apply mpls-label [ASBR-PE2-route-policy] quit [ASBR-PE2] bgp 200 [ASBR-PE2-bgp] network 4.4.4.4 32 [ASBR-PE2-bgp] peer 30.1.1.1 as-number 100 [ASBR-PE2-bgp] peer 30.1.1.1 route-policy policy2 export [ASBR-PE2-bgp] peer 30.1.1.1 label-route-capability [ASBR-PE2-bgp] peer 4.4.4.4 as-number 200 [ASBR-PE2-bgp] peer 4.4.4.4 route-policy policy1 export [ASBR-PE2-bgp] peer 4.4.4.4 label-route-capability [ASBR-PE2-bgp] peer 4.4.4.4 connect-interface loopback 1 [ASBR-PE2-bgp] quit

# Configure PE2.
Issue 03 (2008-09-22) Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd. 5-139

5 VLL Configuration
[PE2] bgp [PE2-bgp] [PE2-bgp] [PE2-bgp] [PE2-bgp]

Quidway NetEngine80E/40E Core Router Configuration Guide - VPN


200 peer 3.3.3.3 as-number 200 peer 3.3.3.3 label-route-capability peer 3.3.3.3 connect-interface loopback 1 quit

After the configuration, run the display bgp peer command on the ASBR. You can view that the status of the IBGP sessions between the PEs and ASBR PEs in the same AS and the status of the EBGP sessions between the ASBR PEs are Established.
<ASBR-PE1> display bgp peer BGP local router ID : 2.2.2.2 Local AS number : 100 Total number of peers : 2 Peer V AS MsgRcvd 1.1.1.1 4 100 6 30.1.1.2 4 200 7

MsgSent 9 8

Peers in established state : 2 OutQ Up/Down State PrefRcv 0 00:04:25 Established 0 0 00:04:03 Established 1

4.

Establish EBGP peers between PE1 and PE2. After the BGP peers are enabled in the BGP L2VPN address family view, L2VPN label blocks can be exchanged between the PEs. # Configure PE1.
[PE1] bgp 100 [PE1-bgp] peer 4.4.4.4 as-number 200 [PE1-bgp] peer 4.4.4.4 ebgp-max-hop 255 [PE1-bgp] peer 4.4.4.4 connect-interface loopback 1 [PE1-bgp] l2vpn-family [PE1-bgp-af-l2vpn] peer 4.4.4.4 enable

# Configure PE2.
[PE2] bgp 200 [PE2-bgp] peer 1.1.1.1 as-number 100 [PE2-bgp] peer 1.1.1.1 ebgp-max-hop 255 [PE2-bgp] peer 1.1.1.1 connect-interface loopback 1 [PE2-bgp] l2vpn-family [PE2-bgp-af-l2vpn] peer 1.1.1.1 enable

After the configuration, run the display bgp vpls peer command on PE1 or PE2. You can view that the status of the EBGP peers is Established. Take the display on PE1 as an example:
[PE1] display bgp peer BGP local router ID : 1.1.1.1 Local AS number : 100 Total number of peers : 2 Peer V AS MsgRcvd 4.4.4.4 4 200 22 2.2.2.2 4 100 26

MsgSent 23 21

Peers in established state : 2 OutQ Up/Down State PrefRcv 0 00:15:48 Established 0 0 00:17:12 Established 2

5.

Establish Kompella L2VPN connections between the PEs. Enable VLL, configure L2VPN instances, and create CE connections on the PEs. On CE1 and CE2, configure IP addresses in the same network segment for the interfaces through which CE1 and CE2 access the PEs. # Configure PE1.
[PE1] mpls l2vpn [PE1-l2vpn] quit [PE1] mpls l2vpn vpn1 encapsulation ppp [PE1-mpls-l2vpn-vpn1] route-distinguisher 100:1 [PE1-mpls-l2vpn-vpn1] mtu 1500 [PE1-mpls-l2vpn-vpn1] vpn-target 1:1 [PE1-mpls-l2vpn-vpn1] ce ce1 id 1 range 10 default-offset 0 [PE1-mpls-l2vpn-ce-vpn1-ce1] connection ce-offset 2 interface pos1/0/0 [PE1-mpls-l2vpn-ce-vpn1-ce1] quit [PE1-mpls-l2vpn-vpn1] quit [PE1] interface pos 1/0/0 [PE1-Pos1/0/0] undo shutdown

5-140

Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd.

Issue 03 (2008-09-22)

Quidway NetEngine80E/40E Core Router Configuration Guide - VPN


[PE1-Pos1/0/0] quit

5 VLL Configuration

# Configure PE2.
[PE2] mpls l2vpn [PE2-l2vpn] quit [PE2] mpls l2vpn vpn1 encapsulation ppp [PE2-mpls-l2vpn-vpn1] route-distinguisher 200:1 [PE2-mpls-l2vpn-vpn1] mtu 1500 [PE2-mpls-l2vpn-vpn1] vpn-target 1:1 [PE2-mpls-l2vpn-vpn1] ce ce1 id 2 range 10 default-offset 0 [PE2-mpls-l2vpn-ce-vpn1-ce1] connection ce-offset 1 interface pos2/0/0 [PE2-mpls-l2vpn-ce-vpn1-ce1] quit [PE2-mpls-l2vpn-vpn1] quit [PE2] interface pos 2/0/0 [PE2-Pos2/0/0] undo shutdown [PE2-Pos2/0/0] quit

# Configure CE1.
[CE1] interface pos 1/0/0 [CE1-Pos1/0/0] ip address 10.1.1.1 255.255.255.0 [CE1-Pos1/0/0] undo shutdown [CE1-Pos1/0/0] quit

# Configure CE2.
[CE2] interface pos 1/0/0 [CE2-Pos1/0/0] ip address 10.1.1.2 255.255.255.0 [CE2-Pos1/0/0] undo shutdown [CE2-Pos1/0/0] quit

6.

Verify the configuration. Check information about the L2VPN connection on PE1. You can view that an L2VC is established and the VC status is Up. Take the display on PE1 as an example:
<PE1> display mpls l2vpn connection interface pos 1/0/0 conn-type: remote local vc state: up remote vc state: up local ce-id: 1 local ce name: ce1 remote ce-id: 2 intf(state,encap): Pos1/0/0(up,ppp) peer id: 4.4.4.4 route-distinguisher: 200:1 local vc label: 25602 remote vc label: 25601 tunnel policy: default primary or secondary: primary forwardEntry exist or not: true forward entry active or not:true manual fault set or not: not set AC OAM state: up BFD for PW session index: -BFD for PW state: invalid BFD for LSP state: true Local C bit is not set, Remote C bit is not set tunnel type: lsp , id: 0x2002002

You can view that reachable routes exist between CE1 and CE2. Take the display on CE1 as an example:
<CE1> display ip routing-table Route Flags: R - relied, D - download to fib -----------------------------------------------------------------------------Routing Tables: Public Destinations : 5 Routes : 5 Destination/Mask Proto Pre Cost Flags NextHop Interface 10.1.1.0/24 Direct 0 0 D 10.1.1.1 Pos1/0/0 10.1.1.1/32 Direct 0 0 D 127.0.0.1 InLoopBack0

Issue 03 (2008-09-22)

Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd.

5-141

5 VLL Configuration
10.1.1.2/32 127.0.0.0/8 127.0.0.1/32 Direct 0 Direct 0 Direct 0 0 0 0

Quidway NetEngine80E/40E Core Router Configuration Guide - VPN


D D D 10.1.1.2 127.0.0.1 127.0.0.1 Pos1/0/0 InLoopBack0 InLoopBack0

CE1 and CE2 can ping through each other.


<CE1> ping 10.1.1.2 PING 10.1.1.2: 56 data bytes, press CTRL_C to break Reply from 10.1.1.2: bytes=56 Sequence=1 ttl=255 time=125 ms Reply from 10.1.1.2: bytes=56 Sequence=2 ttl=255 time=125 ms Reply from 10.1.1.2: bytes=56 Sequence=3 ttl=255 time=94 ms Reply from 10.1.1.2: bytes=56 Sequence=4 ttl=255 time=125 ms Reply from 10.1.1.2: bytes=56 Sequence=5 ttl=255 time=125 ms --- 10.1.1.2 ping statistics --5 packet(s) transmitted 5 packet(s) received 0.00% packet loss round-trip min/avg/max = 94/118/125 ms

Configuration Files
l

Configuration file of CE1


# sysname CE1 # interface Pos1/0/0 link-protocol ppp undo shutdown ip address 10.1.1.1 255.255.255.0 # return

Configuration file of PE1


# sysname PE1 # mpls lsr-id 1.1.1.1 mpls # mpls l2vpn # mpls ldp # interface Pos1/0/0 link-protocol ppp undo shutdown # interface Pos2/0/0 link-protocol ppp undo shutdown ip address 20.1.1.1 255.255.255.252 mpls mpls ldp # interface LoopBack1 ip address 1.1.1.1 255.255.255.255 # bgp 100 peer 4.4.4.4 as-number 200 peer 4.4.4.4 ebgp-max-hop 255 peer 4.4.4.4 connect-interface LoopBack1 peer 2.2.2.2 as-number 100 peer 2.2.2.2 connect-interface LoopBack1 # ipv4-family unicast undo synchronization peer 4.4.4.4 enable peer 2.2.2.2 enable peer 2.2.2.2 label-route-capability

5-142

Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd.

Issue 03 (2008-09-22)

Quidway NetEngine80E/40E Core Router Configuration Guide - VPN


# l2vpn-family policy vpn-target peer 4.4.4.4 enable # ospf 1 area 0.0.0.0 network 1.1.1.1 0.0.0.0 network 20.1.1.0 0.0.0.3 # mpls l2vpn vpn1 encapsulation ppp route-distinguisher 100:1 vpn-target 1:1 import-extcommunity vpn-target 1:1 export-extcommunity ce ce1 id 1 range 10 default-offset 0 connection ce-offset 2 interface Pos1/0/0 # # return l

5 VLL Configuration

Configuration file of ASBR-PE1


# sysname ASBR-PE1 # mpls lsr-id 2.2.2.2 mpls # mpls ldp # interface Pos1/0/0 link-protocol ppp undo shutdown ip address 20.1.1.2 255.255.255.252 mpls mpls ldp # interface Pos2/0/0 link-protocol ppp undo shutdown ip address 30.1.1.1 255.255.255.252 mpls # interface LoopBack1 ip address 2.2.2.2 255.255.255.255 # bgp 100 peer 1.1.1.1 as-number 100 peer 1.1.1.1 connect-interface LoopBack1 peer 30.1.1.2 as-number 200 # ipv4-family unicast undo synchronization network 1.1.1.1 255.255.255.255 peer 1.1.1.1 enable peer 1.1.1.1 route-policy policy1 export peer 1.1.1.1 label-route-capability peer 30.1.1.2 enable peer 30.1.1.2 route-policy policy2 export peer 30.1.1.2 label-route-capability # ospf 1 area 0.0.0.0 network 2.2.2.2 0.0.0.0 network 20.1.1.0 0.0.0.3 # route-policy policy1 permit node 1 if-match mpls-label apply mpls-label # route-policy policy2 permit node 1

Issue 03 (2008-09-22)

Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd.

5-143

5 VLL Configuration
apply mpls-label # return l

Quidway NetEngine80E/40E Core Router Configuration Guide - VPN

Configuration file of ASBR-PE2


# sysname ASBR-PE2 # mpls lsr-id 3.3.3.3 mpls # mpls ldp # interface Pos1/0/0 link-protocol ppp undo shutdown ip address 30.1.1.2 255.255.255.252 mpls # interface Pos2/0/0 link-protocol ppp undo shutdown ip address 40.1.1.1 255.255.255.252 mpls mpls ldp # interface LoopBack1 ip address 3.3.3.3 255.255.255.255 # bgp 200 peer 4.4.4.4 as-number 200 peer 4.4.4.4 connect-interface LoopBack1 peer 30.1.1.1 as-number 100 # ipv4-family unicast undo synchronization network 4.4.4.4 255.255.255.255 peer 4.4.4.4 enable peer 4.4.4.4 route-policy policy1 export peer 4.4.4.4 label-route-capability peer 30.1.1.1 enable peer 30.1.1.1 route-policy policy2 export peer 30.1.1.1 label-route-capability # ospf 1 area 0.0.0.0 network 3.3.3.3 0.0.0.0 network 40.1.1.0 0.0.0.3 # route-policy policy1 permit node 1 if-match mpls-label apply mpls-label # route-policy policy2 permit node 1 apply mpls-label # return

Configuration file of PE2


# sysname PE2 # mpls lsr-id 4.4.4.4 mpls # mpls l2vpn # mpls ldp # interface Pos1/0/0

5-144

Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd.

Issue 03 (2008-09-22)

Quidway NetEngine80E/40E Core Router Configuration Guide - VPN


link-protocol ppp undo shutdown ip address 40.1.1.2 255.255.255.252 mpls mpls ldp # interface Pos2/0/0 link-protocol ppp undo shutdown # interface LoopBack1 ip address 4.4.4.4 255.255.255.255 # bgp 200 peer 1.1.1.1 as-number 100 peer 1.1.1.1 ebgp-max-hop 255 peer 1.1.1.1 connect-interface LoopBack1 peer 3.3.3.3 as-number 200 peer 3.3.3.3 connect-interface LoopBack1 # ipv4-family unicast undo synchronization peer 1.1.1.1 enable peer 3.3.3.3 enable peer 3.3.3.3 label-route-capability # l2vpn-family policy vpn-target peer 1.1.1.1 enable # ospf 1 area 0.0.0.0 network 40.1.1.0 0.0.0.3 network 4.4.4.4 0.0.0.0 # mpls l2vpn vpn1 encapsulation ppp route-distinguisher 200:1 vpn-target 1:1 import-extcommunity vpn-target 1:1 export-extcommunity ce ce2 id 2 range 10 default-offset 0 connection ce-offset 1 interface Pos2/0/0 # # return l

5 VLL Configuration

Configuration file of CE2


# sysname CE2 # interface Pos1/0/0 link-protocol ppp undo shutdown ip address 10.1.1.2 255.255.255.0 # return

5.11.16 Example for Configuring Martini VLL FRR (Symmetrically Dual-homed CEs)
Networking Requirements
As shown in Figure 5-23, CE1 accesses PE1 and PE2, and CE2 accesses PE3 and PE4.The requirements are as follows:
l

CE1 and CE2 access the PEs through PPP links.


Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd. 5-145

Issue 03 (2008-09-22)

5 VLL Configuration
l

Quidway NetEngine80E/40E Core Router Configuration Guide - VPN

Establish PWs between PE1 and PE3, and between PE2 and PE4, and use MPLS LSPs as tunnels. When the primary path CE2PE3PPE1CE1 fails, L2VPN traffic can be rapidly switched to the backup path CE2PE4PE2CE1. When the primary path CE2PE3PPE1CE1 recovers, the L2VPN traffic can be switched back to the primary path.

Figure 5-23 Networking diagram of configuring Martini VLL FRR (symmetrically dual-homed CEs)
P
1 /0/ 30 / S2 PO .13.2 .1 0 10 1 /0/ 30 / S2 PO .13.1 .1 0 10

Loopback1 1.1.1.1/32

P 10 OS 0.1 2/0 .31 /2 .1/ 30

Loopback1 5.5.5.5/32

PE1
POS1/0/0 10.1.1.2/30 Loopback1 2.2.2.2/32

LSP

Loopback1 3.3.3.3/32 10 POS 0.1 2/ .31 0/1 .2/ 30

Loopback1 4.4.4.4/32 POS2/0/0 100.1.24.2/30

PE3
POS1/0/0 10.1.1.1/30

PE2
POS1/0/0 10.1.2.2/30 POS1/0/0 10.1.1.1/30 POS1/0/1 10.1.2.1/30

POS2/0/0 100.1.24.1/30

PE4

LSP

POS1/0/0 10.1.2.1/30 POS1/0/0 10.1.1.2/30 POS1/0/1 10.1.2.2/30

CE1
POS1/0/2 10.1.3.1/24

CE2

Configuration Roadmap
The configuration roadmap is as follows: 1. 2. 3. 4. 5. 6. Configure OSPF on the backbone network. Establish LSPs between PE1 and PE3, and between PE2 and PE4. Establish MPLS LDP sessions between PE1 and PE3, and between PE2 and PE4. Configure PWs on the PEs by using PW templates. Establish BFD for PW sessions between PE1 and PE3, and between PE2 and PE4. Configure the AC OAM detection and advertisement function on the PEs, and enable the OAM mapping function.

Data Preparation
To complete the configuration, you need the following data:
l l l

Name of the remote peer of MPLS LDP VC IDs of the master PW and backup PW Name of the PW template
Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd. Issue 03 (2008-09-22)

5-146

Quidway NetEngine80E/40E Core Router Configuration Guide - VPN


l

5 VLL Configuration

Local and remote discriminators and name of BFD for PW

Configuration Procedure
1. Configure IP addresses for the CE interfaces that access the PEs. # Configure CE1.
<Quidway> system-view [Quidway] sysname CE1 [CE1] interface pos 1/0/0 [CE1-Pos1/0/0] ip address 10.1.1.1 30 [CE1-Pos1/0/0] undo shutdown [CE1-Pos1/0/0] quit [CE1] interface pos 1/0/1 [CE1-Pos1/0/1] ip address 10.1.2.1 30 [CE1-Pos1/0/1] undo shutdown [CE1-Pos1/0/1] quit [CE1] interface pos 1/0/2 [CE1-Pos1/0/2] ip address 10.1.3.1 24 [CE1-Pos1/0/2] undo shutdown [CE1-Pos1/0/2] quit

# Configure CE2.
<Quidway> system-view [Quidway] sysname CE2 [CE2] interface pos 1/0/0 [CE2-Pos1/0/0] ip address 10.1.1.2 30 [CE2-Pos1/0/0] undo shutdown [CE2-Pos1/0/0] quit [CE2] interface pos 1/0/1 [CE2-Pos1/0/1] ip address 10.1.2.2 30 [CE2-Pos1/0/1] undo shutdown [CE2-Pos1/0/1] quit

2.

Configure IGP on the MPLS backbone network to implement interworking between PEs and P. # Configure PE1.
<Quidway> system-view [Quidway] sysname PE1 [PE1] interface loopback1 [PE1-LoopBack1] ip address 1.1.1.1 32 [PE1-LoopBack1] quit [PE1] interface pos 2/0/1 [PE1-Pos2/0/1] ip address 100.1.13.1 30 [PE1-Pos2/0/1] undo shutdown [PE1-Pos2/0/1] quit [PE1] ospf 1 [PE1-ospf-1] area 0 [PE1-ospf-1-area-0.0.0.0] network 1.1.1.1 0.0.0.0 [PE1-ospf-1-area-0.0.0.0] network 100.1.13.0 0.0.0.3

# Configure P.
[P] interface loopback1 [P-LoopBack1] ip address 5.5.5.5 32 [P-LoopBack1] quit [P] interface pos 2/0/1 [P-Pos2/0/1] ip address 100.1.13.2 30 [P-Pos2/0/1] undo shutdown [P-Pos2/0/1] quit [P] interface pos 2/0/2 [P-Pos2/0/2] ip address 100.1.31.1 30 [P-Pos2/0/2] undo shutdown [P-Pos2/0/2] quit [P] ospf 1 [P-ospf-1] area 0 [P-ospf-1-area-0.0.0.0] network 5.5.5.5 0.0.0.0 [P-ospf-1-area-0.0.0.0] network 100.1.13.0 0.0.0.3

Issue 03 (2008-09-22)

Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd.

5-147

5 VLL Configuration

Quidway NetEngine80E/40E Core Router Configuration Guide - VPN


[P-ospf-1-area-0.0.0.0] network 100.1.31.0 0.0.0.3

# Configure PE3.
[PE3] interface loopback1 [PE3-LoopBack1] ip address 3.3.3.3 32 [PE3-LoopBack1] quit [PE3] interface pos2/0/1 [PE3-Pos2/0/1] ip address 100.1.31.2 30 [PE3-Pos2/0/1] undo shutdown [PE3-Pos2/0/1] quit [PE3] ospf 1 [PE3-ospf-1] area 0 [PE3-ospf-1-area-0.0.0.0] network 3.3.3.3 0.0.0.0 [PE3-ospf-1-area-0.0.0.0] network 100.1.31.0 0.0.0.3

# Configure PE2.
[PE2] interface loopback1 [PE2-LoopBack1] ip address 2.2.2.2 32 [PE2-LoopBack1] quit [PE2] interface pos 2/0/0 [PE2-Pos2/0/0] ip address 100.1.24.1 30 [PE2-Pos2/0/0] undo shutdown [PE2-Pos2/0/0] quit [PE2] ospf 1 [PE2-ospf-1] area 0 [PE2-ospf-1-area-0.0.0.0] network 2.2.2.2 0.0.0.0 [PE2-ospf-1-area-0.0.0.0] network 100.1.24.0 0.0.0.3

# Configure PE4.
[PE4] interface loopback1 [PE4-LoopBack1] ip address 4.4.4.4 32 [PE4-LoopBack1] quit [PE4] interface pos 2/0/0 [PE4-Pos2/0/0] ip address 100.1.24.2 30 [PE4-Pos2/0/0] undo shutdown [PE4-Pos2/0/0] quit [PE4] ospf 1 [PE4-ospf-1] area 0 [PE4-ospf-1-area-0.0.0.0] network 4.4.4.4 0.0.0.0 [PE4-ospf-1-area-0.0.0.0] network 100.1.24.0 0.0.0.3

After the configuration, run the display ip routing-table command on the PEs. You can view that PE1 and PE2, and PE1 and PE3 can learn the Loopback1 route from each other. Take the display on PE1 as an example:
<PE1> display ip routing-table Route Flags: R - relied, D - download to fib -----------------------------------------------------------------------------Routing Tables: Public Destinations : 9 Routes : 9 Destination/Mask Proto Pre Cost Flags NextHop Interface 1.1.1.1/32 Direct 0 0 D 127.0.0.1 InLoopBack0 3.3.3.3/32 OSPF 10 3 D 100.1.13.2 Pos2/0/1 5.5.5.5/32 OSPF 10 2 D 100.1.13.2 Pos2/0/1 100.1.13.0/30 Direct 0 0 D 100.1.13.1 Pos2/0/1 100.1.13.1/32 Direct 0 0 D 127.0.0.1 InLoopBack0 100.1.13.2/32 Direct 0 0 D 100.1.13.2 Pos2/0/1 100.1.31.0/30 OSPF 10 2 D 100.1.13.2 Pos2/0/1 127.0.0.0/8 Direct 0 0 D 127.0.0.1 InLoopBack0 127.0.0.1/32 Direct 0 0 D 127.0.0.1 InLoopBack0

3.

Configure the basic MPLS capability on the MPLS backbone network. # Enable MPLS and specify LSR IDs as the IP addresses of Loopback1 interfaces. Enable MPLS and MPLS LDP on the backbone network interfaces. # Configure PE1.
[PE1] mpls lsr-id 1.1.1.1 [PE1] mpls

5-148

Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd.

Issue 03 (2008-09-22)

Quidway NetEngine80E/40E Core Router Configuration Guide - VPN


[PE1-mpls] quit [PE1] mpls ldp [PE1-mpls-ldp] quit [PE1] interface pos2/0/1 [PE1-Pos2/0/1] mpls [PE1-Pos2/0/1] mpls ldp [PE1-Pos2/0/1] quit

5 VLL Configuration

# Configure P.
[P] mpls lsr-id 5.5.5.5 [P] mpls [P-mpls] quit [P] mpls ldp [P-mpls-ldp] quit [P] interface pos2/0/1 [P-Pos2/0/1] mpls [P-Pos2/0/1] mpls ldp [P-Pos2/0/1] quit [P] interface pos 2/0/2 [P-Pos2/0/2] mpls [P-Pos2/0/2] mpls ldp [P-Pos2/0/2] quit

# Configure PE3.
[PE3] mpls lsr-id 3.3.3.3 [PE3] mpls [PE3-mpls] quit [PE3] mpls ldp [PE3-mpls-ldp] quit [PE3] interface pos 2/0/1 [PE3-Pos2/0/1] mpls [PE3-Pos2/0/1] mpls ldp [PE3-Pos2/0/1] quit

# Configure PE2.
[PE2] mpls lsr-id 2.2.2.2 [PE2] mpls [PE2-mpls] quit [PE2] mpls ldp [PE2-mpls-ldp] quit [PE2] interface pos 2/0/0 [PE2-Pos2/0/0] mpls [PE2-Pos2/0/0] mpls ldp [PE2-Pos2/0/0] quit

# Configure PE4.
[PE4] mpls lsr-id 4.4.4.4 [PE4] mpls [PE4-mpls] quit [PE4] mpls ldp [PE4-mpls-ldp] quit [PE4] interface pos 2/0/0 [PE4-Pos2/0/0] mpls [PE4-Pos2/0/0] mpls ldp [PE4-Pos2/0/0] quit

After the configuration, run the display tunnel-info all command on the PEs. You can view that MPLS LSP tunnels are established between PE1 and PE3, and between PE2 and PE4. Take the display on PE1 and PE2 as examples:
[PE1] display tunnel-info all * -> Allocated VC Token Tunnel ID Type Destination Token ---------------------------------------------------------------------0x2002005 lsp 3.3.3.3 5 0x2002006 lsp -6 0x2002007 lsp 5.5.5.5 7 0x2002008 lsp -8

Issue 03 (2008-09-22)

Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd.

5-149

5 VLL Configuration

Quidway NetEngine80E/40E Core Router Configuration Guide - VPN


[PE2] display tunnel-info all * -> Allocated VC Token Tunnel ID Type Destination Token ---------------------------------------------------------------------0x2002001 lsp 4.4.4.4 1

4.

Establish remote LDP sessions between the PEs. # Configure remote LDP sessions and specify their IP addresses as the addresses of the loopback interfaces on LDP remote peers.
NOTE

In this example, PE2 and PE4 are directly connected; thus, remote LDP sessions between PE2 and PE4 need not be configured manually.

# Configure PE1.
[PE1] mpls ldp remote-peer pe3 [PE1-mpls-ldp-remote-pe3] remote-ip 3.3.3.3 [PE1-mpls-ldp-remote-pe3] quit

# Configure PE3.
[PE3] mpls ldp remote-peer pe1 [PE3-mpls-ldp-remote-pe1] remote-ip 1.1.1.1 [PE3-mpls-ldp-remote-pe1] quit

After the configuration, run the display mpls ldp session command on the PEs. You can view that the status of remote LDP peers is Operational. That is, the remote peer relationship is established. Take the display on PE1 as an example:
<PE1> display mpls ldp session LDP Session(s) in Public Network -----------------------------------------------------------------------------Peer-ID Status LAM SsnRole SsnAge KA-Sent/Rcv -----------------------------------------------------------------------------3.3.3.3:0 Operational DU Passive 000:00:56 225/227 5.5.5.5:0 Operational DU Passive 000:00:13 56/56 -----------------------------------------------------------------------------TOTAL: 2 session(s) Found. LAM : Label Advertisement Mode SsnAge Unit : DDD:HH:MM

5.

Configure PWs on the PEs by using PW templates. # Configure PE1.


[PE1] mpls l2vpn [PE1-l2vpn] mpls l2vpn default martini [PE1-l2vpn] quit [PE1] pw-template 1to3 [PE1-pw-template-1to3] peer-address 3.3.3.3 [PE1-pw-template-1to3] control-word [PE1-pw-template-1to3] vccv cc cw cv bfd [PE1-pw-template-1to3] quit [PE1] interface pos1/0/0 [PE1-Pos1/0/0] mpls l2vc pw-template 1to3 100 ip-interworking [PE1-Pos1/0/0] ip address 10.1.1.2 30 [PE1-Pos1/0/0] undo shutdown [PE1-Pos1/0/0] quit

# Configure PE3.
[PE3] mpls l2vpn [PE3-l2vpn] mpls l2vpn [PE3-l2vpn] quit [PE3] pw-template 3to1 [PE3-pw-template-3to1] [PE3-pw-template-3to1] [PE3-pw-template-3to1] [PE3-pw-template-3to1] default martini peer-address 1.1.1.1 control-word vccv cc cw cv bfd quit

5-150

Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd.

Issue 03 (2008-09-22)

Quidway NetEngine80E/40E Core Router Configuration Guide - VPN

5 VLL Configuration

[PE3] interface pos 1/0/0 [PE3-Pos1/0/0] mpls l2vc pw-template 3to1 100 ip-interworking [PE3-Pos1/0/0] ip address 10.1.1.1 30 [PE3-Pos1/0/0] undo shutdown [PE3-Pos1/0/0] quit

# Configure PE2.
[PE2] mpls l2vpn [PE2-l2vpn] mpls l2vpn default martini [PE2-l2vpn] quit [PE2] pw-template 2to4 [PE2-pw-template-2to4] peer-address 4.4.4.4 [PE2-pw-template-2to4] control-word [PE2-pw-template-2to4] vccv cc cw cv bfd [PE2-pw-template-2to4] quit [PE2] interface pos 1/0/0 [PE2-Pos1/0/0] mpls l2vc pw-template 2to4 200 ip-interworking [PE2-Pos1/0/0] ip address 10.1.2.2 30 [PE2-Pos1/0/0] undo shutdown [PE2-Pos1/0/0] quit

# Configure PE4.
[PE4] mpls l2vpn [PE4-l2vpn] mpls l2vpn default martini [PE4-l2vpn] quit [PE4] pw-template 4to2 [PE4-pw-template-4to2] peer-address 2.2.2.2 [PE4-pw-template-4to2] control-word [PE4-pw-template-4to2] vccv cc cw cv bfd [PE4-pw-template-4to2] quit [PE4] interface pos 1/0/0 [PE4-Pos1/0/0] mpls l2vc pw-template 4to2 200 ip-interworking [PE4-Pos1/0/0] ip address 10.1.2.1 30 [PE4-Pos1/0/0] undo shutdown [PE4-Pos1/0/0] quit

After the configuration, run the display pw-template command on the PEs. You can view that the configuration of the PW templates and the VCCV is enabled in these templates. Take the display on PE1 as an example:
<PE1> display pw-template Total PW template number : 1 PW Template Name : 1to3 PeerIP : 3.3.3.3 Tnl Policy Name : -CtrlWord : Enable VCCV Capability : cw bfd Behavior Name : -Total PW : 1, Static PW : 0, LDP PW : 1, Rsvp PW : 0

View information about L2VPN connections on the PEs. Run the display mpls l2vc command on the PEs. You can view that the PWs are established and the PW status is Active. Take the display on PE1 as an example:
<PE1> display mpls l2vc total LDP VC : 1 1 up 0 down *client interface : Pos1/0/0 session state : up AC status : up VC state : up VC ID : 100 VC type : IP-interworking destination : 3.3.3.3 local VC label : 21504 remote VC label control word : enable forwarding entry : existent local group ID : 0 manual fault : not set

: 21504

Issue 03 (2008-09-22)

Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd.

5-151

5 VLL Configuration
active state : link state : local VC MTU : tunnel policy name : traffic behavior name: PW template name : primary or secondary : create time : up time : last change time :

Quidway NetEngine80E/40E Core Router Configuration Guide - VPN


active up 1500 remote --1to3 primary 0 days, 1 hours, 20 0 days, 0 hours, 17 0 days, 0 hours, 17

VC MTU

: 1500

minutes, 28 seconds minutes, 49 seconds minutes, 49 seconds

Run OSPF on CE1 and CE2, and advertise the routes destined for 10.1.3.0/24 to CE2. To transmit traffic along the path CE1PE1PPE3CE2, modify the OSPF cost of POS 1/0/1 on CE1 and CE2. For example, modify the OSPF cost to 10. # Configure CE1.
[CE1] ospf 1 [CE1-ospf-1] area 0.0.0.0 [CE1-ospf-1-area-0.0.0.0] network 10.1.1.0 0.0.0.3 [CE1-ospf-1-area-0.0.0.0] network 10.1.2.0 0.0.0.3 [CE1-ospf-1-area-0.0.0.0] network 10.1.3.0 0.0.0.255 [CE1-ospf-1-area-0.0.0.0] quit [CE1-ospf-1] quit [CE1] interface pos1/0/1 [CE1-Pos1/0/1] ospf cost 10

# Configure CE2.
[CE2] ospf 1 [CE2-ospf-1] area 0.0.0.0 [CE2-ospf-1-area-0.0.0.0] network 10.1.1.0 0.0.0.3 [CE2-ospf-1-area-0.0.0.0] network 10.1.2.0 0.0.0.3 [CE2-ospf-1-area-0.0.0.0] quit [CE2-ospf-1] quit [CE2] interface pos1/0/1 [CE2-Pos1/0/1] ospf cost 10

# Run the display ip routing-table command on CE2. You can view that on CE2, the outbound interface of the routes to 10.1.3.0/24 is POS 1/0/0. That is, the traffic is transmitted through the primary path.
<CE2> display ip routing-table Route Flags: R - relied, D - download to fib -----------------------------------------------------------------------------Routing Tables: Public Destinations : 8 Routes : 8 Destination/Mask Proto Pre Cost Flags NextHop Interface 10.1.1.0/30 Direct 0 0 D 10.1.1.2 Pos1/0/0 10.1.1.1/32 Direct 0 0 D 10.1.1.1 Pos1/0/0 10.1.1.2/32 Direct 0 0 D 127.0.0.1 InLoopBack0 10.1.2.0/30 Direct 0 0 D 10.1.2.2 Pos1/0/1 10.1.2.1/32 Direct 0 0 D 10.1.2.1 Pos1/0/1 10.1.2.2/32 Direct 0 0 D 127.0.0.1 InLoopBack0 10.1.3.1/32 OSPF 10 2 D 10.1.1.1 Pos1/0/0 127.0.0.0/8 Direct 0 0 D 127.0.0.1 InLoopBack0 127.0.0.1/32 Direct 0 0 D 127.0.0.1 InLoopBack0

CE2 can ping the IP address 10.1.3.1 on CE1.


[CE2] ping 10.1.3.1 PING 10.1.3.1: 56 data bytes, press CTRL_C to break Reply from 10.1.3.1: bytes=56 Sequence=1 ttl=255 time=170 Reply from 10.1.3.1: bytes=56 Sequence=2 ttl=255 time=130 Reply from 10.1.3.1: bytes=56 Sequence=3 ttl=255 time=190 Reply from 10.1.3.1: bytes=56 Sequence=4 ttl=255 time=130 Reply from 10.1.3.1: bytes=56 Sequence=5 ttl=255 time=180 --- 10.1.3.1 ping statistics --5 packet(s) transmitted 5 packet(s) received 0.00% packet loss round-trip min/avg/max = 130/160/190 ms ms ms ms ms ms

5-152

Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd.

Issue 03 (2008-09-22)

Quidway NetEngine80E/40E Core Router Configuration Guide - VPN

5 VLL Configuration

6.

Configure static BFD to detect PWs on the PEs.


NOTE

Local discriminators and remote discriminators of BFD sessions must correspond to each other and cannot be modified after being configured.

# Configure PE1.
[PE1] bfd [PE1-bfd] quit [PE1] bfd 1to3 bind pw interface pos 1/0/0 [PE1-bfd-lsp-session-1to3] discriminator local 13 [PE1-bfd-lsp-session-1to3] discriminator remote 31 [PE1-bfd-lsp-session-1to3] commit [PE1-bfd-lsp-session-1to3] quit

# Configure PE3.
[PE3] bfd [PE3-bfd] quit [PE3] bfd 3to1 bind pw interface pos 1/0/0 [PE3-bfd-lsp-session-3to1] discriminator local 31 [PE3-bfd-lsp-session-3to1] discriminator remote 13 [PE3-bfd-lsp-session-3to1] commit [PE3-bfd-lsp-session-3to1] quit

# Configure PE2.
[PE2] bfd [PE2-bfd] quit [PE2] bfd 2to4 bind pw interface pos 1/0/0 [PE2-bfd-lsp-session-2to4] discriminator local 24 [PE2-bfd-lsp-session-2to4] discriminator remote 42 [PE2-bfd-lsp-session-2to4] commit [PE2-bfd-lsp-session-2to4] quit

# Configure PE4.
[PE4] bfd [PE4-bfd] quit [PE4] bfd 4to2 bind pw interface pos 1/0/0 [PE4-bfd-lsp-session-4to2] discriminator local 42 [PE4-bfd-lsp-session-4to2] discriminator remote 24 [PE4-bfd-lsp-session-4to2] commit [PE4-bfd-lsp-session-4to2] quitt

After the configuration, BFD sessions are established between PE1 and PE3, and between PE2 and PE4. Run the display bfd session all command. You can view that the status of the BFD sessions is Up. Take the display on PE1 as an example:
<PE1> display bfd session all ------------------------------------------------------------------------------Local Remote PeerIpAddr InterfaceName State Type ------------------------------------------------------------------------------13 31 127.0.0.1 Pos1/0/0 Up S_PW (M) ------------------------------------------------------------------------------Total UP/DOWN Session Number : 1/0

Run the display bfd configuration all command. You can view the configuration of the BFD sessions and the Commit state is True.
<PE1> display bfd configuration all ------------------------------------------------------------------------------CFG Name CFG Type LocalDiscr MIndex SessNum Commit AdminDown -------------------------------------------------------------------------------

Issue 03 (2008-09-22)

Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd.

5-153

5 VLL Configuration

Quidway NetEngine80E/40E Core Router Configuration Guide - VPN


1to3 Static_PW(M) 13 256 1 True False ------------------------------------------------------------------------------Total Commit/Uncommit CFG Number : 1/0

7.

Enable the OAM mapping function. Then, the AC OAM detection and advertisement function is automatically enabled on the PEs. # Take the configuration of PE1 as an example. Configurations of PE2, PE3, and PE4 are similar to that of PE1 and are not mentioned here.
[PE1] interface pos 1/0/0 [PE1-Pos1/0/0] mpls l2vpn oam-mapping auto

Run the display mpls l2vc oam-mapping interface command on the PEs. You can view information about the OAM mapping. The AC OAM status is Up, the status of BFD for PW is Enable, and the BFD status is Up. Take the display on PE1 as an example:
<PE1> display mpls l2vc oam-mapping interface pos1/0/0 AC OAM Info: ACFD Index : 0x800 Notify : Enable Detect : Enable AC OAM State : Up OAM-mapping : Enable PSN info: VC-ID : 100 VC status : Primary Active State : Active Link State : Up BFD for PW : Enable BFDSessionIndex:256 ,BFD State : up BFD for LSP : 0 TunnelNum: 1 PSN State : up

8.

Verify the configuration. If the configuration succeeds, run the display mpls l2vc interface command on PE1 or PE3. You can view that the PW1 status is Up. Take the display on PE1 as an example:
<PE1> display mpls l2vc interface pos 1/0/0 *client interface : Pos1/0/0 is up session state : up AC state : up VC state : up VC ID : 100 VC type : IP-interworking destination : 3.3.3.3 local group ID : 0 remote group ID : local VC label : 21504 remote VC label : local AC OAM State : up local PSN State : up local forwarding state : forwarding remote AC OAM state : up remote PSN state : up remote forwarding state: forwarding BFD for PW : enable BFD sessionIndex : 256 BFD state : up manual fault : not set active state : active forwarding entry : exist link state : up local VC MTU : 1500 remote VC MTU : local VCCV : cw bfd remote VCCV : cw bfd local fragmentantion : disable remote fragmentantion: local control word : enable remote control word : tunnel policy : -traffic behavior : -PW template name : 1to3 primary or secondary : primary

0 21504

1500 disable enable

5-154

Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd.

Issue 03 (2008-09-22)

Quidway NetEngine80E/40E Core Router Configuration Guide - VPN


VC tunnel/token info NO.0 TNL type : lsp create time up time last change time : 1 , : 0 : 0 : 0

5 VLL Configuration
tunnels/tokens TNL ID : 0x2002005 days, 1 hours, 30 minutes, 27 seconds days, 0 hours, 27 minutes, 48 seconds days, 0 hours, 27 minutes, 48 seconds

Run the shutdown command on POS 2/0/1 of PE3. Run the display bfd session all command on PE1 or PE3. You can view that the status of the BFD session on PW1 is Down. Take the display on PE1 as an example:
<PE1> display bfd session all ------------------------------------------------------------------------------Local Remote PeerIpAddr InterfaceName State Type ------------------------------------------------------------------------------13 31 127.0.0.1 Pos1/0/0 Down S_PW(M) ------------------------------------------------------------------------------Total UP/DOWN Session Number : 0/1

Run the display mpls l2vc interface command on PE1 or PE3. You can view that the status of PW1 becomes Down. Take the display on PE1 as an example:
<PE1> display mpls l2vc interface pos 1/0/0 *client interface : Pos1/0/0 is up session state : down AC state : up VC state : down VC ID : 100 VC type : IP-interworking destination : 3.3.3.3 local group ID : 0 remote group ID : 0 local VC label : 21504 remote VC label : 0 local AC OAM State : up local PSN State : up local forwarding state : not forwarding BFD for PW : enable BFD sessionIndex : 256 BFD state : down manual fault : not set active state : active forwarding entry : not exist link state : down local VC MTU : 1500 remote VC MTU : 0 local VCCV : cw bfd remote VCCV : none local fragmentantion : disable remote fragmentantion: none local control word : enable remote control word : none tunnel policy : -traffic behavior : -PW template name : 1to3 primary or secondary : primary VC tunnel/token info : 0 tunnels/tokens create time : 0 days, 1 hours, 33 minutes, 18 seconds up time : 0 days, 0 hours, 0 minutes, 0 seconds last change time : 0 days, 0 hours, 1 minutes, 11 seconds

Check the routing table on CE2, and you can view that the outbound interface of the routes destined for 10.1.3.0 changes to POS 1/0/1. That is, L2VPN traffic is switched to the backup path.
<CE2> display ip routing-table Route Flags: R - relied, D - download to fib -----------------------------------------------------------------------------Routing Tables: Public Destinations : 6 Routes : 6 Destination/Mask Proto Pre Cost Flags NextHop Interface 10.1.2.0/30 Direct 0 0 D 10.1.2.2 Pos1/0/1 10.1.2.1/32 Direct 0 0 D 10.1.2.1 Pos1/0/1 10.1.2.2/32 Direct 0 0 D 127.0.0.1 InLoopBack0 10.1.3.1/32 OSPF 10 11 D 10.1.2.1 Pos1/0/1

Issue 03 (2008-09-22)

Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd.

5-155

5 VLL Configuration
127.0.0.0/8 127.0.0.1/32 Direct 0 Direct 0 0 0

Quidway NetEngine80E/40E Core Router Configuration Guide - VPN


D D 127.0.0.1 127.0.0.1 InLoopBack0 InLoopBack0

Run the undo shutdown command on POS 2/0/1 of PE3. Check the routing table on CE2, and you can view that the outbound interface of the routes destined for 10.1.3.0 changes to POS 1/0/0. That is, the L2VPN traffic is switched back to the primary path.
<CE2> display ip routing-table Route Flags: R - relied, D - download to fib -----------------------------------------------------------------------------Routing Tables: Public Destinations : 9 Routes : 9 Destination/Mask Proto Pre Cost Flags NextHop Interface 10.1.1.0/30 Direct 0 0 D 10.1.1.2 Pos1/0/0 10.1.1.1/32 Direct 0 0 D 10.1.1.1 Pos1/0/0 10.1.1.2/32 Direct 0 0 D 127.0.0.1 InLoopBack0 10.1.2.0/30 Direct 0 0 D 10.1.2.2 Pos1/0/1 10.1.2.1/32 Direct 0 0 D 10.1.2.1 Pos1/0/1 10.1.2.2/32 Direct 0 0 D 127.0.0.1 InLoopBack0 10.1.3.1/32 OSPF 10 2 D 10.1.1.1 Pos1/0/0 127.0.0.0/8 Direct 0 0 D 127.0.0.1 InLoopBack0 127.0.0.1/32 Direct 0 0 D 127.0.0.1 InLoopBack0

Configuration Files
l

Configuration file of CE1


# sysname CE1 # interface Pos1/0/0 link-protocol ppp undo shutdown ip address 10.1.1.1 255.255.255.252 # interface Pos1/0/1 link-protocol ppp undo shutdown ip address 10.1.2.1 255.255.255.252 ospf cost 10 # interface Pos1/0/2 link-protocol ppp undo shutdown ip address 10.1.3.1 255.255.255.0 # ospf 1 area 0.0.0.0 network 10.1.1.0 0.0.0.3 network 10.1.2.0 0.0.0.3 network 10.1.3.0 0.0.0.255 # return

Configuration file of CE2


# sysname CE2 # interface Pos1/0/0 link-protocol ppp undo shutdown ip address 10.1.1.2 255.255.255.252 # interface Pos1/0/1 link-protocol ppp undo shutdown ip address 10.1.2.2 255.255.255.252 ospf cost 10

5-156

Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd.

Issue 03 (2008-09-22)

Quidway NetEngine80E/40E Core Router Configuration Guide - VPN


# ospf 1 area 0.0.0.0 network 10.1.1.0 0.0.0.3 network 10.1.2.0 0.0.0.3 # return l

5 VLL Configuration

Configuration file of PE1


# sysname PE1 # mpls lsr-id 1.1.1.1 mpls # mpls l2vpn mpls l2vpn default martini # pw-template 1to3 peer-address 3.3.3.3 control-word vccv cc cw cv bfd # mpls ldp # mpls ldp remote-peer 3.3.3.3 remote-ip 3.3.3.3 # bfd # interface Pos1/0/0 link-protocol ppp undo shutdown ip address 10.1.1.2 255.255.255.252 oam detect lcp-terminal notify lcp-terminal mpls l2vc pw-template 1to3 100 ip-interworking mpls l2vpn oam-mapping # interface Pos2/0/1 link-protocol ppp undo shutdown ip address 100.1.13.1 255.255.255.252 mpls mpls ldp # interface LoopBack1 ip address 1.1.1.1 255.255.255.255 # ospf 1 area 0.0.0.0 network 1.1.1.1 0.0.0.0 network 100.1.13.0 0.0.0.3 # bfd 1to3 bind pw interface Pos1/0/0 discriminator local 13 discriminator remote 31 commit # return

Configuration file of P
# sysname P # mpls lsr-id 5.5.5.5 mpls # mpls ldp # interface Pos2/0/1

Issue 03 (2008-09-22)

Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd.

5-157

5 VLL Configuration
link-protocol ppp undo shutdown ip address 100.1.13.2 255.255.255.252 mpls mpls ldp # interface Pos2/0/2 link-protocol ppp undo shutdown ip address 100.1.31.1 255.255.255.252 mpls mpls ldp # interface LoopBack1 ip address 5.5.5.5 255.255.255.255 # ospf 1 area 0.0.0.0 network 5.5.5.5 0.0.0.0 network 100.1.13.0 0.0.0.3 network 100.1.31.0 0.0.0.3 # return l

Quidway NetEngine80E/40E Core Router Configuration Guide - VPN

Configuration file of PE3


# sysname PE3 # mpls lsr-id 3.3.3.3 mpls # mpls l2vpn mpls l2vpn default martini # pw-template 3to1 peer-address 1.1.1.1 control-word vccv cc cw cv bfd # mpls ldp # mpls ldp remote-peer 1.1.1.1 remote-ip 1.1.1.1 # bfd # interface Pos1/0/0 link-protocol ppp undo shutdown oam detect lcp-terminal notify lcp-terminal ip address 10.1.1.1 255.255.255.252 mpls l2vc pw-template 3to1 100 ip-interworking mpls l2vpn oam-mapping # interface Pos2/0/1 link-protocol ppp undo shutdown ip address 100.1.31.2 255.255.255.252 mpls mpls ldp # interface LoopBack1 ip address 3.3.3.3 255.255.255.255 # ospf 1 area 0.0.0.0 network 3.3.3.3 0.0.0.0 network 100.1.31.0 0.0.0.3 # #

5-158

Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd.

Issue 03 (2008-09-22)

Quidway NetEngine80E/40E Core Router Configuration Guide - VPN


bfd 3to1 bind pw interface Pos1/0/0 discriminator local 31 discriminator remote 13 commit # return l

5 VLL Configuration

Configuration file of PE2


# sysname PE2 # mpls lsr-id 2.2.2.2 mpls # mpls l2vpn mpls l2vpn default martini # pw-template 2to4 peer-address 4.4.4.4 control-word vccv cc cw cv bfd # mpls ldp # bfd # interface Pos1/0/0 link-protocol ppp undo shutdown oam detect lcp-terminal notify lcp-terminal ip address 10.1.2.2 255.255.255.252 mpls l2vc pw-template 2to4 200 ip-interworking mpls l2vpn oam-mapping # interface Pos2/0/0 link-protocol ppp undo shutdown ip address 100.1.24.1 255.255.255.252 mpls mpls ldp # interface LoopBack1 ip address 2.2.2.2 255.255.255.255 # ospf 1 area 0.0.0.0 network 2.2.2.2 0.0.0.0 network 100.1.24.0 0.0.0.3 # # bfd 2to4 bind pw interface Pos1/0/0 discriminator local 24 discriminator remote 42 commit # return

Configuration file of PE4


# sysname PE4 # mpls lsr-id 4.4.4.4 mpls # mpls l2vpn mpls l2vpn default martini # pw-template 4to2 peer-address 2.2.2.2 control-word

Issue 03 (2008-09-22)

Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd.

5-159

5 VLL Configuration

Quidway NetEngine80E/40E Core Router Configuration Guide - VPN


vccv cc cw cv bfd # mpls ldp # bfd # interface Pos1/0/0 link-protocol ppp undo shutdown oam detect lcp-terminal notify lcp-terminal ip address 10.1.2.1 255.255.255.252 mpls l2vc pw-template 4to2 200 ip-interworking mpls l2vpn oam-mapping # interface Pos2/0/0 link-protocol ppp undo shutdown ip address 100.1.24.2 255.255.255.252 mpls mpls ldp # interface LoopBack1 ip address 4.4.4.4 255.255.255.255 # ospf 1 area 0.0.0.0 network 4.4.4.4 0.0.0.0 network 100.1.24.0 0.0.0.3 # # bfd 4to2 bind pw interface Pos1/0/0 discriminator local 42 discriminator remote 24 commit # return

5.11.17 Example for Configuring Martini VLL FRR (Asymmetrically Connected CEs)
Networking Requirements
As shown in Figure 5-24, CE1 accesses PE1 through a single link. CE2 accesses PE2 and PE3 in dual-homed mode. The requirements are as follows:
l

CE1 accesses PE1 by using an HDLC link; CE2 accesses PE2 and PE3 by using two PPP links. A PW is established between PE1 and PE3. This PW is a master PW using an MPLS TE tunnel. A PW is established between PE1 and PE2. This PW is a backup PW using an MPLS LSP. When the path CE2PE3PPE1 fails, L2VPN traffic can be rapidly switched to the backup path CE2PE2PE1. When the path CE2PE3PPE1 recovers, the L2VPN traffic can be switched back to the original path.

l l

5-160

Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd.

Issue 03 (2008-09-22)

Quidway NetEngine80E/40E Core Router Configuration Guide - VPN

5 VLL Configuration

Figure 5-24 Networking diagram of configuring Martini VLL FRR (asymmetrically connected CEs)
1 /0 / 0 S2 1.2/3 O . P 13 0. 10 1 /0 / /30 S2 PO 3.1.1 0.1 10

Loopback1 1.1.1.1/32

10 PO S 0.3 2/ 4.1 0 /2 .1/ 30 Loopback1 4.4.4.4/32

PE1
POS1/0/0 10.1.1.2/30

MPLS TE

Loopback1 3.3.3.3/32 10 PO S 0.3 2/ 0 4.1 /1 .2/ 30

PE3
PO 100 S2/0 /2 .1 2. 1.1/ 30

MPL

SL SP
PO 100 S2/0 /1 .1 2. 1.2/ 30

Loopback1 2.2.2.2/32

POS1/0/0 10.1.1.1/30 POS1/0/0 10.1.2.1/30

HDLC
POS1/0/0 10.1.1.1/30 10.1.2.1/30 sub

PPP

PE2 PPP
POS1/0/1 10.1.2.2/30 POS1/0/0 10.1.1.2/30

CE1
POS1/0/1 10.1.3.1/24

CE2

Configuration Roadmap
The configuration roadmap is as follows: 1. 2. 3. 4. 5. 6. 7. Configure OSPF on the backbone network. Establish an MPLS TE tunnel between PE1 and PE3, and establish an LSP between PE1 and PE2. Establish MPLS LDP sessions between PE1 and PE1, and between PE1 and PE3. Establish MPLS LDP sessions between PE1 and PE3. Configure PWs by using PW templates on the PEs. When configuring the master PW, configure a tunnel policy because the master PW uses an MPLS TE tunnel. Establish BFD for PW sessions between PE1 and PE2, and between PE1 and PE3. Enable the OAM mapping function and automatically enable the AC OAM detection and advertisement function on the PEs.

Data Preparation
To complete the configuration, you need the following data:
l l l l l

Tunnel policy Bandwidth of the MPLS TE tunnel Name of the remote peer of MPLS LDP VC IDs of the master PW and backup PW Name of the PW template
Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd. 5-161

Issue 03 (2008-09-22)

5 VLL Configuration

Quidway NetEngine80E/40E Core Router Configuration Guide - VPN

Configuration Procedure
1. Configure IP addresses for the CE interfaces that access the PEs. # Configure CE1.
<Quidway> system-view [Quidway] sysname CE1 [CE1] interface pos 1/0/0 [CE1-Pos1/0/0] link-protocol hdlc [CE1-Pos1/0/0] ip address 10.1.1.1 30 [CE1-Pos1/0/0] ip address 10.1.2.1 30 sub [CE1-Pos1/0/0] undo shutdown [CE1-Pos1/0/0] quit [CE1] interface pos 1/0/1 [CE1-Pos1/0/1] link-protocol hdlc [CE1-Pos1/0/1] ip address 10.1.3.1 24 [CE1-Pos1/0/1] undo shutdown [CE1-Pos1/0/1] quit

# Configure CE2.
<Quidway> system-view [Quidway] sysname CE2 [CE2] interface pos 1/0/0 [CE2-Pos1/0/0] ip address 10.1.1.2 30 [CE2-Pos1/0/0] undo shutdown [CE2-Pos1/0/0] quit [CE2] interface pos 1/0/1 [CE2-Pos1/0/1] ip address 10.1.2.2 30 [CE2-Pos1/0/1] undo shutdown [CE2-Pos1/0/1] quit

2.

Configure IGP on the MPLS backbone network to implement interworking between PEs and P. # Configure PE1.
[PE1] interface loopback 1 [PE1-LoopBack1] ip address 1.1.1.1 32 [PE1-LoopBack1] quit [PE1] interface pos 2/0/1 [PE1-Pos2/0/1] ip address 100.13.1.1 30 [PE1-Pos2/0/1] undo shutdown [PE1-Pos2/0/1] quit [PE1] interface pos 2/0/2 [PE1-Pos2/0/2] ip address 100.12.1.1 30 [PE1-Pos2/0/2] undo shutdown [PE1-Pos2/0/2] quit [PE1] ospf 1 [PE1-ospf-1] area 0 [PE1-ospf-1-area-0.0.0.0] network 1.1.1.1 0.0.0.0 [PE1-ospf-1-area-0.0.0.0] network 100.13.1.0 0.0.0.3 [PE1-ospf-1-area-0.0.0.0] network 100.12.1.0 0.0.0.3

# Configure P.
[P] interface loopback 1 [P-LoopBack1] ip address 4.4.4.4 32 [P-LoopBack1] quit [P] interface pos 2/0/1 [P-Pos2/0/1] ip address 100.13.1.2 30 [P-Pos2/0/1] undo shutdown [P-Pos2/0/1] quit [P] interface pos 2/0/2 [P-Pos2/0/2] ip address 100.34.1.1 30 [P-Pos2/0/2] undo shutdown [P-Pos2/0/2] quit [P] ospf 1 [P-ospf-1] area 0 [P-ospf-1-area-0.0.0.0] network 100.13.1.0 0.0.0.3 [P-ospf-1-area-0.0.0.0] network 100.34.1.0 0.0.0.3 [P-ospf-1-area-0.0.0.0] network 4.4.4.4 0.0.0.0

5-162

Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd.

Issue 03 (2008-09-22)

Quidway NetEngine80E/40E Core Router Configuration Guide - VPN

5 VLL Configuration

# Configure PE3.
[PE3] interface loopback 1 [PE3-LoopBack1] ip address 3.3.3.3 32 [PE3-LoopBack1] quit [PE3] interface pos2/0/1 [PE3-Pos2/0/1] ip address 100.34.1.2 30 [PE3-Pos2/0/1] undo shutdown [PE3-Pos2/0/1] quit [PE3] ospf 1 [PE3-ospf-1] area 0 [PE3-ospf-1-area-0.0.0.0] network 3.3.3.3 0.0.0.0 [PE3-ospf-1-area-0.0.0.0] network 100.34.1.0 0.0.0.3

# Configure PE2.
[PE2] interface loopback 1 [PE2-LoopBack1] ip address 2.2.2.2 32 [PE2-LoopBack1] quit [PE2] interface pos 2/0/1 [PE2-Pos2/0/1] ip address 100.12.1.2 30 [PE2-Pos2/0/1] undo shutdown [PE2-Pos2/0/1] quit [PE2] ospf 1 [PE2-ospf-1] area 0 [PE2-ospf-1-area-0.0.0.0] network 2.2.2.2 0.0.0.0 [PE2-ospf-1-area-0.0.0.0] network 100.12.1.0 0.0.0.3

After the configuration, run the display ip routing-table command on the PEs. You can view that PE1 and PE2, and PE1 and PE3 can learn the Loopback1 route from each other.
<PE1> display ip routing-table Route Flags: R - relied, D - download to fib -----------------------------------------------------------------------------Routing Tables: Public Destinations : 13 Routes : 13 Destination/Mask Proto Pre Cost Flags NextHop Interface 1.1.1.1/32 Direct 0 0 D 127.0.0.1 InLoopBack0 2.2.2.2/32 OSPF 10 2 D 100.12.1.2 Pos2/0/2 3.3.3.3/32 OSPF 10 3 D 100.13.1.2 Pos2/0/1 4.4.4.4/32 OSPF 10 2 D 100.13.1.2 Pos2/0/1 100.12.1.0/30 Direct 0 0 D 100.12.1.1 Pos2/0/2 100.12.1.1/32 Direct 0 0 D 127.0.0.1 InLoopBack0 100.12.1.2/32 Direct 0 0 D 100.12.1.2 Pos2/0/2 100.13.1.0/30 Direct 0 0 D 100.13.1.1 Pos2/0/1 100.13.1.1/32 Direct 0 0 D 127.0.0.1 InLoopBack0 100.13.1.2/32 Direct 0 0 D 100.13.1.2 Pos2/0/1 100.34.1.0/30 OSPF 10 2 D 100.13.1.2 Pos2/0/1 127.0.0.0/8 Direct 0 0 D 127.0.0.1 InLoopBack0 127.0.0.1/32 Direct 0 0 D 127.0.0.1 InLoopBack0

3.

Configure the basic MPLS capability on the MPLS backbone network. # Enable MPLS on the system and specify LSR IDs as the IP addresses of Loopback1 interfaces. Enable MPLS on the backbone network interfaces. # Configure PE1.
[PE1] mpls lsr-id 1.1.1.1 [PE1] mpls [PE1-mpls] quit [PE1] interface pos2/0/1 [PE1-Pos2/0/1] mpls [PE1-Pos2/0/1] quit [PE1] interface pos2/0/2 [PE1-Pos2/0/2] mpls [PE1-Pos2/0/2] quit

# Configure P.
[P] mpls lsr-id 4.4.4.4 [P] mpls [P-mpls] quit [P] interface pos2/0/1

Issue 03 (2008-09-22)

Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd.

5-163

5 VLL Configuration
[P-Pos2/0/1] mpls [P-Pos2/0/1] quit [P] interface pos 2/0/2 [P-Pos2/0/2] mpls [P-Pos2/0/2] quit

Quidway NetEngine80E/40E Core Router Configuration Guide - VPN

# Configure PE2.
[PE2] mpls lsr-id 2.2.2.2 [PE2] mpls [PE2-mpls] quit [PE2] interface pos 2/0/1 [PE2-Pos2/0/1] mpls [PE2-Pos2/0/1] quit

# Configure PE3.
[PE3] mpls lsr-id 3.3.3.3 [PE3] mpls [PE3-mpls] quit [PE3] interface pos 2/0/1 [PE3-Pos2/0/1] mpls [PE3-Pos2/0/1] quit

4.

Establish an MPLS TE tunnel between PE1 and PE3, and establish an LSP between PE1 and PE2. # Configure PE1.
[PE1] mpls [PE1-mpls] mpls te [PE1-mpls] mpls rsvp-te [PE1-mpls] mpls te cspf [PE1-mpls] quit [PE1] interface pos2/0/1 [PE1-Pos2/0/1] mpls te [PE1-Pos2/0/1] mpls rsvp-te [PE1-Pos2/0/1] mpls te max-link-bandwidth 50 [PE1-Pos2/0/1] mpls te max-reservable-bandwidth 30 [PE1-Pos2/0/1] quit [PE1] interface tunnel2/0/0 [PE1-Tunnel2/0/0] ip address unnumbered interface loopback1 [PE1-Tunnel2/0/0] tunnel-protocol mpls te [PE1-Tunnel2/0/0] destination 3.3.3.3 [PE1-Tunnel2/0/0] mpls te tunnel-id 13 [PE1-Tunnel2/0/0] mpls te bandwidth bc0 20 [PE1-Tunnel2/0/0] mpls te commit [PE1-Tunnel2/0/0] quit [PE1] ospf 1 [PE1-ospf-1] opaque-capability enable [PE1-ospf-1] area 0 [PE1-ospf-1-area-0.0.0.0] mpls-te enable

# Configure P.
[P] mpls [P-mpls] mpls te [P-mpls] mpls rsvp-te [P-mpls] quit [P] interface pos2/0/1 [P-Pos2/0/1] mpls te [P-Pos2/0/1] mpls rsvp-te [P-Pos2/0/1] mpls te max-link-bandwidth 50 [P-Pos2/0/1] mpls te max-reservable-bandwidth 30 [P-Pos2/0/1] quit [P] interface pos 2/0/2 [P-Pos2/0/2] mpls te [P-Pos2/0/2] mpls rsvp-te [P-Pos2/0/2] mpls te max-link-bandwidth 50 [P-Pos2/0/2] mpls te max-reservable-bandwidth 30 [P-Pos2/0/2] quit [P] ospf 1 [P-ospf-1] opaque-capability enable

5-164

Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd.

Issue 03 (2008-09-22)

Quidway NetEngine80E/40E Core Router Configuration Guide - VPN


[P-ospf-1] area 0 [P-ospf-1-area-0.0.0.0] mpls-te enable

5 VLL Configuration

# Configure PE3.
[PE3] mpls [PE3-mpls] mpls te [PE3-mpls] mpls rsvp-te [PE3-mpls] mpls te cspf [PE3-mpls] quit [PE3] interface pos2/0/1 [PE3-Pos2/0/1] mpls te [PE3-Pos2/0/1] mpls rsvp-te [PE3-Pos2/0/1] mpls te max-link-bandwidth 50 [PE3-Pos2/0/1] mpls te max-reservable-bandwidth 30 [PE3-Pos2/0/1] quit [PE3] interface tunnel2/0/0 [PE3-Tunnel2/0/0] ip address unnumbered interface LoopBack1 [PE3-Tunnel2/0/0] tunnel-protocol mpls te [PE3-Tunnel2/0/0] destination 1.1.1.1 [PE3-Tunnel2/0/0] mpls te tunnel-id 31 [PE3-Tunnel2/0/0] mpls te bandwidth bc0 20 [PE3-Tunnel2/0/0] mpls te commit [PE3-Tunnel2/0/0] quit [PE3] ospf 1 [PE3-ospf-1] opaque-capability enable [PE3-ospf-1] area0 [PE3-ospf-1-area-0.0.0.0] mpls-te enable

# Configure PE1.
[PE1] mpls ldp [PE1-mpls-ldp] quit [PE1] interface pos2/0/2 [PE1-Pos2/0/2] mpls ldp [PE1-Pos2/0/2] quit

# Configure PE2.
[PE2] mpls ldp [PE2-mpls-ldp] quit [PE2] interface pos2/0/1 [PE2-Pos2/0/1] mpls ldp [PE2-Pos2/0/1] quit

After the configuration, run the display tunnel-info all command on the PEs. You can view that MPLS TE tunnels are established between PE1 and PE3, and MPLS LSP tunnels are established between PE1 and PE2. Take the display on PE1 as an example:
<PE1> display tunnel-info all * -> Allocated VC Token Tunnel ID Type Destination Token ---------------------------------------------------------------------0x42002000 cr lsp 3.3.3.3 0 0x2002001 lsp 2.2.2.2 1

5.

Establish remote LDP sessions between the PEs. # Configure remote LDP sessions and specify their IP addresses as the addresses of the loopback interfaces on LDP remote peers.
NOTE

In this example, PE1 and PE2 are directly connected; thus, remote LDP sessions between PE1 and PE2 need not be configured manually.

# Configure PE1.
[PE1] mpls ldp remote-peer 3.3.3.3 [PE1-mpls-ldp-remote-3.3.3.3] remote-ip 3.3.3.3

# Configure PE3.
[PE3] mpls ldp

Issue 03 (2008-09-22)

Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd.

5-165

5 VLL Configuration

Quidway NetEngine80E/40E Core Router Configuration Guide - VPN


[PE3-mpls-ldp] quit [PE3] mpls ldp remote-peer 1.1.1.1 [PE3-mpls-ldp-remote-1.1.1.1] remote-ip 1.1.1.1

After the configuration, run the display mpls ldp session command on the PEs. You can view that the status of remote LDP peers is Operational. That is, the remote peer relationship is established. Take the display on PE1 as an example:
<PE1> display mpls ldp session LDP Session(s) in Public Network -----------------------------------------------------------------------------Peer-ID Status LAM SsnRole SsnAge KA-Sent/Rcv -----------------------------------------------------------------------------2.2.2.2:0 Operational DU Passive 000:00:03 16/16 3.3.3.3:0 Operational DU Passive 000:00:00 1/1 -----------------------------------------------------------------------------TOTAL: 2 session(s) Found. LAM : Label Advertisement Mode SsnAge Unit : DDD:HH:MM

6.

Configure a tunnel policy on the PEs. # Configure PE1.


[PE1] tunnel-policy p1 [PE1-tunnel-policy-p1] tunnel select-seq [PE1-tunnel-policy-p1] quit cr-lsp load-balance-number 1

# Configure PE3.
[PE3] tunnel-policy p1 [PE3-tunnel-policy-p1] tunnel select-seq [PE3-tunnel-policy-p1] quit cr-lsp load-balance-number 1

7.

Configure PWs by using PW templates on the PEs. # Configure the master and backup PWs on PE1. Create a PW on PE2 and PE3 respectively. # Configure PE1.
[PE1] mpls l2vpn [PE1-l2vpn] mpls l2vpn default martini [PE1-l2vpn] quit [PE1] pw-template 1to2 [PE1-pw-template-1to2] peer-address 2.2.2.2 [PE1-pw-template-1to2] control-word [PE1-pw-template-1to2] vccv cc cw cv lsp-ping [PE1-pw-template-1to2] quit [PE1] pw-template 1to3 [PE1-pw-template-1to3] peer-address 3.3.3.3 [PE1-pw-template-1to3] control-word [PE1-pw-template-1to3] vccv cc cw cv lsp-ping [PE1-pw-template-1to3] quit [PE1] interface pos1/0/0 [PE1-Pos1/0/0] link-protocol hdlc [PE1-Pos1/0/0] mpls l2vc pw-template 1to3 100 [PE1-Pos1/0/0] mpls l2vc pw-template 1to2 200 [PE1-Pos1/0/0] ip address 10.1.1.2 30 [PE1-Pos1/0/0] undo shutdown [PE1-Pos1/0/0] quit

bfd

bfd

tunnel-policy p1 ip-interworking ip-interworking secondary

# Configure PE2.
[PE2] mpls l2vpn [PE2-l2vpn] mpls l2vpn [PE2-l2vpn] quit [PE2] pw-template 2to1 [PE2-pw-template-2to1] [PE2-pw-template-2to1] [PE2-pw-template-2to1] [PE2-pw-template-2to1] default martini peer-address 1.1.1.1 control-word vccv cc cw cv lsp-ping bfd quit

5-166

Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd.

Issue 03 (2008-09-22)

Quidway NetEngine80E/40E Core Router Configuration Guide - VPN

5 VLL Configuration

[PE2] interface pos 1/0/0 [PE2-Pos1/0/0] mpls l2vc pw-template 2to1 200 ip-interworking [PE2-Pos1/0/0] ip address 10.1.2.1 30 [PE2-Pos1/0/0] undo shutdown [PE2-Pos1/0/0] quit

# Configure PE3.
[PE3] mpls l2vpn [PE3-l2vpn] mpls l2vpn default martini [PE3-l2vpn] quit [PE3] pw-template 3to1 [PE3-pw-template-3to1] peer-address 1.1.1.1 [PE3-pw-template-3to1] control-word [PE3-pw-template-3to1] vccv cc cw cv lsp-ping bfd [PE3-pw-template-3to1] quit [PE3] interface pos 1/0/0 [PE3-Pos1/0/0] mpls l2vc pw-template 3to1 100 tunnel-policy p1 ip-interworking [PE3-Pos1/0/0] ip address 10.1.1.1 30 [PE3-Pos1/0/0] undo shutdown [PE3-Pos1/0/0] quit

After the configuration, view information about L2VPN connections on the PEs. Run the display mpls l2vc command on the PEs. You can view that the master and backup PWs are established and the PW status is Up. The master PW is in the Active state; the backup PW is in the Inactive state. Take the display on PE1 as an example:
<PE1> display mpls l2vc interface pos 1/0/0 *client interface : Pos1/0/0 is up session state : up AC state : up VC state : up VC ID : 100 VC type : IP-interworking destination : 3.3.3.3 local group ID : 0 remote group ID : 0 local VC label : 21504 remote VC label : 21504 local AC OAM State : up local PSN State : up local forwarding state : forwarding remote AC OAM state : up remote PSN state : up remote forwarding state: forwarding BFD for PW : unavailable manual fault : not set active state : active forwarding entry : exist link state : up local VC MTU : 1500 remote VC MTU : 1500 local VCCV : cw lsp-ping bfd remote VCCV : cw lsp-ping bfd local fragmentantion : disable remote fragmentantion: disable local control word : enable remote control word : enable tunnel policy : p1 traffic behavior : -PW template name : 1to3 primary or secondary : primary VC tunnel/token info : 1 tunnels/tokens NO.0 TNL type : cr lsp, TNL ID : 0x42002000 create time : 0 days, 0 hours, 23 minutes, 7 seconds up time : 0 days, 0 hours, 1 minutes, 21 seconds last change time : 0 days, 0 hours, 1 minutes, 21 seconds *client interface : Pos1/0/0 is up session state : up AC state : up VC state : up VC ID : 200 VC type : IP-interworking destination : 2.2.2.2

Issue 03 (2008-09-22)

Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd.

5-167

5 VLL Configuration
local group ID : local VC label : local AC OAM state : local PSN state : local forwarding state : remote AC OAM state : remote PSN state : remote forwarding state: BFD for PW : manual fault : active state : forwarding entry : link state : local VC MTU : local VCCV : remote VCCV : local fragmentation : local control word : tunnel policy : traffic behavior : PW template name : primary or secondary : VC tunnel/token info : NO.0 TNL type : lsp create time : up time : last change time : reroute policy : reason of last reroute : time of last reroute : delay timer ID : resume timer ID :

Quidway NetEngine80E/40E Core Router Configuration Guide - VPN


0 remote group ID : 0 21505 remote VC label : 21505 up up forwarding up up forwarding unavailable not set inactive existent up 1500 remote VC MTU : 1500 cw lsp-ping bfd cw lsp-ping bfd disable remote fragmentation: disable enable remote control word : enable --1to2 secondary 1 tunnels/tokens , TNL ID : 0x2002001 0 days, 0 hours, 22 minutes, 19 seconds 0 days, 0 hours, 1 minutes, 32 seconds 0 days, 0 hours, 1 minutes, 32 seconds delay 30 s, resume 10 s New LDP mapping message was received 0 days, 0 hours, 0 minutes, 50 seconds -rest time :--rest time :--

Run OSPF on CE1 and CE2, and advertise the routes destined for 10.1.3.0/24 to CE2. # Configure CE1.
[CE1] ospf 1 [CE1-ospf-1] area 0.0.0.0 [CE1-ospf-1-area-0.0.0.0] network 10.1.1.0 0.0.0.3 [CE1-ospf-1-area-0.0.0.0] network 10.1.2.0 0.0.0.3 [CE1-ospf-1-area-0.0.0.0] network 10.1.3.0 0.0.0.255

# Configure CE2.
[CE2] ospf 1 [CE2-ospf-1] area 0.0.0.0 [CE2-ospf-1-area-0.0.0.0] network 10.1.1.0 0.0.0.3 [CE2-ospf-1-area-0.0.0.0] network 10.1.2.0 0.0.0.3

# Run the display ip routing-table command on CE2. You can view that on CE2, the outbound interface of the routes to 10.1.3.0/24 is POS 1/0/0. That is, the traffic is transmitted through the primary path. Take the display on CE2 as an example:
<CE2> display ip routing-table Route Flags: R - relied, D - download to fib -----------------------------------------------------------------------------Routing Tables: Public Destinations : 9 Routes : 9 Destination/Mask Proto Pre Cost Flags NextHop Interface 10.1.1.0/30 Direct 0 0 D 10.1.1.2 Pos1/0/0 10.1.1.1/32 Direct 0 0 D 10.1.1.1 Pos1/0/0 10.1.1.2/32 Direct 0 0 D 127.0.0.1 InLoopBack0 10.1.2.0/30 Direct 0 0 D 10.1.2.2 Pos1/0/1 10.1.2.1/32 Direct 0 0 D 10.1.2.1 Pos1/0/1 10.1.2.2/32 Direct 0 0 D 127.0.0.1 InLoopBack0 10.1.3.1/32 OSPF 10 2 D 10.1.1.1 Pos1/0/0 127.0.0.0/8 Direct 0 0 D 127.0.0.1 InLoopBack0 127.0.0.1/32 Direct 0 0 D 127.0.0.1 InLoopBack0

CE2 can ping the IP address 10.1.3.1 on CE1.


5-168 Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd. Issue 03 (2008-09-22)

Quidway NetEngine80E/40E Core Router Configuration Guide - VPN

5 VLL Configuration

<CE2> ping 10.1.3.1 PING 10.1.3.1: 56 data bytes, press CTRL_C to break Reply from 10.1.3.1: bytes=56 Sequence=1 ttl=255 time=180 Reply from 10.1.3.1: bytes=56 Sequence=2 ttl=255 time=150 Reply from 10.1.3.1: bytes=56 Sequence=3 ttl=255 time=150 Reply from 10.1.3.1: bytes=56 Sequence=4 ttl=255 time=190 Reply from 10.1.3.1: bytes=56 Sequence=5 ttl=255 time=160 --- 10.1.3.1 ping statistics --5 packet(s) transmitted 5 packet(s) received 0.00% packet loss round-trip min/avg/max = 150/166/190 ms

ms ms ms ms ms

8.

Configure BFD to detect PWs on the PEs.


NOTE

In this example, dynamic BFD is adopted to detect PWs.

# Configure PE1.
[PE1] bfd [PE1-bfd] quit [PE1] interface pos 1/0/0 [PE1-Pos1/0/0] mpls l2vpn pw bfd min-rx-interval 100 min-tx-interval 100 [PE1-Pos1/0/0] mpls l2vpn pw bfd min-rx-interval 100 min-tx-interval 100 secondary [PE1-Pos1/0/0] quit

# Configure PE2.
[PE2] bfd [PE2-bfd] quit [PE2] interface pos 1/0/0 [PE2-Pos1/0/0] mpls l2vpn pw bfd min-rx-interval 100 min-tx-interval 100 [PE2-Pos1/0/0] quit

# Configure PE3.
[PE3] bfd [PE3-bfd] quit [PE3] interface pos 1/0/0 [PE3-Pos1/0/0] mpls l2vpn pw bfd min-rx-interval 100 min-tx-interval 100 [PE3-Pos1/0/0] quit

After the configuration, BFD sessions are established between PE1 and PE2, and between PE1 and PE3. Run the display bfd session all command. You can view that the status of the BFD sessions is Up. Take the display on PE1 as an example:
<PE1> display bfd session all ------------------------------------------------------------------------------Local Remote PeerIpAddr InterfaceName State Type ------------------------------------------------------------------------------8192 8192 --.--.--.-Pos1/0/0 Up D_PW(M) 8193 8192 --.--.--.-Pos1/0/0 Up D_PW(S) ------------------------------------------------------------------------------Total UP/DOWN Session Number : 2/0

Run the display bfd configuration all command. You can view the configuration of the BFD sessions and the Commit state is True.
<PE1> display bfd configuration all ------------------------------------------------------------------------------CFG Name CFG Type LocalDiscr MIndex SessNum Commit AdminDown ------------------------------------------------------------------------------dyn_8192 Dynamic 8192 256 1 True False dyn_8193 Dynamic 8193 257 1 True False

Issue 03 (2008-09-22)

Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd.

5-169

5 VLL Configuration

Quidway NetEngine80E/40E Core Router Configuration Guide - VPN


------------------------------------------------------------------------------Total Commit/Uncommit CFG Number : 2/0

9.

Enable the OAM mapping function and automatically enable the AC OAM detection and advertisement function on the PEs. # Take the configuration of PE1 as an example. The configurations of PE2 and PE3 are similar to the configuration of PE1 and are not mentioned here.
[PE1] interface pos 1/0/0 [PE1-Pos1/0/0] mpls l2vpn oam-mapping auto [PE1-Pos1/0/0] quit

Run the display mpls l2vc oam-mapping interface command on the PEs. You can view information about the OAM mapping. The AC OAM status is Up, the status of BFD for PW is Enable, and the BFD status is Up. Take the display on PE1 as an example:
<PE1> display mpls l2vc oam-mapping interface pos1/0/0 AC OAM Info: ACFD Index : 0x800 Notify : Enable Detect : Enable AC OAM State : Up OAM-mapping : Enable PSN info: VC-ID : 100 VC status : Primary Active State : Active Link State : Up BFD for PW : Enable BFDSessionIndex:256 ,BFD State : up BFD for LSP : 0 TunnelNum: 1 PSN State : up VC-ID : 200 VC status : Secondary Active State : Inactive Link State : Up BFD for PW : Enable BFDSessionIndex:257 ,BFD State : up BFD for LSP : 0 TunnelNum: 1 PSN State : up

10. Verify the configuration. If the configuration succeeds, run the display mpls l2vc interface command on PE1. You can view that the status of the master PW is Active, the status of the backup PW is Inactive, and the BFD for PW status of the master and backup PWs is Available.
<PE1> display mpls l2vc interface pos 1/0/0 *client interface : Pos1/0/0 is up session state : up AC state : up VC state : up VC ID : 100 VC type : IP-interworking destination : 3.3.3.3 local group ID : 0 remote group ID local VC label : 21504 remote VC label local AC OAM State : up local PSN State : up local forwarding state : forwarding remote AC OAM state : up remote PSN state : up remote forwarding state: forwarding Dynamic BFD for PW : enable Detect Multipier : 3 Min Transit Interval : 100 Max Receive Interval : 100 Dynamic BFD Session : built BFD for PW : available

: 0 : 21504

5-170

Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd.

Issue 03 (2008-09-22)

Quidway NetEngine80E/40E Core Router Configuration Guide - VPN

5 VLL Configuration

BFD sessionIndex : 256 BFD state : up manual fault : not set active state : active forwarding entry : exist link state : up local VC MTU : 1500 remote VC MTU : 1500 local VCCV : cw lsp-ping bfd remote VCCV : cw lsp-ping bfd local fragmentantion : disable remote fragmentantion: disable local control word : enable remote control word : enable tunnel policy : p1 traffic behavior : -PW template name : 1to3 primary or secondary : primary VC tunnel/token info : 1 tunnels/tokens NO.0 TNL type : cr lsp, TNL ID : 0x42002000 create time : 0 days, 1 hours, 5 minutes, 19 seconds up time : 0 days, 0 hours, 43 minutes, 33 seconds last change time : 0 days, 0 hours, 43 minutes, 33 seconds *client interface : Pos1/0/0 is up session state : up AC state : up VC state : up VC ID : 200 VC type : IP-interworking destination : 2.2.2.2 local group ID : 0 remote group ID : 0 local VC label : 21505 remote VC label : 21505 local AC OAM state : up local PSN state : up local forwarding state : forwarding remote AC OAM state : up remote PSN state : up remote forwarding state: forwarding Dynamic BFD for PW : enable Detect Multipier : 3 Min Transit Interval : 100 Max Receive Interval : 100 Dynamic BFD Session : built BFD for PW : available BFD sessionIndex : 257 BFD state : up manual fault : not set active state : inactive forwarding entry : existent link state : up local VC MTU : 1500 remote VC MTU : 1500 local VCCV : cw lsp-ping bfd remote VCCV : cw lsp-ping bfd local fragmentation : disable remote fragmentation: disable local control word : enable remote control word : enable tunnel policy : -traffic behavior : -PW template name : 1to2 primary or secondary : secondary VC tunnel/token info : 1 tunnels/tokens NO.0 TNL type : lsp , TNL ID : 0x2002001 create time : 0 days, 1 hours, 4 minutes, 31 seconds up time : 0 days, 0 hours, 43 minutes, 44 seconds last change time : 0 days, 0 hours, 43 minutes, 44 seconds reroute policy : delay 30 s, resume 10 s reason of last reroute : New LDP mapping message was received time of last reroute : 0 days, 0 hours, 43 minutes, 2 seconds delay timer ID : -rest time :-resume timer ID : -rest time :--

Manually set a fault on POS 2/0/1 of PE3.


[PE3] interface pos2/0/1 [PE3-Pos2/0/1] shutdown

Issue 03 (2008-09-22)

Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd.

5-171

5 VLL Configuration

Quidway NetEngine80E/40E Core Router Configuration Guide - VPN

Run the display bfd session all command on PE1. You can view that the status of the BFD session on the master PW is Down.
<PE1> display bfd session all ------------------------------------------------------------------------------Local Remote PeerIpAddr InterfaceName State Type ------------------------------------------------------------------------------8192 8192 --.--.--.-Pos1/0/0 Down D_PW(M) 8193 8192 --.--.--.-Pos1/0/0 Up D_PW(S) ------------------------------------------------------------------------------Total UP/DOWN Session Number : 1/1

Run the display mpls 12vc interface command on PE1. You can view that the status of the master PW becomes Inactive and the status of the backup PW becomes Active.
<PE1> display mpls l2vc interface pos 1/0/0 *client interface : Pos1/0/0 is up session state : Down AC state : up VC state : Down VC ID : 100 VC type : IP-interworking destination : 3.3.3.3 local group ID : 0 remote group ID : 0 local VC label : 21504 remote VC label : 21504 local AC OAM State : up local PSN State : up local forwarding state : not forwarding remote AC OAM state : up remote PSN state : up remote forwarding state: forwarding Dynamic BFD for PW : enable Detect Multipier : 3 Min Transit Interval : 100 Max Receive Interval : 100 Dynamic BFD Session : built BFD for PW : available BFD sessionIndex : 256 BFD state : down manual fault : not set active state : inactive forwarding entry : not exist link state : down local VC MTU : 1500 remote VC MTU : 1500 local VCCV : cw lsp-ping bfd remote VCCV : cw lsp-ping bfd local fragmentantion : disable remote fragmentantion: disable local control word : enable remote control word : enable tunnel policy : p1 traffic behavior : -PW template name : 1to3 primary or secondary : primary VC tunnel/token info : 1 tunnels/tokens NO.0 TNL type : cr lsp, TNL ID : 0x42002000 create time : 0 days, 1 hours, 5 minutes, 19 seconds up time : 0 days, 0 hours, 43 minutes, 33 seconds last change time : 0 days, 0 hours, 43 minutes, 33 seconds *client interface : Pos1/0/0 is up session state : up AC state : up VC state : up VC ID : 200 VC type : IP-interworking destination : 2.2.2.2 local group ID : 0 remote group ID : 0 local VC label : 21505 remote VC label : 21505 local AC OAM state : up local PSN state : up

5-172

Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd.

Issue 03 (2008-09-22)

Quidway NetEngine80E/40E Core Router Configuration Guide - VPN


local forwarding state : remote AC OAM state : remote PSN state : remote forwarding state: Dynamic BFD for PW : Detect Multipier : Min Transit Interval : Max Receive Interval : Dynamic BFD Session : BFD for PW : BFD sessionIndex : manual fault : active state : forwarding entry : link state : local VC MTU : local VCCV : remote VCCV : local fragmentation : local control word : tunnel policy : traffic behavior : PW template name : primary or secondary : VC tunnel/token info : NO.0 TNL type : lsp create time : up time : last change time : reroute policy : reason of last reroute : time of last reroute : delay timer ID : resume timer ID :

5 VLL Configuration
forwarding up up forwarding enable 3 100 100 built available 257 BFD state : up not set active existent up 1500 remote VC MTU : 1500 cw lsp-ping bfd cw lsp-ping bfd disable remote fragmentation: disable enable remote control word : enable --1to2 secondary 1 tunnels/tokens , TNL ID : 0x2002001 0 days, 1 hours, 4 minutes, 31 seconds 0 days, 0 hours, 43 minutes, 44 seconds 0 days, 0 hours, 43 minutes, 44 seconds delay 30 s, resume 10 s New LDP mapping message was received 0 days, 0 hours, 43 minutes, 2 seconds -rest time :--rest time :--

Check the routing table on CE2, and you can view that the outbound interface of the routes destined for 10.1.3.0 changes to POS 1/0/1. That is, L2VPN traffic is switched to the backup path.
<CE2> display ip routing-table Route Flags: R - relied, D - download to fib -----------------------------------------------------------------------------Routing Tables: Public Destinations : 7 Routes : 7 Destination/Mask Proto Pre Cost Flags NextHop Interface 10.1.1.0/30 OSPF 10 0 D 10.1.1.1 Pos1/0/1 10.1.1.1/32 Direct 0 0 D 10.1.1.1 Pos1/0/1 10.1.2.0/30 Direct 0 0 D 10.1.2.2 Pos1/0/1 10.1.2.2/32 Direct 0 0 D 127.0.0.1 InLoopBack0 10.1.3.1/32 OSPF 10 2 D 10.1.1.1 Pos1/0/1 127.0.0.0/8 Direct 0 0 D 127.0.0.1 InLoopBack0 127.0.0.1/32 Direct 0 0 D 127.0.0.1 InLoopBack0

Remove the fault manually set on POS 2/0/1 of PE3.


[PE3] interface pos2/0/1 [PE3-Pos2/0/1] undo shudown

Check the routing table on CE2, and you can view that the outbound interface of the routes destined for 10.1.3.0 changes to POS 1/0/0. That is, the L2VPN traffic is switched back to the primary path.
<CE2> display ip routing-table Route Flags: R - relied, D - download to fib -----------------------------------------------------------------------------Routing Tables: Public Destinations : 8 Routes : 9 Destination/Mask Proto Pre Cost Flags NextHop Interface 10.1.1.0/30 Direct 0 0 D 10.1.1.2 Pos1/0/0 10.1.1.1/32 Direct 0 0 D 10.1.1.1 Pos1/0/0 Direct 0 0 D 10.1.1.1 Pos1/0/1

Issue 03 (2008-09-22)

Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd.

5-173

5 VLL Configuration
10.1.1.2/32 10.1.2.0/30 10.1.2.2/32 10.1.3.1/32 127.0.0.0/8 127.0.0.1/32 Direct Direct Direct OSPF Direct Direct 0 0 0 10 0 0 0 0 0 2 0 0

Quidway NetEngine80E/40E Core Router Configuration Guide - VPN


D D D D D D 127.0.0.1 10.1.2.2 127.0.0.1 10.1.1.1 127.0.0.1 127.0.0.1 InLoopBack0 Pos1/0/1 InLoopBack0 Pos1/0/0 InLoopBack0 InLoopBack0

Configuration Files
l

Configuration file of CE1


# sysname CE1 # interface Pos1/0/0 link-protocol hdlc undo shutdown ip address 10.1.1.1 255.255.255.252 ip address 10.1.2.1 255.255.255.252 sub # interface Pos1/0/1 link-protocol hdlc undo shutdown ip address 10.1.3.1 255.255.255.0 # ospf 1 area 0.0.0.0 network 10.1.1.0 0.0.0.3 network 10.1.3.0 0.0.0.255 # return

Configuration file of CE2


# sysname CE2 # interface Pos1/0/0 link-protocol ppp undo shutdown ip address 10.1.1.2 255.255.255.252 # interface Pos1/0/1 link-protocol ppp undo shutdown ip address 10.1.2.2 255.255.255.252 # ospf 1 area 0.0.0.0 network 10.1.1.0 0.0.0.3 network 10.1.2.0 0.0.0.3 # return

Configuration file of PE1


# sysname PE1 # bfd # mpls lsr-id 1.1.1.1 mpls mpls te mpls rsvp-te mpls te cspf # mpls l2vpn mpls l2vpn default martini # pw-template 1to2

5-174

Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd.

Issue 03 (2008-09-22)

Quidway NetEngine80E/40E Core Router Configuration Guide - VPN

5 VLL Configuration

peer-address 2.2.2.2 control-word vccv cc cw cv lsp-ping bfd # pw-template 1to3 peer-address 3.3.3.3 control-word vccv cc cw cv lsp-ping bfd # mpls ldp # mpls ldp remote-peer 3.3.3.3 remote-ip 3.3.3.3 # interface Pos1/0/0 link-protocol hdlc undo shutdown ip address 10.1.1.2 255.255.255.252 mpls l2vc pw-template 1to3 100 tunnel-policy p1 ip-interworking mpls l2vpn pw bfd min-rx-interval 100 min-tx-interval 100 mpls l2vc pw-template 1to2 200 ip-interworking secondary mpls l2vpn pw bfd min-rx-interval 100 min-tx-interval 100 secondary # interface Pos2/0/1 link-protocol ppp undo shutdown ip address 100.13.1.1 255.255.255.252 mpls mpls te mpls te max-link-bandwidth 50 mpls te max-reservable-bandwidth 30 mpls rsvp-te # interface Pos2/0/2 link-protocol ppp undo shutdown ip address 100.12.1.1 255.255.255.252 mpls mpls ldp # interface LoopBack1 ip address 1.1.1.1 255.255.255.255 # interface Tunnel2/0/0 ip address unnumbered interface LoopBack1 tunnel-protocol mpls te destination 3.3.3.3 mpls te tunnel-id 13 mpls te bandwidth bc0 20 mpls te commit # ospf 1 opaque-capability enable area 0.0.0.0 network 1.1.1.1 0.0.0.0 network 100.13.1.0 0.0.0.3 network 100.12.1.0 0.0.0.3 mpls-te enable # tunnel-policy p1 tunnel select-seq cr-lsp load-balance-number 1 # return l

Configuration file of P
# sysname P # mpls lsr-id 4.4.4.4 mpls

Issue 03 (2008-09-22)

Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd.

5-175

5 VLL Configuration
mpls te mpls rsvp-te # interface Pos2/0/1 link-protocol ppp undo shutdown ip address 100.13.1.2 255.255.255.252 mpls mpls te mpls te max-link-bandwidth 50 mpls te max-reservable-bandwidth 30 mpls rsvp-te # interface Pos2/0/2 link-protocol ppp undo shutdown ip address 100.34.1.1 255.255.255.252 mpls mpls te mpls te max-link-bandwidth 50 mpls te max-reservable-bandwidth 30 mpls rsvp-te # interface LoopBack1 ip address 4.4.4.4 255.255.255.255 # ospf 1 opaque-capability enable area 0.0.0.0 network 100.13.1.0 0.0.0.3 network 100.34.1.0 0.0.0.3 network 4.4.4.4 0.0.0.0 mpls-te enable # return l

Quidway NetEngine80E/40E Core Router Configuration Guide - VPN

Configuration file of PE3


# sysname PE3 # bfd # mpls lsr-id 3.3.3.3 mpls mpls te mpls rsvp-te mpls te cspf # mpls l2vpn mpls l2vpn default martini # pw-template 3to1 peer-address 1.1.1.1 control-word vccv cc cw cv lsp-ping bfd # mpls ldp # mpls ldp remote-peer 1.1.1.1 remote-ip 1.1.1.1 # interface Pos1/0/0 link-protocol ppp undo shutdown oam detect lcp-terminal notify lcp-terminal ip address 10.1.1.1 255.255.255.252 mpls l2vc pw-template 3to1 100 tunnel-policy p1 ip-interworking mpls l2vpn pw bfd min-rx-interval 100 min-tx-interval 100 mpls l2vpn oam-mapping #

5-176

Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd.

Issue 03 (2008-09-22)

Quidway NetEngine80E/40E Core Router Configuration Guide - VPN


interface Pos2/0/1 link-protocol ppp undo shutdown ip address 100.34.1.2 255.255.255.252 mpls mpls te mpls te max-link-bandwidth 50 mpls te max-reservable-bandwidth 30 mpls rsvp-te # interface LoopBack1 ip address 3.3.3.3 255.255.255.255 # interface Tunnel2/0/0 ip address unnumbered interface LoopBack1 tunnel-protocol mpls te destination 1.1.1.1 mpls te tunnel-id 31 mpls te bandwidth bc0 20 mpls te commit # ospf 1 opaque-capability enable area 0.0.0.0 network 3.3.3.3 0.0.0.0 network 100.34.1.0 0.0.0.3 mpls-te enable # tunnel-policy p1 tunnel select-seq cr-lsp load-balance-number 1 # return l

5 VLL Configuration

Configuration file of PE2


# sysname PE2 # bfd # mpls lsr-id 2.2.2.2 mpls # mpls l2vpn mpls l2vpn default martini # pw-template 2to1 peer-address 1.1.1.1 control-word vccv cc cw cv lsp-ping bfd # mpls ldp # interface Pos1/0/0 link-protocol ppp undo shutdown oam detect lcp-terminal notify lcp-terminal ip address 10.1.2.1 255.255.255.252 mpls l2vc pw-template 2to1 200 ip-interworking mpls l2vpn pw bfd min-rx-interval 100 min-tx-interval 100 mpls l2vpn oam-mapping # interface Pos2/0/1 link-protocol ppp undo shutdown ip address 100.12.1.2 255.255.255.252 mpls mpls ldp # interface LoopBack1 ip address 2.2.2.2 255.255.255.255

Issue 03 (2008-09-22)

Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd.

5-177

5 VLL Configuration
# ospf 1 area 0.0.0.0 network 2.2.2.2 0.0.0.0 network 100.12.1.0 0.0.0.3 # return

Quidway NetEngine80E/40E Core Router Configuration Guide - VPN

5.11.18 Example for Configuring Kompella VLL with Two Reflectors


Networking Requirements
When deploying Kompella VLL, configure the VLL with two route reflectors (RRs) to improve the reliability. Select two Ps or PEs in the same AS on the backbone network as the RRs, which back up each other, to reflect information about the Kompella VLL label block. As shown in Figure 5-25, PE1, PE2, RR1, and RR2 are in the backbone network AS100. It is required that CE1 and CE2 can communicate after being configured with the Kompella VLL with two reflectors RR1 and RR2. Figure 5-25 Networking diagram of configuring Kompella VLL with two reflectors
Loopback1 2.2.2.9/32 POS1/0/0 100.1.2.2/30

VPN backbone AS100 RR1 RR2

Loopback1 3.3.3.9/32 POS2/0/0 100.3.4.1/30

POS1/0/0 100.1.2.1/30 Loopback1 1.1.1.9/32

POS3/0/0 100.2.4.1/30

POS3/0/0 100.1.3.2/30

POS1/0/0 100.3.4.2/30 Loopback1 4.4.4.9/32

POS3/0/0 100.1.3.1/30

POS3/0/0 100.2.4.2/30 POS2/0/0 POS1/0/0 10.1.1.2/24

PE1

POS2/0/0 POS1/0/0 10.1.1.1/24

PE2

CE1

CE2

Configuration Roadmap
The configuration roadmap is as follows: 1. 2. 3. 4. Configure MPLS LSPs as public network tunnels. Establish MP IBGP connections between the PEs and RRs; no MP IBGP connection needs to be established between the PEs. Configure the same reflector ID for RR1 and RR2 because they back up each other. Configure RR1 and RR2 not to filter label blocks based on VPN targets because RR1 and RR2 need to store information about all L2VPN labels to advertise the information to the PEs.
Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd. Issue 03 (2008-09-22)

5-178

Quidway NetEngine80E/40E Core Router Configuration Guide - VPN

5 VLL Configuration

5.

Configure L2VPN instances on the PEs and connect the CEs to the L2VPN instances.
NOTE

In the L2VPN with two reflectors, the two reflection paths cannot share the same network segment or node (excluding the PE nodes on both ends); otherwise, it is meaningless to configure two reflectors.

Data Preparation
To complete the configuration, you need the following data:
l l

Data needed for configuring OSPF MPLS LSR IDs of the PEs and RRs (IP addresses of the loopback interfaces on the local device) Cluster IDs of the RRs CE IDs and CE range IP addresses of the CE interfaces through which the CEs access the PEs
NOTE

l l l

You do not need to configure an IP address for the PE interface through which the PE accesses the CE.

Configuration Procedure
1. 2. Configure IGP on the MPLS backbone network to enable the devices on LSPs to communicate. In this example, IS-IS is used as IGP and the configuration details are not mentioned.
NOTE

Advertise the loopback interface addresses that act as LSR IDs.

After the configuration, the devices along the LSP can learn loopback interface addresses from each other. Take the display on PE1 as an example:
<PE1> display ip routing-table [PE1]dis ip rout Route Flags: R - relied, D - download to fib -----------------------------------------------------------------------------Routing Tables: Public Destinations : 14 Routes : 15 Destination/Mask Proto Pre Cost Flags NextHop Interface 1.1.1.9/32 Direct 0 0 D 127.0.0.1 InLoopBack0 2.2.2.9/32 OSPF 10 2 D 100.1.2.2 Pos1/0/0 3.3.3.9/32 OSPF 10 2 D 100.1.3.2 Pos3/0/0 4.4.4.9/32 OSPF 10 3 D 100.1.3.2 Pos3/0/0 OSPF 10 3 D 100.1.2.2 Pos1/0/0 100.1.2.0/30 Direct 0 0 D 100.1.2.1 Pos1/0/0 100.1.2.1/32 Direct 0 0 D 127.0.0.1 InLoopBack0 100.1.2.2/32 Direct 0 0 D 100.1.2.2 Pos1/0/0 100.1.3.0/30 Direct 0 0 D 100.1.3.1 Pos3/0/0 100.1.3.1/32 Direct 0 0 D 127.0.0.1 InLoopBack0 100.1.3.2/32 Direct 0 0 D 100.1.3.2 Pos3/0/0 100.2.4.0/30 OSPF 10 2 D 100.1.2.2 Pos1/0/0 100.3.4.0/30 OSPF 10 2 D 100.1.3.2 Pos3/0/0 127.0.0.0/8 Direct 0 0 D 127.0.0.1 InLoopBack0 127.0.0.1/32 Direct 0 0 D 127.0.0.1 InLoopBack0

3.

Establish LSPs on the MPLS backbone network. Enable MPLS and MPLS LDP on the devices and interfaces, which the LSPs pass through. The configuration details are not mentioned here.

Issue 03 (2008-09-22)

Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd.

5-179

5 VLL Configuration

Quidway NetEngine80E/40E Core Router Configuration Guide - VPN

After the configuration, run the display mpls lsp command on each PE and RR. You can view the LSPs of each PE and RR. Take the display on PE1 and RR1 as examples:
<PE1> display mpls lsp ---------------------------------------------------------------------LSP Information: LDP LSP ---------------------------------------------------------------------FEC In/Out Label In/Out IF Vrf Name 1.1.1.9/32 3/NULL -/2.2.2.9/32 NULL/3 -/Pos1/0/0 2.2.2.9/32 1024/3 -/Pos1/0/0 3.3.3.9/32 NULL/3 -/Pos3/0/0 3.3.3.9/32 1025/3 -/Pos3/0/0 4.4.4.9/32 NULL/1026 -/Pos1/0/0 4.4.4.9/32 NULL/1026 -/Pos3/0/0 <RR1> display mpls lsp ---------------------------------------------------------------------LSP Information: LDP LSP ---------------------------------------------------------------------FEC In/Out Label In/Out IF Vrf Name 1.1.1.9/32 NULL/3 -/Pos1/0/0 2.2.2.9/32 3/NULL -/3.3.3.9/32 NULL/1025 -/Pos1/0/0 1.1.1.9/32 1024/3 -/Pos1/0/0 4.4.4.9/32 NULL/3 -/Pos3/0/0 4.4.4.9/32 1026/3 -/Pos3/0/0 3.3.3.9/32 NULL/1025 -/Pos3/0/0

4.

Establish the MP IBGP peer relationship between the PEs and RRs. # Establish the MP IBGP connection and enable the basic L2VPN capability of BGP. # Configure PE1.
<PE1> system-view [PE1] bgp 100 [PE1-bgp] peer 2.2.2.9 as-number 100 [PE1-bgp] peer 2.2.2.9 connect-interface loopback 1 [PE1-bgp] peer 3.3.3.9 as-number 100 [PE1-bgp] peer 3.3.3.9 connect-interface loopback 1 [PE1-bgp] l2vpn-family [PE1-bgp-af-l2vpn] peer 2.2.2.9 enable [PE1-bgp-af-l2vpn] peer 3.3.3.9 enable

# Configure RR1.
<RR1> system-view [RR1] bgp 100 [RR1-bgp] group rr1 internal [RR1-bgp] peer rr1 connect-interface loopback 1 [RR1-bgp] l2vpn-family [RR1-bgp-af-l2vpn] peer rr1 enable [RR1-bgp-af-l2vpn] peer 1.1.1.9 group rr1 [RR1-bgp-af-l2vpn] peer 4.4.4.9 group rr1

# Configure RR2.
<RR2> system-view [RR2] bgp 100 [RR2-bgp] group rr2 internal [RR2-bgp] peer rr2 connect-interface loopback 1 [RR2-bgp] l2vpn-family [RR2-bgp-af-l2vpn] peer rr2 enable [RR2-bgp-af-l2vpn] peer 1.1.1.9 group rr2 [RR2-bgp-af-l2vpn] peer 4.4.4.9 group rr2

# Configure PE2.
[PE2] bgp [PE2-bgp] [PE2-bgp] [PE2-bgp] 100 peer 2.2.2.9 as-number 100 peer 2.2.2.9 connect-interface loopback 1 peer 3.3.3.9 as-number 100

5-180

Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd.

Issue 03 (2008-09-22)

Quidway NetEngine80E/40E Core Router Configuration Guide - VPN


[PE2-bgp] peer 3.3.3.9 connect-interface loopback 1 [PE2-bgp] l2vpn-family [PE2-bgp-af-l2vpn] peer 2.2.2.9 enable [PE2-bgp-af-l2vpn] peer 3.3.3.9 enable

5 VLL Configuration

After this step, run the display bgp l2vpn peer command on the PEs or run the display bgp l2vpn group group-name command on the RRs. You can view that MP BGP connections are established between the PEs and RRs and the status of the MP BGP connections is Established. Take the display on PE1 and RR1 as an example:
<PE1> display bgp l2vpn peer BGP local router ID : 1.1.1.9 Local AS number : 100 Total number of peers : 2 Peers in established state : 2 Peer V AS MsgRcvd MsgSent OutQ Up/Down State PrefRcv 2.2.2.9 4 100 14 14 0 00:10:28 Established 0 3.3.3.9 4 100 15 14 0 00:09:55 Established 0 <RR1> display bgp l2vpn group rr1 BGP peer-group: rr1 Remote AS 100 Type : internal Configured hold timer value: 180 Keepalive timer value: 60 Minimum route advertisement interval is 15 seconds Connect-interface has been configured PeerSession Members: NONE Peer Preferred Value: 0 No routing policy is configured Peer Members: Peer V AS MsgRcvd MsgSent OutQ Up/Down State PrefRcv 1.1.1.9 4 100 8 8 0 00:03:28 Established 0 4.4.4.9 4 100 6 9 0 00:02:37 Established 0

5.

Configure route reflection on RR1 and RR2. # RRs need to store information about all L2VPN labels to advertise the information to the client. Thus, configure RR1 and RR2 not to filter the L2VPN label blocks based on VPN targets. # Configure RR1.
[RR1] bgp 100 [RR1-bgp] l2vpn-family [RR1-bgp-af-l2vpn] reflector cluster-id 100 [RR1-bgp-af-l2vpn] peer rr1 reflect-client [RR1-bgp-af-l2vpn] undo policy vpn-target

# Configure RR2.
[RR2] bgp 100 [RR2-bgp] l2vpn-family [RR2-bgp-af-l2vpn] reflector cluster-id 100 [RR2-bgp-af-l2vpn] peer rr2 reflect-client [RR2-bgp-af-l2vpn] undo policy vpn-target

6.

Configure L2VPN instances on the PEs and connect the CEs to the PEs. # Configure PE1.
[PE1] mpls l2vpn [PE1-l2vpn] quit [PE1] mpls l2vpn vpn1 encapsulation ppp [PE1-mpls-l2vpn-vpn1] route-distinguisher 100:1 [PE1-mpls-l2vpn-vpn1] vpn-target 1:1 both [PE1-mpls-l2vpn-vpn1] ce ce1 id 1 range 10 [PE1-mpls-l2vpn-ce-vpn1-ce1] connection ce-offset 2 interface pos 2/0/0 [PE1-mpls-l2vpn-ce-vpn1-ce1] quit [PE1-mpls-l2vpn-vpn1] quit [PE1] interface pos 2/0/0 [PE1-Pos2/0/0] undo shutdown

Issue 03 (2008-09-22)

Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd.

5-181

5 VLL Configuration
[PE1-Pos2/0/0] quit

Quidway NetEngine80E/40E Core Router Configuration Guide - VPN

# Configure PE2.
[PE2] mpls l2vpn [PE2-l2vpn] quit [PE2] mpls l2vpn vpn1 encapsulation ppp [PE2-mpls-l2vpn-vpn1] route-distinguisher 100:2 [PE2-mpls-l2vpn-vpn1] vpn-target 1:1 both [PE2-mpls-l2vpn-vpn1] ce ce2 id 2 range 10 [PE2-mpls-l2vpn-ce-vpn1-ce2] connection ce-offset 1 interface pos 2/0/0 [PE2-mpls-l2vpn-ce-vpn1-ce1] quit [PE2-mpls-l2vpn-vpn1] quit [PE2] interface pos 2/0/0 [PE2-Pos2/0/0] undo shutdown [PE2-Pos2/0/0] quit

7.

Configure CEs. # Configure CE1.


[CE1] interface pos 1/0/0 [CE1-Pos1/0/0] ip address 10.1.1.1 24 [CE1-Pos1/0/0] undo shutdown [CE1-Pos1/0/0] quit

# Configure CE2.
[CE2] interface pos 1/0/0 [CE2-Pos1/0/0] ip address 10.1.1.2 24 [CE2-Pos1/0/0] undo shutdown [CE2-Pos1/0/0] quit

8.

Verify the configuration. Run the display mpls l2vpn connection interface command on the PEs. You can view that both ends of the VC are Up. Take the display on PE1 as an example:
<PE1> display mpls l2vpn connection interface pos 2/0/0 conn-type: remote local vc state: up remote vc state: up local ce-id: 1 local ce name: ce1 remote ce-id: 2 intf(state,encap): Pos2/0/0(up,ppp) peer id: 4.4.4.9 route-distinguisher: 100:2 local vc label: 25602 remote vc label: 25601 tunnel policy: default primary or secondary: primary forwardEntry exist or not: true forward entry active or not:true manual fault set or not: not set AC OAM state: up BFD for PW session index: -BFD for PW state: invalid BFD for LSP state: true Local C bit is not set, Remote C bit is not set tunnel type: lsp , id: 0x1002006

CE1 and CE2 can ping through each other. This indicates that RRs are successfully configured.
<CE1> ping 10.1.1.2 PING 10.1.1.2: 56 data bytes, press CTRL_C to break Reply from 10.1.1.2: bytes=56 Sequence=1 ttl=255 time=110 ms Reply from 10.1.1.2: bytes=56 Sequence=2 ttl=255 time=120 ms Reply from 10.1.1.2: bytes=56 Sequence=3 ttl=255 time=160 ms Reply from 10.1.1.2: bytes=56 Sequence=4 ttl=255 time=90 ms Reply from 10.1.1.2: bytes=56 Sequence=5 ttl=255 time=130 ms

5-182

Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd.

Issue 03 (2008-09-22)

Quidway NetEngine80E/40E Core Router Configuration Guide - VPN


--- 10.1.1.2 ping statistics --5 packet(s) transmitted 5 packet(s) received 0.00% packet loss round-trip min/avg/max = 90/122/160 ms

5 VLL Configuration

After the shutdown command is run in the view of POS 3/0/0 on PE1 or PE2, CE1 and CE2 still can ping through each other. This indicates that the two RRs are successfully configured.
[PE1] interface pos 3/0/0 [PE1-Pos/0/0] shutdown <CE1> ping 10.1.1.2 PING 10.1.1.2: 56 data bytes, press CTRL_C to break Reply from 10.1.1.2: bytes=56 Sequence=1 ttl=255 time=170 Reply from 10.1.1.2: bytes=56 Sequence=2 ttl=255 time=160 Reply from 10.1.1.2: bytes=56 Sequence=3 ttl=255 time=150 Reply from 10.1.1.2: bytes=56 Sequence=4 ttl=255 time=180 Reply from 10.1.1.2: bytes=56 Sequence=5 ttl=255 time=190 --- 10.1.1.2 ping statistics --5 packet(s) transmitted 5 packet(s) received 0.00% packet loss round-trip min/avg/max = 150/170/190 ms

ms ms ms ms ms

Run the display bgp l2vpn route-distinguisher route-distinguisher ce-id ce-id labeloffset default- offset command on the PEs or RRs. You can view the BGP attributes of label blocks, such as the AS-path attribute. Take the display on PE2 as an example:
<PE2> display bgp l2vpn route-distinguisher 100:1 ce-id 1 label-offset 0 BGP Local router ID : 4.4.4.9, local AS number : 100 Origin codes:i - IGP, e - EGP, ? - incomplete nexthop:1.1.1.9, pref :100, as-path : label base: 25600, label range: 10, layer-2 mtu: 1500, encap type:ppp label state 25600 down 25601 down 25602 up 25603 down 25604 down 25605 down 25606 down 25607 down 25608 down 25609 down

Configuration Files
l

Configuration file of CE1


# sysname CE1 # interface Pos1/0/0 link-protocol ppp undo shutdown ip address 10.1.1.1 255.255.255.0 # return

Configuration file of PE1


# sysname PE1 # mpls lsr-id 1.1.1.9 mpls # mpls l2vpn

Issue 03 (2008-09-22)

Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd.

5-183

5 VLL Configuration

Quidway NetEngine80E/40E Core Router Configuration Guide - VPN


# mpls ldp # interface Pos1/0/0 link-protocol ppp undo shutdown ip address 100.1.2.1 255.255.255.252 mpls mpls ldp # interface Pos2/0/0 link-protocol ppp undo shutdown # interface Pos3/0/0 link-protocol ppp undo shutdown ip address 100.1.3.1 255.255.255.252 mpls mpls ldp # interface LoopBack1 ip address 1.1.1.9 255.255.255.255 # bgp 100 peer 2.2.2.9 as-number 100 peer 2.2.2.9 connect-interface LoopBack1 peer 3.3.3.9 as-number 100 peer 3.3.3.9 connect-interface LoopBack1 # ipv4-family unicast undo synchronization peer 2.2.2.9 enable peer 3.3.3.9 enable # l2vpn-family policy vpn-target peer 2.2.2.9 enable peer 3.3.3.9 enable # ospf 1 area 0.0.0.0 network 1.1.1.9 0.0.0.0 network 100.1.2.0 0.0.0.3 network 100.1.3.0 0.0.0.3 # mpls l2vpn vpn1 encapsulation ppp route-distinguisher 100:1 vpn-target 1:1 import-extcommunity vpn-target 1:1 export-extcommunity ce ce1 id 1 range 10 default-offset 0 connection ce-offset 2 interface Pos2/0/0 # # return

Configuration file of RR1


# sysname RR1 # mpls lsr-id 2.2.2.9 mpls # mpls ldp # interface Pos1/0/0 link-protocol ppp undo shutdown ip address 100.1.2.2 255.255.255.252 mpls

5-184

Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd.

Issue 03 (2008-09-22)

Quidway NetEngine80E/40E Core Router Configuration Guide - VPN


mpls ldp # interface Pos3/0/0 link-protocol ppp undo shutdown ip address 100.2.4.1 255.255.255.252 mpls mpls ldp # interface LoopBack1 ip address 2.2.2.9 255.255.255.255 # bgp 100 peer 4.4.4.9 as-number 100 peer 1.1.1.9 as-number 100 group rr1 internal peer rr1 connect-interface LoopBack1 # ipv4-family unicast undo synchronization undo peer 4.4.4.9 enable undo peer 1.1.1.9 enable peer rr1 enable # l2vpn-family reflector cluster-id 100 undo policy vpn-target peer rr1 enable peer rr1 reflect-client peer 1.1.1.9 enable peer 1.1.1.9 group rr1 peer 4.4.4.9 enable peer 4.4.4.9 group rr1 # ospf 1 area 0.0.0.0 network 100.1.2.0 0.0.0.3 network 100.2.4.0 0.0.0.3 network 2.2.2.9 0.0.0.0 # return l

5 VLL Configuration

Configuration file of RR2


# sysname RR2 # mpls lsr-id 3.3.3.9 mpls # mpls ldp # interface Pos2/0/0 link-protocol ppp undo shutdown ip address 100.3.4.1 255.255.255.252 mpls mpls ldp # interface Pos3/0/0 link-protocol ppp undo shutdown ip address 100.1.3.2 255.255.255.252 mpls mpls ldp # interface LoopBack1 ip address 3.3.3.9 255.255.255.255 # bgp 100 peer 4.4.4.9 as-number 100

Issue 03 (2008-09-22)

Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd.

5-185

5 VLL Configuration
peer 1.1.1.9 as-number 100 group rr2 internal peer rr2 connect-interface LoopBack1 # ipv4-family unicast undo synchronization undo peer 4.4.4.9 enable undo peer 1.1.1.9 enable peer rr2 enable # l2vpn-family reflector cluster-id 100 undo policy vpn-target peer rr2 enable peer rr2 reflect-client peer 1.1.1.9 enable peer 1.1.1.9 group rr2 peer 4.4.4.9 enable peer 4.4.4.9 group rr2 # ospf 1 area 0.0.0.0 network 100.3.4.0 0.0.0.3 network 100.1.3.0 0.0.0.3 network 3.3.3.9 0.0.0.0 # return l

Quidway NetEngine80E/40E Core Router Configuration Guide - VPN

Configuration file of PE2


# sysname PE2 # mpls lsr-id 4.4.4.9 mpls # mpls l2vpn # mpls ldp # interface Pos1/0/0 link-protocol ppp undo shutdown ip address 100.3.4.2 255.255.255.252 mpls mpls ldp # interface Pos2/0/0 link-protocol ppp undo shutdown # interface Pos3/0/0 link-protocol ppp undo shutdown ip address 100.2.4.2 255.255.255.252 mpls mpls ldp # interface LoopBack1 ip address 4.4.4.9 255.255.255.255 # bgp 100 peer 2.2.2.9 as-number 100 peer 2.2.2.9 connect-interface LoopBack1 peer 3.3.3.9 as-number 100 peer 3.3.3.9 connect-interface LoopBack1 # ipv4-family unicast undo synchronization peer 2.2.2.9 enable peer 3.3.3.9 enable

5-186

Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd.

Issue 03 (2008-09-22)

Quidway NetEngine80E/40E Core Router Configuration Guide - VPN


# l2vpn-family policy vpn-target peer 2.2.2.9 enable peer 3.3.3.9 enable # ospf 1 area 0.0.0.0 network 4.4.4.9 0.0.0.0 network 100.3.4.0 0.0.0.3 network 100.2.4.0 0.0.0.3 # mpls l2vpn vpn1 encapsulation ppp route-distinguisher 100:2 vpn-target 1:1 import-extcommunity vpn-target 1:1 export-extcommunity ce ce2 id 2 range 10 default-offset 0 connection ce-offset 1 interface Pos2/0/0 # return l

5 VLL Configuration

Configuration file of CE2


# sysname CE2 # interface Pos1/0/0 link-protocol ppp undo shutdown ip address 10.1.1.2 255.255.255.0 # return

Issue 03 (2008-09-22)

Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd.

5-187

Quidway NetEngine80E/40E Core Router Configuration Guide - VPN

6 PWE3 Configuration

6
About This Chapter

PWE3 Configuration

This chapter describes the principle, application and configuration for PWE3. 6.1 Introduction This section describes the basic principle of the PWE3. 6.2 Configuring Attributes of a PW Template This section describes how to configure attributes for a PW template. 6.3 Configuring Static PWs This section describes how to configure static PW. 6.4 Configuring Dynamic PWs This section describes how to configure dynamic PW. 6.5 Configuring PW Switching This section describes how to configure PW switching. 6.6 Configuring a Backup PW This section describes how to configure a backup PW. 6.7 Configuring Static BFD for PW This section describes how to configure static BFD for PW. 6.8 Configuring Dynamic BFD for PW This section describes how to configure dynamic BFD for PW. 6.9 Configuring PW FRR This section describes how to configure PW FRR. 6.10 Configuring Heterogeneous Transport in PWE3 This section describes how to configure heterogeneous transport in PWE3. 6.11 Configuring Inter-AS PWE3 This section describes how to configure inter-AS PWE3. 6.12 Configuing ATM Cell Transport This section describes how to configure ATM Cell Transport.
Issue 03 (2008-09-22) Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd. 6-1

6 PWE3 Configuration

Quidway NetEngine80E/40E Core Router Configuration Guide - VPN

6.13 Maintaining a PW This section describes how to check the PW connectivity and debug PWE3. 6.14 Configuration Examples This section provides several configuration examples for PWE3.

6-2

Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd.

Issue 03 (2008-09-22)

Quidway NetEngine80E/40E Core Router Configuration Guide - VPN

6 PWE3 Configuration

6.1 Introduction
This section describes the basic principle of the PWE3. 6.1.1 PWE3 6.1.2 PWE3 Features Supported by the NE80E/40E

6.1.1 PWE3
Pseudo-Wire Emulation Edge to Edge (PWE3) is a type of end-to-end Layer 2 transmitting technology. It emulates the essential attributes of a telecommunications service such as ATM, FR or Ethernet in a Packet Switched Network (PSN). PWE3 also emulates the essential attributes of low speed Time Division Multiplexing (TDM) circuit and SONET/SDH. On PEs in the PSN network, PWE3, with the Label Distribution Protocol (LDP) as the signaling protocol, emulates various Layer 2 service (such as Layer 2 data packets) of the Customer Edge (CE) through tunnels such as the Multiprotocol Label Switch Protocol Label Switched Paths (MPLS LSPs), or the Generic Routing Encapsulation (GRE) tunnels, Besides, PWE3 also transparently transmits the Layer 2 data of the CEs. This proximate emulation may lead to the distortion of the TDM data. Figure 6-1 shows the PWE3 framework. Figure 6-1 PWE3 framework

AC

PW

AC

PSN Tunnel CE1 PE1 PSN PE2 CE2

The relevant terms defined in the RFC are explained as follows:


l l l l

Provider Edge (PE) device. Customer Edge (CE) device. Provider (P): It is a device in the backbone network of a service provider. Attachment Circuit (AC): It is an unshared link or circuit that connects a CE and a PE. An AC can be either physical or virtual. The attributes about an AC are encapsulation type, MTU, and link interface parameters. PSN tunnel: One or more PWs can be carried in a PSN tunnel. Pesudo-Wire (PW): It is a virtual connection. A PW is set up by using the signaling protocol.

l l

A PW uses VC-type and VC-ID to identify a Virtual Circuit (VC), which is similar to that of VLL in Martini mode.
Issue 03 (2008-09-22) Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd. 6-3

6 PWE3 Configuration
l

Quidway NetEngine80E/40E Core Router Configuration Guide - VPN

VC type refers to the encapsulation type of the VC, such as ATM (atm-aal5-sdu, atm-transcell), FR, PPP, Ethernet, VLAN, or HDLC. VC ID refers to the identifier of the VC. The VC ID of each VC with the same type must be unique on the entire PE.

6.1.2 PWE3 Features Supported by the NE80E/40E


You need to know the following terms defined in the RFC before you read this section:
l

Ultimate PE (U-PE): a PE which an AC is bound to. U-PE is the first or last PE of an MHPW (introduced in the following). Switching Point PE (S-PE): a PE in charge of switching PW labels in an MH-PW. An SPE sets up and manages PW segments with other S-PEs or U-PEs. The PW segment is a static or dynamically configured PW set up between a pair of PEs. This pair of PEs can be two U-PEs, or two S-PEs, or one U-PE and one S-PE.

PW is classified based on:


l l

Implementation mechanism: Static PW and Dynamic PW Networking model: SH-PW and MH-PW

Static PW and Dynamic PW


l

Static PW The Static PW negotiates parameters without signaling protocol. You must specify the relevant information manually.

Dynamic PW

The Dynamic PW is a PW which is set up through the signaling protocol. The U-PE switches VC labels and binds the corresponding CE through VC-ID. If the tunnel between two PEs is successfully set up, and label interchanging and binding are completed, a VC is set up. The LDP-PW uses LDP as signaling protocol to send PW messages. The LDP-PW requires switching PWs to complete the MH-PW. The tunnel used to set up LDP PW can be LDP LSP, CR-LSP or GRE. By default, LDP LSP is used. LDP-PW messages include:

Request: a message used to request label distribution. Mapping: a message used to distribute label to the remote PE (U-PE or S-PE). The state bit can be carried by this message to the remote PE. Whether to carry the state bit or not is up to configuration. By default, the Martini mode does not carry state bit. Notification: a message used to announce and negotiate about the PW state to reduce messages to intercommunicate. Withdraw: a message used to ask the peer to remove labels. (It carries labels and state information.) Release: a message as a response for Withdraw. It is used to ask the peer that sends Withdraw to remove labels.

Figure 6-2 shows the interactive process of the packet during the establishment, maintenance and dismantlement of the LDP PW.
6-4 Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd. Issue 03 (2008-09-22)

Quidway NetEngine80E/40E Core Router Configuration Guide - VPN

6 PWE3 Configuration

Figure 6-2 Interactive process of the LDP-PW packet


Loopback1 1.1.1.1/32 Loopback1 2.2.2.2/32

PE1 mpls l2vc 2.2.2.2 101


Request

PE2

Mapp ing
Mapp ing

mpls l2vc 1.1.1.1 101 parameter match,VC up

parameter match,VC up AC/Tunnel state changed Notification AC/Tunnel state changed

The dynamic allocation of the LDP-PW label is performed on the receiving and sending directions. On the basis of Martini, the dynamic PW adds the optional status parameter in the Mapping packet and supports the Notification packet. When the network is in the unstable state, the Notification packet can decrease the interactive times of the packets. For example, if the AC link flapping occurs on the PE device, the Notification packet is sent to notify the AC link status. After receiving the packet, the peer does not dismantle the VC. However, in the Martini mode, the Withdraw packet is sent repeatedly. Thus, the PW is set up and dismantled repeatedly.
NOTE

The PWE3 supports Notification mode to negotiate about PW state information. The Withdraw packet is compatible to withdraw labels in PWE3. Which mode to be adopted is up to the negotiation of two ends of the PW.

This is the tearing down process for the dynamic PW. Figure 6-3 shows the interactive messages in the tearing down process for the dynamic PW. Figure 6-3 Process of tearing down single-hop PWE3
Loopback1 1.1.1.1/32 Loopback1 2.2.2.2/32

PE1 mpls l2vc 2.2.2.2 101 VC Deletion Withdraw Release Withdraw

PE2 mpls l2vc 1.1.1.1 101

VC Deletion

Issue 03 (2008-09-22)

Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd.

6-5

6 PWE3 Configuration

Quidway NetEngine80E/40E Core Router Configuration Guide - VPN

When PE1 does not forward packets sent from PE2 for a specific cause, such that PE2 is not specified as the peer any more, PE1 sends a Withdraw message to PE2. After receiving the Withdraw message, PE2 tears down the PW tunnel and responds PE1 with a Release message. After receiving the Release message, PE1 releases the label and tears down the PW tunnel.

SH-PW and MH-PW


l

SH-PW The SH-PW is a PW that is set up between two U-PEs. That is, switching labels at PW label layer is not required, as shown in Figure 6-4.

Figure 6-4 Networking diagram of SH-PWE3


PE1 P PE2

PW100

CE1

CE2

MH-PW The MH-PW is a set of two or more contiguous PW segments between two U-PEs. Switching labels at PW label layer is required. Figure 6-5 shows that the MH-PW functions as a single point-to-point PW. Figure 6-5 Networking diagram of MH-PWE3
U-PE1 S-PE P U-PE2

PW100 CE1
l

PW200 CE2

The forwarding mechanism of U-PE in MH-PW is the same as that in SH-PW. The only difference is that MH-PW requires switching the control and data planes of the preceding and succeeding PW segments on the S-PE. To carry out MH-PW, the S-PE device connects two PWs on both of PW endpoints and interchanges labels. There are three combinations of two PWs used to switch:

Dynamic and dynamic switch: Both PWs to switch are dynamic PWs. The PWs on both sides of the S-PE are set up using signaling. The remote labels are sent from two neighboring endpoints (U-PE or S-PE) to this S-PE using signaling. Static and static switch: Both PWs to switch are static PWs. Dynamic and static switch: One of the PWs to switch is set up with signaling, and the other one is set up without signaling.
Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd. Issue 03 (2008-09-22)

6-6

Quidway NetEngine80E/40E Core Router Configuration Guide - VPN


l

6 PWE3 Configuration

The preceding types of PW switching support the Control Word (CW) and Virtual Circuit Connectivity Verification (VCCV). The CW and VCCV are sent from two U-PEs to the S-PE through labels.

BFD for PW
The Bidirectional Forwarding Detection (BFD) can fast detect the PW link between the local PE and remote PE to support PW Fast Reroute (FRR). This lessens the impact of link faults on services.
l

Static BFD for PW BFD control packets are transmitted on PW links after being encapsulated by PWs. PWs distinguish control packets and data packets by using CWs. BFD packets are encapsulated by using the CWs of PWs. Detected PWs must be created by using the PW template. For an MH PW, the intermediate SPE only forwards BFD packets but does not send the BFD packets to its CPU for processing.

Dynamic BFD for PW 1. The Up and Down states of a PW can trigger the dynamic creation and deletion of a BFD session. When the status of a PW that needs to be detected is Up, the local device notifies information about its neighbor and detection parameters to the BFD module. The BFD module then sets up a session to detect the link between the local device and its neighbor. BFD session negotiation can be implemented by adding the BFD Discriminator TLV field to VCCV ping packets. After a session is set up, BFD fast sends detection packets. VCCV ping is used to periodically check the consistency of the control plane and data plane. When a dynamic BFD session detects that the status of the PW changes, BFD notifies the L2VPN to trigger route convergence. When a neighbor is unreachable, the protocol notifies the L2VPN to delete the related session.

2. 3. 4.

NOTE

For details of BFD for LDP LSP, refer to the chapter "MPLS Configuration" in the Quidway NetEngine80E/ 40E Router Configuration Guide - MPLS.

The format of the BFD Discriminator TLV in a VCCP ping packet is the same as the format of the BFD Discriminator TLV in an LSP ping packet, as shown in Figure 6-6. Figure 6-6 Structure of an LSP ping packet
Version Number Message Type Reply Mode Must Be Zero Return Code Sender's Handle Sequence Number Timestamp Sent (Seconds) Timestamp Sent (Microseconds) Timestamp Receive (Seconds) Timestamp Receive (Microseconds) TLVs Returen Subcode

Issue 03 (2008-09-22)

Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd.

6-7

6 PWE3 Configuration

Quidway NetEngine80E/40E Core Router Configuration Guide - VPN

PW FRR
With the wide applications of PWE3, the requirement for the reliability of networks becomes increasingly higher, especially for L2VPNs that carry real-time services such as VoIP and IPTV. PW FRR is one of the solutions for increasing the reliability of L2VPNs. PW FRR detects faults in L2VPNs through the Operations, Administration and Maintenance (OAM) and BFD, advertises the faults, and fast switches traffic. PW FRR is used in the following types of networking:
l

Symmetrically Dual-homed CEs The CEs at the two ends are dual-homed to the corresponding PEs through two ACs, as shown in Figure 6-7.

Figure 6-7 Symmetrically dual-homed CEs


PE1 P1 PE4

AC1 CE1 AC2 Site1 PE2

VPN backbone

AC4 CE2

P2

PE3

AC3 Site2

Asymmetrically connected CEs One CE is connected to a PE through an AC and the other CE is dual-homed to PEs through two ACs, as shown in Figure 6-8. Figure 6-8 Asymmetrically connected CEs
P1 PE1 VPN backbone AC1 AC3 Site1 P2 PE3 Site2 PE2

AC2 CE2

CE1

In the scenario shown in Figure 6-8, you need to note the following:
l

When a CE is connected to a PE through an Ethernet link, only networking between homogeneous services can be configured on the PE. When a CE is connected to a PE through a PPP or HDLC link, the following situations occur:
Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd. Issue 03 (2008-09-22)

6-8

Quidway NetEngine80E/40E Core Router Configuration Guide - VPN


6 PWE3 Configuration

Only internetworking can be configured on the PE. Primary and secondary IP addresses can be configured on the interface connecting CE1 to PE1.The traffic with the primary IP address is forwarded by the master PW and the traffic with the secondary IP address is forwarded by the backup PW. CEs can advertise routes to each other by using OSPF, but OSPF does not support the advertisement of the routes with secondary IP addresses. If a device configured with the secondary IP address is connected to other devices, the device cannot forward routes.

Internetworking
The PWE3 supports internetworking. The PWE3 provides homogeneous and heterogeneous transports. If both ACs are of the same technology, for example, both Ethernet, both Frame Relay, both ATM, the PW provides "homogeneous transport." Otherwise, it provides "heterogeneous transport". When different sites access the PWE3 backbone with various transports, use the PWE3 internetworking transport. Figure 6-9 shows site 3 and site 4 access the PWE3 backbone with homogeneous transport. The site 1 and site 2 access the PWE3 backbone with heterogeneous transport. Figure 6-9 PWE3 internetworking
site1 CE
ATM1/0/0

site2

Backbone PW200

GE1/0/0

CE

VPN1

ATM1/0/0

GE1/0/0

VPN1

PE
POS2/0/0

PE PW100
POS2/0/0

VPN2
POS1/0/0 POS1/0/0

VPN2

CE site4

CE site3

Table 6-1 shows different types of data that can be transmitted transparently through the PWE3. Table 6-1 Data types capable of transparent transmission through PWE3 Type No. 0x0001 0x0002 0x0003 0x0004
Issue 03 (2008-09-22)

Type Frame Relay DLCI ATM AAL5 SDU VCC transport ATM cell transport Ethernet Tagged Mode VLAN
Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd. 6-9

6 PWE3 Configuration

Quidway NetEngine80E/40E Core Router Configuration Guide - VPN

Type No. 0x0005 0x0006 0x0007 0x0009 0x000A 0x000B 0x000C 0x000D 0x0011 0x0040

Type Ethernet HDLC PPP ATM N-to-1 VCC cell transport ATM N-to-1 VPC cell transport IP Layer 2 Transport ATM 1-to-1 VCC Cell Mode ATM 1-to-1 VPC Cell Mode IP-Interworking Mode IP-Interworking Mode

Inter-AS PWE3
In actual network, multiple sites of the VPN of a user may connect with multiple service providers of different ASs or with multiple ASs of a service provider. The VPN is called interAS VPN. Inter-AS PWE3 has three schemes:
l

Inter-AS PWE3-Option A: Data of an inter-AS user is transmitted through special interfaces between ASBRs. The user exclusively occupies the link between the ASBRs. Inter-AS PWE3-Option C: The PEs advertise the VPN IPv4 routes through multi-hop MPEBGP.

The NE80E/40E supports all the two schemes. The following describes those three schemes in detail:
l

Inter-AS PWE3-Option A In Option A, the ASBRs of the two ASs are directly connected. The ASBRs are the PEs of their respective ASs. The two ASBRs regard the peer ASBRs as their CE devices.

6-10

Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd.

Issue 03 (2008-09-22)

Quidway NetEngine80E/40E Core Router Configuration Guide - VPN

6 PWE3 Configuration

Figure 6-10 Networking diagram of inter-AS PWE3-Option A


CE-1

MPLS backbone AS: 100

MPLS backbone AS: 200

PE-1

ASBR-PE1

CE-3

ASBR-PE2

PE-2
LSP1

AC

CE-2

As shown in Figure 6-10, for the ASBR-PE1 in the AS100, the ASBR-PE2 is a CE device. Similarly, for the ASBR-PE2, the ASBR-PE1 is a CE device. Option A is easy to implement. No inter-AS configuration is needed on the ASBR-PEs. The interfaces that connect the ASBR need not be configured with the IP addresses. In Option A, the two directly-connected ASBRs use different links including physical and logical links for each inter-AS VPN. The links work as ACs to connect the VPN. Thus, the performance requirement on the PE devices is relatively high.
l

Inter-AS PWE3-Option C In the previous two options, the ASBRs take part in the allocation and maintenance of PW labels. If each AS has a great amount of PW information to be exchanged, the ASBRs may become the bottleneck of the network. To solve this problem, Option C is introduced. In this option, the ASBRs set up and maintain PWs, while the PEs exchange the PW labels.

The ASBRs advertise the labeled IPv4 routes to the PEs in their respective ASs through MP-IBGP and advertise the labeled IPv4 routes received by the PE of the local AS to the ASBR peer in the remote AS. The ASBRs in the transit AS also advertise the labeled IPv4 routes. An LDP LSP is thus set up between the ingress PE and the egress PE. The PEs of different ASs set up remote multi-hop MPLS LDP session to exchange the PW information.

Issue 03 (2008-09-22)

Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd.

6-11

6 PWE3 Configuration

Quidway NetEngine80E/40E Core Router Configuration Guide - VPN

Figure 6-11 Networking diagram of inter-AS PWE3-Option C

BGP/MPLS backbone AS 100 MP-IBGP PE1

EBGP

BGP/MPLS backbone AS 200 MP-IBGP

ASBR-PE1 ASBR-PE2 Remote LDP Peer LSP PE2

CE1

SH-PW

CE2

ATM Cell Transport


Asynchronous Transfer Mode (ATM) was designated as the transmission and switching mode for broadband ISDN services by the ITU-T in June, 1992. ATM can bear IP, voice and conference call, and ISDN/DSL services. ATM has strong QoS capability. Some ATM networks bear very important services. The IP data network is developing dramatically. The IP network has high extensibility, scalability, and compatibility. As a traditional network, however, the ATM network has relatively inferior scalability and flexibility. The ATM network is limited by the transmission mode and the service type. It is difficult for the newly constructed network to integrate with the existing network. ATM cell transport, therefore, is introduced. ATM cell transport uses the PSN network to connect the traditional ATM networks and provides the emulated ATM services on the PSN network. Thus, the existing network and investment of users and carriers are protected and utilized. Figure 6-12 Networking diagram of ATM cell transport

PE

MPLS/IP Netw ork

PE

ATM CE

ATM CE

ATM Sw itch

ATM Sw itch

As shown in Figure 6-12, the ATM networks are connected through the high-speed PSN network (MPLS/IP network). ATM cell transport can help transfer the earlier ATM or ISP network through the PSN network without adding new ATM devices and changing the ATM CE configurations. ATM CEs consider the ATM cell transport as the TDM leased line.
6-12 Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd. Issue 03 (2008-09-22)

Quidway NetEngine80E/40E Core Router Configuration Guide - VPN

6 PWE3 Configuration

ATM cell transport is a technology through which the ATM cells are transmitted on the PWE3.

PWE3 Tracert
With the wide applications of PWE3, PWE3 is required to support related operations and maintenance. PWE3 tracert is a type of a network maintenance tool developed to meet this requirement. Based on different networking types, PWs are classified into SH PWs and MH PWs. Similarly, PWE3 tracert is classified into PWE3 SH tracecert and PWE3 MH tracert.
l

Basic principle

PWE3 SH Tracert

As shown in Figure 6-13, CE1 and CE4 belong to VPN 1; CE2 and CE3 belong to VPN 2; the LSP from PE1 to PE4 is PE1-P-PE4; the LSP from PE2 to PE3 is PE2P-PE3. Figure 6-13 Networking diagram of PWE3 SH tracert
CE1 VPN1 PE1 PE2 CE2 VPN2

CE3

PE3

PE4

CE4 VPN1

VPN2

LSP1 LSP2

On PE1, you can start PWE3 tracert of VPN 1 by using related command. This PWE3 tracert is the same as the LSP tracert in the public network, except that a PW label is added to packets, and the remote PE checks whether the receiving PW label and the VC ID are the the same as those of the local end. The source PE of the PWE3 tracert continues to send MPLS echo request packets with the Time-to-Live (TTL) of the outer label from one to a certain value and the TTL of the inner label as one. Each Label Switching Router (LSR) does not forward the received packet with the TTL of the outer label as one. Based on the contents of the packet, each LSR checks the correctness of specific services and labels, and then sends an MPLS echo reply packet to the source PE. In this way, the source PE can collect information about each LSR that a PW passes through and information about the egress PE. At present, the MPLS echo reply packet is an IP packet that does not carry any label.

Issue 03 (2008-09-22)

Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd.

6-13

6 PWE3 Configuration

Quidway NetEngine80E/40E Core Router Configuration Guide - VPN

The following takes the LSP between PE1 and PE4 as an example to explain the mechanism adopted by PWE3 tracert to collect information about nodes. By starting PWE3 tracert, PE1 can collect information about nodes that the LSP from PE1 to PE4 passes through. By comparing paths obtained by the PWE3 tracert and PW paths generated by the protocol, you can judge whether there is an error. If the PWE3 tracert obtains only information about PE4 (TTL=2) instead of information about P (TTL=1), it indicates that P does not support MPLS ping. If the PWE3 tracert obtains only information about P (TTL=1) instead of information about PE4 (TTL=2), it indicates that PE4 or the link between P and PE4 is faulty. If the PWE3 tracert obtains information about PE1, PE2, and PE4, it indicates that P may be faulty. A new path is generated by the protocol. As shown in Figure 6-14, an MH PW is set up between CE1 and CE2. the IDs of PW segments are different. The LSP is UPE1-P1-SPE1-SPE2-P2-UPE2. Figure 6-14 Networking diagram of PWE3 MH tracert
CE2

PWE3 MH tracert

SPE2 P1 P2 UPE1 SPE1

UPE2

CE1

The PWE3 tracert started on UPE1 can obtain correct response only from P1 and SPE1. SPE2 and UPE2 find that the "Remote PE Address" and "VC ID" are not consistent. This indicates that the PWE3 tracert passes through an MH PW. In addition, you can know the PW label switching from the downstream mapping information sent by each device. On SPE1, start PWE3 tracert to UPE1 or to SPE2 and UPE2. The PWE3 tracert to UPE1 is the same as the PWE3 SH tracert. The PWE3 tracert to SPE2 and UPE2 is PWE3 MH tracert. PWE3 tracert started on other PEs is the same as the preceding ones, and is not mentioned here.

The relations between MPLS ping and PWE3 ping and between MPLS tracert and PWE3 tracert are as follows: MPLS ping MPLS ping is similar to IP ping. The source node sends an MPLS echo request packet. The packet is forwarded by nodes along the LSP. When the packet reaches the egress in the MPLS area, the egress replies an MPLS echo reply packet. If the source node receives the MPLS echo reply packet from the destination node, the source node regards that the LSP can be used to forward data; otherwise, the source node regards that the LSP cannot be used to forward data.

MPLS tracert
Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd. Issue 03 (2008-09-22)

6-14

Quidway NetEngine80E/40E Core Router Configuration Guide - VPN

6 PWE3 Configuration

The source node of MPLS tracert continuously sends MPLS echo request packets with TTL values from one to a certain value. After the TTL of each node on the LSP expires, each node replies an MPLS echo reply packet. The ingress thus can collect information about each node on the LSP, and then locate the faulty node. At the same time, MPLS tracert can be used to collect important information about each node on the entire LSP, such as assigned labels.
l

PWE3 ping The principle of PWE3 ping is similar to that of MPLS ping and IP ping. The difference lies in that PWE3 ping uses a PW to forward MPLS echo request packets to judge whether the PW can be used to forward packets. When MPLS ping succeeds, PWE3 ping may fail.

PWE3 Tracert The principle of PWE3 tracert is similar to that of MPLS tracert and IP tracert. The difference lies in that PWE3 tracert uses a PW to forward MPLS echo request packets to collect information about nodes on the PW. When MPLS tracert succeeds, PWE3 tracert may fail.

CW
The PWE3 supports CW. The CW is a four-octet header in some encapsulations. The CW is used for sending packet information in MPLS PSN. On the PWE3 control plane, there is a bit symbolizing whether the CW presents on the PW or not. On the PWE3 data plane, if the CW is supported, a four-octet control word is added in the header of the packet to indicate the sequence of the packet. But in the following case control word can be used: the link between PE and PE is Ethernet, and the link between PE and CE is PPP. Because the MTU of the PPP packet is less than the MTU minimum of Ethernet packet, PPP negotiation fails. You can avoid this through CW, as adding control word lengthens the packet. Negotiation will be carried out successfully only when both endpoints of PW support CW, or both do not support CW at the control layer. The CW is optional. For static PW, CW requirements are configured manually.

VCCV-PING
The NE80E/40E supports VC Connectivity Verification (VCCV) negotiation and VCCV-PING on U-PEs of static PW, dynamic PW, SH-PW, and MH-PW. The VCCV-PING includes CW mode and MPLS router alert mode.
l l

The CW mode supports VC Connectivity Verification form U-PE to U-PE. The MPLS router alert mode supports VCCV-PING form U-PE to U-PE, and VCCV-PING form U-PE to S-PE.

PW Template
The PW template is a set of public attributes abstracted from PWs, which enables sharing of different PWs. For the sake of scalability, the command mode of PW template is added to set some public attributes of PW. When creating PW in the interface mode, you can use this template. The PW can be bound with PW template and can be reset.
Issue 03 (2008-09-22) Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd. 6-15

6 PWE3 Configuration

Quidway NetEngine80E/40E Core Router Configuration Guide - VPN

Other Features
The other NE80E/40E features are as follows:
l

Supporting the PW protection (The signaling is LDP). You can configure two PWs with different PW ID on the same interface. One serves as master, and the other serves as backup. When the master fails, the service is switched to the backup automatically. This configuration fits better for Multi-Hop. Supporting the PW to be configured in VLANIF interface and trunk interface. Supporting the PW QoS. Supporting the PWE3 configuration on Layer 2 devices.

l l l

6.2 Configuring Attributes of a PW Template


This section describes how to configure attributes for a PW template. 6.2.1 Establishing the Configuration Task 6.2.2 Creating PW Template 6.2.3 Setting Attributes for the PW Template 6.2.4 Checking the Configuration

6.2.1 Establishing the Configuration Task


Applicable Environments
Using the pw-template command, you can set attributes for a PW, such as: peer, VCCV, CW, and tunnel policy. Importing the PW template simplifies the process of configuring the PW with similar attributes. The PW template is configured on U-PE. To verify the PW connectivity, you must configure the PW with PW template.
NOTE

Some PW attributes such as MTU, PW type, and encapsulation type are obtained from the interfaces directly connected with the CE. Therefore, those parameters do not need manual configuration.

Pre-configuration Tasks
Before configuring attributes of a PW template, you need to complete the following tasks:
l l

Configuring the basic MPLS functions Enabling MPLS L2VPN

Data Preparation
To configure attributes of a PW template, you need the following data. All this data is optional.

6-16

Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd.

Issue 03 (2008-09-22)

Quidway NetEngine80E/40E Core Router Configuration Guide - VPN

6 PWE3 Configuration

No. 1 2 3

Data Peer IP address Name of the tunnel policy Name and attributes of the PW template, such as CW and VCCV.

6.2.2 Creating PW Template


Context
Do as follows on the PEs on the two ends of the PW.

Procedure
Step 1 Run:
system-view

The system view is displayed. Step 2 Run:


mpls l2vpn

MPLS L2VPN is enabled. Step 3 Run:


quit

Return to the system. Step 4 Run:


pw-template pw-template-name

A PW template is created. ----End

6.2.3 Setting Attributes for the PW Template


Context
Do as follows on the PEs on the two ends of the PW.

Procedure
Step 1 Run:
pw-template pw-template-name

The template view is displayed. Step 2 Run:


peer-address ip-address

Issue 03 (2008-09-22)

Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd.

6-17

6 PWE3 Configuration

Quidway NetEngine80E/40E Core Router Configuration Guide - VPN

The address of remote PW is specified. Step 3 Run:


control-word

The control word is enabled. Step 4 Run:


vccv cc { alert | cw } * cv { bfd | lsp-ping } *

Detection on the connectivity of VCs is enabled. Step 5 Run:


tunnel-policy policy-name

The tunnel policy of PW is specified. ----End

6.2.4 Checking the Configuration


Run the following command to check the previous configuration. Action Check information about the PW template. Command display pw-template [ pw-template-name ]

Run the display pw-template command. You can view the PW template name and parameters that you have configured. For example:
<Quidway> display pw-template Total PW template number : 2 PW Template Name : pwt1 PeerIP : 1.1.1.1 Tnl Policy Name : -CtrlWord : Enable VCCV Capability : cw bfd Behavior Name : -Total PW : 1, Static PW : 0, LDP PW : 1, Rsvp PW : 0 PW Template Name : pwt2 PeerIP : 2.2.2.2 Tnl Policy Name : -CtrlWord : Enable VCCV Capability : cw bfd Behavior Name : -Total PW : 1, Static PW : 0, LDP PW : 1, Rsvp PW : 0

6.3 Configuring Static PWs


This section describes how to configure static PW. 6.3.1 Establishing the Configuration Task 6.3.2 Enabling MPLS L2VPN 6.3.3 Creating Static PW Connection 6.3.4 Checking the Configuration
6-18 Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd. Issue 03 (2008-09-22)

Quidway NetEngine80E/40E Core Router Configuration Guide - VPN

6 PWE3 Configuration

6.3.1 Establishing the Configuration Task


Applicable Environment
Static PW does not use signaling protocols to send the L2VPN message. Packets are transmitted between PEs through the tunnel. The tunnel types of static PW contain Static LSP, LDP LSP, GRE and CR-LSP. By default, LDP LSP is used.

Pre-configuration Tasks
Before configuring MPLS static PWs, complete the following tasks:
l l l l

Configuring MPLS backbone's IGP to implement IP interconnectivity Enabling MPLS for PEs Setting up tunnels of the relevant type between PEs according to the tunnel policy in use Configuring sub-interfaces when the AC type is VLAN, configuring virtual circuits when the AC type is ATM

Data Preparation
To configure MPLS static PWs, you need the following data. No. 1 2 3 4 Data Interface type and number of the interface for CE access Destination LSR ID of static PW The label value received and sent in L2VPN. Tunnel policy of Static PW

6.3.2 Enabling MPLS L2VPN


Context
Do as follows on the PEs on the two ends of the PW.

Procedure
Step 1 Run:
system-view

The system view is displayed. Step 2 Run:


mpls l2vpn

Issue 03 (2008-09-22)

Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd.

6-19

6 PWE3 Configuration

Quidway NetEngine80E/40E Core Router Configuration Guide - VPN

MPLS L2VPN is enabled. Before configuring the MPLS L2VC connection, enable MPLS L2VPN. ----End

6.3.3 Creating Static PW Connection


Context
Do as follows on the PEs on the two ends of the PW.

Procedure
Step 1 Run:
system-view

The system view is displayed. Step 2 Run:


interface interface-type interface-number[.subinterface-number]

The view of the interface attached to AC is displayed. Step 3 Run:


mpls static-l2vc { destination ip-address | pw-template pw-template-name vc-id } * transmit-vpn-label transmit-label-value receive-vpn-label receive-label-value [ tunnel-policy tnl-policy-name | [ control-word | no-control-word ] | [ raw | tagged | ip-interworking ] ] *

A static PW connection is configured.


NOTE

The parameters raw and tagged are needed only for the Ethernet link.
NOTE

VC-IDs of both PWs to switch should not be 0. Therefore, when configuring the static PW to switch, you are recommended to configure with PW template.

----End

6.3.4 Checking the Configuration


Run the following command to check the previous configuration. Action Check information about the specified static PW on PEs. Command display mpls static-l2vc [ vc-id | interface interface-type interface-number | state { down | up } ]

Run the display mpls static-l2vc [ vc-id | interface interface-type interface-number | state { down | up } ] command, and you can view that VC State of the PW is up. For example:
<Quidway> display mpls static-l2vc interface pos 1/0/0

6-20

Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd.

Issue 03 (2008-09-22)

Quidway NetEngine80E/40E Core Router Configuration Guide - VPN

6 PWE3 Configuration

*Client Interface : Pos1/0/0 is up AC Status : up VC State : up VC ID : 100 VC Type : PPP Destination : 3.3.3.9 Transmit VC Label : 100 Receive VC Label : 100 Control Word : Disable VCCV Capability : Disable Tunnel Policy : -PW Template Name : pwt Traffic Behavior : -Main or Secondary : Main VC tunnel/token info : 1 tunnels/tokens NO.0 TNL Type : lsp , TNL ID : 0x2002003 Create time : 0 days, 0 hours, 13 minutes, 7 seconds UP time : 0 days, 0 hours, 10 minutes, 23 seconds Last change time : 0 days, 0 hours, 10 minutes, 23 seconds

6.4 Configuring Dynamic PWs


This section describes how to configure dynamic PW. 6.4.1 Establishing the Configuration Task 6.4.2 Enabling MPLS L2VPN 6.4.3 Creating Dynamic PW 6.4.4 Checking the Configuration

6.4.1 Establishing the Configuration Task


Applicable Environment
Dynamic PW uses extended LDP to transmit Layer 2 information and VC labels. Dynamic PW is required to be configured on PEs of both endpoints of PW.

Pre-configuration Tasks
Before configuring dynamic PWs, complete the following tasks:
l

Configuring an IGP protocol on PEs and Ps in the MPLS backbone network for IP connectivity Configuring basic MPLS functions in the backbone network Establishing related tunnels between PEs according to the tunnel policy Setting up remote LDP sessions between PEs Configuring sub-interfaces when the AC type is VLAN, configuring VCs when the AC type is ATM
NOTE

l l l l

PWE3 does not support Point-to-Multipoint (P2MP). Therefore, if MPLS L2VCs are created on ATM sub interfaces, the ATM sub interfaces must be Point-to-Point (P2P) interfaces. ATM cell transport can be configured on both P2MP interfaces and P2P interfaces.

Issue 03 (2008-09-22)

Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd.

6-21

6 PWE3 Configuration

Quidway NetEngine80E/40E Core Router Configuration Guide - VPN

Data Preparation
To configure dynamic PW, you need the following data. No. 1 2 3 Data Type and number of the interface connected with CE Destination address of L2VC and VC ID Policy name of the tunnel

6.4.2 Enabling MPLS L2VPN


Context
Do as follows on the U-PEs.

Procedure
Step 1 Run:
system-view

The system view is displayed. Step 2 Run:


mpls l2vpn

MPLS L2VPN is enabled. Before configuring the MPLS L2VC connection, enable MPLS L2VPN. ----End

6.4.3 Creating Dynamic PW


Context
Do as follows on the U-PEs.

Procedure
Step 1 Run:
system-view

The system view is displayed. Step 2 Run:


interface interface-type interface-number[.subinterface-number]

The interface view of the interface attached to AC is displayed.


6-22 Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd. Issue 03 (2008-09-22)

Quidway NetEngine80E/40E Core Router Configuration Guide - VPN

6 PWE3 Configuration

Step 3 Run:
mpls l2vc { ip-address | pw-template pw-template-name } * vc-id [ group-id groupid ] [ [ control-word | no-control-word ] | [ raw | tagged | ip-interworking | iplayer2 ] | tunnel-policy policy-name] * [ secondary ]

An MPLS L2VPN connection for dynamic PW is configured.


NOTE

l l

raw and tagged are needed only for the Ethernet link. secondary is used to configure a backup PW. The backup PW can be configured only after the master PW is configured. For the detailed configuration, see Configuring a Backup PW

NOTE

l l

On the same endpoint, the combination of PW ID and PW type must be unique, but PW ID on both endpoints of switch PW can be identical. When configuring the dynamic PW, if the Huawei devices are connected with non-Huawei devices in internetworking mode, choose ip-layer2; if all the connected devices are Huawei products, choose ipinterworking.

----End

6.4.4 Checking the Configuration


Run the following commands to check the previous configuration. Action Check information about the specified PW on the local PE. Check brief information about the specified PW on the local PE. Check information about the PW of the remote PE on the local PE Command display mpls l2vc [ vc-id | interface interface-type interface-number ] display mpls l2vc brief display mpls l2vc remote-info [ vc-id ]

Run the display mpls l2vc [ vc-id | interface interface-type interface-number ] command, you can view that VC state is up. For example:
<Quidway> display mpls l2vc interface gigabitethernet 1/0/0.1 *client interface : GigabitEthernet1/0/0.1 is up session state : up AC state : up VC state : up VC ID : 100 VC type : VLAN destination : 192.3.3.3 local group ID : 0 remote group ID : 0 local VC label : 21504 remote VC label : 21504 local AC OAM State : up local PSN State : up local forwarding state : forwarding remote AC OAM state : up remote PSN state : up remote forwarding state: forwarding BFD for PW : unavailable manual fault : not set active state : active

Issue 03 (2008-09-22)

Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd.

6-23

6 PWE3 Configuration
forwarding entry link state local VC MTU local VCCV remote VCCV local fragmentantion local control word tunnel policy traffic behavior PW template name primary or secondary VC tunnel/token info NO.0 TNL type : gre create time up time last change time : : : : : : : : : : : :

Quidway NetEngine80E/40E Core Router Configuration Guide - VPN


exist up 1500 remote VC MTU : 1500 Disable Disable disable remote fragmentantion: disable disable remote control word : disable policy1 --primary 1 tunnels/tokens , TNL ID : 0x12002003 : 0 days, 0 hours, 2 minutes, 23 seconds : 0 days, 0 hours, 0 minutes, 13 seconds : 0 days, 0 hours, 0 minutes, 13 seconds

Run the display mpls l2vc brief command. You can find that destination is the peer IP address of the specified VC and VC state is up. For example:
<Quidway> display mpls l2vc brief Total ldp vc : 1 1 up 0 down *Client Interface VC State VC ID VC Type Destination : : : : : GigabitEthernet1/0/0.1 up 101 VLAN 3.3.3.9

Run the display mpls l2vc remote-info command, and you can view that Peer Addr is the peer address of the specified VC. For example:
<Quidway> display mpls l2vc remote-info Total remote ldp vc : 1 Transport Group Peer Remote VC ID ID Addr Encap 100 0 192.3.3.3 vlan

Remote VC Label 21504

C MTU/ N S Bit CELLS Bit Bit 0 1500 1 0

6.5 Configuring PW Switching


This section describes how to configure PW switching. 6.5.1 Establishing the Configuration Task 6.5.2 Configuring PW Switching 6.5.3 Checking the Configuration

6.5.1 Establishing the Configuration Task


Applicable Environment
To support Multi-Hop, the PW switching is needed. MH-PW requires switching labesl at PW label layer while forwarding packets. PW switching must be configured on the S-PE with high performance and capability of setting up large numbers of MPLS LDP sessions. When configuring MH-PW, you need PW switching on the S-PE. In the following three cases, PW switching is required:
6-24 Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd. Issue 03 (2008-09-22)

Quidway NetEngine80E/40E Core Router Configuration Guide - VPN


l

6 PWE3 Configuration

Two PEs are not located in the same AS and no signaling or tunnel can be set up between the two PEs. (If inter-AS tunnel is set up by the BGP labeled route, MH-PW is not required.) The signaling of two PEs differs from each other. If access device supports MPLS, but cannot set up large numbers of LDP session, you can use User Facing Provider Edge (UFPE) as U-PE. And you can use the S-PE as the switching node of LDP session, which is similar to signaling reflector.

l l

Pre-configuration Tasks
Before configuring PW switching, complete the following tasks:
l l l

Enabling MPLS L2VPN on the PEs Configuring Static PW on U-PEs if the PW switching is between two static PWs Configuring Dynamic PW on U-PEs if the PW switching is between two dynamic PWs

Data Preparation
To configure PW switching, you need the following data. No. 1 2 3 4 Data IP address and VC-ID of static PWs or dynamic PWs to-be-switch Encapsulation type of L2VC Sending label and receiving label of L2VPN if the PW to be switched is a static PW The MTU values of the interfaces on the two ends of the PW if the PW to be switched is a static PW

6.5.2 Configuring PW Switching


Context
The PW switching has three modes:
l l l

Static PWs switching: Both PWs used to switch are static. Dynamic PWs switching: Both PWs used to switch are dynamic. Mixed PWs switching: One of the PWs is dynamic, and the other is static.

Procedure
l Static PW Switching Do as follows on the S-PEs. 1. Run:
system-view

The system view is displayed.


Issue 03 (2008-09-22) Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd. 6-25

6 PWE3 Configuration

Quidway NetEngine80E/40E Core Router Configuration Guide - VPN

2.

Run:
mpls switch-l2vc ip-address vc-id trans trans-label recv received-label between ip-address vc-id trans trans-label recv received-label encapsulation { atm-1to1-vcc | atm-1to1-vpc | atm-aal5-sdu | atm-nto1-vcc | atm-nto1-vpc | atm-trans-cell | ethernet | hdlc | ip-interworking | iplayer2 | ppp | vlan } [ control-word [ cc { alert | cw } * cv lsp-ping ] | [ no-control-word ] [ cc alert cv lsp-ping ] ]

The static PWs switching is enabled. To configure static PWs switching, you must configure PW labels. Enable CW and VCCV if required. The conditions of setting up a static SH-PW are as follows:

On U-PE, once the AC state is up and PSN tunnel exists, the PW state is up. On the S-PE, once the PSN tunnels on both sides exist, the PW is in up state. This is regardless of whether the PW encapsulation of S-PE is consistent with that of U-PE or not.

For the sake of management convenience, it is recommended to configure the same PW encapsulation type on the devices along the PW (U-PE and S-PE). l Dynamic PW Switching Do as follows on the S-PEs. 1. Run:
system-view

The system view is displayed. 2. Run:


mpls switch-l2vc ip-address vc-id between ip-address vc-id encapsulation { atm-1to1-vcc | atm-1to1-vpc | atm-aal5-sdu | atm-nto1-vcc | atm-nto1vpc | atm-trans-cell | ethernet | hdlc | ip-interworking | ip-layer2 | ppp | vlan }

The dynamic PWs switching is configured. The remote labels are sent from both neighboring endpoints (U-PE or S-PE) to this S-PE through the signaling. The CW and VCCV are sent from two U-PEs to this SPE using the signaling. When configuring dynamic PWs switching, ensure that the PW encapsulation type is consistent on the devices along the PW (U-PE and S-PE). l Mixed PW Switching
NOTE

While configuring mixed PWs switching, note that the parameters "ip-address" and "vc-id" before "between" in the command are that of dynamic PW, while the ones after "between" are that of static PW. Both these cannot be interchanged.

Do as follows on the S-PEs. 1. Run:


system-view

The system view is displayed. 2. Run:


mpls switch-l2vc ip-address vc-id between ip-address vc-id trans translabel recv received-label encapsulation { atm-1to1-vcc | atm-1to1-vpc |

6-26

Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd.

Issue 03 (2008-09-22)

Quidway NetEngine80E/40E Core Router Configuration Guide - VPN

6 PWE3 Configuration

atm-aal5-sdu | atm-nto1-vcc | atm-nto1-vpc | atm-trans-cell | ethernet | hdlc | ip-interworking | ip-layer2 | ppp | vlan } [ mtu mtu-value ] [ control-word [ cc { alert | cw } * cv lsp-ping ] | [ no-control-word ] [ cc alert cv lsp-ping ] ]

The mixed PWs switching is enabled For mixed PWs switching, static PWs needs to be configured with PW label. Enable CW and VCCV if required. When configuring the mixed PWs switching, ensure that the following MTUs are the same:

Local MTU of the dynamic PW Peer MTU of the dynamic PW Local MTU of the static PW Peer MTU of the static PW
NOTE

When configuring the mixed PW, if the Huawei devices are connected with non-Huawei devices in internetworking mode, choose ip-layer2; if all the connected devices are Huawei products, choose ip-interworking. In the internetworking connection, the MTU values of the interfaces on the two ends must be the same and cannot be large than 1500 bytes.

----End

6.5.3 Checking the Configuration


Run the following command to check the previous configuration. Action Check information about the PW switching on S-PEs. Command display mpls switch-l2vc [ ip-address vc-id encapsulation { encapsulation-type | ip-interworking | ip-layer2 } | state { down | up } ]

Run the display mpls switch-l2vc [ ip-address vc-id encapsulation { encapsulation-type | ipinterworking | ip-layer2 } | state { down | up } ] command. You can view the VC status is Up. For example:
<Quidway> display mpls switch-l2vc Total Switch VC : 1, 1 up, 0 down *Switch-l2vc type : LDP<---->LDP Peer IP Address : 5.5.5.9, 1.1.1.9 VC ID : 200, 100 VC Type : PPP VC State : up VC StatusCode |PSN |OAM | FW | |PSN |OAM | FW | -Local VC :| UP | UP | UP | | UP | UP | UP | -Remote VC:| UP | UP | UP | | UP | UP | UP | Session State : up, up Local/Remote Label : 21504/21504, 21505/21504 Local/Remote MTU : 1500/1500, 1500/1500 Local/Remote Control Word : Enable/Enable, Enable/Enable Local/Remote VCCV Capability : cw lsp-ping/cw lsp-ping, cw lsp-ping/cw lsp-ping Local/Remote Frag Capability : Disable/Disable, Disable/Disable

Issue 03 (2008-09-22)

Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd.

6-27

6 PWE3 Configuration
Switch-l2vc tunnel info : 1 tunnels NO.0 TNL 1 tunnels NO.0 TNL : 0 days, 0 : 0 days, 0 : 0 days, 0

Quidway NetEngine80E/40E Core Router Configuration Guide - VPN

Create time UP time Last change time

for peer 5.5.5.9 Type : lsp , TNL ID : 0x2002006 for peer 1.1.1.9 Type : lsp , TNL ID : 0x1002000 hours, 13 minutes, 1 seconds hours, 3 minutes, 58 seconds hours, 3 minutes, 58 seconds

6.6 Configuring a Backup PW


This section describes how to configure a backup PW. 6.6.1 Establishing the Configuration Task 6.6.2 Configuring Backup PWs 6.6.3 Checking the Configuration

6.6.1 Establishing the Configuration Task


Applicable Environment
In the PW FRR network where CEs are not symmetrically connected, you are required to configure backup PWs. Figure 6-15 Asymmetrically connected CEs
P1 PE1 VPN backbone AC1 AC3 Site1 P2 PE3 Site2 PE2

AC2 CE2

CE1

As shown in Figure 6-15, the master PW and backup PW need to be configured on PE1. Only one PW is required on PE2 and PE3. For inter-AS L2VPN and MH PWE3, the ASBR and SPE do not distinguish the master and backup PWs.

Pre-configuration Tasks
Before configuring a backup PW, complete the following tasks:
l

Configuring an IGP protocol on PEs and Ps in the MPLS backbone network for IP connectivity Enabling MPLS on PEs and Ps
Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd. Issue 03 (2008-09-22)

6-28

Quidway NetEngine80E/40E Core Router Configuration Guide - VPN


l

6 PWE3 Configuration

Setting up the tunnels (CR-LSP, LSP) used by the master and backup PWs between PEs on the master and backup paths Configuring the tunnel policy when the tunnels are CR-LSPs and not configuring the tunnel policy when the LSP is used as a tunnel Configuring the master PW on PEs on the master path Configuring a PW on the PE on the backup path, without distinguishing the master and backup PWs Configuring the PW template and enabling the CW when configuring PWs Configuring the IP addresses of the interfaces connecting the CEs to the PEs

l l

l l

Data Preparation
To configure a backup PW, you need the following data. No. 1 2 Data (Optional) tunnel policy used by the backup PW Destination address and VC ID of the backup PW

6.6.2 Configuring Backup PWs


Context
Do as follows on the PE to which a CE is connected through only one link:
NOTE

The types of the master and backup PWs must be consistent. That is, the encapsulation types of the master and backup PWs must be consistent.

Procedure
Step 1 Run:
system-view

The system view is displayed. Step 2 Run:


interface interface-type interface-number

The AC interface view is displayed. Step 3 Run:


mpls l2vc pw-template pw-template-name vc-id [ tunnel-policy policy-name ] ipinterworking secondary

A backup VC connection is configured. The ID of the backup VC cannot be the same as that of the master VC. As for the scenario of asymmetrical access of CEs, you need pay attention to the following:
Issue 03 (2008-09-22) Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd. 6-29

6 PWE3 Configuration
l

Quidway NetEngine80E/40E Core Router Configuration Guide - VPN

When the CE accesses the PE through the Ethernet, the PE can only be configured with the homogenous transport. When the CE accesses the PE through PPP, or HDLC:

PE can only be configured with the heterogeneous transport. The interface on CE1 that connects PE1 can be configured with the primary and secondary IP addresses. The master PW forwards packets through the primary IP address, and the backup PW forwards packets through the secondary IP address. CEs can advertise routes to each other through OSPF. OSPF, however, does not support the route advertised by the secondary IP address. If the device with the secondary IP address is connected with other devices, it cannot achieve the route forwarding.

----End

6.6.3 Checking the Configuration


Run the following command to check the previous configuration. Action Check the status of a PW. Check the brief information of a PW. Command display mpls l2vc [ vc-id | interface interface-type interfacenumber | remote-info [ vc-id ] | state { down | up } ] display mpls l2vc brief

After the configuration is successful, the following results are displayed when the display mpls l2vc [ vc-id | interface interface-type interface-number | remote-info [ vc-id ] | state { down | up } ] command is used on the PE to which a CE is connected through only one link:
l l

The statuses of the master and backup PWs are up. VC state of the master PW is active, and VC state of the backup PW is inactive.

For example:
<Quidway> display mpls l2vc interface pos 1/0/0 *client interface : Pos1/0/0 is up session state : up AC state : up VC state : up VC ID : 100 VC type : IP-interworking destination : 3.3.3.3 local group ID : 0 remote group ID local VC label : 21504 remote VC label local AC OAM State : up local PSN State : up local forwarding state : forwarding remote AC OAM state : up remote PSN state : up remote forwarding state: forwarding BFD for PW : available BFD sessionIndex : 257 BFD state : up manual fault : not set active state : active forwarding entry : exist link state : up

: 0 : 21504

6-30

Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd.

Issue 03 (2008-09-22)

Quidway NetEngine80E/40E Core Router Configuration Guide - VPN

6 PWE3 Configuration

local VC MTU : 1500 remote VC MTU : 1500 local VCCV : cw bfd remote VCCV : cw bfd local fragmentantion : disable remote fragmentantion: disable local control word : enable remote control word : enable tunnel policy : p1 traffic behavior : -PW template name : 1to3 primary or secondary : primary VC tunnel/token info : 1 tunnels/tokens NO.0 TNL type : cr lsp, TNL ID : 0x42002002 create time : 0 days, 0 hours, 56 minutes, 39 seconds up time : 0 days, 0 hours, 18 minutes, 2 seconds last change time : 0 days, 0 hours, 18 minutes, 2 seconds *client interface : Pos1/0/0 is up session state : up AC state : up VC state : up VC ID : 200 VC type : IP-interworking destination : 2.2.2.2 local group ID : 0 remote group ID : 0 local VC label : 21505 remote VC label : 21504 local AC OAM state : up local PSN state : up local forwarding state : forwarding remote AC OAM state : up remote PSN state : up remote forwarding state: forwarding BFD for PW : available BFD sessionIndex : 256 BFD state : up manual fault : not set active state : inactive forwarding entry : existent link state : up local VC MTU : 1500 remote VC MTU : 1500 local VCCV : cw bfd remote VCCV : cw bfd local fragmentation : disable remote fragmentation: disable local control word : enable remote control word : enable tunnel policy : -traffic behavior : -PW template name : 1to2 primary or secondary : secondary VC tunnel/token info : 1 tunnels/tokens NO.0 TNL type : lsp , TNL ID : 0x2002004 create time : 0 days, 0 hours, 56 minutes, 39 seconds up time : 0 days, 0 hours, 18 minutes, 2 seconds last change time : 0 days, 0 hours, 18 minutes, 2 seconds reroute policy : delay 30 s, resume 0 s reason of last reroute : Remote PSN fault time of last reroute : 0 days, 0 hours, 18 minutes, 2 seconds delay timer ID : -rest time :-resume timer ID : -rest time :--

Run the display mpls l2vc brief command. You can find that destination is the peer IP address of the specified VC and VC state is up. For example:
<Quidway> display mpls l2vc brief Total ldp vc : 1 1 up 0 down *Client Interface VC State VC ID VC Type Destination : : : : : GigabitEthernet1/0/0.1 up 101 VLAN 3.3.3.9

Issue 03 (2008-09-22)

Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd.

6-31

6 PWE3 Configuration

Quidway NetEngine80E/40E Core Router Configuration Guide - VPN

6.7 Configuring Static BFD for PW


This section describes how to configure static BFD for PW. 6.7.1 Establishing the Configuration Task 6.7.2 Enabling Global BFD 6.7.3 Configuring BFD for PW 6.7.4 Checking the Configuration

6.7.1 Establishing the Configuration Task


Applicable Environment
In MPLS-based L2VPNs, if PWs are set up between PEs, BFD can be used to detect faults of the PWs. In this way, the speed for sensing link faults and the speed of the fast switchover of applications at the upper layer are accelerated. When the master and backup PWs are configured on a PE to protect links, BFD sessions need to be set up to detect the master and backup PWs respectively. When static BFD for PW is configured, BFD can work only in asynchronous mode. BFD control packets are encapsulated in PW control packets and PWs distinguish control packets from data packets by using CWs; therefore, PWs to be detected must be set up by using PW templates and CWs and BFD must be used to detect the connectivity of VCs.

Pre-configuration Tasks
Before configuring static BFD for PW, complete the following tasks:
l l

Configuring IP parameters to make each node reachable Configuring PWs


NOTE

PWs must be set up on AC interfaces on PEs.

Data Preparation
To configure static BFD for PW, you need the following data. No. 1 2 3 Data Name of a BFD session Interfaces where PWs reside (AC interfaces) Local discriminator and remote discriminator of a BFD session

6-32

Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd.

Issue 03 (2008-09-22)

Quidway NetEngine80E/40E Core Router Configuration Guide - VPN

6 PWE3 Configuration

6.7.2 Enabling Global BFD


Procedure
Step 1 Run:
system-view

The system view is displayed. Step 2 Run:


bfd

Global BFD is enabled on the local node and the global BFD view is displayed. ----End

6.7.3 Configuring BFD for PW


Context
Do as follows on the PEs on the two ends of the PW to be detected:

Procedure
Step 1 Run:
system-view

The system view is displayed. Step 2 Run:


bfd bfd-name bind pw interface interface-type interface-number [ secondary ]

A BFD configuration entry is created. interface interface-type interface-number specifies the AC interface where the PW resides. When the PW to be detected is a backup PW, you must select secondary. Step 3 Run:
discriminator local discr-value

The local discriminator is set. And run:


discriminator remote discr-value

The remote discriminator is set. Step 4 Run:


commit

The configuration is committed. When the status of the PW is Down, the BFD session is created successfully but cannot be Up. ----End
Issue 03 (2008-09-22) Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd. 6-33

6 PWE3 Configuration

Quidway NetEngine80E/40E Core Router Configuration Guide - VPN

6.7.4 Checking the Configuration


Run the following commands to check the previous configuration. Action Check the BFD configuration. Check information about the BFD session. Command display bfd configuration pw interface interface-type interface-number [ secondary] [ verbose ] display bfd session pw interface interface-type interface-number [ secondary] [ verbose ]

Run the display bfd configuration pw interface interface-type interface-number [ secondary] [ verbose ] command, and you can view discriminators of the BFD session, the type of the PW that is bound to the BFD session, and the type of the BFD session. For example:
<Quidway> display bfd configuration pw interface pos 1/0/0 verbose -------------------------------------------------------------------------------BFD Session Configuration Name : 1to2 -------------------------------------------------------------------------------Local Discriminator : 12 Remote Discriminator : 21 BFD Bind Type : PW(Master) Bind Session Type : Static Bind Interface : pos1/0/0 TOS-EXP : 6 Local Detect Multi : 3 Min Tx Interval (ms) : 1000 Min Rx Interval (ms) : 1000 WTR Interval (ms) : -Process PST : Enable Proc interface status : Disable Local Demand Mode : Disable Bind Application : L2VPN | OAM_MANAGER | MPLSFW Session Description : --------------------------------------------------------------------------------Total Commit/Uncommit CFG Number : 1/0

Run the display bfd session pw interface interface-type interface-number [ secondary] [ verbose ] command, and you can view the status of the BFD session, discriminators of the BFD session, the type of the PW that is bound to the BFD session, and the type of the BFD session. For example:
<PE1> display bfd session pw interface pos 1/0/0 verbose -------------------------------------------------------------------------------Session MIndex : 256 (One Hop) State : Up Name : 1to2 -------------------------------------------------------------------------------Local Discriminator : 12 Remote Discriminator : 21 Session Detect Mode : Asynchronous Mode Without Echo Function BFD Bind Type : PW(Master) Bind Session Type : Static Bind Peer Ip Address : --.--.--.-NextHop Ip Address : --.--.--.-Bind Interface : pos1/0/0 FSM Board Id : 1 TOS-EXP : 6 Min Tx Interval (ms) : 1000 Min Rx Interval (ms) : 1000 Actual Tx Interval (ms): 1000 Actual Rx Interval (ms): 1000 Local Detect Multi : 3 Detect Interval (ms) : 3000 Echo Passive : Disable Acl Number : -Proc interface status : Disable Process PST : Enable WTR Interval (ms) : -Local Demand Mode : Disable Active Multi : 3 Last Local Diagnostic : No Diagnostic Bind Application : L2VPN | OAM_MANAGER | MPLSFW Session TX TmrID : -Session Detect TmrID : -Session Init TmrID : -Session WTR TmrID : --

6-34

Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd.

Issue 03 (2008-09-22)

Quidway NetEngine80E/40E Core Router Configuration Guide - VPN

6 PWE3 Configuration

Session Echo Tx TmrID : -PDT Index : FSM-0 | RCV-0 | IF-0 | TOKEN-0 Session Description : --------------------------------------------------------------------------------Total UP/DOWN Session Number : 1/0

6.8 Configuring Dynamic BFD for PW


This section describes how to configure dynamic BFD for PW. 6.8.1 Establishing the Configuration Task 6.8.2 Enabling Glocal BFD 6.8.3 Configuring Attributes of the PW Template 6.8.4 (Optional) Adjusting BFD Parameters 6.8.5 Configuring PWs 6.8.6 Tiggering Dynamic BFD for PW 6.8.7 Checking the Configuration

6.8.1 Establishing the Configuration Task


Applicable Environment
In the MPLS L2VPN where PWs are used as transmission tunnels, dynamic BFD for PW is used to fast detect faults of PWs. Once a PW is faulty, the master and backup PWs switchover can be fast performed to lessen the impact on carried services. For BFD for PW except BGP PW, BFD packets are encapsulated by using the CWs of the PWs. So, the PW to be detected must be created by using the PW template. Currently, you can only detect SH PW by using BFD.

Pre-configuration Tasks
Before configuring dynamic BFD for PW, complete the following tasks:
l l

Configuring basic MPLS functions Configuring PWs

Data Preparation
To configure dynamic BFD for PW, you need the following data. No. 1 2 Data VC ID of a PW BFD parameters

Issue 03 (2008-09-22)

Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd.

6-35

6 PWE3 Configuration

Quidway NetEngine80E/40E Core Router Configuration Guide - VPN

6.8.2 Enabling Glocal BFD


Context
Do as follows on the PEs at the two ends of the PW:

Procedure
Step 1 Run:
system-view

The system view is displayed. Step 2 Run:


bfd

Global BFD is enabled on the local node and the global BFD view is displayed. ----End

6.8.3 Configuring Attributes of the PW Template


Context
Do as follows on the PEs at the two ends of the PW:

Procedure
Step 1 Run:
system-view

The system view is displayed. Step 2 Run:


pw-template pw-template-name

The PW template view is displayed. Step 3 Run:


control-word

The two PEs are enabled to support CWs. Step 4 Run:


vccv cc { alert | cw } * cv lsp-ping bfd

BFD packets are carried in the detection of VC connectivity. ----End

6.8.4 (Optional) Adjusting BFD Parameters


Context
Do as follows on the PEs at the two ends of the PW:
6-36 Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd. Issue 03 (2008-09-22)

Quidway NetEngine80E/40E Core Router Configuration Guide - VPN

6 PWE3 Configuration

Procedure
Step 1 Run:
system-view

The system view is displayed. Step 2 Run:


pw-template pw-template-name

The PW template view is displayed. Step 3 Run:


bfd-detect [ detect-multiplier multiplier | min-rx-interval rx-interval | min-txinterval tx-interval ] *

Time parameters of BFD are set. ----End

6.8.5 Configuring PWs


For detailed configuration, see "Configuring Static PWs, Configuring Dynamic PWs, or Configuring PW Switching". You can select one of the configurations as required.

6.8.6 Tiggering Dynamic BFD for PW


Context
Do as follows on the PEs at the two ends of the PW:

Procedure
Step 1 Run:
system-view

The system view is displayed. Step 2 Run:


interface interface-type interface-number

The AC interface view is displayed. Step 3 Run:


mpls l2vpn pw bfd [ detect-multiplier multiplier | min-rx-interval rx-interval | min-tx-interval tx-interval ] * [ remote-vcid vc-id ] [ secondary ]

A BFD session is dynamically set up to detect PWs. After this command is used, the BFD session is created immediately. This command can also be used to adjust BFD detection parameters. To detect backup PWs, secondary must be used.
Issue 03 (2008-09-22) Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd. 6-37

6 PWE3 Configuration
NOTE

Quidway NetEngine80E/40E Core Router Configuration Guide - VPN

BFD for PW must be configured or deleted on the two PEs of a PW simultaneously; otherwise, the PW statuses on the two PEs are different.

----End

6.8.7 Checking the Configuration


Run the following commands to check the previous configuration. Action Check the BFD configuration. Check information about the BFD session. Command display bfd configuration pw interface interface-type interface-number [ secondary] [ verbose ] display bfd session pw interface interface-type interface-number [ secondary] [ verbose ]

Run the display bfd configuration pw interface interface-type interface-number [ secondary] [ verbose ] command, and you can view discriminators of the BFD session, the type of the PW that is bound to the BFD session, and the type of the BFD session. For example:
<Quidway> display bfd configuration pw interface pos 1/0/0 verbose -------------------------------------------------------------------------------BFD Session Configuration Name : dyn_8192 -------------------------------------------------------------------------------Local Discriminator : 8192 Remote Discriminator : 8192 BFD Bind Type : PW(Master) Bind Session Type : Dynamic Bind Interface : Pos1/0/0 TOS-EXP : 6 Local Detect Multi : 3 Min Tx Interval (ms) : 100 Min Rx Interval (ms) : 100 WTR Interval (ms) : -Process PST : Enable Proc interface status : Disable Local Demand Mode : Disable Bind Application : L2VPN | OAM_MANAGER | MPLSFW Session Description : --------------------------------------------------------------------------------Total Commit/Uncommit CFG Number : 1/0

Run the display bfd session pw interface interface-type interface-number [ secondary] [ verbose ] command, and you can view the status of the BFD session, discriminators of the BFD session, the type of the PW that is bound to the BFD session, and the type of the BFD session. For example:
<Quidway> display bfd session pw interface pos 1/0/0 verbose -------------------------------------------------------------------------------Session MIndex : 256 (One Hop) State : Up Name : dyn_8192 -------------------------------------------------------------------------------Local Discriminator : 8192 Remote Discriminator : 8192 Session Detect Mode : Asynchronous Mode Without Echo Function BFD Bind Type : PW(Master) Bind Session Type : Dynamic Bind Peer Ip Address : --.--.--.-NextHop Ip Address : --.--.--.-Bind Interface : Pos1/0/0 FSM Board Id : 1 TOS-EXP : 6 Min Tx Interval (ms) : 100 Min Rx Interval (ms) : 100 Actual Tx Interval (ms): -Actual Rx Interval (ms): -Local Detect Multi : 3 Detect Interval (ms) : --

6-38

Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd.

Issue 03 (2008-09-22)

Quidway NetEngine80E/40E Core Router Configuration Guide - VPN

6 PWE3 Configuration

Echo Passive : Disable Acl Number : -Proc interface status : Disable Process PST : Enable WTR Interval (ms) : -Local Demand Mode : Disable Last Local Diagnostic : No Diagnostic Bind Application : L2VPN | OAM_MANAGER | MPLSFW Session TX TmrID : -Session Detect TmrID : -Session Init TmrID : -Session WTR TmrID : -Session Echo Tx TmrID : -PDT Index : FSM-0 | RCV-0 | IF-0 | TOKEN-0 Session Description : --------------------------------------------------------------------------------Total UP/DOWN Session Number : 1/0

6.9 Configuring PW FRR


This section describes how to configure PW FRR. 6.9.1 Establishing the Configuration Task 6.9.2 Configuring BFD for PW 6.9.3 Configuring OAM Mapping 6.9.4 (Optional) Configuring the Revertive Switchover 6.9.5 Checking the Configuration

6.9.1 Establishing the Configuration Task


Applicable Environment
PW FRR is used in the following types of networking:
l l

Networking where CEs are symmetrically dual-homed to PEs Two paths exist between CEs at the two ends of a VC. One path acts as the master path, and the other one acts as the backup path. Networking where CEs are asymmetrically connected to PEs One CE of the VC is connected to a more reliable PE through a single link of higher reliability. The other CE is dual-homed to PEs of lower reliability. Two paths thus exist between the CEs. The path with higher reliability acts as the master path, and the path with lower reliability acts as the backup path. In the networking where CEs are asymmetrically connected to PEs, the revertive switching policy needs to be configured, and the default revertive switching policy refers to the delay switching.

l l

After PW FRR is configured, L2VPN traffic is switched to the backup path in time when a fault occurs on the master path. After the fault on the master path is cleared, the L2VPN traffic is switched to the master path according to the revertive switchover policy.
NOTE

For the non-Ethernet AC link in which the CE accesses the PE asymmetrically, the primary and secondary IP addresses need to be configured on the interface on the CE that is connected to the related PE through a single link. When the master path is available, the primary IP address is used to communicate with the remote CE. When a fault occurs on the primary link, this CE communicates with the remote CE by using the secondary IP address.

Issue 03 (2008-09-22)

Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd.

6-39

6 PWE3 Configuration

Quidway NetEngine80E/40E Core Router Configuration Guide - VPN

Pre-configuration Tasks
Before configuring PW FRR, complete the following tasks:
l

For the networking where CEs are symmetrically dual-homed to PEs, configuring a PW on the master path and backup path respectively. PWs on the master path and backup path can be different. For the networking where CEs are asymmetrically connected to PEs, configuring a master PW and a backup PW. The master PW and backup PW must be of the same type. Configure routing protocols or static routes on CEs to enable CEs to exchange routes.
NOTE

In VLL FRR, if the type of the AC link is PPP, or HDLC, you need to specify ip-interworking and enable the control word when configuring a PW. To configure a Martini VLL or PWE3, you must use the PW template to configure a PW, enable the control word in the PW template, and use BFD to perform Virtual Circuit Connectivity Verification (VCCV). If the IP addresses of the AC interfaces on the CEs at the both ends of the PW are not in the same network segment, the type of the AC links must be modified to PPP and the ppp peer hostroute-suppress command cannot be used. In the networking where CEs are asymmetrically connected to related PEs, the backup PW cannot transmit data when the master path and backup path work normally. If the AC interface of the backup PW borrows the IP address of the AC interface of the master PW, the following situations occur:
l l l

A permanent switching policy cannot be configured. The local CE has two equal-cost and direct routes to the remote CE. The destination addresses and next hops of the two routes are the same. In fact, the route that passes through the backup PW is invalid. If CEs exchange routing information by using routing protocols, you need to modify the cost or metric of the AC interface of the backup path to be greater than that of the AC interface of the master path. The local CE cannot interwork with the remote CE, but can interconnect with other user devices. If CEs exchange routing information by using static routes, and the AC is not an Ethernet link, you need modify the preference of the backup route to be lower than that of the primary route by using the ip route-static dest-ip-address mask out-interface preference preference-value command. Note that the greater is the preference value, the lower is the preference. If the AC is an Ethernet link, you also need to configure the function of BFD for static routes on CEs.

Data Preparation
To configure PW FRR, you need the following data. No. 1 2 Data Local and remote discriminators of the BFD session Delay for revertively switching traffic when a fault is cleared and the delay for advertising that the fault is cleared (by default, the delay for revertively switching traffic is 30 seconds and the delay for advertising that the fault is cleared is 10 seconds.) Link types of AC interfaces

NOTE

In the networking where CEs are asymmetrically connected to PEs, the revertive switchover policy needs to be set. By default, the revertive switchover policy is to delay the revertive switchover.

6-40

Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd.

Issue 03 (2008-09-22)

Quidway NetEngine80E/40E Core Router Configuration Guide - VPN

6 PWE3 Configuration

6.9.2 Configuring BFD for PW


Static BFD for PW or dynamic BFD for PW can be configured on PEs. For detailed configuration, see the following sections:
l l

Configuring Static BFD for PW Configuring Dynamic BFD for PW


NOTE

l l

BFD for PW must be configured or deleted on the PEs at the both ends of a PW simultaneously. Otherwise, the PW statuses on the two PEs are different. To detect statuses of the tunnels that carry PWs, you can configure BFD for tunnels. For detailed configuration, refer to the chapters "Basic MPLS Configuration" and "MPLS TE Configuration" in the Quidway NetEngine80E/40E Router Configuration Guide - MPLS.

6.9.3 Configuring OAM Mapping


Context
According to the AC type, choose either of the following procedures to configure OAM mapping:
l l

The AC is a link of PPP/HDLC. The AC is an Ethernet.

Procedure
l If the AC is a link of PPP/HDLC, do as follows on PEs in both the master path and the backup path: 1. Run:
system-view

The system view is displayed. 2. Run:


interface interface-type interface-number

The view of the AC interface is displayed. 3. Configure the fault mapping between the AC and the PW by running either of the following commands:

Run:
mpls l2vpn oam-mapping auto

OAM mapping is enabled automatically. After OAM mapping is automatically enabled, the fault mapping between AC and PW is enabled. In addition, PEs can automatically enable the detection and notification of the AC OAM fault according to the specific AC type. The detection of the AC OAM fault indicates the detection of the AC fault. The notification of AC OAM fault indicates the notification of PW fault to CEs.

Run:
mpls l2vpn oam-mapping

Issue 03 (2008-09-22)

Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd.

6-41

6 PWE3 Configuration

Quidway NetEngine80E/40E Core Router Configuration Guide - VPN

The manual configuration of OAM mapping is enabled, and the detection and notification of the AC fault is also enabled. Then choose any of the following commands according to the AC type: For PPP, run the oam { detect lcp-terminal | notify lcp-terminal } * command. For HDLC, run the oam { detect hello-stop | notify hello-stop } * command.
NOTE

l l

In PW FRR, if the AC is PPP/HDLC, the PW is configured in IP interworking mode. After PW being configured with the IP interworking mode, CEs cannot detect any fault because they cannot negotiate links. Therefore, PEs in both the master path and the backup path must be configured with OAM mapping. In this manner, PEs can inform CEs of the fault. Otherwise, the AC is always in the Up state if the PW fails, which leads to the service interruption.

If the AC is an Ethernet, do as follows on PEs in both the primary path and the backup path: 1. Run:
system-view

The system view is displayed. 2. Run:


interface interface-type interface-number

The view of the AC interface is displayed. 3. Run:


mpls l2vpn oam-mapping { 1ag md md-name ma ma-name | 3ah }

The fault mapping between the AC and the PW is enabled.


NOTE

In the PW FRR, the PW need be configured in homogeneous interworking mode when the AC is an Ethernet. Otherwise, the use device may learn a wrong outbound interface according to ARP. Before running the mpls l2vpn oam-mapping { 1ag md md-name ma ma-name | 3ah command, you need configure Ethernet OAM on the AC link. For details, refer to "Ethernet OAM Configuration" in the Quidway NetEngine80E/40E Router Configuration Guide - Reliability.

----End

6.9.4 (Optional) Configuring the Revertive Switchover


Context
When a CE are not connected to a PE asymmetrically, do as follows on the PE (where traffic is switched) to which the CE is connected through a single link:

Procedure
Step 1 Run:
system-view

The system view is displayed. Step 2 Run:


6-42 Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd. Issue 03 (2008-09-22)

Quidway NetEngine80E/40E Core Router Configuration Guide - VPN


interface interface-type interface-number

6 PWE3 Configuration

The AC interface view is displayed. Step 3 Run:


mpls l2vpn reroute { { delay delay-time | immediately } [ resume resume-time ] | never }

The revertive switchover policy is configured. The types of the revertive switchover on PEs are as follows:
l

Immediate revertive switchover: The local PE immediately switches traffic to the master PW and notifies the fault to the remote PE of the backup PW. The PE notifies the rectification of the fault to the remote PE of the backup PW after the period of resume-time. Delayed revertive switchover: The PE switches traffic to the master PW after the period of delay-time. None revertive switchover: The PE does not switch traffic to the master PW until the backup PW is faulty.

For an asymmetric PW FRR networking, in which ACs are of the Ethernet type, note the following:
l

If the remote shutdown function is configured on the interface of a PE that connects a CE, you are recommended not to use the policy of immediate revertive switchover, which may lead to network flapping and traffic loss. On the other hand, you can use the policy of delayed revertive switchover to set delay-time equal to or more than 30 seconds. If the Ethernet OAM function is configured on the interface of a PE that connects a CE, and a revertive switchover policy is also configured, you cannot set resume-time to be 0 seconds, but be equal to or higher than one seconds.

----End

6.9.5 Checking the Configuration


Run the following commands to check the previous configuration. Action Check information about the PW on the local PE. Check brief information about the PW on the local PE. Check information about the PW on the remote PE. Check information about the BFD session. Check information about L2VPN forwarding. Command display mpls l2vc [ vc-id | interface interface-type interface-number ] display mpls l2vc brief display mpls l2vc remote-info [ vc-id ] display bfd session pw interface interface-type interface-number [ secondary] [ verbose ] display mpls l2vpn forwarding-info [ vc-label ] interface interface-type interface-number [ | { begin | exclude | include } regular-expression ]
6-43

Issue 03 (2008-09-22)

Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd.

6 PWE3 Configuration

Quidway NetEngine80E/40E Core Router Configuration Guide - VPN

Action Check OAM mapping between ACs and PWs.

Command display mpls l2vc oam-mapping [ interface interface-type interface-number ]

Run the display mpls l2vc [ vc-id | interface interface-type interface-number ] command, and you can view that the statuses of the master and backup PWs are up, VC state of the master PW is active, and VC state of the backup PW is inactive. For example:
<Quidway> display mpls l2vc interface pos 1/0/0 *client interface : Pos1/0/0 is up session state : up AC state : up VC state : up VC ID : 100 VC type : IP-interworking destination : 3.3.3.3 local group ID : 0 remote group ID : 0 local VC label : 21504 remote VC label : 21504 local AC OAM State : up local PSN State : up local forwarding state : forwarding remote AC OAM state : up remote PSN state : up remote forwarding state: forwarding BFD for PW : available BFD sessionIndex : 257 BFD state : up manual fault : not set active state : active forwarding entry : exist link state : up local VC MTU : 1500 remote VC MTU : 1500 local VCCV : cw bfd remote VCCV : cw bfd local control word : enable remote control word : enable tunnel policy name : p1 traffic behavior name : -PW template name : 1to3 primary or secondary : primary VC tunnel/token info : 1 tunnels/tokens NO.0 TNL type : cr lsp, TNL ID : 0x42002002 create time : 0 days, 0 hours, 12 minutes, 47 seconds up time : 0 days, 0 hours, 2 minutes, 11 seconds last change time : 0 days, 0 hours, 2 minutes, 11 seconds *client interface : Pos1/0/0 is up session state : up AC state : up VC state : up VC ID : 200 VC type : IP-interworking destination : 2.2.2.2 local group ID : 0 remote group ID : 0 local VC label : 21505 remote VC label : 21504 local AC OAM state : up local PSN state : up local forwarding state : forwarding remote AC OAM state : up remote PSN state : up remote forwarding state: forwarding BFD for PW : available BFD sessionIndex : 256 BFD state : up manual fault : not set active state : inactive forwarding entry : existent link state : up

6-44

Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd.

Issue 03 (2008-09-22)

Quidway NetEngine80E/40E Core Router Configuration Guide - VPN


local VC MTU local VCCV remote VCCV local control word tunnel policy name traffic behavior name PW template name primary or secondary VC tunnel/token info NO.0 TNL type : lsp create time up time last change time reroute policy reason of last reroute time of last reroute delay timer ID resume timer ID : : : : : : : : : : : : : : : : :

6 PWE3 Configuration
1500 remote VC MTU : 1500 cw bfd cw bfd enable remote control word : enable --1to2 secondary 1 tunnels/tokens , TNL ID : 0x2002004 0 days, 0 hours, 12 minutes, 47 seconds 0 days, 0 hours, 1 minutes, 32 seconds 0 days, 0 hours, 1 minutes, 32 seconds delay 30 s, resume 0 s Remote AC fault was resumed 0 days, 0 hours, 1 minutes, 38 seconds -rest time :--rest time :--

Run the display mpls l2vc brief command. You can find that destination is the peer IP address of the specified VC and VC state is up. For example:
<Quidway> display mpls l2vc brief Total ldp vc : 1 1 up 0 down *Client Interface VC State VC ID VC Type Destination : : : : : GigabitEthernet1/0/0.1 up 101 VLAN 3.3.3.9

Run the display mpls l2vc remote-info command, and you can view that Peer Addr is the peer address of the specified VC. For example:
<Quidway> display mpls l2vc remote-info Total remote ldp vc : 2 Transport Group Peer Remote VC ID ID Addr Encap 100 0 3.3.3.3 interworking 200 0 2.2.2.2 interworking

Remote VC Label 21504 21504

C Bit 1 1

MTU/ CELLS 1500 1500

N Bit 1 1

S Bit 0 0

Run the display bfd session pw interface interface-type interface-number [ secondary] [ verbose ] command, and you can view the status of the BFD session, discriminators of the BFD session, the type of the PW that is bound to the BFD session, and the type of the BFD session. For example:
<Quidway> display bfd session pw interface pos 1/0/0 verbose -------------------------------------------------------------------------------Session MIndex : 257 (One Hop) State : Up Name : 1to3 -------------------------------------------------------------------------------Local Discriminator : 13 Remote Discriminator : 31 Session Detect Mode : Asynchronous Mode Without Echo Function BFD Bind Type : PW(Master) Bind Session Type : Static Bind Peer Ip Address : --.--.--.-NextHop Ip Address : --.--.--.-Bind Interface : Pos1/0/0 FSM Board Id : 1 TOS-EXP : 6 Min Tx Interval (ms) : 1000 Min Rx Interval (ms) : 1000 Actual Tx Interval (ms): 1000 Actual Rx Interval (ms): 1000 Local Detect Multi : 3 Detect Interval (ms) : 3000 Echo Passive : Disable Acl Number : -Proc interface status : Disable Process PST : Enable WTR Interval (ms) : -Local Demand Mode : Disable Active Multi : 3 Last Local Diagnostic : No Diagnostic Bind Application : L2VPN | OAM_MANAGER | MPLSFW Session TX TmrID : -Session Detect TmrID : --

Issue 03 (2008-09-22)

Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd.

6-45

6 PWE3 Configuration

Quidway NetEngine80E/40E Core Router Configuration Guide - VPN

Session Init TmrID : -Session WTR TmrID : -Session Echo Tx TmrID : -PDT Index : FSM-0 | RCV-0 | IF-0 | TOKEN-0 Session Description : --------------------------------------------------------------------------------Total UP/DOWN Session Number : 1/0

Run the display mpls l2vpn forwarding-info [ vc-label ] interface interface-type interfacenumber [ | { begin | exclude | include } regular-expression ] command, and you can view that the ENTRYTYPE of the master PW is SEND, PWSTATE is ACTIVE, BFDSTATE is UP, and ADMIN is TURE. For example:
<Quidway> display mpls l2vpn forwarding-info interface Pos 1/0/0 The Main PW Forward Infomation : VCLABEL TNLTYPE ENTRYTYPE PWSTATE BFDSTATE ADMIN CTLWORD CC CV TNLID --------------------------------------------------------------------------21504 CRLSP SEND ACTIVE UP UP TRUE 1 8 0x42002002 1 Record(s) Found. The Second PW Forward Infomation : VCLABEL TNLTYPE ENTRYTYPE PWSTATE BFDSTATE ADMIN CTLWORD CC CV TNLID --------------------------------------------------------------------------21504 LSP SEND INACTIVE UP UP TRUE 1 8 0x2002004 1 Record(s) Found.

Run the display mpls l2vc oam-mapping [ interface interface-type interface-number ] command, and you can view that AC OAM State and BFD state are up. For example:
<Quidway> display mpls l2vc oam-mapping int pos 1/0/0 AC OAM Info: ACFD Index : 0x800 Notify : Enable Detect : Enable AC OAM State : Up OAM-mapping : Enable PSN info: VC-ID : 100 VC status : Primary Active State : Active Link State : Up BFD for PW : Enable BFDSessionIndex:257 ,BFD State : up BFD for LSP : 0 TunnelNum: 1 PSN State : up VC-ID : 200 VC status : Secondary Active State : Inactive Link State : Up BFD for PW : Enable BFDSessionIndex:256 ,BFD State : up BFD for LSP : 0 TunnelNum: 1 PSN State : up

Run the manual-set pw-ac-fault command on the AC interface of the master PW, the following situations occur:
l l l

The status of the master PW is Down. VC status of the master PW is InActive, and that of the backup PW is Active. L2VPN data is switched to the backup PW.

Run the undo manual-set pw-ac-fault command on the AC interface of the master PW to rectify the fault on the PW, the following situations occur:
l l l

The status of the master PW is up. VC status of the master PW is Active, and VC status of the backup PW is InActive. L2VPN data is switched to the master PW.
Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd. Issue 03 (2008-09-22)

6-46

Quidway NetEngine80E/40E Core Router Configuration Guide - VPN

6 PWE3 Configuration

6.10 Configuring Heterogeneous Transport in PWE3


This section describes how to configure heterogeneous transport in PWE3. 6.10.1 Establishing the Configuration Task 6.10.2 Configuring PWE3 to Support IP-Interworking 6.10.3 Checking the Configuration

6.10.1 Establishing the Configuration Task


Applicable Environment
If the link types of the CEs on the two ends of a PW are different, the heterogeneous transport in PWE3 feature is required.

Pre-configuration Tasks
Before configuring heterogeneous transport in PWE3, complete the following tasks:
l

Configuring an IGP protocol for PEs and Ps in the MPLS backbone network for IP connectivity Enabling MPLS on PEs Setting up a tunnel according to the tunnel policy in the case of non-local connections Establishing an LDP session between PEs, or establishing a remote LDP session between PEs that are not directly connected Configuring sub-interfaces when the AC type is VLAN, configuring VCs when the AC type is ATM
NOTE

l l l

For details of VLAN sub-interfaces and ATM VCs, refer to the chapter "VLAN Configuration" in the Quidway NetEngine80E/40E Router Configuration Guide - LAN Access and MAN Access and the chapter "ATM Configuration" in the Quidway NetEngine80E/40E Router Configuration Guide - WAN Access.

Data Preparation
Before configuring heterogeneous transport in PWE3, complete the following tasks: No. 1 2 Data Two CEs accessing the homogeneous networks MAC address of the CE connected to the Ethernet network or VLAN

6.10.2 Configuring PWE3 to Support IP-Interworking


Issue 03 (2008-09-22) Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd. 6-47

6 PWE3 Configuration

Quidway NetEngine80E/40E Core Router Configuration Guide - VPN

Context
Do as follows on the PEs at the two ends of a VC:

Procedure
l Dynamic PWs 1. Run:
system-view

The system view is displayed. 2. Run:


mpls l2vpn

MPLS L2VPN is enabled. 3. Run:


quit

Back to the system view. 4. Run:


interface interface-type interface-number

The AC interface view is displayed. 5. (Optional) Choose one of the following commands.

Run the local-ce ip ip-address command to configure an IP address for the CE interface. Run the local-ce mac mac-address command to specify the MAC address of the local CE interface.

If the AC interface is an Ethernet interface, this step must be performed. 6. Run:


mpls l2vc dest-ip-addr vc-id [ tunnel-policy policy-name ] [ control-word | no-control-word ] ip-interworking

A PWE3 connection is set up. l Static PWs 1. Run:


system-view

The system view is displayed. 2. Run:


mpls l2vpn

MPLS L2VPN is enabled. 3. Run:


quit

Back to the system view. 4. Run:


interface interface-type interface-number

The AC interface view is displayed. 5.


6-48

(Optional) Choose one of the following commands.


Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd. Issue 03 (2008-09-22)

Quidway NetEngine80E/40E Core Router Configuration Guide - VPN

6 PWE3 Configuration

Run the local-ce ip ip-address command to configure an IP address for the CE interface. Run the local-ce mac mac-address command to specify the MAC address of the local CE interface.

If the AC interface is an Ethernet interface, this step must be performed. 6. Run:


mpls static-l2vc { destination ip-address | pw-template pw-template-name vc-id } * transmit-vpn-label transmit-label-value receive-vpn-label receive-label-value [ tunnel-policy tnl-policy-name | [ control-word | nocontrol-word ] ip-interworking

A PWE3 connection is set up.


NOTE

Because L2VPN does not support packet fragmentation, large packets sent from the CE to the PE cannot be forwarded to the PSN. When configuring VLL, you are recommended to set the MTU value of a CE interface that connects to the PE to 1500 by using the mtu command. As a result, larger packets sent by the CE to the PE are fragmented first. The fragmented packets can be correctly forwarded in the public network.

----End

6.10.3 Checking the Configuration


Run the following commands to check the previous configuration. Action Check information about the PW on the local PE. Check brief information about the PW on the local PE. Check information about the PW of the remote PE on the local PE. Check information about the static PW on the two PEs. Command display mpls l2vc [ vc-id | interface interface-type interface-number ] display mpls l2vc brief display mpls l2vc remote-info [ vc-id ] display mpls static-l2vc [ vc-id | interface interfacetype interface-number | state { down | up } ]

Run the display mpls l2vc [ vc-id | interface interface-type interface-number ] command, you can view that the peer address of the specified VC is destination, VC State is up, and VC type is IP-interworking. For example:
<PE1> display mpls l2vc interface atm 1/0/0 *client interface : Atm1/0/0 is up session state : up AC state : up VC state : up VC ID : 100 VC type : IP-interworking destination : 2.2.2.2 local group ID : 0 remote group ID local VC label : 21504 remote VC label local AC OAM State : up local PSN State : up

: 0 : 21504

Issue 03 (2008-09-22)

Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd.

6-49

6 PWE3 Configuration
local forwarding state : remote AC OAM state : remote PSN state : remote forwarding state: BFD for PW : manual fault : active state : forwarding entry : link state : local VC MTU : local VCCV : remote VCCV : local fragmentantion : local control word : tunnel policy : traffic behavior : PW template name : primary or secondary : VC tunnel/token info : NO.0 TNL type : lsp create time : up time : last change time :

Quidway NetEngine80E/40E Core Router Configuration Guide - VPN


forwarding up up forwarding unavailable not set active exist up 1500 remote VC MTU : 1500 Disable Disable disable remote fragmentantion: disable disable remote control word : disable ---primary 1 tunnels/tokens , TNL ID : 0x2002001 0 days, 0 hours, 3 minutes, 2 seconds 0 days, 0 hours, 1 minutes, 46 seconds 0 days, 0 hours, 1 minutes, 46 seconds

Run the display mpls l2vc brief command. You can find that destination is the peer IP address of the specified VC and VC state is up. For example:
<Quidway> display mpls l2vc brief Total ldp vc : 1 1 up 0 down *Client Interface VC State VC ID VC Type Destination : : : : : GigabitEthernet1/0/0.1 up 101 VLAN 3.3.3.9

Run the display mpls l2vc remote-info command, and you can view that Peer Addr is the peer address of the specified VC and Remote Encap is IP-interworking. For example:
<Quidway> display mpls l2vc remote-info Total remote ldp vc : 1 Transport Group Peer Remote Remote VC ID ID Addr Encap VC Label 100 0 2.2.2.2 interworking 21504

C MTU/ N S Bit CELLS Bit Bit 0 1500 1 0

Run the display mpls static-l2vc [ vc-id | interface interface-type interface-number | state { down | up } ] command, and you can view that the VC State of the PW is up and VC Type is IP-interworking. For example:
<Quidway> display mpls static-l2vc interface pos 1/0/0 *Client Interface : Pos1/0/0 is up AC Status : up VC State : up VC ID : 100 VC Type : IP-interworking Destination : 3.3.3.9 Transmit VC Label : 100 Receive VC Label : 100 Control Word : Disable VCCV Capability : Disable Tunnel Policy : -PW Template Name : pwt Traffic Behavior : -Main or Secondary : Main VC tunnel/token info : 1 tunnels/tokens NO.0 TNL Type : lsp , TNL ID : 0x2002003 Create time : 0 days, 0 hours, 13 minutes, 7 seconds UP time : 0 days, 0 hours, 10 minutes, 23 seconds Last change time : 0 days, 0 hours, 10 minutes, 23 seconds

6-50

Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd.

Issue 03 (2008-09-22)

Quidway NetEngine80E/40E Core Router Configuration Guide - VPN

6 PWE3 Configuration

6.11 Configuring Inter-AS PWE3


This section describes how to configure inter-AS PWE3. 6.11.1 Establishing the Configuration Task 6.11.2 Configuring Inter-AS PWE3-Option A 6.11.3 Configuring Inter-AS PWE3-Option C 6.11.4 Checking the Configuration

6.11.1 Establishing the Configuration Task


Applicable Environment
If the MPLS backbone network bearing PWE3 spans multiple ASs, the inter-AS PWE3 must be configured. Inter-AS PWE3 has the following schemes:
l

Inter-AS PWE3-Option A: Option A is easy to implement and applicable to the scenario where the number of inter-AS PWs is small. Inter-AS PWE3-Option C: In this option, PWs are not required for ASBR PEs. When multiple inter-AS PWs exist in each AS, the ASBR PE may be the bottleneck in expanding the network.

Pre-configuration Tasks
Before configuring inter-AS PWE3, complete the following tasks:
l

Configuring an IGP protocol for MPLS backbone networks in each AS to ensure IP connectivity within an AS Configuring basic MPLS functions for MPLS backbone networks in each AS Configuring MPLS LDP for MPLS backbone networks in each AS and establishing LDP LSP For Option C, setting up the IBGP peer relationship between the PE and the ASBR PE of the same AS and setting up the EBGP peer relationship between two ASBR PEs

l l

Data Preparation
To configure inter-AS PWE3, you need the following data. No. 1 2 3
Issue 03 (2008-09-22)

Data Option of the inter-AS VPN AS number of each AS IP addresses of the interfaces that connect ASBR PEs (for Option C)
Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd. 6-51

6 PWE3 Configuration

Quidway NetEngine80E/40E Core Router Configuration Guide - VPN

No. 4

Data Routing policy (for Option C)

NOTE

Select the configuration items according to the actual inter-AS PWE3.

6.11.2 Configuring Inter-AS PWE3-Option A


The configurations of inter-AS PWE3-Option A can be summarized as follows:
l l

Configuring Dynamic PWs for each AS Configuring the local ASBR PE by regarding the peer ASBR PE as its CE

No inter-AS configuration is needed on the ASBR-PEs. You need not configure the IP addresses on the interfaces that directly connected ASBRs. The configuration details are not mentioned here.

6.11.3 Configuring Inter-AS PWE3-Option C

CAUTION
In inter-AS Option C, LDP cannot be applied between ASBR PEs. If LDP is enabled on the interfaces between the ASBR PEs, an LDP session is set up between the ASBR PEs. In this way, the local ASBR PE sets up the egress LSP and sends a Mapping message to the upstream ASBR PE. After receiving the Mapping message, the upstream ASBR PE sets up the transit LSP. In the case of a large number of BGP routes, a great amount of LDP labels are consumed if LDP is enabled on the interfaces connecting two ASBR PEs. To advertise routes destined for the LSR ID of the local PE to a remote P device, you can set up the IBGP peer relationship between a remote ASBR and the remote P device.

Procedure
l Configuring Labeled IPv4 Route Exchange on the PE Side Do as follows on the PEs: 1. Run:
system-view

The system view is displayed. 2. Run:


bgp as-number

The BGP view is displayed. 3. Run:


peer peer-address label-route-capability

6-52

Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd.

Issue 03 (2008-09-22)

Quidway NetEngine80E/40E Core Router Configuration Guide - VPN

6 PWE3 Configuration

The labeled IPv4 route exchange with the ASBR PE in the local AS is enabled. l Configuring Labeled IPv4 Route Exchange on the ASBR PE Side Do as follows on the ASBR PEs: 1. Run:
system-view

The system view is displayed. 2. Run:


interface interface-type interface-number

The view of the interface that connects the peer ASBR is displayed. 3. Run:
ip address ip-address { mask | mask-length }

The IP address of the interface is configured. 4. Run:


mpls

MPLS is enabled. 5. Run:


quit

Return to the system view. 6. Run:


bgp as-number

The BGP view is displayed. 7. Run:


peer peer-address label-route-capability

The labeled IPv4 route exchange with the U-PE in the local AS is enabled. 8. Run:
peer peer-address as-number as-number

The peer ASBR PE is specified as the EBGP peer. 9. Run:


peer peer-address label-route-capability

The labeled IPv4 route exchange with the peer ASBR PE is enabled. In the Option C, an inter-AS LSP must be set up. The public network routes advertised between the related PEs and the ASBR PEs carry MPLS labels. If an ASBR PE and its peer ASBR PE set up the EBGP peer relationship, the two peers can exchange labeled IPv4 routes. The public network routes carrying MPLS labels are advertised by MP-BGP. According to RFC 3107 (Carrying Label Information in BGP-4), label mapping information of a route can be carried in the BGP update (piggyback). The feature is realized through the extended BGP attribute. BGP peers must be capable of processing labeled IPv4 routes. By default, a BGP peer cannot process labeled IPv4 routes. l
Issue 03 (2008-09-22)

Creating a Routing Policy


Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd. 6-53

6 PWE3 Configuration

Quidway NetEngine80E/40E Core Router Configuration Guide - VPN

Do as follows on the ASBR PEs: 1. Run:


system-view

The system view is displayed. 2. Run:


route-policy policy-name1 permit node seq-number

The routing policy applied to the local U-PE is created. 3. Run:


if-match mpls-label

The labeled IPv4 routes are matched. 4. Run:


apply mpls-label

A label is allocated to the IPv4 route. 5. Run:


quit

Return to the system view. 6. Run:


route-policy policy-name2 permit node seq-number

The routing policy applied to the peer ASBR PE is created. 7. Run:


apply mpls-label

A label is allocated to the IPv4 route. l Applying the Routing Policy Do as follows on the ASBR PE: 1. Run:
system-view

The system view is displayed on the ASBR PE. 2. Run:


bgp as-number

The BGP view is displayed. 3. Run:


peer peer-address route-policy policy-name1 export

The routing policy used when the routes are advertised to the local U-CE is configured. 4. Run:
peer peer-address route-policy policy-name2 export

The routing policy used when the routes are advertised to the peer ASBR PE is configured. After the routing policy is applied on the ASBR PE:
6-54 Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd. Issue 03 (2008-09-22)

Quidway NetEngine80E/40E Core Router Configuration Guide - VPN

6 PWE3 Configuration

For the routes received on the PE in the local AS, an MPLS label is allocated to the routes when the routes are advertised to the peer ASBR PE. For the routes advertised to the PE in the local AS, if the routes are labeled IPv4 routes, the MPLS label is reallocated to the routes.

Allocating labels to the IPv4 routes is controlled by the routing policy. The labels are allocated to the routes that satisfy certain conditions. By default, IPv4 routes do not carry any MPLS label. l Establishing MPLS LDP Remote Sessions Between U-PEs Do as follows on the U-PEs: 1. Run:
system-view

The system view is displayed. 2. Run:


mpls ldp remote-peer peer-name

The name of an LDP remote session is specified. To exchange PW information between the U-PEs, the MPLS LDP remote session must be set up. 3. Run:
remote-ip ip-address

The remote IP address of the LDP remote session is specified. l Configuring MPLS L2VC Connections 1. ----End Configure the SH dynamic PW on the inter-AS U-PEs. For the detailed configuration, see "Configuring Dynamic PWs."

6.11.4 Checking the Configuration


Run the following commands to check the previous configuration. Action Check information about the PW on the local PE. Check information about the PW of the remote PE on the local PE. Command display mpls l2vc [ vc-id | interface interface-type interface-number ] display mpls l2vc remote-info [ vc-id ]

Run the display mpls l2vc [ vc-id | interface interface-type interface-number ] command, you can view that "VC state" is up. For example:
<Quidway> display mpls l2vc interface gigabitethernet 1/0/0.1 *client interface : GigabitEthernet1/0/0.1 is up session state : up AC state : up VC state : up

Issue 03 (2008-09-22)

Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd.

6-55

6 PWE3 Configuration
VC ID : VC type : destination : local group ID : local VC label : local AC OAM State : local PSN State : local forwarding state : remote AC OAM state : remote PSN state : remote forwarding state: BFD for PW : manual fault : active state : forwarding entry : link state : local VC MTU : local VCCV : remote VCCV : local fragmentantion : local control word : tunnel policy : traffic behavior : PW template name : primary or secondary : VC tunnel/token info : NO.0 TNL type : gre create time : up time : last change time :

Quidway NetEngine80E/40E Core Router Configuration Guide - VPN


100 VLAN 192.3.3.3 0 remote group ID : 0 21504 remote VC label : 21504 up up forwarding up up forwarding unavailable not set active exist up 1500 remote VC MTU : 1500 Disable Disable disable remote fragmentantion: disable disable remote control word : disable policy1 --primary 1 tunnels/tokens , TNL ID : 0x12002003 0 days, 0 hours, 2 minutes, 23 seconds 0 days, 0 hours, 0 minutes, 13 seconds 0 days, 0 hours, 0 minutes, 13 seconds

Run the display mpls l2vc remote-info command, and you can view that "Peer Addr" is the peer address of the specified VC. For example:
<Quidway> display mpls l2vc remote-info Total remote ldp vc : 1 Transport Group Peer Remote VC ID ID Addr Encap 100 0 192.3.3.3 vlan

Remote VC Label 21504

C MTU/ N S Bit CELLS Bit Bit 0 1500 1 0

6.12 Configuing ATM Cell Transport


This section describes how to configure ATM Cell Transport. 6.12.1 Establishing the Configuration Task 6.12.2 Configuring the ATM Interface Connecting a CE to a PE 6.12.3 Configuring ATM Cell Transport 6.12.4 Configuring PWE3 6.12.5 (Optional) Deleting ATM Cell Transport 6.12.6 Checking the Configuration

6.12.1 Establishing the Configuration Task


Applicable Environment
l

When a PW that connects the ATM interfaces on two CEs is simulated as the leased line, you can configure ATM whole port cell transport. In this way, the ATM cells can be
Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd. Issue 03 (2008-09-22)

6-56

Quidway NetEngine80E/40E Core Router Configuration Guide - VPN

6 PWE3 Configuration

transparently transmitted to the peer port without being processed or switched on the VPC/ VCC layer.
l

If a PSN network that transmits ATM services requires high transmission speed but has light service traffic, you can configure 1-to-1 VCC ATM cell transport. If a large amount of ATM services are transparently transmitted over a PSN network, you can configure N-to-1 VCC ATM cell transport. In N-to-1 VCC ATM cell transport, an ATM physical link can be divided into multiple PVCs. Each PVC can transmit a single service. For example, you can create three PVCs to transmit audio traffic, video traffic, and data traffic respectively. This helps improve ATM QoS. If a PSN that transmits the ATM services requires high transmission speed, the service traffic is light, and the ATM services have the same destination (that is, the VPI values on the PW are the same), you can configure 1-to-1 VPC ATM cell transport. If a large amount of ATM services are transmitted over a PSN network and a PW bears cells of multiple ATM PVCs, you can configure N-to-1 VPC ATM cell transport. In Nto-1 VPC ATM cell transport, multiple PVPs can transmit various services such as video traffic, audio traffic, and data. Each PVP can transmit a single service. For example, a PVP transmits audio traffic, and another PVP transmits video traffic. This helps improve ATM QoS. If an ATM network has a great amount of services in AAL5 frames, you can configure ATM AAL5 SDU VCC cell transport.

Pre-configuration Tasks
Before configuring ATM cell transport, complete the following tasks:
l

Configuring an IGP protocol for PEs and Ps in the MPLS backbone network for IP connectivity Configuring basic MPLS functions for PEs and Ps in the backbone network Configuring MPLS LDP for PEs and Ps in the MPLS backbone network Setting up remote LDP sessions between PEs Enabling MPLS L2VPN on the PEs Configuring a primary ATM interface on the PEs to ensure the interface and the physical links of CEs are Up. IPOA instead of port transparent transmission can be configured on the primary interface

l l l l l

Data Preparation
To configure ATM cell transport, you need the following data. No. 1 2 Data Numbers of the ATM interfaces Destination address and VC ID of the L2VC

6.12.2 Configuring the ATM Interface Connecting a CE to a PE


Issue 03 (2008-09-22) Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd. 6-57

6 PWE3 Configuration

Quidway NetEngine80E/40E Core Router Configuration Guide - VPN

Context
Do as follows on the ATM interface connecting the CE to the PE:

Procedure
Step 1 Run:
system-view

The system view is displayed. Step 2 Run:


interface atm interface-number.subinterface-number

The ATM sub-interface view is displayed. Step 3 Run:


ip address ip-address { mask | mask-length } [ sub ]

The IP address of the ATM sub-interface is configured. Step 4 Run:


pvc { pvc-name vpi/vci | vpi/vci }

The VPI and VCI of the ATM interface are configured. Step 5 Run:
map ip { ip-address [ ip-mask ] | default | inarp [ minutes ] } [ broadcast ]

The IPoA mapping is created. ----End

6.12.3 Configuring ATM Cell Transport


Context
Do as follows on the ATM interfaces that connect the PE with the CE respectively:

Procedure
l ATM Whole Port Cell Transport 1. Run:
system-view

The system view is displayed. 2. Run:


interface atm interface-number

The ATM interface view is displayed. 3. Run:


atm cell transfer

The ATM cell transport is configured for the ATM interface.


6-58 Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd. Issue 03 (2008-09-22)

Quidway NetEngine80E/40E Core Router Configuration Guide - VPN


NOTE

6 PWE3 Configuration

For the , configure the interface to be in cell transport mode by running the atm cell transfer command before configuring MPLS L2VPN. If MPLS L2VPN is configured first, MPLS L2VPN uses the frame transport by default. After you use the atm cell transfer command to configure an interface to be in cell transport mode, you must run the shutdown and the undo shutdown commands on the interface; otherwise, the interface still works in frame transpot mode.

1-to-1 VCC ATM Cell Transport 1. Run:


system-view

The system view is displayed. 2. Run:


interface atm interface-number.subnumbe p2p

An ATM sub-interface of the P2P mode is created and the ATM sub-interface view is displayed.
NOTE

Actually, the P2P interface type partially determines the ATM cell transport mode. The P2P interface type also determines the 1-to-1 mode. Whether the mode is 1-to-1 VCC or 1-to-1 VPC is determined by other commands. The default type of the created sub-interface is P2MP.

3.

Run:
atm cell transfer

The ATM cell transport is configured for the ATM interface.


NOTE

For the , configure the interface to be in cell transport mode by running the atm cell transfer command before configuring MPLS L2VPN. If MPLS L2VPN is configured first, MPLS L2VPN uses the frame transport by default. After you use the atm cell transfer command to configure an interface to be in cell transport mode, you must run the shutdown and the undo shutdown commands on the interface; otherwise, the interface still works in frame transpot mode.

4.

Run:
pvc { pvc-name vpi/vci | vpi/vci }

A PVC is created and the PVC view is displayed. Different from the N-to-1 VCC mode, the 1-to-1 VCC mode has the VPI/VCI mapping that does not need to be explicitly configured. When creating a PVC, the PEs at both ends use the VPI/VCI values of the CEs to which the PEs are connected. Through L2VC connections, the system automatically identifies them as the same VC and completes VPI/VCI mapping. l N-to-1 VCC ATM Cell Transport 1. Run:
system-view

The system view is displayed. 2. Run:


interface atm interface-number.subnumber [ p2mp ]

An ATM sub-interface of the P2MP mode is created and the ATM sub-interface view is displayed.
Issue 03 (2008-09-22) Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd. 6-59

6 PWE3 Configuration

Quidway NetEngine80E/40E Core Router Configuration Guide - VPN

The default type of the created sub-interface is P2MP. The N-to-1 ATM cell transport can be configured only on the ATM sub-interface of the P2MP type rather than the main interface. The N-to-1 mode indicates that multiple VCs are mapped to only one PW. The type of the sub-interface must be P2MP. 3. Run:
atm cell transfer

The ATM cell transport is configured for the ATM interface.


NOTE

For the , configure the interface to be in cell transport mode by running the atm cell transfer command before configuring MPLS L2VPN. If MPLS L2VPN is configured first, MPLS L2VPN uses the frame transport by default. After you use the atm cell transfer command to configure an interface to be in cell transport mode, you must run the shutdown and the undo shutdown commands on the interface; otherwise, the interface still works in frame transpot mode.

4.

Run:
pvc { pvc-name vpi/vci | vpi/vci }

A PVC is created and the PVC view is displayed. l 1-to-1 VPC ATM Cell Transport 1. Run:
system-view

The system view is displayed. 2. Run:


interface atm interface-number.subnumbe p2p

An ATM sub-interface of the P2P mode is created and the sub-interface view is displayed. The default type of the created sub-interface is P2MP. The 1-to-1 ATM cell transport can be configured only on the ATM sub-interface of the P2P type instead of the primary interface. The 1-to-1 mode indicates a PW is mapped to a VC. The type of the sub-interface must be P2P. 3. Run:
atm cell transfer

The ATM cell transport is configured for the ATM interface. The encapsulation types of the ATM cell transport are classified into cell transport and frame transport. The former is applied to all AALs (indicated by AAL0) and the latter is applied to AAL5. An ATM sub-interface has three types of working modes:

Cell transport Frame transport IPoA forwarding (non-cell transmission)

If the atm cell transfer command is used, cell transport is adopted; otherwise, AAL5 is adopted by default and frame transport or IPoA forwarding is adopted. 4. Run:
pvp vpi

6-60

Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd.

Issue 03 (2008-09-22)

Quidway NetEngine80E/40E Core Router Configuration Guide - VPN

6 PWE3 Configuration

A PVP is created and the PVP view is displayed. Different from the N-to-1 VCC mode with the VPI/VCI mapping that needs to be configured explicitly, 1-to-1 VPC mode has the VPI mapping that does not need to be explicitly configured. When creating a PVC, the PEs at the both ends use the VPI values of the CEs with which the PEs are connected. Through L2VC connections, the system automatically identifies them as the same VP and completes VPI mapping. l N-to-1 VPC ATM Cell Transport 1. Run:
system-view

The system view is displayed. 2. Run:


interface atm interface-number.subnumber [ p2mp ]

An ATM sub-interface of the P2MP mode is created and the sub-interface view is displayed. The N-to-1 ATM cell transport can be configured only on the ATM sub-interface of the P2MP type rather than the main interface. The N-to-1 mode indicates that multiple VCs are mapped to only one PW. The type of the sub-interface must be P2MP. 3. Run:
atm cell transfer

The ATM cell transport is configured for the ATM interface.


NOTE

For the , configure the interface to be in cell transport mode by running the atm cell transfer command before configuring MPLS L2VPN. If MPLS L2VPN is configured first, MPLS L2VPN uses the frame transport by default. After you use the atm cell transfer command to configure an interface to be in cell transport mode, you must run the shutdown and the undo shutdown commands on the interface; otherwise, the interface still works in frame transpot mode.

The encapsulation types of the ATM cell transport are classified into cell transport and frame transport. The former is applicable to all AALs (indicated by AAL0) and the latter is applicable to AAL5. An ATM sub-interface has three types of working modes:

Cell transport Frame transport IPoA forwarding (non-cell transmission)

If the atm cell transfer command is used, cell transport is adopted; otherwise, AAL5 is adopted by default and frame transport or IPoA forwarding is adopted. 4. Run:
pvp vpi

A PVP is created and the PVP view is displayed. l ATM AAL5 SDU VCC Cell Transport 1. Run:
system-view

Issue 03 (2008-09-22)

Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd.

6-61

6 PWE3 Configuration

Quidway NetEngine80E/40E Core Router Configuration Guide - VPN

The system view is displayed. 2. Run:


interface atm interface-number.subnumber p2p

An ATM sub-interface of the P2P type is created and the sub-interface view is displayed. 3. Run:
pvc { pvc-name vpi/vci | vpi/vci }

A PVC is created and the PVC view is displayed. To configure AAL5 SDU cell transport, create a PVC before establishing an MPLS L2VPN connection in Martini mode. After the L2VPN connection is set up successfully, you cannot delete the created PVC unless you have torn down the L2VPN connection. The encapsulation types of the ATM cell transport are classified into cell transport and frame transport. The former is applicable to all AALs (indicated by AAL0) and the latter is applicable to AAL5. An ATM sub-interface has three types of working modes:

Cell transport Frame transport IPoA forwarding (non-cell transmission)

If the atm cell transfer command is used, cell transport is adopted; otherwise, AAL5 is adopted by default and frame transport or IPoA forwarding is adopted. If the atm cell transfer command is not used, the sub-interface works in cell transport mode. ----End

6.12.4 Configuring PWE3


Configure PWE3 on PEs. For detailed configuration, see Configuring Static PWs, Configuring Dynamic PWs, and Configuring PW Switching. You can select one of the configurations based on the actual networking requirements.
NOTE

When configuring ATM cell transport, you can use PWE3 or other connections of VLL. For the detailed configuration, refer to the chapter "VLL Configuration" in the Quidway NetEngine80E/40E Router Configuration Guide - VPN.

6.12.5 (Optional) Deleting ATM Cell Transport


Context
To delete ATM cell transport on a PE, perform this configuration. Do as follows on the ATM interfaces that connect the PE with the CE respectively:
6-62 Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd. Issue 03 (2008-09-22)

Quidway NetEngine80E/40E Core Router Configuration Guide - VPN

6 PWE3 Configuration

Procedure
l ATM Whole Port Cell Transport 1. Run:
system-view

The system view is displayed. 2. Run:


interface atm interface-number

The ATM interface view is displayed. 3. Run:


undo mpls l2vc

The MPLS L2VPN connection in Martini mode is torn down. 4. Run:


undo atm cell transfer

The ATM cell transport of the ATM interface is deleted. l 1-to-1 VCC ATM Cell Transport 1. Run:
system-view

The system view is displayed. 2. Run:


interface atm interface-number.subnumber

The ATM sub-interface view is displayed. 3. Run:


undo mpls l2vc

The MPLS L2VPN connection in Martini mode is torn down. 4. Run:


pvc { pvc-name [ vpi/vci ] | vpi/vci }

The PVC view is displayed. 5. Run:


shutdown

The PVC is deleted. 6. Run:


quit

Return to the ATM sub-interface view. 7. Run:


undo pvc { pvc-name [ vpi/vci ] | vpi/vci }

The PVC is deleted. 8. Run:


undo atm cell transfer

The cell transport on the ATM interface is deleted. 9. Run:


quit

Issue 03 (2008-09-22)

Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd.

6-63

6 PWE3 Configuration

Quidway NetEngine80E/40E Core Router Configuration Guide - VPN

Return to the system view. 10. Run:


undo interface atm interface-number.subnumber

The ATM sub-interface is deleted. l N-to-1 VCC ATM Cell Transport 1. Run:
system-view

The system view is displayed. 2. Run:


interface atm interface-number.subnumber

The ATM sub-interface view is displayed. 3. Run:


undo mpls l2vc

The MPLS L2VPN connection in Martini mode is torn down. 4. Run:


pvc { pvc-name [ vpi/vci ] | vpi/vci }

The PVC view is displayed. 5. Run:


shutdown

The PVC is deleted. 6. Run:


quit

Return to the ATM sub-interface view. 7. Run:


undo pvc { pvc-name [ vpi/vci ] | vpi/vci }

The PVC is deleted. 8. Run:


undo atm cell transfer

The cell transport on the ATM interface is deleted. 9. Run:


quit

Return to the system view. 10. Run:


undo interface atm interface-number.subnumber

The ATM sub-interface is deleted. If multiples PVCs exist on the ATM sub-interface, you can use the commands in Steps 4, 5, 6, and 7 repeatedly to delete all PVCs. After tearing down the MPLS L2VPN connection on the ATM sub-interface by running the command in Step 3, you can run the commands in Steps 9 and 10 to delete the ATM sub-interface. l 1-to-1 VPC ATM Cell Transport 1.
6-64

Run:
Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd. Issue 03 (2008-09-22)

Quidway NetEngine80E/40E Core Router Configuration Guide - VPN


system-view

6 PWE3 Configuration

The system view is displayed. 2. Run:


interface atm interface-number.subnumber

The ATM sub-interface view is displayed. 3. Run:


undo mpls l2vc

The MPLS L2VPN connection in Martini mode is torn down. 4. Run:


pvp vpi

The PVP view is displayed. 5. Run:


shutdown

The PVP is disabled. 6. Run:


quit

Return to the ATM sub-interface view. 7. Run:


undo pvp vpi

The PVC is deleted. 8. Run:


undo atm cell transfer

The cell transport on the ATM interface is deleted. 9. Run:


quit

Return to the system view. 10. Run:


undo interface atm interface-number.subnumber

The ATM sub-interface is deleted. N-to-1 VPC ATM Cell TransportRun:system-viewThe system view is displayed.Run:interface atm interface-number.subnumberThe ATM sub-interface view is displayed.Run:undo mpls l2vcThe MPLS L2VPN connection in Martini mode is torn down.Run:pvp vpiThe PVP view is displayed.Run:shutdownThe PVP is disabled.Run:quitReturn to the ATM sub-interface view.Run:undo pvp vpiThe PVC is deleted.Run:undo atm cell transferThe cell transport on the ATM interface is deleted.Run:quitReturn to the system view.Run:undo interface atm interfacenumber.subnumberThe ATM sub-interface is deleted.If multiples PVCs exist on the ATM sub-interface, you can use the commands in Steps 4, 5, 6, and 7 repeatedly to delete all PVCs. After tearing down the MPLS L2VPN connection on the ATM sub-interface by running the command in Step 3, you can run the commands in Steps 9 and 10 to delete the ATM sub-interface. ----End
Issue 03 (2008-09-22) Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd. 6-65

6 PWE3 Configuration

Quidway NetEngine80E/40E Core Router Configuration Guide - VPN

6.12.6 Checking the Configuration


Run the following commands to check the previous configuration. Action Check information about the PW on the local PE. Check information about the PW of the remote PE on the local PE. Command display mpls l2vc [ vc-id | interface interfacetype interface-number ] display mpls l2vc remote-info [ vc-id ]

Run the display mpls l2vc command, and you can view that the "Destination" is the peer address of the specified VC, "VC State" is "up", "VC Type" is the configured ATM cell transport type, and CEs can ping through each other. For example:
<Quidway> display mpls l2vc Total ldp vc : 1 1 up 0 down *Client Interface : Atm1/0/0.1 Session State : up AC Status : up VC State : up VC ID : 101 VC Type : atm aal5 sdu Destination : 3.3.3.9 Local VC Label : 17408 Remote VC Label : 17408 Control Word : enable Local VC MTU : 1500 Remote VC MTU : 1500 Tunnel Policy Name : -Traffic Behavior Name: -PW Template Name : -Create time : 0 days, 0 hours, 3 minutes, 14 seconds UP time : 0 days, 0 hours, 1 minutes, 48 seconds Last change time : 0 days, 0 hours, 1 minutes, 48 seconds

Run the display mpls l2vc remote-info command, and you can view that "Peer Addr" is the peer address of the specified VC and "Remote Encap" is the configured ATM cell transport type. For example:
<Quidway> display mpls l2vc remote-info Total remote ldp vc : 1 Transport Group Peer Remote Remote VC ID ID Addr Encap VC Label 100 0 3.3.3.9 atm aal5 sdu 17408

MTU/ N S Bit CELLS Bit Bit 0 1500 1 0

6.13 Maintaining a PW
This section describes how to check the PW connectivity and debug PWE3. 6.13.1 Verifying the Connectivity of a PW 6.13.2 Debugging a PW 6.13.3 Debugging a PWE3
6-66 Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd. Issue 03 (2008-09-22)

Quidway NetEngine80E/40E Core Router Configuration Guide - VPN

6 PWE3 Configuration

6.13.1 Verifying the Connectivity of a PW


To verify the connectivity of a PW, first configure basic PWE3 functions through the PW template, and then run the following commands on U-PEs. Action Enter the system view. Enter the PW template view. Enable the CW mode. Enable connectivity check of a PW. Verify the connectivity of a PW in CW mode. Or verify the connectivity of a PW in MPLS Router Alert mode. Command system-view pw-template pw-template-name control-word vccv cc { alert | cw } * cv lsp-ping ping vc pw-type pw-id [ -c echo-number | -m timevalue | -s data-bytes | -t timeout-value | -v ] * control-word [ remote peer-pw-id ] ping vc pw-type pw-id [ -c echo-number | -m timevalue | -s data-bytes | -t timeout-value | -v ] * labelalert [ remote remote-ip-address ]

To verify the connectivity of a PW in CW mode, you need to configure the vccv cc cw cv lspping command on PW templates of the two U-PEs at both ends of the PW. Similarly, to verify the connectivity of a PW in MPLS Router Alert mode, you need to configure the vccv cc alert cv lsp-ping command on PW templates on both ends of the PW. At present, VCCV-PING does not support the following:
l

S-PE devices do not support the vccv cc alert cv lsp-ping command. (The command is supported only on U-PE devices.) Multiple users cannot run the command simultaneously. That is, the devices on the two ends cannot ping a VC at the same time. On a device serving as both a U-PE and an S-PE, if the PW serving as S-PE is performing VCCV-PING, the PW serving as U-PE will be unable to perform VCCV-PING. That is, two VCCV-PINGs cannot be performed on a same device at the same time. The MTU check of the VC is not supported.

For a multi-hop PW (MH-PW), you need to specify the local VC ID and VC type. For the CW mode, if VC IDs are different, you need to specify the VC ID of the remote U-PE. For the MPLS router Alert mode, you need to specify the addresses of the remote peer S-PEs or U-PEs Because a static PW does not support signaling negotiation, configurations of the U-PE control word on both ends of the PW are different, with the control word being enabled on one end, but disabled on the other. When the MPLS Router Alert mode is enabled on both ends, the PW can be Up and the ping vc command can work. However, CEs cannot communicate with each other because the control words are different.

6.13.2 Debugging a PW
Issue 03 (2008-09-22) Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd. 6-67

6 PWE3 Configuration

Quidway NetEngine80E/40E Core Router Configuration Guide - VPN

To locate a PW fault, first configure basic PWE3 functions through the PW template, and then run the following commands on U-PEs. Action Enter the system view of U-PE. Enter the PW template view. Enable the CW mode. Enable connectivity check of a PW. Collect information about each LSR on the PW and the egress PE. Command system-view pw-template pw-template-name control-word vccv cc { alert | cw } * cv lsp-ping
l

tracert vc { { encapsulation | ip-interworking } pwid [ -exp exp-value | -f first-ttl | -m max-ttl | -r replymode | -t timeout-value ]* control-word [ remote remote-pw-id ] } [ full-lsp-path ] tracert vc { { encapsulation | ip-interworking } pwid [ -exp exp-value | -f first-ttl | -m max-ttl | -r replymode | -t timeout-value ]* label-alert [ remote remote-ip-address ] } [ full-lsp-path ] tracert vc { { encapsulation | ip-interworking } pwid [ -exp exp-value | -f first-ttl | -m max-ttl | -r replymode | -t timeout-value ]* normal [ remote remoteip-address ] } [ full-lsp-path ]

To locate a PW fault in CW mode, you need to configure the vccv cc cw cv lsp-ping command in PW templates of the two U-PEs on both ends of the PW. Similarly, to locate a PW fault in MPLS Router Alert mode, you need to configure the vccv cc alert cv lsp-ping command in PW templates on both ends of the PW. When using the tracert vc command to locate a PW fault, you need to pay attention to the following:
l

S-PE devices do not support the command. The command is supported only on U-PE devices. This command can be used to tracert both a single-hop PW (SH-PW) and an MH-PW constructed in the LDP mode. When tracerting an MH-PW, besides specifying the local PW ID and PW type, you need to specify the remote PW ID. CX devices do not support this command.

Execution of the tracert vc command may be terminated on the following conditions:


l

The device that initiates tracert receives an MPLS Echo Reply packet from the Egress device. The TTL in the label of the previous MPLS Echo Request packet sent by the device that initiates tracert reaches the set or default maximum number of hops. The user enters Ctrl+C on the device that initiates tracert.

The source PE of PWE3 Tracert, by orderly sending MPLS Echo Request packets with the Timeto-Live (TTL) of the outer label being 1, 2, 3? and the TTL of the inner label being 1, collects
6-68 Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd. Issue 03 (2008-09-22)

Quidway NetEngine80E/40E Core Router Configuration Guide - VPN

6 PWE3 Configuration

the information about each LSR and egress PE that the PW passes through. If you don not want a device to send MPLS Echo Reply packets after receiving MPLS Echo Request packets from another device, run the following commands in the system view of the device. Action Disable response to MPLS Echo Request packets. Or enable filtering of the source addresses of MPLS Echo Request packets; filtering rules are specified in the ACL configuration. Command undo lspv mpls-lsp-ping echo enable lspv packet-filter acl-number

To view information about PWE3 Tracert of the current device, run the following commands on the device. Action View statistics on PWE3 Tracert. View the current configuration of PWE3 Tracert. Command display lspv statistics display lspv configuration

To clear statistics on PWE3 tracert, run the following command in the user view of the device. Action Clear statistics on PWE3 tracert. Command reset lspv statistics

6.13.3 Debugging a PWE3

CAUTION
Debugging affects the performance of the system. So, after debugging, run the undo debugging all command to disable it immediately. In the case of operational faults, run the debugging command in the user view to debug the PWE3 and locate the faults. For the procedure of outputting the debugging information, refer to the chapter "Maintenance and Debugging" in the Quidway NetEngine80E/40E Router Configuration Guide - System Management. Action Enable debugging of MPLS ping/tracert. Command debugging mpls lspc { all | error | event | packet }

Issue 03 (2008-09-22)

Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd.

6-69

6 PWE3 Configuration

Quidway NetEngine80E/40E Core Router Configuration Guide - VPN

6.14 Configuration Examples


This section provides several configuration examples for PWE3. 6.14.1 Example for Configuring Dynamic SH-PW (Using the LSP Tunnel) 6.14.2 Example for Configuring Dynamic SH-PW (Using the GRE Tunnel) 6.14.3 Example for Configuring Static PWs Switching 6.14.4 Example for Configuring Dynamic PWs Switching 6.14.5 Example for Configuring Mixed PWs Switching 6.14.6 Example for Configuring the PWE3 Convergence 6.14.7 Example for Configuring a Static BFD That Checks PWs 6.14.8 Example for Configuring a Dynamic BFD That Checks SH-PW 6.14.9 Example for Configuring a Dynamic BFD That Checks MH-PW 6.14.10 Example for Configuring PW FRR CEs Are Symmetrically Connected to PEs Through POS Links 6.14.11 Example for Configuring PW FRR CEs Are Asymmetrically Connected to PEs Through POS Links 6.14.12 Example for Configuring PW FRR - CEs Are Symmetrically Connected to PEs Through Ethernet Links, Dynamic BFD Is Used to Detect PWs, EFM Is Used to Detect ACs 6.14.13 Example for Configuring PW FRR - CEs Are Unsymmetrically Connected to PEs Through Ethernet Links, Dynamic BFD Is Used to Detect PWs, EFM Is Used to Detect ACs 6.14.14 Example for Configuring PW FRR - CEs Are Unsymmetrically Connected to PEs Through Ethernet Links, Dynamic BFD Is Used to Detect PWs, CFM Is Used to Detect ACs 6.14.15 Example for Configuring PW FRR - CEs Are Unsymmetrically Connected to PEs Through Ethernet Links, Static BFD Is Used to Detect PWs, CFM Is Used to Detect ACs 6.14.16 Example for Configuring the PWE3 Internetworking 6.14.17 Example for Configuring Inter-AS PWE3-Option A 6.14.18 Example for Configuring Inter-AS PWE3-OptionC 6.14.19 Example for Configuring Interface-based Remote ATM Cell Transport 6.14.20 Example for Configuring 1-to1 VCC ATM Cell Transport 6.14.21 Example for Configuring N-to-1 VCC ATM Cell Transport 6.14.22 Example for Configuring N-to-1 VCC ATM Cell Transport with VPI/VCI Mapping 6.14.23 Example for Configuring 1-to-1 VPC ATM Cell Transport 6.14.24 Example for Configuring N-to-1 VPC ATM Cell Transport 6.14.25 Example for Configuring N-to-1 VPC ATM Cell Transport with VPI Mapping 6.14.26 Example for Configuring ATM AAL5 SDU Transport
6-70 Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd. Issue 03 (2008-09-22)

Quidway NetEngine80E/40E Core Router Configuration Guide - VPN

6 PWE3 Configuration

6.14.1 Example for Configuring Dynamic SH-PW (Using the LSP Tunnel)
Networking Requirements
As shown in Figure 6-16, CE1 and CE2 are connected to PE1 and PE2 through VLAN respectively. PE1 and PE2 are linked to each other through the MPLS backbone. You should set up a dynamic PW between PE1 and PE2 using the LSP tunnel. Figure 6-16 Networking diagram of dynamic SH-PW using the LSP tunnel MPLS Backbone Loopback0 192.2.2.2/32 POS2/0/0 10.1.1.1/24 PE1 GE1/0/0.1 VLAN1 GE1/0/0.1 100.1.1.1/24 POS1/0/0 10.1.1.2/24 P PW GE1/0/0.1 100.1.1.2/24 VLAN2 Loopback0 192.4.4.4/32 Loopback0 192.3.3.3/32 POS2/0/0 10.2.2.2/24 POS2/0/0 10.2.2.1/24 GE1/0/0.1 PE2

CE1

CE2

Configuring Roadmap
The configuration roadmap is as follows: 1. 2. 3. Run the IGP on routers of the backbone network. Enable MPLS for the backbone network and set up an LSP; set up MPLS LDP remote peer relationship between PEs. Create an MPLS L2VC on PEs.

Data Preparation
To complete the configuration, you need the following data.
l l l

L2VC ID (It must be identical at both ends of a PW.) MPLS LSR ID on each PE and P Remote peer address of PE

Configuration Procedure
1.
Issue 03 (2008-09-22)

Configure CE.
Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd. 6-71

6 PWE3 Configuration

Quidway NetEngine80E/40E Core Router Configuration Guide - VPN

# Configure CE1
<Quidway> system-view [Quidway] sysname CE1 [CE1] interface gigabitethernet 1/0/0 [CE1-GigabitEthernet1/0/0] undo shutdown [CE1-GigabitEthernet1/0/0] quit [CE1] interface gigabitethernet 1/0/0.1 [CE1-GigabitEthernet1/0/0.1] vlan-type dot1q 1 [CE1-GigabitEthernet1/0/0.1] ip address 100.1.1.1 24 [CE1-GigabitEthernet1/0/0.1] undo shutdown [CE1-GigabitEthernet1/0/0.1] quit

# Configure CE2
<Quidway> system-view [Quidway] sysname CE2 [CE2] interface gigabitethernet 1/0/0 [CE2-GigabitEthernet1/0/0] undo shutdown [CE2-GigabitEthernet1/0/0] quit [CE2] interface gigabitethernet 1/0/0.1 [CE2-GigabitEthernet1/0/0.1] vlan-type dot1q 2 [CE2-GigabitEthernet1/0/0.1] ip address 100.1.1.2 24 [CE2-GigabitEthernet1/0/0.1] undo shutdown [CE2-GigabitEthernet1/0/0.1] quit

2.

Configure the IGP for the MPLS backbone. Configure the IGP for the MPLS backbone. Take OSPF as an example. The configuration details are not mentioned here. After the configuration, PE1 and PE2 can learn the loopback 0 address of each other that is discovered by the OSPF protocol, and can ping through each other.
<PE1> display ip routing-table Route Flags: R - relied, D - download to fib -----------------------------------------------------------------------------Routing Tables: Public Destinations : 9 Routes : 9 Destination/Mask Proto Pre Cost Flags NextHop Interface 10.1.1.0/24 Direct 0 0 D 10.1.1.1 Pos2/0/0 10.1.1.1/32 Direct 0 0 D 127.0.0.1 InLoopBack0 10.1.1.2/32 Direct 0 0 D 10.1.1.2 Pos2/0/0 10.2.2.0/24 OSPF 10 2 D 10.1.1.2 Pos2/0/0 127.0.0.0/8 Direct 0 0 D 127.0.0.1 InLoopBack0 127.0.0.1/32 Direct 0 0 D 127.0.0.1 InLoopBack0 192.2.2.2/32 Direct 0 0 D 127.0.0.1 InLoopBack0 192.3.3.3/32 OSPF 10 3 D 10.1.1.2 Pos2/0/0 192.4.4.4/32 OSPF 10 2 D 10.1.1.2 Pos2/0/0 <PE1> ping 192.3.3.3 PING 192.3.3.3: 56 data bytes, press CTRL_C to break Reply from 192.3.3.3: bytes=56 Sequence=1 ttl=254 time=230 ms Reply from 192.3.3.3: bytes=56 Sequence=2 ttl=254 time=120 ms Reply from 192.3.3.3: bytes=56 Sequence=3 ttl=254 time=120 ms Reply from 192.3.3.3: bytes=56 Sequence=4 ttl=254 time=120 ms Reply from 192.3.3.3: bytes=56 Sequence=5 ttl=254 time=90 ms --- 192.3.3.3 ping statistics --5 packet(s) transmitted 5 packet(s) received 0.00% packet loss round-trip min/avg/max = 90/136/230 ms

3.

Enable MPLS and set up an LSP and an remote session between PEs. Enable MPLS in the MPLS backbone. Then set up an LSP tunnel and LDP remote sessions between PEs. The configuration details are not mentioned here. After the configuration, run the related command, and you can see that LDP sessions are set up between PEs, and between each pair of PE and P, and their status is Operational. Take the display of PE1 as an example.

6-72

Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd.

Issue 03 (2008-09-22)

Quidway NetEngine80E/40E Core Router Configuration Guide - VPN


<PE1> display mpls ldp session [PE1]display mpls ldp session LDP Session(s) in Public Network

6 PWE3 Configuration

-----------------------------------------------------------------------------Peer-ID Status LAM SsnRole SsnAge KA-Sent/Rcv -----------------------------------------------------------------------------192.3.3.3:0 Operational DU Passive 000:00:04 18/18 192.4.4.4:0 Operational DU Passive 000:00:05 21/21 -----------------------------------------------------------------------------TOTAL: 2 session(s) Found. LAM : Label Advertisement Mode SsnAge Unit : DDD:HH:MM

4.

Create a VC connection. Enable MPLS L2VPN for PE1 and PE2, and create a VC connection between them.
NOTE

The PWE3 does not support P2MP. Therefore, if an MPLS L2VC is created on ATM sub-interfaces, ATM sub-interfaces must be of P2P type. You need not follow the preceding limitation in configuring the transparent ATM cell transport.

# Configure PE1
[PE1] mpls l2vpn [PE1-l2vpn] quit [PE1] interface gigabitethernet 1/0/0 [PE1-GigabitEthernet1/0/0] undo shutdown [PE1-GigabitEthernet1/0/0] quit [PE1] interface gigabitethernet 1/0/0.1 [PE1-GigabitEthernet1/0/0.1] vlan-type dot1q 1 [PE1-GigabitEthernet1/0/0.1] mpls l2vc 192.3.3.3 100 [PE1-GigabitEthernet1/0/0.1] undo shutdown [PE1-GigabitEthernet1/0/0.1] quit

# Configure PE2
[PE2] mpls l2vpn [PE2-l2vpn] quit [PE2] interface gigabitethernet 1/0/0 [PE2-GigabitEthernet1/0/0] undo shutdown [PE2-GigabitEthernet1/0/0] quit [PE2] interface gigabitethernet1/0/0.1 [PE2-GigabitEthernet1/0/0.1] vlan-type dot1q 2 [PE2-GigabitEthernet1/0/0.1] mpls l2vc 192.2.2.2 100 [PE2-GigabitEthernet1/0/0.1] undo shutdown [PE2-GigabitEthernet1/0/0.1] quit

5.

Verify the configuration. Check the connection information about L2VPN on PEs, and you can see that an L2VC has been set up, whose status is Up. Take the display of PE1 as an example:
<PE1> display mpls l2vc interface gigabitethernet 1/0/0.1 *client interface : GigabitEthernet1/0/0.1 is up session state : up AC state : up VC state : up VC ID : 100 VC type : VLAN destination : 192.3.3.3 local group ID : 0 remote group ID local VC label : 21504 remote VC label local AC OAM State : up local PSN State : up local forwarding state : forwarding remote AC OAM state : up remote PSN state : up remote forwarding state: forwarding

: 0 : 21504

Issue 03 (2008-09-22)

Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd.

6-73

6 PWE3 Configuration
BFD for PW manual fault active state forwarding entry link state local VC MTU local VCCV remote VCCV local fragmentantion local control word tunnel policy traffic behavior PW template name primary or secondary VC tunnel/token info NO.0 TNL type : lsp create time up time last change time : : : : : : : : : : : : : : :

Quidway NetEngine80E/40E Core Router Configuration Guide - VPN


unavailable not set active exist up 1500 remote VC MTU : 1500 Disable Disable disable remote fragmentantion: disable disable remote control word : disable ---primary 1 tunnels/tokens , TNL ID : 0x2002003 : 0 days, 0 hours, 7 minutes, 16 seconds : 0 days, 0 hours, 5 minutes, 6 seconds : 0 days, 0 hours, 5 minutes, 6 seconds

CE1 and CE2 can ping through each other. Take the display of CE1 as an example:
<CE1> ping 100.1.1.2 PING 100.1.1.2: 56 data bytes, press CTRL_C to break Reply from 100.1.1.2: bytes=56 Sequence=1 ttl=255 time=31 ms Reply from 100.1.1.2: bytes=56 Sequence=2 ttl=255 time=10 ms Reply from 100.1.1.2: bytes=56 Sequence=3 ttl=255 time=5 ms Reply from 100.1.1.2: bytes=56 Sequence=4 ttl=255 time=2 ms Reply from 100.1.1.2: bytes=56 Sequence=5 ttl=255 time=28 ms --- 100.1.1.2 ping statistics --5 packet(s) transmitted 5 packet(s) received 0.00% packet loss round-trip min/avg/max = 2/15/31 ms

Configuration Files
l

Configuration file of CE1


# sysname CE1 # interface GigabitEthernet1/0/0 undo shutdown # interface GigabitEthernet1/0/0.1 undo shutdown vlan-type dot1q 1 ip address 100.1.1.1 255.255.255.0 # return

Configuration file of PE1


# sysname PE1 # mpls lsr-id 192.2.2.2 mpls # mpls l2vpn # mpls ldp # mpls ldp remote-peer 192.3.3.3 remote-ip 192.3.3.3 # interface GigabitEthernet1/0/0 undo shutdown #

6-74

Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd.

Issue 03 (2008-09-22)

Quidway NetEngine80E/40E Core Router Configuration Guide - VPN


interface GigabitEthernet1/0/0.1 undo shutdown vlan-type dot1q 1 mpls l2vc 192.3.3.3 100 # interface Pos2/0/0 link-protocol ppp undo shutdown ip address 10.1.1.1 255.255.255.0 mpls mpls ldp # interface LoopBack0 ip address 192.2.2.2 255.255.255.255 # ospf 1 area 0.0.0.0 network 192.2.2.2 0.0.0.0 network 10.1.1.0 0.0.0.255 # return l

6 PWE3 Configuration

Configuration file of P
# sysname P # mpls lsr-id 192.4.4.4 mpls # mpls ldp # interface Pos1/0/0 link-protocol ppp undo shutdown ip address 10.1.1.2 255.255.255.0 mpls mpls ldp # interface Pos2/0/0 link-protocol ppp undo shutdown ip address 10.2.2.1 255.255.255.0 mpls mpls ldp # interface LoopBack0 ip address 192.4.4.4 255.255.255.255 # ospf 1 area 0.0.0.0 network 192.4.4.4 0.0.0.0 network 10.1.1.0 0.0.0.255 network 10.2.2.0 0.0.0.255 # return

Configuration file of PE2


# sysname PE2 # mpls lsr-id 192.3.3.3 mpls # mpls l2vpn # mpls ldp # mpls ldp remote-peer 192.2.2.2 remote-ip 192.2.2.2 #

Issue 03 (2008-09-22)

Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd.

6-75

6 PWE3 Configuration
interface Pos2/0/0 link-protocol ppp undo shutdown ip address 10.2.2.2 255.255.255.0 mpls mpls ldp # interface GigabitEthernet1/0/0 undo shutdown # interface GigabitEthernet 1/0/0.1 undo shutdown vlan-type dot1q 2 mpls l2vc 192.2.2.2 100 # interface LoopBack0 ip address 192.3.3.3 255.255.255.255 # ospf 1 area 0.0.0.0 network 192.3.3.3 0.0.0.0 network 10.2.2.0 0.0.0.255 # return l

Quidway NetEngine80E/40E Core Router Configuration Guide - VPN

Configuration file of CE2


# sysname CE2 # interface GigabitEthernet1/0/0 undo shutdown # interface GigabitEthernet1/0/0.1 undo shutdown vlan-type dot1q 2 ip address 100.1.1.2 255.255.255.0 # return

6.14.2 Example for Configuring Dynamic SH-PW (Using the GRE Tunnel)
Networking Requirements
For the networking diagram, see Figure 6-17.CE1 and CE2 are connected to PE1 and PE2 through VLAN respectively. You should set up a dynamic PW between PE1 and PE2 using the GRE tunnel.

6-76

Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd.

Issue 03 (2008-09-22)

Quidway NetEngine80E/40E Core Router Configuration Guide - VPN

6 PWE3 Configuration

Figure 6-17 Networking diagram of dynamic SH-PW using the GRE tunnel

Configuring Roadmap
The configuration roadmap is as follows: 1. 2. Configure the IGP protocol for the backbone network, so that devices in the backbone network can internetwork with each other. Configure basic MPLS functions for the backbone network, set up a GRE tunnel between PEs, and create tunnel policies. Set up MPLS LDP remote peer relationship between PEs on both ends of the PW. Create an MPLS L2VC connection on PEs and apply the tunnel policies to L2VC.

3.

Data Preparation
To complete the configuration, you need the following data.
l l l l l

L2VC ID (It must be identical at both ends of the PW.) MPLS LSR ID of PE-A and PE-B Remote peer address of PE Tunnel policy Source address, destination address, tunnel interface address of the GRE tunnel

Configuration Procedure
1. Configure CE. # Configure CE1
<Quidway> system-view [Quidway] sysname CE1 [CE1] interface gigabitethernet 1/0/0 [CE1-GigabitEthernet1/0/0] undo shutdown [CE1-GigabitEthernet1/0/0] quit [CE1] interface gigabitethernet 1/0/0.1 [CE1-GigabitEthernet1/0/0.1] vlan-type dot1q 1 [CE1-GigabitEthernet1/0/0.1] ip address 100.1.1.1 24

Issue 03 (2008-09-22)

Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd.

6-77

6 PWE3 Configuration
[CE1-GigabitEthernet1/0/0.1] quit

Quidway NetEngine80E/40E Core Router Configuration Guide - VPN

# Configure CE2
<Quidway> system-view [Quidway] sysname CE2 [CE2] interface gigabitethernet 1/0/0 [CE2-GigabitEthernet1/0/0] undo shutdown [CE2-GigabitEthernet1/0/0] quit [CE2] interface gigabitethernet 1/0/0.1 [CE2-GigabitEthernet1/0/0.1] vlan-type dot1q 2 [CE2-GigabitEthernet1/0/0.1] ip address 100.1.1.2 24 [CE2-GigabitEthernet1/0/0.1] quit

2.

Configure the IGP for the MPLS backbone network. Configure the IGP for the MPLS backbone network. Take OSPF as an example. The detailed configuration is not mentioned here.

3.

Enable MPLS, and set up a GRE and remote LDP session. Enable MPLS on the PEs and set up the MPLS LDP remote session between the PEs. # Configure PE1.
[PE1] mpls lsr-id 192.2.2.2 [PE1] mpls [PE1-mpls] quit [PE1] mpls ldp [PE1-mpls-ldp] quit [PE1] mpls ldp remote-peer 192.3.3.3 [PE1-mpls-ldp-remote-192.3.3.3] remote-ip 192.3.3.3 [PE1-mpls-ldp-remote-192.3.3.3] quit

# Configure PE2.
[PE2] mpls lsr-id 192.3.3.3 [PE2] mpls [PE2-mpls] quit [PE2] mpls ldp [PE2-mpls-ldp] quit [PE2] mpls ldp remote-peer 192.2.2.2 [PE2-mpls-ldp-remote-192.2.2.2] remote-ip 192.2.2.2 [PE2-mpls-ldp-remote-192.2.2.2] quit

4.

Set up the GRE tunnel between the PEs and create a tunnel policy. # Configure PE1.
[PE1] interface loopback0 [PE1-LoopBack0] ip address 192.2.2.2 255.255.255.255 [PE1-LoopBack0] target-board 3 [PE1-LoopBack0] binding tunnel gre [PE1-LoopBack0] quit [PE1] interface tunnel 3/0/0 [PE1-Tunnel3/0/0] tunnel-protocol gre [PE1-Tunnel3/0/0] ip address 40.1.1.1 24 [PE1-Tunnel3/0/0] source loopback 0 [PE1-Tunnel3/0/0] destination 192.3.3.3 [PE1-Tunnel3/0/0] quit [PE1] tunnel-policy policy1 [PE1-Tunnel-policy-policy1] tunnel select-seq gre lsp load-balance-number 1 [PE1-Tunnel-policy-policy1] quit

# Configure PE2.
[PE2] interface loopback0 [PE2-LoopBack0] ip address 192.3.3.3 255.255.255.255 [PE2-LoopBack0] target-board 3 [PE2-LoopBack0] binding tunnel gre [PE2-LoopBack0] quit [PE2] interface tunnel 3/0/0 [PE2-Tunnel3/0/0] tunnel-protocol gre [PE2-Tunnel3/0/0] ip address 40.1.1.2 24 [PE2-Tunnel3/0/0] source loopback 0

6-78

Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd.

Issue 03 (2008-09-22)

Quidway NetEngine80E/40E Core Router Configuration Guide - VPN

6 PWE3 Configuration

[PE2-Tunnel3/0/0] destinationn 192.2.2.2 [PE2-Tunnel3/0/0] quit [PE2] tunnel-policy policy1 [PE2-Tunnel-policy-policy1] tunnel select-seq gre lsp load-balance-number 1 [PE2-Tunnel-policy-policy1] quit

After the configuration, run the display this interface command, and you can see that a GRE tunnel has been successfully set up. That is, the value for Line protocol current state is UP.
[PE1] display interface tunnel 3/0/0 Tunnel3/0/0 current state : UP Line protocol current state : UP Last up time: 2007-11-13, 18:00:53 Description:HUAWEI, Quidway Series, Tunnel3/0/0 Interface Route Port,The Maximum Transmit Unit is 1500 Internet Address is 40.1.1.1/24 Encapsulation is TUNNEL, loopback not set Tunnel source 192.2.2.2 (LoopBack0), destination 192.3.3.3 Tunnel protocol/transport GRE/IP, key disabled keepalive disabled Checksumming of packets disabled QoS max-bandwidth : 64 Kbps 300 seconds input rate 0 bits/sec, 0 packets/sec 300 seconds output rate 0 bits/sec, 0 packets/sec 41 packets input, 4380 bytes 0 input error 107 packets output, 10988 bytes 11 output error

5.

Create a VC connection. Enable MPLS L2VPN for PE-A and PE-B, and create a VC-connection with the configured tunnel-policy.
NOTE

The PWE3 does not support P2MP. Therefore, if an MPLS L2VC is created on ATM sub-interfaces, ATM sub-interfaces must be of P2P type. ATM cell transport can be configured on both P2MP interfaces and P2P interfaces.

# Configure PE1.
[PE1] mpls l2vpn [PE1-l2vpn] quit [PE1] interface gigabitethernet 1/0/0 [PE1-GigabitEthernet1/0/0] undo shutdown [PE1-GigabitEthernet1/0/0] quit [PE1] interface gigabitethernet 1/0/0.1 [PE1-GigabitEthernet1/0/0.1] vlan-type dot1q 1 [PE1-GigabitEthernet1/0/0.1] mpls l2vc 192.3.3.3 100 tunnel-policy policy1 [PE1-GigabitEthernet1/0/0.1] quit

# Configure PE2.
[PE2] mpls l2vpn [PE2-l2vpn] quit [PE2] interface gigabitethernet 1/0/0 [PE2-GigabitEthernet1/0/0] undo shutdown [PE2-GigabitEthernet1/0/0] quit [PE2] interface gigabitethernet1/0/0.1 [PE2-GigabitEthernet1/0/0.1] vlan-type dot1q 2 [PE2-GigabitEthernet1/0/0.1] mpls l2vc 192.2.2.2 100 tunnel-policy policy1 [PE2-GigabitEthernet1/0/0.1] quit

6.

Verify the configuration. Check the connection information about L2VPN on PEs, and you can see that an L2VC has been set up, whose status is Up. Take the display of PE1 as an example:
<PE1> display mpls l2vc interface gigabitethernet 1/0/0.1

Issue 03 (2008-09-22)

Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd.

6-79

6 PWE3 Configuration

Quidway NetEngine80E/40E Core Router Configuration Guide - VPN


*client interface : GigabitEthernet1/0/0.1 is up session state : up AC state : up VC state : up VC ID : 100 VC type : VLAN destination : 192.3.3.3 local group ID : 0 remote group ID : 0 local VC label : 21504 remote VC label : 21504 local AC OAM State : up local PSN State : up local forwarding state : forwarding remote AC OAM state : up remote PSN state : up remote forwarding state: forwarding BFD for PW : unavailable manual fault : not set active state : active forwarding entry : exist link state : up local VC MTU : 1500 remote VC MTU : 1500 local VCCV : Disable remote VCCV : Disable local fragmentantion : disable remote fragmentantion: disable local control word : disable remote control word : disable tunnel policy : policy1 traffic behavior : -PW template name : -primary or secondary : primary VC tunnel/token info : 1 tunnels/tokens NO.0 TNL type : gre , TNL ID : 0x12002003 create time : 0 days, 0 hours, 2 minutes, 23 seconds up time : 0 days, 0 hours, 0 minutes, 13 seconds last change time : 0 days, 0 hours, 0 minutes, 13 seconds

CE1 and CE2 can ping through each other. Take the display of PE1 as an example:
<CE1> ping 100.1.1.2 PING 100.1.1.2: 56 data bytes, press CTRL_C to break Reply from 100.1.1.2: bytes=56 Sequence=1 ttl=255 time=31 ms Reply from 100.1.1.2: bytes=56 Sequence=2 ttl=255 time=10 ms Reply from 100.1.1.2: bytes=56 Sequence=3 ttl=255 time=5 ms Reply from 100.1.1.2: bytes=56 Sequence=4 ttl=255 time=2 ms Reply from 100.1.1.2: bytes=56 Sequence=5 ttl=255 time=28 ms --- 100.1.1.2 ping statistics --5 packet(s) transmitted 5 packet(s) received 0.00% packet loss round-trip min/avg/max = 2/15/31 ms

Configuration Files
l

Configuration file of CE1


# sysname CE1 # interface GigabitEthernet1/0/0 undo shutdown # interface GigabitEthernet1/0/0.1 vlan-type dot1q 1 ip address 100.1.1.1 255.255.255.0 # return

Configuration file of PE1


# sysname PE1

6-80

Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd.

Issue 03 (2008-09-22)

Quidway NetEngine80E/40E Core Router Configuration Guide - VPN


# mpls lsr-id 192.2.2.2 mpls # mpls l2vpn # mpls ldp # mpls ldp remote-peer 192.3.3.3 remote-ip 192.3.3.3 # interface GigabitEthernet1/0/0 undo shutdown # interface GigabitEthernet1/0/0.1 vlan-type dot1q 1 mpls l2vc 192.3.3.3 100 tunnel-policy policy1 # interface Pos2/0/0 undo shutdown link-protocol ppp ip address 10.1.1.1 255.255.255.0 # interface LoopBack0 ip address 192.2.2.2 255.255.255.255 target-board 3 binding tunnel gre # interface Tunnel3/0/0 ip address 40.1.1.1 255.255.255.0 tunnel-protocol gre source LoopBack0 destination 192.3.3.3 # ospf 1 area 0.0.0.0 network 192.2.2.2 0.0.0.0 network 10.1.1.0 0.0.0.255 # tunnel-policy policy1 tunnel select-seq gre lsp load-balance-number 1 # return l

6 PWE3 Configuration

Configuration file of P
# sysname P # interface Pos1/0/0 undo shutdown link-protocol ppp ip address 10.1.1.2 255.255.255.0 # interface Pos2/0/0 undo shutdown link-protocol ppp ip address 10.2.2.1 255.255.255.0 # ospf 1 area 0.0.0.0 network 192.4.4.4 0.0.0.0 network 10.1.1.0 0.0.0.255 network 10.2.2.0 0.0.0.255 # return

Configuration file of PE2


# sysname PE2 #

Issue 03 (2008-09-22)

Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd.

6-81

6 PWE3 Configuration

Quidway NetEngine80E/40E Core Router Configuration Guide - VPN


mpls lsr-id 192.3.3.3 mpls # mpls l2vpn # mpls ldp # mpls ldp remote-peer 192.2.2.2 remote-ip 192.2.2.2 # interface Pos2/0/0 undo shutdown link-protocol ppp ip address 10.2.2.2 255.255.255.0 # interface GigabitEthernet1/0/0 undo shutdown # interface GigabitEthernet 1/0/0.1 undo shutdown vlan-type dot1q 2 mpls l2vc 192.2.2.2 100 tunnel-policy policy1 # interface LoopBack0 ip address 192.3.3.3 255.255.255.255 target-board 3 binding tunnel gre # interface Tunnel3/0/0 ip address 40.1.1.2 255.255.255.0 tunnel-protocol gre source LoopBack0 destination 192.2.2.2 # ospf 1 area 0.0.0.0 network 192.3.3.3 0.0.0.0 network 10.2.2.0 0.0.0.255 # tunnel-policy policy1 tunnel select-seq gre lsp load-balance-number 1 # return

Configuration file of CE2


# sysname CE2 # interface GigabitEthernet1/0/0 undo shutdown # interface GigabitEthernet1/0/0.1 vlan-type dot1q 2 ip address 100.1.1.2 255.255.255.0 # return

6.14.3 Example for Configuring Static PWs Switching


Networking Requirements
Figure 6-18 shows that CE1 is connected to U-PE1 and CE-2 is connected to U-PE2 in the PPP mode. It is required to set up a static PW between U-PE1 and S-PE, and between U-PE2 and S-PE. It is required to switch two static PWs at the S-PE.
6-82 Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd. Issue 03 (2008-09-22)

Quidway NetEngine80E/40E Core Router Configuration Guide - VPN

6 PWE3 Configuration

Figure 6-18 Networking diagram of static MH-PW


Loopback0 2.2.2.9/32 Loopback0 3.3.3.9/32 POS1/0/0 20.1.1.2/24 POS2/0/0 20.1.1.1/24
PW

Loopback0 4.4.4.9/32 POS1/0/0 30.1.1.2/24

P1

S-PE

P2

POS1/0/0 10.1.1.2/24 Loopback0 1.1.1.9/32

POS2/0/0 30.1.1.1/24

POS2/0/0 40.1.1.1/24 Loopback0 5.5.5.9/32

tic Sta

Sta t

ic P W

POS2/0/0 10.1.1.1/24

POS1/0/0 40.1.1.2/24 POS2/0/0 U-PE2 POS1/0/0 100.1.1.2/24

U-PE1

POS1/0/0 POS1/0/0 100.1.1.1/24

CE1

CE2

Configuring Roadmap
The configuration roadmap is as follows: 1. 2. 3. 4. Run the IGP on routers of the backbone network. Enable MPLS for backbone network and set up an LSP between U-PE and the S-PE. Create static MPLS L2VCs on U-PEs. Create a PW switching on S-PE for MH-PW.

Data Preparation
To complete the configuration, you need the following data.
l l l l

L2VC IDs on U-PE1 and U-PE2 MPLS LSR IDs of U-PE1, S-PE, and U-PE2 PW template name and parameters on U-PEs VC label values needed for configuring the static PW (Pay attention to the relationship between the VC label values on both ends of the PW.) Encapsulation type for exchanging PWs on S-PE

Configuration Procedure
1. Configure CE. # Configure CE1.
<Quidway> system-view [Quidway] sysname CE1 [CE1] interface pos 1/0/0 [CE1-Pos1/0/0] ip address 100.1.1.1 24 [CE1-Pos1/0/0] undo shutdown [CE1-Pos1/0/0] quit

Issue 03 (2008-09-22)

Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd.

6-83

6 PWE3 Configuration

Quidway NetEngine80E/40E Core Router Configuration Guide - VPN

# Configure CE2.
<Quidway> system-view [Quidway] sysname CE2 [CE2] interface pos 1/0/0 [CE2-Pos1/0/0] ip address 100.1.1.2 24 [CE2-Pos1/0/0] undo shutdown

[CE2-Pos1/0/0] quit 2. Configure the IGP for the MPLS backbone network Configure the IGP for the MPLS backbone network. In this example, use OSPF. Configure the IP addresses of the U-PEs, S-PEs and Ps as shown in Figure 6-18. While configuring OSPF, advertise 32-bit loopback address of all PEs. The detailed configuration is not mentioned here. 3. Configure MPLS for routers on the backbone network and set up a tunnel. Enable the MPLS for routers on the backbone network. Then set up an LSP between UPE1 and S-PE, and between the S-PE and U-PE2. The configuration details are omitted here. 4. Create a VC connection. Enable MPLS L2VPN for U-PE1, U-PE2 and the S-PE, and create a VC connection between U-PE1 and U-PE2.
NOTE

The PWE3 does not support P2MP. Therefore, if an MPLS L2VC is created on ATM sub-interfaces, ATM sub-interfaces must be of P2P type. For configuring transparent ATM cell transport, however, there is no such restriction.

# Configure U-PE1.
[U-PE1] pw-template pwt [U-PE1-pw-template-pwt] peer-address 3.3.3.9 [U-PE1-pw-template-pwt] quit [U-PE1] mpls l2vpn [U-PE1-l2vpn] quit [U-PE1] interface pos 1/0/0 [U-PE1-Pos1/0/0] mpls static-l2vc pw-template pwt 100 transmit-vpn-label 100 receive-vpn-label 100 [U-PE1-Pos1/0/0] undo shutdown [U-PE1-Pos1/0/0] quit

# Configure S-PE.
[S-PE] mpls l2vpn [S-PE-l2vpn] quit [S-PE] mpls switch-l2vc 5.5.5.9 100 trans 200 recv 200 between 1.1.1.9 100 trans 100 recv 100 encapsulation ppp

# Configure U-PE2.
[U-PE2] mpls l2vpn [U-PE2-l2vpn] quit [U-PE2] pw-template pwt [U-PE2-pw-template-pwt] peer-address 3.3.3.9 [U-PE2-pw-template-pwt] quit [U-PE2] interface pos 2/0/0 [U-PE2-Pos2/0/0] mpls static-l2vc pw-template pwt 100 transmit-vpn-label 200 receive-vpn-label 200 [U-PE2-Pos2/0/0] undo shutdown [U-PE2-Pos2/0/0] quit
NOTE

The transmit-vpn-labels configured on U-PEs must be consistent with the recv labels on the S-PE; the receive-vpn-labels configured on U-PEs must be consistent with the trans labels on the S-PE. Otherwise, CEs are unable to internetwork with each other.

6-84

Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd.

Issue 03 (2008-09-22)

Quidway NetEngine80E/40E Core Router Configuration Guide - VPN

6 PWE3 Configuration

5.

Verify the configuration. Check the connection information about L2VPN on PEs, and you can see that an L2VC has been set up, whose status is Up. Take the display of U-PE1 and S-PE as an example:
<U-PE1> display mpls static-l2vc interface pos 1/0/0 *Client Interface : Pos1/0/0 is up AC Status : up VC State : up VC ID : 100 VC Type : PPP Destination : 3.3.3.9 Transmit VC Label : 100 Receive VC Label : 100 Control Word : Disable VCCV Capabilty : Disable Tunnel Policy : -PW Template Name : pwt Traffic Behavior : -Main or Secondary : Main VC tunnel/token info : 1 tunnels/tokens NO.0 TNL Type : lsp , TNL ID : 0x2002003 Create time : 0 days, 0 hours, 13 minutes, 7 seconds UP time : 0 days, 0 hours, 10 minutes, 23 seconds Last change time : 0 days, 0 hours, 10 minutes, 23 seconds <S-PE> display mpls switch-l2vc Total Switch VC : 1, 1 up, 0 down *Switch-l2vc type : SVC<---->SVC Peer IP Address : 5.5.5.9, 1.1.1.9 VC ID : 100, 100 VC Type : PPP VC State : up In/Out Label : 200/200, 100/100 Control Word : Disable, Disable VCCV Capability : Disable, Disable Switch-l2vc tunnel info : 1 tunnels for peer 5.5.5.9 NO.0 TNL Type : lsp , TNL ID : 0x2002006 1 tunnels for peer 1.1.1.9 NO.0 TNL Type : lsp , TNL ID : 0x1002000 Create time : 0 days, 0 hours, 12 minutes, 13 seconds UP time : 0 days, 0 hours, 5 minutes, 16 seconds Last change time : 0 days, 0 hours, 5 minutes, 16 seconds

CE1 and CE2 can ping through each other. Take the display of CE1 as an example:
<CE1> ping 100.1.1.2 PING 100.1.1.2: 56 data bytes, press CTRL_C to break Reply from 100.1.1.2: bytes=56 Sequence=1 ttl=255 time=188 Reply from 100.1.1.2: bytes=56 Sequence=2 ttl=255 time=187 Reply from 100.1.1.2: bytes=56 Sequence=3 ttl=255 time=187 Reply from 100.1.1.2: bytes=56 Sequence=4 ttl=255 time=188 Reply from 100.1.1.2: bytes=56 Sequence=5 ttl=255 time=188 --- 100.1.1.2 ping statistics --5 packet(s) transmitted 5 packet(s) received 0.00% packet loss round-trip min/avg/max = 187/187/188 ms ms ms ms ms ms

Configuration Files
l

Configuration file of CE1


# sysname CE1 # interface Pos1/0/0

Issue 03 (2008-09-22)

Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd.

6-85

6 PWE3 Configuration
link-protocol ppp undo shutdown ip address 100.1.1.1 255.255.255.0 # return l

Quidway NetEngine80E/40E Core Router Configuration Guide - VPN

Configuration file of U-PE1


# sysname U-PE1 # mpls lsr-id 1.1.1.9 mpls # mpls l2vpn # pw-template pwt peer-address 3.3.3.9 # mpls ldp # mpls ldp remote-peer 3.3.3.9 remote-ip 3.3.3.9 # interface Pos1/0/0 link-protocol ppp undo shutdown mpls static-l2vc pw-template pwt 100 transmit-vpn-label 100 receive-vpn-label 100 # interface Pos2/0/0 link-protocol ppp undo shutdown ip address 10.1.1.1 255.255.255.0 mpls mpls ldp # interface LoopBack0 ip address 1.1.1.9 255.255.255.255 # ospf 1 area 0.0.0.0 network 10.1.1.0 0.0.0.255 network 1.1.1.9 0.0.0.0 # return

Configuration file of P1
# sysname P1 # mpls lsr-id 2.2.2.9 mpls # mpls ldp # interface Pos1/0/0 link-protocol ppp undo shutdown ip address 10.1.1.2 255.255.255.0 mpls mpls ldp # interface Pos2/0/0 link-protocol ppp undo shutdown ip address 20.1.1.1 255.255.255.0 mpls mpls ldp # interface LoopBack0

6-86

Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd.

Issue 03 (2008-09-22)

Quidway NetEngine80E/40E Core Router Configuration Guide - VPN


ip address 2.2.2.9 255.255.255.255 # ospf 1 area 0.0.0.0 network 10.1.1.0 0.0.0.255 network 20.1.1.0 0.0.0.255 network 2.2.2.9 0.0.0.0 # return l

6 PWE3 Configuration

Configuration file of S-PE


# sysname S-PE # mpls lsr-id 3.3.3.9 mpls # mpls l2vpn # mpls switch-l2vc 5.5.5.9 100 trans 200 recv 200 between 1.1.1.9 100 trans 100 recv 100 encapsulation ppp # mpls ldp # mpls ldp remote-peer 1.1.1.9 remote-ip 1.1.1.9 # mpls ldp remote-peer 5.5.5.9 remote-ip 5.5.5.9 # interface Pos1/0/0 link-protocol ppp undo shutdown ip address 20.1.1.2 255.255.255.0 mpls mpls ldp # interface Pos2/0/0 link-protocol ppp undo shutdown ip address 30.1.1.1 255.255.255.0 mpls mpls ldp # interface LoopBack0 ip address 3.3.3.9 255.255.255.255 # ospf 1 area 0.0.0.0 network 20.1.1.0 0.0.0.255 network 30.1.1.0 0.0.0.255 network 3.3.3.9 0.0.0.0 # return

Configuration file of P2
# sysname P2 # mpls lsr-id 4.4.4.9 mpls # mpls ldp # interface Pos1/0/0 link-protocol ppp undo shutdown ip address 30.1.1.2 255.255.255.0 mpls mpls ldp

Issue 03 (2008-09-22)

Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd.

6-87

6 PWE3 Configuration
# interface Pos2/0/0 link-protocol ppp undo shutdown ip address 40.1.1.1 255.255.255.0 mpls mpls ldp # interface LoopBack0 ip address 4.4.4.9 255.255.255.255 # ospf 1 area 0.0.0.0 network 4.4.4.9 0.0.0.0 network 30.1.1.0 0.0.0.255 network 40.1.1.0 0.0.0.255 # return l

Quidway NetEngine80E/40E Core Router Configuration Guide - VPN

Configuration file of U-PE2


# sysname U-PE2 # mpls lsr-id 5.5.5.9 mpls # mpls l2vpn # pw-template pwt peer-address 3.3.3.9 # mpls ldp # mpls ldp remote-peer 3.3.3.9 remote-ip 3.3.3.9 # interface Pos1/0/0 link-protocol ppp undo shutdown ip address 40.1.1.2 255.255.255.0 mpls mpls ldp # interface Pos2/0/0 link-protocol ppp undo shutdown mpls static-l2vc pw-template pwt 100 transmit-vpn-label 200 receive-vpn-label 200 # interface LoopBack0 ip address 5.5.5.9 255.255.255.255 # ospf 1 area 0.0.0.0 network 5.5.5.9 0.0.0.0 network 40.1.1.0 0.0.0.255 # return

Configuration file of CE1


# sysname CE1 # interface Pos1/0/0 link-protocol ppp undo shutdown ip address 100.1.1.2 255.255.255.0 # return

6-88

Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd.

Issue 03 (2008-09-22)

Quidway NetEngine80E/40E Core Router Configuration Guide - VPN

6 PWE3 Configuration

6.14.4 Example for Configuring Dynamic PWs Switching


Networking Requirements
Figure 6-19 shows that, CE1 and CE2 are connected respectively to U-PE1 and U-PE2 through PPP. It is required to set up a dynamic PW between U-PE1 and the S-PE, between U-PE2 and the SPE. An MH PW is set up between U-PE1 and U-PE2. It is required to configure PW switching on the S-PE. The PSN tunnel is required to be the LSP. Figure 6-19 Networking diagram of dynamic MH-PW

Configuring Roadmap
The configuration roadmap is as follows: 1. 2. 3. 4. 5. Configure the IGP routing protocol for the backbone network, so that devices in the backbone can internetwork with each other. Configure basic MPLS functions for the backbone, and set up LSP tunnels. Set up MPLS LDP remote peer relationship between U-PE1 and S-PE, and between U-PE2 and S-PE. Create the PW template, and enable the CW and LSP ping functions. Set up an MPLS L2VC connection between U-PEs. Set up a PW switching on the switching node S-PE.

Data Preparation
To complete the configuration, you need the following data.
Issue 03 (2008-09-22) Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd. 6-89

6 PWE3 Configuration
l l l l l

Quidway NetEngine80E/40E Core Router Configuration Guide - VPN

L2VC ID (The one on U-PE1 differs from that on U-PE2.) MPLS LSR IDs Address of the PE remote peer Encapsulation type of the PW PW template name and parameters on U-PE

Configuration Procedure
1. Configure CE. # Configure CE1.
<Quidway> system-view [Quidway] sysname CE1 [CE1] interface pos 1/0/0 [CE1-Pos1/0/0] ip address 100.1.1.1 24 [CE1-Pos1/0/0] undo shutdown [CE1-Pos1/0/0] quit

# Configure CE2.
<Quidway> system-view [Quidway] sysname CE2 [CE2] interface pos 1/0/0 [CE2-Pos1/0/0] ip address 100.1.1.2 24 [CE2-Pos1/0/0] undo shutdown [CE2-Pos1/0/0] quit

2.

Configure the IGP for the MPLS backbone network. Configure the IGP for the MPLS backbone. Take OSPF as an example. Configure IP addresses for the interfaces of U-PEs, S-PE, and Ps. While configuring OSPF, advertise the 32-bit loopback addresses of U-PE1, S-PE, and U-PE2. Configure U-PE1.
[U-PE1] interface loopback 0 [U-PE1-LoopBack0] ip address 1.1.1.9 32 [U-PE1-LoopBack0] quit [U-PE1] interface pos 2/0/0 [U-PE1-Pos2/0/0] ip address 10.1.1.1 24 [U-PE1-Pos2/0/0] undo shutdown [U-PE1-Pos2/0/0] quit [U-PE1] ospf 1 [U-PE1-ospf-1] area 0.0.0.0 [U-PE1-ospf-1-area-0.0.0.0] network 10.1.1.0 0.0.0.255 [U-PE1-ospf-1-area-0.0.0.0] network 1.1.1.9 0.0.0.0 [U-PE1-ospf-1-area-0.0.0.0] quit [U-PE1-ospf-1] quit

Configure P1.
[P1] interface loopback 0 [P1-LoopBack0] ip address 2.2.2.9 32 [P1-LoopBack0] quit [P1] interface pos 1/0/0 [P1-Pos1/0/0] ip address 10.1.1.2 24 [P1-Pos1/0/0] undo shutdown [P1-Pos1/0/0] quit [P1] interface pos 2/0/0 [P1-Pos2/0/0] ip address 20.1.1.1 24 [P1-Pos2/0/0] undo shutdown [P1-Pos2/0/0] quit [P1] ospf 1 [P1-ospf-1] area 0.0.0.0 [P1-ospf-1-area-0.0.0.0] network 10.1.1.0 0.0.0.255 [P1-ospf-1-area-0.0.0.0] network 20.1.1.0 0.0.0.255 [P1-ospf-1-area-0.0.0.0] network 2.2.2.9 0.0.0.0

6-90

Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd.

Issue 03 (2008-09-22)

Quidway NetEngine80E/40E Core Router Configuration Guide - VPN


[P1-ospf-1-area-0.0.0.0] quit [P1-ospf-1] quit

6 PWE3 Configuration

# Configure S-PE.
[S-PE] interface loopback 0 [S-PE-LoopBack0] ip address 3.3.3.9 32 [S-PE-LoopBack0] quit [S-PE] interface pos 1/0/0 [S-PE-Pos1/0/0] ip address 20.1.1.2 24 [S-PE-Pos1/0/0] undo shutdown [S-PE-Pos1/0/0] quit [S-PE] interface pos 2/0/0 [S-PE-Pos2/0/0] ip address 30.1.1.1 24 [S-PE-Pos2/0/0] undo shutdown [S-PE-Pos2/0/0] quit [S-PE] ospf 1 [S-PE-ospf-1] area 0.0.0.0 [S-PE-ospf-1-area-0.0.0.0] network 20.1.1.0 0.0.0.255 [S-PE-ospf-1-area-0.0.0.0] network 30.1.1.0 0.0.0.255 [S-PE-ospf-1-area-0.0.0.0] network 3.3.3.9 0.0.0.0 [S-PE-ospf-1-area-0.0.0.0] quit [S-PE-ospf-1] quit

# Configure P2.
[P2] interface loopback 0 [P2-LoopBack0] ip address 4.4.4.9 32 [P2-LoopBack0] quit [P2] interface pos 1/0/0 [P2-Pos1/0/0] ip address 30.1.1.2 24 [P2-Pos1/0/0] undo shutdown [P2-Pos1/0/0] quit [P2] interface pos 2/0/0 [P2-Pos2/0/0] ip address 40.1.1.1 24 [P2-Pos2/0/0] undo shutdown [P2-Pos2/0/0] quit [P2] ospf 1 [P2-ospf-1] area 0.0.0.0 [P2-ospf-1-area-0.0.0.0] network 30.1.1.0 0.0.0.255 [P2-ospf-1-area-0.0.0.0] network 40.1.1.0 0.0.0.255 [P2-ospf-1-area-0.0.0.0] network 4.4.4.9 0.0.0.0 [P2-ospf-1-area-0.0.0.0] quit [P2-ospf-1] quit

# Configure U-PE2.
[U-PE2] interface loopback 0 [U-PE2-LoopBack0] ip address 5.5.5.9 32 [U-PE2-LoopBack0] quit [U-PE2] interface pos 1/0/0 [U-PE2-Pos1/0/0] ip address 40.1.1.2 24 [U-PE2-Pos1/0/0] undo shutdown [U-PE2-Pos1/0/0] quit [U-PE2] ospf 1 [U-PE2-ospf-1] area 0.0.0.0 [U-PE2-ospf-1-area-0.0.0.0] network 40.1.1.0 0.0.0.255 [U-PE2-ospf-1-area-0.0.0.0] network 1.1.1.9 0.0.0.0 [U-PE2-ospf-1-area-0.0.0.0] quit [U-PE2-ospf-1] quit

After the configuration, run the display ip routing-table command on U-PEs, Ps, or S-PE, and you can find that they have learned the path to each other's LSR ID. Take the display of S-PE as an example:
<S-PE> display ip routing-table Route Flags: R - relied, D - download to fib -----------------------------------------------------------------------------Routing Tables: Public Destinations : 15 Routes : 15 Destination/Mask Proto Pre Cost Flags NextHop Interface 1.1.1.9/32 OSPF 10 3 D 20.1.1.1 Pos1/0/0 2.2.2.9/32 OSPF 10 2 D 20.1.1.1 Pos1/0/0

Issue 03 (2008-09-22)

Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd.

6-91

6 PWE3 Configuration
3.3.3.9/32 4.4.4.9/32 5.5.5.9/32 10.1.1.0/24 20.1.1.0/24 20.1.1.1/32 20.1.1.2/32 30.1.1.0/24 30.1.1.1/32 30.1.1.2/32 40.1.1.0/24 127.0.0.0/8 127.0.0.1/32 Direct OSPF OSPF OSPF Direct Direct Direct Direct Direct Direct OSPF Direct Direct 0 10 10 10 0 0 0 0 0 0 10 0 0 0 2 3 2 0 0 0 0 0 0 2 0 0

Quidway NetEngine80E/40E Core Router Configuration Guide - VPN


D D D D D D D D D D D D D 127.0.0.1 30.1.1.2 30.1.1.2 20.1.1.1 20.1.1.2 20.1.1.1 127.0.0.1 30.1.1.1 127.0.0.1 30.1.1.2 30.1.1.2 127.0.0.1 127.0.0.1 InLoopBack0 Pos2/0/0 Pos2/0/0 Pos1/0/0 Pos1/0/0 Pos1/0/0 InLoopBack0 Pos2/0/0 InLoopBack0 Pos2/0/0 Pos2/0/0 InLoopBack0 InLoopBack0

U-PEs can ping through each other. Take the display of U-PE1 as an example.
<U-PE1> ping 40.1.1.2 PING 40.1.1.2: 56 data bytes, press CTRL_C to break Reply from 40.1.1.2: bytes=56 Sequence=1 ttl=252 time=160 Reply from 40.1.1.2: bytes=56 Sequence=2 ttl=252 time=120 Reply from 40.1.1.2: bytes=56 Sequence=3 ttl=252 time=150 Reply from 40.1.1.2: bytes=56 Sequence=4 ttl=252 time=150 Reply from 40.1.1.2: bytes=56 Sequence=5 ttl=252 time=160 --- 40.1.1.2 ping statistics --5 packet(s) transmitted 5 packet(s) received 0.00% packet loss round-trip min/avg/max = 120/148/160 ms ms ms ms ms ms

3.

Enable MPLS, and set up an LSP and an remote MPLS LDP session. Configure basic MPLS functions for the backbone, set up tunnels between U-PE1 and SPE, and between U-PE2s, and create remote LDP sessions. Configure U-PE1.
[U-PE1] mpls lsr-id 1.1.1.9 [U-PE1] mpls [U-PE1-mpls] quit [U-PE1] mpls ldp [U-PE1-mpls-ldp] quit [U-PE1] interface pos 2/0/0 [U-PE1-Pos2/0/0] mpls [U-PE1-Pos2/0/0] mpls ldp [U-PE1-Pos2/0/0] quit [U-PE1] mpls ldp remote-peer 3.3.3.9 [U-PE1-mpls-ldp-remote-3.3.3.9] remote-ip 3.3.3.9 [U-PE1-mpls-ldp-remote-3.3.3.9] quit

Configure P1.
[P1] mpls lsr-id 2.2.2.9 [P1] mpls [P1-mpls] quit [P1] mpls ldp [P1-mpls-ldp] quit [P1] interface pos 1/0/0 [P1-Pos1/0/0] mpls [P1-Pos1/0/0] mpls ldp [P1-Pos1/0/0] quit [P1] interface pos 2/0/0 [P1-Pos2/0/0] mpls [P1-Pos2/0/0] mpls ldp [P1-Pos2/0/0] quit

# Configure S-PE.
[S-PE] mpls lsr-id 3.3.3.9 [S-PE] mpls [S-PE-mpls] quit [S-PE] mpls ldp [S-PE-mpls-ldp] quit [S-PE] interface pos 1/0/0 [S-PE-Pos1/0/0] mpls

6-92

Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd.

Issue 03 (2008-09-22)

Quidway NetEngine80E/40E Core Router Configuration Guide - VPN


[S-PE-Pos1/0/0] mpls ldp [S-PE-Pos1/0/0] quit [S-PE] interface pos 2/0/0 [S-PE-Pos2/0/0] mpls [S-PE-Pos2/0/0] mpls ldp [S-PE-Pos2/0/0] quit [S-PE] mpls ldp remote-peer 1.1.1.9 [S-PE-mpls-ldp-remote-1.1.1.9] remote-ip 1.1.1.9 [S-PE-mpls-ldp-remote-1.1.1.9] quit [S-PE] mpls ldp remote-peer 5.5.5.9 [S-PE-mpls-ldp-remote-5.5.5.9] remote-ip 5.5.5.9 [S-PE-mpls-ldp-remote-5.5.5.9] quit

6 PWE3 Configuration

# Configure P2.
[P2] mpls lsr-id 4.4.4.9 [P2] mpls [P2-mpls] quit [P2] mpls ldp [P2-mpls-ldp] quit [P2] interface pos 1/0/0 [P2-Pos1/0/0] mpls [P2-Pos1/0/0] mpls ldp [P2-Pos1/0/0] quit [P2] interface pos 2/0/0 [P2-Pos2/0/0] mpls [P2-Pos2/0/0] mpls ldp [P2-Pos2/0/0] quit

# Configure U-PE2.
[U-PE2] mpls lsr-id 5.5.5.9 [U-PE2] mpls [U-PE2-mpls] quit [U-PE2] mpls ldp [U-PE2-mpls-ldp] quit [U-PE2] interface pos 1/0/0 [U-PE2-Pos1/0/0] mpls [U-PE2-Pos1/0/0] mpls ldp [U-PE2-Pos1/0/0] quit [U-PE2] mpls ldp remote-peer 3.3.3.9 [U-PE2-mpls-ldp-remote-3.3.3.9] remote-ip 3.3.3.9 [U-PE2-mpls-ldp-remote-3.3.3.9] quit

After the configuration, run the display mpls ldp session command on U-PEs, Ps, or SPE, and you can see that the Session State is Operational. Run the display mpls ldp peer command, and you can view how the LDP sessions and the peers have been constructed. Run the display mpls lsp command, and you can view how LSPs have been constructed. Take the display of S-PE as an example:
<S-PE> display mpls ldp session LDP Session(s) in Public Network -----------------------------------------------------------------------------Peer-ID Status LAM SsnRole SsnAge KA-Sent/Rcv -----------------------------------------------------------------------------1.1.1.9:0 Operational DU Active 000:00:14 57/57 2.2.2.9:0 Operational DU Active 000:00:14 56/56 4.4.4.9:0 Operational DU Passive 000:00:05 22/22 5.5.5.9:0 Operational DU Passive 000:00:12 52/52 -----------------------------------------------------------------------------TOTAL: 4 session(s) Found. LAM : Label Advertisement Mode SsnAge Unit : DDD:HH:MM <S-PE> display mpls ldp peer LDP Peer Information in Public network -----------------------------------------------------------------------------Peer-ID Transport-Address Discovery-Source

Issue 03 (2008-09-22)

Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd.

6-93

6 PWE3 Configuration

Quidway NetEngine80E/40E Core Router Configuration Guide - VPN

-----------------------------------------------------------------------------1.1.1.9:0 1.1.1.9 Remote Peer : 1.1.1.9 2.2.2.9:0 2.2.2.9 Pos1/0/0 4.4.4.9:0 4.4.4.9 Pos2/0/0 5.5.5.9:0 5.5.5.9 Remote Peer : 5.5.5.9 -----------------------------------------------------------------------------TOTAL: 4 Peer(s) Found. <S-PE> display mpls lsp ---------------------------------------------------------------------LSP Information: LDP LSP ---------------------------------------------------------------------FEC In/Out Label In/Out IF Vrf Name 3.3.3.9/32 3/NULL -/1.1.1.9/32 NULL/1024 -/Pos1/0/0 1.1.1.9/32 1024/1024 -/Pos1/0/0 2.2.2.9/32 NULL/3 -/Pos1/0/0 2.2.2.9/32 1025/3 -/Pos1/0/0 4.4.4.9/32 NULL/3 -/Pos2/0/0 4.4.4.9/32 1027/3 -/Pos2/0/0 5.5.5.9/32 NULL/1027 -/Pos2/0/0 5.5.5.9/32 1026/1027 -/Pos2/0/0

4.

Create and configure a PW template. Create PW templates on U-PEs, and enable the CW and LSP ping functions. Configure U-PE1.
[U-PE1] pw-template pwt [U-PE1-pw-template-pwt] [U-PE1-pw-template-pwt] [U-PE1-pw-template-pwt] [U-PE1-pw-template-pwt] peer-address 3.3.3.9 control-word vccv cc cw cv lsp-ping quit

# Configure U-PE2.
[U-PE2] pw-template pwt [U-PE2-pw-template-pwt] [U-PE2-pw-template-pwt] [U-PE2-pw-template-pwt] [U-PE2-pw-template-pwt]
NOTE

peer-address 3.3.3.9 control-word vccv cc cw cv lsp-ping quit

You can configure a dynamic PW without using the PW template. If no PW template is used, you can neither check the connectivity of the PWs nor collect the information about the PW routes in Step 6 Verify the configuration. In other words, you cannot use the ping vc and tracert vc commands.

5.

Create a VC connection. Enable MPLS L2VPN for U-PE1, U-PE2 and the S-PE. Configure the dynamic PW on the U-PE and the dynamic PW switching is performed on the S-PE.
NOTE

The PWE3 does not support P2MP. Therefore, if MPLS L2VC is created on ATM sub-interfaces, ATM sub-interfaces must be of P2P type, You need not follow the preceding limitation in configuring the transparent ATM cell transport.

# Configure U-PE1.
[U-PE1] mpls l2vpn [U-PE1-l2vpn] quit [U-PE1] interface pos 1/0/0 [U-PE1-Pos1/0/0] mpls l2vc pw-template pwt 100 [U-PE1-Pos1/0/0] undo shutdown [U-PE1-Pos1/0/0] quit

# Configure S-PE.
[S-PE] mpls l2vpn

6-94

Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd.

Issue 03 (2008-09-22)

Quidway NetEngine80E/40E Core Router Configuration Guide - VPN

6 PWE3 Configuration

[S-PE-l2vpn] quit [S-PE] mpls switch-l2vc 1.1.1.9 100 between 5.5.5.9 200 encapsulation ppp

# Configure U-PE2.
[U-PE2] mpls l2vpn [U-PE2-l2vpn] quit [U-PE2] interface pos 2/0/0 [U-PE2-Pos2/0/0] mpls l2vc pw-template pwt 200 [U-PE2-Pos2/0/0] undo shutdown [U-PE2-Pos2/0/0] quit

6.

Verify the configuration. (1) Check the connection information about PWE3. Check the connection information about L2VPN on U-PEs and S-PE, and you can see that an L2VC has been set up, whose status is Up. Take the display of U-PE1 as an example:
<U-PE1> display mpls l2vc interface pos 1/0/0 *client interface : Pos1/0/0 is up session state : up AC state : up VC state : up VC ID : 100 VC type : PPP destination : 3.3.3.9 local group ID : 0 remote group ID : 0 local VC label : 21504 remote VC label : 21505 local AC OAM State : up local PSN State : up local forwarding state : forwarding remote AC OAM state : up remote PSN state : up remote forwarding state: forwarding BFD for PW : unavailable manual fault : not set active state : active forwarding entry : exist link state : up local VC MTU : 4470 remote VC MTU : 4470 local VCCV : cw lsp-ping remote VCCV : cw lsp-ping local fragmentantion : disable remote fragmentantion: disable local control word : enable remote control word : enable tunnel policy : -traffic behavior : -PW template name : pwt primary or secondary : primary VC tunnel/token info : 1 tunnels/tokens NO.0 TNL type : lsp , TNL ID : 0x2002003 create time : 0 days, 0 hours, 15 minutes, 3 seconds up time : 0 days, 0 hours, 3 minutes, 15 seconds last change time : 0 days, 0 hours, 3 minutes, 15 seconds

View the status of the switching VC on S-PE:


<S-PE> display mpls switch-l2vc Total Switch VC : 1, 1 up, 0 down *Switch-l2vc type : LDP<---->LDP Peer IP Address : 5.5.5.9, 1.1.1.9 VC ID : 200, 100 VC Type : PPP VC State : up VC StatusCode |PSN |OAM | FW | |PSN |OAM | FW | -Local VC :| UP | UP | UP | | UP | UP | UP | -Remote VC:| UP | UP | UP | | UP | UP | UP | Session State : up, up Local/Remote Label : 21504/21504, 21505/21504 Local/Remote MTU : 1500/1500, 1500/1500 Local/Remote Control Word : Enable/Enable, Enable/Enable

Issue 03 (2008-09-22)

Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd.

6-95

6 PWE3 Configuration

Quidway NetEngine80E/40E Core Router Configuration Guide - VPN


Local/Remote VCCV Capability : cw lsp-ping/cw lsp-ping, cw lsp-ping/cw lsp-ping Local/Remote Frag Capability : Disable/Disable, Disable/Disable Switch-l2vc tunnel info : 1 tunnels for peer 5.5.5.9 NO.0 TNL Type : lsp , TNL ID : 0x2002006 1 tunnels for peer 1.1.1.9 NO.0 TNL Type : lsp , TNL ID : 0x1002000 Create time : 0 days, 0 hours, 13 minutes, 1 seconds UP time : 0 days, 0 hours, 3 minutes, 58 seconds Last change time : 0 days, 0 hours, 3 minutes, 58 seconds

(2) Check the connectivity of the PW. Run the ping vc command on U-PEs, and you can see that the connectivity of the PW is normal. Take the display of U-PE1 as an example.
<U-PE1> ping vc ppp 100 control-word remote 200 Reply: bytes=100 Sequence=1 time = 740 ms Reply: bytes=100 Sequence=2 time = 90 ms Reply: bytes=100 Sequence=3 time = 160 ms Reply: bytes=100 Sequence=4 time = 130 ms Reply: bytes=100 Sequence=5 time = 160 ms --- FEC: FEC 128 PSEUDOWIRE (NEW). Type = ppp, ID = 100 ping statistics --5 packet(s) transmitted 5 packet(s) received 0.00% packet loss round-trip min/avg/max = 90/256/740 ms

(3) Collect the path information about PWs. Run the tracert vc command on U-PEs, and you can collect the information about each LSR and egress PE that the PW passes through. Take the display of U-PE1 as an example.
<U-PE1> TTL 0 1 2 3 4 <U-PE1> TTL 0 2 4 tracert vc ppp 100 control-word remote 200 full-lsp-path Replier Time Type Downstream Ingress 10.1.1.2/[1025 ] 10.1.1.2 100 ms Transit 20.1.1.2/[3 ] 20.1.1.2 60 ms Transit 30.1.1.2 80 ms Transit 40.1.1.2/[3 ] 40.1.1.2 150 ms Egress tracert vc ppp 100 control-word remote 200 Replier Time Type Downstream Ingress 10.1.1.2/[1025 ] 20.1.1.2 60 ms Transit 40.1.1.2 110 ms Egress

If response to MPLS Echo Request packets is disabled on S-PE devices, the configuration is as follows:
[S-PE] undo lspv mpls-lsp-ping echo enable

If you run the tracert vc command on U-PEs, when collecting the information about each LSR and egress PE that the PW passes through, U-PEs prompt timeout if it fails to receive Reply packets from S-PE. Take the display of U-PE1 as an example.
<U-PE1> tracert vc ppp 100 TTL Replier 0 1 10.1.1.2 2 Request time out 3 30.1.1.2 4 40.1.1.2 <U-PE1> tracert vc ppp 100 TTL Replier 0 2 Request time out 4 40.1.1.2 control-word remote 200 full-lsp-path Time Type Downstream Ingress 10.1.1.2/[1025 ] 130 ms Transit 20.1.1.2/[3 ] 80 ms Transit 40.1.1.2/[3 ] 100 ms Egress control-word remote 200 Time Type Downstream Ingress 10.1.1.2/[1025 ] 130 ms Egress

To avoid PWE3 tracert attacks, you can enable filtering of the source addresses of MPLS Echo Request packets on U-PEs. The filtering rules are specified in the ACL
6-96 Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd. Issue 03 (2008-09-22)

Quidway NetEngine80E/40E Core Router Configuration Guide - VPN

6 PWE3 Configuration

configuration. For example, you can configure an ACL on U-PE2 to prevent U-PE1 from obtaining information about the path from U-PE1 to U-PE2 with the tracert vc command. The detailed configuration is as follows.
[U-PE2] acl 3001 [U-PE2-acl-adv-3001] rule deny udp source 1.1.1.9 0 [U-PE2-acl-adv-3001] quit [U-PE2] lspv packet-filter 3001

If you run the tracert vc command on U-PE1, U-PE1 will be unable to collect information about egress PEs on the PWs. Take the display of U-PE1 as an example.
<U-PE1> tracert vc ppp 100 control-word remote 200 full-lsp-path TTL Replier Time Type Downstream 0 Ingress 10.1.1.2/[1025 ] 1 10.1.1.2 110 ms Transit 20.1.1.2/[3 ] 2 Request time out 3 30.1.1.2 60 ms Transit 40.1.1.2/[3 ] 4 Request time out 5 Request time out 6 Request time out 7 Request time out <U-PE1> tracert vc ppp 100 control-word remote 200 TTL Replier Time Type Downstream 0 Ingress 10.1.1.2/[1025 ] 2 Request time out 4 Request time out 5 Request time out 6 Request time out 7 Request time out

However, if you run the tracert vc command on U-PE2, U-PE2 will be able to collect information about each LSR and egress PE that the PW between U-PE2 and U-PE1 passes through.
[U-PE2] tracert vc ppp 200 TTL Replier 0 1 40.1.1.1 2 Request time out 3 20.1.1.1 4 10.1.1.1 [U-PE2] tracert vc ppp 200 TTL Replier 0 2 Request time out 4 10.1.1.1 control-word remote 100 full-lsp-path Time Type Downstream Ingress 40.1.1.1/[1026 ] 120 ms Transit 30.1.1.1/[3 ] 60 ms Transit 10.1.1.1/[3 ] 160 ms Egress control-word remote 100 Time Type Downstream Ingress 40.1.1.1/[1026 ] 120 ms Egress

Run the display lspv configuration command on U-PE2, and you can view the current configuration of PWE3 tracert.
<U-PE2> display lspv configuration lspv packet filter 3001

Run the display lspv statistics command on U-PEs, and you can view the statistics on PWE3 tracert. Take the display of U-PE2 as an example.
<U-PE2> display lspv statistics Total sent: 10 packet(s) Total received: 10 packet(s) MPLS echo request sent: 0 packet(s), received: 10 packet(s) MPLS echo reply sent: 10 packet(s), received: 0 packet(s)

Run the reset lspv statistics command on U-PE, and you can clear the statistics on PWE3 tracert. Take the display of U-PE2 as an example.
<U-PE2> reset lspv statistics <U-PE2> display lspv statistics Total sent: 0 packet(s) Total received: 0 packet(s) MPLS echo request sent: 0 packet(s), received: 0 packet(s) MPLS echo reply sent: 0 packet(s), received: 0 packet(s)

Issue 03 (2008-09-22)

Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd.

6-97

6 PWE3 Configuration

Quidway NetEngine80E/40E Core Router Configuration Guide - VPN

(4) Check the connectivity between CEs and the information about the path between CEs. CE1 and CE2 can ping through each other.
<CE1> ping 100.1.1.2 PING 100.1.1.2: 56 data bytes, press CTRL_C to break Reply from 100.1.1.2: bytes=56 Sequence=1 ttl=255 time=180 Reply from 100.1.1.2: bytes=56 Sequence=2 ttl=255 time=120 Reply from 100.1.1.2: bytes=56 Sequence=3 ttl=255 time=160 Reply from 100.1.1.2: bytes=56 Sequence=4 ttl=255 time=160 Reply from 100.1.1.2: bytes=56 Sequence=5 ttl=255 time=130 --- 100.1.1.2 ping statistics --5 packet(s) transmitted 5 packet(s) received 0.00% packet loss round-trip min/avg/max = 120/150/180 ms ms ms ms ms ms

Information about the path from CE1 to CE2.


[CE1] tracert 100.1.1.2 traceroute to 100.1.1.2(100.1.1.2) 30 hops max,40 bytes packet 1 100.1.1.2 250 ms 220 ms 130 ms

Configuration Files
l

Configuration file of CE1


# sysname CE1 # interface Pos1/0/0 link-protocol ppp undo shutdown ip address 100.1.1.1 255.255.255.0 # return

Configuration file of U-PE1


# sysname U-PE1 # mpls lsr-id 1.1.1.9 mpls # mpls l2vpn # pw-template pwt peer-address 3.3.3.9 control-word vccv cc cw cv lsp-ping # mpls ldp # mpls ldp remote-peer 3.3.3.9 remote-ip 3.3.3.9 # interface Pos1/0/0 link-protocol ppp undo shutdown mpls l2vc pw-template pwt 100 # interface Pos2/0/0 link-protocol ppp undo shutdown ip address 10.1.1.1 255.255.255.0 mpls mpls ldp # interface LoopBack0 ip address 1.1.1.9 255.255.255.255 #

6-98

Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd.

Issue 03 (2008-09-22)

Quidway NetEngine80E/40E Core Router Configuration Guide - VPN


ospf 1 area 0.0.0.0 network 10.1.1.0 0.0.0.255 network 1.1.1.9 0.0.0.0 # return l

6 PWE3 Configuration

Configuration file of P1
# sysname P1 # mpls lsr-id 2.2.2.9 mpls # mpls ldp # interface Pos1/0/0 link-protocol ppp undo shutdown ip address 10.1.1.2 255.255.255.0 mpls mpls ldp # interface Pos2/0/0 link-protocol ppp undo shutdown ip address 20.1.1.1 255.255.255.0 mpls mpls ldp # interface LoopBack0 ip address 2.2.2.9 255.255.255.255 # ospf 1 area 0.0.0.0 network 2.2.2.9 0.0.0.0 network 10.1.1.0 0.0.0.255 network 20.1.1.0 0.0.0.255 # return

Configuration file of S-PE


# sysname S-PE # mpls lsr-id 3.3.3.9 mpls # mpls l2vpn # mpls switch-l2vc 5.5.5.9 200 between 1.1.1.9 100 encapsulation ppp # mpls ldp # mpls ldp remote-peer 1.1.1.9 remote-ip 1.1.1.9 # mpls ldp remote-peer 5.5.5.9 remote-ip 5.5.5.9 # interface Pos1/0/0 link-protocol ppp undo shutdown ip address 20.1.1.2 255.255.255.0 mpls mpls ldp # interface Pos2/0/0 link-protocol ppp undo shutdown

Issue 03 (2008-09-22)

Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd.

6-99

6 PWE3 Configuration
ip address 30.1.1.1 255.255.255.0 mpls mpls ldp # interface LoopBack0 ip address 3.3.3.9 255.255.255.255 # ospf 1 area 0.0.0.0 network 3.3.3.9 0.0.0.0 network 20.1.1.0 0.0.0.255 network 30.1.1.0 0.0.0.255 # return l

Quidway NetEngine80E/40E Core Router Configuration Guide - VPN

Configuration file of P2
# sysname P2 # mpls lsr-id 4.4.4.9 mpls # mpls ldp # interface Pos1/0/0 link-protocol ppp undo shutdown ip address 30.1.1.2 255.255.255.0 mpls mpls ldp # interface Pos2/0/0 link-protocol ppp undo shutdown ip address 40.1.1.1 255.255.255.0 mpls mpls ldp # interface LoopBack0 ip address 4.4.4.9 255.255.255.255 # ospf 1 area 0.0.0.0 network 4.4.4.9 0.0.0.0 network 30.1.1.0 0.0.0.255 network 40.1.1.0 0.0.0.255 # return

Configuration file of U-PE2


# sysname U-PE2 # mpls lsr-id 5.5.5.9 mpls # mpls l2vpn # pw-template pwt peer-address 3.3.3.9 control-word vccv cc cw cv lsp-ping # mpls ldp # mpls ldp remote-peer 3.3.3.9 remote-ip 3.3.3.9 # interface Pos1/0/0 link-protocol ppp

6-100

Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd.

Issue 03 (2008-09-22)

Quidway NetEngine80E/40E Core Router Configuration Guide - VPN


undo shutdown ip address 40.1.1.2 255.255.255.0 mpls mpls ldp # interface Pos2/0/0 link-protocol ppp undo shutdown mpls l2vc pw-template pwt 200 # interface LoopBack0 ip address 5.5.5.9 255.255.255.255 # ospf 1 area 0.0.0.0 network 5.5.5.9 0.0.0.0 network 40.1.1.0 0.0.0.255 # return l

6 PWE3 Configuration

Configuration file of CE2


# sysname CE2 # interface Pos1/0/0 link-protocol ppp undo shutdown ip address 100.1.1.2 255.255.255.0 # return

6.14.5 Example for Configuring Mixed PWs Switching


Networking Requirements
Figure 6-20 shows that CE1 is connected to U-PE1 and CE2 is connected to U-PE2 in the PPP mode. You must set up a mixed MH-PW between U-PE1 and U-PE2. It is required to switch static PW with dynamic PW at the S-PE.

Issue 03 (2008-09-22)

Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd.

6-101

6 PWE3 Configuration

Quidway NetEngine80E/40E Core Router Configuration Guide - VPN

Figure 6-20 Networking of mixed MH-PW


Loopback0 2.2.2.9/32 Loopback0 3.3.3.9/32 POS1/0/0 20.1.1.2/24 POS2/0/0 20.1.1.1/24
100 PW c i nam Dy

Loopback0 4.4.4.9/32 POS1/0/0 30.1.1.2/24

P1

S-PE

P2

POS1/0/0 10.1.1.2/24 Loopback0 1.1.1.9/32

POS2/0/0 30.1.1.1/24

POS2/0/0 40.1.1.1/24 Loopback0 5.5.5.9/32

Sta t

ic P W2 00

POS2/0/0 10.1.1.1/24

POS1/0/0 40.1.1.2/24 POS2/0/0 U-PE2 POS1/0/0 100.1.1.2/24

U-PE1

POS1/0/0 POS1/0/0 100.1.1.1/24

CE1

CE2

Configuring Roadmap
The configuration roadmap is as follows: 1. 2. 3. 4. 5. Run the IGP on routers of the backbone network to implement IP connectivity. Enable MPLS on PEs and set up an LSP between each pair of PEs. Set up an MPLS LDP remote session between U-PE and the S-PE. Create a static or dynamic MPLS L2VC connection on U-PE. Create a PW switching on the S-PE.

Data Preparation
To complete the configuration, you need the following data.
l l l l l

L2VC ID (The one of U-PE1 differs from that of U-PE2.) MPLS LSR IDs of the U-PE, S-PE, and U-PE2 VC label needed in the configuration of the static PW on the U-PE2 Encapsulation type of PW PW template and its attributes on U-PE2

Configuration Procedure
1. Configure CE. # Configure CE1.
<Quidway> system-view [Quidway] sysname CE1 [CE1] interface pos 1/0/0 [CE1-Pos1/0/0] ip address 100.1.1.1 24 [CE1-Pos1/0/0] undo shutdown

6-102

Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd.

Issue 03 (2008-09-22)

Quidway NetEngine80E/40E Core Router Configuration Guide - VPN


[CE1-Pos1/0/0] quit

6 PWE3 Configuration

# Configure CE2.
<Quidway> system-view [Quidway] sysname CE2 [CE2] interface pos 1/0/0 [CE2-Pos1/0/0] ip address 100.1.1.2 24 [CE2-Pos1/0/0] undo shutdown [CE2-Pos1/0/0] quit

2.

Configure the IGP for the MPLS backbone network. Configure the IGP for the MPLS backbone network. In this example, use OSPF. Configure the IP addresses of the U-PEs, S-PEs and Ps as shown in Figure 6-20. While configuring OSPF, advertise 32-bit loopback addresses of all PE devices. The detailed configuration procedures are not mentioned here.

3.

Enable MPLS and set up an LSP and a remote LDP session. Enable the MPLS for MPLS backbone, and set up an LSP between each pair of PEs. Then set up an MPLS LDP session between U-PE1 and the S-PE. The configuration details are mentioned here.

4.

Create a VC connection. Enable the MPLS L2VPN for U-PE1, U-PE2 and the S-PE. Configure the dynamic VC on the U-PE1. Configure the static VC on the U-PE2. Configure the mixed PW switching on the S-PE.
NOTE

The PWE3 does not support P2MP. Therefore, if an MPLS L2VC is created on ATM sub-interfaces, ATM sub-interfaces must be of P2P type. For configuring transparent ATM cell transport, however, there is no such restriction.

# Configure U-PE1.
[U-PE1] mpls l2vpn [U-PE1] interface pos 1/0/0 [U-PE1-Pos1/0/0] mpls l2vc 3.3.3.9 100 [U-PE1-Pos1/0/0] mtu 1500 [U-PE1-Pos1/0/0] undo shutdown [U-PE1-Pos1/0/0] quit
NOTE

While configuring mixed PWs switching, note that ip-address vc-id before between in the command is of dynamic PW, while ip-address vc-id after between is of static PW. Both of them cannot be interchanged.

# Configure S-PE.
[S-PE] mpls l2vpn [S-PE-l2vpn] quit [S-PE] mpls switch-l2vc 1.1.1.9 100 between 5.5.5.9 200 trans 200 recv 100 encapsulation ppp

# Configure U-PE2.
[U-PE2] mpls l2vpn [U-PE2-l2vpn] quit [U-PE2] pw-template pwt [U-PE2-pw-template-pwt] peer-address 3.3.3.9 [U-PE2-pw-template-pwt] quit [U-PE2] interface pos 2/0/0 [U-PE2-Pos2/0/0] mpls static-l2vc pw-template pwt 200 transmit-vpn-label 100 receive-vpn-label 200 [U-PE2-Pos2/0/0] undo shutdown [U-PE2-Pos2/0/0] quit

5.
Issue 03 (2008-09-22)

Verify the configuration.


Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd. 6-103

6 PWE3 Configuration

Quidway NetEngine80E/40E Core Router Configuration Guide - VPN

Check the information about L2VPN connection on PE. In addition, you can find that the L2VC has been set up, and the VC state is up. Take the display of U-PE1 and the S-PE as example:
<U-PE1> display mpls l2vc interface pos 1/0/0 *client interface : Pos1/0/0 is up session state : up AC state : up VC state : up VC ID : 100 VC type : PPP destination : 3.3.3.9 local group ID : 0 remote group ID : 0 local VC label : 21504 remote VC label : 21504 local AC OAM State : up local PSN State : up local forwarding state : forwarding remote AC OAM state : up remote PSN state : up remote forwarding state: forwarding BFD for PW : unavailable manual fault : not set active state : active forwarding entry : exist link state : up local VC MTU : 1500 remote VC MTU : 1500 local VCCV : Disable remote VCCV : Disable local fragmentantion : disable remote fragmentantion: disable local control word : disable remote control word : disable tunnel policy : -traffic behavior : -PW template name : -primary or secondary : primary VC tunnel/token info : 1 tunnels/tokens NO.0 TNL type : lsp , TNL ID : 0x2002003 create time : 0 days, 13 hours, 3 minutes, 37 seconds up time : 0 days, 12 hours, 54 minutes, 46 seconds last change time : 0 days, 12 hours, 54 minutes, 46 seconds <S-PE> display mpls switch-l2vc Total Switch VC : 1, 1 up, 0 down *Switch-l2vc type : LDP<---->SVC Peer IP Address : 1.1.1.9, 5.5.5.9 VC ID : 100, 200 VC Type : PPP VC State : up Session State : up, None Local(In)/Remote(Out) Label : 21504/21504, 100/200 Local/Remote MTU : 1500/1500, 1500 Local/Remote Control Word : Disable/Disable, Disable Local/Remote VCCV Capability : Disable/Disable, Disable Local/Remote Frag Capability : Disable/Disable Switch-l2vc tunnel info : 1 tunnels for peer 1.1.1.9 NO.0 TNL Type : lsp , TNL ID : 0x1002000 1 tunnels for peer 5.5.5.9 NO.0 TNL Type : lsp , TNL ID : 0x2002006 Create time : 0 days, 13 hours, 1 minutes, 59 seconds UP time : 0 days, 12 hours, 55 minutes, 45 seconds Last change time : 0 days, 12 hours, 55 minutes, 45 seconds

CE1 and CE2 can ping through each other. Take the display of CE1 as an example:
<CE1> ping 100.1.1.2 PING 100.1.1.2: 56 data bytes, press CTRL_C to break Reply from 100.1.1.2: bytes=56 Sequence=1 ttl=255 time=270 ms Reply from 100.1.1.2: bytes=56 Sequence=2 ttl=255 time=220 ms Reply from 100.1.1.2: bytes=56 Sequence=3 ttl=255 time=190 ms

6-104

Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd.

Issue 03 (2008-09-22)

Quidway NetEngine80E/40E Core Router Configuration Guide - VPN

6 PWE3 Configuration

Reply from 100.1.1.2: bytes=56 Sequence=4 ttl=255 time=190 ms Reply from 100.1.1.2: bytes=56 Sequence=5 ttl=255 time=160 ms --- 100.1.1.2 ping statistics --5 packet(s) transmitted 5 packet(s) received 0.00% packet loss round-trip min/avg/max = 160/206/270 ms

Configuration Files
l

Configuration file of CE1


# sysname CE1 # interface Pos1/0/0 link-protocol ppp undo shutdown ip address 100.1.1.1 255.255.255.0 # return

Configuration file of U-PE1


# sysname U-PE1 # mpls lsr-id 1.1.1.9 mpls # mpls l2vpn # mpls ldp # mpls ldp remote-peer 3.3.3.9 remote-ip 3.3.3.9 # interface Pos1/0/0 link-protocol ppp undo shutdown mtu 1500 mpls l2vc 3.3.3.9 100 # interface Pos2/0/0 link-protocol ppp undo shutdown ip address 10.1.1.1 255.255.255.0 mpls mpls ldp # interface LoopBack0 ip address 1.1.1.9 255.255.255.255 # ospf 1 area 0.0.0.0 network 10.1.1.0 0.0.0.255 network 1.1.1.9 0.0.0.0 # return

Configuration file of P1
# sysname P1 # mpls lsr-id 2.2.2.9 mpls # mpls ldp # interface Pos1/0/0

Issue 03 (2008-09-22)

Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd.

6-105

6 PWE3 Configuration
link-protocol ppp undo shutdown ip address 10.1.1.2 255.255.255.0 mpls mpls ldp # interface Pos2/0/0 link-protocol ppp undo shutdown ip address 20.1.1.1 255.255.255.0 mpls mpls ldp # interface LoopBack0 ip address 2.2.2.9 255.255.255.255 # ospf 1 area 0.0.0.0 network 10.1.1.0 0.0.0.255 network 20.1.1.0 0.0.0.255 network 2.2.2.9 0.0.0.0 # return l

Quidway NetEngine80E/40E Core Router Configuration Guide - VPN

Configuration file of S-PE


# Sysname S-PE # mpls lsr-id 3.3.3.9 mpls # mpls l2vpn # mpls switch-l2vc 1.1.1.9 100 between 5.5.5.9 200 trans 200 recv 100 encapsulation ppp # mpls ldp # mpls ldp remote-peer 1.1.1.9 remote-ip 1.1.1.9 # mpls ldp remote-peer 5.5.5.9 remote-ip 5.5.5.9 # interface Pos1/0/0 link-protocol ppp undo shutdown ip address 20.1.1.2 255.255.255.0 mpls mpls ldp # interface Pos2/0/0 link-protocol ppp undo shutdown ip address 30.1.1.1 255.255.255.0 mpls mpls ldp # interface LoopBack0 ip address 3.3.3.9 255.255.255.255 # ospf 1 area 0.0.0.0 network 20.1.1.0 0.0.0.255 network 30.1.1.0 0.0.0.255 network 3.3.3.9 0.0.0.0 # return

Configuration file of P2
Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd. Issue 03 (2008-09-22)

6-106

Quidway NetEngine80E/40E Core Router Configuration Guide - VPN


# sysname P2 # mpls lsr-id 4.4.4.9 mpls # mpls ldp # interface Pos1/0/0 link-protocol ppp undo shutdown ip address 30.1.1.2 255.255.255.0 mpls mpls ldp # interface Pos2/0/0 link-protocol ppp undo shutdown ip address 40.1.1.1 255.255.255.0 mpls mpls ldp # interface LoopBack0 ip address 4.4.4.9 255.255.255.255 # ospf 1 area 0.0.0.0 network 4.4.4.9 0.0.0.0 network 30.1.1.0 0.0.0.255 network 40.1.1.0 0.0.0.255 # return l

6 PWE3 Configuration

Configuration file of U-PE2


# sysname U-PE2 # mpls lsr-id 5.5.5.9 mpls # mpls l2vpn # pw-template pwt peer-address 3.3.3.9 # mpls ldp # mpls ldp remote-peer 3.3.3.9 remote-ip 3.3.3.9 # interface Pos1/0/0 link-protocol ppp undo shutdown ip address 40.1.1.2 255.255.255.0 mpls mpls ldp # interface Pos2/0/0 link-protocol ppp undo shutdown mpls static-l2vc pw-template pwt 200 transmit-vpn-label 100 receive-vpn-label 200 # interface LoopBack0 ip address 5.5.5.9 255.255.255.255 # ospf 1 area 0.0.0.0 network 5.5.5.9 0.0.0.0 network 40.1.1.0 0.0.0.255

Issue 03 (2008-09-22)

Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd.

6-107

6 PWE3 Configuration
# return l

Quidway NetEngine80E/40E Core Router Configuration Guide - VPN

Configuration file of CE2


# sysname CE2 # interface Pos1/0/0 link-protocol ppp undo shutdown ip address 100.1.1.2 255.255.255.0 # return

6.14.6 Example for Configuring the PWE3 Convergence


Networking Requirements
In Figure 6-21, access devices on the MPLS network support the static LSP and static PW; however, they cannot set up a large number of LDP sessions. The networking requirements are as follows:
l

Configuring the static PW between the access devices and the convergence devices by using the access devices as the U-PEs and the convergence devices as the switching node S-PE of the LDP sessions Configuring the dynamic PW between the convergence devices

The purpose of the configuration is to realize the communication between devices.

6-108

Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd.

Issue 03 (2008-09-22)

Quidway NetEngine80E/40E Core Router Configuration Guide - VPN

6 PWE3 Configuration

Figure 6-21 Networking diagram of the PWE3 convergence


CE1 CE3

POS1/0/0 POS1/0/0

POS1/0/0 POS1/0/0

Loopback0 POS2/0/0 Loopback0 Loopback0

Loopback0 POS2/0/0 Loopback0 POS1/0/0 POS2/0/0 P S-PE2 POS2/0/0 POS3/0/0 POS1/0/0 U-PE3

U-PE1

POS1/0/0 POS2/0/0

POS3/0/0 S-PE1 POS1/0/0

POS2/0/0 Loopback0 U-PE2 POS1/0/0 MPLS Backbone Loopback0 POS2/0/0

U-PE4

POS1/0/0

POS1/0/0

CE2

CE4

Device CE1 CE2 CE3 CE4 U-PE1 U-PE2 U-PE3 U-PE4 S-PE1

Interface POS1/0/0 POS1/0/0 POS1/0/0 POS1/0/0 Loopback 0 POS2/0/0 Loopback 0 POS2/0/0 Loopback 0 POS2/0/0 Loopback 0 POS1/0/0 Loopback 0 POS1/0/0 POS2/0/0 POS3/0/0

IP address 100.1.1.1/24 100.1.1.2/24 100.1.1.3/24 100.1.1.4/24 2.2.2.9/32 10.1.1.1/24 6.6.6.9/32 20.1.1.1/24 5.5.5.9/32 50.1.1.2/24 7.7.7.9/32 60.1.1.2/24 3.3.3.9/32 10.1.1.2/24 20.1.1.2/24 30.1.1.1/24 4.4.4.9/32 40.1.1.2/24 50.1.1.1/24 60.1.1.1/24 1.1.1.9/24 30.1.1.2/24 40.1.1.1/24

S-PE2

Loopback 0 POS1/0/0 POS2/0/0 POS3/0/0

Loopback 0 POS1/0/0 POS2/0/0

Issue 03 (2008-09-22)

Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd.

6-109

6 PWE3 Configuration

Quidway NetEngine80E/40E Core Router Configuration Guide - VPN

Configuring Roadmap
The configuration roadmap is as follows: 1. 2. 3. Configure the static route on the routers between the access devices and the convergence devices and configure IS-IS on routers between the convergence devices. Configure the remote MPLS LDP peer relationship between the convergence devices when configuring MPLS. Configure the static PW between the access devices and the convergence devices and configure the dynamic PW between the convergence devices.

Data Preparation
To complete the configuration, you need the following data.
l l

IP addresses for the interfaces and data needed for running the network layer protocols Values of the LSP outbound labels and inbound labels for U-PEs and S-PE (Pay attention to the relationship between the values of these labels.) IP addresses of the remote MPLS LDP peers to the convergence devices. Values of the VC labels received or sent by a static PW on U-PEs (Pay attention to the relationship between the VC label values on both ends of the PW.)

l l

Configuration Procedure
Configuring U-PE2 and U-PE4 is similar to configuring U-PE1 and U-PE3. This is only an introduction on the procedure to configure U-PE1 and U-PE3. 1. Configuring the interface IP address of routers As shown in Figure 6-21, assign the IP address for interfaces of routers, and assign the loopback address for Ps, U-PEs and S-PEs. The detailed configuration procedures are not mentioned here. 2. Configuring protocols at network layer Configure network layer protocols for the routers on PSN backbone so that routers can ping each other. Configure static route on U-PEs and S-PEs to set up interconnection between them. Run the IS-IS protocol on S-PEs to set up interconnection between them. The detailed configuration procedures are not mentioned here. 3. Configuring static LSP Set up the static LSP between U-PE and the S-PE.
NOTE

The outbound LSP label value of U-PE should be identical with the inbound LSP label value of the S-PE. And inbound LSP label value of U-PE should be identical with the of outbound LSP label value on the S-PE.

Configuring U-PE3 and S-PE2 are similar to configuring U-PE1 and the S-PE1. This is only an introduction on the procedure to configure U-PE1 and the S-PE1. # Configure U-PE1.
<U-PE1> system-view [U-PE1] mpls lsr-id 2.2.2.9 [U-PE1] mpls [U-PE1-mpls] quit [U-PE1] interface pos2/0/0

6-110

Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd.

Issue 03 (2008-09-22)

Quidway NetEngine80E/40E Core Router Configuration Guide - VPN

6 PWE3 Configuration

[U-PE1-Pos2/0/0] mpls [U-PE1-Pos2/0/0] quit [U-PE1] ip route-static 3.3.3.9 24 10.1.1.2 [U-PE1] static-lsp ingress pw-ing-lsp destination 3.3.3.9 32 nexthop 10.1.1.2 out-label 100 [U-PE1] static-lsp egress pw-eg-lsp incoming-interface pos2/0/0 in-label 200

# Configure S-PE1.
<S-PE1> system-view [S-PE1] mpls lsr-id 3.3.3.9 [S-PE1] mpls [S-PE1-mpls] quit [S-PE1] interface pos1/0/0 [S-PE1-Pos1/0/0] mpls [S-PE1-Pos1/0/0] quit [S-PE1] ip route-static 2.2.2.9 24 10.1.1.1 [S-PE1] static-lsp ingress pw-ing-lsp destination 2.2.2.9 32 nexthop 10.1.1.1 out-label 200 [S-PE1] static-lsp egress pw-eg-lsp incoming-interface pos1/0/0 in-label 100

4.

Configuring LSP dynamically Set up LSP dynamically between S-PE1 and S-PE2. # Configure S-PE1.
[S-PE1] mpls [S-PE1-mpls] label advertise non-null [S-PE1-mpls] quit [S-PE1] mpls ldp [S-PE1-mpls-ldp] quit [S-PE1] mpls ldp remote-peer 4.4.4.9 [S-PE1-mpls-ldp-remote-4.4.4.9] remote-ip 4.4.4.9 [S-PE1] interface pos 3/0/0 [S-PE1-Pos3/0/0] mpls [S-PE1-Pos3/0/0] mpls ldp [S-PE1-Pos3/0/0] quit

# Configure P.
[P] mpls lsr-id 1.1.1.9 [P] mpls [P-mpls] quit [P-mpls] mpls ldp [P] quit [P] interface pos1/0/0 [P-Pos1/0/0] mpls [P-Pos1/0/0] mpls ldp [P-Pos1/0/0] quit [P] interface pos2/0/0 [P-Pos2/0/0] mpls [P-Pos2/0/0] mpls ldp [P-Pos2/0/0] quit

# Configure S-PE2.
[S-PE2] mpls [S-PE2-mpls] label advertise non-null [S-PE2-mpls] quit [S-PE2] mpls ldp [S-PE2-mpls-ldp] quit [S-PE2] mpls ldp remote-peer 3.3.3.9 [S-PE2-mpls-ldp-remote-3.3.3.9] remote-ip 3.3.3.9 [S-PE2] interface pos1/0/0 [S-PE2-Pos1/0/0] mpls [S-PE2-Pos1/0/0] mpls ldp [S-PE2-Pos1/0/0] quit

After the configuration, it should be possible to create LDP sessions between S-PE1 and P, and between P and S-PE. The status is Operational. Take P as an example:
<P> display mpls ldp session

Issue 03 (2008-09-22)

Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd.

6-111

6 PWE3 Configuration

Quidway NetEngine80E/40E Core Router Configuration Guide - VPN


LDP Session(s) in Public Network -----------------------------------------------------------------------------Peer-ID Status LAM SsnRole SsnAge KA-Sent/Rcv -----------------------------------------------------------------------------3.3.3.9:0 Operational DU Passive 000:00:07 29/29 4.4.4.9:0 Operational DU Passive 000:00:03 16/16 -----------------------------------------------------------------------------TOTAL: 2 session(s) Found. LAM : Label Advertisement Mode SsnAge Unit : DDD:HH:MM

5.

Configuring mixed PWs switching


NOTE

The PWE3 does not support P2MP. Therefore, if MPLS L2VC is created on ATM sub-interfaces, ATM sub-interfaces must be of P2P type. For configuring transparent ATM cell transport, however, there is no such restriction.

# Configure U-PE1.
[U-PE1] mpls l2vpn [U-PE1-l2vpn] quit [U-PE1] interface pos1/0/0 [U-PE1-Pos1/0/0] mpls static-l2vc destination 3.3.3.9 transmit-vpn-label 300 receive-vpn-label 300 [U-PE1-Pos1/0/0] undo shutdown [U-PE1-Pos1/0/0] quit
NOTE

While configuring mixed PWs switching, note that ip-address vc-id before between in the command is of dynamic PW, while ip-address vc-id after between is of static PW. Both of them cannot be interchanged.

# Configure S-PE1.
[S-PE1] mpls l2vpn [S-PE1-l2vpn] quit [S-PE1] mpls switch-l2vc 4.4.4.9 100 between 2.2.2.9 100 trans 300 recv 300 encapsulation ppp

# Configure S-PE2.
[S-PE2] mpls l2vpn [S-PE2-l2vpn] quit [S-PE2] mpls switch-l2vc 3.3.3.9 100 between 5.5.5.9 100 trans 300 recv 300 encapsulation ppp

# Configure U-PE3.
[U-PE3] mpls l2vpn [U-PE3-l2vpn] quit [U-PE3] interface pos1/0/0 [U-PE3-Pos1/0/0] mpls static-l2vc destination 4.4.4.9 transmit-vpn-label 300 receive-vpn-label 300 [U-PE3-Pos1/0/0] undo shutdown [U-PE3-Pos1/0/0] quit

6.

Verifying the configuration "VC State" of static L2VC on each U-PE should be "up", and "VC State" of switching L2VC on each S-PE should be "up" too. Take U-PE1 and S-PE1 as examples:
<U-PE1> display mpls static-l2vc interface pos 1/0/0 *Client Interface : Pos1/0/0 is up AC Status : up VC State : up VC ID : 0 VC Type : PPP Destination : 3.3.3.9

6-112

Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd.

Issue 03 (2008-09-22)

Quidway NetEngine80E/40E Core Router Configuration Guide - VPN

6 PWE3 Configuration

Transmit VC Label : 300 Receive VC Label : 300 Control Word : Disable VCCV Capabilty : Disable Tunnel Policy : -PW Template Name : -Traffic Behavior : -Main or Secondary : Main VC tunnel/token info : 1 tunnels/tokens NO.0 TNL Type : lsp , TNL ID : 0x2002001 Create time : 0 days, 0 hours, 12 minutes, 6 seconds UP time : 0 days, 0 hours, 9 minutes, 5 seconds Last change time : 0 days, 0 hours, 9 minutes, 5 seconds <S-PE1> display mpls switch-l2vc Total Switch VC : 1, 1 up, 0 down *Switch-l2vc type : LDP<---->SVC Peer IP Address : 4.4.4.9, 2.2.2.9 VC ID : 100, 100 VC Type : PPP VC State : up Session State : up, None Local(In)/Remote(Out) Label : 21504/21504, 300/300 Local/Remote MTU : 1500/1500, 1500 Local/Remote Control Word : Disable/Disable, Disable Local/Remote VCCV Capability : Disable/Disable, Disable Local/Remote Frag Capability : Disable/Disable Switch-l2vc tunnel info : 1 tunnels for peer 4.4.4.9 NO.0 TNL Type : lsp , TNL ID : 0x3002002 1 tunnels for peer 2.2.2.9 NO.0 TNL Type : lsp , TNL ID : 0x1002000 Create time : 0 days, 0 hours, 10 minutes, 16 seconds UP time : 0 days, 0 hours, 4 minutes, 38 seconds Last change time : 0 days, 0 hours, 4 minutes, 38 seconds

CEs can ping through each other. Take CE1 as an example:


<CE1> ping 100.1.1.3 PING 100.1.1.3: 56 data bytes, press CTRL_C to break Reply from 100.1.1.3: bytes=56 Sequence=1 ttl=255 time=188 Reply from 100.1.1.3: bytes=56 Sequence=2 ttl=255 time=187 Reply from 100.1.1.3: bytes=56 Sequence=3 ttl=255 time=187 Reply from 100.1.1.3: bytes=56 Sequence=4 ttl=255 time=188 Reply from 100.1.1.3: bytes=56 Sequence=5 ttl=255 time=188 --- 100.1.1.3 ping statistics --5 packet(s) transmitted 5 packet(s) received 0.00% packet loss round-trip min/avg/max = 187/187/188 ms ms ms ms ms ms

Configuration Files
l

Configuration file of CE1


# sysname CE1 # interface Pos1/0/0 link-protocol ppp undo shutdown ip address 100.1.1.1 255.255.255.0 # return

Configuration file of U-PE1


# sysname U-PE1 # mpls lsr-id 2.2.2.9

Issue 03 (2008-09-22)

Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd.

6-113

6 PWE3 Configuration

Quidway NetEngine80E/40E Core Router Configuration Guide - VPN


mpls # mpls l2vpn # interface Pos1/0/0 link-protocol ppp undo shutdown mpls static-l2vc destination 3.3.3.9 transmit-vpn-label 300 receive-vpn-label 300 # interface Pos2/0/0 link-protocol ppp undo shutdown ip address 10.1.1.1 255.255.255.0 mpls # interface LoopBack0 ip address 2.2.2.9 255.255.255.255 # ip route-static 3.3.3.9 255.255.255.255 10.1.1.2 # static-lsp egress pw-eg-ldp incoming-interface Pos2/0/0 in-label 200 static-lsp ingress pw-ing-ldp destination 3.3.3.9 32 nexthop 10.1.1.2 outlabel 100 # return

Configuration file of S-PE1


# sysname S-PE1 # mpls lsr-id 3.3.3.9 mpls label advertise non-null # mpls l2vpn # mpls switch-l2vc 4.4.4.9 100 between 2.2.2.9 100 trans 300 recv 300 encapsulation ppp # mpls ldp # mpls ldp remote-peer 4.4.4.9 remote-ip 4.4.4.9 # isis 1 network-entity 10.0000.0000.0001.00 # interface Pos1/0/0 link-protocol ppp undo shutdown ip address 10.1.1.2 255.255.255.0 mpls # interface Pos3/0/0 link-protocol ppp undo shutdown ip address 30.1.1.1 255.255.255.0 isis enable 1 mpls mpls ldp # interface LoopBack0 ip address 3.3.3.9 255.255.255.255 isis enable 1 # ip route-static 2.2.2.9 255.255.255.255 10.1.1.1 # static-lsp ingress pw-ing-ldp destination 2.2.2.9 32 nexthop 10.1.1.1 outlabel 200

6-114

Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd.

Issue 03 (2008-09-22)

Quidway NetEngine80E/40E Core Router Configuration Guide - VPN

6 PWE3 Configuration

static-lsp egress pw-eg-ldp incoming-interface Pos1/0/0 in-label 100 # return l

Configuration file of P
# sysname P # mpls lsr-id 1.1.1.9 mpls # mpls ldp # isis 1 network-entity 10.0000.0000.0003.00 # interface Pos1/0/0 link-protocol ppp undo shutdown ip address 30.1.1.2 255.255.255.0 isis enable 1 mpls mpls ldp # interface Pos2/0/0 link-protocol ppp undo shutdown ip address 40.1.1.1 255.255.255.0 isis enable 1 mpls mpls ldp # interface LoopBack0 ip address 1.1.1.9 255.255.255.255 isis enable 1 # return

Configuration file of S-PE2


# sysname S-PE2 # mpls lsr-id 4.4.4.9 mpls label advertise non-null # mpls l2vpn # mpls switch-l2vc 3.3.3.9 100 between 5.5.5.9 100 trans 300 recv 300 encapsulation ppp # mpls ldp # mpls ldp remote-peer 3.3.3.9 remote-ip 3.3.3.9 # isis 1 network-entity 10.0000.0000.0002.00 # interface Pos1/0/0 link-protocol ppp undo shutdown ip address 40.1.1.2 255.255.255.0 isis enable 1 mpls mpls ldp # interface Pos2/0/0 link-protocol ppp undo shutdown

Issue 03 (2008-09-22)

Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd.

6-115

6 PWE3 Configuration

Quidway NetEngine80E/40E Core Router Configuration Guide - VPN


ip address 50.1.1.1 255.255.255.0 mpls # interface LoopBack0 ip address 4.4.4.9 255.255.255.255 isis enable 1 # ip route-static 5.5.5.9 255.255.255.255 50.1.1.2 # static-lsp ingress pw-ing-ldp destination 5.5.5.9 32 nexthop 50.1.1.2 outlabel 100 static-lsp egress pw-eg-ldp incoming-interface Pos2/0/0 in-label 200 # return

Configuration file of U-PE3


# sysname U-PE3 # mpls lsr-id 5.5.5.9 mpls # mpls l2vpn # interface Pos1/0/0 link-protocol ppp undo shutdown mpls static-l2vc destination 4.4.4.9 transmit-vpn-label 300 receive-vpn-label 300 # interface Pos2/0/0 link-protocol ppp undo shutdown ip address 50.1.1.2 255.255.255.0 mpls # interface LoopBack0 ip address 5.5.5.9 255.255.255.255 # ip route-static 4.4.4.9 255.255.255.255 50.1.1.1 # static-lsp egress pw-eg-ldp incoming-interface Pos2/0/0 in-label 100 static-lsp ingress pw-ing-ldp destination 4.4.4.9 32 nexthop 50.1.1.1 outlabel 200 # return

Configuration file of CE3


# sysname CE3 # interface Pos1/0/0 link-protocol ppp undo shutdown ip address 100.1.1.3 255.255.255.0 # return

6.14.7 Example for Configuring a Static BFD That Checks PWs


Networking Requirements
In the MPLS L2VPN networking:
l

Set up PW1 (master) between PE1 and PE2


Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd. Issue 03 (2008-09-22)

6-116

Quidway NetEngine80E/40E Core Router Configuration Guide - VPN


l

6 PWE3 Configuration

Set up PW2 (backup) between PE1 and PE3

As shown in Figure 6-22, you should check the connectivity of the master PW and the backup PW using the BFD to ensure that if the master PW is faulty, services can be switched to the backup PW within 50ms. Figure 6-22 Networking diagram of configuring a static BFD that checks PWs

PW1
Loopback1 2.2.2.2/32 POS1/0/1 100.1.1.2/30 Loopback1 1.1.1.1/32 POS1/0/0 10.1.1.1/30 POS1/0/0 POS1/0/0 100.2.1.1/30 Loopback1 4.4.4.4/32 POS1/0/0

CE1

P1
POS1/0/1 100.1.1.1/30

POS1/0/1 100.2.1.2/30 PE2

POS1/0/0 10.1.1.2/30 Loopback1 5.5.5.5/32 POS1/0/0 200.2.1.2/30

CE2

PE1 POS1/0/2
200.1.1.1/30 POS1/0/1 200.1.1.2/30

Loopback1 3.3.3.3/32

POS1/0/1 10.1.2.2/30 POS1/0/1

P2

POS1/0/0 200.2.1.1/30

PE3

PW2

Configuration Roadmap
The configuration roadmap is as follows: 1. 2. 3. Configure the MPLS network to make the Network Layer reachable. On the AC interface of PE1, configure PW1 (from PE1 to PE2) and PW2 (from PE1 to PE3) that serve as the master and the backup PW respectively. Configure BFD sessions that check PW1 and PW2.

Data Preparation
To complete the configuration, you need the following data:
l l l

IP addresses for the interfaces VC IDs for PWs Name, the local discriminator, and the remote discriminator of the BFD session

Configuration Procedure
1. Configure an IP address for the interface through which a CE is connected to a PE. # Configure CE1.
Issue 03 (2008-09-22) Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd. 6-117

6 PWE3 Configuration
<Quidway> system-view [Quidway] sysname CE1 [CE1] interface pos 1/0/0 [CE1-Pos1/0/0] ip address 10.1.1.1 30 [CE1-Pos1/0/0] ip address 10.1.2.1 30 sub [CE1-Pos1/0/0] undo shutdown [CE1-Pos1/0/0] quit

Quidway NetEngine80E/40E Core Router Configuration Guide - VPN

# Configure CE2.
<Quidway> system-view [Quidway] sysname CE2 [CE2] interface pos 1/0/0 [CE2-Pos1/0/0] ip address 10.1.1.2 30 [CE2-Pos1/0/0] undo shutdown [CE2-Pos1/0/0] quit [CE2] interface pos 1/0/1 [CE2-Pos1/0/1] ip address 10.1.2.2 30 [CE2-Pos1/0/1] undo shutdown [CE2-Pos1/0/1] quit

2.

Configure the IGP protocol for the MPLS backbone so that PEs and Ps in the backbone can internetwork. # Configure PE1.
[PE1] interface loopback 1 [PE1-LoopBack1] ip address 1.1.1.1 32 [PE1-LoopBack1] quit [PE1] interface pos 1/0/1 [PE1-Pos1/0/1] ip address 100.1.1.1 30 [PE1-Pos1/0/1] undo shutdown [PE1-Pos1/0/1] quit [PE1] interface pos 1/0/2 [PE1-Pos1/0/2] ip address 200.1.1.1 30 [PE1-Pos1/0/2] undo shutdown [PE1-Pos1/0/2] quit [PE1] ospf 1 [PE1-ospf-1] area 0 [PE1-ospf-1-area-0.0.0.0] network 1.1.1.1 0.0.0.0 [PE1-ospf-1-area-0.0.0.0] network 100.1.1.0 0.0.0.3 [PE1-ospf-1-area-0.0.0.0] network 200.1.1.0 0.0.0.3

Configure P1.
[P1] interface loopback 1 [P1-LoopBack1] ip address 2.2.2.2 32 [P1-LoopBack1] quit [P1] interface pos 1/0/0 [P1-Pos1/0/1] ip address 100.2.1.1 30 [P1-Pos1/0/1] undo shutdown [P1-Pos1/0/1] quit [P1] interface pos 1/0/1 [P1-Pos1/0/1] ip address 100.1.1.2 30 [P1-Pos1/0/1] undo shutdown [P1-Pos1/0/1] quit [P1] ospf 1 [P1-ospf-1] area 0 [P1-ospf-1-area-0.0.0.0] network 2.2.2.2 0.0.0.0 [P1-ospf-1-area-0.0.0.0] network 100.1.1.0 0.0.0.3 [P1-ospf-1-area-0.0.0.0] network 100.2.1.0 0.0.0.3

# Configure P2.
[P2] interface loopback 1 [P2-LoopBack1] ip address 3.3.3.3 32 [P2-LoopBack1] quit [P2] interface pos 1/0/0 [P2-Pos1/0/1] ip address 200.2.1.1 30 [P2-Pos1/0/1] undo shutdown [P2-Pos1/0/1] quit [P2] interface pos 1/0/1 [P2-Pos1/0/1] ip address 200.1.1.2 30

6-118

Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd.

Issue 03 (2008-09-22)

Quidway NetEngine80E/40E Core Router Configuration Guide - VPN


[P2-Pos1/0/1] undo shutdown [P1-Pos1/0/1] quit [P2] ospf 1 [P2-ospf-1] area 0 [P2-ospf-1-area-0.0.0.0] network 3.3.3.3 0.0.0.0 [P2-ospf-1-area-0.0.0.0] network 200.1.1.0 0.0.0.3 [P2-ospf-1-area-0.0.0.0] network 200.2.1.0 0.0.0.3

6 PWE3 Configuration

# Configure PE2.
[PE2] interface loopback 1 [PE2-LoopBack1] ip address 4.4.4.4 32 [PE2-LoopBack1] quit [PE2] interface pos 1/0/1 [PE2-Pos1/0/1] ip address 100.2.1.2 30 [PE2-Pos1/0/1] undo shutdown [PE2-Pos1/0/1] quit [PE2] ospf 1 [PE2-ospf-1] area 0 [PE2-ospf-1-area-0.0.0.0] network 4.4.4.4 0.0.0.0 [PE2-ospf-1-area-0.0.0.0] network 100.2.1.0 0.0.0.3

# Configure PE3.
[PE3] interface loopback 1 [PE3-LoopBack1] ip address 5.5.5.5 32 [PE3-LoopBack1] quit [PE3] interface pos1/0/0 [PE3-Pos1/0/0] ip address 200.2.1.2 30 [PE3-Pos1/0/0] undo shutdown [PE3-Pos1/0/0] quit [PE3] ospf 1 [PE3-ospf-1] area 0 [PE3-ospf-1-area-0.0.0.0] network 5.5.5.5 0.0.0.0 [PE3-ospf-1-area-0.0.0.0] network 200.2.1.0 0.0.0.3

After the configuration, run the display ip routing-table command on PEs, and you can see that PE1 and PE2, and PE1 and PE3 have learnt the loopback address of each other. Take the display of PE1 as an example:
<PE1> display ip routing-table Route Flags: R - relied, D - download to fib -----------------------------------------------------------------------------Routing Tables: Public Destinations : 15 Routes : 15 Destination/Mask Proto Pre Cost Flags NextHop Interface 1.1.1.1/32 Direct 0 0 D 127.0.0.1 InLoopBack0 2.2.2.2/32 OSPF 10 2 D 100.1.1.2 Pos1/0/1 3.3.3.3/32 OSPF 10 2 D 200.1.1.2 Pos1/0/2 4.4.4.4/32 OSPF 10 3 D 100.1.1.2 Pos1/0/1 5.5.5.5/32 OSPF 10 3 D 200.1.1.2 Pos1/0/2 100.1.1.0/30 Direct 0 0 D 100.1.1.1 Pos1/0/1 100.1.1.1/32 Direct 0 0 D 127.0.0.1 InLoopBack0 100.1.1.2/32 Direct 0 0 D 100.1.1.2 Pos1/0/1 100.2.1.0/30 OSPF 10 2 D 100.1.1.2 Pos1/0/1 127.0.0.0/8 Direct 0 0 D 127.0.0.1 InLoopBack0 127.0.0.1/32 Direct 0 0 D 127.0.0.1 InLoopBack0 200.1.1.0/30 Direct 0 0 D 200.1.1.1 Pos1/0/2 200.1.1.1/32 Direct 0 0 D 127.0.0.1 InLoopBack0 200.1.1.2/32 Direct 0 0 D 200.1.1.2 Pos1/0/2 200.2.1.0/30 OSPF 10 2 D 200.1.1.2 Pos1/0/2

3.

Configure basic MPLS functions for the MPLS backbone. # Enable MPLS, and specify LSR-ID as the IP address of loopback 1.Enable MPLS and MPLS LDP for the interfaces in the backbone. # Configure PE1.
[PE1] mpls lsr-id 1.1.1.1 [PE1] mpls [PE1-mpls] quit [PE1] mpls ldp

Issue 03 (2008-09-22)

Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd.

6-119

6 PWE3 Configuration
[PE1-mpls-ldp] quit [PE1] interface pos1/0/1 [PE1-Pos1/0/1] mpls [PE1-Pos1/0/1] mpls ldp [PE1-Pos1/0/1] quit [PE1] interface pos1/0/2 [PE1-Pos1/0/2] mpls [PE1-Pos1/0/2] mpls ldp [PE1-Pos1/0/2] quit

Quidway NetEngine80E/40E Core Router Configuration Guide - VPN

Configure P1.
[P1] mpls lsr-id 2.2.2.2 [P1] mpls [P1-mpls] quit [P1] mpls ldp [P1-mpls-ldp] quit [P1] interface pos 1/0/0 [P1-Pos1/0/0] mpls [P1-Pos1/0/0] mpls ldp [P1-Pos1/0/0] quit [P1] interface pos 1/0/1 [P1-Pos1/0/1] mpls [P1-Pos1/0/1] mpls ldp [P1-Pos1/0/1] quit

# Configure P2.
[P2] mpls lsr-id 3.3.3.3 [P2] mpls [P2-mpls] quit [P2] mpls ldp [P2-mpls-ldp] quit [P2] interface pos 1/0/0 [P2-Pos1/0/0] mpls [P2-Pos1/0/0] mpls ldp [P2-Pos1/0/0] quit [P2] interface pos 1/0/1 [P2-Pos1/0/1] mpls [P2-Pos1/0/1] mpls ldp [P2-Pos1/0/1] quit

# Configure PE2.
[PE2] mpls lsr-id 4.4.4.4 [PE2] mpls [PE2-mpls] quit [PE2] mpls ldp [PE2-mpls-ldp] quit [PE2] interface pos 1/0/1 [PE2-Pos1/0/1] mpls [PE2-Pos1/0/1] mpls ldp [PE2-Pos1/0/1] quit

# Configure PE3.
[PE3] mpls lsr-id 5.5.5.5 [PE3] mpls [PE3-mpls] quit [PE3] mpls ldp [PE3-mpls-ldp] quit [PE3] interface pos 1/0/0 [PE3-Pos1/0/0] mpls [PE3-Pos1/0/0] mpls ldp [PE3-Pos1/0/0] quit

After the configuration, run the display tunnel-info all command on PEs, and you can see that there are MPLS LSP tunnels between PE1 and PE2, and PE1 and PE3. Take the display of PE1 as an example.
<PE1> display tunnel-info all * -> Allocated VC Token Tunnel ID Type Destination Token

6-120

Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd.

Issue 03 (2008-09-22)

Quidway NetEngine80E/40E Core Router Configuration Guide - VPN

6 PWE3 Configuration

---------------------------------------------------------------------0x1002000 lsp 2.2.2.2 0 0x1002001 lsp -1 0x1002002 lsp 3.3.3.3 2 0x1002003 lsp -3 0x1002004 lsp 4.4.4.4 4 0x1002005 lsp -5 0x1002006 lsp 5.5.5.5 6 0x1002007 lsp -7

Run the display mpls ldp session command on PE, and you can see that the status of the LDP peer relationship between PEs and the adjacent Ps is Operational. Take the display of PE1 as an example:
<PE1> display mpls ldp session LDP Session(s) in Public Network -----------------------------------------------------------------------------Peer-ID Status LAM SsnRole SsnAge KA-Sent/Rcv -----------------------------------------------------------------------------2.2.2.2:0 Operational DU Passive 000:00:03 16/16 3.3.3.3:0 Operational DU Passive 000:00:03 13/13 -----------------------------------------------------------------------------TOTAL: 2 session(s) Found. LAM : Label Advertisement Mode SsnAge Unit : DDD:HH:MM

4.

Set up remote LDP sessions between PEs. # For a remote LDP session, the specified IP address is usually the IP address of the loopback interface of the remote LDP peer.
NOTE

If PEs are directly connected to each other, you do not have to manually configure remote LDP sessions for them.

# Configure PE1.
[PE1] mpls ldp remote-peer 4.4.4.4 [PE1-mpls-ldp-remote-4.4.4.4] remote-ip 4.4.4.4 [PE1-mpls-ldp-remote-4.4.4.4] quit [PE1] mpls ldp remote-peer 5.5.5.5 [PE1-mpls-ldp-remote-5.5.5.5] remote-ip 5.5.5.5 [PE1-mpls-ldp-remote-5.5.5.5] quit

# Configure PE2.
[PE2] mpls ldp remote-peer 1.1.1.1 [PE2-mpls-ldp-remote-1.1.1.1] remote-ip 1.1.1.1 [PE2-mpls-ldp-remote-1.1.1.1] quit

# Configure PE3.
[PE3] mpls ldp remote-peer 1.1.1.1 [PE3-mpls-ldp-remote-1.1.1.1] remote-ip 1.1.1.1 [PE3-mpls-ldp-remote-1.1.1.1] quit

After the configuration, run the display mpls ldp session command on PEs, and you can see that the status of the remote LDP peer relationship between PEs is Operational. That is, the remote peer relationship has been set up. Take the display of PE1 as an example:
<PE1> display mpls ldp session LDP Session(s) in Public Network -----------------------------------------------------------------------------Peer-ID Status LAM SsnRole SsnAge KA-Sent/Rcv -----------------------------------------------------------------------------2.2.2.2:0 Operational DU Passive 000:00:06 27/27

Issue 03 (2008-09-22)

Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd.

6-121

6 PWE3 Configuration
3.3.3.3:0 4.4.4.4:0 5.5.5.5:0 Operational DU Operational DU Operational DU

Quidway NetEngine80E/40E Core Router Configuration Guide - VPN


Passive Passive Passive 000:00:05 000:00:00 000:00:00 24/24 3/3 2/2

-----------------------------------------------------------------------------TOTAL: 4 session(s) Found. LAM : Label Advertisement Mode SsnAge Unit : DDD:HH:MM

5.

Configure PWs on PEs through the PW template. # Configure PE1.


[PE1] mpls l2vpn [PE1-l2vpn] quit [PE1] pw-template 1to2 [PE1-pw-template-1to2] peer-address 4.4.4.4 [PE1-pw-template-1to2] control-word [PE1-pw-template-1to2] vccv cc cw cv bfd [PE1-pw-template-1to2] quit [PE1] pw-template 1to3 [PE1-pw-template-1to3] peer-address 5.5.5.5 [PE1-pw-template-1to3] control-word [PE1-pw-template-1to3] vccv cc cw cv bfd [PE1-pw-template-1to3] quit [PE1] interface pos1/0/0 [PE1-Pos1/0/0] mpls l2vc pw-template 1to2 100 [PE1-Pos1/0/0] mpls l2vc pw-template 1to3 200 secondary [PE1-Pos1/0/0] undo shutdown [PE1-Pos1/0/0] quit

# Configure PE2.
[PE2] mpls l2vpn [PE2-l2vpn] quit [PE2] pw-template 2to1 [PE2-pw-template-2to1] peer 1.1.1.1 [PE2-pw-template-2to1] control-word [PE2-pw-template-2to1] vccv cc cw cv bfd [PE2-pw-template-2to1] quit [PE2] interface pos 1/0/0 [PE2-Pos1/0/0] mpls l2vc pw-template 2to1 100 [PE2-Pos1/0/0] undo shutdown [PE2-Pos1/0/0] quit

# Configure PE3.
[PE3] mpls l2vpn [PE3-l2vpn] quit [PE3] pw-template 3to1 [PE3-pw-template-3to1] peer 1.1.1.1 [PE3-pw-template-3to1] control-word [PE3-pw-template-3to1] vccv cc cw cv bfd [PE3-pw-template-3to1] quit [PE3] interface pos 1/0/1 [PE3-Pos1/0/1] mpls l2vc pw-template 3to1 200 [PE3-Pos1/0/1] undo shutdown [PE3-Pos1/0/1] quit

After the configuration, run the display pw-template command on PEs, and you can view the configuration information about the PW template, with VCCV capacity being enabled on it. Take the display of PE1 as an example.
<PE1> display pw-template Total PW template number : 2 PW Template Name : 1to2 PeerIP : 4.4.4.4 Tnl Policy Name : -CtrlWord : Enable VCCV Capability : cw bfd Behavior Name : -Total PW : 1, Static PW : 0, LDP PW : 1, Rsvp PW : 0

6-122

Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd.

Issue 03 (2008-09-22)

Quidway NetEngine80E/40E Core Router Configuration Guide - VPN


PW Template Name PeerIP Tnl Policy Name CtrlWord VCCV Capability Behavior Name Total PW : : : : : : :

6 PWE3 Configuration
1to3 5.5.5.5 -Enable cw bfd -1, Static PW : 0, LDP PW : 1, Rsvp PW : 0

Check the L2VPN connection information on PEs by running the display mpls l2vc interface command, and you can see that PWs have been successfully set up, and are in the Active state. The BFD for PW function is enabled on neither the master PW nor the backup PW. Take the display of PE1 as an example.
<PE1> display mpls l2vc interface pos 1/0/0 *client interface : Pos1/0/0 is up session state : up AC state : up VC state : up VC ID : 100 VC type : PPP destination : 4.4.4.4 local group ID : 0 remote group ID : 0 local VC label : 21504 remote VC label : 21504 local AC OAM State : up local PSN State : up local forwarding state : forwarding remote AC OAM state : up remote PSN state : up remote forwarding state: forwarding BFD for PW : unavailable manual fault : not set active state : active forwarding entry : exist link state : up local VC MTU : 1500 remote VC MTU : 1500 local VCCV : cw bfd remote VCCV : cw bfd local fragmentantion : disable remote fragmentantion: disable local control word : enable remote control word : enable tunnel policy : -traffic behavior : -PW template name : 1to2 primary or secondary : primary VC tunnel/token info : 1 tunnels/tokens NO.0 TNL type : lsp , TNL ID : 0x1002004 create time : 0 days, 1 hours, 22 minutes, 22 seconds up time : 0 days, 1 hours, 21 minutes, 14 seconds last change time : 0 days, 1 hours, 21 minutes, 14 seconds *client interface : Pos1/0/0 is up session state : up AC state : up VC state : up VC ID : 200 VC type : PPP destination : 5.5.5.5 local group ID : 0 remote group ID : 0 local VC label : 21505 remote VC label : 21504 local AC OAM state : up local PSN state : up local forwarding state : forwarding remote AC OAM state : up remote PSN state : up remote forwarding state: forwarding BFD for PW : unavailable manual fault : not set active state : inactive forwarding entry : existent link state : up

Issue 03 (2008-09-22)

Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd.

6-123

6 PWE3 Configuration
local VC MTU local VCCV remote VCCV local fragmentation local control word tunnel policy traffic behavior PW template name primary or secondary VC tunnel/token info NO.0 TNL type : lsp create time up time last change time reroute policy reason of last reroute time of last reroute delay timer ID resume timer ID : : : : : : : : : : : : : : : : : :

Quidway NetEngine80E/40E Core Router Configuration Guide - VPN


1500 remote VC MTU : 1500 cw bfd cw bfd disable remote fragmentation: disable enable remote control word : enable --1to3 secondary 1 tunnels/tokens , TNL ID : 0x1002006 0 days, 1 hours, 22 minutes, 9 seconds 0 days, 1 hours, 20 minutes, 22 seconds 0 days, 1 hours, 20 minutes, 22 seconds delay 30 s, resume 0 s --- days, -- hours, -- minutes, -- seconds -rest time :--rest time :--

6.

Configure static BFDs between PEs for checking the PWs.


NOTE

The local discriminator and remote discriminator of a BFD session should correspond to each other, and cannot be modified after being configured.

# Configure PE1.
[PE1] bfd [PE1-bfd] quit [PE1] bfd 1to2 bind pw interface pos 1/0/0 [PE1-bfd-lsp-session-1to2] discriminator local 12 [PE1-bfd-lsp-session-1to2] discriminator remote 21 [PE1-bfd-lsp-session-1to2] commit [PE1-bfd-lsp-session-1to2] quit [PE1] bfd 1to3 bind pw interface pos 1/0/0 secondary [PE1-bfd-lsp-session-1to3] discriminator local 13 [PE1-bfd-lsp-session-1to3] discriminator remote 31 [PE1-bfd-lsp-session-1to3] commit [PE1-bfd-lsp-session-1to3] quit

# Configure PE2.
[PE2] bfd [PE2-bfd] quit [PE2] bfd 2to1 bind pw interface pos 1/0/0 [PE2-bfd-lsp-session-2to1] discriminator local 21 [PE2-bfd-lsp-session-2to1] discriminator remote 12 [PE2-bfd-lsp-session-2to1] commit [PE2-bfd-lsp-session-2to1] quit

# Configure PE3.
[PE3] bfd [PE3-bfd] quit [PE3] bfd 3to1 bind pw interface pos 1/0/1 [PE3-bfd-lsp-session-3to1] discriminator local 31 [PE3-bfd-lsp-session-3to1] discriminator remote 13 [PE3-bfd-lsp-session-3to1] commit [PE3-bfd-lsp-session-3to1] quit

After the configuration, BFD sessions are set up between PE1 and PE2, and PE1 and PE3.Run the display bfd session all command, and you can see the State is Up. Take the display of PE1 as an example.
<PE1> display bfd session all ------------------------------------------------------------------------------Local Remote PeerIpAddr InterfaceName State Type ------------------------------------------------------------------------------12 21 --.--.--.-Pos1/0/0 Up S_PW(M)

6-124

Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd.

Issue 03 (2008-09-22)

Quidway NetEngine80E/40E Core Router Configuration Guide - VPN

6 PWE3 Configuration

13 31 --.--.--.-pos1/0/0 Up S_PW(S) ------------------------------------------------------------------------------Total UP/DOWN Session Number : 2/0

Run the display bfd configuration all command, and you can view the configuration information about BFDs, and the status of Commit is True.
<PE1> display bfd configuration all ------------------------------------------------------------------------------CFG Name CFG Type LocalDiscr MIndex SessNum Commit AdminDown ------------------------------------------------------------------------------1to2 Static_PW(M) 12 256 1 True False 1to3 Static_PW(S) 13 257 1 True False ------------------------------------------------------------------------------Total Commit/Uncommit CFG Number : 2/0

7.

Verify the configuration. When the master PW is working properly, the master address of CE1 can ping through the address of CE2, which is 10.1.1.2.When the backup PW is not working, the backup address of CE1 cannot ping through the address of CE2, which is 10.1.2.2.
<CE1> ping 10.1.1.2 PING 10.1.1.2: 56 data bytes, press CTRL_C to break Reply from 10.1.1.2: bytes=56 Sequence=1 ttl=255 time=140 ms Reply from 10.1.1.2: bytes=56 Sequence=2 ttl=255 time=90 ms Reply from 10.1.1.2: bytes=56 Sequence=3 ttl=255 time=120 ms Reply from 10.1.1.2: bytes=56 Sequence=4 ttl=255 time=120 ms Reply from 10.1.1.2: bytes=56 Sequence=5 ttl=255 time=130 ms --- 10.1.1.2 ping statistics --5 packet(s) transmitted 5 packet(s) received 0.00% packet loss round-trip min/avg/max = 90/120/140 ms <CE1> ping 10.1.2.2 PING 10.1.2.2: 56 data bytes, press CTRL_C to break Request time out Request time out Request time out Request time out Request time out --- 10.1.2.2 ping statistics --5 packet(s) transmitted 0 packet(s) received 100.00% packet loss

# Run the display mpls l2vc interface command on PEs to view the statuses of PWs. You can see that the BFD for PW function is enabled on both the master PW and the backup PW, and that the BFD state is up.
<PE1> display mpls l2vc interface pos 1/0/0 *client interface : Pos1/0/0 is up session state : up AC state : up VC state : up VC ID : 100 VC type : PPP destination : 4.4.4.4 local group ID : 0 remote group ID local VC label : 21504 remote VC label local AC OAM State : up local PSN State : up local forwarding state : forwarding remote AC OAM state : up remote PSN state : up remote forwarding state: forwarding BFD for PW : available

: 0 : 21504

Issue 03 (2008-09-22)

Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd.

6-125

6 PWE3 Configuration
BFD sessionIndex : manual fault : active state : forwarding entry : link state : local VC MTU : local VCCV : remote VCCV : local fragmentantion : local control word : tunnel policy : traffic behavior : PW template name : primary or secondary : VC tunnel/token info : NO.0 TNL type : lsp create time : up time : last change time : *client interface : session state : AC state : VC state : VC ID : VC type : destination : local group ID : local VC label : local AC OAM state : local PSN state : local forwarding state : remote AC OAM state : remote PSN state : remote forwarding state: BFD for PW : BFD sessionIndex : manual fault : active state : forwarding entry : link state : local VC MTU : local VCCV : remote VCCV : local fragmentation : local control word : tunnel policy : traffic behavior : PW template name : primary or secondary : VC tunnel/token info : NO.0 TNL type : lsp create time : up time : last change time : reroute policy : reason of last reroute : time of last reroute : delay timer ID : resume timer ID :

Quidway NetEngine80E/40E Core Router Configuration Guide - VPN


256 BFD state : up not set active exist up 4470 remote VC MTU : 4470 cw bfd cw bfd disable remote fragmentantion: disable enable remote control word : enable --1to2 primary 1 tunnels/tokens , TNL ID : 0x1002004 0 days, 1 hours, 17 minutes, 55 seconds 0 days, 1 hours, 16 minutes, 47 seconds 0 days, 1 hours, 16 minutes, 47 seconds Pos1/0/0 is up up up up 200 PPP 5.5.5.5 0 remote group ID : 0 21505 remote VC label : 21504 up up forwarding up up forwarding available 257 BFD state : up not set inactive existent up 1500 remote VC MTU : 1500 cw bfd cw bfd disable remote fragmentation: disable enable remote control word : enable --1to3 secondary 1 tunnels/tokens , TNL ID : 0x1002006 0 days, 1 hours, 17 minutes, 42 seconds 0 days, 1 hours, 15 minutes, 55 seconds 0 days, 1 hours, 15 minutes, 55 seconds delay 30 s, resume 0 s --- days, -- hours, -- minutes, -- seconds -rest time :--rest time :--

Simulate a failure of the master PW by shutting down the POS1/0/1 interface of PE1, and the master address of CE1 cannot ping through the address of CE2, which is 10.1.1.2.When the backup PW is working, the backup address of CE1 can ping through the address of CE2, which is 10.1.2.2.
<CE1> ping 10.1.1.2 PING 10.1.1.2: 56 data bytes, press CTRL_C to break Request time out Request time out Request time out

6-126

Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd.

Issue 03 (2008-09-22)

Quidway NetEngine80E/40E Core Router Configuration Guide - VPN

6 PWE3 Configuration

Request time out Request time out --- 10.1.1.2 ping statistics --5 packet(s) transmitted 0 packet(s) received 100.00% packet loss <CE1> ping 10.1.2.2 PING 10.1.2.2: 56 data bytes, press CTRL_C to break Reply from 10.1.2.2: bytes=56 Sequence=1 ttl=255 time=140 Reply from 10.1.2.2: bytes=56 Sequence=2 ttl=255 time=160 Reply from 10.1.2.2: bytes=56 Sequence=3 ttl=255 time=160 Reply from 10.1.2.2: bytes=56 Sequence=4 ttl=255 time=160 Reply from 10.1.2.2: bytes=56 Sequence=5 ttl=255 time=160 --- 10.1.2.2 ping statistics --5 packet(s) transmitted 5 packet(s) received 0.00% packet loss round-trip min/avg/max = 140/156/160 ms

ms ms ms ms ms

# Run the display mpls l2vc interface command on PEs again to view the status of PWs. You can see that the VC status of the master PW is down, and BFD for PW is unavailable. The VC status of the backup PW is up, BFD for PW is available, and the BFD state is up.
<PE1> display mpls l2vc interface pos 1/0/0 *client interface : Pos1/0/0 is up session state : down AC state : up VC state : down VC ID : 100 VC type : PPP destination : 4.4.4.4 local group ID : 0 remote group ID : 0 local VC label : 21504 remote VC label : 0 local AC OAM State : up local PSN State : up local forwarding state : not forwarding BFD for PW : unavailable manual fault : not set active state : inactive forwarding entry : not exist link state : down local VC MTU : 1500 remote VC MTU : 0 local VCCV : cw bfd remote VCCV : none local fragmentantion : disable remote fragmentantion: none local control word : enable remote control word : none tunnel policy : -traffic behavior : -PW template name : 1to2 primary or secondary : primary VC tunnel/token info : 0 tunnels/tokens create time : 0 days, 0 hours, 30 minutes, 58 seconds up time : 0 days, 0 hours, 0 minutes, 0 seconds last change time : 0 days, 0 hours, 6 minutes, 46 seconds *client interface : Pos1/0/0 is up session state : up AC state : up VC state : up VC ID : 200 VC type : PPP destination : 5.5.5.5 local group ID : 0 remote group ID : 0 local VC label : 21505 remote VC label : 21504 local AC OAM state : up local PSN state : up local forwarding state : forwarding remote AC OAM state : up remote PSN state : up remote forwarding state: forwarding

Issue 03 (2008-09-22)

Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd.

6-127

6 PWE3 Configuration
BFD for PW BFD sessionIndex manual fault active state forwarding entry link state local VC MTU local VCCV remote VCCV local fragmentation local control word tunnel policy traffic behavior PW template name primary or secondary VC tunnel/token info NO.0 TNL type : lsp create time up time last change time reroute policy reason of last reroute time of last reroute delay timer ID resume timer ID : : : : : : : : : : : : : : : : : : : : : : : :

Quidway NetEngine80E/40E Core Router Configuration Guide - VPN


available 257 BFD state : up not set active existent up 1500 remote VC MTU : 1500 cw bfd cw bfd disable remote fragmentation: disable enable remote control word : enable --1to3 secondary 1 tunnels/tokens , TNL ID : 0x1002008 0 days, 0 hours, 30 minutes, 58 seconds 0 days, 0 hours, 25 minutes, 12 seconds 0 days, 0 hours, 25 minutes, 12 seconds delay 30 s, resume 0 s --- days, -- hours, -- minutes, -- seconds -rest time :--rest time :--

Configuration File
l

Configuration file of CE1


# sysname CE1 # interface Pos1/0/0 link-protocol ppp undo shutdown ip address 10.1.1.1 255.255.255.252 ip address 10.1.2.1 255.255.255.252 sub # return

Configuration file of PE1


# sysname PE1 # bfd # mpls lsr-id 1.1.1.1 mpls # mpls l2vpn # pw-template 1to2 peer-address 4.4.4.4 control-word vccv cc cw cv bfd # pw-template 1to3 peer-address 5.5.5.5 control-word vccv cc cw cv bfd # mpls ldp # mpls ldp remote-peer 4.4.4.4 remote-ip 4.4.4.4 # mpls ldp remote-peer 5.5.5.5 remote-ip 5.5.5.5 #

6-128

Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd.

Issue 03 (2008-09-22)

Quidway NetEngine80E/40E Core Router Configuration Guide - VPN


interface Pos1/0/0 link-protocol ppp undo shutdown mpls l2vc pw-template 1to2 100 mpls l2vc pw-template 1to3 200 secondary # interface Pos1/0/1 link-protocol ppp undo shutdown ip address 100.1.1.1 255.255.255.252 mpls mpls ldp # interface Pos1/0/2 link-protocol ppp undo shutdown ip address 200.1.1.1 255.255.255.252 mpls mpls ldp # interface LoopBack1 ip address 1.1.1.1 255.255.255.255 # ospf 1 area 0.0.0.0 network 1.1.1.1 0.0.0.0 network 100.1.1.0 0.0.0.3 network 200.1.1.0 0.0.0.3 # bfd 1to2 bind pw interface Pos1/0/0 discriminator local 12 discriminator remote 21 commit # bfd 1to3 bind pw interface Pos1/0/0 secondary discriminator local 13 discriminator remote 31 commit # return l

6 PWE3 Configuration

Configuration file of P1
# sysname P1 # mpls lsr-id 2.2.2.2 mpls # mpls ldp # interface Pos1/0/0 link-protocol ppp undo shutdown ip address 100.2.1.1 255.255.255.252 mpls mpls ldp # interface Pos1/0/1 link-protocol ppp undo shutdown ip address 100.1.1.2 255.255.255.252 mpls mpls ldp # interface LoopBack1 ip address 2.2.2.2 255.255.255.255 # ospf 1 area 0.0.0.0 network 2.2.2.2 0.0.0.0

Issue 03 (2008-09-22)

Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd.

6-129

6 PWE3 Configuration
network 100.1.1.0 0.0.0.3 network 100.2.1.0 0.0.0.3 # return l

Quidway NetEngine80E/40E Core Router Configuration Guide - VPN

Configuration file of P2
# sysname P2 # mpls lsr-id 3.3.3.3 mpls # mpls ldp # interface Pos1/0/0 link-protocol ppp undo shutdown ip address 200.2.1.1 255.255.255.252 mpls mpls ldp # interface Pos1/0/1 link-protocol ppp undo shutdown ip address 200.1.1.2 255.255.255.252 mpls mpls ldp # interface LoopBack1 ip address 3.3.3.3 255.255.255.255 # ospf 1 area 0.0.0.0 network 3.3.3.3 0.0.0.0 network 200.1.1.0 0.0.0.3 network 200.2.1.0 0.0.0.3 # return

Configuration file of PE2


# sysname PE2 # bfd # mpls lsr-id 4.4.4.4 mpls # mpls l2vpn # pw-template 2to1 peer-address 1.1.1.1 control-word vccv cc cw cv bfd # mpls ldp # mpls ldp remote-peer 1.1.1.1 remote-ip 1.1.1.1 # interface Pos1/0/0 link-protocol ppp undo shutdown mpls l2vc pw-template 2to1 100 # interface Pos1/0/1 link-protocol ppp undo shutdown ip address 100.2.1.2 255.255.255.252 mpls

6-130

Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd.

Issue 03 (2008-09-22)

Quidway NetEngine80E/40E Core Router Configuration Guide - VPN


mpls ldp # interface LoopBack1 ip address 4.4.4.4 255.255.255.255 # ospf 1 area 0.0.0.0 network 4.4.4.4 0.0.0.0 network 100.2.1.0 0.0.0.3 # bfd 2to1 bind pw interface Pos1/0/0 discriminator local 21 discriminator remote 12 commit # return l

6 PWE3 Configuration

Configuration file of PE3


# sysname PE3 # bfd # mpls lsr-id 5.5.5.5 mpls # mpls l2vpn # pw-template 3to1 peer-address 1.1.1.1 control-word vccv cc cw cv bfd # mpls ldp # mpls ldp remote-peer 1.1.1.1 remote-ip 1.1.1.1 # interface Pos1/0/0 link-protocol ppp undo shutdown ip address 200.2.1.2 255.255.255.252 mpls mpls ldp # interface Pos1/0/1 link-protocol ppp undo shutdown mpls l2vc pw-template 3to1 200 # interface LoopBack1 ip address 5.5.5.5 255.255.255.255 # ospf 1 area 0.0.0.0 network 5.5.5.5 0.0.0.0 network 200.2.1.0 0.0.0.3 # bfd 3to1 bind pw interface Pos1/0/1 discriminator local 31 discriminator remote 13 commit # return

Configuration file of CE2


# sysname CE2 # interface Pos1/0/0

Issue 03 (2008-09-22)

Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd.

6-131

6 PWE3 Configuration
link-protocol ppp undo shutdown ip address 10.1.1.2 255.255.255.252 # interface Pos1/0/1 link-protocol ppp undo shutdown ip address 10.1.2.2 255.255.255.252 # return

Quidway NetEngine80E/40E Core Router Configuration Guide - VPN

6.14.8 Example for Configuring a Dynamic BFD That Checks SHPW


Networking Requirements
As shown in Figure 6-23, PE1, P, and PE2 belong to one MPLS network, and CE1 and CE2 belong to one VPN instance. An SH-PW is set up between PE1 and PE2, using dynamic BFD sessions to check the connectivity of the PW to protect services on the link. Figure 6-23 Networking diagram of configuring a dynamic BFD that checks SH-PW
MPLS Backbone Loopback0 1.1.1.9/32 POS2/0/0 100.1.1.1/30 PE1 POS1/0/0 POS1/0/0 100.1.1.2/30 P PW POS1/0/0 10.1.1.1/30 POS1/0/0 10.1.1.2/30 Loopback0 2.2.2.9/32 Loopback0 3.3.3.9/32 POS2/0/0 100.2.1.2/30 POS2/0/0 100.2.1.1/30 POS1/0/0 PE2

CE1

CE2

Configuration Roadmap
The configuration roadmap is as follows: 1. 2. 3. Set up a Martini MPLS L2VPN between CE1 and CE2. Enable MPLS L2VPN on PE1 and PE2, and set up a VC connection. Configure basic BFD functions that trigger the dynamic creation of BFD for the PW on PEs.

Data Preparation
To complete the configuration, you need the following data:
l

IP addresses for the interfaces


Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd. Issue 03 (2008-09-22)

6-132

Quidway NetEngine80E/40E Core Router Configuration Guide - VPN


l l l

6 PWE3 Configuration

LSR IDs of the devices VC ID of the PW BFD parameters

Configuration Procedure
1. Configure an IP address for the interface through which a CE is connected to a PE. # Configure CE1.
<Quidway> system-view [Quidway] sysname CE1 [CE1] interface pos 1/0/0 [CE1-Pos1/0/0] ip address 10.1.1.1 30 [CE1-Pos1/0/0] undo shutdown [CE1-Pos1/0/0] quit

# Configure CE2.
<Quidway> system-view [Quidway] sysname CE2 [CE2] interface pos 1/0/0 [CE2-Pos1/0/0] ip address 10.1.1.2 30 [CE2-Pos1/0/0] undo shutdown [CE2-Pos1/0/0] quit

2.

Configure the IGP for MPLS backbone. Configure the IGP for the MPLS backbone. Take OSPF as an example. # Configure PE1.
[PE1] interface loopback 1 [PE1-LoopBack1] ip address 1.1.1.9 32 [PE1-LoopBack1] quit [PE1] interface pos 2/0/0 [PE1-Pos2/0/0] ip address 100.1.1.1 30 [PE1-Pos2/0/0] undo shutdown [PE1-Pos2/0/0] quit [PE1] ospf 1 [PE1-ospf-1] area 0 [PE1-ospf-1-area-0.0.0.0] network 1.1.1.9 0.0.0.0 [PE1-ospf-1-area-0.0.0.0] network 100.1.1.0 0.0.0.3

# Configure P.
[P] interface loopback 1 [P-LoopBack1] ip address 2.2.2.9 32 [P-LoopBack1] quit [P] interface pos 1/0/0 [P-Pos1/0/0] ip address 100.1.1.2 30 [P-Pos1/0/0] undo shutdown [P-Pos1/0/0] quit [P] interface pos 2/0/0 [P-Pos2/0/0] ip address 100.2.1.1 30 [P-Pos2/0/0] undo shutdown [P-Pos2/0/0] quit [P] ospf 1 [P-ospf-1] area 0 [P-ospf-1-area-0.0.0.0] network 2.2.2.9 0.0.0.0 [P-ospf-1-area-0.0.0.0] network 100.1.1.0 0.0.0.3 [P-ospf-1-area-0.0.0.0] network 100.2.1.0 0.0.0.3

# Configure PE2.
[PE2] interface loopback 1 [PE2-LoopBack1] ip address 3.3.3.9 32 [PE2-LoopBack1] quit [PE2] interface pos 2/0/0 [PE2-Pos2/0/0] ip address 100.2.1.2 30 [PE2-Pos2/0/0] undo shutdown [PE2-Pos2/0/0] quit

Issue 03 (2008-09-22)

Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd.

6-133

6 PWE3 Configuration

Quidway NetEngine80E/40E Core Router Configuration Guide - VPN


[PE2] ospf 1 [PE2-ospf-1] area 0 [PE2-ospf-1-area-0.0.0.0] network 3.3.3.9 0.0.0.0 [PE2-ospf-1-area-0.0.0.0] network 100.2.1.0 0.0.0.3

After the configuration, run the display ip routing-table command on PEs, and you can see that PE1 and PE2 have learnt the loopback address of each other. Take the display of PE1 as an example:
<PE1> display ip routing-table Route Flags: R - relied, D - download to fib -----------------------------------------------------------------------------Routing Tables: Public Destinations : 9 Routes : 9 Destination/Mask Proto Pre Cost Flags NextHop Interface 1.1.1.9/32 Direct 0 0 D 127.0.0.1 InLoopBack0 2.2.2.9/32 OSPF 10 2 D 100.1.1.2 Pos2/0/0 3.3.3.9/32 OSPF 10 3 D 100.1.1.2 Pos2/0/0 100.1.1.0/30 Direct 0 0 D 100.1.1.1 Pos2/0/0 100.1.1.1/32 Direct 0 0 D 127.0.0.1 InLoopBack0 100.1.1.2/32 Direct 0 0 D 100.1.1.2 Pos2/0/0 100.2.1.0/30 OSPF 10 2 D 100.1.1.2 Pos2/0/0 127.0.0.0/8 Direct 0 0 D 127.0.0.1 InLoopBack0 127.0.0.1/32 Direct 0 0 D 127.0.0.1 InLoopBack0

3.

Configure basic MPLS functions for the MPLS backbone. # Enable MPLS, and specify LSR-ID as the IP address of loopback 1.Enable MPLS and MPLS LDP for the interfaces in the backbone. # Configure PE1.
[PE1] mpls lsr-id 1.1.1.9 [PE1] mpls [PE1-mpls] quit [PE1] mpls ldp [PE1-mpls-ldp] quit [PE1] interface pos2/0/0 [PE1-Pos2/0/0] mpls [PE1-Pos2/0/0] mpls ldp [PE1-Pos2/0/0] quit

# Configure P.
[P] mpls lsr-id 2.2.2.9 [P] mpls [P-mpls] quit [P] mpls ldp [P-mpls-ldp] quit [P] interface pos 1/0/0 [P-Pos1/0/0] mpls [P-Pos1/0/0] mpls ldp [P-Pos1/0/0] quit [P] interface pos 2/0/0 [P-Pos2/0/0] mpls [P-Pos2/0/0] mpls ldp [P-Pos2/0/0] quit

# Configure PE2.
[PE2] mpls lsr-id 3.3.3.9 [PE2] mpls [PE2-mpls] quit [PE2] mpls ldp [PE2-mpls-ldp] quit [PE2] interface pos 2/0/0 [PE2-Pos2/0/0] mpls [PE2-Pos2/0/0] mpls ldp [PE2-Pos2/0/0] quit

After the configuration, run the display tunnel-info all command on PEs, and you can see that there is an MPLS LSP tunnel between PE1 and PE2.
6-134 Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd. Issue 03 (2008-09-22)

Quidway NetEngine80E/40E Core Router Configuration Guide - VPN

6 PWE3 Configuration

Take the display of PE1 as an example.


<PE1> display tunnel-info all * -> Allocated VC Token Tunnel ID Type Destination Token ---------------------------------------------------------------------0x2002000 lsp 2.2.2.9 0 0x2002001 lsp 3.3.3.9 1

Run the display mpls ldp session command on PEs, and you can see that the status of the LDP peer relationship between a PE and a P is Operational. Take the display of PE1 as an example:
<PE1> display mpls ldp session LDP Session(s) in Public Network -----------------------------------------------------------------------------Peer-ID Status LAM SsnRole SsnAge KA-Sent/Rcv -----------------------------------------------------------------------------2.2.2.9:0 Operational DU Passive 000:00:02 10/10 -----------------------------------------------------------------------------TOTAL: 1 session(s) Found. LAM : Label Advertisement Mode SsnAge Unit : DDD:HH:MM

4.

Set up remote LDP sessions between PEs. # For a remote LDP session, the specified IP address is usually the IP address of the loopback interface of the remote LDP peer.
NOTE

If PEs are directly connected to each other, you do not have to manually configure remote LDP sessions for them.

# Configure PE1.
[PE1] mpls ldp remote-peer 3.3.3.9 [PE1-mpls-ldp-remote-3.3.3.9] remote-ip 3.3.3.9 [PE1-mpls-ldp-remote-3.3.3.9] quit

# Configure PE2.
[PE2] mpls ldp remote-peer 1.1.1.9 [PE2-mpls-ldp-remote-1.1.1.1] remote-ip 1.1.1.9 [PE2-mpls-ldp-remote-1.1.1.1] quit

After the configuration, run the display mpls ldp session command on PEs, and you can see that the status of the remote LDP peers to PEs is Operational. That is, the remote peer relationship has been set up. Take the display of PE1 as an example.
<PE1> display mpls ldp session LDP Session(s) in Public Network -----------------------------------------------------------------------------Peer-ID Status LAM SsnRole SsnAge KA-Sent/Rcv -----------------------------------------------------------------------------2.2.2.9:0 Operational DU Passive 000:00:03 16/16 3.3.3.9:0 Operational DU Passive 000:00:00 2/2 -----------------------------------------------------------------------------TOTAL: 2 session(s) Found. LAM : Label Advertisement Mode SsnAge Unit : DDD:HH:MM

5.

Configure PWs on PEs through the PW template. # Configure PE1.


[PE1] mpls l2vpn [PE1-l2vpn] quit

Issue 03 (2008-09-22)

Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd.

6-135

6 PWE3 Configuration

Quidway NetEngine80E/40E Core Router Configuration Guide - VPN


[PE1] pw-template 1to2 [PE1-pw-template-1to2] peer-address 3.3.3.9 [PE1-pw-template-1to2] control-word [PE1-pw-template-1to2] vccv cc cw cv lsp-ping bfd [PE1-pw-template-1to2] quit [PE1] interface pos1/0/0 [PE1-Pos1/0/0] mpls l2vc pw-template 1to2 100 [PE1-Pos1/0/0] undo shutdown [PE1-Pos1/0/0] quit

# Configure PE2.
[PE2] mpls l2vpn [PE2-l2vpn] quit [PE2] pw-template 2to1 [PE2-pw-template-2to1] peer 1.1.1.9 [PE2-pw-template-2to1] control-word [PE2-pw-template-2to1] vccv cc cw cv lsp-ping bfd [PE2-pw-template-2to1] quit [PE2] interface pos 1/0/0 [PE2-Pos1/0/0] mpls l2vc pw-template 2to1 100 [PE2-Pos1/0/0] undo shutdown [PE2-Pos1/0/0] quit

After the configuration, run the display pw-template command on PEs, and you can view the configuration information about the PW template, with VCCV capacity being enabled on it. Take the display of PE1 as an example.
<PE1> display pw-template Total PW template number : 1 PW Template Name : 1to2 PeerIP : 3.3.3.9 Tnl Policy Name : -CtrlWord : Enable VCCV Capability : cw lsp-ping bfd Behavior Name : -Total PW : 1, Static PW : 0, LDP PW : 1, Rsvp PW : 0

Check the L2VPN connection information on PEs, run the display mpls l2vc interface command, and you can see that PWs have been successfully set up, and are in the Active state. The BFD for PW function is disabled on PWs. Take the display of PE1 as an example.
<PE1> display mpls l2vc interface pos 1/0/0 *client interface : Pos1/0/0 is up session state : up AC state : up VC state : up VC ID : 100 VC type : PPP destination : 3.3.3.9 local group ID : 0 remote local VC label : 21504 remote local AC OAM State : up local PSN State : up local forwarding state : forwarding remote AC OAM state : up remote PSN state : up remote forwarding state: forwarding BFD for PW : available manual fault : not set active state : active forwarding entry : exist link state : up local VC MTU : 1500 remote local VCCV : cw lsp-ping bfd remote VCCV : cw lsp-ping bfd local fragmentantion : disable remote local control word : enable remote

group ID VC label

: 0 : 21504

VC MTU

: 1500

fragmentantion: disable control word : enable

6-136

Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd.

Issue 03 (2008-09-22)

Quidway NetEngine80E/40E Core Router Configuration Guide - VPN


tunnel policy traffic behavior PW template name primary or secondary VC tunnel/token info NO.0 TNL type : lsp create time up time last change time : : : : :

6 PWE3 Configuration
--1to2 primary 1 tunnels/tokens , TNL ID : 0x2002001 : 0 days, 0 hours, 2 minutes, 9 seconds : 0 days, 0 hours, 1 minutes, 9 seconds : 0 days, 0 hours, 1 minutes, 9 seconds

6.

Configure dynamic BFDs between PEs that check the SH-PW. # Configure PE1.
[PE1] bfd [PE1-bfd] quit [PE1] interface pos1/0/0 [PE1-Pos1/0/0] mpls l2vpn pw bfd min-rx-interval 100 min-tx-interval 100 [PE1-Pos1/0/0] quit

# Configure PE2.
[PE2] bfd [PE2-bfd] quit [PE2] interface pos1/0/0 [PE2-Pos1/0/0] mpls l2vpn pw bfd min-rx-interval 100 min-tx-interval 100 [PE2-Pos1/0/0] quit

7.

Verify the configuration. # CE1 and CE2 can ping through each other.
<CE1> ping 10.1.1.2 PING 10.1.1.2: 56 data bytes, press CTRL_C to break Reply from 10.1.1.2: bytes=56 Sequence=1 ttl=255 time=360 ms Reply from 10.1.1.2: bytes=56 Sequence=2 ttl=255 time=60 ms Reply from 10.1.1.2: bytes=56 Sequence=3 ttl=255 time=160 ms Reply from 10.1.1.2: bytes=56 Sequence=4 ttl=255 time=90 ms Reply from 10.1.1.2: bytes=56 Sequence=5 ttl=255 time=160 ms --- 10.1.1.2 ping statistics --5 packet(s) transmitted 5 packet(s) received 0.00% packet loss round-trip min/avg/max = 60/166/360 ms

# Run the display mpls l2vc interface command on PEs to view the status of PWs. You can see that the BFD for PW function is enabled, and that the BFD state is up. Take the display of PE1 as an example.
<PE1> display mpls l2vc interface pos 1/0/0 *client interface : Pos1/0/0 is up session state : up AC state : up VC state : up VC ID : 100 VC type : PPP destination : 3.3.3.9 local group ID : 0 remote group ID local VC label : 21504 remote VC label local AC OAM State : up local PSN State : up local forwarding state : forwarding remote AC OAM state : up remote PSN state : up remote forwarding state: forwarding Dynamic BFD for PW : available Detect Multipier : 3 Min Transit Interval : 100 Max Receive Interval : 100 Dynamic BFD Session : built BFD for PW : available BFD sessionIndex : 256 BFD state : up manual fault : not set

: 0 : 21504

Issue 03 (2008-09-22)

Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd.

6-137

6 PWE3 Configuration
active state forwarding entry link state local VC MTU local VCCV remote VCCV local fragmentantion local control word tunnel policy traffic behavior PW template name primary or secondary VC tunnel/token info NO.0 TNL type : lsp create time up time last change time : : : : : : : : : : : : :

Quidway NetEngine80E/40E Core Router Configuration Guide - VPN


active exist up 4470 remote VC MTU : 4470 cw lsp-ping bfd cw lsp-ping bfd disable remote fragmentantion: disable enable remote control word : enable --1to2 primary 1 tunnels/tokens , TNL ID : 0x2002001 : 0 days, 0 hours, 6 minutes, 43 seconds : 0 days, 0 hours, 5 minutes, 43 seconds : 0 days, 0 hours, 5 minutes, 43 seconds

# Run the display bfd session all verbose command on PEs to view the status of BFDs. You can see that the status of BFD sessions is up, the BFD bind type is PW, and that the PW session type is dynamic. Take the display of PE1 as an example.
<PE1> display bfd session all verbose ------------------------------------------------------------------------------Session MIndex : 256 (One Hop) State : Up Name : dyn_8192 ------------------------------------------------------------------------------Local Discriminator : 8192 Remote Discriminator : 8192 Session Detect Mode : Asynchronous Mode Without Echo Function BFD Bind Type : PW(Master) Bind Session Type : Dynamic Bind Peer Ip Address : --.--.--.-NextHop Ip Address : --.--.--.-Bind Interface : Pos1/0/0 FSM Board Id : 1 TOS-EXP : 6 Min Tx Interval (ms) : 100 Min Rx Interval (ms) : 100 Actual Tx Interval (ms): 100 Actual Rx Interval (ms): 100 Local Detect Multi : 3 Detect Interval (ms) : 300 Echo Passive : Disable Acl Number : -Proc interface status : Disable Process PST : Enable WTR Interval (ms) : -Local Demand Mode : Disable Active Multi : 3 Last Local Diagnostic : No Diagnostic Bind Application : L2VPN | OAM_MANAGER | MPLSFW Session TX TmrID : -Session Detect TmrID : -Session Init TmrID : -Session WTR TmrID : -Session Echo Tx TmrID : -PDT Index : FSM-0 | RCV-0 | IF-0 | TOKEN-0 Session Description : --------------------------------------------------------------------------------

Configuration File
l

Configuration file of CE1


# sysname CE1 # interface Pos1/0/0 link-protocol ppp undo shutdown ip address 10.1.1.1 255.255.255.252 # return

Configuration file of PE1


Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd. Issue 03 (2008-09-22)

6-138

Quidway NetEngine80E/40E Core Router Configuration Guide - VPN


# sysname PE1 # bfd # mpls lsr-id 1.1.1.9 mpls # mpls l2vpn # pw-template 1to2 peer-address 3.3.3.9 control-word vccv cc cw cv lsp-ping bfd # mpls ldp # mpls ldp remote-peer 3.3.3.9 remote-ip 3.3.3.9 # interface Pos1/0/0 link-protocol ppp undo shutdown mpls l2vc pw-template 1to2 100 mpls l2vpn pw bfd min-rx-interval 100 min-tx-interval 100 # interface Pos2/0/0 link-protocol ppp undo shutdown ip address 100.1.1.1 255.255.255.252 mpls mpls ldp # interface LoopBack1 ip address 1.1.1.9 255.255.255.255 # ospf 1 area 0.0.0.0 network 1.1.1.9 0.0.0.0 network 100.1.1.0 0.0.0.3 # return l

6 PWE3 Configuration

Configuration file of P
# sysname P # mpls lsr-id 2.2.2.9 mpls # mpls ldp # interface Pos1/0/0 link-protocol ppp undo shutdown ip address 100.1.1.2 255.255.255.252 mpls mpls ldp # interface Pos2/0/0 link-protocol ppp undo shutdown ip address 100.2.1.1 255.255.255.252 mpls mpls ldp # interface LoopBack1 ip address 2.2.2.9 255.255.255.255 # ospf 1

Issue 03 (2008-09-22)

Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd.

6-139

6 PWE3 Configuration
area 0.0.0.0 network 2.2.2.9 0.0.0.0 network 100.1.1.0 0.0.0.3 network 100.2.1.0 0.0.0.3 # return l

Quidway NetEngine80E/40E Core Router Configuration Guide - VPN

Configuration file of PE2


# sysname PE2 # bfd # mpls lsr-id 3.3.3.9 mpls # mpls l2vpn # pw-template 2to1 peer-address 1.1.1.9 control-word vccv cc cw cv lsp-ping bfd # mpls ldp # mpls ldp remote-peer 1.1.1.9 remote-ip 1.1.1.9 # interface Pos1/0/0 link-protocol ppp undo shutdown mpls l2vc pw-template 2to1 100 mpls l2vpn pw bfd min-rx-interval 100 min-tx-interval 100 # interface Pos2/0/0 link-protocol ppp undo shutdown ip address 100.2.1.2 255.255.255.252 mpls mpls ldp # interface LoopBack1 ip address 3.3.3.9 255.255.255.255 # ospf 1 area 0.0.0.0 network 3.3.3.9 0.0.0.0 network 100.2.1.0 0.0.0.3 # return

Configuration file of CE2


# sysname CE2 # interface Pos1/0/0 link-protocol ppp undo shutdown ip address 10.1.1.2 255.255.255.252 # return

6.14.9 Example for Configuring a Dynamic BFD That Checks MHPW

6-140

Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd.

Issue 03 (2008-09-22)

Quidway NetEngine80E/40E Core Router Configuration Guide - VPN

6 PWE3 Configuration

Networking Requirements
As shown in Figure 6-24, CE1 and CE2 are connected to U-PE1 and U-PE2 respectively through PPP.U-PE1 and U-PE2 are linked to each other through the MPLS backbone. A dynamic MHPW is set up between U-PE1 and U-PE2, using the LSP tunnel, and using S-PE as the switching node. Dynamic BFD sessions are required to check the connectivity of the MH-PW between U-PE1 and U-PE2 to ensure the reliability of services on the link. Figure 6-24 Networking diagram of configuring dynamic BFDs that check MH-PW
Loopback0 2.2.2.9/32 Loopback0 3.3.3.9/32 POS1/0/0 20.1.1.2/24 POS2/0/0 20.1.1.1/24
100 PW

Loopback0 4.4.4.9/32 POS1/0/0 30.1.1.2/24

P1

S-PE

P2

POS1/0/0 10.1.1.2/24 Loopback0 1.1.1.9/32

POS2/0/0 30.1.1.1/24

POS2/0/0 40.1.1.1/24 Loopback0 5.5.5.9/32

PW 200

POS2/0/0 10.1.1.1/24

POS1/0/0 40.1.1.2/24 POS2/0/0 U-PE2 POS1/0/0 100.1.1.2/24

U-PE1

POS1/0/0 POS1/0/0 100.1.1.1/24

CE1

CE2

Configuration Roadmap
The configuration roadmap is as follows: 1. 2. 3. 4. 5. 6. Configure the IGP routing protocol for the backbone, so that devices in the backbone can internetwork with each other. Configure basic MPLS functions for the backbone, and set up LSP tunnels. Set up MPLS LDP remote peer relationship between U-PE1 and S-PE, and between U-PE2 and S-PE. Create the PW template, and enable the CW and LSP Ping functions. Set up an MPLS L2VC connection between U-PEs. Set up a switching PW on the switching node S-PE. Configure basic BFD functions that trigger the dynamic creation of BFD for PW on U-PEs.

Data Preparation
To complete the configuration, you need the following data:
l l

IP addresses for the interfaces LSR IDs of the devices


Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd. 6-141

Issue 03 (2008-09-22)

6 PWE3 Configuration
l l

Quidway NetEngine80E/40E Core Router Configuration Guide - VPN

VC ID of the PW BFD parameters

Configuration Procedure
1. Configure an IP address for the interface through which a CE is connected to a PE. # Configure CE1.
<Quidway> system-view [Quidway] sysname CE1 [CE1] interface pos 1/0/0 [CE1-Pos1/0/0] ip address 100.1.1.1 24 [CE1-Pos1/0/0] undo shutdown [CE1-Pos1/0/0] quit

# Configure CE2.
<Quidway> system-view [Quidway] sysname CE2 [CE2] interface pos 1/0/0 [CE2-Pos1/0/0] ip address 100.1.1.2 24 [CE2-Pos1/0/0] undo shutdown [CE2-Pos1/0/0] quit

2.

Configure the IGP for MPLS backbone. Configure the IGP for the MPLS backbone. Take OSPF as an example. Configure IP addresses for the interfaces of U-PEs, S-PE, and Ps. While configuring OSPF, advertise 32-bit loopback addresses of U-PE1, S-PE, and U-PE2. Configure U-PE1.
[U-PE1] interface loopback 0 [U-PE1-LoopBack0] ip address 1.1.1.9 32 [U-PE1-LoopBack0] quit [U-PE1] interface pos 2/0/0 [U-PE1-Pos2/0/0] ip address 10.1.1.1 24 [U-PE1-Pos2/0/0] undo shutdown [U-PE1-Pos2/0/0] quit [U-PE1] ospf 1 [U-PE1-ospf-1] area 0.0.0.0 [U-PE1-ospf-1-area-0.0.0.0] network 10.1.1.0 0.0.0.255 [U-PE1-ospf-1-area-0.0.0.0] network 1.1.1.9 0.0.0.0 [U-PE1-ospf-1-area-0.0.0.0] quit [U-PE1-ospf-1] quit

Configure P1.
[P1] interface loopback 0 [P1-LoopBack0] ip address 2.2.2.9 32 [P1-LoopBack0] quit [P1] interface pos 1/0/0 [P1-Pos1/0/0] ip address 10.1.1.2 24 [P1-Pos1/0/0] undo shutdown [P1-Pos1/0/0] quit [P1] interface pos 2/0/0 [P1-Pos2/0/0] ip address 20.1.1.1 24 [P1-Pos2/0/0] undo shutdown [P1-Pos2/0/0] quit [P1] ospf 1 [P1-ospf-1] area 0.0.0.0 [P1-ospf-1-area-0.0.0.0] network 10.1.1.0 0.0.0.255 [P1-ospf-1-area-0.0.0.0] network 20.1.1.0 0.0.0.255 [P1-ospf-1-area-0.0.0.0] network 2.2.2.9 0.0.0.0 [P1-ospf-1-area-0.0.0.0] quit [P1-ospf-1] quit

# Configure S-PE.
[S-PE] interface loopback 0

6-142

Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd.

Issue 03 (2008-09-22)

Quidway NetEngine80E/40E Core Router Configuration Guide - VPN


[S-PE-LoopBack0] ip address 3.3.3.9 32 [S-PE-LoopBack0] quit [S-PE] interface pos 1/0/0 [S-PE-Pos1/0/0] ip address 20.1.1.2 24 [S-PE-Pos1/0/0] undo shutdown [S-PE-Pos1/0/0] quit [S-PE] interface pos 2/0/0 [S-PE-Pos2/0/0] ip address 30.1.1.1 24 [S-PE-Pos2/0/0] undo shutdown [S-PE-Pos2/0/0] quit [S-PE] ospf 1 [S-PE-ospf-1] area 0.0.0.0 [S-PE-ospf-1-area-0.0.0.0] network 20.1.1.0 0.0.0.255 [S-PE-ospf-1-area-0.0.0.0] network 30.1.1.0 0.0.0.255 [S-PE-ospf-1-area-0.0.0.0] network 3.3.3.9 0.0.0.0 [S-PE-ospf-1-area-0.0.0.0] quit [S-PE-ospf-1] quit

6 PWE3 Configuration

# Configure P2.
[P2] interface loopback 0 [P2-LoopBack0] ip address 4.4.4.9 32 [P2-LoopBack0] quit [P2] interface pos 1/0/0 [P2-Pos1/0/0] ip address 30.1.1.2 24 [P2-Pos1/0/0] undo shutdown [P2-Pos1/0/0] quit [P2] interface pos 2/0/0 [P2-Pos2/0/0] ip address 40.1.1.1 24 [P2-Pos2/0/0] undo shutdown [P2-Pos2/0/0] quit [P2] ospf 1 [P2-ospf-1] area 0.0.0.0 [P2-ospf-1-area-0.0.0.0] network 30.1.1.0 0.0.0.255 [P2-ospf-1-area-0.0.0.0] network 40.1.1.0 0.0.0.255 [P2-ospf-1-area-0.0.0.0] network 4.4.4.9 0.0.0.0 [P2-ospf-1-area-0.0.0.0] quit [P2-ospf-1] quit

# Configure U-PE2.
[U-PE2] interface loopback 0 [U-PE2-LoopBack0] ip address 5.5.5.9 32 [U-PE2-LoopBack0] quit [U-PE2] interface pos 1/0/0 [U-PE2-Pos1/0/0] ip address 40.1.1.2 24 [U-PE2-Pos1/0/0] undo shutdown [U-PE2-Pos1/0/0] quit [U-PE2] ospf 1 [U-PE2-ospf-1] area 0.0.0.0 [U-PE2-ospf-1-area-0.0.0.0] network 40.1.1.0 0.0.0.255 [U-PE2-ospf-1-area-0.0.0.0] network 1.1.1.9 0.0.0.0 [U-PE2-ospf-1-area-0.0.0.0] quit [U-PE2-ospf-1] quit

After the configuration, run the display ip routing-table command on U-PEs, Ps, or S-PE, and you can find that they have learned the routes to each other's LSR ID. Take the display of S-PE as an example:
<S-PE> display ip routing-table Route Flags: R - relied, D - download to fib -----------------------------------------------------------------------------Routing Tables: Public Destinations : 15 Routes : 15 Destination/Mask Proto Pre Cost Flags NextHop Interface 1.1.1.9/32 OSPF 10 3 D 20.1.1.1 Pos1/0/0 2.2.2.9/32 OSPF 10 2 D 20.1.1.1 Pos1/0/0 3.3.3.9/32 Direct 0 0 D 127.0.0.1 InLoopBack0 4.4.4.9/32 OSPF 10 2 D 30.1.1.2 Pos2/0/0 5.5.5.9/32 OSPF 10 3 D 30.1.1.2 Pos2/0/0 10.1.1.0/24 OSPF 10 2 D 20.1.1.1 Pos1/0/0 20.1.1.0/24 Direct 0 0 D 20.1.1.2 Pos1/0/0

Issue 03 (2008-09-22)

Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd.

6-143

6 PWE3 Configuration
20.1.1.1/32 20.1.1.2/32 30.1.1.0/24 30.1.1.1/32 30.1.1.2/32 40.1.1.0/24 127.0.0.0/8 127.0.0.1/32 Direct Direct Direct Direct Direct OSPF Direct Direct 0 0 0 0 0 10 0 0 0 0 0 0 0 2 0 0

Quidway NetEngine80E/40E Core Router Configuration Guide - VPN


D D D D D D D D 20.1.1.1 127.0.0.1 30.1.1.1 127.0.0.1 30.1.1.2 30.1.1.2 127.0.0.1 127.0.0.1 Pos1/0/0 InLoopBack0 Pos2/0/0 InLoopBack0 Pos2/0/0 Pos2/0/0 InLoopBack0 InLoopBack0

U-PEs can ping through each other. Take the display of U-PE1 as an example.
<U-PE1> ping 40.1.1.2 PING 40.1.1.2: 56 data bytes, press CTRL_C to break Reply from 40.1.1.2: bytes=56 Sequence=1 ttl=252 time=160 Reply from 40.1.1.2: bytes=56 Sequence=2 ttl=252 time=120 Reply from 40.1.1.2: bytes=56 Sequence=3 ttl=252 time=150 Reply from 40.1.1.2: bytes=56 Sequence=4 ttl=252 time=150 Reply from 40.1.1.2: bytes=56 Sequence=5 ttl=252 time=160 --- 40.1.1.2 ping statistics --5 packet(s) transmitted 5 packet(s) received 0.00% packet loss round-trip min/avg/max = 120/148/160 ms ms ms ms ms ms

3.

Enable MPLS, and set up LSP tunnels and remote LDP sessions. Configure basic MPLS functions for the backbone, set up tunnels between U-PE1 and SPE, and between S-PE and U-PE2, and create remote LDP sessions. Configure U-PE1.
[U-PE1] mpls lsr-id 1.1.1.9 [U-PE1] mpls [U-PE1-mpls] quit [U-PE1] mpls ldp [U-PE1-mpls-ldp] quit [U-PE1] interface pos 2/0/0 [U-PE1-Pos2/0/0] mpls [U-PE1-Pos2/0/0] mpls ldp [U-PE1-Pos2/0/0] quit [U-PE1] mpls ldp remote-peer 3.3.3.9 [U-PE1-mpls-ldp-remote-3.3.3.9] remote-ip 3.3.3.9 [U-PE1-mpls-ldp-remote-3.3.3.9] quit

Configure P1.
[P1] mpls lsr-id 2.2.2.9 [P1] mpls [P1-mpls] quit [P1] mpls ldp [P1-mpls-ldp] quit [P1] interface pos 1/0/0 [P1-Pos1/0/0] mpls [P1-Pos1/0/0] mpls ldp [P1-Pos1/0/0] quit [P1] interface pos 2/0/0 [P1-Pos2/0/0] mpls [P1-Pos2/0/0] mpls ldp [P1-Pos2/0/0] quit

# Configure S-PE.
[S-PE] mpls lsr-id 3.3.3.9 [S-PE] mpls [S-PE-mpls] quit [S-PE] mpls ldp [S-PE-mpls-ldp] quit [S-PE] interface pos 1/0/0 [S-PE-Pos1/0/0] mpls [S-PE-Pos1/0/0] mpls ldp [S-PE-Pos1/0/0] quit [S-PE] interface pos 2/0/0 [S-PE-Pos2/0/0] mpls [S-PE-Pos2/0/0] mpls ldp

6-144

Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd.

Issue 03 (2008-09-22)

Quidway NetEngine80E/40E Core Router Configuration Guide - VPN


[S-PE-Pos2/0/0] quit [S-PE] mpls ldp remote-peer 1.1.1.9 [S-PE-mpls-ldp-remote-1.1.1.9] remote-ip 1.1.1.9 [S-PE-mpls-ldp-remote-1.1.1.9] quit [S-PE] mpls ldp remote-peer 5.5.5.9 [S-PE-mpls-ldp-remote-5.5.5.9] remote-ip 5.5.5.9 [S-PE-mpls-ldp-remote-5.5.5.9] quit

6 PWE3 Configuration

# Configure P2.
[P2] mpls lsr-id 4.4.4.9 [P2] mpls [P2-mpls] quit [P2] mpls ldp [P2-mpls-ldp] quit [P2] interface pos 1/0/0 [P2-Pos1/0/0] mpls [P2-Pos1/0/0] mpls ldp [P2-Pos1/0/0] quit [P2] interface pos 2/0/0 [P2-Pos2/0/0] mpls [P2-Pos2/0/0] mpls ldp [P2-Pos2/0/0] quit

# Configure U-P2.
[U-PE2] mpls lsr-id 5.5.5.9 [U-PE2] mpls [U-PE2-mpls] quit [U-PE2] mpls ldp [U-PE2-mpls-ldp] quit [U-PE2] interface pos 1/0/0 [U-PE2-Pos1/0/0] mpls [U-PE2-Pos1/0/0] mpls ldp [U-PE2-Pos1/0/0] quit [U-PE2] mpls ldp remote-peer 3.3.3.9 [U-PE2-mpls-ldp-remote-3.3.3.9] remote-ip 3.3.3.9 [U-PE2-mpls-ldp-remote-3.3.3.9] quit

After the configuration, run the display mpls ldp session command on U-PEs, Ps, or SPE, and you can see that the Session State is Operational.Run the display mpls ldp peer command, and you can view how the LDP sessions and the peers have been constructed. Run the display mpls lsp, and you can view how LSPs have been constructed. Take the display of S-PE as an example:
<S-PE> display mpls ldp session LDP Session(s) in Public Network -----------------------------------------------------------------------------Peer-ID Status LAM SsnRole SsnAge KA-Sent/Rcv -----------------------------------------------------------------------------1.1.1.9:0 Operational DU Active 000:00:14 57/57 2.2.2.9:0 Operational DU Active 000:00:14 56/56 4.4.4.9:0 Operational DU Passive 000:00:05 22/22 5.5.5.9:0 Operational DU Passive 000:00:12 52/52 -----------------------------------------------------------------------------TOTAL: 4 session(s) Found. LAM : Label Advertisement Mode SsnAge Unit : DDD:HH:MM <S-PE> display mpls ldp peer LDP Peer Information in Public network -----------------------------------------------------------------------------Peer-ID Transport-Address Discovery-Source -----------------------------------------------------------------------------1.1.1.9:0 1.1.1.9 Remote Peer : 1.1.1.9 2.2.2.9:0 2.2.2.9 Pos1/0/0 4.4.4.9:0 4.4.4.9 Pos2/0/0 5.5.5.9:0 5.5.5.9 Remote Peer : 5.5.5.9

Issue 03 (2008-09-22)

Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd.

6-145

6 PWE3 Configuration

Quidway NetEngine80E/40E Core Router Configuration Guide - VPN

-----------------------------------------------------------------------------TOTAL: 4 Peer(s) Found. <S-PE> display mpls lsp ---------------------------------------------------------------------LSP Information: LDP LSP ---------------------------------------------------------------------FEC In/Out Label In/Out IF Vrf Name 3.3.3.9/32 3/NULL -/1.1.1.9/32 NULL/1024 -/P1/0/0 1.1.1.9/32 1024/1024 -/P1/0/0 2.2.2.9/32 NULL/3 -/P1/0/0 2.2.2.9/32 1025/3 -/P1/0/0 4.4.4.9/32 NULL/3 -/P2/0/0 4.4.4.9/32 1027/3 -/P2/0/0 5.5.5.9/32 NULL/1027 -/P2/0/0 5.5.5.9/32 1026/1027 -/P2/0/0

4.

Create and configure a PW template. Create the PW template on U-PEs, and enable the CW and LSP Ping functions. Configure U-PE1.
[U-PE1] pw-template pwt [U-PE1-pw-template-pwt] [U-PE1-pw-template-pwt] [U-PE1-pw-template-pwt] [U-PE1-pw-template-pwt] peer-address 3.3.3.9 control-word vccv cc cw cv lsp-ping bfd quit

# Configure U-P2.
[U-PE2] pw-template pwt [U-PE2-pw-template-pwt] [U-PE2-pw-template-pwt] [U-PE2-pw-template-pwt] [U-PE2-pw-template-pwt] peer-address 3.3.3.9 control-word vccv cc cw cv lsp-ping bfd quit

After the configuration, run the display pw-template command on PEs, and you can view the configuration information about the PW template, with VCCV capacity being enabled on it. Take the display of U-PE1 as an example.
<U-PE1> display pw-template Total PW template number : 1 PW Template Name : pwt PeerIP : 3.3.3.9 Tnl Policy Name : -CtrlWord : Enable VCCV Capability : cw lsp-ping bfd Behavior Name : -Total PW : 1, Static PW : 0, LDP PW : 1, Rsvp PW : 0

5.

Set up a VC connection. Enable MPLS L2VPN on U-PE1, U-PE2, and S-PE. Configure a dynamic PW on U-PEs, and implement dynamic PW switching on S-PEs.
NOTE

PWE3 does not support P2MP. Therefore, if you want to set up MPLS L2VC on ATM subinterfaces, they must be of P2P type. For configuring transparent ATM cell transport, however, there is no such restriction.

# Configure U-PE1.
[U-PE1] mpls l2vpn [U-PE1-l2vpn] quit [U-PE1] interface pos 1/0/0 [U-PE1-Pos1/0/0] mpls l2vc pw-template pwt 100 [U-PE1-Pos1/0/0] undo shutdown [U-PE1-Pos1/0/0] quit

6-146

Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd.

Issue 03 (2008-09-22)

Quidway NetEngine80E/40E Core Router Configuration Guide - VPN

6 PWE3 Configuration

# Configure S-PE.
[S-PE] mpls l2vpn [S-PE-l2vpn] quit [S-PE] mpls switch-l2vc 1.1.1.9 100 between 5.5.5.9 200 encapsulation ppp

# Configure U-PE2.
[U-PE2] mpls l2vpn [U-PE2-l2vpn] quit [U-PE2] interface pos 2/0/0 [U-PE2-Pos2/0/0] mpls l2vc pw-template pwt 200 [U-PE2-Pos2/0/0] undo shutdown [U-PE2-Pos2/0/0] quit

After the configuration, check the L2VPN connection information on PEs. Run the display mpls l2vc interface command, and you can see that PWs have been successfully set up, and are in the Active state. The BFD for PW function is disabled on PWs. Take the display of U-PE1 as an example.
<U-PE1> display mpls l2vc interface pos 1/0/0 *client interface : Pos1/0/0 is up session state : up AC state : up VC state : up VC ID : 100 VC type : PPP destination : 3.3.3.9 local group ID : 0 remote group ID : 0 local VC label : 21504 remote VC label : 21505 local AC OAM State : up local PSN State : up local forwarding state : forwarding remote AC OAM state : up remote PSN state : up remote forwarding state: forwarding BFD for PW : available manual fault : not set active state : active forwarding entry : exist link state : up local VC MTU : 1500 remote VC MTU : 1500 local VCCV : cw lsp-ping bfd remote VCCV : cw lsp-ping bfd local fragmentantion : disable remote fragmentantion: disable local control word : enable remote control word : enable tunnel policy : -traffic behavior : -PW template name : pwt primary or secondary : primary VC tunnel/token info : 1 tunnels/tokens NO.0 TNL type : lsp , TNL ID : 0x2002003 create time : 0 days, 0 hours, 2 minutes, 40 seconds up time : 0 days, 0 hours, 0 minutes, 59 seconds last change time : 0 days, 0 hours, 0 minutes, 59 seconds

6.

Configure dynamic BFDs between PEs that check the MH-PW. # Configure U-PE1.
[U-PE1] bfd [U-PE1-bfd] quit [U-PE1] interface pos1/0/0 [U-PE1-Pos1/0/0] mpls l2vpn pw bfd min-rx-interval 100 min-tx-interval 100 remote-vcid 200 [U-PE1-Pos1/0/0] quit

# Configure U-PE2.
[U-PE2] bfd [U-PE2-bfd] quit [U-PE2] interface pos2/0/0

Issue 03 (2008-09-22)

Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd.

6-147

6 PWE3 Configuration

Quidway NetEngine80E/40E Core Router Configuration Guide - VPN


[U-PE2-Pos2/0/0] mpls l2vpn pw bfd min-rx-interval 100 min-tx-interval 100 remote-vcid 100 [U-PE2-Pos2/0/0] quit

7.

Verify the configuration. # CE1 and CE2 can ping through each other.
<CE1> ping 100.1.1.2 PING 100.1.1.2: 56 data bytes, press CTRL_C to break Reply from 100.1.1.2: bytes=56 Sequence=1 ttl=255 time=600 Reply from 100.1.1.2: bytes=56 Sequence=2 ttl=255 time=160 Reply from 100.1.1.2: bytes=56 Sequence=3 ttl=255 time=220 Reply from 100.1.1.2: bytes=56 Sequence=4 ttl=255 time=210 Reply from 100.1.1.2: bytes=56 Sequence=5 ttl=255 time=220 --- 100.1.1.2 ping statistics --5 packet(s) transmitted 5 packet(s) received 0.00% packet loss round-trip min/avg/max = 160/282/600 ms ms ms ms ms ms

# Run the display mpls l2vc interface command on U-PEs to view the status of PWs. You can see that the dynamic BFD for PW function is enabled, and that the BFD state is up. Take the display of U-PE1 as an example.
<U-PE1> display mpls l2vc interface pos 1/0/0 *client interface : Pos1/0/0 is up session state : up AC state : up VC state : up VC ID : 100 VC type : PPP destination : 3.3.3.9 local group ID : 0 remote group ID : 0 local VC label : 21504 remote VC label : 21505 local AC OAM State : up local PSN State : up local forwarding state : forwarding remote AC OAM state : up remote PSN state : up remote forwarding state: forwarding Dynamic BFD for PW : available Detect Multipier : 3 Min Transit Interval : 100 Max Receive Interval : 100 Dynamic BFD Session : built BFD for PW : available BFD sessionIndex : 256 BFD state : up manual fault : not set active state : active forwarding entry : exist link state : up local VC MTU : 4470 remote VC MTU : 4470 local VCCV : cw lsp-ping bfd remote VCCV : cw lsp-ping bfd local fragmentantion : disable remote fragmentantion: disable local control word : enable remote control word : enable tunnel policy : -traffic behavior : -PW template name : pwt primary or secondary : primary VC tunnel/token info : 1 tunnels/tokens NO.0 TNL type : lsp , TNL ID : 0x2002003 create time : 0 days, 0 hours, 24 minutes, 0 seconds up time : 0 days, 0 hours, 15 minutes, 0 seconds last change time : 0 days, 0 hours, 15 minutes, 0 seconds

# Run the display bfd session all verbose command on U-PEs to view the status of BFDs. You can see that the status of the BFD sessions is Up, the BFD bind type is PW, and the PW session type is dynamic.
6-148 Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd. Issue 03 (2008-09-22)

Quidway NetEngine80E/40E Core Router Configuration Guide - VPN

6 PWE3 Configuration

Take the display of U-PE1 as an example.


<U-PE1> display bfd session all verbose ------------------------------------------------------------------------------Session MIndex : 256 (One Hop) State : Up Name : dyn_8192 ------------------------------------------------------------------------------Local Discriminator : 8192 Remote Discriminator : 8192 Session Detect Mode : Asynchronous Mode Without Echo Function BFD Bind Type : PW(Master) Bind Session Type : Dynamic Bind Peer Ip Address : --.--.--.-NextHop Ip Address : --.--.--.-Bind Interface : Pos1/0/0 FSM Board Id : 1 TOS-EXP : 6 Min Tx Interval (ms) : 100 Min Rx Interval (ms) : 100 Actual Tx Interval (ms): 2800 Actual Rx Interval (ms): 2800 Local Detect Multi : 3 Detect Interval (ms) : -Echo Passive : Disable Acl Number : -Proc interface status : Disable Process PST : Enable WTR Interval (ms) : -Local Demand Mode : Disable Last Local Diagnostic : No Diagnostic Bind Application : L2VPN | OAM_MANAGER | MPLSFW Session TX TmrID : -Session Detect TmrID : -Session Init TmrID : -Session WTR TmrID : -Session Echo Tx TmrID : -PDT Index : FSM-0 | RCV-0 | IF-0 | TOKEN-0 Session Description : -------------------------------------------------------------------------------Total UP/DOWN Session Number : 1/0

Configuration File
l

Configuration file of CE1


# sysname CE1 # interface Pos1/0/0 link-protocol ppp undo shutdown ip address 100.1.1.1 255.255.255.0 # return

Configuration file of U-PE1


# sysname U-PE1 # bfd # mpls lsr-id 1.1.1.9 mpls # mpls l2vpn # pw-template pwt peer-address 3.3.3.9 control-word vccv cc cw cv lsp-ping bfd # mpls ldp # mpls ldp remote-peer 3.3.3.9 remote-ip 3.3.3.9 # interface Pos1/0/0 link-protocol ppp

Issue 03 (2008-09-22)

Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd.

6-149

6 PWE3 Configuration

Quidway NetEngine80E/40E Core Router Configuration Guide - VPN


undo shutdown mpls l2vc pw-template pwt 100 mpls l2vpn pw bfd min-rx-interval 100 min-tx-interval 100 remote-vcid 200 # interface Pos2/0/0 link-protocol ppp undo shutdown ip address 10.1.1.1 255.255.255.0 mpls mpls ldp # interface LoopBack0 ip address 1.1.1.9 255.255.255.255 # ospf 1 area 0.0.0.0 network 10.1.1.0 0.0.0.255 network 1.1.1.9 0.0.0.0 # return

Configuration file of P1
# sysname P1 # mpls lsr-id 2.2.2.9 mpls # mpls ldp # interface Pos1/0/0 link-protocol ppp undo shutdown ip address 10.1.1.2 255.255.255.0 mpls mpls ldp # interface Pos2/0/0 link-protocol ppp undo shutdown ip address 20.1.1.1 255.255.255.0 mpls mpls ldp # interface LoopBack0 ip address 2.2.2.9 255.255.255.255 # ospf 1 area 0.0.0.0 network 2.2.2.9 0.0.0.0 network 10.1.1.0 0.0.0.255 network 20.1.1.0 0.0.0.255 # return

Configuration file of S-PE


# sysname S-PE # mpls lsr-id 3.3.3.9 mpls # mpls l2vpn # mpls switch-l2vc 5.5.5.9 200 between 1.1.1.9 100 encapsulation ppp # mpls ldp # mpls ldp remote-peer 1.1.1.9 remote-ip 1.1.1.9

6-150

Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd.

Issue 03 (2008-09-22)

Quidway NetEngine80E/40E Core Router Configuration Guide - VPN


# mpls ldp remote-peer 5.5.5.9 remote-ip 5.5.5.9 # interface Pos1/0/0 link-protocol ppp undo shutdown ip address 20.1.1.2 255.255.255.0 mpls mpls ldp # interface Pos2/0/0 link-protocol ppp undo shutdown ip address 30.1.1.1 255.255.255.0 mpls mpls ldp # interface LoopBack0 ip address 3.3.3.9 255.255.255.255 # ospf 1 area 0.0.0.0 network 3.3.3.9 0.0.0.0 network 20.1.1.0 0.0.0.255 network 30.1.1.0 0.0.0.255 # return l

6 PWE3 Configuration

Configuration file of P2
# sysname P2 # mpls lsr-id 4.4.4.9 mpls # mpls ldp # interface Pos1/0/0 link-protocol ppp undo shutdown ip address 30.1.1.2 255.255.255.0 mpls mpls ldp # interface Pos2/0/0 link-protocol ppp undo shutdown ip address 40.1.1.1 255.255.255.0 mpls mpls ldp # interface LoopBack0 ip address 4.4.4.9 255.255.255.255 # ospf 1 area 0.0.0.0 network 4.4.4.9 0.0.0.0 network 30.1.1.0 0.0.0.255 network 40.1.1.0 0.0.0.255 # return

Configuration file of U-PE2


# sysname U-PE2 # bfd # mpls lsr-id 5.5.5.9

Issue 03 (2008-09-22)

Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd.

6-151

6 PWE3 Configuration

Quidway NetEngine80E/40E Core Router Configuration Guide - VPN


mpls # mpls l2vpn # pw-template pwt peer-address 3.3.3.9 control-word vccv cc cw cv lsp-ping bfd # mpls ldp # mpls ldp remote-peer 3.3.3.9 remote-ip 3.3.3.9 # interface Pos1/0/0 link-protocol ppp undo shutdown ip address 40.1.1.2 255.255.255.0 mpls mpls ldp # interface Pos2/0/0 link-protocol ppp undo shutdown mpls l2vc pw-template pwt 200 mpls l2vpn pw bfd min-rx-interval 100 min-tx-interval 100 remote-vcid 100 # interface LoopBack0 ip address 5.5.5.9 255.255.255.255 # ospf 1 area 0.0.0.0 network 5.5.5.9 0.0.0.0 network 40.1.1.0 0.0.0.255 # return

Configuration file of CE2


# sysname CE2 # interface Pos1/0/0 link-protocol ppp undo shutdown ip address 100.1.1.2 255.255.255.0 # return

6.14.10 Example for Configuring PW FRR CEs Are Symmetrically Connected to PEs Through POS Links
Networking Requirements
As shown in Figure 6-25, CE1 and CE2 are dual-homed to PE2 and PE3 respectively. Specific requirements are as follows:
l l

CE1 and CE2 are connected to PEs by means of PPP. PWs are set up between PE1 and PE3, and between PE2 and PE4, and an MPLS LSP is used as the tunnel. When the path CE2PE3PPE1CE1 is faulty, the L2VPN traffic can be quickly switched to the backup path CE2PE4PE2CE1.
Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd. Issue 03 (2008-09-22)

6-152

Quidway NetEngine80E/40E Core Router Configuration Guide - VPN


l

6 PWE3 Configuration

When the path CE2PE3PPE1CE1 recovers, the L2VPN traffic can be switched back to the master path.

Figure 6-25 Networking diagram of PW FRR CEs are symmetrically connected to PEs through POS links
P
1 /0/ 30 / S2 PO .13.2 .1 0 10 1 /0/ 30 / S2 PO .13.1 0.1 0 1

Loopback1 1.1.1.1/32

P 10 OS 0.1 2/0 .31 /2 .1/ 30

Loopback1 5.5.5.5/32

PE1
POS1/0/0 10.1.1.2/30 Loopback1 2.2.2.2/32

LSP

Loopback1 3.3.3.3/32 10 POS 0.1 2/ .31 0/1 .2/ 30

Loopback1 4.4.4.4/32 POS2/0/0 100.1.24.2/30

PE3
POS1/0/0 10.1.1.1/30

PE2
POS1/0/0 10.1.2.2/30 POS1/0/0 10.1.1.1/30 POS1/0/1 10.1.2.1/30

POS2/0/0 100.1.24.1/30

PE4

LSP

POS1/0/0 10.1.2.1/30 POS1/0/0 10.1.1.2/30 POS1/0/1 10.1.2.2/30

CE1
POS1/0/2 10.1.3.1/24

CE2

Configuration Roadmap
The configuration roadmap is as follows: 1. 2. 3. 4. 5. 6. Configure OSPF for the backbone. Set up LSPs between PE1 and PE3, and PE2 and PE4. Set up MPLS LDP sessions between PE1 and PE3, and PE2 and PE4. Configure PWs on PEs by using the PW template. Set up BFD for PW sessions between PE1 and PE3, and PE2 and PE4. Configure the AC OAM detection and notify function on PEs, and enable the OAM Mapping function.

Data Preparation
To complete the configuration, you need the following data:
l l l l

The names of the remote MPLS LDP peers VC-IDs of the master PW and the backup PW PW template name The name of BFD for PW, the local discriminator, and the remote discriminator

Issue 03 (2008-09-22)

Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd.

6-153

6 PWE3 Configuration

Quidway NetEngine80E/40E Core Router Configuration Guide - VPN

Configuration Procedure
1. Configure an IP address for the interface through which a CE is connected to a PE. # Configure CE1.
<Quidway> system-view [Quidway] sysname CE1 [CE1] interface pos 1/0/0 [CE1-Pos1/0/0] ip address 10.1.1.1 30 [CE1-Pos1/0/0] undo shutdown [CE1-Pos1/0/0] quit [CE1] interface pos 1/0/1 [CE1-Pos1/0/1] ip address 10.1.2.1 30 [CE1-Pos1/0/1] undo shutdown [CE1-Pos1/0/1] quit [CE1] interface pos 1/0/2 [CE1-Pos1/0/2] ip address 10.1.3.1 24 [CE1-Pos1/0/2] undo shutdown [CE1-Pos1/0/2] quit

# Configure CE2.
<Quidway> system-view [Quidway] sysname CE2 [CE2] interface pos 1/0/0 [CE2-Pos1/0/0] ip address 10.1.1.2 30 [CE2-Pos1/0/0] undo shutdown [CE2-Pos1/0/0] quit [CE2] interface pos 1/0/1 [CE2-Pos1/0/1] ip address 10.1.2.2 30 [CE2-Pos1/0/1] undo shutdown [CE2-Pos1/0/1] quit

2.

Configure IP addresses for the interfaces and the IGP protocol for the MPLS backbone so that PEs and P in the backbone can internetwork. # Configure PE1.
<Quidway> system-view [Quidway] sysname PE1 [PE1] interface loopback1 [PE1-LoopBack1] ip address 1.1.1.1 32 [PE1-LoopBack1] quit [PE1] interface pos 2/0/1 [PE1-Pos2/0/1] ip address 100.1.13.1 30 [PE1-Pos2/0/1] undo shutdown [PE1-Pos2/0/1] quit [PE1] ospf 1 [PE1-ospf-1] area 0 [PE1-ospf-1-area-0.0.0.0] network 1.1.1.1 0.0.0.0 [PE1-ospf-1-area-0.0.0.0] network 100.1.13.0 0.0.0.3

# Configure P.
[P] interface loopback1 [P-LoopBack1] ip address 5.5.5.5 32 [P-LoopBack1] quit [P] interface pos 2/0/1 [P-Pos2/0/1] ip address 100.1.13.2 30 [P-Pos2/0/1] undo shutdown [P-Pos2/0/1] quit [P] interface pos 2/0/2 [P-Pos2/0/2] ip address 100.1.31.1 30 [P-Pos2/0/2] undo shutdown [P-Pos2/0/2] quit [P] ospf 1 [P-ospf-1] area 0 [P-ospf-1-area-0.0.0.0] network 5.5.5.5 0.0.0.0 [P-ospf-1-area-0.0.0.0] network 100.1.13.0 0.0.0.3 [P-ospf-1-area-0.0.0.0] network 100.1.31.0 0.0.0.3

# Configure PE3.
6-154 Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd. Issue 03 (2008-09-22)

Quidway NetEngine80E/40E Core Router Configuration Guide - VPN


[PE3] interface loopback1 [PE3-LoopBack1] ip address 3.3.3.3 32 [PE3-LoopBack1] quit [PE3] interface pos2/0/1 [PE3-Pos2/0/1] ip address 100.1.31.2 30 [PE3-Pos2/0/1] undo shutdown [PE3-Pos2/0/1] quit [PE3] ospf 1 [PE3-ospf-1] area 0 [PE3-ospf-1-area-0.0.0.0] network 3.3.3.3 0.0.0.0 [PE3-ospf-1-area-0.0.0.0] network 100.1.31.0 0.0.0.3

6 PWE3 Configuration

# Configure PE2.
[PE2] interface loopback1 [PE2-LoopBack1] ip address 2.2.2.2 32 [PE2-LoopBack1] quit [PE2] interface pos 2/0/0 [PE2-Pos2/0/0] ip address 100.1.24.1 30 [PE2-Pos2/0/0] undo shutdown [PE2-Pos2/0/0] quit [PE2] ospf 1 [PE2-ospf-1] area 0 [PE2-ospf-1-area-0.0.0.0] network 2.2.2.2 0.0.0.0 [PE2-ospf-1-area-0.0.0.0] network 100.1.24.0 0.0.0.3

# Configure PE4.
[PE4] interface loopback1 [PE4-LoopBack1] ip address 4.4.4.4 32 [PE4-LoopBack1] quit [PE4] interface pos 2/0/0 [PE4-Pos2/0/0] ip address 100.1.24.2 30 [PE4-Pos2/0/0] undo shutdown [PE4-Pos2/0/0] quit [PE4] ospf 1 [PE4-ospf-1] area 0 [PE4-ospf-1-area-0.0.0.0] network 4.4.4.4 0.0.0.0 [PE4-ospf-1-area-0.0.0.0] network 100.1.24.0 0.0.0.3

After the configuration, run the display ip routing-table command on PEs, and you can see that PE1 and PE2, and PE1 and PE3 have learnt the loopback 1 address of each other. Take the display of PE1 as an example:
<PE1> display ip routing-table Route Flags: R - relied, D - download to fib -----------------------------------------------------------------------------Routing Tables: Public Destinations : 9 Routes : 9 Destination/Mask Proto Pre Cost Flags NextHop Interface 1.1.1.1/32 Direct 0 0 D 127.0.0.1 InLoopBack0 3.3.3.3/32 OSPF 10 3 D 100.1.13.2 Pos2/0/1 5.5.5.5/32 OSPF 10 2 D 100.1.13.2 Pos2/0/1 100.1.13.0/30 Direct 0 0 D 100.1.13.1 Pos2/0/1 100.1.13.1/32 Direct 0 0 D 127.0.0.1 InLoopBack0 100.1.13.2/32 Direct 0 0 D 100.1.13.2 Pos2/0/1 100.1.31.0/30 OSPF 10 2 D 100.1.13.2 Pos2/0/1 127.0.0.0/8 Direct 0 0 D 127.0.0.1 InLoopBack0 127.0.0.1/32 Direct 0 0 D 127.0.0.1 InLoopBack0

3.

Configure basic MPLS functions for the MPLS backbone. # Enable MPLS, and specify LSR-ID as the IP address of loopback 1.Enable MPLS and MPLS LDP for the interfaces in the backbone. # Configure PE1.
[PE1] mpls lsr-id 1.1.1.1 [PE1] mpls [PE1-mpls] quit [PE1] mpls ldp [PE1-mpls-ldp] quit [PE1] interface pos2/0/1

Issue 03 (2008-09-22)

Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd.

6-155

6 PWE3 Configuration
[PE1-Pos2/0/1] mpls [PE1-Pos2/0/1] mpls ldp [PE1-Pos2/0/1] quit

Quidway NetEngine80E/40E Core Router Configuration Guide - VPN

# Configure P.
[P] mpls lsr-id 5.5.5.5 [P] mpls [P-mpls] quit [P] mpls ldp [P-mpls-ldp] quit [P] interface pos2/0/1 [P-Pos2/0/1] mpls [P-Pos2/0/1] mpls ldp [P-Pos2/0/1] quit [P] interface pos 2/0/2 [P-Pos2/0/2] mpls [P-Pos2/0/2] mpls ldp [P-Pos2/0/2] quit

# Configure PE3.
[PE3] mpls lsr-id 3.3.3.3 [PE3] mpls [PE3-mpls] quit [PE3] mpls ldp [PE3-mpls-ldp] quit [PE3] interface pos 2/0/1 [PE3-Pos2/0/1] mpls [PE3-Pos2/0/1] mpls ldp [PE3-Pos2/0/1] quit

# Configure PE2.
[PE2] mpls lsr-id 2.2.2.2 [PE2] mpls [PE2-mpls] quit [PE2] mpls ldp [PE2-mpls-ldp] quit [PE2] interface pos 2/0/0 [PE2-Pos2/0/0] mpls [PE2-Pos2/0/0] mpls ldp [PE2-Pos2/0/0] quit

# Configure PE4.
[PE4] mpls lsr-id 4.4.4.4 [PE4] mpls [PE4-mpls] quit [PE4] mpls ldp [PE4-mpls-ldp] quit [PE4] interface pos 2/0/0 [PE4-Pos2/0/0] mpls [PE4-Pos2/0/0] mpls ldp [PE4-Pos2/0/0] quit

After the configuration, run the display tunnel-info all command on PEs, and you can see that there are MPLS LSP tunnels between PE1 and PE3, and PE2 and PE4. Take the display of PE1 and PE2 as an example. Take the display of PE1 and PE2 as an example.
<PE1> display tunnel-info all * -> Allocated VC Token Tunnel ID Type Destination Token ---------------------------------------------------------------------0x2002000 lsp 5.5.5.5 0 0x2002001 lsp 3.3.3.3 1 <PE2> display tunnel-info all * -> Allocated VC Token Tunnel ID Type Destination Token ---------------------------------------------------------------------0x2002000 lsp 4.4.4.4 0

6-156

Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd.

Issue 03 (2008-09-22)

Quidway NetEngine80E/40E Core Router Configuration Guide - VPN

6 PWE3 Configuration

Run the display mpls ldp session command on PEs, and you can see that the status of the peer relationship between PE1 and P, P and PE3, and PE2 and PE4 is Operational. In other words, LDP sessions are set up. Take the display of PE1 as an example:
<PE1> display mpls ldp session LDP Session(s) in Public Network -----------------------------------------------------------------------------Peer-ID Status LAM SsnRole SsnAge KA-Sent/Rcv -----------------------------------------------------------------------------5.5.5.5:0 Operational DU Passive 000:00:04 20/20 -----------------------------------------------------------------------------TOTAL: 1 session(s) Found. LAM : Label Advertisement Mode SsnAge Unit : DDD:HH:MM

4.

Set up remote LDP sessions between PEs. # For a remote LDP session, the specified IP address is usually the IP address of the loopback interface of the remote LDP peer.
NOTE

In this example, PE2 and PE4 are directly connected to each other, and you do not have to manually configure remote LDP sessions for them.

# Configure PE1.
[PE1] mpls ldp remote-peer 3.3.3.3 [PE1-mpls-ldp-remote-3.3.3.3] remote-ip 3.3.3.3 [PE1-mpls-ldp-remote-3.3.3.3] quit

# Configure PE3.
[PE3] mpls ldp remote-peer 1.1.1.1 [PE3-mpls-ldp-remote-1.1.1.1] remote-ip 1.1.1.1 [PE3-mpls-ldp-remote-1.1.1.1] quit

After the configuration, run the display mpls ldp session command on PEs, and you can see that the status of the remote LDP peer relationship is Operational. That is, the remote peer relationship has been set up. Take the display of PE1 as an example:
<PE1> display mpls ldp session LDP Session(s) in Public Network -----------------------------------------------------------------------------Peer-ID Status LAM SsnRole SsnAge KA-Sent/Rcv -----------------------------------------------------------------------------3.3.3.3:0 Operational DU Passive 000:00:56 225/227 5.5.5.5:0 Operational DU Passive 000:00:13 56/56 -----------------------------------------------------------------------------TOTAL: 2 session(s) Found. LAM : Label Advertisement Mode SsnAge Unit : DDD:HH:MM

5.

Configure PWs on PEs through the PW template. # Configure PE1.


[PE1] mpls l2vpn [PE1-l2vpn] quit [PE1] pw-template 1to3 [PE1-pw-template-1to3] peer-address 3.3.3.3 [PE1-pw-template-1to3] control-word [PE1-pw-template-1to3] vccv cc cw cv bfd [PE1-pw-template-1to3] quit [PE1] interface pos1/0/0 [PE1-Pos1/0/0] mpls l2vc pw-template 1to3 100 ip-interworking

Issue 03 (2008-09-22)

Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd.

6-157

6 PWE3 Configuration
[PE1-Pos1/0/0] ip address 10.1.1.2 30 [PE1-Pos1/0/0] undo shutdown [PE1-Pos1/0/0] quit

Quidway NetEngine80E/40E Core Router Configuration Guide - VPN

# Configure PE3.
[PE3] mpls l2vpn [PE3-l2vpn] quit [PE3] pw-template 3to1 [PE3-pw-template-3to1] peer 1.1.1.1 [PE3-pw-template-3to1] control-word [PE3-pw-template-3to1] vccv cc cw cv bfd [PE3-pw-template-3to1] quit [PE3] interface pos 1/0/0 [PE3-Pos1/0/0] mpls l2vc pw-template 3to1 100 ip-interworking [PE3-Pos1/0/0] ip address 10.1.1.1 30 [PE3-Pos1/0/0] undo shutdown [PE3-Pos1/0/0] quit

# Configure PE2.
[PE2] mpls l2vpn [PE2-l2vpn] quit [PE2] pw-template 2to4 [PE2-pw-template-2to4] peer 4.4.4.4 [PE2-pw-template-2to4] control-word [PE2-pw-template-2to4] vccv cc cw cv bfd [PE2-pw-template-2to4] quit [PE2] interface pos 1/0/0 [PE2-Pos1/0/0] mpls l2vc pw-template 2to4 200 ip-interworking [PE2-Pos1/0/0] ip address 10.1.2.2 30 [PE2-Pos1/0/0] undo shutdown [PE2-Pos1/0/0] quit

# Configure PE4.
[PE4] mpls l2vpn [PE4-l2vpn] quit [PE4] pw-template 4to2 [PE4-pw-template-4to2] peer 2.2.2.2 [PE4-pw-template-4to2] control-word [PE4-pw-template-4to2] vccv cc cw cv bfd [PE4-pw-template-4to2] quit [PE4] interface pos 1/0/0 [PE4-Pos1/0/0] mpls l2vc pw-template 4to2 200 ip-interworking [PE4-Pos1/0/0] ip address 10.1.2.1 30 [PE4-Pos1/0/0] undo shutdown [PE4-Pos1/0/0] quit

After the configuration, run the display pw-template command on PEs, and you can view the configuration information about the PW template, with VCCV capacity being enabled on it. Take the display of PE1 as an example.
<PE1> display pw-template Total PW template number : 1 PW Template Name : 1to3 PeerIP : 3.3.3.3 Tnl Policy Name : -CtrlWord : Enable VCCV Capability : cw bfd Behavior Name : -Total PW : 1, Static PW : 0, LDP PW : 1, Rsvp PW : 0

Check the L2VPN connection information on PEs by running the display mpls l2vc interface command, and you can see that PWs have been successfully set up, and are in the Active state. Take the display of PE1 as an example.
<PE1> display mpls l2vc total LDP VC : 1 1 up 0 down *client interface : Pos1/0/0

6-158

Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd.

Issue 03 (2008-09-22)

Quidway NetEngine80E/40E Core Router Configuration Guide - VPN


session state : AC status : VC state : VC ID : VC type : destination : local VC label : control word : forwarding entry : local group ID : manual fault : active state : link state : local VC MTU : tunnel policy name : traffic behavior name: PW template name : primary or secondary : create time : up time : last change time : up up up 100 IP-interworking 3.3.3.3 21504 remote enable existent 0 not set active up 1500 remote --1to3 primary 0 days, 1 hours, 20 0 days, 0 hours, 17 0 days, 0 hours, 17

6 PWE3 Configuration

VC label

: 21504

VC MTU

: 1500

minutes, 28 seconds minutes, 49 seconds minutes, 49 seconds

Run OSPF on CE1 and CE2, and CE1 advertises to CE2 the path to 10.1.3.0/24.To ensure that traffic goes through CE2PE3PPE1CE1, raise the OSPF cost of POS1/0/1 of CE1 and CE2 to a higher value. (For example, 10) # Configure CE1.
[CE1] ospf 1 [CE1-ospf-1] area 0.0.0.0 [CE1-ospf-1-area-0.0.0.0] network 10.1.1.0 0.0.0.3 [CE1-ospf-1-area-0.0.0.0] network 10.1.3.0 0.0.0.255 [CE1-ospf-1-area-0.0.0.0] quit [CE1-ospf-1] quit [CE1] interface pos1/0/1 [CE1-Pos1/0/1] ospf cost 10

# Configure CE2.
[CE2] ospf 1 [CE2-ospf-1] area 0.0.0.0 [CE2-ospf-1-area-0.0.0.0] network 10.1.1.0 0.0.0.3 [CE2-ospf-1-area-0.0.0.0] network 10.1.2.0 0.0.0.3 [CE2-ospf-1-area-0.0.0.0] quit [CE2-ospf-1] quit [CE2] interface pos1/0/1 [CE2-Pos1/0/1] ospf cost 10

Run the display ip routing-table command on CE2, and you can see that the outbound interface for the path from CE2 to 10.1.3.0/24 is POS 1/0/0.In other words, traffic goes through the master path.
<CE2> display ip routing-table Route Flags: R - relied, D - download to fib -----------------------------------------------------------------------------Routing Tables: Public Destinations : 8 Routes : 8 Destination/Mask Proto Pre Cost Flags NextHop Interface 10.1.1.0/30 Direct 0 0 D 10.1.1.2 Pos1/0/0 10.1.1.1/32 Direct 0 0 D 10.1.1.1 Pos1/0/0 10.1.1.2/32 Direct 0 0 D 127.0.0.1 InLoopBack0 10.1.2.0/30 Direct 0 0 D 10.1.2.2 Pos1/0/1 10.1.2.1/32 Direct 0 0 D 10.1.2.1 Pos1/0/1 10.1.2.2/32 Direct 0 0 D 127.0.0.1 InLoopBack0 10.1.3.1/32 OSPF 10 2 D 10.1.1.1 Pos1/0/0 127.0.0.0/8 Direct 0 0 D 127.0.0.1 InLoopBack0 127.0.0.1/32 Direct 0 0 D 127.0.0.1 InLoopBack0

CE2 can ping through the address of CE1, which is 10.1.3.1.


<CE2> ping 10.1.3.1 PING 10.1.3.1: 56 data bytes, press CTRL_C to break

Issue 03 (2008-09-22)

Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd.

6-159

6 PWE3 Configuration

Quidway NetEngine80E/40E Core Router Configuration Guide - VPN


Reply from 10.1.3.1: bytes=56 Sequence=1 Reply from 10.1.3.1: bytes=56 Sequence=2 Reply from 10.1.3.1: bytes=56 Sequence=3 Reply from 10.1.3.1: bytes=56 Sequence=4 Reply from 10.1.3.1: bytes=56 Sequence=5 --- 10.1.3.1 ping statistics --5 packet(s) transmitted 5 packet(s) received 0.00% packet loss round-trip min/avg/max = 130/160/190 ms ttl=255 ttl=255 ttl=255 ttl=255 ttl=255 time=170 time=130 time=190 time=130 time=180 ms ms ms ms ms

6.

Configure BFDs between PEs to check the PW.


NOTE

l l

The local discriminator and remote discriminator of a BFD session should correspond to each other, and cannot be modified after being configured. This example uses static BFDs to check the PW.

# Configure PE1.
[PE1] bfd [PE1-bfd] quit [PE1] bfd 1to3 bind pw interface pos 1/0/0 [PE1-bfd-lsp-session-1to3] discriminator local 13 [PE1-bfd-lsp-session-1to3] discriminator remote 31 [PE1-bfd-lsp-session-1to3] commit [PE1-bfd-lsp-session-1to3] quit

# Configure PE3.
[PE3] bfd [PE3-bfd] quit [PE3] bfd 3to1 bind pw interface pos 1/0/0 [PE3-bfd-lsp-session-3to1] discriminator local 31 [PE3-bfd-lsp-session-3to1] discriminator remote 13 [PE3-bfd-lsp-session-3to1] commit [PE3-bfd-lsp-session-3to1] quit

# Configure PE2.
[PE2] bfd [PE2-bfd] quit [PE2] bfd 2to4 bind pw interface pos 1/0/0 [PE2-bfd-lsp-session-2to4] discriminator local 24 [PE2-bfd-lsp-session-2to4] discriminator remote 42 [PE2-bfd-lsp-session-2to4] commit [PE2-bfd-lsp-session-2to4] quit

# Configure PE4.
[PE4] bfd [PE4-bfd] quit [PE4] bfd 4to2 bind pw interface pos 1/0/0 [PE4-bfd-lsp-session-4to2] discriminator local 42 [PE4-bfd-lsp-session-4to2] discriminator remote 24 [PE4-bfd-lsp-session-4to2] commit [PE4-bfd-lsp-session-4to2] quitt

After the configuration, BFD sessions are set up between PE1 and PE2, and PE1 and PE3.Run the display bfd session all command, and you can see the State is Up. Take the display of PE1 as an example.
<PE1> display bfd session all ------------------------------------------------------------------------------Local Remote PeerIpAddr InterfaceName State Type ------------------------------------------------------------------------------13 31 --.--.--.-Pos1/0/0 Up S_PW (M) -------------------------------------------------------------------------------

6-160

Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd.

Issue 03 (2008-09-22)

Quidway NetEngine80E/40E Core Router Configuration Guide - VPN


Total UP/DOWN Session Number : 1/0

6 PWE3 Configuration

Run the display bfd configuration all command, and you can view the configuration information about BFD, and the status of Commit is True.
<PE1> display bfd configuration all ------------------------------------------------------------------------------CFG Name CFG Type LocalDiscr MIndex SessNum Commit AdminDown ------------------------------------------------------------------------------1to3 Static_PW(M) 13 256 1 True False ------------------------------------------------------------------------------Total Commit/Uncommit CFG Number : 1/0

7.

Enable the OAM Mapping function on PEs, which automatically enables AC OAM detection and notification. Take the configuration of PE1 as an example. Configurations of PE2, PE3, and PE4 are the same as that of PE1, and are not described here.
[PE1] interface pos 1/0/0 [PE1-Pos1/0/0] mpls l2vpn oam-mapping auto

Run the display mpls l2vc oam-mapping interface on PEs, and you can view information about OAM Mapping. The status of AC OAM is up, the status of BFD for PW is Enable, and the status of BFD is up. Take the display of PE1 as an example:
<PE1> display mpls l2vc oam-mapping interface pos1/0/0 AC OAM Info: ACFD Index : 0x800 Notify : Enable Detect : Enable AC OAM State : Up OAM-mapping : Enable PSN info: VC-ID : 100 VC status : Primary Active State : Active Link State : Up BFD for PW : Enable BFDSessionIndex:256 ,BFD State : up BFD for LSP : 0 TunnelNum: 1 PSN State : up

8.

Verify the configuration. If the configuration succeeds, run the display mpls l2vc interface command on PE1 or PE3, and you can see that the status of PW1 is up. Take the display of PE1 as an example:
<PE1> display mpls l2vc interface pos 1/0/0 *client interface : Pos1/0/0 is up session state : up AC state : up VC state : up VC ID : 100 VC type : IP-interworking destination : 3.3.3.3 local group ID : 0 remote group ID local VC label : 21504 remote VC label local AC OAM State : up local PSN State : up local forwarding state : forwarding remote AC OAM state : up remote PSN state : up remote forwarding state: forwarding BFD for PW : available BFD sessionIndex : 256 BFD state : up manual fault : not set active state : active

: 0 : 21504

Issue 03 (2008-09-22)

Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd.

6-161

6 PWE3 Configuration
forwarding entry link state local VC MTU local VCCV remote VCCV local fragmentantion local control word tunnel policy traffic behavior PW template name primary or secondary VC tunnel/token info NO.0 TNL type : lsp create time up time last change time : : : : : : : : : : : :

Quidway NetEngine80E/40E Core Router Configuration Guide - VPN


exist up 1500 remote VC MTU : 1500 cw bfd cw bfd disable remote fragmentantion: disable enable remote control word : enable --1to3 primary 1 tunnels/tokens , TNL ID : 0x2002005 : 0 days, 1 hours, 30 minutes, 27 seconds : 0 days, 0 hours, 27 minutes, 48 seconds : 0 days, 0 hours, 27 minutes, 48 seconds

Run the shutdown command on the POS 2/0/1 of PE3. Run the display bfd session all command on PE1 or PE3, and you can see that the BFD session for PW1 is Down. Take the display of PE1 as an example:
<PE1> display bfd session all ------------------------------------------------------------------------------Local Remote PeerIpAddr InterfaceName State Type ------------------------------------------------------------------------------13 31 --.--.--.-Pos1/0/0 Down S_PW (M) ------------------------------------------------------------------------------Total UP/DOWN Session Number : 0/1

Run the display mpls l2vc interface command on PE1 or PE3, and you can see that the status of PW1 is changed to Down. Take the display of PE1 as an example:
<PE1> display mpls l2vc interface pos 1/0/0 *client interface : Pos1/0/0 is up session state : down AC state : up VC state : down VC ID : 100 VC type : IP-interworking destination : 3.3.3.3 local group ID : 0 remote group ID : 0 local VC label : 21504 remote VC label : 0 local AC OAM State : up local PSN State : up local forwarding state : not forwarding BFD for PW : available BFD sessionIndex : 256 BFD state : down manual fault : not set active state : active forwarding entry : not exist link state : down local VC MTU : 1500 remote VC MTU : 0 local VCCV : cw bfd remote VCCV : none local fragmentantion : disable remote fragmentantion: none local control word : enable remote control word : none tunnel policy : -traffic behavior : -PW template name : 1to3 primary or secondary : primary VC tunnel/token info : 0 tunnels/tokens create time : 0 days, 1 hours, 33 minutes, 18 seconds up time : 0 days, 0 hours, 0 minutes, 0 seconds last change time : 0 days, 0 hours, 1 minutes, 11 seconds

6-162

Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd.

Issue 03 (2008-09-22)

Quidway NetEngine80E/40E Core Router Configuration Guide - VPN

6 PWE3 Configuration

Check the routing table on CE2, and you can see that the outbound interface of 10.1.3.0 is changed to POS1/0/1.That is, the L2VPN traffic is switched to the backup path.
<CE2> display ip routing-table Route Flags: R - relied, D - download to fib -----------------------------------------------------------------------------Routing Tables: Public Destinations : 6 Routes : 6 Destination/Mask Proto Pre Cost Flags NextHop Interface 10.1.2.0/30 Direct 0 0 D 10.1.2.2 Pos1/0/1 10.1.2.1/32 Direct 0 0 D 10.1.2.1 Pos1/0/1 10.1.2.2/32 Direct 0 0 D 127.0.0.1 InLoopBack0 10.1.3.1/32 OSPF 10 11 D 10.1.2.1 Pos1/0/1 127.0.0.0/8 Direct 0 0 D 127.0.0.1 InLoopBack0 127.0.0.1/32 Direct 0 0 D 127.0.0.1 InLoopBack0

Run the undo shutdown command on the POS 2/0/1 on PE3. Check the routing table on CE2, and you can see that the outbound interface of 10.1.3.0 is changed to POS 1/0/0.That is, the L2VPN traffic is switched to the master path.
<CE2> display ip routing-table Route Flags: R - relied, D - download to fib -----------------------------------------------------------------------------Routing Tables: Public Destinations : 9 Routes : 9 Destination/Mask Proto Pre Cost Flags NextHop Interface 10.1.1.0/30 Direct 0 0 D 10.1.1.2 Pos1/0/0 10.1.1.1/32 Direct 0 0 D 10.1.1.1 Pos1/0/0 10.1.1.2/32 Direct 0 0 D 127.0.0.1 InLoopBack0 10.1.2.0/30 Direct 0 0 D 10.1.2.2 Pos1/0/1 10.1.2.1/32 Direct 0 0 D 10.1.2.1 Pos1/0/1 10.1.2.2/32 Direct 0 0 D 127.0.0.1 InLoopBack0 10.1.3.1/32 OSPF 10 2 D 10.1.1.1 Pos1/0/0 127.0.0.0/8 Direct 0 0 D 127.0.0.1 InLoopBack0 127.0.0.1/32 Direct 0 0 D 127.0.0.1 InLoopBack0

Configuration File
l

Configuration file of CE1


# sysname CE1 # interface Pos1/0/0 link-protocol ppp undo shutdown ip address 10.1.1.1 255.255.255.252 # interface Pos1/0/1 link-protocol ppp undo shutdown ip address 10.1.2.1 255.255.255.252 ospf cost 10 # interface Pos1/0/2 link-protocol ppp undo shutdown ip address 10.1.3.1 255.255.255.0 # ospf 1 area 0.0.0.0 network 10.1.1.0 0.0.0.3 network 10.1.3.0 0.0.0.255 # return

Configuration file of CE2


# sysname CE2

Issue 03 (2008-09-22)

Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd.

6-163

6 PWE3 Configuration
# interface Pos1/0/0 link-protocol ppp undo shutdown ip address 10.1.1.2 255.255.255.252 # interface Pos1/0/1 link-protocol ppp undo shutdown ip address 10.1.2.2 255.255.255.252 ospf cost 10 # ospf 1 area 0.0.0.0 network 10.1.1.0 0.0.0.3 network 10.1.2.0 0.0.0.3 # return l

Quidway NetEngine80E/40E Core Router Configuration Guide - VPN

Configuration file of PE1


# sysname PE1 # mpls lsr-id 1.1.1.1 mpls # mpls l2vpn # pw-template 1to3 peer-address 3.3.3.3 control-word vccv cc cw cv bfd # mpls ldp # mpls ldp remote-peer 3.3.3.3 remote-ip 3.3.3.3 # bfd # interface Pos1/0/0 link-protocol ppp undo shutdown ip address 10.1.1.2 255.255.255.252 oam detect lcp-terminal notify lcp-terminal mpls l2vc pw-template 1to3 100 ip-interworking mpls l2vpn oam-mapping # interface Pos2/0/1 link-protocol ppp undo shutdown ip address 100.1.13.1 255.255.255.252 mpls mpls ldp # interface LoopBack1 ip address 1.1.1.1 255.255.255.255 # ospf 1 area 0.0.0.0 network 1.1.1.1 0.0.0.0 network 100.1.13.0 0.0.0.3 # bfd 1to3 bind pw interface Pos1/0/0 discriminator local 13 discriminator remote 31 commit # return

6-164

Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd.

Issue 03 (2008-09-22)

Quidway NetEngine80E/40E Core Router Configuration Guide - VPN


l

6 PWE3 Configuration

Configuration file of P
# sysname P # mpls lsr-id 5.5.5.5 mpls # mpls ldp # interface Pos2/0/1 link-protocol ppp undo shutdown ip address 100.1.13.2 255.255.255.252 mpls mpls ldp # interface Pos2/0/2 link-protocol ppp undo shutdown ip address 100.1.31.1 255.255.255.252 mpls mpls ldp # interface LoopBack1 ip address 5.5.5.5 255.255.255.255 # ospf 1 area 0.0.0.0 network 5.5.5.5 0.0.0.0 network 100.1.13.0 0.0.0.3 network 100.1.31.0 0.0.0.3 # return

Configuration file of PE3


# sysname PE3 # mpls lsr-id 3.3.3.3 mpls # mpls l2vpn # pw-template 3to1 peer-address 1.1.1.1 control-word vccv cc cw cv bfd # mpls ldp # mpls ldp remote-peer 1.1.1.1 remote-ip 1.1.1.1 # bfd # interface Pos1/0/0 link-protocol ppp undo shutdown oam detect lcp-terminal notify lcp-terminal ip address 10.1.1.1 255.255.255.252 mpls l2vc pw-template 3to1 100 ip-interworking mpls l2vpn oam-mapping # interface Pos2/0/1 link-protocol ppp undo shutdown ip address 100.1.31.2 255.255.255.252 mpls mpls ldp

Issue 03 (2008-09-22)

Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd.

6-165

6 PWE3 Configuration
# interface LoopBack1 ip address 3.3.3.3 255.255.255.255 # ospf 1 area 0.0.0.0 network 3.3.3.3 0.0.0.0 network 100.1.31.0 0.0.0.3 # # bfd 3to1 bind pw interface Pos1/0/0 discriminator local 31 discriminator remote 13 commit # return l

Quidway NetEngine80E/40E Core Router Configuration Guide - VPN

Configuration file of PE2


# sysname PE2 # mpls lsr-id 2.2.2.2 mpls # mpls l2vpn # pw-template 2to4 peer-address 4.4.4.4 control-word vccv cc cw cv bfd # mpls ldp # bfd # interface Pos1/0/0 link-protocol ppp undo shutdown oam detect lcp-terminal notify lcp-terminal ip address 10.1.2.2 255.255.255.252 mpls l2vc pw-template 2to4 200 ip-interworking mpls l2vpn oam-mapping # interface Pos2/0/0 link-protocol ppp undo shutdown ip address 100.1.24.1 255.255.255.252 mpls mpls ldp # interface LoopBack1 ip address 2.2.2.2 255.255.255.255 # ospf 1 area 0.0.0.0 network 2.2.2.2 0.0.0.0 network 100.1.24.0 0.0.0.3 # # bfd 2to4 bind pw interface Pos1/0/0 discriminator local 24 discriminator remote 42 commit # return

Configuration file of PE4


# sysname PE4 #

6-166

Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd.

Issue 03 (2008-09-22)

Quidway NetEngine80E/40E Core Router Configuration Guide - VPN


mpls lsr-id 4.4.4.4 mpls # mpls l2vpn # pw-template 4to2 peer-address 2.2.2.2 control-word vccv cc cw cv bfd # mpls ldp # bfd # interface Pos1/0/0 link-protocol ppp undo shutdown oam detect lcp-terminal notify lcp-terminal ip address 10.1.2.1 255.255.255.252 mpls l2vc pw-template 4to2 200 ip-interworking mpls l2vpn oam-mapping # interface Pos2/0/0 link-protocol ppp undo shutdown ip address 100.1.24.2 255.255.255.252 mpls mpls ldp # interface LoopBack1 ip address 4.4.4.4 255.255.255.255 # ospf 1 area 0.0.0.0 network 4.4.4.4 0.0.0.0 network 100.1.24.0 0.0.0.3 # # bfd 4to2 bind pw interface Pos1/0/0 discriminator local 42 discriminator remote 24 commit # return

6 PWE3 Configuration

6.14.11 Example for Configuring PW FRR CEs Are Asymmetrically Connected to PEs Through POS Links
Networking Requirements
As shown in Figure 6-26, CE1 is connected to PE1 through a single link. CE2 is dual-homed to PE2 and PE3 respectively. Specific requirements are as follows:
l l l l

Connect CE1 to PE1 through HDLC; connect CE2 to PE2 and PE3 through PPP. Set up a PW between PE1 and PE3. The PW is the master, using MPLS TE as tunnel. Set up a PW between PE1 and PE2. The PW is the backup, using MPLS LSP as tunnel. When the path CE2-PE3-P-PE1 is faulty, the L2VPN traffic can be quickly switched to the backup up path CE2-PE2-PE1. When the path CE2-PE3-P-PE1 recovers, the L2VPN traffic can be switched back to the original path.
Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd. 6-167

Issue 03 (2008-09-22)

6 PWE3 Configuration

Quidway NetEngine80E/40E Core Router Configuration Guide - VPN

Figure 6-26 Networking diagram of PW FRR CEs are asymmetrically connected to PEs through POS links
1 /0 / 0 S2 1.2/3 O . P 13 0. 10 1 /0 / /30 S2 PO 3.1.1 0.1 10

Loopback1 1.1.1.1/32

10 PO S 0.3 2/ 4.1 0 /2 .1/ 30 Loopback1 4.4.4.4/32

PE1
POS1/0/0 10.1.1.2/30

MPLS TE

Loopback1 3.3.3.3/32 10 PO S 0.3 2/ 0 4.1 /1 .2/ 30

PE3
PO 100 S2/0 /2 .1 2. 1.1/ 30

MPL

SL SP
PO 100 S2/0 /1 .1 2. 1.2/ 30

Loopback1 2.2.2.2/32

POS1/0/0 10.1.1.1/30 POS1/0/0 10.1.2.1/30

HDLC
POS1/0/0 10.1.1.1/30 10.1.2.1/30 sub

PPP

PE2 PPP
POS1/0/1 10.1.2.2/30 POS1/0/0 10.1.1.2/30

CE1
POS1/0/1 10.1.3.1/24

CE2

Configuration Roadmap
The configuration roadmap is as follows: 1. 2. 3. 4. 5. 6. Configure OSPF for the backbone. Set up an MPLS TE tunnel between PE1 and PE3; set up an LSP between PE1 and PE2. Set up MPLS LDP sessions between PE1 and PE2, and PE1 and PE3. Configure PWs on PEs by usingthe PW template. Because the master PW uses the MPLS TE tunnel, you need to use the tunnel policy when configuring the master PW. Set up BFD for PW sessions between PE1 and PE2, and PE1 and PE3. Enable the OAM Mapping function on PEs, which automatically enables AC OAM detection and notification.

Data Preparation
To complete the configuration, you need the following data:
l l l l l l

Tunnel policies Bandwidth of the MPLS TE tunnel Names of the remote MPLS LDP peers VC-IDs of the master PW and the backup PW PW template name Name of BFD for PW, the local discriminator, and the remote discriminator

6-168

Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd.

Issue 03 (2008-09-22)

Quidway NetEngine80E/40E Core Router Configuration Guide - VPN

6 PWE3 Configuration

Configuration Procedure
1. Configure an IP address for the interface through which a CE is connected to a PE. # Configure CE1.
<Quidway> system-view [Quidway] sysname CE1 [CE1] interface pos 1/0/0 [CE1-Pos1/0/0] link-protocol hdlc [CE1-Pos1/0/0] ip address 10.1.1.1 30 [CE1-Pos1/0/0] ip address 10.1.2.1 30 sub [CE1-Pos1/0/0] undo shutdown [CE1-Pos1/0/0] quit [CE1] interface pos 1/0/1 [CE1-Pos1/0/1] link-protocol hdlc [CE1-Pos1/0/1] ip address 10.1.3.1 24 [CE1-Pos1/0/1] undo shutdown [CE1-Pos1/0/1] quit

# Configure CE2.
<Quidway> system-view [Quidway] sysname CE2 [CE2] interface pos 1/0/0 [CE2-Pos1/0/0] ip address 10.1.1.2 30 [CE2-Pos1/0/0] undo shutdown [CE2-Pos1/0/0] quit [CE2] interface pos 1/0/1 [CE2-Pos1/0/1] ip address 10.1.2.2 30 [CE2-Pos1/0/1] undo shutdown [CE2-Pos1/0/1] quit

2.

Configure the IGP protocol for the MPLS backbone so that PEs and Ps in the backbone can internetwork. # Configure PE1.
[PE1] interface loopback 1 [PE1-LoopBack1] ip address 1.1.1.1 32 [PE1-LoopBack1] quit [PE1] interface pos 2/0/1 [PE1-Pos2/0/1] ip address 100.13.1.1 30 [PE1-Pos2/0/1] undo shutdown [PE1-Pos2/0/1] quit [PE1] interface pos 2/0/2 [PE1-Pos2/0/2] ip address 100.12.1.1 30 [PE1-Pos2/0/2] undo shutdown [PE1-Pos2/0/2] quit [PE1] ospf 1 [PE1-ospf-1] area 0 [PE1-ospf-1-area-0.0.0.0] network 1.1.1.1 0.0.0.0 [PE1-ospf-1-area-0.0.0.0] network 100.13.1.0 0.0.0.3 [PE1-ospf-1-area-0.0.0.0] network 100.12.1.0 0.0.0.3

# Configure P.
[P] interface loopback 1 [P-LoopBack1] ip address 4.4.4.4 32 [P-LoopBack1] quit [P] interface pos 2/0/1 [P-Pos2/0/1] ip address 100.13.1.2 30 [P-Pos2/0/1] undo shutdown [P-Pos2/0/1] quit [P] interface pos 2/0/2 [P-Pos2/0/2] ip address 100.34.1.1 30 [P-Pos2/0/2] undo shutdown [P-Pos2/0/2] quit [P] ospf 1 [P-ospf-1] area 0 [P-ospf-1-area-0.0.0.0] network 4.4.4.4 0.0.0.0 [P-ospf-1-area-0.0.0.0] network 100.13.1.0 0.0.0.3 [P-ospf-1-area-0.0.0.0] network 100.34.1.0 0.0.0.3

Issue 03 (2008-09-22)

Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd.

6-169

6 PWE3 Configuration

Quidway NetEngine80E/40E Core Router Configuration Guide - VPN

# Configure PE3.
[PE3] interface loopback 1 [PE3-LoopBack1] ip address 3.3.3.3 32 [PE3-LoopBack1] quit [PE3] interface pos2/0/1 [PE3-Pos2/0/1] ip address 100.34.1.2 30 [PE3-Pos2/0/1] undo shutdown [PE3-Pos2/0/1] quit [PE3] ospf 1 [PE3-ospf-1] area 0 [PE3-ospf-1-area-0.0.0.0] network 3.3.3.3 0.0.0.0 [PE3-ospf-1-area-0.0.0.0] network 100.34.1.0 0.0.0.3

# Configure PE2.
[PE2] interface loopback 1 [PE2-LoopBack1] ip address 2.2.2.2 32 [PE2-LoopBack1] quit [PE2] interface pos 2/0/1 [PE2-Pos2/0/1] ip address 100.12.1.2 30 [PE2-Pos2/0/1] undo shutdown [PE2-Pos2/0/1] quit [PE2] ospf 1 [PE2-ospf-1] area 0 [PE2-ospf-1-area-0.0.0.0] network 2.2.2.2 0.0.0.0 [PE2-ospf-1-area-0.0.0.0] network 100.12.1.0 0.0.0.3

After the configuration, run the display ip routing-table command on PEs, and you can see that PE1 and PE2, and PE1 and PE3 have learnt the loopback 1 address of each other. Take the display of PE1 as an example:
<PE1> display ip routing-table Route Flags: R - relied, D - download to fib -----------------------------------------------------------------------------Routing Tables: Public Destinations : 13 Routes : 13 Destination/Mask Proto Pre Cost Flags NextHop Interface 1.1.1.1/32 Direct 0 0 D 127.0.0.1 InLoopBack0 2.2.2.2/32 OSPF 10 2 D 100.12.1.2 Pos2/0/2 3.3.3.3/32 OSPF 10 3 D 100.13.1.2 Pos2/0/1 4.4.4.4/32 OSPF 10 2 D 100.13.1.2 Pos2/0/1 100.12.1.0/30 Direct 0 0 D 100.12.1.1 Pos2/0/2 100.12.1.1/32 Direct 0 0 D 127.0.0.1 InLoopBack0 100.12.1.2/32 Direct 0 0 D 100.12.1.2 Pos2/0/2 100.13.1.0/30 Direct 0 0 D 100.13.1.1 Pos2/0/1 100.13.1.1/32 Direct 0 0 D 127.0.0.1 InLoopBack0 100.13.1.2/32 Direct 0 0 D 100.13.1.2 Pos2/0/1 100.34.1.0/30 OSPF 10 2 D 100.13.1.2 Pos2/0/1 127.0.0.0/8 Direct 0 0 D 127.0.0.1 InLoopBack0 127.0.0.1/32 Direct 0 0 D 127.0.0.1 InLoopBack0Route Flags: R - relied, D - download to fib -----------------------------------------------------------------------------Routing Tables: Public Destinations : 13 Routes : 13 Destination/Mask Proto Pre Cost Flags NextHop Interface 1.1.1.1/32 Direct 0 0 D 127.0.0.1 InLoopBack0 2.2.2.2/32 OSPF 10 2 D 100.12.1.2 Pos2/0/2 3.3.3.3/32 OSPF 10 3 D 100.13.1.2 Pos2/0/1 4.4.4.4/32 OSPF 10 2 D 100.13.1.2 Pos2/0/1 100.12.1.0/30 Direct 0 0 D 100.12.1.1 Pos2/0/2 100.12.1.1/32 Direct 0 0 D 127.0.0.1 InLoopBack0 100.12.1.2/32 Direct 0 0 D 100.12.1.2 Pos2/0/2 100.13.1.0/30 Direct 0 0 D 100.13.1.1 Pos2/0/1 100.13.1.1/32 Direct 0 0 D 127.0.0.1 InLoopBack0 100.13.1.2/32 Direct 0 0 D 100.13.1.2 Pos2/0/1 100.34.1.0/30 OSPF 10 2 D 100.13.1.2 Pos2/0/1 127.0.0.0/8 Direct 0 0 D 127.0.0.1 InLoopBack0 127.0.0.1/32 Direct 0 0 D 127.0.0.1 InLoopBack0

3.
6-170

Configure basic MPLS functions for the MPLS backbone.


Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd. Issue 03 (2008-09-22)

Quidway NetEngine80E/40E Core Router Configuration Guide - VPN

6 PWE3 Configuration

# Enable MPLS, and specify LSR-ID as the IP address of loopback 1. Enable MPLS for the interfaces in the backbone. # Configure PE1.
[PE1] mpls lsr-id 1.1.1.1 [PE1] mpls [PE1-mpls] quit [PE1] interface pos2/0/1 [PE1-Pos2/0/1] mpls [PE1-Pos2/0/1] quit [PE1] interface pos2/0/2 [PE1-Pos2/0/2] mpls [PE1-Pos2/0/2] quit

# Configure P.
[P] mpls lsr-id 4.4.4.4 [P] mpls [P-mpls] quit [P] interface pos2/0/1 [P-Pos2/0/1] mpls [P-Pos2/0/1] quit [P] interface pos 2/0/2 [P-Pos2/0/2] mpls [P-Pos2/0/2] quit

# Configure PE2.
[PE2] mpls lsr-id 2.2.2.2 [PE2] mpls [PE2-mpls] quit [PE2] interface pos 2/0/1 [PE2-Pos2/0/1] mpls [PE2-Pos2/0/1] quit

# Configure PE3.
[PE3] mpls lsr-id 3.3.3.3 [PE3] mpls [PE3-mpls] quit [PE3] interface pos 2/0/1 [PE3-Pos2/0/1] mpls [PE3-Pos2/0/1] quit

4.

Set up an MPLS TE tunnel between PE1 and PE3; set up an LSP between PE1 and PE2. # Configure PE1.
[PE1] mpls [PE1-mpls] mpls te [PE1-mpls] mpls rsvp-te [PE1-mpls] mpls te cspf [PE1-mpls] quit [PE1] interface pos2/0/1 [PE1-Pos2/0/1] mpls te [PE1-Pos2/0/1] mpls rsvp-te [PE1-Pos2/0/1] mpls te max-link-bandwidth 50 [PE1-Pos2/0/1] mpls te max-reservable-bandwidth 30 [PE1-Pos2/0/1] quit [PE1] interface tunnel2/0/0 [PE1-Tunnel2/0/0] ip address unnumbered interface loopback1 [PE1-Tunnel2/0/0] tunnel-protocol mpls te [PE1-Tunnel2/0/0] destination 3.3.3.3 [PE1-Tunnel2/0/0] mpls te tunnel-id 13 [PE1-Tunnel2/0/0] mpls te bandwidth bc0 20 [PE1-Tunnel2/0/0] mpls te commit [PE1-Tunnel2/0/0] quit [PE1] ospf 1 [PE1-ospf-1] opaque-capability enable [PE1-ospf-1] area 0 [PE1-ospf-1-area-0.0.0.0] mpls-te enable

# Configure P.
Issue 03 (2008-09-22) Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd. 6-171

6 PWE3 Configuration

Quidway NetEngine80E/40E Core Router Configuration Guide - VPN


[P] mpls [P-mpls] mpls te [P-mpls] mpls rsvp-te [P-mpls] quit [P] interface pos2/0/1 [P-Pos2/0/1] mpls te [P-Pos2/0/1] mpls rsvp-te [P-Pos2/0/1] mpls te max-link-bandwidth 50 [P-Pos2/0/1] mpls te max-reservable-bandwidth 30 [P-Pos2/0/1] quit [P] interface pos 2/0/2 [P-Pos2/0/2] mpls te [P-Pos2/0/2] mpls rsvp-te [P-Pos2/0/2] mpls te max-link-bandwidth 50 [P-Pos2/0/2] mpls te max-reservable-bandwidth 30 [P-Pos2/0/2] quit [P] ospf 1 [P-ospf-1] opaque-capability enable [P-ospf-1] area 0 [P-ospf-1-area-0.0.0.0] mpls-te enable

# Configure PE3.
[PE3] mpls [PE3-mpls] mpls te [PE3-mpls] mpls rsvp-te [PE3-mpls] mpls te cspf [PE3-mpls] quit [PE3] interface pos2/0/1 [PE3-Pos2/0/1] mpls te [PE3-Pos2/0/1] mpls rsvp-te [PE3-Pos2/0/1] mpls te max-link-bandwidth 50 [PE3-Pos2/0/1] mpls te max-reservable-bandwidth 30 [PE3-Pos2/0/1] quit [PE3] interface tunnel2/0/0 [PE3-Tunnel2/0/0] ip address unnumbered interface LoopBack1 [PE3-Tunnel2/0/0] tunnel-protocol mpls te [PE3-Tunnel2/0/0] destination 1.1.1.1 [PE3-Tunnel2/0/0] mpls te tunnel-id 31 [PE3-Tunnel2/0/0] mpls te bandwidth bc0 20 [PE3-Tunnel2/0/0] mpls te commit [PE3-Tunnel2/0/0] quit [PE3] ospf 1 [PE3-ospf-1] opaque-capability enable [PE3-ospf-1] area0 [PE3-ospf-1-area-0.0.0.0] mpls-te enable

# Configure PE1.
[PE1] mpls ldp [PE1-mpls-ldp] quit [PE1] interface pos2/0/2 [PE1-Pos2/0/2] mpls ldp [PE1-Pos2/0/2] quit

# Configure PE2.
[PE2] mpls ldp [PE2-mpls-ldp] quit [PE2] interface pos2/0/12 [PE2-Pos2/0/12] mpls ldp [PE2-Pos2/0/12] quit

After the configuration, run the display tunnel-info all command on PEs, and you can see that an MPLS TE tunnel connects PE1 with PE3, and an MPLS LSP tunnel connects PE1 with PE2. Take the display of PE1 as an example.
<PE1> display tunnel-info all * -> Allocated VC Token Tunnel ID Type Destination Token ----------------------------------------------------------------------

6-172

Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd.

Issue 03 (2008-09-22)

Quidway NetEngine80E/40E Core Router Configuration Guide - VPN

6 PWE3 Configuration

0x42002000 cr lsp 3.3.3.3 0 0x2002001 lsp 2.2.2.2 1* -> Allocated VC Token Tunnel ID Type Destination Token ---------------------------------------------------------------------0x51002000 local ifnet -0 0x51002001 local ifnet -1 0x42002002 cr lsp 3.3.3.3 2 0x2002003 lsp -3 0x2002004 lsp 2.2.2.2 4 0x2002005 lsp -5

5.

Set up LDP sessions between PEs. # For a remote LDP session, the specified IP address is usually the IP address of the loopback interface of the remote LDP peer.
NOTE

In this example, PE1 and PE2 are directly connected to each other, and you do not have to manually configure remote LDP sessions for them.

# Configure PE1.
[PE1] mpls ldp remote-peer 3.3.3.3pe3 [PE1-mpls-ldp-remote-3.3.3.3pe3] remote-ip 3.3.3.3

# Configure PE3.
[PE3] mpls ldp [PE3-mpls-ldp] quit [PE3] mpls ldp remote-peer 1.1.1.1pe1 [PE3-mpls-ldp-remote-1.1.1.1pe1] remote-ip 1.1.1.1

After the configuration, run the display mpls ldp session command on PEs, and you can see that the status of the remote LDP peer relationship is Operational. That is, the remote peer relationship has been set up. Take the display of PE1 as an example:
<PE1> display mpls ldp session LDP Session(s) in Public Network -----------------------------------------------------------------------------Peer-ID Status LAM SsnRole SsnAge KA-Sent/Rcv -----------------------------------------------------------------------------2.2.2.2:0 Operational DU Passive 000:00:03 16/16 3.3.3.3:0 Operational DU Passive 000:00:00 1/1 -----------------------------------------------------------------------------TOTAL: 2 session(s) Found. LAM : Label Advertisement Mode SsnAge Unit : DDD:HH:MM LDP Session(s) in Public Network -----------------------------------------------------------------------------Peer-ID Status LAM SsnRole SsnAge KA-Sent/Rcv -----------------------------------------------------------------------------2.2.2.2:0 Operational DU Passive 000:00:16 65/65 3.3.3.3:0 Operational DU Passive 000:00:20 81/81 -----------------------------------------------------------------------------TOTAL: 2 session(s) Found. LAM : Label Advertisement Mode SsnAge Unit : DDD:HH:MM

6.

Configure tunnel policies on PEs. # Configure PE1.


[PE1] tunnel-policy p1 [PE1-tunnel-policy-p1] tunnel select-seq [PE1-tunnel-policy-p1] quit cr-lsp load-balance-number 1

# Configure PE3.
Issue 03 (2008-09-22) Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd. 6-173

6 PWE3 Configuration
[PE3] tunnel-policy p1 [PE3-tunnel-policy-p1] tunnel select-seq [PE3-tunnel-policy-p1] quit

Quidway NetEngine80E/40E Core Router Configuration Guide - VPN

cr-lsp load-balance-number 1

7.

Configure PWs on PEs through the PW template. # Configure a master PW and a backup PW on PE1.Set up a PW on PE2 and PE3 respectively. (It is the only PW on either PE2 or PE3, and does distinguish between the master and the backup.) # Configure PE1.
[PE1] mpls l2vpn [PE1-l2vpn] quit [PE1] pw-template 1to2 [PE1-pw-template-1to2] peer-address 2.2.2.2 [PE1-pw-template-1to2] control-word [PE1-pw-template-1to2] vccv cc cw cv lsp-ping [PE1-pw-template-1to2] quit [PE1] pw-template 1to3 [PE1-pw-template-1to3] peer-address 3.3.3.3 [PE1-pw-template-1to3] control-word [PE1-pw-template-1to3] vccv cc cw cv lsp-ping [PE1-pw-template-1to3] quit [PE1] interface pos1/0/0 [PE1-Pos1/0/0] link-protocol hdlc [PE1-Pos1/0/0] mpls l2vc pw-template 1to3 100 [PE1-Pos1/0/0] mpls l2vc pw-template 1to2 200 [PE1-Pos1/0/0] ip address 10.1.1.2 30 [PE1-Pos1/0/0] undo shutdown [PE1-Pos1/0/0] quit

bfdvccv cc cw cv bfd

bfdvccv cc cw cv bfd

tunnel-policy p1 ip-interworking ip-interworking secondary

# Configure PE2.
[PE2] mpls l2vpn [PE2-l2vpn] quit [PE2] pw-template 2to1 [PE2-pw-template-2to1] peer 1.1.1.1 [PE2-pw-template-2to1] control-word [PE2-pw-template-2to1] vccv cc cw cv lsp-ping bfdvccv cc cw cv bfd [PE2-pw-template-2to1] quit [PE2] interface pos 1/0/0 [PE2-Pos1/0/0] mpls l2vc pw-template 2to1 200 ip-interworking [PE2-Pos1/0/0] ip address 10.1.2.1 30 [PE2-Pos1/0/0] undo shutdown [PE2-Pos1/0/0] quit

# Configure PE3.
[PE3] mpls l2vpn [PE3-l2vpn] quit [PE3] pw-template 3to1 [PE3-pw-template-3to1] peer 1.1.1.1 [PE3-pw-template-3to1] control-word [PE3-pw-template-3to1] vccv cc cw cv lsp-ping bfdvccv cc cw cv bfd [PE3-pw-template-3to1] quit [PE3] interface pos 1/0/0 [PE3-Pos1/0/0] mpls l2vc pw-template 3to1 100 tunnel-policy p1 ip-interworking [PE3-Pos1/0/0] ip address 10.1.1.1 30 [PE3-Pos1/0/0] undo shutdown [PE3-Pos1/0/0] quit

After the configuration, check the L2VPN connection information on PEs by running the display mpls l2vc command, and you can see that both the master and backup PWs have been successfully set up, and are in the Up state. The master PW is Active, and the backup PW is InActive. Take the display of PE1 as an example:
<PE1> display mpls l2vc interface pos 1/0/0 *client interface : Pos1/0/0 is up session state : up AC state : up

6-174

Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd.

Issue 03 (2008-09-22)

Quidway NetEngine80E/40E Core Router Configuration Guide - VPN

6 PWE3 Configuration

VC state : up VC ID : 100 VC type : IP-interworking destination : 3.3.3.3 local group ID : 0 remote group ID : 0 local VC label : 21504 remote VC label : 21504 local AC OAM State : up local PSN State : up local forwarding state : forwarding remote AC OAM state : up remote PSN state : up remote forwarding state: forwarding BFD for PW : unavailable manual fault : not set active state : active forwarding entry : exist link state : up local VC MTU : 1500 remote VC MTU : 1500 local VCCV : cw lsp-ping bfd remote VCCV : cw lsp-ping bfd local fragmentantion : disable remote fragmentantion: disable local control word : enable remote control word : enable tunnel policy : p1 traffic behavior : -PW template name : 1to3 primary or secondary : primary VC tunnel/token info : 1 tunnels/tokens NO.0 TNL type : cr lsp, TNL ID : 0x42002000 create time : 0 days, 0 hours, 23 minutes, 7 seconds up time : 0 days, 0 hours, 1 minutes, 21 seconds last change time : 0 days, 0 hours, 1 minutes, 21 seconds *client interface : Pos1/0/0 is up session state : up AC state : up VC state : up VC ID : 200 VC type : IP-interworking destination : 2.2.2.2 local group ID : 0 remote group ID : 0 local VC label : 21505 remote VC label : 21505 local AC OAM state : up local PSN state : up local forwarding state : forwarding remote AC OAM state : up remote PSN state : up remote forwarding state: forwarding BFD for PW : unavailable manual fault : not set active state : inactive forwarding entry : existent link state : up local VC MTU : 1500 remote VC MTU : 1500 local VCCV : cw lsp-ping bfd remote VCCV : cw lsp-ping bfd local fragmentation : disable remote fragmentation: disable local control word : enable remote control word : enable tunnel policy : -traffic behavior : -PW template name : 1to2 primary or secondary : secondary VC tunnel/token info : 1 tunnels/tokens NO.0 TNL type : lsp , TNL ID : 0x2002001 create time : 0 days, 0 hours, 22 minutes, 19 seconds up time : 0 days, 0 hours, 1 minutes, 32 seconds last change time : 0 days, 0 hours, 1 minutes, 32 seconds reroute policy : delay 30 s, resume 0 s reason of last reroute : New LDP mapping message was received time of last reroute : 0 days, 0 hours, 0 minutes, 50 seconds delay timer ID : -rest time :--

Issue 03 (2008-09-22)

Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd.

6-175

6 PWE3 Configuration
resume timer ID up 0 down *client interface : session state : AC status : VC state : VC ID : VC type : destination : local VC label : control word : forwarding entry : local group ID : manual fault : active state : link state : local VC MTU : tunnel policy name : traffic behavior name: PW template name : primary or secondary : create time : up time : last change time : *client interface : session state : AC status : VC state : VC ID : VC type : destination : local VC label : control word : forwarding entry : local group ID : manual fault : active state : link state : local VC MTU : tunnel policy name : traffic behavior name: PW template name : primary or secondary : create time : up time : last change time : : --

Quidway NetEngine80E/40E Core Router Configuration Guide - VPN


rest time :--total LDP VC : 2 2

Pos1/0/0 up up up 100 IP-interworking 3.3.3.3 21504 remote enable existent 0 not set active up 1500 remote p1 -1to3 primary 0 days, 0 hours, 51 0 days, 0 hours, 12 0 days, 0 hours, 12 Pos1/0/0 up up up 200 IP-interworking 2.2.2.2 21505 remote enable existent 0 not set inactive up 1500 remote --1to2 secondary 0 days, 0 hours, 51 0 days, 0 hours, 12 0 days, 0 hours, 12

VC label

: 21504

VC MTU

: 1500

minutes, 25 seconds minutes, 48 seconds minutes, 48 seconds

VC label

: 21504

VC MTU

: 1500

minutes, 25 seconds minutes, 48 seconds minutes, 48 seconds

Run OSPF on CE1 and CE2, and advertise to CE2 the path to 10.1.3.0/24. # Configure CE1.
[CE1] ospf 1 [CE1-ospf-1] area 0.0.0.0 [CE1-ospf-1-area-0.0.0.0] network 10.1.1.0 0.0.0.3 [CE1-ospf-1-area-0.0.0.0] network 10.1.2.0 0.0.0.3 [CE1-ospf-1-area-0.0.0.0] network 10.1.3.0 0.0.0.255

# Configure CE2.
[CE2] ospf 1 [CE2-ospf-1] area 0.0.0.0 [CE2-ospf-1-area-0.0.0.0] network 10.1.1.0 0.0.0.3 [CE2-ospf-1-area-0.0.0.0] network 10.1.2.0 0.0.0.3

Run the display ip routing-table command on CE2, and you can see that the outbound interface for the path from CE2 to 10.1.3.0/24 is POS 1/0/0.In other words, traffic goes through the master path. Take the display of CE2 as an example:
<CE2> display ip routing-table Route Flags: R - relied, D - download to fib

6-176

Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd.

Issue 03 (2008-09-22)

Quidway NetEngine80E/40E Core Router Configuration Guide - VPN

6 PWE3 Configuration

-----------------------------------------------------------------------------Routing Tables: Public Destinations : 9 Routes : 9 Destination/Mask Proto Pre Cost Flags NextHop Interface 10.1.1.0/30 Direct 0 0 D 10.1.1.2 Pos1/0/0 10.1.1.1/32 Direct 0 0 D 10.1.1.1 Pos1/0/0 10.1.1.2/32 Direct 0 0 D 127.0.0.1 InLoopBack0 10.1.2.0/30 Direct 0 0 D 10.1.2.2 Pos1/0/1 10.1.2.1/32 Direct 0 0 D 10.1.2.1 Pos1/0/1 10.1.2.2/32 Direct 0 0 D 127.0.0.1 InLoopBack0 10.1.3.1/32 OSPF 10 2 D 10.1.1.1 Pos1/0/0 127.0.0.0/8 Direct 0 0 D 127.0.0.1 InLoopBack0 127.0.0.1/32 Direct 0 0 D 127.0.0.1 InLoopBack0Route Flags: R - relied, D - download to fib -----------------------------------------------------------------------------Routing Tables: Public Destinations : 8 Routes : 9 Destination/Mask Proto Pre Cost Flags NextHop Interface 10.1.1.0/30 Direct 0 0 D 10.1.1.2 Pos1/0/0 10.1.1.1/32 Direct 0 0 D 10.1.1.1 Pos1/0/0 Direct 0 0 D 10.1.1.1 Pos1/0/1 10.1.1.2/32 Direct 0 0 D 127.0.0.1 InLoopBack0 10.1.2.0/30 Direct 0 0 D 10.1.2.2 Pos1/0/1 10.1.2.2/32 Direct 0 0 D 127.0.0.1 InLoopBack0 10.1.3.1/32 OSPF 10 2 D 10.1.1.1 Pos1/0/0 127.0.0.0/8 Direct 0 0 D 127.0.0.1 InLoopBack0 127.0.0.1/32 Direct 0 0 D 127.0.0.1 InLoopBack0

CE2 can ping through the address of CE1, which is 10.1.3.1.


<CE2> ping 10.1.3.1 PING 10.1.3.1: 56 data bytes, press CTRL_C to break Reply from 10.1.3.1: bytes=56 Sequence=1 ttl=255 time=180 Reply from 10.1.3.1: bytes=56 Sequence=2 ttl=255 time=150 Reply from 10.1.3.1: bytes=56 Sequence=3 ttl=255 time=150 Reply from 10.1.3.1: bytes=56 Sequence=4 ttl=255 time=190 Reply from 10.1.3.1: bytes=56 Sequence=5 ttl=255 time=160 --- 10.1.3.1 ping statistics --5 packet(s) transmitted 5 packet(s) received 0.00% packet loss round-trip min/avg/max = 150/166/190 ms ms ms ms ms ms

8.

Configure static BFDs between PEs that check the PW.


NOTE

This example uses dynamic BFDs to check the PW. The local discriminator and remote discriminator of a BFD session should correspond to each other, and cannot be modified after being configured.

# Configure PE1.
[PE1] bfd [PE1-bfd] quit [PE1] bfd 1to3 bind pw interface pos 1/0/0 [PE1-bfd-lsp-session-1to3Pos1/0/0] mpls l2vpn pw bfd min-rx-interval 100 mintx-interval 100discriminator local 13 [PE1-bfd-lsp-session-1to3Pos1/0/0] discriminator remote 31mpls l2vpn pw bfd min-rx-interval 100 min-tx-interval 100 secondary [PE1-bfd-lsp-session-1to3] commit [PE1-bfd-lsp-session-1to3Pos1/0/0] quit [PE1] bfd 1to2 bind pw interface pos 1/0/0 secondary [PE1-bfd-lsp-session-1to2] discriminator local 12 [PE1-bfd-lsp-session-1to2] discriminator remote 21 [PE1-bfd-lsp-session-1to2] commit [PE1-bfd-lsp-session-1to2] quit

# Configure PE2.
[PE2] bfd [PE2-bfd] quit [PE2] bfd 2to1 bind pw interface pos 1/0/0 [PE2-bfd-lsp-session-2to1] discriminator local 21

Issue 03 (2008-09-22)

Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd.

6-177

6 PWE3 Configuration

Quidway NetEngine80E/40E Core Router Configuration Guide - VPN


[PE2-bfd-lsp-session-2to1] discriminator remote 12 [PE2-bfd-lsp-session-2to1Pos1/0/0] mpls l2vpn pw bfd min-rx-interval 100 mintx-interval 100commit [PE2-bfd-lsp-session-2to1Pos1/0/0] quit

# Configure PE3.
[PE3] bfd [PE3-bfd] quit [PE3] bfd 3to1 bind pw interface pos 1/0/0 [PE3-bfd-lsp-session-3to1Pos1/0/0] mpls l2vpn pw bfd min-rx-interval 100 mintx-interval 100discriminator local 31 [PE3-bfd-lsp-session-3to1] discriminator remote 13 [PE3-bfd-lsp-session-3to1] commit [PE3-bfd-lsp-session-3to1Pos1/0/0] quit

After the configuration, BFD sessions are set up between PE1 and PE2, and PE1 and PE3.Run the display bfd session all command, and you can see State is Up. Take the display of PE1 as an example.
<PE1> display bfd session all ------------------------------------------------------------------------------Local Remote PeerIpAddr InterfaceName State Type ------------------------------------------------------------------------------8192 8192 --.--.--.-Pos1/0/0 Up D_PW(M) 8193 8192 --.--.--.-Pos1/0/0 Up D_PW(S) ------------------------------------------------------------------------------Total UP/DOWN Session Number : 2/0------------------------------------------------------------------------------Local Remote PeerIpAddr InterfaceName State Type ------------------------------------------------------------------------------12 21 --.--.--.-Pos1/0/0 Up S_PW (S) 13 31 --.--.--.-Pos1/0/0 Up S_PW (M) ------------------------------------------------------------------------------Total UP/DOWN Session Number : 2/0

Run the display bfd configuration all command, and you can view the configuration information about BFD. The status of Commit is True.
<PE1> display bfd configuration all ------------------------------------------------------------------------------CFG Name CFG Type LocalDiscr MIndex SessNum Commit AdminDown ------------------------------------------------------------------------------dyn_8192 Dynamic 8192 256 1 True False dyn_8193 Dynamic 8193 257 1 True False ------------------------------------------------------------------------------Total Commit/Uncommit CFG Number : 2/0------------------------------------------------------------------------------CFG Name CFG Type LocalDiscr MIndex SessNum Commit AdminDown ------------------------------------------------------------------------------1to2 Static_PW(S) 12 256 1 True False 1to3 Static_PW(M) 13 257 1 True False ------------------------------------------------------------------------------Total Commit/Uncommit CFG Number : 2/0

9.

Enable the OAM Mapping function on PEs, which automatically enables the AC OAM detection and notification.
Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd. Issue 03 (2008-09-22)

6-178

Quidway NetEngine80E/40E Core Router Configuration Guide - VPN

6 PWE3 Configuration

# Take the configuration of PE1 as an example. Configurations of PE2 and PE3 are the same as that of PE1, and are not described here.
[PE1] interface pos 1/0/0 [PE1-Pos1/0/0] mpls l2vpn oam-mapping auto [PE1-Pos1/0/0] quit

The statuses of AC OAM, Link, BFD, and PSN are all Up. Run the display mpls l2vc oam-mapping interface on PEs, and you can view information about OAM Mapping. The status of AC OAM is up, the status of BFD for PW is Enable, and the status of BFD is up. Take the display of PE1 as an example:
<PE1> display mpls l2vc oam-mapping interface pos1/0/0 AC OAM Info: ACFD Index : 0x800 Notify : Enable Detect : Enable AC OAM State : Up OAM-mapping : Enable PSN info: VC-ID : 100 VC status : Primary Active State : Active Link State : Up BFD for PW : Enable BFDSessionIndex:256 ,BFD State : up BFD for LSP : 0 TunnelNum: 1 PSN State : up VC-ID : 200 VC status : Secondary Active State : Inactive Link State : Up BFD for PW : Enable BFDSessionIndex:257 ,BFD State : up BFD for LSP : 0 TunnelNum: 1 PSN State : up

10. Verify the configuration. If the configuration succeeds, run the display mpls l2vc interface command on PE1, and you can see that the status of the master PW is Active, and the status of the backup PW is Inactive. The status of BFD for PW for both the master and backup PWs is available.
<PE1> display mpls l2vc interface pos 1/0/0 *client interface : Pos1/0/0 is up session state : up AC state : up VC state : up VC ID : 100 VC type : IP-interworking destination : 3.3.3.3 local group ID : 0 remote group ID local VC label : 21504 remote VC label local AC OAM State : up local PSN State : up local forwarding state : forwarding remote AC OAM state : up remote PSN state : up remote forwarding state: forwarding Dynamic BFD for PW : enable Detect Multipier : 3 Min Transit Interval : 100 Max Receive Interval : 100 Dynamic BFD Session : built BFD for PW : available BFD sessionIndex : 256 BFD state : up manual fault : not set active state : active forwarding entry : exist link state : up

: 0 : 21504

Issue 03 (2008-09-22)

Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd.

6-179

6 PWE3 Configuration

Quidway NetEngine80E/40E Core Router Configuration Guide - VPN


local VC MTU : 1500 remote VC MTU : 1500 local VCCV : cw lsp-ping bfd remote VCCV : cw lsp-ping bfd local fragmentantion : disable remote fragmentantion: disable local control word : enable remote control word : enable tunnel policy : p1 traffic behavior : -PW template name : 1to3 primary or secondary : primary VC tunnel/token info : 1 tunnels/tokens NO.0 TNL type : cr lsp, TNL ID : 0x42002000 create time : 0 days, 1 hours, 5 minutes, 19 seconds up time : 0 days, 0 hours, 43 minutes, 33 seconds last change time : 0 days, 0 hours, 43 minutes, 33 seconds *client interface : Pos1/0/0 is up session state : up AC state : up VC state : up VC ID : 200 VC type : IP-interworking destination : 2.2.2.2 local group ID : 0 remote group ID : 0 local VC label : 21505 remote VC label : 21505 local AC OAM state : up local PSN state : up local forwarding state : forwarding remote AC OAM state : up remote PSN state : up remote forwarding state: forwarding Dynamic BFD for PW : enable Detect Multipier : 3 Min Transit Interval : 100 Max Receive Interval : 100 Dynamic BFD Session : built BFD for PW : available BFD sessionIndex : 257 BFD state : up manual fault : not set active state : inactive forwarding entry : existent link state : up local VC MTU : 1500 remote VC MTU : 1500 local VCCV : cw lsp-ping bfd remote VCCV : cw lsp-ping bfd local fragmentation : disable remote fragmentation: disable local control word : enable remote control word : enable tunnel policy : -traffic behavior : -PW template name : 1to2 primary or secondary : secondary VC tunnel/token info : 1 tunnels/tokens NO.0 TNL type : lsp , TNL ID : 0x2002001 create time : 0 days, 1 hours, 4 minutes, 31 seconds up time : 0 days, 0 hours, 43 minutes, 44 seconds last change time : 0 days, 0 hours, 43 minutes, 44 seconds reroute policy : delay 30 s, resume 0 s reason of last reroute : New LDP mapping message was received time of last reroute : 0 days, 0 hours, 43 minutes, 2 seconds delay timer ID : -rest time :-resume timer ID : -rest time :--*client interface Pos1/0/0 is up session state : up AC state : up VC state : up VC ID : 100 VC type : IP-interworking destination : 3.3.3.3 local group ID : 0 remote group ID : 0 local VC label : 21504 remote VC label : 21504 local AC OAM State : up

6-180

Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd.

Issue 03 (2008-09-22)

Quidway NetEngine80E/40E Core Router Configuration Guide - VPN

6 PWE3 Configuration

local PSN State : up local forwarding state : forwarding remote AC OAM state : up remote PSN state : up remote forwarding state: forwarding BFD for PW : available BFD sessionIndex : 257 BFD state : up manual fault : not set active state : active forwarding entry : exist link state : up local VC MTU : 1500 remote VC MTU : 1500 local VCCV : cw bfd remote VCCV : cw bfd local fragmentantion : disable remote fragmentantion: disable local control word : enable remote control word : enable tunnel policy : p1 traffic behavior : -PW template name : 1to3 primary or secondary : primary VC tunnel/token info : 1 tunnels/tokens NO.0 TNL type : cr lsp, TNL ID : 0x42002002 create time : 0 days, 0 hours, 56 minutes, 39 seconds up time : 0 days, 0 hours, 18 minutes, 2 seconds last change time : 0 days, 0 hours, 18 minutes, 2 seconds *client interface : Pos1/0/0 is up session state : up AC state : up VC state : up VC ID : 200 VC type : IP-interworking destination : 2.2.2.2 local group ID : 0 remote group ID : 0 local VC label : 21505 remote VC label : 21504 local AC OAM state : up local PSN state : up local forwarding state : forwarding remote AC OAM state : up remote PSN state : up remote forwarding state: forwarding BFD for PW : available BFD sessionIndex : 256 BFD state : up manual fault : not set active state : inactive forwarding entry : existent link state : up local VC MTU : 1500 remote VC MTU : 1500 local VCCV : cw bfd remote VCCV : cw bfd local fragmentation : disable remote fragmentation: disable local control word : enable remote control word : enable tunnel policy : -traffic behavior : -PW template name : 1to2 primary or secondary : secondary VC tunnel/token info : 1 tunnels/tokens NO.0 TNL type : lsp , TNL ID : 0x2002004 create time : 0 days, 0 hours, 56 minutes, 39 seconds up time : 0 days, 0 hours, 18 minutes, 2 seconds last change time : 0 days, 0 hours, 18 minutes, 2 seconds reroute policy : delay 30 s, resume 0 s reason of last reroute : Remote PSN fault time of last reroute : 0 days, 0 hours, 18 minutes, 2 seconds delay timer ID : -rest time :-resume timer ID : -rest time :--

Simulate a failure on the POS 2/0/1 of PE3.


[PE3] interface pos2/0/1 [PE3-Pos2/0/1] shutdown

Issue 03 (2008-09-22)

Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd.

6-181

6 PWE3 Configuration

Quidway NetEngine80E/40E Core Router Configuration Guide - VPN

Run the display bfd session all command on PE1, and you can see that the BFD session for the master PW is Down.
<PE1> display bfd session all ------------------------------------------------------------------------------Local Remote PeerIpAddr InterfaceName State Type ------------------------------------------------------------------------------8192 8192 --.--.--.-Pos1/0/0 Down D_PW(M) 8193 8192 --.--.--.-Pos1/0/0 Up D_PW(S) ------------------------------------------------------------------------------Total UP/DOWN Session Number : 1/1 ------------------------------------------------------------------------------Local Remote PeerIpAddr InterfaceName State Type ------------------------------------------------------------------------------12 21 --.--.--.-Pos1/0/0 Up S_PW(S) 13 31 --.--.--.-Pos1/0/0 Down S_PW(M) ------------------------------------------------------------------------------Total UP/DOWN Session Number : 1/1

Run the display mpls l2vc interface command on PE1, and you can see that the master PW is changed to Inactive, and the backup PW is changed to Active.
<PE1> display mpls l2vc interface pos 1/0/0 *client interface : Pos1/0/0 is up session state : Down AC state : up VC state : Down VC ID : 100 VC type : IP-interworking destination : 3.3.3.3 local group ID : 0 remote group ID : 0 local VC label : 21504 remote VC label : 21504 local AC OAM State : up local PSN State : up local forwarding state : not forwarding remote AC OAM state : up remote PSN state : up remote forwarding state: forwarding Dynamic BFD for PW : enable Detect Multipier : 3 Min Transit Interval : 100 Max Receive Interval : 100 Dynamic BFD Session : built BFD for PW : available BFD sessionIndex : 256 BFD state : down manual fault : not set active state : inactive forwarding entry : not exist link state : down local VC MTU : 1500 remote VC MTU : 1500 local VCCV : cw lsp-ping bfd remote VCCV : cw lsp-ping bfd local fragmentantion : disable remote fragmentantion: disable local control word : enable remote control word : enable tunnel policy : p1 traffic behavior : -PW template name : 1to3 primary or secondary : primary VC tunnel/token info : 1 tunnels/tokens NO.0 TNL type : cr lsp, TNL ID : 0x42002000 create time : 0 days, 1 hours, 5 minutes, 19 seconds up time : 0 days, 0 hours, 43 minutes, 33 seconds last change time : 0 days, 0 hours, 43 minutes, 33 seconds *client interface : Pos1/0/0 is up

6-182

Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd.

Issue 03 (2008-09-22)

Quidway NetEngine80E/40E Core Router Configuration Guide - VPN


session state : AC state : VC state : VC ID : VC type : destination : local group ID : local VC label : local AC OAM state : local PSN state : local forwarding state : remote AC OAM state : remote PSN state : remote forwarding state: Dynamic BFD for PW : Detect Multipier : Min Transit Interval : Max Receive Interval : Dynamic BFD Session : BFD for PW : BFD sessionIndex : manual fault : active state : forwarding entry : link state : local VC MTU : local VCCV : remote VCCV : local fragmentation : local control word : tunnel policy : traffic behavior : PW template name : primary or secondary : VC tunnel/token info : NO.0 TNL type : lsp create time : up time : last change time : reroute policy : reason of last reroute : time of last reroute : delay timer ID : resume timer ID : Pos1/0/0 is up session state : AC state : VC state : VC ID : VC type : destination : local group ID : local VC label : local AC OAM State : local PSN State : local forwarding state : BFD for PW : BFD sessionIndex : manual fault : active state : forwarding entry : link state : local VC MTU : local VCCV : remote VCCV : local fragmentantion : local control word : tunnel policy : traffic behavior :

6 PWE3 Configuration
up up up 200 IP-interworking 2.2.2.2 0 remote group ID : 0 21505 remote VC label : 21505 up up forwarding up up forwarding enable 3 100 100 built available 257 BFD state : up not set active existent up 1500 remote VC MTU : 1500 cw lsp-ping bfd cw lsp-ping bfd disable remote fragmentation: disable enable remote control word : enable --1to2 secondary 1 tunnels/tokens , TNL ID : 0x2002001 0 days, 1 hours, 4 minutes, 31 seconds 0 days, 0 hours, 43 minutes, 44 seconds 0 days, 0 hours, 43 minutes, 44 seconds delay 30 s, resume 0 s New LDP mapping message was received 0 days, 0 hours, 43 minutes, 2 seconds -rest time :--rest time :--*client interface down up down 100 IP-interworking 3.3.3.3 0 remote group ID : 21504 remote VC label : up up not forwarding available 257 BFD state : down not set inactive not exist down 1500 remote VC MTU : cw bfd none disable remote fragmentantion: enable remote control word : p1 --

0 0

0 none none

Issue 03 (2008-09-22)

Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd.

6-183

6 PWE3 Configuration
PW template name : primary or secondary : VC tunnel/token info : create time : up time : last change time : *client interface : session state : AC state : VC state : VC ID : VC type : destination : local group ID : local VC label : local AC OAM state : local PSN state : local forwarding state : remote AC OAM state : remote PSN state : remote forwarding state: BFD for PW : BFD sessionIndex : manual fault : active state : forwarding entry : link state : local VC MTU : local VCCV : remote VCCV : local fragmentation : local control word : tunnel policy : traffic behavior : PW template name : primary or secondary : VC tunnel/token info : NO.0 TNL type : lsp create time : up time : last change time : reroute policy : reason of last reroute : time of last reroute : delay timer ID : resume timer ID :

Quidway NetEngine80E/40E Core Router Configuration Guide - VPN


1to3 primary 0 tunnels/tokens 0 days, 1 hours, 0 minutes, 8 seconds 0 days, 0 hours, 0 minutes, 0 seconds 0 days, 0 hours, 1 minutes, 20 seconds Pos1/0/0 is up up up up 200 IP-interworking 2.2.2.2 0 remote group ID : 0 21505 remote VC label : 21504 up up forwarding up up forwarding available 256 BFD state : up not set active existent up 1500 remote VC MTU : 1500 cw bfd cw bfd disable remote fragmentation: disable enable remote control word : enable --1to2 secondary 1 tunnels/tokens , TNL ID : 0x2002004 0 days, 1 hours, 0 minutes, 8 seconds 0 days, 0 hours, 21 minutes, 31 seconds 0 days, 0 hours, 21 minutes, 31 seconds delay 30 s, resume 0 s Remote PSN fault 0 days, 0 hours, 21 minutes, 31 seconds -rest time :--rest time :--

Check the routing table on CE2, and you can see that the outbound interface of 10.1.3.0 is changed to POS1/0/1.That is, the L2VPN traffic is switched to the backup path.
<CE2> display ip routing-table Route Flags: R - relied, D - download to fib -----------------------------------------------------------------------------Routing Tables: Public Destinations : 7 Routes : 7 Destination/Mask Proto Pre Cost Flags NextHop Interface 10.1.1.0/30 OSPF 10 0 D 10.1.1.1 Pos1/0/1 10.1.1.1/32 Direct 0 0 D 10.1.1.1 Pos1/0/1 10.1.2.0/30 Direct 0 0 D 10.1.2.2 Pos1/0/1 10.1.2.2/32 Direct 0 0 D 127.0.0.1 InLoopBack0 10.1.3.1/32 OSPF 10 2 D 10.1.1.1 Pos1/0/1 127.0.0.0/8 Direct 0 0 D 127.0.0.1 InLoopBack0 127.0.0.1/32 Direct 0 0 D 127.0.0.1 InLoopBack0

Clear the simulated failure on the POS 2/0/1 of PE3.


[PE3] interface pos2/0/1 [PE3-Pos2/0/1] undo shudown

Check the routing table on CE2, and you can see that the outbound interface of 10.1.3.0 is changed to POS 1/0/0.That is, the L2VPN traffic is switched back to the master path.
6-184 Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd. Issue 03 (2008-09-22)

Quidway NetEngine80E/40E Core Router Configuration Guide - VPN

6 PWE3 Configuration

<CE2> display ip routing-table Route Flags: R - relied, D - download to fib -----------------------------------------------------------------------------Routing Tables: Public Destinations : 8 Routes : 9 Destination/Mask Proto Pre Cost Flags NextHop Interface 10.1.1.0/30 Direct 0 0 D 10.1.1.2 Pos1/0/0 10.1.1.1/32 Direct 0 0 D 10.1.1.1 Pos1/0/0 Direct 0 0 D 10.1.1.1 Pos1/0/1 10.1.1.2/32 Direct 0 0 D 127.0.0.1 InLoopBack0 10.1.2.0/30 Direct 0 0 D 10.1.2.2 Pos1/0/1 10.1.2.2/32 Direct 0 0 D 127.0.0.1 InLoopBack0 10.1.3.1/32 OSPF 10 2 D 10.1.1.1 Pos1/0/0 127.0.0.0/8 Direct 0 0 D 127.0.0.1 InLoopBack0 127.0.0.1/32 Direct 0 0 D 127.0.0.1 InLoopBack0

Configuration File
l

Configuration file of CE1


# sysname CE1 # interface Pos1/0/0 link-protocol hdlc undo shutdown ip address 10.1.1.1 255.255.255.252 ip address 10.1.2.1 255.255.255.252 sub # interface Pos1/0/1 link-protocol hdlc undo shutdown ip address 10.1.3.1 255.255.255.0 # ospf 1 area 0.0.0.0 network 10.1.1.0 0.0.0.3 network 10.1.2.0 0.0.0.3 network 10.1.3.0 0.0.0.255 # return

Configuration file of CE2


# sysname CE2 # interface Pos1/0/0 link-protocol ppp undo shutdown ip address 10.1.1.2 255.255.255.252 # interface Pos1/0/1 link-protocol ppp undo shutdown ip address 10.1.2.2 255.255.255.252 # ospf 1 area 0.0.0.0 network 10.1.1.0 0.0.0.3 network 10.1.2.0 0.0.0.3 # return

Configuration file of PE1


# sysname PE1 # bfd #

Issue 03 (2008-09-22)

Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd.

6-185

6 PWE3 Configuration

Quidway NetEngine80E/40E Core Router Configuration Guide - VPN


mpls lsr-id 1.1.1.1 mpls mpls te mpls rsvp-te mpls te cspf # mpls l2vpn # pw-template 1to2 peer-address 2.2.2.2 control-word vccv cc cw cv lsp-ping bfd # pw-template 1to3 peer-address 3.3.3.3 control-word vccv cc cw cv lsp-ping bfd # mpls ldp # mpls ldp remote-peer 3.3.3.3 remote-ip 3.3.3.3 # interface Pos1/0/0 link-protocol hdlc undo shutdown ip address 10.1.1.2 255.255.255.252 mpls l2vc pw-template 1to3 100 tunnel-policy p1 ip-interworking mpls l2vpn pw bfd min-rx-interval 100 min-tx-interval 100 mpls l2vc pw-template 1to2 200 ip-interworking secondary mpls l2vpn pw bfd min-rx-interval 100 min-tx-interval 100 secondary # interface Pos2/0/1 link-protocol ppp undo shutdown ip address 100.13.1.1 255.255.255.252 mpls mpls te mpls te max-link-bandwidth 50 mpls te max-reservable-bandwidth 30 mpls rsvp-te # interface Pos2/0/2 link-protocol ppp undo shutdown ip address 100.12.1.1 255.255.255.252 mpls mpls ldp # interface LoopBack1 ip address 1.1.1.1 255.255.255.255 # interface Tunnel2/0/0 ip address unnumbered interface LoopBack1 tunnel-protocol mpls te destination 3.3.3.3 mpls te tunnel-id 13 mpls te bandwidth bc0 20 mpls te commit # ospf 1 opaque-capability enable area 0.0.0.0 network 1.1.1.1 0.0.0.0 network 100.13.1.0 0.0.0.3 network 100.12.1.0 0.0.0.3 mpls-te enable # tunnel-policy p1

6-186

Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd.

Issue 03 (2008-09-22)

Quidway NetEngine80E/40E Core Router Configuration Guide - VPN


tunnel select-seq # return l cr-lsp load-balance-number 1

6 PWE3 Configuration

Configuration file of P
# sysname P # mpls lsr-id 4.4.4.4 mpls mpls te mpls rsvp-te # interface Pos2/0/1 link-protocol ppp undo shutdown ip address 100.13.1.2 255.255.255.252 mpls mpls te mpls te max-link-bandwidth 50 mpls te max-reservable-bandwidth 30 mpls rsvp-te # interface Pos2/0/2 link-protocol ppp undo shutdown ip address 100.34.1.1 255.255.255.252 mpls mpls te mpls te max-link-bandwidth 50 mpls te max-reservable-bandwidth 30 mpls rsvp-te # interface LoopBack1 ip address 4.4.4.4 255.255.255.255 # ospf 1 opaque-capability enable area 0.0.0.0 network 100.13.1.0 0.0.0.3 network 100.34.1.0 0.0.0.3 network 4.4.4.4 0.0.0.0 mpls-te enable # return

Configuration file of PE3


# sysname PE3 # bfd # mpls lsr-id 3.3.3.3 mpls mpls te mpls rsvp-te mpls te cspf # mpls l2vpn # pw-template 3to1 peer-address 1.1.1.1 control-word vccv cc cw cv lsp-ping bfd # mpls ldp # mpls ldp remote-peer 1.1.1.1 remote-ip 1.1.1.1 #

Issue 03 (2008-09-22)

Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd.

6-187

6 PWE3 Configuration

Quidway NetEngine80E/40E Core Router Configuration Guide - VPN


interface Pos1/0/0 link-protocol ppp undo shutdown oam detect lcp-terminal notify lcp-terminal ip address 10.1.1.1 255.255.255.252 mpls l2vc pw-template 3to1 100 tunnel-policy p1 ip-interworking mpls l2vpn pw bfd min-rx-interval 100 min-tx-interval 100 mpls l2vpn oam-mapping # interface Pos2/0/1 link-protocol ppp undo shutdown ip address 100.34.1.2 255.255.255.252 mpls mpls te mpls te max-link-bandwidth 50 mpls te max-reservable-bandwidth 30 mpls rsvp-te # interface LoopBack1 ip address 3.3.3.3 255.255.255.255 # interface Tunnel2/0/0 ip address unnumbered interface LoopBack1 tunnel-protocol mpls te destination 1.1.1.1 mpls te tunnel-id 31 mpls te bandwidth bc0 20 mpls te commit # ospf 1 opaque-capability enable area 0.0.0.0 network 3.3.3.3 0.0.0.0 network 100.34.1.0 0.0.0.3 mpls-te enable # tunnel-policy p1 tunnel select-seq cr-lsp load-balance-number 1 # return

Configuration file of PE2


# sysname PE2 # bfd # mpls lsr-id 2.2.2.2 mpls # mpls l2vpn # pw-template 2to1 peer-address 1.1.1.1 control-word vccv cc cw cv lsp-ping bfd # mpls ldp # interface Pos1/0/0 link-protocol ppp undo shutdown oam detect lcp-terminal notify lcp-terminal ip address 10.1.2.1 255.255.255.252 mpls l2vc pw-template 2to1 200 ip-interworking mpls l2vpn pw bfd min-rx-interval 100 min-tx-interval 100 mpls l2vpn oam-mapping # interface Pos2/0/1

6-188

Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd.

Issue 03 (2008-09-22)

Quidway NetEngine80E/40E Core Router Configuration Guide - VPN


link-protocol ppp undo shutdown ip address 100.12.1.2 255.255.255.252 mpls mpls ldp # interface LoopBack1 ip address 2.2.2.2 255.255.255.255 # ospf 1 area 0.0.0.0 network 2.2.2.2 0.0.0.0 network 100.12.1.0 0.0.0.3 # return

6 PWE3 Configuration

6.14.12 Example for Configuring PW FRR - CEs Are Symmetrically Connected to PEs Through Ethernet Links, Dynamic BFD Is Used to Detect PWs, EFM Is Used to Detect ACs
Networking Requirements
As shown in Figure 6-27, CE1 is dual-homed to PE1 and PE2; CE2 is dual-homed to PE3 and PE4. The networking requirements are as follows:
l l

CE1 and CE2 are connected to PEs through Ethernet links. PWs are set up between PE1 and PE3, and between PE2 and PE4, using MPLS LSPs as tunnels. Fault detection between CEs and PEs is implemented according to the IEEE802.3ah protocol (EFM). The paths CE2 PE3 P PE1 CE1 and CE2 PE4 PE2 CE1 are mutually redundant. If one path -- the working line -- becomes faulty, the L2VPN traffic can be rapidly switched to the backup path -- the protection line. By default, CE2 PE3 P PE1 CE1 is used as the working line.

Issue 03 (2008-09-22)

Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd.

6-189

6 PWE3 Configuration

Quidway NetEngine80E/40E Core Router Configuration Guide - VPN

Figure 6-27 Networking diagram of PW FRR CEs are symmetrically connected to PEs through Ethernet links, dynamic BFD is used to detect PWs, EFM is used to detect ACs
1 /0 / S2 .2/30 O P .13 0.1 10

Loopback1 1.1.1.1/32

1 /0 / S2 .1/30 O P .13 0.1 10

10 PO S 0.1 2/ .31 0 /2 .1/ 30

Loopback1 5.5.5.5/32

PE1
GE1/0/0 Loopback1 2.2.2.2/32

LSP

Loopback1 3.3.3.3/32 10 PO S 0.1 2/ .31 0 /1 .2/ 30

Loopback1 4.4.4.4/32 POS2/0/0 100.1.24.2/30

PE3
GE1/0/0

PE2
GE1/0/0 GE1/0/0 20.1.1.1/30

POS2/0/0 100.1.24.1/30

PE4
GE1/0/0 GE1/0/0 20.1.1.2/30

LSP

CE1
GE1/0/2 10.1.1.2/24

GE1/0/1 30.1.1.1/30

GE1/0/1 30.1.1.2/30 GE1/0/2 10.2.1.2/24

CE2

Client1 10.1.1.1/24

Client2 10.2.1.1/24

Configuration Roadmap
The configuration roadmap is as follows: 1. 2. 3. 4. 5. 6. Configure IGP on the backbone network. Set up LSP and LDP sessions between PE1 and PE3, and between PE2 and PE4. Use PW templates to configure PWs on PEs. Set up BFD for PW sessions between PE1 and PE3, and between PE2 and PE4. On PEs and CEs, configure Ethernet OAM that complies with the IEEE802.3ah protocol. Configure AC OAM detection and notification on PEs, and enable the OAM Mapping function.

Data Preparation
To complete the configuration, you need the following data:
l l l

Name of the remote peer of MPLS LDP VC-ID of the PW Name of the PW template

Configuration Procedure
1.
6-190

Configure CEs.
Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd. Issue 03 (2008-09-22)

Quidway NetEngine80E/40E Core Router Configuration Guide - VPN

6 PWE3 Configuration

Configure the addresses of the interfaces of CE1 and CE2, as shown in Figure 6-27. The detailed configuration is not mentioned here. 2. On the MPLS backbone network, configure IP addresses for interfaces and IGP so that PEs and P on the backbone network can interwork . # Configure PE1.
<Quidway> system-view [Quidway] sysname PE1 [PE1] interface loopback1 [PE1-LoopBack1] ip address 1.1.1.1 32 [PE1-LoopBack1] quit [PE1] interface pos 2/0/1 [PE1-Pos2/0/1] ip address 100.1.13.1 30 [PE1-Pos2/0/1] undo shutdown [PE1-Pos2/0/1] quit [PE1] ospf 1 [PE1-ospf-1] area 0 [PE1-ospf-1-area-0.0.0.0] network 1.1.1.1 0.0.0.0 [PE1-ospf-1-area-0.0.0.0] network 100.1.13.0 0.0.0.3

# Configure the P device.


<Quidway> system-view [Quidway] sysname P [P] interface loopback1 [P-LoopBack1] ip address 5.5.5.5 32 [P-LoopBack1] quit [P] interface pos 2/0/1 [P-Pos2/0/1] ip address 100.1.13.2 30 [P-Pos2/0/1] undo shutdown [P-Pos2/0/1] quit [P] interface pos 2/0/2 [P-Pos2/0/2] ip address 100.1.31.1 30 [P-Pos2/0/2] undo shutdown [P-Pos2/0/2] quit [P] ospf 1 [P-ospf-1] area 0 [P-ospf-1-area-0.0.0.0] network 5.5.5.5 0.0.0.0 [P-ospf-1-area-0.0.0.0] network 100.1.13.0 0.0.0.3 [P-ospf-1-area-0.0.0.0] network 100.1.31.0 0.0.0.3

# Configure PE3.
<Quidway> system-view [Quidway] sysname PE3 [PE3] interface loopback1 [PE3-LoopBack1] ip address 3.3.3.3 32 [PE3-LoopBack1] quit [PE3] interface pos2/0/1 [PE3-Pos2/0/1] ip address 100.1.31.2 30 [PE3-Pos2/0/1] undo shutdown [PE3-Pos2/0/1] quit [PE3] ospf 1 [PE3-ospf-1] area 0 [PE3-ospf-1-area-0.0.0.0] network 3.3.3.3 0.0.0.0 [PE3-ospf-1-area-0.0.0.0] network 100.1.31.0 0.0.0.3

# Configure PE2.
<Quidway> system-view [Quidway] sysname PE2 [PE2] interface loopback1 [PE2-LoopBack1] ip address 2.2.2.2 32 [PE2-LoopBack1] quit [PE2] interface pos 2/0/0 [PE2-Pos2/0/0] ip address 100.1.24.1 30 [PE2-Pos2/0/0] undo shutdown [PE2-Pos2/0/0] quit [PE2] ospf 1 [PE2-ospf-1] area 0 [PE2-ospf-1-area-0.0.0.0] network 2.2.2.2 0.0.0.0

Issue 03 (2008-09-22)

Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd.

6-191

6 PWE3 Configuration

Quidway NetEngine80E/40E Core Router Configuration Guide - VPN


[PE2-ospf-1-area-0.0.0.0] network 100.1.24.0 0.0.0.3

# Configure PE4.
<Quidway> system-view [Quidway] sysname PE4 [PE4] interface loopback1 [PE4-LoopBack1] ip address 4.4.4.4 32 [PE4-LoopBack1] quit [PE4] interface pos 2/0/0 [PE4-Pos2/0/0] ip address 100.1.24.2 30 [PE4-Pos2/0/0] undo shutdown [PE4-Pos2/0/0] quit [PE4] ospf 1 [PE4-ospf-1] area 0 [PE4-ospf-1-area-0.0.0.0] network 4.4.4.4 0.0.0.0 [PE4-ospf-1-area-0.0.0.0] network 100.1.24.0 0.0.0.3

After the configuration, run the display ip routing-table command on the PEs, and you can see that PE1 and PE2, and PE1 and PE3 have learned the routes on the Loopback1 interface of each other. Take the display on PE1 as an example.
<PE1> display ip routing-table Route Flags: R - relied, D - download to fib -----------------------------------------------------------------------------Routing Tables: Public Destinations : 9 Routes : 9 Destination/Mask Proto Pre Cost Flags NextHop Interface 1.1.1.1/32 Direct 0 0 D 127.0.0.1 InLoopBack0 3.3.3.3/32 OSPF 10 3 D 100.1.13.2 Pos2/0/1 5.5.5.5/32 OSPF 10 2 D 100.1.13.2 Pos2/0/1 100.1.13.0/30 Direct 0 0 D 100.1.13.1 Pos2/0/1 100.1.13.1/32 Direct 0 0 D 127.0.0.1 InLoopBack0 100.1.13.2/32 Direct 0 0 D 100.1.13.2 Pos2/0/1 100.1.31.0/30 OSPF 10 2 D 100.1.13.2 Pos2/0/1 127.0.0.0/8 Direct 0 0 D 127.0.0.1 InLoopBack0 127.0.0.1/32 Direct 0 0 D 127.0.0.1 InLoopBack0

3.

Configure the basic MPLS functions on the MPLS backbone network. # Enable MPLS, and set LSR-ID as the IP address of the Loopback1 interface. Enable MPLS and MPLS LDP on interfaces on the backbone network. # Configure PE1.
[PE1] mpls lsr-id 1.1.1.1 [PE1] mpls [PE1-mpls] quit [PE1] mpls ldp [PE1-mpls-ldp] quit [PE1] interface pos2/0/1 [PE1-Pos2/0/1] mpls [PE1-Pos2/0/1] mpls ldp [PE1-Pos2/0/1] quit

# Configure the P device.


[P] mpls lsr-id 5.5.5.5 [P] mpls [P-mpls] quit [P] mpls ldp [P-mpls-ldp] quit [P] interface pos2/0/1 [P-Pos2/0/1] mpls [P-Pos2/0/1] mpls ldp [P-Pos2/0/1] quit [P] interface pos 2/0/2 [P-Pos2/0/2] mpls [P-Pos2/0/2] mpls ldp [P-Pos2/0/2] quit

# Configure PE3.
6-192 Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd. Issue 03 (2008-09-22)

Quidway NetEngine80E/40E Core Router Configuration Guide - VPN


[PE3] mpls lsr-id 3.3.3.3 [PE3] mpls [PE3-mpls] quit [PE3] mpls ldp [PE3-mpls-ldp] quit [PE3] interface pos 2/0/1 [PE3-Pos2/0/1] mpls [PE3-Pos2/0/1] mpls ldp [PE3-Pos2/0/1] quit

6 PWE3 Configuration

# Configure PE2.
[PE2] mpls lsr-id 2.2.2.2 [PE2] mpls [PE2-mpls] quit [PE2] mpls ldp [PE2-mpls-ldp] quit [PE2] interface pos 2/0/0 [PE2-Pos2/0/0] mpls [PE2-Pos2/0/0] mpls ldp [PE2-Pos2/0/0] quit

# Configure PE4.
[PE4] mpls lsr-id 4.4.4.4 [PE4] mpls [PE4-mpls] quit [PE4] mpls ldp [PE4-mpls-ldp] quit [PE4] interface pos 2/0/0 [PE4-Pos2/0/0] mpls [PE4-Pos2/0/0] mpls ldp [PE4-Pos2/0/0] quit

After the configuration, run the display tunnel-info all command on PEs. You can see that MPLS LSP tunnels are set up between PE1 and PE3, and between PE2 and PE4. Take the display on PE1 and PE2 as an example.
<PE1> display tunnel-info all * -> Allocated VC Token Tunnel ID Type Destination Token ---------------------------------------------------------------------0x2002000 lsp 5.5.5.5 0 0x2002001 lsp 3.3.3.3 1 <PE2> display tunnel-info all * -> Allocated VC Token Tunnel ID Type Destination Token ---------------------------------------------------------------------0x2002000 lsp 4.4.4.4 0

Run the display mpls ldp session command on PEs. You can see that the status of the peer relationship between PE1 and P, between PE3 and P, and between PE2 and PE4 is Operational. This indicates that LDP sessions are set up. Take the display on PE1 as an example.
<PE1> display mpls ldp session LDP Session(s) in Public Network -----------------------------------------------------------------------------Peer-ID Status LAM SsnRole SsnAge KA-Sent/Rcv -----------------------------------------------------------------------------5.5.5.5:0 Operational DU Passive 000:00:04 20/20 -----------------------------------------------------------------------------TOTAL: 1 session(s) Found. LAM : Label Advertisement Mode SsnAge Unit : DDD:HH:MM

4.

Set up remote LDP sessions between PEs. # Configure remote LDP sessions. Usually, addresses of the Loopback interfaces of the remote LDP peers are set as the IP addresses for remote LDP sessions.

Issue 03 (2008-09-22)

Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd.

6-193

6 PWE3 Configuration
NOTE

Quidway NetEngine80E/40E Core Router Configuration Guide - VPN

In this example, PE2 and PE4 are directly connected and you do not need to manually configure remote LDP sessions between them.

# Configure PE1.
[PE1] mpls ldp remote-peer 3.3.3.3 [PE1-mpls-ldp-remote-3.3.3.3] remote-ip 3.3.3.3 [PE1-mpls-ldp-remote-3.3.3.3] quit

# Configure PE3.
[PE3] mpls ldp remote-peer 1.1.1.1 [PE3-mpls-ldp-remote-1.1.1.1] remote-ip 1.1.1.1 [PE3-mpls-ldp-remote-1.1.1.1] quit

After the configuration, run the display mpls ldp session on PEs. You can see that the status of the remote LDP peer relationship is Operational. This indicates that remote LDP sessions are set up. Take the display on PE1 as an example.
<PE1> display mpls ldp session LDP Session(s) in Public Network -----------------------------------------------------------------------------Peer-ID Status LAM SsnRole SsnAge KA-Sent/Rcv -----------------------------------------------------------------------------3.3.3.3:0 Operational DU Passive 000:00:56 225/227 5.5.5.5:0 Operational DU Passive 000:00:13 56/56 -----------------------------------------------------------------------------TOTAL: 2 session(s) Found. LAM : Label Advertisement Mode SsnAge Unit : DDD:HH:MM

5.

Configure PWs on PEs by using PW templates. # Configure PE1.


[PE1] mpls l2vpn [PE1-l2vpn] quit [PE1] pw-template 1to3 [PE1-pw-template-1to3] peer-address 3.3.3.3 [PE1-pw-template-1to3] control-word [PE1-pw-template-1to3] vccv cc cw cv bfd lsp-ping [PE1-pw-template-1to3] quit [PE1] interface gigabitethernet 1/0/0 [PE1-GigabitEthernet1/0/0] mpls l2vc pw-template 1to3 100 [PE1-GigabitEthernet1/0/0] undo shutdown [PE1-GigabitEthernet1/0/0] quit

# Configure PE3.
[PE3] mpls l2vpn [PE3-l2vpn] quit [PE3] pw-template 3to1 [PE3-pw-template-3to1] peer-address 1.1.1.1 [PE3-pw-template-3to1] control-word [PE3-pw-template-3to1] vccv cc cw cv bfd lsp-ping [PE3-pw-template-3to1] quit [PE3] interface gigabitethernet 1/0/0 [PE3-GigabitEthernet1/0/0] mpls l2vc pw-template 3to1 100 [PE3-GigabitEthernet1/0/0] undo shutdown [PE3-GigabitEthernet1/0/0] quit

# Configure PE2.
[PE2] mpls l2vpn [PE2-l2vpn] quit [PE2] pw-template 2to4 [PE2-pw-template-2to4] peer-address 4.4.4.4 [PE2-pw-template-2to4] control-word [PE2-pw-template-2to4] vccv cc cw cv bfd lsp-ping

6-194

Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd.

Issue 03 (2008-09-22)

Quidway NetEngine80E/40E Core Router Configuration Guide - VPN


[PE2-pw-template-2to4] quit [PE2] interface gigabitethernet 1/0/0 [PE2-GigabitEthernet1/0/0] mpls l2vc pw-template 2to4 200 [PE2-GigabitEthernet1/0/0] undo shutdown [PE2-GigabitEthernet1/0/0] quit

6 PWE3 Configuration

# Configure PE4.
[PE4] mpls l2vpn [PE4-l2vpn] quit [PE4] pw-template 4to2 [PE4-pw-template-4to2] peer-address 2.2.2.2 [PE4-pw-template-4to2] control-word [PE4-pw-template-4to2] vccv cc cw cv bfd lsp-ping [PE4-pw-template-4to2] quit [PE4] interface gigabitethernet 1/0/0 [PE4-GigabitEthernet1/0/0] mpls l2vc pw-template 4to2 200 [PE4-GigabitEthernet1/0/0] undo shutdown [PE4-GigabitEthernet1/0/0] quit

After the configuration, run the display pw-template command on PEs. You can view the information about the configurations of PW templates, and you can see that VCCV is enabled. Take the display on PE1 as an example.
<PE1> display pw-template Total PW template number : 1 PW Template Name : 1to3 PeerIP : 3.3.3.3 Tnl Policy Name : -CtrlWord : Enable VCCV Capability : cw lsp-ping bfd Behavior Name : -Total PW : 1, Static PW : 0, LDP PW : 1, Rsvp PW : 0

After the configuration, run the display mpls l2vc command on PEs. You can see that PWs are set up and are in the Active state. Take the display on PE1 as an example.
<PE1> display mpls l2vc interface gigabitethernet1/0/0 total LDP VC : 1 1 up 0 down *client interface : GigabitEthernet1/0/0 session state : up AC status : up VC state : up VC ID : 100 VC type : Ethernet destination : 3.3.3.3 local group ID : 0 remote group ID local VC label : 21504 remote VC label : local AC OAM State : up local PSN State : up local forwarding state : forwarding remote AC OAM state : up remote PSN state : up remote forwarding state: forwarding BFD for PW : unavailable manual fault : not set active state : active forwarding entry : exist link state : up local VC MTU : 1500 remote VC MTU local VCCV : cw lsp-ping bfd remote VCCV : cw lsp-ping bfd local control word : enable remote control word tunnel policy : -traffic behavior : -PW template name : 1to3 primary or secondary : primary VC tunnel/token info : 1 tunnels/tokens

: 0 21504

: 1500 : enable

Issue 03 (2008-09-22)

Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd.

6-195

6 PWE3 Configuration

Quidway NetEngine80E/40E Core Router Configuration Guide - VPN


NO.0 TNL type : lsp , TNL ID : 0x2002001 create time : 0 days, 0 hours, 17 minutes, 41 seconds up time : 0 days, 0 hours, 16 minutes, 18 seconds last change time : 0 days, 0 hours, 16 minutes, 18 seconds

6.

Configure IGP between CEs. Run OSPF on CE1 and CE2. To transmit traffic through the working line CE2 PE3 P PE1 CE1, set the OSPF cost of GE1/0/1 on CE1 and CE2 to a higher value, for example, 10. # Configure CE1.
[CE1] ospf 1 [CE1-ospf-1] area 0.0.0.0 [CE1-ospf-1-area-0.0.0.0] network 10.1.1.0 0.0.0.255 [CE1-ospf-1-area-0.0.0.0] network 20.1.3.0 0.0.0.3 [CE1-ospf-1-area-0.0.0.0] network 30.1.3.0 0.0.0.3 [CE1-ospf-1-area-0.0.0.0] quit [CE1-ospf-1] quit [CE1] interface gigabitethernet 1/0/1 [CE1-GigabitEthernet1/0/1] ospf cost 10

# Configure CE2.
[CE2] ospf 1 [CE2-ospf-1] area 0.0.0.0 [CE2-ospf-1-area-0.0.0.0] network 10.2.1.0 0.0.0.255 [CE2-ospf-1-area-0.0.0.0] network 20.1.1.0 0.0.0.3 [CE2-ospf-1-area-0.0.0.0] network 30.1.1.0 0.0.0.3 [CE2-ospf-1-area-0.0.0.0] quit [CE2-ospf-1] quit [CE2] interface gigabitethernet 1/0/1 [CE2-GigabitEthernet1/0/1] ospf cost 10

Run the display ip routing-table command on CE1. You can see that the outbound interface for the route from CE1 to 10.2.1.0/24 is GE1/0/0. That is, traffic is transmitted through the working line CE2 PE3 P PE1 CE1.
<CE1> display ip routing-table Route Flags: R - relied, D - download to fib -----------------------------------------------------------------------------Routing Tables: Public Destinations : 9 Routes : 9 Destination/Mask Proto Pre Cost Flags NextHop Interface 10.1.1.0/24 Direct 0 0 D 10.1.1.2 GigabitEthernet1/0/2 10.1.1.2/32 Direct 0 0 D 127.0.0.1 InLoopBack0 10.2.1.0/24 OSPF 10 2 D 20.1.1.2 GigabitEthernet1/0/0 20.1.1.0/30 Direct 0 0 D 20.1.1.1 GigabitEthernet1/0/0 20.1.1.1/32 Direct 0 0 D 127.0.0.1 InLoopBack0 30.1.1.0/30 Direct 0 0 D 30.1.1.1 GigabitEthernet1/0/1 30.1.1.1/32 Direct 0 0 D 127.0.0.1 InLoopBack0 127.0.0.0/8 Direct 0 0 D 127.0.0.1 InLoopBack0 127.0.0.1/32 Direct 0 0 D 127.0.0.1 InLoopBack0

After the default gateway is set as the interface that connects CEs to clients, clients can ping through each other. Take the display on Client1 as an example.
<Clinet1> ping 10.2.1.1 PING 10.2.1.1: 56 data bytes, press CTRL_C to break Reply from 10.2.1.1: bytes=56 Sequence=1 ttl=254 time=210 Reply from 10.2.1.1: bytes=56 Sequence=2 ttl=255 time=130 Reply from 10.2.1.1: bytes=56 Sequence=3 ttl=255 time=190 Reply from 10.2.1.1: bytes=56 Sequence=4 ttl=255 time=130 Reply from 10.2.1.1: bytes=56 Sequence=5 ttl=255 time=180 --- 10.2.1.1 ping statistics --5 packet(s) transmitted 5 packet(s) received 0.00% packet loss round-trip min/avg/max = 130/160/190 ms ms ms ms ms ms

7.
6-196

Configure the BFD for PW function on PEs.


Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd. Issue 03 (2008-09-22)

Quidway NetEngine80E/40E Core Router Configuration Guide - VPN


NOTE

6 PWE3 Configuration

Here, dynamic BFD for PW is taken as an example.

# Configure PE1.
[PE1] bfd [PE1-bfd] quit [PE1] interface gigabitethernet 1/0/0 [PE1-GigabitEthernet1/0/0] mpls l2vpn pw bfd [PE1-GigabitEthernet1/0/0] quit

# Configure PE3.
[PE3] bfd [PE3-bfd] quit [PE3] interface gigabitethernet 1/0/0 [PE3-GigabitEthernet1/0/0] mpls l2vpn pw bfd [PE3-GigabitEthernet1/0/0] quit

# Configure PE2.
[PE2] bfd [PE2-bfd] quit [PE2] interface gigabitethernet 1/0/0 [PE2-GigabitEthernet1/0/0] mpls l2vpn pw bfd [PE2-GigabitEthernet1/0/0] quit

# Configure PE4.
[PE4] bfd [PE4-bfd] quit [PE4] interface gigabitethernet 1/0/0 [PE4-GigabitEthernet1/0/0] mpls l2vpn pw bfd [PE4-GigabitEthernet1/0/0] quit

After the configuration, BFD sessions are set up between PE1 and PE3, and between PE2 and PE4. Run the display bfd session all command. You can see that the State is Up. Take the display on PE1 as an example.
<PE1> display bfd session all ------------------------------------------------------------------------------Local Remote PeerIpAddr InterfaceName State Type ------------------------------------------------------------------------------8192 8192 --.--.--.-GigabitEthernet1/0/0 Up D_PW(M) ------------------------------------------------------------------------------Total UP/DOWN Session Number : 1/0

Run the display bfd configuration all command. You can view the information about the BFD configuration, and the Commit field is True.
<PE1> display bfd configuration all ------------------------------------------------------------------------------CFG Name CFG Type LocalDiscr MIndex SessNum Commit AdminDown ------------------------------------------------------------------------------dyn_8192 Dynamic 8192 256 1 True False ------------------------------------------------------------------------------Total Commit/Uncommit CFG Number : 1/0

8.

Configure Ethernet OAM on PEs and CEs.


NOTE

l l

In this example, Ethernet OAM complies with the IEEE802.3ah protocol (EFM). To enable fast switchover on CEs, configure association between Ethermet OAM and the interfaces on the AC side of CEs.

# Configure CE1.
Issue 03 (2008-09-22) Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd. 6-197

6 PWE3 Configuration

Quidway NetEngine80E/40E Core Router Configuration Guide - VPN


[CE1] efm enable [CE1] interface gigabitethernet 1/0/0 [CE1-GigabitEthernet1/0/0] efm enable [CE1-GigabitEthernet1/0/0] efm trigger if-down [CE1-GigabitEthernet1/0/0] quit [CE1] interface gigabitethernet 1/0/1 [CE1-GigabitEthernet1/0/1] efm enable [CE1-GigabitEthernet1/0/1] efm trigger if-down [CE1-GigabitEthernet1/0/1] quit

# Configure CE2.
[CE2] efm enable [CE2] interface gigabitethernet 1/0/0 [CE2-GigabitEthernet1/0/0] efm enable [CE2-GigabitEthernet1/0/0] efm trigger if-down [CE2-GigabitEthernet1/0/0] quit [CE2] interface gigabitethernet 1/0/1 [CE2-GigabitEthernet1/0/1] efm enable [CE2-GigabitEthernet1/0/1] efm trigger if-down [CE2-GigabitEthernet1/0/1] quit

# Configure PE1.
[PE1] efm enable [PE1] interface gigabitethernet 1/0/0 [PE1-GigabitEthernet1/0/0] efm enable [PE1-GigabitEthernet1/0/0] quit

# Configure PE2.
[PE2] efm enable [PE2] interface gigabitethernet 1/0/0 [PE2-GigabitEthernet1/0/0] efm enable [PE2-GigabitEthernet1/0/0] quit

After the configuration ,run the display efm session all command on PEs or CEs. You can see the state of EFM is detect. Take the display on PE1 and CE1 as an example.
<PE1> display efm session all Interface EFM State Loopback Timeou ---------------------------------------------------------------------GigabitEthernet1/0/0 detect -<CE1> display efm session all Interface EFM State Loopback Timeou ---------------------------------------------------------------------GigabitEthernet1/0/0 detect -GigabitEthernet1/0/1 detect --

9.

Enable OAM Mapping on PEs. AC OAM detection and notification are then automatically enabled. # Take the configuration of PE1 as an example. Configurations on PE2, PE3, and PE4 are the same, and are not mentioned here.
[PE1] interface gigabitetherent 1/0/0 [PE1-Gigabitethernet1/0/0] mpls l2vpn oam-mapping 3ah [PE1-Gigabitethernet1/0/0] quit

Run the display mpls l2vc oam-mapping interface command on PEs to check information about OAM Mapping. You can see that AC OAM is Up, BFD for PW is Enable, and BFD is Up. Take the display on PE1 as an example.
[PE1] display mpls AC OAM Info: EOAM Type : AC OAM State : OAM-mapping : PSN info: VC-ID : l2vc oam-mapping interface gigabitethernet 1/0/0 802.3ah Up Enable 100

6-198

Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd.

Issue 03 (2008-09-22)

Quidway NetEngine80E/40E Core Router Configuration Guide - VPN


VC status : Primary Active State : Active Link State : Up BFD for PW : Enable BFDSessionIndex:256 ,BFD State : up BFD for LSP : 0 TunnelNum: 1 PSN State : up

6 PWE3 Configuration

10. Verify the configuration.


l

View the status of PWs.

Run the display mpls l2vc interface command on PE1 or PE3. If the configuration is successful, you can see that PW1 is Up. Take the display on PE1 as an example.
<PE1> display mpls l2vc interface gigabitethernet 1/0/0 *client interface : GigabitEthernet1/0/0 is up session state : up AC state : up VC state : up VC ID : 100 VC type : Ethernet destination : 3.3.3.3 local group ID : 0 remote group ID : 0 local VC label : 21504 remote VC label : 21504 local AC OAM State : up local PSN State : up local forwarding state : forwarding remote AC OAM state : up remote PSN state : up remote forwarding state: forwarding Dynamic BFD for PW : enable Detect Multipier : 3 Min Transit Interval : 1000 Max Receive Interval : 1000 Dynamic BFD Session : built BFD for PW : available BFD sessionIndex : 256 BFD state : up manual fault : not set active state : active forwarding entry : exist link state : up local VC MTU : 1500 remote VC MTU : 1500 local VCCV : cw lsp-ping bfd remote VCCV : cw lsp-ping bfd local control word : enable remote control word : enable tunnel policy : -traffic behavior : -PW template name : 1to3 primary or secondary : primary VC tunnel/token info : 1 tunnels/tokens NO.0 TNL type : lsp , TNL ID : 0x2002003 create time : 0 days, 0 hours, 38 minutes, 32 seconds up time : 0 days, 0 hours, 33 minutes, 11 seconds last change time : 0 days, 0 hours, 33 minutes, 11 seconds l

Verify the switchover between the working line and the protection line on CEs.

Disable Ethernet OAM on GE1/0/0 of CE2, and simulate a remote AC fault.


[CE1] interface gigabitethernet 1/0/0 [CE1-GigabitEthernet1/0/1] undo efm enable

Run the display mpls l2vc interface command on PE1 or PE3. Then, PE1 identifies that OAM is Down on the remote AC, and PW is Down. Take the display on PE1 as an example.
<PE1> display mpls l2vc interface gigabitethernet 1/0/0 *client interface : GigabitEthernet1/0/0 is up session state : up AC state : up VC state : up VC ID : 100 VC type : Ethernet destination : 3.3.3.3

Issue 03 (2008-09-22)

Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd.

6-199

6 PWE3 Configuration
local group ID : local VC label : local AC OAM State : local PSN State : local forwarding state : remote AC OAM state : remote PSN state : remote forwarding state: Dynamic BFD for PW : Detect Multipier : Min Transit Interval : Max Receive Interval : Dynamic BFD Session : BFD for PW : BFD sessionIndex : manual fault : active state : forwarding entry : link state : local VC MTU : local VCCV : remote VCCV : local control word : tunnel policy : traffic behavior : PW template name : primary or secondary : VC tunnel/token info : NO.0 TNL type : lsp create time : up time : last change time :

Quidway NetEngine80E/40E Core Router Configuration Guide - VPN


0 remote group ID : 0 21504 remote VC label : 21504 up up forwarding down up forwarding enable 3 1000 1000 built available 256 BFD state : up not set active exist down 1500 remote VC MTU : 1500 cw lsp-ping bfd cw lsp-ping bfd enable remote control word : enable --1to3 primary 1 tunnels/tokens , TNL ID : 0x2002003 0 days, 0 hours, 42 minutes, 52 seconds 0 days, 0 hours, 0 minutes, 28 seconds 0 days, 0 hours, 0 minutes, 28 seconds

View the routing table on CE1. You can see that the outbound interface for the route from CE1 to 10.2.1.0/24 is GE1/0/1. That is, traffic is transmitted through the protection line CE2 PE4 PE2 CE1.
[CE1] display ip routing-table Route Flags: R - relied, D - download to fib -----------------------------------------------------------------------------Routing Tables: Public Destinations : 9 Routes : 9 Destination/Mask Proto Pre Cost Flags NextHop Interface 10.1.1.0/24 Direct 0 0 D 10.1.1.2 GigabitEthernet1/0/2 10.1.1.2/32 Direct 0 0 D 127.0.0.1 InLoopBack0 10.2.1.0/24 OSPF 10 11 D 30.1.1.2 GigabitEthernet1/0/1 20.1.1.0/30 Direct 0 0 D 20.1.1.1 GigabitEthernet1/0/0 20.1.1.1/32 Direct 0 0 D 127.0.0.1 InLoopBack0 30.1.1.0/30 Direct 0 0 D 30.1.1.1 GigabitEthernet1/0/1 30.1.1.1/32 Direct 0 0 D 127.0.0.1 InLoopBack0 127.0.0.0/8 Direct 0 0 D 127.0.0.1 InLoopBack0 127.0.0.1/32 Direct 0 0 D 127.0.0.1 InLoopBack0

Clients can still ping through each other. Take the display on Client1 as an example.
[Client1] ping 10.2.1.1 PING 10.2.1.1: 56 data bytes, press CTRL_C to break Reply from 10.2.1.1: bytes=56 Sequence=1 ttl=254 time=210 Reply from 10.2.1.1: bytes=56 Sequence=2 ttl=254 time=190 Reply from 10.2.1.1: bytes=56 Sequence=3 ttl=254 time=160 Reply from 10.2.1.1: bytes=56 Sequence=4 ttl=254 time=130 Reply from 10.2.1.1: bytes=56 Sequence=5 ttl=254 time=190 --- 10.2.1.1 ping statistics --5 packet(s) transmitted 5 packet(s) received 0.00% packet loss round-trip min/avg/max = 130/176/210 ms ms ms ms ms ms

Configure Ethernet OAM once again on GE1/0/0 of CE2, and disable the fault that is manually simulated.
[CE2] interface gigabitethernet 1/0/0

6-200

Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd.

Issue 03 (2008-09-22)

Quidway NetEngine80E/40E Core Router Configuration Guide - VPN


[CE2-GigabitEthernet1/0/0] efm enable [CE2-GigabitEthernet1/0/0] efm trigger if-down

6 PWE3 Configuration

View the routing table on CE1. You can see that the outbound interface for the route from CE1 to 10.2.1.0/24 is changed to GE1/0/0. That is, traffic is once again transmitted through the working line CE2 PE3 P PE1 CE1. That is, L2VPN traffic is switched back to the working line.
[CE1] display ip routing-table Route Flags: R - relied, D - download to fib -----------------------------------------------------------------------------Routing Tables: Public Destinations : 9 Routes : 9 Destination/Mask Proto Pre Cost Flags NextHop Interface 10.1.1.0/24 Direct 0 0 D 10.1.1.2 GigabitEthernet1/0/2 10.1.1.2/32 Direct 0 0 D 127.0.0.1 InLoopBack0 10.2.1.0/24 OSPF 10 11 D 30.1.1.2 GigabitEthernet1/0/0 20.1.1.0/30 Direct 0 0 D 20.1.1.1 GigabitEthernet1/0/0 20.1.1.1/32 Direct 0 0 D 127.0.0.1 InLoopBack0 30.1.1.0/30 Direct 0 0 D 30.1.1.1 GigabitEthernet1/0/1 30.1.1.1/32 Direct 0 0 D 127.0.0.1 InLoopBack0 127.0.0.0/8 Direct 0 0 D 127.0.0.1 InLoopBack0 127.0.0.1/32 Direct 0 0 D 127.0.0.1 InLoopBack0

Configuration Files
l

Configuration file of CE1.


# sysname CE1 # efm enable # interface GigabitEthernet1/0/0 undo shutdown ip address 20.1.1.1 255.255.255.252 efm enable efm trigger if-down # interface GigabitEthernet1/0/1 undo shutdown ip address 30.1.1.1 255.255.255.252 ospf cost 10 efm enable efm trigger if-down # interface GigabitEthernet1/0/2 undo shutdown ip address 10.1.1.2 255.255.255.252 # ospf 1 area 0.0.0.0 network 10.1.1.0 0.0.0.255 network 20.1.1.0 0.0.0.3 network 30.1.1.0 0.0.0.3 # return

Configuration file of CE2.


# sysname CE2 # efm enable # interface GigabitEthernet1/0/0 undo shutdown ip address 20.1.1.2 255.255.255.252 efm enable efm trigger if-down

Issue 03 (2008-09-22)

Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd.

6-201

6 PWE3 Configuration
# interface GigabitEthernet1/0/1 undo shutdown ip address 30.1.1.2 255.255.255.252 ospf cost 10 efm enable efm trigger if-down # interface GigabitEthernet1/0/2 undo shutdown ip address 10.2.1.2 255.255.255.252 # ospf 1 area 0.0.0.0 network 10.2.1.0 0.0.0.255 network 20.1.1.0 0.0.0.3 network 30.1.1.0 0.0.0.3 # return l

Quidway NetEngine80E/40E Core Router Configuration Guide - VPN

Configuration file of PE1.


# sysname PE1 # efm enable # bfd # mpls lsr-id 1.1.1.1 mpls # mpls l2vpn # pw-template 1to3 peer-address 3.3.3.3 control-word vccv cc cw cv lsp-ping bfd # mpls ldp # mpls ldp remote-peer 3.3.3.3 remote-ip 3.3.3.3 # interface GigabitEthernet1/0/0 undo shutdown mpls l2vc pw-template 1to3 100 mpls l2vpn pw bfd mpls l2vpn oam-mapping 3ah efm enable # interface Pos2/0/1 link-protocol ppp undo shutdown ip address 100.1.13.1 255.255.255.252 mpls mpls ldp # interface LoopBack1 ip address 1.1.1.1 255.255.255.255 # ospf 1 area 0.0.0.0 network 1.1.1.1 0.0.0.0 network 100.1.13.0 0.0.0.3 # return

Configuration file of the P device.


# sysname P

6-202

Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd.

Issue 03 (2008-09-22)

Quidway NetEngine80E/40E Core Router Configuration Guide - VPN


# mpls lsr-id 5.5.5.5 mpls # mpls ldp # interface Pos2/0/1 link-protocol ppp undo shutdown ip address 100.1.13.2 255.255.255.252 mpls mpls ldp # interface Pos2/0/2 link-protocol ppp undo shutdown ip address 100.1.31.1 255.255.255.252 mpls mpls ldp # interface LoopBack1 ip address 5.5.5.5 255.255.255.255 # ospf 1 area 0.0.0.0 network 5.5.5.5 0.0.0.0 network 100.1.13.0 0.0.0.3 network 100.1.31.0 0.0.0.3 # return l

6 PWE3 Configuration

Configuration file of PE3.


# sysname PE3 # efm enable # bfd # mpls lsr-id 3.3.3.3 mpls # mpls l2vpn # pw-template 3to1 peer-address 1.1.1.1 control-word vccv cc cw cv lsp-ping bfd # mpls ldp # mpls ldp remote-peer 1.1.1.1 remote-ip 1.1.1.1 # interface GigabitEthernet1/0/0 undo shutdown mpls l2vc pw-template 3to1 100 mpls l2vpn pw bfd mpls l2vpn oam-mapping 3ah efm enable # interface Pos2/0/1 link-protocol ppp undo shutdown ip address 100.1.31.2 255.255.255.252 mpls mpls ldp # interface LoopBack1 ip address 3.3.3.3 255.255.255.255

Issue 03 (2008-09-22)

Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd.

6-203

6 PWE3 Configuration
# ospf 1 area 0.0.0.0 network 3.3.3.3 0.0.0.0 network 100.1.31.0 0.0.0.3 # return l

Quidway NetEngine80E/40E Core Router Configuration Guide - VPN

Configuration file of PE2.


# sysname PE2 # efm enable # bfd # mpls lsr-id 2.2.2.2 mpls # mpls l2vpn # pw-template 2to4 peer-address 4.4.4.4 control-word vccv cc cw cv lsp-ping bfd # mpls ldp # interface GigabitEthernet1/0/0 undo shutdown mpls l2vc pw-template 2to4 200 mpls l2vpn pw bfd mpls l2vpn oam-mapping 3ah efm enable # interface Pos2/0/0 link-protocol ppp undo shutdown ip address 100.1.24.1 255.255.255.252 mpls mpls ldp # interface LoopBack1 ip address 2.2.2.2 255.255.255.255 # ospf 1 area 0.0.0.0 network 2.2.2.2 0.0.0.0 network 100.1.24.0 0.0.0.3 # return

Configuration file of PE4.


# sysname PE4 # efm enable # bfd # mpls lsr-id 4.4.4.4 mpls # mpls l2vpn # pw-template 4to2 peer-address 2.2.2.2 control-word vccv cc cw cv lsp-ping bfd #

6-204

Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd.

Issue 03 (2008-09-22)

Quidway NetEngine80E/40E Core Router Configuration Guide - VPN


mpls ldp # interface GigabitEthernet1/0/0 undo shutdown mpls l2vc pw-template 4to2 200 mpls l2vpn pw bfd mpls l2vpn oam-mapping 3ah efm enable # interface Pos2/0/0 link-protocol ppp undo shutdown ip address 100.1.24.2 255.255.255.252 mpls mpls ldp # interface LoopBack1 ip address 4.4.4.4 255.255.255.255 # ospf 1 area 0.0.0.0 network 4.4.4.4 0.0.0.0 network 100.1.24.0 0.0.0.3 # return

6 PWE3 Configuration

6.14.13 Example for Configuring PW FRR - CEs Are Unsymmetrically Connected to PEs Through Ethernet Links, Dynamic BFD Is Used to Detect PWs, EFM Is Used to Detect ACs
Networking Requirements
As shown in Figure 6-28, CE1 is single-homed to PE1. CE2 is dual-homed to PE2 and PE3. The networking requirements are as follows:
l l

CEs are connected to PEs through Ethernet links. A PW is set up between PE1 and PE3. This PW is the working PW, and uses the MPLS TE tunnel. A PW is set up between PE1 and PE2. This PW is the protection PW, and uses the MPLS LSP tunnel. Fault detection between CEs and PEs is implemented according to the IEEE802.3ah protocol (EFM). If the working line -- CE2 PE3 P PE1-- becomes faulty, the L2VPN traffic can be rapidly switched to the the protection line -- CE2 PE2 PE1. After the working line CE2 PE3 P PE1 recovers from the fault, the L2VPN traffic is switched back.

Issue 03 (2008-09-22)

Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd.

6-205

6 PWE3 Configuration

Quidway NetEngine80E/40E Core Router Configuration Guide - VPN

Figure 6-28 Networking diagram of PW FRR CEs are unsymmetrically connected to PEs through Ethernet links, dynamic BFD is used to detect PWs, EFM is used to detect ACs
1 /0 / S2 /30 O P .1.2 3 0.1 0 1 1 /0 / /30 S2 3.1.1 O P 0.1 10

Loopback1 1.1.1.1/32

PO 10 S2/ 0.3 0 /2 4.1 .1/ 30 Loopback1 4.4.4.4/32

Loopback1 3.3.3.3/32 10 PO 0.3 S 4.1 2/0 .2/ /1 30

PE1
GE1/0/0

MPLS TE

PE3
PO 100 S2/0 / .1 2. 2 1.1/ 30

MP

LS

L SP
100 PO S2/0 .1 2. 1.2/ /1 30

Loopback1 2.2.2.2/32

GE1/0/0

GE1/0/0

PE2
GE1/0/1 GE1/0/0

GE1/0/0

CE1
GE1/0/1

CE2
GE1/0/2

Client1 10.1.1.1/24

Client2 10.1.1.2/24

Configuration Roadmap
The configuration roadmap is as follows: 1. 2. 3. 4. 5. 6. 7. Configure IGP on the backbone network. Set up MPLS TE tunnels between PE1 and PE3, and LSP tunnels between PE1 and PE2. Set up MPLS LDP sessions between PE1 and PE2, and between PE1 and PE3. Use PW templates to configure PWs on PEs. You need to use tunnel policies to configure the working PW because the working PW uses the MPLS TE tunnel. Set up BFD for PW sessions between PE1 and PE2, and between PE1 and PE3. On PEs and CEs, configure Ethernet OAM that complies with the IEEE802.3ah protocol. Enable OAM mapping on PEs. AC OAM detection and notification are then automatically enabled.

Data Preparation
To complete the configuration, you need the following data:
l l l l l

Tunnel policies Bandwidth for MPLS TE tunnels Name of the remote peer of MPLS LDP VC IDs of the working PW and the protection PW Name of the PW template
Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd. Issue 03 (2008-09-22)

6-206

Quidway NetEngine80E/40E Core Router Configuration Guide - VPN

6 PWE3 Configuration

Configuration Procedure
1. Add the interfaces on CEs to a same VLAN. # Configure CE1.
<Quidway> system-view [Quidway] sysname CE1 [CE1] portswitch batch gigabitethernet 1/0/0 to 1/0/1 [CE1] vlan 10 [CE1-vlan10] quit [CE1] interface gigabitethernet 1/0/0 [CE1-GigabitEthernet1/0/0] port default vlan 10 [CE1-GigabitEthernet1/0/0] undo shutdown [CE1-GigabitEthernet1/0/0] quit [CE1] interface gigabitethernet 1/0/1 [CE1-GigabitEthernet1/0/1] port default vlan 10 [CE1-GigabitEthernet1/0/1] undo shutdown [CE1-GigabitEthernet1/0/1] quit

# Configure CE2.
<Quidway> system-view [Quidway] sysname CE2 [CE2] portswitch batch gigabitethernet 1/0/0 [CE2] vlan 10 [CE2-vlan10] quit [CE2] interface gigabitethernet 1/0/0 [CE2-GigabitEthernet1/0/0] port default vlan [CE2-GigabitEthernet1/0/0] undo shutdown [CE2-GigabitEthernet1/0/0] quit [CE2] interface gigabitethernet 1/0/1 [CE2-GigabitEthernet1/0/1] port default vlan [CE2-GigabitEthernet1/0/1] undo shutdown [CE2-GigabitEthernet1/0/1] quit [CE2] interface gigabitethernet 1/0/2 [CE2-GigabitEthernet1/0/2] port default vlan [CE2-GigabitEthernet1/0/2] undo shutdown [CE2-GigabitEthernet1/0/2] quit
NOTE

to 1/0/1

10

10

10

The VLAN IDs of CE1 and CE2 can be different.

After the configuration, run the display vlan command. You can see that all interfaces are added to VLAN 10 untagged, and the physical status of the interfaces is Up. Take the display on CE1 as an example.
[CE1] display vlan 10 VLAN ID Type Status MAC Learning Broadcast -------------------------------------------------------------------------10 common enable enable enable ---------------Untagged Port: GigabitEthernet1/0/0 GigabitEthernet1/0/1 ---------------Interface Physical GigabitEthernet1/0/0 UP GigabitEthernet1/0/1 UP

2.

Configure IGP on the MPLS backbone network so that PEs and Ps can interwork. # Configure PE1.
[PE1] interface loopback 1 [PE1-LoopBack1] ip address 1.1.1.1 32 [PE1-LoopBack1] quit [PE1] interface pos 2/0/1 [PE1-Pos2/0/1] ip address 100.13.1.1 30 [PE1-Pos2/0/1] undo shutdown [PE1-Pos2/0/1] quit [PE1] interface pos 2/0/2 [PE1-Pos2/0/2] ip address 100.12.1.1 30 [PE1-Pos2/0/2] undo shutdown

Issue 03 (2008-09-22)

Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd.

6-207

6 PWE3 Configuration
[PE1-Pos2/0/2] quit [PE1] ospf 1 [PE1-ospf-1] area 0 [PE1-ospf-1-area-0.0.0.0] [PE1-ospf-1-area-0.0.0.0] [PE1-ospf-1-area-0.0.0.0] [PE1-ospf-1-area-0.0.0.0] [PE1-ospf-1] quit

Quidway NetEngine80E/40E Core Router Configuration Guide - VPN

network 1.1.1.1 0.0.0.0 network 100.13.1.0 0.0.0.3 network 100.12.1.0 0.0.0.3 quit

# Configure the P device.


[P] interface loopback 1 [P-LoopBack1] ip address 4.4.4.4 32 [P-LoopBack1] quit [P] interface pos 2/0/1 [P-Pos2/0/1] ip address 100.13.1.2 30 [P-Pos2/0/1] undo shutdown [P-Pos2/0/1] quit [P] interface pos 2/0/2 [P-Pos2/0/2] ip address 100.34.1.1 30 [P-Pos2/0/2] undo shutdown [P-Pos2/0/2] quit [P] ospf 1 [P-ospf-1] area 0 [P-ospf-1-area-0.0.0.0] network 4.4.4.4 0.0.0.0 [P-ospf-1-area-0.0.0.0] network 100.13.1.0 0.0.0.3 [P-ospf-1-area-0.0.0.0] network 100.34.1.0 0.0.0.3 [P-ospf-1-area-0.0.0.0] quit [P-ospf-1] quit

# Configure PE3.
[PE3] interface loopback 1 [PE3-LoopBack1] ip address 3.3.3.3 32 [PE3-LoopBack1] quit [PE3] interface pos2/0/1 [PE3-Pos2/0/1] ip address 100.34.1.2 30 [PE3-Pos2/0/1] undo shutdown [PE3-Pos2/0/1] quit [PE3] ospf 1 [PE3-ospf-1] area 0 [PE3-ospf-1-area-0.0.0.0] network 3.3.3.3 0.0.0.0 [PE3-ospf-1-area-0.0.0.0] network 100.34.1.0 0.0.0.3 [PE3-ospf-1-area-0.0.0.0] quit [PE3-ospf-1] quit

# Configure PE2.
[PE2] interface loopback 1 [PE2-LoopBack1] ip address 2.2.2.2 32 [PE2-LoopBack1] quit [PE2] interface pos 2/0/1 [PE2-Pos2/0/1] ip address 100.12.1.2 30 [PE2-Pos2/0/1] undo shutdown [PE2-Pos2/0/1] quit [PE2] ospf 1 [PE2-ospf-1] area 0 [PE2-ospf-1-area-0.0.0.0] network 2.2.2.2 0.0.0.0 [PE2-ospf-1-area-0.0.0.0] network 100.12.1.0 0.0.0.3 [PE2-ospf-1-area-0.0.0.0] quit [PE2-ospf-1] quit

After the configuration, run the display ip routing-table command on the PEs, and you can see that PE1 and PE2, and PE1 and PE3 have learned the routes on the Loopback1 interface of each other. Take the display on PE1 as an example.
<PE1> display ip routing-table Route Flags: R - relied, D - download to fib -----------------------------------------------------------------------------Routing Tables: Public Destinations : 13 Routes : 13

6-208

Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd.

Issue 03 (2008-09-22)

Quidway NetEngine80E/40E Core Router Configuration Guide - VPN


Destination/Mask 1.1.1.1/32 2.2.2.2/32 3.3.3.3/32 4.4.4.4/32 100.12.1.0/30 100.12.1.1/32 100.12.1.2/32 100.13.1.0/30 100.13.1.1/32 100.13.1.2/32 100.34.1.0/30 127.0.0.0/8 127.0.0.1/32 Proto Direct OSPF OSPF OSPF Direct Direct Direct Direct Direct Direct OSPF Direct Direct Pre 0 10 10 10 0 0 0 0 0 0 10 0 0 Cost 0 2 3 2 0 0 0 0 0 0 2 0 0 Flags D D D D D D D D D D D D D NextHop 127.0.0.1 100.12.1.2 100.13.1.2 100.13.1.2 100.12.1.1 127.0.0.1 100.12.1.2 100.13.1.1 127.0.0.1 100.13.1.2 100.13.1.2 127.0.0.1 127.0.0.1

6 PWE3 Configuration
Interface InLoopBack0 Pos2/0/2 Pos2/0/1 Pos2/0/1 Pos2/0/2 InLoopBack0 Pos2/0/2 Pos2/0/1 InLoopBack0 Pos2/0/1 Pos2/0/1 InLoopBack0 InLoopBack0

3.

Configure the basic MPLS functions on the MPLS backbone network. # Enable MPLS, and set LSR-ID as the IP address of the Loopback1 interface. Enable MPLS on interfaces of the backbone network. # Configure PE1.
[PE1] mpls lsr-id 1.1.1.1 [PE1] mpls [PE1-mpls] quit [PE1] interface pos2/0/1 [PE1-Pos2/0/1] mpls [PE1-Pos2/0/1] quit [PE1] interface pos2/0/2 [PE1-Pos2/0/2] mpls [PE1-Pos2/0/2] quit

# Configure the P device.


[P] mpls lsr-id 4.4.4.4 [P] mpls [P-mpls] quit [P] interface pos2/0/1 [P-Pos2/0/1] mpls [P-Pos2/0/1] quit [P] interface pos 2/0/2 [P-Pos2/0/2] mpls [P-Pos2/0/2] quit

# Configure PE2.
[PE2] mpls lsr-id 2.2.2.2 [PE2] mpls [PE2-mpls] quit [PE2] interface pos 2/0/1 [PE2-Pos2/0/1] mpls [PE2-Pos2/0/1] quit

# Configure PE3.
[PE3] mpls lsr-id 3.3.3.3 [PE3] mpls [PE3-mpls] quit [PE3] interface pos 2/0/1 [PE3-Pos2/0/1] mpls [PE3-Pos2/0/1] quit

4.

Set up MPLS TE tunnels between PE1 and PE3, and LSP tunnels between PE1 and PE2. # Configure PE1.
[PE1] mpls [PE1-mpls] mpls te [PE1-mpls] mpls rsvp-te [PE1-mpls] mpls te cspf [PE1-mpls] quit [PE1] interface pos2/0/1 [PE1-Pos2/0/1] mpls te [PE1-Pos2/0/1] mpls rsvp-te [PE1-Pos2/0/1] mpls te max-link-bandwidth 50

Issue 03 (2008-09-22)

Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd.

6-209

6 PWE3 Configuration

Quidway NetEngine80E/40E Core Router Configuration Guide - VPN


[PE1-Pos2/0/1] mpls te max-reservable-bandwidth 30 [PE1-Pos2/0/1] quit [PE1] mpls ldp [PE1-mpls-ldp] quit [PE1] interface pos2/0/2 [PE1-Pos2/0/2] mpls ldp [PE1-Pos2/0/2] quit [PE1] interface tunnel2/0/0 [PE1-Tunnel2/0/0] ip address unnumbered interface loopback1 [PE1-Tunnel2/0/0] tunnel-protocol mpls te [PE1-Tunnel2/0/0] destination 3.3.3.3 [PE1-Tunnel2/0/0] mpls te tunnel-id 13 [PE1-Tunnel2/0/0] mpls te bandwidth bc0 20 [PE1-Tunnel2/0/0] mpls te commit [PE1-Tunnel2/0/0] quit [PE1] ospf 1 [PE1-ospf-1] opaque-capability enable [PE1-ospf-1] area 0 [PE1-ospf-1-area-0.0.0.0] mpls-te enable [PE1-ospf-1-area-0.0.0.0] quit [PE1-ospf-1] quit

# Configure the P device.


[P] mpls [P-mpls] mpls te [P-mpls] mpls rsvp-te [P-mpls] quit [P] interface pos2/0/1 [P-Pos2/0/1] mpls te [P-Pos2/0/1] mpls rsvp-te [P-Pos2/0/1] mpls te max-link-bandwidth 50 [P-Pos2/0/1] mpls te max-reservable-bandwidth 30 [P-Pos2/0/1] quit [P] interface pos 2/0/2 [P-Pos2/0/2] mpls te [P-Pos2/0/2] mpls rsvp-te [P-Pos2/0/2] mpls te max-link-bandwidth 50 [P-Pos2/0/2] mpls te max-reservable-bandwidth 30 [P-Pos2/0/2] quit [P] ospf 1 [P-ospf-1] opaque-capability enable [P-ospf-1] area 0 [P-ospf-1-area-0.0.0.0] mpls-te enable [P-ospf-1-area-0.0.0.0] quit [P-ospf-1] quit

# Configure PE3.
[PE3] mpls [PE3-mpls] mpls te [PE3-mpls] mpls rsvp-te [PE3-mpls] mpls te cspf [PE3-mpls] quit [PE3] interface pos2/0/1 [PE3-Pos2/0/1] mpls te [PE3-Pos2/0/1] mpls rsvp-te [PE3-Pos2/0/1] mpls te max-link-bandwidth 50 [PE3-Pos2/0/1] mpls te max-reservable-bandwidth 30 [PE3-Pos2/0/1] quit [PE3] interface tunnel2/0/0 [PE3-Tunnel2/0/0] ip address unnumbered interface LoopBack1 [PE3-Tunnel2/0/0] tunnel-protocol mpls te [PE3-Tunnel2/0/0] destination 1.1.1.1 [PE3-Tunnel2/0/0] mpls te tunnel-id 31 [PE3-Tunnel2/0/0] mpls te bandwidth bc0 20 [PE3-Tunnel2/0/0] mpls te commit [PE3-Tunnel2/0/0] quit [PE3] ospf 1 [PE3-ospf-1] opaque-capability enable [PE3-ospf-1] area0 [PE3-ospf-1-area-0.0.0.0] mpls-te enable

6-210

Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd.

Issue 03 (2008-09-22)

Quidway NetEngine80E/40E Core Router Configuration Guide - VPN


[PE3-ospf-1-area-0.0.0.0] quit [PE3-ospf-1] quit

6 PWE3 Configuration

# Configure PE2.
[PE2] mpls ldp [PE2-mpls-ldp] quit [PE2] interface pos2/0/1 [PE2-Pos2/0/1] mpls ldp [PE2-Pos2/0/1] quit

After the configuration, run the display tunnel-info all command on PEs. You can see that MPLS TE tunnels are set up between PE1 and PE3, and MPLS LSP tunnels are set up between PE1 and PE2. Take the display on PE1 as an example.
<PE1> display tunnel-info all * -> Allocated VC Token Tunnel ID Type Destination Token ---------------------------------------------------------------------0x42002000 cr lsp 3.3.3.3 0 0x2002001 lsp -1 0x2002002 lsp 2.2.2.2 2

5.

Set up remote LDP sessions between PEs. # Configure remote LDP sessions. Usually, addresses of the Loopback interfaces of the remote LDP peers are set as the IP addresses for remote LDP sessions.
NOTE

In this example, PE1 and PE2 are directly connected and you do not need to manually configure remote LDP sessions between them.

# Configure PE1.
[PE1] mpls ldp remote-peer 3.3.3.3 [PE1-mpls-ldp-remote-3.3.3.3] remote-ip 3.3.3.3

# Configure PE3.
[PE3] mpls ldp [PE3-mpls-ldp] quit [PE3] mpls ldp remote-peer 1.1.1.1 [PE3-mpls-ldp-remote-1.1.1.1] remote-ip 1.1.1.1

After the configuration, run the display mpls ldp session on PEs. You can see that the status of the remote LDP peer relationship is Operational. This indicates that remote LDP sessions are set up. Take the display on PE1 as an example.
<PE1> display mpls ldp session LDP Session(s) in Public Network -----------------------------------------------------------------------------Peer-ID Status LAM SsnRole SsnAge KA-Sent/Rcv -----------------------------------------------------------------------------2.2.2.2:0 Operational DU Passive 000:00:03 16/16 3.3.3.3:0 Operational DU Passive 000:00:00 1/1 -----------------------------------------------------------------------------TOTAL: 2 session(s) Found. LAM : Label Advertisement Mode SsnAge Unit : DDD:HH:MM

6.

Configure tunnel policies on PEs. # Configure PE1.


[PE1] tunnel-policy p1 [PE1-tunnel-policy-p1] tunnel select-seq cr-lsp load-balance-number 1 [PE1-tunnel-policy-p1] quit

# Configure PE3.
Issue 03 (2008-09-22) Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd. 6-211

6 PWE3 Configuration

Quidway NetEngine80E/40E Core Router Configuration Guide - VPN


[PE3] tunnel-policy p1 [PE3-tunnel-policy-p1] tunnel select-seq cr-lsp load-balance-number 1 [PE3-tunnel-policy-p1] quit

7.

Configure PWs on PEs by using PW templates. # Configure a working PW and a protection PW on PE1. Configure PWs on PE2 and PE3. PE2 and PE3 have only one PW respectively, and there is no working-protection distinction. # Configure PE1.
[PE1] mpls l2vpn [PE1-l2vpn] quit [PE1] pw-template 1to2 [PE1-pw-template-1to2] peer-address 2.2.2.2 [PE1-pw-template-1to2] control-word [PE1-pw-template-1to2] vccv cc cw cv lsp-ping bfd [PE1-pw-template-1to2] quit [PE1] pw-template 1to3 [PE1-pw-template-1to3] peer-address 3.3.3.3 [PE1-pw-template-1to3] control-word [PE1-pw-template-1to3] vccv cc cw cv lsp-ping bfd [PE1-pw-template-1to3] quit [PE1] interface gigabitethernet 1/0/0 [PE1-GigabitEthernet1/0/0] mpls l2vc pw-template 1to3 100 tunnel-policy p1 [PE1-GigabitEthernet1/0/0] mpls l2vc pw-template 1to2 200 secondary [PE1-GigabitEthernet1/0/0] undo shutdown [PE1-GigabitEthernet1/0/0] quit

# Configure PE2.
[PE2] mpls l2vpn [PE2-l2vpn] quit [PE2] pw-template 2to1 [PE2-pw-template-2to1] peer-address 1.1.1.1 [PE2-pw-template-2to1] control-word [PE2-pw-template-2to1] vccv cc cw cv lsp-ping bfd [PE2-pw-template-2to1] quit [PE2] interface gigabitethernet 1/0/0 [PE2-GigabitEthernet1/0/0] mpls l2vc pw-template 2to1 200 [PE2-GigabitEthernet1/0/0] undo shutdown [PE2-GigabitEthernet1/0/0] quit

# Configure PE3.
[PE3] mpls l2vpn [PE3-l2vpn] quit [PE3] pw-template 3to1 [PE3-pw-template-3to1] peer-address 1.1.1.1 [PE3-pw-template-3to1] control-word [PE3-pw-template-3to1] vccv cc cw cv lsp-ping bfd [PE3-pw-template-3to1] quit [PE3] interface gigabitethernet 1/0/0 [PE3-GigabitEthernet1/0/0] mpls l2vc pw-template 3to1 100 tunnel-policy p1 [PE3-GigabitEthernet1/0/0] undo shutdown [PE3-GigabitEthernet1/0/0] quit

After the configuration, run the display pw-template command on PEs. You can view the information about the configurations of PW templates, and you can see that VCCV is enabled. Take the display on PE1 as an example.
[PE1] display pw-template Total PW template number : 2 PW Template Name : 1to2 PeerIP : 2.2.2.2 Tnl Policy Name : -CtrlWord : Enable VCCV Capability : cw lsp-ping bfd Behavior Name : -Total PW : 1, Static PW : 0, LDP PW : 1, Rsvp PW : 0 PW Template Name : 1to3

6-212

Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd.

Issue 03 (2008-09-22)

Quidway NetEngine80E/40E Core Router Configuration Guide - VPN


PeerIP Tnl Policy Name CtrlWord VCCV Capability Behavior Name Total PW : : : : : :

6 PWE3 Configuration
3.3.3.3 -Enable cw lsp-ping bfd -1, Static PW : 0, LDP PW : 1, Rsvp PW : 0

After the configuration, run the display mpls l2vc interface command on PEs. You can see that the working PW and protection PW are set up and are Up. The working PW is Active, and the protection PW is InActive. Take the display on PE1 as an example.
<PE1> display mpls l2vc interface gigabitethernet 1/0/0 *client interface : GigabitEthernet1/0/0 is up session state : up AC state : up VC state : up VC ID : 100 VC type : Ethernet destination : 3.3.3.3 local group ID : 0 remote group ID : 0 local VC label : 21504 remote VC label : 21504 local AC OAM State : up local PSN State : up local forwarding state : forwarding remote AC OAM state : up remote PSN state : up remote forwarding state: forwarding BFD for PW : unavailable manual fault : not set active state : active forwarding entry : exist link state : up local VC MTU : 1500 remote VC MTU : 1500 local VCCV : cw lsp-ping bfd remote VCCV : cw lsp-ping bfd local control word : enable remote control word : enable tunnel policy : p1 traffic behavior : -PW template name : 1to3 primary or secondary : primary VC tunnel/token info : 1 tunnels/tokens NO.0 TNL type : cr lsp, TNL ID : 0x42002000 create time : 0 days, 0 hours, 23 minutes, 7 seconds up time : 0 days, 0 hours, 1 minutes, 21 seconds last change time : 0 days, 0 hours, 1 minutes, 21 seconds *client interface : GigabitEthernet1/0/0 is up session state : up AC state : up VC state : up VC ID : 200 VC type : Ethernet destination : 2.2.2.2 local group ID : 0 remote group ID : 0 local VC label : 21505 remote VC label : 21505 local AC OAM state : up local PSN state : up local forwarding state : forwarding remote AC OAM state : up remote PSN state : up remote forwarding state: forwarding BFD for PW : unavailable manual fault : not set active state : inactive forwarding entry : existent link state : up local VC MTU : 1500 remote VC MTU : 1500 local VCCV : cw lsp-ping bfd remote VCCV : cw lsp-ping bfd

Issue 03 (2008-09-22)

Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd.

6-213

6 PWE3 Configuration
local control word tunnel policy traffic behavior PW template name primary or secondary VC tunnel/token info NO.0 TNL type : lsp create time up time last change time reroute policy reason of last reroute time of last reroute delay timer ID resume timer ID : : : : : : : : : : : : : :

Quidway NetEngine80E/40E Core Router Configuration Guide - VPN


enable remote control word : enable --1to2 secondary 1 tunnels/tokens , TNL ID : 0x2002001 0 days, 0 hours, 22 minutes, 19 seconds 0 days, 0 hours, 1 minutes, 32 seconds 0 days, 0 hours, 1 minutes, 32 seconds delay 30 s, resume 0 s New LDP mapping message was received 0 days, 0 hours, 0 minutes, 50 seconds -rest time :--rest time :--

Client1 can ping through the address 10.1.1.2 on Client2.


[Client] ping 10.1.1.2 PING 10.1.1.2: 56 data bytes, press CTRL_C to break Reply from 10.1.1.2: bytes=56 Sequence=1 ttl=255 time=180 ms Reply from 10.1.1.2: bytes=56 Sequence=2 ttl=255 time=150 ms Reply from 10.1.1.2: bytes=56 Sequence=3 ttl=255 time=150 ms Reply from 10.1.1.2: bytes=56 Sequence=4 ttl=255 time=190 ms Reply from 10.1.3.110.1.1.2: bytes=56 Sequence=5 ttl=255 time=160 ms --- 10.1.1.2 ping statistics --5 packet(s) transmitted 5 packet(s) received 0.00% packet loss round-trip min/avg/max = 150/166/190 ms

Run the display mac-address dynamic command on CEs. Here, CE2 is taken as an example. You can see that GE1/0/0 and GE1/0/2 of CE2 have respectively learnt the MAC addresses of Client1 (00e0-413f-8401) and Client2 (00e0-c279-e10a 10). This indicates that the clients now use the working line CE2 PE3 P PE1 for data transmission between themselves.
[CE2] display mac-address dynamic 1 MAC Address VLAN/VSI PEVLAN CEVLAN Port Type Lsp ------------------------------------------------------------------------------00e0-413f-8401 10 GigabitEthernet1/0/0 dynamic 1/0 00e0-c279-e10a 10 GigabitEthernet1/0/2 dynamic 1/0 Total 2 ,2 printed

8.

Configure the BFD for PW function on PEs.


NOTE

Here, dynamic BFD for PW is taken as an example.

# Configure PE1.
[PE1] bfd [PE1-bfd] quit [PE1] interface gigabitethernet 1/0/0 [PE1-GigabitEthernet1/0/0] mpls l2vpn pw bfd [PE1-GigabitEthernet1/0/0] mpls l2vpn pw bfd secondary [PE1-GigabitEthernet1/0/0] quit

# Configure PE2.
[PE2] bfd [PE2-bfd] quit [PE2] interface gigabitethernet 1/0/0 [PE2-GigabitEthernet1/0/0] mpls l2vpn pw bfd [PE2-GigabitEthernet1/0/0] quit

# Configure PE3.
[PE3] bfd [PE3-bfd] quit [PE3] interface gigabitethernet 1/0/0 [PE3-GigabitEthernet1/0/0] mpls l2vpn pw bfd

6-214

Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd.

Issue 03 (2008-09-22)

Quidway NetEngine80E/40E Core Router Configuration Guide - VPN


[PE3-GigabitEthernet1/0/0] quit

6 PWE3 Configuration

After the configuration, BFD sessions are set up between PE1 and PE2, and between PE1 and PE3. Run the display bfd session all command. You can see that State is Up. Take the display on PE1 as an example.
<PE1> display bfd session all ------------------------------------------------------------------------------Local Remote PeerIpAddr InterfaceName State Type ------------------------------------------------------------------------------8192 8192 --.--.--.-GigabitEthernet1/0/0 Up D_PW(M) 8193 8192 --.--.--.-GigabitEthernet1/0/0 Up D_PW(S) ------------------------------------------------------------------------------Total UP/DOWN Session Number : 2/0

Run the display bfd configuration all command. You can view the information about the BFD configuration, and the Commit field is True.
<PE1> display bfd configuration all ------------------------------------------------------------------------------CFG Name CFG Type LocalDiscr MIndex SessNum Commit AdminDown ------------------------------------------------------------------------------dyn_8192 Dynamic 8192 256 1 True False dyn_8193 Dynamic 8193 257 1 True False ------------------------------------------------------------------------------Total Commit/Uncommit CFG Number : 2/0

9.

Configure Ethernet OAM on PEs and CEs.


NOTE

In this example, Ethernet OAM complies with the IEEE802.3ah protocol (EFM).

# Configure CE1.
[CE1] efm enable [CE1] interface gigabitethernet 1/0/0 [CE1-GigabitEthernet1/0/0] efm enable [CE1-GigabitEthernet1/0/0] quit

# Configure CE2.
[CE2] efm enable [CE2] interface gigabitethernet 1/0/0 [CE2-GigabitEthernet1/0/0] efm enable [CE2-GigabitEthernet1/0/0] quit [CE2] interface gigabitethernet 1/0/1 [CE2-GigabitEthernet1/0/1] efm enable [CE2-GigabitEthernet1/0/1] quit

# Configure PE1.
[PE1] efm enable [PE1] interface gigabitethernet 1/0/0 [PE1-GigabitEthernet1/0/0] efm enable [PE1-GigabitEthernet1/0/0] quit

# Configure PE2.
[PE2] efm enable [PE2] interface gigabitethernet 1/0/0 [PE2-GigabitEthernet1/0/0] efm enable [PE2-GigabitEthernet1/0/0] quit

# Configure PE3.
[PE3] efm enable [PE3] interface gigabitethernet 1/0/0 [PE3-GigabitEthernet1/0/0] efm enable

Issue 03 (2008-09-22)

Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd.

6-215

6 PWE3 Configuration
[PE3-GigabitEthernet1/0/0] quit

Quidway NetEngine80E/40E Core Router Configuration Guide - VPN

After the configuration ,run the display efm session all command on PEs or CEs. You can see the state of EFM is detect. Take the display on PE1 and CE1 as an example.
<PE1> display efm session all Interface EFM State Loopback Timeou ---------------------------------------------------------------------GigabitEthernet1/0/0 detect -<CE1> display efm session all Interface EFM State Loopback Timeou ---------------------------------------------------------------------GigabitEthernet1/0/0 detect --

10. Enable OAM Mapping on PEs. AC OAM detection and notification are then automatically enabled. # Take the configuration of PE1 as an example. Configurations on PE2 and PE3 are the same, and are not mentioned here.
[PE1] interface gigabitethernet 1/0/0 [PE1-GigabitEthernet1/0/0] mpls l2vpn oam-mapping 3ah [PE1-GigabitEthernet1/0/0] quit

Run the display mpls l2vc oam-mapping interface command on PEs to check information about OAM Mapping. You can see that AC OAM is Up, BFD for PW is Enable, and BFD is Up. Take the display on PE1 as an example.
<PE1> display mpls l2vc oam-mapping interface gigabitethernet 1/0/0 AC OAM Info: ACFD Index : 802.3ah Notify : Enable Detect : Enable AC OAM State : Up OAM-mapping : Enable PSN info: VC-ID : 100 VC status : Primary Active State : Active Link State : Up BFD for PW : Enable BFDSessionIndex:256 ,BFD State : up BFD for LSP : 0 TunnelNum: 1 PSN State : up VC-ID : 200 VC status : Secondary Active State : Inactive Link State : Up BFD for PW : Enable BFDSessionIndex:257 ,BFD State : up BFD for LSP : 0 TunnelNum: 1 PSN State : up

11. Verify the configuration.


l

View the status of PWs.

Run the display mpls l2vc interface command on PE1. If the configuration is successful, you can see that the working PW is Active, the protection PW is InActive, and BFD for PW for the working and protection PWs is available.
<PE1> display mpls l2vc interface gigabitethernet 1/0/0 *client interface : GigabitEthernet1/0/0 is up session state : up AC state : up VC state : up VC ID : 100 VC type : Ethernet destination : 3.3.3.3 local group ID : 0 remote group ID

: 0

6-216

Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd.

Issue 03 (2008-09-22)

Quidway NetEngine80E/40E Core Router Configuration Guide - VPN

6 PWE3 Configuration

local VC label : 21504 remote VC label : 21504 local AC OAM State : up local PSN State : up local forwarding state : forwarding remote AC OAM state : up remote PSN state : up remote forwarding state: forwarding Dynamic BFD for PW : enable Detect Multipier : 3 Min Transit Interval : 1000 Max Receive Interval : 1000 Dynamic BFD Session : built BFD for PW : available BFD sessionIndex : 256 BFD state : up manual fault : not set active state : active forwarding entry : exist link state : up local VC MTU : 1500 remote VC MTU : 1500 local VCCV : cw lsp-ping bfd remote VCCV : cw lsp-ping bfd local control word : enable remote control word : enable tunnel policy : p1 traffic behavior : -PW template name : 1to3 primary or secondary : primary VC tunnel/token info : 1 tunnels/tokens NO.0 TNL type : cr lsp, TNL ID : 0x42002000 create time : 0 days, 1 hours, 5 minutes, 19 seconds up time : 0 days, 0 hours, 43 minutes, 33 seconds last change time : 0 days, 0 hours, 43 minutes, 33 seconds *client interface : GigabitEthernet1/0/0 is up session state : up AC state : up VC state : up VC ID : 200 VC type : Ethernet destination : 2.2.2.2 local group ID : 0 remote group ID : 0 local VC label : 21505 remote VC label : 21505 local AC OAM state : up local PSN state : up local forwarding state : forwarding remote AC OAM state : up remote PSN state : up remote forwarding state: forwarding Dynamic BFD for PW : enable Detect Multipier : 3 Min Transit Interval : 100 Max Receive Interval : 100 Dynamic BFD Session : built BFD for PW : available BFD sessionIndex : 257 BFD state : up manual fault : not set active state : inactive forwarding entry : existent link state : up local VC MTU : 1500 remote VC MTU : 1500 local VCCV : cw lsp-ping bfd remote VCCV : cw lsp-ping bfd local control word : enable remote control word : enable tunnel policy : -traffic behavior : -PW template name : 1to2 primary or secondary : secondary VC tunnel/token info : 1 tunnels/tokens NO.0 TNL type : lsp , TNL ID : 0x2002001 create time : 0 days, 1 hours, 4 minutes, 31 seconds up time : 0 days, 0 hours, 43 minutes, 44 seconds

Issue 03 (2008-09-22)

Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd.

6-217

6 PWE3 Configuration
last change time reroute policy reason of last reroute time of last reroute delay timer ID resume timer ID l : : : : : :

Quidway NetEngine80E/40E Core Router Configuration Guide - VPN


0 days, 0 hours, 43 minutes, 44 seconds delay 30 s, resume 0 s New LDP mapping message was received 0 days, 0 hours, 43 minutes, 2 seconds -rest time :--rest time :--

Verify the working-protection switchover of PWs on PE1.

Disable Ethernet OAM on GE1/0/0 of CE2, and simulate a remote AC fault.


[CE2] interface gigabitethernet 1/0/0 [CE2-GigabitEthernet1/0/1] undo efm enable

Run the display mpls l2vc interface command on PE1. Then, PE1 identifies that OAM is Down on the remote AC. Working-protection switchover of PWs is carried out on PE1: the working PW changes to InActive, and the protection PW changes to Active.
<PE1> display mpls l2vc interface gigabitethernet 1/0/0 *client interface : GigabitEthernet1/0/0 is up session state : up AC state : up VC state : up VC ID : 100 VC type : Ethernet destination : 3.3.3.3 local group ID : 0 remote group ID : 0 local VC label : 21504 remote VC label : 21504 local AC OAM State : up local PSN State : up local forwarding state : forwarding remote AC OAM state : down remote PSN state : up remote forwarding state: forwarding Dynamic BFD for PW : enable Detect Multipier : 3 Min Transit Interval : 1000 Max Receive Interval : 1000 Dynamic BFD Session : built BFD for PW : available BFD sessionIndex : 256 BFD state : up manual fault : not set active state : inactive forwarding entry : exist link state : up local VC MTU : 1500 remote VC MTU : 1500 local VCCV : cw lsp-ping bfd remote VCCV : cw lsp-ping bfd local control word : enable remote control word : enable tunnel policy : p1 traffic behavior : -PW template name : 1to3 primary or secondary : primary VC tunnel/token info : 1 tunnels/tokens NO.0 TNL type : cr lsp, TNL ID : 0x42002000 create time : 0 days, 1 hours, 5 minutes, 19 seconds up time : 0 days, 0 hours, 43 minutes, 33 seconds last change time : 0 days, 0 hours, 43 minutes, 33 seconds *client interface : GigabitEthernet1/0/0 is up session state : up AC state : up VC state : up VC ID : 200 VC type : Ethernet destination : 2.2.2.2 local group ID : 0 remote group ID : 0 local VC label : 21505 remote VC label : 21505 local AC OAM state : up local PSN state : up local forwarding state : forwarding remote AC OAM state : up

6-218

Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd.

Issue 03 (2008-09-22)

Quidway NetEngine80E/40E Core Router Configuration Guide - VPN


remote PSN state : remote forwarding state: Dynamic BFD for PW : Detect Multipier : Min Transit Interval : Max Receive Interval : Dynamic BFD Session : BFD for PW : BFD sessionIndex : manual fault : active state : forwarding entry : link state : local VC MTU : local VCCV : remote VCCV : local control word : tunnel policy : traffic behavior : PW template name : primary or secondary : VC tunnel/token info : NO.0 TNL type : lsp create time : up time : last change time : reroute policy : reason of last reroute : time of last reroute : delay timer ID : resume timer ID :

6 PWE3 Configuration
up forwarding enable 3 100 100 built available 257 BFD state : up not set active existent up 1500 remote VC MTU : 1500 cw lsp-ping bfd cw lsp-ping bfd enable remote control word : enable --1to2 secondary 1 tunnels/tokens , TNL ID : 0x2002001 0 days, 1 hours, 6 minutes, 30 seconds 0 days, 0 hours, 1 minutes, 0 seconds 0 days, 0 hours, 1 minutes, 0 seconds delay 30 s, resume 0 s New LDP mapping message was received 0 days, 0 hours, 18 minutes, 37 seconds -rest time :--rest time :--

Client1 can ping through the address 10.1.1.2 on Client2.


[Client1] ping 10.1.1.2 PING 10.1.1.2: 56 data bytes, press CTRL_C to break Reply from 10.1.1.2: bytes=56 Sequence=1 ttl=254 time=210 Reply from 10.1.1.2: bytes=56 Sequence=2 ttl=254 time=190 Reply from 10.1.1.2: bytes=56 Sequence=3 ttl=254 time=160 Reply from 10.1.1.2: bytes=56 Sequence=4 ttl=254 time=130 Reply from 10.1.1.2: bytes=56 Sequence=5 ttl=254 time=190 --- 10.1.1.2 ping statistics --5 packet(s) transmitted 5 packet(s) received 0.00% packet loss round-trip min/avg/max = 130/176/210 ms ms ms ms ms ms

Run the display mac-address dynamic command once again on CEs. Here, CE2 is taken as an example. You can see that GE1/0/1 and GE1/0/2 of CE2 have once again learnt the MAC addresses of Client1 (00e0-413f-8401) and Client2 (00e0-c279-e10a 10). This indicates that the clients now use the protection line CE2 PE2 PE1 for data transmission between themselves.
[CE2] display mac-address dynamic 1 MAC Address VLAN/VSI PEVLAN CEVLAN Port Type Lsp ------------------------------------------------------------------------------00e0-413f-8401 10 GigabitEthernet1/0/1 dynamic 1/0 00e0-c279-e10a 10 GigabitEthernet1/0/2 dynamic 1/0 Total 2 ,2 printed

Configure Ethernet OAM once again on GE1/0/0 of CE2, and disable the fault that is manually simulated.
[CE2] interface gigabitethernet 1/0/0 [CE2-GigabitEthernet1/0/1] efm enable

Run the display mpls l2vc interface command on PE1. Then, PE1 identifies that OAM is Up on the remote AC, and that the fault has been rectified. The working-protection switchover of PWs is carried out on PE1, the working PW changes back to Active, and the protection PW changes back to InActive.
Issue 03 (2008-09-22) Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd. 6-219

6 PWE3 Configuration

Quidway NetEngine80E/40E Core Router Configuration Guide - VPN


[PE1] display mpls l2vc interface gigabitethernet 1/0/0 *client interface : GigabitEthernet1/0/0 is up session state : up AC state : up VC state : up VC ID : 100 VC type : Ethernet destination : 3.3.3.3 local group ID : 0 remote group ID : 0 local VC label : 21504 remote VC label : 21504 local AC OAM State : up local PSN State : up local forwarding state : forwarding remote AC OAM state : up remote PSN state : up remote forwarding state: forwarding Dynamic BFD for PW : enable Detect Multipier : 3 Min Transit Interval : 1000 Max Receive Interval : 1000 Dynamic BFD Session : built BFD for PW : available BFD sessionIndex : 256 BFD state : up manual fault : not set active state : active forwarding entry : exist link state : up local VC MTU : 1500 remote VC MTU : 1500 local VCCV : cw lsp-ping bfd remote VCCV : cw lsp-ping bfd local control word : enable remote control word : enable tunnel policy : p1 traffic behavior : -PW template name : 1to3 primary or secondary : primary VC tunnel/token info : 1 tunnels/tokens NO.0 TNL type : cr lsp, TNL ID : 0x42002000 create time : 0 days, 1 hours, 15 minutes, 40 seconds up time : 0 days, 0 hours, 43 minutes, 33 seconds last change time : 0 days, 0 hours, 43 minutes, 33 seconds *client interface : GigabitEthernet1/0/0 is up session state : up AC state : up VC state : up VC ID : 200 VC type : Ethernet destination : 2.2.2.2 local group ID : 0 remote group ID : 0 local VC label : 21505 remote VC label : 21505 local AC OAM state : up local PSN state : up local forwarding state : forwarding remote AC OAM state : up remote PSN state : up remote forwarding state: forwarding Dynamic BFD for PW : enable Detect Multipier : 3 Min Transit Interval : 100 Max Receive Interval : 100 Dynamic BFD Session : built BFD for PW : available BFD sessionIndex : 257 BFD state : up manual fault : not set active state : inactive forwarding entry : existent link state : up local VC MTU : 1500 remote VC MTU : 1500 local VCCV : cw lsp-ping bfd remote VCCV : cw lsp-ping bfd

6-220

Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd.

Issue 03 (2008-09-22)

Quidway NetEngine80E/40E Core Router Configuration Guide - VPN


local control word tunnel policy traffic behavior PW template name primary or secondary VC tunnel/token info NO.0 TNL type : lsp create time up time last change time reroute policy reason of last reroute time of last reroute delay timer ID resume timer ID : : : : : : : : : : : : : :

6 PWE3 Configuration
enable remote control word : enable --1to2 secondary 1 tunnels/tokens , TNL ID : 0x2002001 0 days, 1 hours, 16 minutes, 30 seconds 0 days, 0 hours, 1 minutes, 0 seconds 0 days, 0 hours, 1 minutes, 0 seconds delay 30 s, resume 0 s New LDP mapping message was received 0 days, 0 hours, 18 minutes, 37 seconds -rest time :--rest time :--

Client1 can ping through the address 10.1.1.2 on Client2.


[Client1] ping 10.1.1.2 PING 10.1.1.2: 56 data bytes, press CTRL_C to break Reply from 10.1.1.2: bytes=56 Sequence=1 ttl=254 time=210 Reply from 10.1.1.2: bytes=56 Sequence=2 ttl=254 time=190 Reply from 10.1.1.2: bytes=56 Sequence=3 ttl=254 time=160 Reply from 10.1.1.2: bytes=56 Sequence=4 ttl=254 time=130 Reply from 10.1.1.2: bytes=56 Sequence=5 ttl=254 time=190 --- 10.1.1.2 ping statistics --5 packet(s) transmitted 5 packet(s) received 0.00% packet loss round-trip min/avg/max = 130/176/210 ms ms ms ms ms ms

Run the display mac-address dynamic command on CEs. Here, CE2 is taken as an example. You can see that GE1/0/0 and GE1/0/2 of CE2 have once again learnt the MAC addresses of Client1 (00e0-413f-8401) and Client2 (00e0-c279-e10a). This indicates that the clients once again use the working line CE2 PE3 P PE1 for data transmission between themselves.
[CE2] display mac-address dynamic 1 MAC Address VLAN/VSI PEVLAN CEVLAN Port Type Lsp ------------------------------------------------------------------------------00e0-413f-8401 10 GigabitEthernet1/0/1 dynamic 1/0 00e0-c279-e10a 10 GigabitEthernet1/0/2 dynamic 1/0 Total 2 ,2 printed

Configuration Files
l

Configuration file of CE1.


# sysname CE1 # vlan batch 10 # efm enable # interface GigabitEthernet1/0/0 undo shutdown portswitch port default vlan 10 efm enable # interface PosGigabitEthernet1/0/1 undo shutdown portswitch port default vlan 10 # return

Configuration file of CE2.


Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd. 6-221

Issue 03 (2008-09-22)

6 PWE3 Configuration
# sysname CE2 # vlan batch 10 # efm enable # interface GigabitEthernet1/0/0 undo shutdown portswitch port default vlan 10 efm enable # interface GigabitEthernet1/0/1 undo shutdown portswitch port default vlan 10 efm enable # interface GigabitEthernet1/0/2 undo shutdown portswitch port default vlan 10 # return l

Quidway NetEngine80E/40E Core Router Configuration Guide - VPN

Configuration file of PE1.


# sysname PE1 # efm enable # bfd # mpls lsr-id 1.1.1.1 mpls mpls te mpls rsvp-te mpls te cspf # mpls l2vpn # pw-template 1to2 peer-address 2.2.2.2 control-word vccv cc cw cv lsp-ping bfd # pw-template 1to3 peer-address 3.3.3.3 control-word vccv cc cw cv lsp-ping bfd # mpls ldp # mpls ldp remote-peer 3.3.3.3 remote-ip 3.3.3.3 # interface GigabitEthernet1/0/0 undo shutdown mpls l2vc pw-template 1to3 100 tunnel-policy p1 mpls l2vpn pw bfd mpls l2vc pw-template 1to2 200 secondary mpls l2vpn pw bfd secondary mpls l2vpn oam-mapping 3ah efm enable # interface Pos2/0/1 link-protocol ppp undo shutdown ip address 100.13.1.1 255.255.255.252

6-222

Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd.

Issue 03 (2008-09-22)

Quidway NetEngine80E/40E Core Router Configuration Guide - VPN


mpls mpls te mpls te max-link-bandwidth 50 mpls te max-reservable-bandwidth 30 mpls rsvp-te # interface Pos2/0/2 link-protocol ppp undo shutdown ip address 100.12.1.1 255.255.255.252 mpls mpls ldp # interface LoopBack1 ip address 1.1.1.1 255.255.255.255 # interface Tunnel2/0/0 ip address unnumbered interface LoopBack1 tunnel-protocol mpls te destination 3.3.3.3 mpls te tunnel-id 13 mpls te bandwidth bc0 20 mpls te commit # ospf 1 opaque-capability enable area 0.0.0.0 network 1.1.1.1 0.0.0.0 network 100.13.1.0 0.0.0.3 network 100.12.1.0 0.0.0.3 mpls-te enable # tunnel-policy p1 tunnel select-seq cr-lsp load-balance-number 1 # return l

6 PWE3 Configuration

Configuration file of the P device.


# sysname P # mpls lsr-id 4.4.4.4 mpls mpls te mpls rsvp-te # interface Pos2/0/1 link-protocol ppp undo shutdown ip address 100.13.1.2 255.255.255.252 mpls mpls te mpls te max-link-bandwidth 50 mpls te max-reservable-bandwidth 30 mpls rsvp-te # interface Pos2/0/2 link-protocol ppp undo shutdown ip address 100.34.1.1 255.255.255.252 mpls mpls te mpls te max-link-bandwidth 50 mpls te max-reservable-bandwidth 30 mpls rsvp-te # interface LoopBack1 ip address 4.4.4.4 255.255.255.255 # ospf 1

Issue 03 (2008-09-22)

Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd.

6-223

6 PWE3 Configuration
opaque-capability enable area 0.0.0.0 network 100.13.1.0 0.0.0.3 network 100.34.1.0 0.0.0.3 network 4.4.4.4 0.0.0.0 mpls-te enable # return l

Quidway NetEngine80E/40E Core Router Configuration Guide - VPN

Configuration file of PE3.


# sysname PE3 # efm enable # bfd # mpls lsr-id 3.3.3.3 mpls mpls te mpls rsvp-te mpls te cspf # mpls l2vpn # pw-template 3to1 peer-address 1.1.1.1 control-word vccv cc cw cv lsp-ping bfd # mpls ldp # mpls ldp remote-peer 1.1.1.1 remote-ip 1.1.1.1 # interface GigabitEthernet1/0/0 undo shutdown mpls l2vc pw-template 3to1 100 tunnel-policy p1 mpls l2vpn pw bfd mpls l2vpn oam-mapping 3ah efm enable # interface Pos2/0/1 link-protocol ppp undo shutdown ip address 100.34.1.2 255.255.255.252 mpls mpls te mpls te max-link-bandwidth 50 mpls te max-reservable-bandwidth 30 mpls rsvp-te # interface LoopBack1 ip address 3.3.3.3 255.255.255.255 # interface Tunnel2/0/0 ip address unnumbered interface LoopBack1 tunnel-protocol mpls te destination 1.1.1.1 mpls te tunnel-id 31 mpls te bandwidth bc0 20 mpls te commit # ospf 1 opaque-capability enable area 0.0.0.0 network 3.3.3.3 0.0.0.0 network 100.34.1.0 0.0.0.3 mpls-te enable #

6-224

Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd.

Issue 03 (2008-09-22)

Quidway NetEngine80E/40E Core Router Configuration Guide - VPN


tunnel-policy p1 tunnel select-seq # return l

6 PWE3 Configuration

cr-lsp load-balance-number 1

Configuration file of PE2.


# sysname PE2 # efm enable # bfd # mpls lsr-id 2.2.2.2 mpls # mpls l2vpn # pw-template 2to1 peer-address 1.1.1.1 control-word vccv cc cw cv lsp-ping bfd # mpls ldp # interface GigabitEthernet1/0/0 undo shutdown mpls l2vc pw-template 2to1 200 mpls l2vpn pw bfd mpls l2vpn oam-mapping 3ah efm enable # interface Pos2/0/1 link-protocol ppp undo shutdown ip address 100.12.1.2 255.255.255.252 mpls mpls ldp # interface LoopBack1 ip address 2.2.2.2 255.255.255.255 # ospf 1 area 0.0.0.0 network 2.2.2.2 0.0.0.0 network 100.12.1.0 0.0.0.3 # return

6.14.14 Example for Configuring PW FRR - CEs Are Unsymmetrically Connected to PEs Through Ethernet Links, Dynamic BFD Is Used to Detect PWs, CFM Is Used to Detect ACs
Networking Requirements
As shown in Figure 6-29, CE1 is single-homed to PE1. CE2 is dual-homed to PE2 and PE3. The networking requirements are as follows:
l l

CEs are connected to PEs through Ethernet links. A PW is set up between PE1 and PE3. This PW is the working PW, and uses the MPLS TE tunnel.
Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd. 6-225

Issue 03 (2008-09-22)

6 PWE3 Configuration
l

Quidway NetEngine80E/40E Core Router Configuration Guide - VPN

A PW is set up between PE1 and PE2. This PW is the protection PW, and uses the MPLS LSP tunnel. Fault detection between CEs and PEs is implemented according to the IEEE802.1ag protocol (CFM). If the working line -- CE2 PE3 P PE1-- becomes faulty, the L2VPN traffic can be rapidly switched to the the protection line -- CE2 PE2 PE1. After the working line CE2 PE3 P PE1 recovers from the fault, the L2VPN traffic is switched back.

Figure 6-29 Networking diagram of PW FRR CEs are unsymmetrically connected to PEs through Ethernet links, dynamic BFD is used to detect PWs, CFM is used to detect ACs
1 /0 / S2 /30 O P .1.2 3 0.1 0 1 1 /0 / /30 S2 3.1.1 O P 0.1 10

Loopback1 1.1.1.1/32

PO 10 S2/ 0.3 0 /2 4.1 .1/ 30 Loopback1 4.4.4.4/32

Loopback1 3.3.3.3/32 10 PO 0.3 S 4.1 2/0 .2/ /1 30

PE1
GE1/0/0

MPLS TE

PE3
PO 100 S2/0 / .1 2. 2 1.1/ 30

MP

LS

L SP
100 PO S2/0 .1 2. 1.2/ /1 30

Loopback1 2.2.2.2/32

GE1/0/0

GE1/0/0

PE2
GE1/0/1 GE1/0/0

GE1/0/0

CE1
GE1/0/1

CE2
GE1/0/2

Client1 10.1.1.1/24

Client2 10.1.1.2/24

Configuration Roadmap
The configuration roadmap is as follows: 1. 2. 3. 4. 5. 6. 7. Configure IGP on the backbone network. Set up MPLS TE tunnels between PE1 and PE3, and LSP tunnels between PE1 and PE2. Set up MPLS LDP sessions between PE1 and PE2, and between PE1 and PE3. Use PW templates to configure PWs on PEs. You need to use tunnel policies to configure the working PW because the working PW uses the MPLS TE tunnel. Set up BFD for PW sessions between PE1 and PE2, and between PE1 and PE3. On PEs and CEs, configure Ethernet OAM that complies with the IEEE802.1ag protocol. Enable OAM mapping on PEs. AC OAM detection and notification are then automatically enabled.

6-226

Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd.

Issue 03 (2008-09-22)

Quidway NetEngine80E/40E Core Router Configuration Guide - VPN

6 PWE3 Configuration

Data Preparation
To complete the configuration, you need the following data:
l l l l l

Tunnel policies Bandwidth for MPLS TE tunnels Name of the remote peer of MPLS LDP VC IDs of the working PW and the protection PW Name of the PW template

Configuration Procedure
1. Add the interfaces on CEs to a same VLAN. # Configure CE1.
<Quidway> system-view [Quidway] sysname CE1 [CE1] portswitch batch gigabitethernet 1/0/0 to 1/0/1 [CE1] vlan 10 [CE1-vlan10] quit [CE1] interface gigabitethernet 1/0/0 [CE1-GigabitEthernet1/0/0] port trunk allow-pass vlan 10 [CE1-GigabitEthernet1/0/0] undo shutdown [CE1-GigabitEthernet1/0/0] quit [CE1] interface gigabitethernet 1/0/1 [CE1-GigabitEthernet1/0/1] port default vlan 10 [CE1-GigabitEthernet1/0/1] undo shutdown [CE1-GigabitEthernet1/0/1] quit

# Configure CE2.
<Quidway> system-view [Quidway] sysname CE2 [CE2] portswitch batch gigabitethernet 1/0/0 to 1/0/1 [CE2] vlan 10 [CE2-vlan10] quit [CE2] interface gigabitethernet 1/0/0 [CE2-GigabitEthernet1/0/0] port trunk allow-pass vlan 10 [CE2-GigabitEthernet1/0/0] undo shutdown [CE2-GigabitEthernet1/0/0] quit [CE2] interface gigabitethernet 1/0/1 [CE2-GigabitEthernet1/0/1] port trunk allow-pass vlan 10 [CE2-GigabitEthernet1/0/1] undo shutdown [CE2-GigabitEthernet1/0/1] quit [CE2] interface gigabitethernet 1/0/2 [CE2-GigabitEthernet1/0/2] port default vlan 10 [CE2-GigabitEthernet1/0/2] undo shutdown [CE2-GigabitEthernet1/0/2] quit
NOTE

The VLAN IDs of CE1 and CE2 can be different.

After the configuration, run the display vlan command. You can see that all interfaces are added to VLAN 10, and the physical status of the interfaces is Up. Take the display on CE1 as an example.
[CE1] display vlan 10 VLAN ID Type Status MAC Learning Broadcast/Multicast/Unicast Property -------------------------------------------------------------------------10 common enable enable forward forward forward default ---------------Untagged Port: GigabitEthernet1/0/1 ---------------Tagged Port: GigabitEthernet1/0/0 ----------------

Issue 03 (2008-09-22)

Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd.

6-227

6 PWE3 Configuration
Interface GigabitEthernet1/0/0 GigabitEthernet1/0/1 Physical UP UP

Quidway NetEngine80E/40E Core Router Configuration Guide - VPN

2.

Configure IGP on the MPLS backbone network so that PEs and Ps can interwork. # Configure PE1.
[PE1] interface loopback 1 [PE1-LoopBack1] ip address 1.1.1.1 32 [PE1-LoopBack1] quit [PE1] interface pos 2/0/1 [PE1-Pos2/0/1] ip address 100.13.1.1 30 [PE1-Pos2/0/1] undo shutdown [PE1-Pos2/0/1] quit [PE1] interface pos 2/0/2 [PE1-Pos2/0/2] ip address 100.12.1.1 30 [PE1-Pos2/0/2] undo shutdown [PE1-Pos2/0/2] quit [PE1] ospf 1 [PE1-ospf-1] area 0 [PE1-ospf-1-area-0.0.0.0] network 1.1.1.1 0.0.0.0 [PE1-ospf-1-area-0.0.0.0] network 100.13.1.0 0.0.0.3 [PE1-ospf-1-area-0.0.0.0] network 100.12.1.0 0.0.0.3 [PE1-ospf-1-area-0.0.0.0] quit [PE1-ospf-1] quit

# Configure the P device.


[P] interface loopback 1 [P-LoopBack1] ip address 4.4.4.4 32 [P-LoopBack1] quit [P] interface pos 2/0/1 [P-Pos2/0/1] ip address 100.13.1.2 30 [P-Pos2/0/1] undo shutdown [P-Pos2/0/1] quit [P] interface pos 2/0/2 [P-Pos2/0/2] ip address 100.34.1.1 30 [P-Pos2/0/2] undo shutdown [P-Pos2/0/2] quit [P] ospf 1 [P-ospf-1] area 0 [P-ospf-1-area-0.0.0.0] network 4.4.4.4 0.0.0.0 [P-ospf-1-area-0.0.0.0] network 100.13.1.0 0.0.0.3 [P-ospf-1-area-0.0.0.0] network 100.34.1.0 0.0.0.3 [P-ospf-1-area-0.0.0.0] quit [P-ospf-1] quit

# Configure PE3.
[PE3] interface loopback 1 [PE3-LoopBack1] ip address 3.3.3.3 32 [PE3-LoopBack1] quit [PE3] interface pos2/0/1 [PE3-Pos2/0/1] ip address 100.34.1.2 30 [PE3-Pos2/0/1] undo shutdown [PE3-Pos2/0/1] quit [PE3] ospf 1 [PE3-ospf-1] area 0 [PE3-ospf-1-area-0.0.0.0] network 3.3.3.3 0.0.0.0 [PE3-ospf-1-area-0.0.0.0] network 100.34.1.0 0.0.0.3 [PE3-ospf-1-area-0.0.0.0] quit [PE3-ospf-1] quit

# Configure PE2.
[PE2] interface loopback 1 [PE2-LoopBack1] ip address 2.2.2.2 32 [PE2-LoopBack1] quit [PE2] interface pos 2/0/1 [PE2-Pos2/0/1] ip address 100.12.1.2 30 [PE2-Pos2/0/1] undo shutdown [PE2-Pos2/0/1] quit [PE2] ospf 1

6-228

Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd.

Issue 03 (2008-09-22)

Quidway NetEngine80E/40E Core Router Configuration Guide - VPN


[PE2-ospf-1] area 0 [PE2-ospf-1-area-0.0.0.0] network 2.2.2.2 0.0.0.0 [PE2-ospf-1-area-0.0.0.0] network 100.12.1.0 0.0.0.3 [PE2-ospf-1-area-0.0.0.0] quit [PE2-ospf-1] quit

6 PWE3 Configuration

After the configuration, run the display ip routing-table command on the PEs, and you can see that PE1 and PE2, and PE1 and PE3 have learned the routes on the Loopback1 interface of each other. Take the display on PE1 as an example.
<PE1> display ip routing-table Route Flags: R - relied, D - download to fib -----------------------------------------------------------------------------Routing Tables: Public Destinations : 13 Routes : 13 Destination/Mask Proto Pre Cost Flags NextHop Interface 1.1.1.1/32 Direct 0 0 D 127.0.0.1 InLoopBack0 2.2.2.2/32 OSPF 10 2 D 100.12.1.2 Pos2/0/2 3.3.3.3/32 OSPF 10 3 D 100.13.1.2 Pos2/0/1 4.4.4.4/32 OSPF 10 2 D 100.13.1.2 Pos2/0/1 100.12.1.0/30 Direct 0 0 D 100.12.1.1 Pos2/0/2 100.12.1.1/32 Direct 0 0 D 127.0.0.1 InLoopBack0 100.12.1.2/32 Direct 0 0 D 100.12.1.2 Pos2/0/2 100.13.1.0/30 Direct 0 0 D 100.13.1.1 Pos2/0/1 100.13.1.1/32 Direct 0 0 D 127.0.0.1 InLoopBack0 100.13.1.2/32 Direct 0 0 D 100.13.1.2 Pos2/0/1 100.34.1.0/30 OSPF 10 2 D 100.13.1.2 Pos2/0/1 127.0.0.0/8 Direct 0 0 D 127.0.0.1 InLoopBack0 127.0.0.1/32 Direct 0 0 D 127.0.0.1 InLoopBack0

3.

Configure the basic MPLS functions on the MPLS backbone network. # Enable MPLS, and set LSR-ID as the IP address of the Loopback1 interface. Enable MPLS on interfaces of the backbone network. # Configure PE1.
[PE1] mpls lsr-id 1.1.1.1 [PE1] mpls [PE1-mpls] quit [PE1] interface pos2/0/1 [PE1-Pos2/0/1] mpls [PE1-Pos2/0/1] quit [PE1] interface pos2/0/2 [PE1-Pos2/0/2] mpls [PE1-Pos2/0/2] quit

# Configure the P device.


[P] mpls lsr-id 4.4.4.4 [P] mpls [P-mpls] quit [P] interface pos2/0/1 [P-Pos2/0/1] mpls [P-Pos2/0/1] quit [P] interface pos 2/0/2 [P-Pos2/0/2] mpls [P-Pos2/0/2] quit

# Configure PE2.
[PE2] mpls lsr-id 2.2.2.2 [PE2] mpls [PE2-mpls] quit [PE2] interface pos 2/0/1 [PE2-Pos2/0/1] mpls [PE2-Pos2/0/1] quit

# Configure PE3.
[PE3] mpls lsr-id 3.3.3.3 [PE3] mpls

Issue 03 (2008-09-22)

Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd.

6-229

6 PWE3 Configuration
[PE3-mpls] quit [PE3] interface pos 2/0/1 [PE3-Pos2/0/1] mpls [PE3-Pos2/0/1] quit

Quidway NetEngine80E/40E Core Router Configuration Guide - VPN

4.

Set up MPLS TE tunnels between PE1 and PE3, and LSP tunnels between PE1 and PE2. # Configure PE1.
[PE1] mpls [PE1-mpls] mpls te [PE1-mpls] mpls rsvp-te [PE1-mpls] mpls te cspf [PE1-mpls] quit [PE1] interface pos2/0/1 [PE1-Pos2/0/1] mpls te [PE1-Pos2/0/1] mpls rsvp-te [PE1-Pos2/0/1] mpls te max-link-bandwidth 50 [PE1-Pos2/0/1] mpls te max-reservable-bandwidth 30 [PE1-Pos2/0/1] quit [PE1] mpls ldp [PE1-mpls-ldp] quit [PE1] interface pos2/0/2 [PE1-Pos2/0/2] mpls ldp [PE1-Pos2/0/2] quit [PE1] interface tunnel2/0/0 [PE1-Tunnel2/0/0] ip address unnumbered interface loopback1 [PE1-Tunnel2/0/0] tunnel-protocol mpls te [PE1-Tunnel2/0/0] destination 3.3.3.3 [PE1-Tunnel2/0/0] mpls te tunnel-id 13 [PE1-Tunnel2/0/0] mpls te bandwidth bc0 20 [PE1-Tunnel2/0/0] mpls te commit [PE1-Tunnel2/0/0] quit [PE1] ospf 1 [PE1-ospf-1] opaque-capability enable [PE1-ospf-1] area 0 [PE1-ospf-1-area-0.0.0.0] mpls-te enable [PE1-ospf-1-area-0.0.0.0] quit [PE1-ospf-1] quit

# Configure the P device.


[P] mpls [P-mpls] mpls te [P-mpls] mpls rsvp-te [P-mpls] quit [P] interface pos2/0/1 [P-Pos2/0/1] mpls te [P-Pos2/0/1] mpls rsvp-te [P-Pos2/0/1] mpls te max-link-bandwidth 50 [P-Pos2/0/1] mpls te max-reservable-bandwidth 30 [P-Pos2/0/1] quit [P] interface pos 2/0/2 [P-Pos2/0/2] mpls te [P-Pos2/0/2] mpls rsvp-te [P-Pos2/0/2] mpls te max-link-bandwidth 50 [P-Pos2/0/2] mpls te max-reservable-bandwidth 30 [P-Pos2/0/2] quit [P] ospf 1 [P-ospf-1] opaque-capability enable [P-ospf-1] area 0 [P-ospf-1-area-0.0.0.0] mpls-te enable [P-ospf-1-area-0.0.0.0] quit [P-ospf-1] quit

# Configure PE3.
[PE3] mpls [PE3-mpls] mpls [PE3-mpls] mpls [PE3-mpls] mpls [PE3-mpls] quit [PE3] interface te rsvp-te te cspf pos2/0/1

6-230

Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd.

Issue 03 (2008-09-22)

Quidway NetEngine80E/40E Core Router Configuration Guide - VPN


[PE3-Pos2/0/1] mpls te [PE3-Pos2/0/1] mpls rsvp-te [PE3-Pos2/0/1] mpls te max-link-bandwidth 50 [PE3-Pos2/0/1] mpls te max-reservable-bandwidth 30 [PE3-Pos2/0/1] quit [PE3] interface tunnel2/0/0 [PE3-Tunnel2/0/0] ip address unnumbered interface LoopBack1 [PE3-Tunnel2/0/0] tunnel-protocol mpls te [PE3-Tunnel2/0/0] destination 1.1.1.1 [PE3-Tunnel2/0/0] mpls te tunnel-id 31 [PE3-Tunnel2/0/0] mpls te bandwidth bc0 20 [PE3-Tunnel2/0/0] mpls te commit [PE3-Tunnel2/0/0] quit [PE3] ospf 1 [PE3-ospf-1] opaque-capability enable [PE3-ospf-1] area0 [PE3-ospf-1-area-0.0.0.0] mpls-te enable [PE3-ospf-1-area-0.0.0.0] quit [PE3-ospf-1] quit

6 PWE3 Configuration

# Configure PE2.
[PE2] mpls ldp [PE2-mpls-ldp] quit [PE2] interface pos2/0/1 [PE2-Pos2/0/1] mpls ldp [PE2-Pos2/0/1] quit

After the configuration, run the display tunnel-info all command on PEs. You can see that MPLS TE tunnels are set up between PE1 and PE3, and MPLS LSP tunnels are set up between PE1 and PE2. Take the display on PE1 as an example.
<PE1> display tunnel-info all * -> Allocated VC Token Tunnel ID Type Destination Token ---------------------------------------------------------------------0x42002000 cr lsp 3.3.3.3 0 0x2002001 lsp -1 0x2002002 lsp 2.2.2.2 2

5.

Set up remote LDP sessions between PEs. # Configure remote LDP sessions. Usually, addresses of the Loopback interfaces of the remote LDP peers are set as the IP addresses for remote LDP sessions.
NOTE

In this example, PE1 and PE2 are directly connected and you do not need to manually configure remote LDP sessions between them.

# Configure PE1.
[PE1] mpls ldp remote-peer 3.3.3.3 [PE1-mpls-ldp-remote-3.3.3.3] remote-ip 3.3.3.3

# Configure PE3.
[PE3] mpls ldp [PE3-mpls-ldp] quit [PE3] mpls ldp remote-peer 1.1.1.1 [PE3-mpls-ldp-remote-1.1.1.1] remote-ip 1.1.1.1

After the configuration, run the display mpls ldp session on PEs. You can see that the status of the remote LDP peer relationship is Operational. This indicates that remote LDP sessions are set up. Take the display on PE1 as an example.
<PE1> display mpls ldp session LDP Session(s) in Public Network ------------------------------------------------------------------------------

Issue 03 (2008-09-22)

Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd.

6-231

6 PWE3 Configuration
Peer-ID Status LAM

Quidway NetEngine80E/40E Core Router Configuration Guide - VPN


SsnRole SsnAge KA-Sent/Rcv

-----------------------------------------------------------------------------2.2.2.2:0 Operational DU Passive 000:00:03 16/16 3.3.3.3:0 Operational DU Passive 000:00:00 1/1 -----------------------------------------------------------------------------TOTAL: 2 session(s) Found. LAM : Label Advertisement Mode SsnAge Unit : DDD:HH:MM

6.

Configure tunnel policies on PEs. # Configure PE1.


[PE1] tunnel-policy p1 [PE1-tunnel-policy-p1] tunnel select-seq cr-lsp load-balance-number 1 [PE1-tunnel-policy-p1] quit

# Configure PE3.
[PE3] tunnel-policy p1 [PE3-tunnel-policy-p1] tunnel select-seq cr-lsp load-balance-number 1 [PE3-tunnel-policy-p1] quit

7.

Configure PWs on PEs by using PW templates. # Configure a working PW and a protection PW on PE1. Configure PWs on PE2 and PE3. PE2 and PE3 have only one PW respectively, and there is no working-protection distinction. # Configure PE1.
[PE1] mpls l2vpn [PE1-l2vpn] quit [PE1] pw-template 1to2 [PE1-pw-template-1to2] peer-address 2.2.2.2 [PE1-pw-template-1to2] control-word [PE1-pw-template-1to2] vccv cc cw cv lsp-ping bfd [PE1-pw-template-1to2] quit [PE1] pw-template 1to3 [PE1-pw-template-1to3] peer-address 3.3.3.3 [PE1-pw-template-1to3] control-word [PE1-pw-template-1to3] vccv cc cw cv lsp-ping bfd [PE1-pw-template-1to3] quit [PE1] interface gigabitethernet 1/0/0.1 [PE1-GigabitEthernet1/0/0.1] vlan-type dot1q 10 [PE1-GigabitEthernet1/0/0.1] mpls l2vc pw-template 1to3 100 tunnel-policy p1 [PE1-GigabitEthernet1/0/0.1] mpls l2vc pw-template 1to2 200 secondary [PE1-GigabitEthernet1/0/0.1] undo shutdown [PE1-GigabitEthernet1/0/0.1] quit

# Configure PE2.
[PE2] mpls l2vpn [PE2-l2vpn] quit [PE2] pw-template 2to1 [PE2-pw-template-2to1] peer-address 1.1.1.1 [PE2-pw-template-2to1] control-word [PE2-pw-template-2to1] vccv cc cw cv lsp-ping bfd [PE2-pw-template-2to1] quit [PE2] interface gigabitethernet 1/0/0.1 [PE2-GigabitEthernet1/0/0.1] vlan-type dot1q 10 [PE2-GigabitEthernet1/0/0.1] mpls l2vc pw-template 2to1 200 [PE2-GigabitEthernet1/0/0.1] undo shutdown [PE2-GigabitEthernet1/0/0.1] quit

# Configure PE3.
[PE3] mpls l2vpn [PE3-l2vpn] quit [PE3] pw-template 3to1 [PE3-pw-template-3to1] peer-address 1.1.1.1 [PE3-pw-template-3to1] control-word [PE3-pw-template-3to1] vccv cc cw cv lsp-ping bfd [PE3-pw-template-3to1] quit [PE3] interface gigabitethernet 1/0/0.1

6-232

Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd.

Issue 03 (2008-09-22)

Quidway NetEngine80E/40E Core Router Configuration Guide - VPN


[PE3-GigabitEthernet1/0/0.1] [PE3-GigabitEthernet1/0/0.1] [PE3-GigabitEthernet1/0/0.1] [PE3-GigabitEthernet1/0/0.1]

6 PWE3 Configuration
vlan-type dot1q 10 mpls l2vc pw-template 3to1 100 tunnel-policy p1 undo shutdown quit

After the configuration, run the display pw-template command on PEs. You can view the information about the configurations of PW templates, and you can see that VCCV is enabled. Take the display on PE1 as an example.
[PE1] display pw-template Total PW template number : 2 PW Template Name : 1to2 PeerIP : 2.2.2.2 Tnl Policy Name : -CtrlWord : Enable VCCV Capability : cw lsp-ping bfd Behavior Name : -Total PW : 1, Static PW : 0, LDP PW : 1, Rsvp PW : 0 PW Template Name : 1to3 PeerIP : 3.3.3.3 Tnl Policy Name : -CtrlWord : Enable VCCV Capability : cw lsp-ping bfd Behavior Name : -Total PW : 1, Static PW : 0, LDP PW : 1, Rsvp PW : 0

After the configuration, run the display mpls l2vc interface command on PEs. You can see that the working PW and protection PW are set up and are Up. The working PW is Active, and the protection PW is InActive. Take the display on PE1 as an example.
<PE1> display mpls l2vc interface gigabitethernet 1/0/0.1 *client interface : GigabitEthernet1/0/0.1 is up session state : up AC state : up VC state : up VC ID : 100 VC type : vlan destination : 3.3.3.3 local group ID : 0 remote group ID : 0 local VC label : 21504 remote VC label : 21504 local AC OAM State : up local PSN State : up local forwarding state : forwarding remote AC OAM state : up remote PSN state : up remote forwarding state: forwarding BFD for PW : unavailable manual fault : not set active state : active forwarding entry : exist link state : up local VC MTU : 1500 remote VC MTU : 1500 local VCCV : cw lsp-ping bfd remote VCCV : cw lsp-ping bfd local control word : enable remote control word : enable tunnel policy : p1 traffic behavior : -PW template name : 1to3 primary or secondary : primary VC tunnel/token info : 1 tunnels/tokens NO.0 TNL type : cr lsp, TNL ID : 0x42002000 create time : 0 days, 0 hours, 23 minutes, 7 seconds up time : 0 days, 0 hours, 1 minutes, 21 seconds last change time : 0 days, 0 hours, 1 minutes, 21 seconds *client interface : GigabitEthernet1/0/0.1 is up session state : up AC state : up

Issue 03 (2008-09-22)

Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd.

6-233

6 PWE3 Configuration
VC state : VC ID : VC type : destination : local group ID : local VC label : local AC OAM state : local PSN state : local forwarding state : remote AC OAM state : remote PSN state : remote forwarding state: BFD for PW : manual fault : active state : forwarding entry : link state : local VC MTU : local VCCV : remote VCCV : local control word : tunnel policy : traffic behavior : PW template name : primary or secondary : VC tunnel/token info : NO.0 TNL type : lsp create time : up time : last change time : reroute policy : reason of last reroute : time of last reroute : delay timer ID : resume timer ID :

Quidway NetEngine80E/40E Core Router Configuration Guide - VPN


up 200 vlan 2.2.2.2 0 remote group ID : 0 21505 remote VC label : 21505 up up forwarding up up forwarding unavailable not set inactive existent up 1500 remote VC MTU : 1500 cw lsp-ping bfd cw lsp-ping bfd enable remote control word : enable --1to2 secondary 1 tunnels/tokens , TNL ID : 0x2002001 0 days, 0 hours, 22 minutes, 19 seconds 0 days, 0 hours, 1 minutes, 32 seconds 0 days, 0 hours, 1 minutes, 32 seconds delay 30 s, resume 0 s New LDP mapping message was received 0 days, 0 hours, 0 minutes, 50 seconds -rest time :--rest time :--

Client1 can ping through the address 10.1.1.2 on Client2.


[Client] ping 10.1.1.2 PING 10.1.1.2: 56 data bytes, press CTRL_C to break Reply from 10.1.1.2: bytes=56 Sequence=1 ttl=255 time=180 ms Reply from 10.1.1.2: bytes=56 Sequence=2 ttl=255 time=150 ms Reply from 10.1.1.2: bytes=56 Sequence=3 ttl=255 time=150 ms Reply from 10.1.1.2: bytes=56 Sequence=4 ttl=255 time=190 ms Reply from 10.1.3.110.1.1.2: bytes=56 Sequence=5 ttl=255 time=160 ms --- 10.1.1.2 ping statistics --5 packet(s) transmitted 5 packet(s) received 0.00% packet loss round-trip min/avg/max = 150/166/190 ms

Run the display mac-address dynamic command on CEs. Here, CE2 is taken as an example. You can see that GE1/0/0 and GE1/0/2 of CE2 have respectively learnt the MAC addresses of Client1 (00e0-413f-8401) and Client2 (00e0-c279-e10a 10). This indicates that the clients now use the working line CE2 PE3 P PE1 for data transmission between themselves.
[CE2] display mac-address dynamic 1 MAC Address VLAN/VSI PEVLAN CEVLAN Port Type Lsp ------------------------------------------------------------------------------00e0-413f-8401 10 GigabitEthernet1/0/0 dynamic 1/0 00e0-c279-e10a 10 GigabitEthernet1/0/2 dynamic 1/0 Total 2 ,2 printed

8.

Configure the BFD for PW function on PEs.


NOTE

Here, dynamic BFD for PW is taken as an example.

# Configure PE1.
6-234 Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd. Issue 03 (2008-09-22)

Quidway NetEngine80E/40E Core Router Configuration Guide - VPN


[PE1] bfd [PE1-bfd] quit [PE1] interface gigabitethernet 1/0/0.1 [PE1-GigabitEthernet1/0/0.1] mpls l2vpn pw bfd [PE1-GigabitEthernet1/0/0.1] mpls l2vpn pw bfd secondary [PE1-GigabitEthernet1/0/0.1] quit

6 PWE3 Configuration

# Configure PE2.
[PE2] bfd [PE2-bfd] quit [PE2] interface gigabitethernet 1/0/0.1 [PE2-GigabitEthernet1/0/0.1] mpls l2vpn pw bfd [PE2-GigabitEthernet1/0/0.1] quit

# Configure PE3.
[PE3] bfd [PE3-bfd] quit [PE3] interface gigabitethernet 1/0/0.1 [PE3-GigabitEthernet1/0/0.1] mpls l2vpn pw bfd [PE3-GigabitEthernet1/0/0.1] quit

After the configuration, BFD sessions are set up between PE1 and PE2, and between PE1 and PE3. Run the display bfd session all command. You can see that State is Up. Take the display on PE1 as an example.
<PE1> display bfd session all ------------------------------------------------------------------------------Local Remote PeerIpAddr InterfaceName State Type ------------------------------------------------------------------------------8192 8192 --.--.--.-GigabitEthernet1/0/0.1 Up D_PW(M) 8193 8192 --.--.--.-GigabitEthernet1/0/0.1 Up D_PW(S) ------------------------------------------------------------------------------Total UP/DOWN Session Number : 2/0

Run the display bfd configuration all command. You can view the information about the BFD configuration, and the Commit field is True.
<PE1> display bfd configuration all ------------------------------------------------------------------------------CFG Name CFG Type LocalDiscr MIndex SessNum Commit AdminDown ------------------------------------------------------------------------------dyn_8192 Dynamic 8192 256 1 True False dyn_8193 Dynamic 8193 257 1 True False ------------------------------------------------------------------------------Total Commit/Uncommit CFG Number : 2/0

9.

Configure Ethernet OAM on PEs and CEs.


NOTE

In this example, Ethernet OAM complies with the IEEE802.1ag protocol (CFM).

# Configure CE2.
[CE2] cfm enable [CE2] cfm trigger vlan 10 mac-renew [CE2] cfm md md1 level 0 [CE2-md-md1] ma ma1 [CE2-md-md1-ma-ma1] map vlan 10 [CE2-md-md1-ma-ma1] mep mep-id 30 interface gigabitethernet 1/0/0 outward [CE2-md-md1-ma-ma1] remote-mep mep-id 31 [CE2-md-md1-ma-ma1] mep ccm-send enable [CE2-md-md1-ma-ma1] remote-mep ccm-receive enable [CE2-md-md1-ma-ma1] quit [CE2-md-md1] ma ma2 [CE2-md-md1-ma-ma1] map vlan 10

Issue 03 (2008-09-22)

Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd.

6-235

6 PWE3 Configuration
[CE2-md-md1-ma-ma1] [CE2-md-md1-ma-ma1] [CE2-md-md1-ma-ma1] [CE2-md-md1-ma-ma1] [CE2-md-md1-ma-ma1] [CE2-md-md1] quit

Quidway NetEngine80E/40E Core Router Configuration Guide - VPN


mep mep-id 40 interface gigabitethernet 1/0/1 outward remote-mep mep-id 41 mep ccm-send enable remote-mep ccm-receive enable quit

# Configure PE2.
[PE2] cfm enable [PE2] cfm md md1 level 0 [PE2-md-md1] ma ma1 [PE2-md-md1-ma-ma1] map vlan 10 [PE2-md-md1-ma-ma1] mep mep-id 41 interface gigabitethernet 1/0/0.1 outward [PE2-md-md1-ma-ma1] remote-mep mep-id 40 [PE2-md-md1-ma-ma1] mep ccm-send enable [PE2-md-md1-ma-ma1] remote-mep ccm-receive enable [PE2-md-md1-ma-ma1] quit [PE2-md-md1] quit

# Configure PE3.
[PE3] cfm enable [PE3] cfm md md1 level 0 [PE3-md-md1] ma ma1 [PE3-md-md1-ma-ma1] map vlan 10 [PE3-md-md1-ma-ma1] mep mep-id 31 interface gigabitethernet 1/0/0.1 outward [PE3-md-md1-ma-ma1] remote-mep mep-id 30 [PE3-md-md1-ma-ma1] mep ccm-send enable [PE3-md-md1-ma-ma1] remote-mep ccm-receive enable [PE3-md-md1-ma-ma1] quit [PE3-md-md1] quit

After the configuration, run the display cfm remote-mep command on PE2, PE3, or CE2. You can see that CFM is Up. Take the display on PE3 as an example.
[PE3] display cfm remote-mep The total number of RMEPs is : 1 ---------------------------------------------------------------------GigabitEthernet1/0/0 detect -<CE1> display efm session all Interface EFM State Loopback Timeou -------------------------------------------------MD Name : md1 Level : 0 MA Name : ma1 RMEP ID : 30 Vlan ID : 10 VSI Name : -MAC : -CCM Receive : enabled Trigger-If-Down : disabled CFM Status : up

10. Enable OAM Mapping on PEs. AC OAM detection and notification are then automatically enabled. # Take the configuration of PE2 as an example. Configuration on PE3 is the same, and is not mentioned here.
[PE2] interface gigabitethernet 1/0/0 [PE2-GigabitEthernet1/0/0] mpls l2vpn oam-mapping 1ag md md1 ma ma1 [PE2-GigabitEthernet1/0/0] quit

Run the display mpls l2vc oam-mapping interface command on PEs to check information about OAM Mapping. You can see that AC OAM is Up, BFD for PW is Enable, and BFD is Up. Take the display on PE2 as an example.
<PE2> display mpls l2vc oam-mapping interface gigabitethernet 1/0/0.1 AC OAM Info:

6-236

Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd.

Issue 03 (2008-09-22)

Quidway NetEngine80E/40E Core Router Configuration Guide - VPN


ACFD Index : 802.1ag Notify : Enable Detect : Enable AC OAM State : Up OAM-mapping : Enable PSN info: VC-ID : 100 VC status : Primary Active State : Active Link State : Up BFD for PW : Enable BFDSessionIndex:256 ,BFD State BFD for LSP : 0 TunnelNum: VC-ID : 200 VC status : Secondary Active State : Inactive Link State : Up BFD for PW : Enable BFDSessionIndex:257 ,BFD State BFD for LSP : 0 TunnelNum:

6 PWE3 Configuration

: up 1 PSN State : up

: up 1 PSN State : up

11. Verify the configuration.


l

View the status of PWs.

Run the display mpls l2vc interface command on PE1. If the configuration is successful, you can see that the working PW is Active, the protection PW is InActive, and BFD for PW for the working and protection PWs is available.
<PE1> display mpls l2vc interface gigabitethernet 1/0/0.1 *client interface : GigabitEthernet1/0/0.1 is up session state : up AC state : up VC state : up VC ID : 100 VC type : vlan destination : 3.3.3.3 local group ID : 0 remote group ID : 0 local VC label : 21504 remote VC label : 21504 local AC OAM State : up local PSN State : up local forwarding state : forwarding remote AC OAM state : up remote PSN state : up remote forwarding state: forwarding Dynamic BFD for PW : enable Detect Multipier : 3 Min Transit Interval : 1000 Max Receive Interval : 1000 Dynamic BFD Session : built BFD for PW : available BFD sessionIndex : 256 BFD state : up manual fault : not set active state : active forwarding entry : exist link state : up local VC MTU : 1500 remote VC MTU : 1500 local VCCV : cw lsp-ping bfd remote VCCV : cw lsp-ping bfd local control word : enable remote control word : enable tunnel policy : p1 traffic behavior : -PW template name : 1to3 primary or secondary : primary VC tunnel/token info : 1 tunnels/tokens NO.0 TNL type : cr lsp, TNL ID : 0x42002000 create time : 0 days, 1 hours, 5 minutes, 19 seconds up time : 0 days, 0 hours, 43 minutes, 33 seconds last change time : 0 days, 0 hours, 43 minutes, 33 seconds *client interface : GigabitEthernet1/0/0.1 is up session state : up

Issue 03 (2008-09-22)

Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd.

6-237

6 PWE3 Configuration
AC state : VC state : VC ID : VC type : destination : local group ID : local VC label : local AC OAM state : local PSN state : local forwarding state : remote AC OAM state : remote PSN state : remote forwarding state: Dynamic BFD for PW : Detect Multipier : Min Transit Interval : Max Receive Interval : Dynamic BFD Session : BFD for PW : BFD sessionIndex : manual fault : active state : forwarding entry : link state : local VC MTU : local VCCV : remote VCCV : local control word : tunnel policy : traffic behavior : PW template name : primary or secondary : VC tunnel/token info : NO.0 TNL type : lsp create time : up time : last change time : reroute policy : reason of last reroute : time of last reroute : delay timer ID : resume timer ID : l

Quidway NetEngine80E/40E Core Router Configuration Guide - VPN


up up 200 vlan 2.2.2.2 0 remote group ID : 0 21505 remote VC label : 21505 up up forwarding up up forwarding enable 3 100 100 built available 257 BFD state : up not set inactive existent up 1500 remote VC MTU : 1500 cw lsp-ping bfd cw lsp-ping bfd enable remote control word : enable --1to2 secondary 1 tunnels/tokens , TNL ID : 0x2002001 0 days, 1 hours, 4 minutes, 31 seconds 0 days, 0 hours, 43 minutes, 44 seconds 0 days, 0 hours, 43 minutes, 44 seconds delay 30 s, resume 0 s New LDP mapping message was received 0 days, 0 hours, 43 minutes, 2 seconds -rest time :--rest time :--

Verify the working-protection switchover of PWs on PE1.

Disable Ethernet OAM on GE1/0/0 of CE2, and simulate a remote AC fault.


[CE2] cfm md md1 [CE2-md-md1] ma ma1 [CE2-md-md1-ma-ma1] undo mep ccm-send enable [CE2-md-md1-ma-ma1] undo remote-mep ccm-receive enable [CE2-md-md1-ma-ma1] quit [CE2-md-md1] quit

Run the display mpls l2vc interface command on PE1. Then, PE1 identifies that OAM is Down on the remote AC. Working-protection switchover of PWs is carried out on PE1: the working PW changes to InActive, and the protection PW changes to Active.
<PE1> display mpls l2vc interface gigabitethernet 1/0/0.1 *client interface : GigabitEthernet1/0/0.1 is up session state : up AC state : up VC state : up VC ID : 100 VC type : vlan destination : 3.3.3.3 local group ID : 0 remote group ID local VC label : 21504 remote VC label local AC OAM State : up local PSN State : up local forwarding state : forwarding

: 0 : 21504

6-238

Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd.

Issue 03 (2008-09-22)

Quidway NetEngine80E/40E Core Router Configuration Guide - VPN

6 PWE3 Configuration

remote AC OAM state : down remote PSN state : up remote forwarding state: forwarding Dynamic BFD for PW : enable Detect Multipier : 3 Min Transit Interval : 1000 Max Receive Interval : 1000 Dynamic BFD Session : built BFD for PW : available BFD sessionIndex : 256 BFD state : up manual fault : not set active state : inactive forwarding entry : exist link state : up local VC MTU : 1500 remote VC MTU : 1500 local VCCV : cw lsp-ping bfd remote VCCV : cw lsp-ping bfd local control word : enable remote control word : enable tunnel policy : p1 traffic behavior : -PW template name : 1to3 primary or secondary : primary VC tunnel/token info : 1 tunnels/tokens NO.0 TNL type : cr lsp, TNL ID : 0x42002000 create time : 0 days, 1 hours, 5 minutes, 19 seconds up time : 0 days, 0 hours, 43 minutes, 33 seconds last change time : 0 days, 0 hours, 43 minutes, 33 seconds *client interface : GigabitEthernet1/0/0.1 is up session state : up AC state : up VC state : up VC ID : 200 VC type : vlan destination : 2.2.2.2 local group ID : 0 remote group ID : 0 local VC label : 21505 remote VC label : 21505 local AC OAM state : up local PSN state : up local forwarding state : forwarding remote AC OAM state : up remote PSN state : up remote forwarding state: forwarding Dynamic BFD for PW : enable Detect Multipier : 3 Min Transit Interval : 100 Max Receive Interval : 100 Dynamic BFD Session : built BFD for PW : available BFD sessionIndex : 257 BFD state : up manual fault : not set active state : active forwarding entry : existent link state : up local VC MTU : 1500 remote VC MTU : 1500 local VCCV : cw lsp-ping bfd remote VCCV : cw lsp-ping bfd local control word : enable remote control word : enable tunnel policy : -traffic behavior : -PW template name : 1to2 primary or secondary : secondary VC tunnel/token info : 1 tunnels/tokens NO.0 TNL type : lsp , TNL ID : 0x2002001 create time : 0 days, 1 hours, 6 minutes, 30 seconds up time : 0 days, 0 hours, 1 minutes, 0 seconds last change time : 0 days, 0 hours, 1 minutes, 0 seconds reroute policy : delay 30 s, resume 0 s reason of last reroute : New LDP mapping message was received time of last reroute : 0 days, 0 hours, 18 minutes, 37 seconds

Issue 03 (2008-09-22)

Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd.

6-239

6 PWE3 Configuration
delay timer ID resume timer ID : -: --

Quidway NetEngine80E/40E Core Router Configuration Guide - VPN


rest time :-rest time :--

Client1 can ping through the address 10.1.1.2 on Client2.


[Client1] ping 10.1.1.2 PING 10.1.1.2: 56 data bytes, press CTRL_C to break Reply from 10.1.1.2: bytes=56 Sequence=1 ttl=254 time=210 Reply from 10.1.1.2: bytes=56 Sequence=2 ttl=254 time=190 Reply from 10.1.1.2: bytes=56 Sequence=3 ttl=254 time=160 Reply from 10.1.1.2: bytes=56 Sequence=4 ttl=254 time=130 Reply from 10.1.1.2: bytes=56 Sequence=5 ttl=254 time=190 --- 10.1.1.2 ping statistics --5 packet(s) transmitted 5 packet(s) received 0.00% packet loss round-trip min/avg/max = 130/176/210 ms ms ms ms ms ms

Run the display mac-address dynamic command once again on CEs. Here, CE2 is taken as an example. You can see that GE1/0/1 and GE1/0/2 of CE2 have once again learnt the MAC addresses of Client1 (00e0-413f-8401) and Client2 (00e0-c279-e10a 10). This indicates that the clients now use the protection line CE2 PE2 PE1 for data transmission between themselves.
[CE2] display mac-address dynamic 1 MAC Address VLAN/VSI PEVLAN CEVLAN Port Type Lsp ------------------------------------------------------------------------------00e0-413f-8401 10 GigabitEthernet1/0/1 dynamic 1/0 00e0-c279-e10a 10 GigabitEthernet1/0/2 dynamic 1/0 Total 2 ,2 printed

Configure Ethernet OAM once again on GE1/0/0 of CE2, and disable the fault that is manually simulated.
[CE2] cfm md md1 [CE2-md-md1] ma ma1 [CE2-md-md1-ma-ma1] mep ccm-send enable [CE2-md-md1-ma-ma1] remote-mep ccm-receive enable [CE2-md-md1-ma-ma1] quit [CE2-md-md1] quit

Run the display mpls l2vc interface command on PE1. Then, PE1 identifies that OAM is Up on the remote AC, and that the fault has been rectified. The working-protection switchover of PWs is carried out on PE1, the working PW changes back to Active, and the protection PW changes back to InActive.
[PE1] display mpls l2vc interface gigabitethernet 1/0/0.1 *client interface : GigabitEthernet1/0/0.1 is up session state : up AC state : up VC state : up VC ID : 100 VC type : vlan destination : 3.3.3.3 local group ID : 0 remote group ID local VC label : 21504 remote VC label local AC OAM State : up local PSN State : up local forwarding state : forwarding remote AC OAM state : up remote PSN state : up remote forwarding state: forwarding Dynamic BFD for PW : enable Detect Multipier : 3 Min Transit Interval : 1000 Max Receive Interval : 1000 Dynamic BFD Session : built BFD for PW : available BFD sessionIndex : 256 BFD state : up manual fault : not set

: 0 : 21504

6-240

Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd.

Issue 03 (2008-09-22)

Quidway NetEngine80E/40E Core Router Configuration Guide - VPN

6 PWE3 Configuration

active state : active forwarding entry : exist link state : up local VC MTU : 1500 remote VC MTU : 1500 local VCCV : cw lsp-ping bfd remote VCCV : cw lsp-ping bfd local control word : enable remote control word : enable tunnel policy : p1 traffic behavior : -PW template name : 1to3 primary or secondary : primary VC tunnel/token info : 1 tunnels/tokens NO.0 TNL type : cr lsp, TNL ID : 0x42002000 create time : 0 days, 1 hours, 15 minutes, 40 seconds up time : 0 days, 0 hours, 43 minutes, 33 seconds last change time : 0 days, 0 hours, 43 minutes, 33 seconds *client interface : GigabitEthernet1/0/0.1 is up session state : up AC state : up VC state : up VC ID : 200 VC type : vlan destination : 2.2.2.2 local group ID : 0 remote group ID : 0 local VC label : 21505 remote VC label : 21505 local AC OAM state : up local PSN state : up local forwarding state : forwarding remote AC OAM state : up remote PSN state : up remote forwarding state: forwarding Dynamic BFD for PW : enable Detect Multipier : 3 Min Transit Interval : 100 Max Receive Interval : 100 Dynamic BFD Session : built BFD for PW : available BFD sessionIndex : 257 BFD state : up manual fault : not set active state : inactive forwarding entry : existent link state : up local VC MTU : 1500 remote VC MTU : 1500 local VCCV : cw lsp-ping bfd remote VCCV : cw lsp-ping bfd local control word : enable remote control word : enable tunnel policy : -traffic behavior : -PW template name : 1to2 primary or secondary : secondary VC tunnel/token info : 1 tunnels/tokens NO.0 TNL type : lsp , TNL ID : 0x2002001 create time : 0 days, 1 hours, 16 minutes, 30 seconds up time : 0 days, 0 hours, 1 minutes, 0 seconds last change time : 0 days, 0 hours, 1 minutes, 0 seconds reroute policy : delay 30 s, resume 0 s reason of last reroute : New LDP mapping message was received time of last reroute : 0 days, 0 hours, 18 minutes, 37 seconds delay timer ID : -rest time :-resume timer ID : -rest time :--

Client1 can ping through the address 10.1.1.2 on Client2.


[Client1] ping 10.1.1.2 PING 10.1.1.2: 56 data bytes, press CTRL_C to break Reply from 10.1.1.2: bytes=56 Sequence=1 ttl=254 time=210 Reply from 10.1.1.2: bytes=56 Sequence=2 ttl=254 time=190 Reply from 10.1.1.2: bytes=56 Sequence=3 ttl=254 time=160 Reply from 10.1.1.2: bytes=56 Sequence=4 ttl=254 time=130 Reply from 10.1.1.2: bytes=56 Sequence=5 ttl=254 time=190 --- 10.1.1.2 ping statistics --ms ms ms ms ms

Issue 03 (2008-09-22)

Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd.

6-241

6 PWE3 Configuration
5 packet(s) transmitted 5 packet(s) received 0.00% packet loss round-trip min/avg/max = 130/176/210 ms

Quidway NetEngine80E/40E Core Router Configuration Guide - VPN

Run the display mac-address dynamic command on CEs. Here, CE2 is taken as an example. You can see that GE1/0/0 and GE1/0/2 of CE2 have once again learnt the MAC addresses of Client1 (00e0-413f-8401) and Client2 (00e0-c279-e10a). This indicates that the clients once again use the working line CE2 PE3 P PE1 for data transmission between themselves.
[CE2] display mac-address dynamic 1 MAC Address VLAN/VSI PEVLAN CEVLAN Port Type Lsp ------------------------------------------------------------------------------00e0-413f-8401 10 GigabitEthernet1/0/1 dynamic 1/0 00e0-c279-e10a 10 GigabitEthernet1/0/2 dynamic 1/0 Total 2 ,2 printed

Configuration Files
l

Configuration file of CE1.


# sysname CE1 # vlan batch 10 # interface GigabitEthernet1/0/0 undo shutdown portswitch port trunk allow-pass vlan 10 # interface PosGigabitEthernet1/0/1 undo shutdown portswitch port default vlan 10 # return

Configuration file of CE2.


# sysname CE2 # vlan batch 10 # cfm enable cfm trigger vlan 10 mac-renew # interface GigabitEthernet1/0/0 undo shutdown portswitch port trunk allow-pass vlan 10 # interface GigabitEthernet1/0/1 undo shutdown portswitch port trunk allow-pass vlan 10 # interface GigabitEthernet1/0/2 undo shutdown portswitch port default vlan 10 # cfm md md1 ma ma1 map vlan 10 mep mep-id 30 interface GigabitEthernet1/0/0 outward mep ccm-send mep-id 30 enable

6-242

Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd.

Issue 03 (2008-09-22)

Quidway NetEngine80E/40E Core Router Configuration Guide - VPN


remote-mep mep-id 31 remote-mep ccm-receive mep-id 31 enable ma ma2 map vlan 10 mep mep-id 40 interface GigabitEthernet1/0/1 outward mep ccm-send mep-id 40 enable remote-mep mep-id 41 remote-mep ccm-receive mep-id 41 enable return l

6 PWE3 Configuration

Configuration file of PE1.


# sysname PE1 # bfd # mpls lsr-id 1.1.1.1 mpls mpls te mpls rsvp-te mpls te cspf # mpls l2vpn # pw-template 1to2 peer-address 2.2.2.2 control-word vccv cc cw cv lsp-ping bfd # pw-template 1to3 peer-address 3.3.3.3 control-word vccv cc cw cv lsp-ping bfd # mpls ldp # mpls ldp remote-peer 3.3.3.3 remote-ip 3.3.3.3 # interface GigabitEthernet1/0/0 undo shutdown # interface GigabitEthernet1/0/0.1 vlan-type dot1q 10 mpls l2vc pw-template 1to3 100 tunnel-policy p1 mpls l2vpn pw bfd mpls l2vc pw-template 1to2 200 secondary mpls l2vpn pw bfd secondary # interface Pos2/0/1 link-protocol ppp undo shutdown ip address 100.13.1.1 255.255.255.252 mpls mpls te mpls te max-link-bandwidth 50 mpls te max-reservable-bandwidth 30 mpls rsvp-te # interface Pos2/0/2 link-protocol ppp undo shutdown ip address 100.12.1.1 255.255.255.252 mpls mpls ldp # interface LoopBack1 ip address 1.1.1.1 255.255.255.255 # interface Tunnel2/0/0

Issue 03 (2008-09-22)

Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd.

6-243

6 PWE3 Configuration

Quidway NetEngine80E/40E Core Router Configuration Guide - VPN


ip address unnumbered interface LoopBack1 tunnel-protocol mpls te destination 3.3.3.3 mpls te tunnel-id 13 mpls te bandwidth bc0 20 mpls te commit # ospf 1 opaque-capability enable area 0.0.0.0 network 1.1.1.1 0.0.0.0 network 100.13.1.0 0.0.0.3 network 100.12.1.0 0.0.0.3 mpls-te enable # tunnel-policy p1 tunnel select-seq cr-lsp load-balance-number 1 # return

Configuration file of the P device.


# sysname P # mpls lsr-id 4.4.4.4 mpls mpls te mpls rsvp-te # interface Pos2/0/1 link-protocol ppp undo shutdown ip address 100.13.1.2 255.255.255.252 mpls mpls te mpls te max-link-bandwidth 50 mpls te max-reservable-bandwidth 30 mpls rsvp-te # interface Pos2/0/2 link-protocol ppp undo shutdown ip address 100.34.1.1 255.255.255.252 mpls mpls te mpls te max-link-bandwidth 50 mpls te max-reservable-bandwidth 30 mpls rsvp-te # interface LoopBack1 ip address 4.4.4.4 255.255.255.255 # ospf 1 opaque-capability enable area 0.0.0.0 network 100.13.1.0 0.0.0.3 network 100.34.1.0 0.0.0.3 network 4.4.4.4 0.0.0.0 mpls-te enable # return

Configuration file of PE3.


# sysname PE3 # cfm enable # bfd #

6-244

Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd.

Issue 03 (2008-09-22)

Quidway NetEngine80E/40E Core Router Configuration Guide - VPN


mpls lsr-id 3.3.3.3 mpls mpls te mpls rsvp-te mpls te cspf # mpls l2vpn # pw-template 3to1 peer-address 1.1.1.1 control-word vccv cc cw cv lsp-ping bfd # mpls ldp # mpls ldp remote-peer 1.1.1.1 remote-ip 1.1.1.1 # interface GigabitEthernet1/0/0 undo shutdown # interface GigabitEthernet1/0/0.1 vlan-type dot1q 10 mpls l2vc pw-template 3to1 100 tunnel-policy p1 mpls l2vpn pw bfd mpls l2vpn oam-mapping 1ag md md1 ma ma1 # interface Pos2/0/1 link-protocol ppp undo shutdown ip address 100.34.1.2 255.255.255.252 mpls mpls te mpls te max-link-bandwidth 50 mpls te max-reservable-bandwidth 30 mpls rsvp-te # interface LoopBack1 ip address 3.3.3.3 255.255.255.255 # interface Tunnel2/0/0 ip address unnumbered interface LoopBack1 tunnel-protocol mpls te destination 1.1.1.1 mpls te tunnel-id 31 mpls te bandwidth bc0 20 mpls te commit # ospf 1 opaque-capability enable area 0.0.0.0 network 3.3.3.3 0.0.0.0 network 100.34.1.0 0.0.0.3 mpls-te enable # cfm md md1 ma ma1 map vlan 10 mep mep-id 31 interface GigabitEthernet1/0/0.1 outward mep ccm-send mep-id 31 enable remote-mep mep-id 30 remote-mep ccm-receive mep-id 30 enable # tunnel-policy p1 tunnel select-seq cr-lsp load-balance-number 1 # return l

6 PWE3 Configuration

Configuration file of PE2.


#

Issue 03 (2008-09-22)

Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd.

6-245

6 PWE3 Configuration

Quidway NetEngine80E/40E Core Router Configuration Guide - VPN


sysname PE2 # efm enable # bfd # mpls lsr-id 2.2.2.2 mpls # mpls l2vpn # pw-template 2to1 peer-address 1.1.1.1 control-word vccv cc cw cv lsp-ping bfd # mpls ldp # interface GigabitEthernet1/0/0 undo shutdown # interface GigabitEthernet1/0/0.1 vlan-type dot1q 10 mpls l2vc pw-template 2to1 200 mpls l2vpn pw bfd mpls l2vpn oam-mapping 1ag md md1 ma ma1 # interface Pos2/0/1 link-protocol ppp undo shutdown ip address 100.12.1.2 255.255.255.252 mpls mpls ldp # interface LoopBack1 ip address 2.2.2.2 255.255.255.255 # ospf 1 area 0.0.0.0 network 2.2.2.2 0.0.0.0 network 100.12.1.0 0.0.0.3 # cfm md md1 ma ma1 map vlan 10 mep mep-id 41 interface GigabitEthernet1/0/0.1 outward mep ccm-send mep-id 41 enable remote-mep mep-id 40 remote-mep ccm-receive mep-id 40 enable # return

6.14.15 Example for Configuring PW FRR - CEs Are Unsymmetrically Connected to PEs Through Ethernet Links, Static BFD Is Used to Detect PWs, CFM Is Used to Detect ACs
Networking Requirements
As shown in Figure 6-30, CE1 is single-homed to PE1. CE2 is dual-homed to PE2 and PE3. The networking requirements are as follows:
l

The CEs are connected to the PEs through Ethernet links.

6-246

Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd.

Issue 03 (2008-09-22)

Quidway NetEngine80E/40E Core Router Configuration Guide - VPN


l

6 PWE3 Configuration

A PW is set up between PE1 and PE3. This PW is the working PW, and uses the MPLS TE tunnel. A PW is set up between PE1 and PE2. This PW is the protection PW, and uses the MPLS LSP tunnel. Fault detection between CEs and PEs is implemented according to the IEEE802.1ag protocol (CFM). If the working line -- CE2 PE3 P PE1-- becomes faulty, the L2VPN traffic can be rapidly switched to the the protection line -- CE2 PE2 PE1. After the working line CE2 PE3 P PE1 recovers from the fault, the L2VPN traffic is switched back.

Figure 6-30 Networking diagram of PW FRR CEs are unsymmetrically connected to PEs through Ethernet links, static BFD is used to detect PWs, CFM is used to detect ACs
1 /0 / S2 /30 O P .1.2 3 0.1 0 1 1 /0 / /30 S2 3.1.1 O P 0.1 10

Loopback1 1.1.1.1/32

PO 10 S2/ 0.3 0 /2 4.1 .1/ 30 Loopback1 4.4.4.4/32

Loopback1 3.3.3.3/32 10 PO 0.3 S 4.1 2/0 .2/ /1 30

PE1
GE1/0/0

MPLS TE

PE3
PO 100 S2/0 / .1 2. 2 1.1/ 30

MP

LS

L SP
100 PO S2/0 .1 2. 1.2/ /1 30

Loopback1 2.2.2.2/32

GE1/0/0

GE1/0/0

PE2
GE1/0/1 GE1/0/0

GE1/0/0

CE1
GE1/0/1

CE2
GE1/0/2

Client1 10.1.1.1/24

Client2 10.1.1.2/24

Configuration Roadmap
The configuration roadmap is as follows: 1. 2. 3. 4. 5. 6. 7.
Issue 03 (2008-09-22)

Configure IGP on the backbone network. Set up MPLS TE tunnels between PE1 and PE3, and LSP tunnels between PE1 and PE2. Set up MPLS LDP sessions between PE1 and PE2, and between PE1 and PE3. Use PW templates to configure PWs on PEs. You need to use tunnel policies to configure the working PW because the working PW uses the MPLS TE tunnel. Set up BFD for PW sessions between PE1 and PE2, and between PE1 and PE3. On PEs and CEs, configure Ethernet OAM that complies with the IEEE802.1ag protocol. Enable association between Ethernet OAM and BFD on PEs.
Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd. 6-247

6 PWE3 Configuration

Quidway NetEngine80E/40E Core Router Configuration Guide - VPN

Data Preparation
To complete the configuration, you need the following data:
l l l l l

Tunnel policies Bandwidth for MPLS TE tunnels Name of the remote peer of MPLS LDP VC IDs of the working PW and the protection PW Name of the PW template

Configuration Procedure
1. Add the interfaces on CEs to a same VLAN. # Configure CE1.
<Quidway> system-view [Quidway] sysname CE1 [CE1] portswitch batch gigabitethernet 1/0/0 to 1/0/1 [CE1] vlan 10 [CE1-vlan10] quit [CE1] interface gigabitethernet 1/0/0 [CE1-GigabitEthernet1/0/0] port trunk allow-pass vlan 10 [CE1-GigabitEthernet1/0/0] undo shutdown [CE1-GigabitEthernet1/0/0] quit [CE1] interface gigabitethernet 1/0/1 [CE1-GigabitEthernet1/0/1] port default vlan 10 [CE1-GigabitEthernet1/0/1] undo shutdown [CE1-GigabitEthernet1/0/1] quit

# Configure CE2.
<Quidway> system-view [Quidway] sysname CE2 [CE2] portswitch batch gigabitethernet 1/0/0 to 1/0/1 [CE2] vlan 10 [CE2-vlan10] quit [CE2] interface gigabitethernet 1/0/0 [CE2-GigabitEthernet1/0/0] port trunk allow-pass vlan 10 [CE2-GigabitEthernet1/0/0] undo shutdown [CE2-GigabitEthernet1/0/0] quit [CE2] interface gigabitethernet 1/0/1 [CE2-GigabitEthernet1/0/1] port trunk allow-pass vlan 10 [CE2-GigabitEthernet1/0/1] undo shutdown [CE2-GigabitEthernet1/0/1] quit [CE2] interface gigabitethernet 1/0/2 [CE2-GigabitEthernet1/0/2] port default vlan 10 [CE2-GigabitEthernet1/0/2] undo shutdown [CE2-GigabitEthernet1/0/2] quit
NOTE

The VLAN IDs of CE1 and CE2 can be different.

After the configuration, run the display vlan command. You can see that all interfaces are added to VLAN 10, and the physical status of the interfaces is Up. Take the display on CE1 as an example.
[CE1] display vlan 10 VLAN ID Type Status MAC Learning Broadcast/Multicast/Unicast Property -------------------------------------------------------------------------10 common enable enable forward forward forward default ---------------Untagged Port: GigabitEthernet1/0/1 ---------------Tagged Port: GigabitEthernet1/0/0 ----------------

6-248

Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd.

Issue 03 (2008-09-22)

Quidway NetEngine80E/40E Core Router Configuration Guide - VPN


Interface GigabitEthernet1/0/0 GigabitEthernet1/0/1 Physical UP UP

6 PWE3 Configuration

2.

Configure IGP on the MPLS backbone network so that PEs and Ps can interwork. # Configure PE1.
[PE1] interface loopback 1 [PE1-LoopBack1] ip address 1.1.1.1 32 [PE1-LoopBack1] quit [PE1] interface pos 2/0/1 [PE1-Pos2/0/1] ip address 100.13.1.1 30 [PE1-Pos2/0/1] undo shutdown [PE1-Pos2/0/1] quit [PE1] interface pos 2/0/2 [PE1-Pos2/0/2] ip address 100.12.1.1 30 [PE1-Pos2/0/2] undo shutdown [PE1-Pos2/0/2] quit [PE1] ospf 1 [PE1-ospf-1] area 0 [PE1-ospf-1-area-0.0.0.0] network 1.1.1.1 0.0.0.0 [PE1-ospf-1-area-0.0.0.0] network 100.13.1.0 0.0.0.3 [PE1-ospf-1-area-0.0.0.0] network 100.12.1.0 0.0.0.3 [PE1-ospf-1-area-0.0.0.0] quit [PE1-ospf-1] quit

# Configure the P device.


[P] interface loopback 1 [P-LoopBack1] ip address 4.4.4.4 32 [P-LoopBack1] quit [P] interface pos 2/0/1 [P-Pos2/0/1] ip address 100.13.1.2 30 [P-Pos2/0/1] undo shutdown [P-Pos2/0/1] quit [P] interface pos 2/0/2 [P-Pos2/0/2] ip address 100.34.1.1 30 [P-Pos2/0/2] undo shutdown [P-Pos2/0/2] quit [P] ospf 1 [P-ospf-1] area 0 [P-ospf-1-area-0.0.0.0] network 4.4.4.4 0.0.0.0 [P-ospf-1-area-0.0.0.0] network 100.13.1.0 0.0.0.3 [P-ospf-1-area-0.0.0.0] network 100.34.1.0 0.0.0.3 [P-ospf-1-area-0.0.0.0] quit [P-ospf-1] quit

# Configure PE3.
[PE3] interface loopback 1 [PE3-LoopBack1] ip address 3.3.3.3 32 [PE3-LoopBack1] quit [PE3] interface pos2/0/1 [PE3-Pos2/0/1] ip address 100.34.1.2 30 [PE3-Pos2/0/1] undo shutdown [PE3-Pos2/0/1] quit [PE3] ospf 1 [PE3-ospf-1] area 0 [PE3-ospf-1-area-0.0.0.0] network 3.3.3.3 0.0.0.0 [PE3-ospf-1-area-0.0.0.0] network 100.34.1.0 0.0.0.3 [PE3-ospf-1-area-0.0.0.0] quit [PE3-ospf-1] quit

# Configure PE2.
[PE2] interface loopback 1 [PE2-LoopBack1] ip address 2.2.2.2 32 [PE2-LoopBack1] quit [PE2] interface pos 2/0/1 [PE2-Pos2/0/1] ip address 100.12.1.2 30 [PE2-Pos2/0/1] undo shutdown [PE2-Pos2/0/1] quit [PE2] ospf 1

Issue 03 (2008-09-22)

Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd.

6-249

6 PWE3 Configuration

Quidway NetEngine80E/40E Core Router Configuration Guide - VPN


[PE2-ospf-1] area 0 [PE2-ospf-1-area-0.0.0.0] network 2.2.2.2 0.0.0.0 [PE2-ospf-1-area-0.0.0.0] network 100.12.1.0 0.0.0.3 [PE2-ospf-1-area-0.0.0.0] quit [PE2-ospf-1] quit

After the configuration, run the display ip routing-table command on the PEs, and you can see that PE1 and PE2, and PE1 and PE3 have learned the routes on the Loopback1 interface of each other. Take the display on PE1 as an example.
<PE1> display ip routing-table Route Flags: R - relied, D - download to fib -----------------------------------------------------------------------------Routing Tables: Public Destinations : 13 Routes : 13 Destination/Mask Proto Pre Cost Flags NextHop Interface 1.1.1.1/32 Direct 0 0 D 127.0.0.1 InLoopBack0 2.2.2.2/32 OSPF 10 2 D 100.12.1.2 Pos2/0/2 3.3.3.3/32 OSPF 10 3 D 100.13.1.2 Pos2/0/1 4.4.4.4/32 OSPF 10 2 D 100.13.1.2 Pos2/0/1 100.12.1.0/30 Direct 0 0 D 100.12.1.1 Pos2/0/2 100.12.1.1/32 Direct 0 0 D 127.0.0.1 InLoopBack0 100.12.1.2/32 Direct 0 0 D 100.12.1.2 Pos2/0/2 100.13.1.0/30 Direct 0 0 D 100.13.1.1 Pos2/0/1 100.13.1.1/32 Direct 0 0 D 127.0.0.1 InLoopBack0 100.13.1.2/32 Direct 0 0 D 100.13.1.2 Pos2/0/1 100.34.1.0/30 OSPF 10 2 D 100.13.1.2 Pos2/0/1 127.0.0.0/8 Direct 0 0 D 127.0.0.1 InLoopBack0 127.0.0.1/32 Direct 0 0 D 127.0.0.1 InLoopBack0

3.

Configure the basic MPLS functions on the MPLS backbone network. # Enable MPLS, and set LSR-ID as the IP address of the Loopback1 interface. Enable MPLS on interfaces of the backbone network. # Configure PE1.
[PE1] mpls lsr-id 1.1.1.1 [PE1] mpls [PE1-mpls] quit [PE1] interface pos2/0/1 [PE1-Pos2/0/1] mpls [PE1-Pos2/0/1] quit [PE1] interface pos2/0/2 [PE1-Pos2/0/2] mpls [PE1-Pos2/0/2] quit

# Configure the P device.


[P] mpls lsr-id 4.4.4.4 [P] mpls [P-mpls] quit [P] interface pos2/0/1 [P-Pos2/0/1] mpls [P-Pos2/0/1] quit [P] interface pos 2/0/2 [P-Pos2/0/2] mpls [P-Pos2/0/2] quit

# Configure PE2.
[PE2] mpls lsr-id 2.2.2.2 [PE2] mpls [PE2-mpls] quit [PE2] interface pos 2/0/1 [PE2-Pos2/0/1] mpls [PE2-Pos2/0/1] quit

# Configure PE3.
[PE3] mpls lsr-id 3.3.3.3 [PE3] mpls

6-250

Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd.

Issue 03 (2008-09-22)

Quidway NetEngine80E/40E Core Router Configuration Guide - VPN


[PE3-mpls] quit [PE3] interface pos 2/0/1 [PE3-Pos2/0/1] mpls [PE3-Pos2/0/1] quit

6 PWE3 Configuration

4.

Set up MPLS TE tunnels between PE1 and PE3, and LSP tunnels between PE1 and PE2. # Configure PE1.
[PE1] mpls [PE1-mpls] mpls te [PE1-mpls] mpls rsvp-te [PE1-mpls] mpls te cspf [PE1-mpls] quit [PE1] interface pos2/0/1 [PE1-Pos2/0/1] mpls te [PE1-Pos2/0/1] mpls rsvp-te [PE1-Pos2/0/1] mpls te max-link-bandwidth 50 [PE1-Pos2/0/1] mpls te max-reservable-bandwidth 30 [PE1-Pos2/0/1] quit [PE1] mpls ldp [PE1-mpls-ldp] quit [PE1] interface pos2/0/2 [PE1-Pos2/0/2] mpls ldp [PE1-Pos2/0/2] quit [PE1] interface tunnel2/0/0 [PE1-Tunnel2/0/0] ip address unnumbered interface loopback1 [PE1-Tunnel2/0/0] tunnel-protocol mpls te [PE1-Tunnel2/0/0] destination 3.3.3.3 [PE1-Tunnel2/0/0] mpls te tunnel-id 13 [PE1-Tunnel2/0/0] mpls te bandwidth bc0 20 [PE1-Tunnel2/0/0] mpls te commit [PE1-Tunnel2/0/0] quit [PE1] ospf 1 [PE1-ospf-1] opaque-capability enable [PE1-ospf-1] area 0 [PE1-ospf-1-area-0.0.0.0] mpls-te enable [PE1-ospf-1-area-0.0.0.0] quit [PE1-ospf-1] quit

# Configure the P device.


[P] mpls [P-mpls] mpls te [P-mpls] mpls rsvp-te [P-mpls] quit [P] interface pos2/0/1 [P-Pos2/0/1] mpls te [P-Pos2/0/1] mpls rsvp-te [P-Pos2/0/1] mpls te max-link-bandwidth 50 [P-Pos2/0/1] mpls te max-reservable-bandwidth 30 [P-Pos2/0/1] quit [P] interface pos 2/0/2 [P-Pos2/0/2] mpls te [P-Pos2/0/2] mpls rsvp-te [P-Pos2/0/2] mpls te max-link-bandwidth 50 [P-Pos2/0/2] mpls te max-reservable-bandwidth 30 [P-Pos2/0/2] quit [P] ospf 1 [P-ospf-1] opaque-capability enable [P-ospf-1] area 0 [P-ospf-1-area-0.0.0.0] mpls-te enable [P-ospf-1-area-0.0.0.0] quit [P-ospf-1] quit

# Configure PE3.
[PE3] mpls [PE3-mpls] mpls [PE3-mpls] mpls [PE3-mpls] mpls [PE3-mpls] quit [PE3] interface te rsvp-te te cspf pos2/0/1

Issue 03 (2008-09-22)

Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd.

6-251

6 PWE3 Configuration

Quidway NetEngine80E/40E Core Router Configuration Guide - VPN


[PE3-Pos2/0/1] mpls te [PE3-Pos2/0/1] mpls rsvp-te [PE3-Pos2/0/1] mpls te max-link-bandwidth 50 [PE3-Pos2/0/1] mpls te max-reservable-bandwidth 30 [PE3-Pos2/0/1] quit [PE3] interface tunnel2/0/0 [PE3-Tunnel2/0/0] ip address unnumbered interface LoopBack1 [PE3-Tunnel2/0/0] tunnel-protocol mpls te [PE3-Tunnel2/0/0] destination 1.1.1.1 [PE3-Tunnel2/0/0] mpls te tunnel-id 31 [PE3-Tunnel2/0/0] mpls te bandwidth bc0 20 [PE3-Tunnel2/0/0] mpls te commit [PE3-Tunnel2/0/0] quit [PE3] ospf 1 [PE3-ospf-1] opaque-capability enable [PE3-ospf-1] area0 [PE3-ospf-1-area-0.0.0.0] mpls-te enable [PE3-ospf-1-area-0.0.0.0] quit [PE3-ospf-1] quit

# Configure PE2.
[PE2] mpls ldp [PE2-mpls-ldp] quit [PE2] interface pos2/0/1 [PE2-Pos2/0/1] mpls ldp [PE2-Pos2/0/1] quit

After the configuration, run the display tunnel-info all command on PEs. You can see that MPLS TE tunnels are set up between PE1 and PE3, and MPLS LSP tunnels are set up between PE1 and PE2. Take the display on PE1 as an example.
<PE1> display tunnel-info all * -> Allocated VC Token Tunnel ID Type Destination Token ---------------------------------------------------------------------0x42002000 cr lsp 3.3.3.3 0 0x2002001 lsp -1 0x2002002 lsp 2.2.2.2 2

5.

Set up remote LDP sessions between PEs. # Configure remote LDP sessions. Usually, addresses of the Loopback interfaces of the remote LDP peers are set as the IP addresses for remote LDP sessions.
NOTE

In this example, PE1 and PE2 are directly connected and you do not need to manually configure remote LDP sessions between them.

# Configure PE1.
[PE1] mpls ldp remote-peer 3.3.3.3 [PE1-mpls-ldp-remote-3.3.3.3] remote-ip 3.3.3.3

# Configure PE3.
[PE3] mpls ldp [PE3-mpls-ldp] quit [PE3] mpls ldp remote-peer 1.1.1.1 [PE3-mpls-ldp-remote-1.1.1.1] remote-ip 1.1.1.1

After the configuration, run the display mpls ldp session on PEs. You can see that the status of the remote LDP peer relationship is Operational. This indicates that remote LDP sessions are set up. Take the display on PE1 as an example.
<PE1> display mpls ldp session LDP Session(s) in Public Network ------------------------------------------------------------------------------

6-252

Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd.

Issue 03 (2008-09-22)

Quidway NetEngine80E/40E Core Router Configuration Guide - VPN


Peer-ID Status LAM SsnRole SsnAge

6 PWE3 Configuration
KA-Sent/Rcv

-----------------------------------------------------------------------------2.2.2.2:0 Operational DU Passive 000:00:03 16/16 3.3.3.3:0 Operational DU Passive 000:00:00 1/1 -----------------------------------------------------------------------------TOTAL: 2 session(s) Found. LAM : Label Advertisement Mode SsnAge Unit : DDD:HH:MM

6.

Configure tunnel policies on PEs. # Configure PE1.


[PE1] tunnel-policy p1 [PE1-tunnel-policy-p1] tunnel select-seq cr-lsp load-balance-number 1 [PE1-tunnel-policy-p1] quit

# Configure PE3.
[PE3] tunnel-policy p1 [PE3-tunnel-policy-p1] tunnel select-seq cr-lsp load-balance-number 1 [PE3-tunnel-policy-p1] quit

7.

Configure PWs on PEs by using PW templates. # Configure a working PW and a protection PW on PE1. Configure a PW on PE2 and PE3 respectively. The two PWs are both working PWs. # Configure PE1.
[PE1] mpls l2vpn [PE1-l2vpn] quit [PE1] pw-template 1to2 [PE1-pw-template-1to2] peer-address 2.2.2.2 [PE1-pw-template-1to2] control-word [PE1-pw-template-1to2] vccv cc cw cv lsp-ping bfd [PE1-pw-template-1to2] quit [PE1] pw-template 1to3 [PE1-pw-template-1to3] peer-address 3.3.3.3 [PE1-pw-template-1to3] control-word [PE1-pw-template-1to3] vccv cc cw cv lsp-ping bfd [PE1-pw-template-1to3] quit [PE1] interface gigabitethernet 1/0/0.1 [PE1-GigabitEthernet1/0/0.1] vlan-type dot1q 10 [PE1-GigabitEthernet1/0/0.1] mpls l2vc pw-template 1to3 100 tunnel-policy p1 [PE1-GigabitEthernet1/0/0.1] mpls l2vc pw-template 1to2 200 secondary [PE1-GigabitEthernet1/0/0.1] undo shutdown [PE1-GigabitEthernet1/0/0.1] quit

# Configure PE2.
[PE2] mpls l2vpn [PE2-l2vpn] quit [PE2] pw-template 2to1 [PE2-pw-template-2to1] peer-address 1.1.1.1 [PE2-pw-template-2to1] control-word [PE2-pw-template-2to1] vccv cc cw cv lsp-ping bfd [PE2-pw-template-2to1] quit [PE2] interface gigabitethernet 1/0/0.1 [PE2-GigabitEthernet1/0/0.1] vlan-type dot1q 10 [PE2-GigabitEthernet1/0/0.1] mpls l2vc pw-template 2to1 200 [PE2-GigabitEthernet1/0/0.1] undo shutdown [PE2-GigabitEthernet1/0/0.1] quit

# Configure PE3.
[PE3] mpls l2vpn [PE3-l2vpn] quit [PE3] pw-template 3to1 [PE3-pw-template-3to1] peer-address 1.1.1.1 [PE3-pw-template-3to1] control-word [PE3-pw-template-3to1] vccv cc cw cv lsp-ping bfd [PE3-pw-template-3to1] quit [PE3] interface gigabitethernet 1/0/0.1

Issue 03 (2008-09-22)

Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd.

6-253

6 PWE3 Configuration
[PE3-GigabitEthernet1/0/0.1] [PE3-GigabitEthernet1/0/0.1] [PE3-GigabitEthernet1/0/0.1] [PE3-GigabitEthernet1/0/0.1]

Quidway NetEngine80E/40E Core Router Configuration Guide - VPN


vlan-type dot1q 10 mpls l2vc pw-template 3to1 100 tunnel-policy p1 undo shutdown quit

After the configuration, run the display pw-template command on PEs. You can view the information about the configurations of PW templates, and you can see that VCCV is enabled. Take the display on PE1 as an example.
[PE1] display pw-template Total PW template number : 2 PW Template Name : 1to2 PeerIP : 2.2.2.2 Tnl Policy Name : -CtrlWord : Enable VCCV Capability : cw lsp-ping bfd Behavior Name : -Total PW : 1, Static PW : 0, LDP PW : 1, Rsvp PW : 0 PW Template Name : 1to3 PeerIP : 3.3.3.3 Tnl Policy Name : -CtrlWord : Enable VCCV Capability : cw lsp-ping bfd Behavior Name : -Total PW : 1, Static PW : 0, LDP PW : 1, Rsvp PW : 0

After the configuration, run the display mpls l2vc interface command on PEs. You can see that the working PW and protection PW are set up and are Up. The working PW is Active, and the protection PW is InActive. Take the display on PE1 as an example.
<PE1> display mpls l2vc interface gigabitethernet 1/0/0.1 *client interface : GigabitEthernet1/0/0.1 is up session state : up AC state : up VC state : up VC ID : 100 VC type : vlan destination : 3.3.3.3 local group ID : 0 remote group ID : 0 local VC label : 21504 remote VC label : 21504 local AC OAM State : up local PSN State : up local forwarding state : forwarding remote AC OAM state : up remote PSN state : up remote forwarding state: forwarding BFD for PW : unavailable manual fault : not set active state : active forwarding entry : exist link state : up local VC MTU : 1500 remote VC MTU : 1500 local VCCV : cw lsp-ping bfd remote VCCV : cw lsp-ping bfd local control word : enable remote control word : enable tunnel policy : p1 traffic behavior : -PW template name : 1to3 primary or secondary : primary VC tunnel/token info : 1 tunnels/tokens NO.0 TNL type : cr lsp, TNL ID : 0x42002000 create time : 0 days, 0 hours, 23 minutes, 7 seconds up time : 0 days, 0 hours, 1 minutes, 21 seconds last change time : 0 days, 0 hours, 1 minutes, 21 seconds *client interface : GigabitEthernet1/0/0.1 is up session state : up AC state : up

6-254

Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd.

Issue 03 (2008-09-22)

Quidway NetEngine80E/40E Core Router Configuration Guide - VPN


VC state : VC ID : VC type : destination : local group ID : local VC label : local AC OAM state : local PSN state : local forwarding state : remote AC OAM state : remote PSN state : remote forwarding state: BFD for PW : manual fault : active state : forwarding entry : link state : local VC MTU : local VCCV : remote VCCV : local control word : tunnel policy : traffic behavior : PW template name : primary or secondary : VC tunnel/token info : NO.0 TNL type : lsp create time : up time : last change time : reroute policy : reason of last reroute : time of last reroute : delay timer ID : resume timer ID :

6 PWE3 Configuration
up 200 vlan 2.2.2.2 0 remote group ID : 0 21505 remote VC label : 21505 up up forwarding up up forwarding unavailable not set inactive existent up 1500 remote VC MTU : 1500 cw lsp-ping bfd cw lsp-ping bfd enable remote control word : enable --1to2 secondary 1 tunnels/tokens , TNL ID : 0x2002001 0 days, 0 hours, 22 minutes, 19 seconds 0 days, 0 hours, 1 minutes, 32 seconds 0 days, 0 hours, 1 minutes, 32 seconds delay 30 s, resume 0 s New LDP mapping message was received 0 days, 0 hours, 0 minutes, 50 seconds -rest time :--rest time :--

Client1 can ping through the address 10.1.1.2 on Client2.


[Client] ping 10.1.1.2 PING 10.1.1.2: 56 data bytes, press CTRL_C to break Reply from 10.1.1.2: bytes=56 Sequence=1 ttl=255 time=180 ms Reply from 10.1.1.2: bytes=56 Sequence=2 ttl=255 time=150 ms Reply from 10.1.1.2: bytes=56 Sequence=3 ttl=255 time=150 ms Reply from 10.1.1.2: bytes=56 Sequence=4 ttl=255 time=190 ms Reply from 10.1.3.110.1.1.2: bytes=56 Sequence=5 ttl=255 time=160 ms --- 10.1.1.2 ping statistics --5 packet(s) transmitted 5 packet(s) received 0.00% packet loss round-trip min/avg/max = 150/166/190 ms

Run the display mac-address dynamic command on CEs. Here, CE2 is taken as an example. You can see that GE1/0/0 and GE1/0/2 of CE2 have respectively learnt the MAC addresses of Client1 (00e0-413f-8401) and Client2 (00e0-c279-e10a 10). This indicates that the clients now use the working line CE2 PE3 P PE1 for data transmission between themselves.
[CE2] display mac-address dynamic 1 MAC Address VLAN/VSI PEVLAN CEVLAN Port Type Lsp ------------------------------------------------------------------------------00e0-413f-8401 10 GigabitEthernet1/0/0 dynamic 1/0 00e0-c279-e10a 10 GigabitEthernet1/0/2 dynamic 1/0 Total 2 ,2 printed

8.

Configure the BFD for PW function on PEs.


NOTE

Here, static BFD for PW is taken as an example.

# Configure PE1.
Issue 03 (2008-09-22) Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd. 6-255

6 PWE3 Configuration

Quidway NetEngine80E/40E Core Router Configuration Guide - VPN


[PE1] bfd [PE1-bfd] quit [PE1] bfd 1to3 bind pw interface gigabitethernet 1/0/0.1 [PE1-bfd-lsp-session-1to3] discriminator local 13 [PE1-bfd-lsp-session-1to3] discriminator local 31 [PE1-bfd-lsp-session-1to3] commit [PE1-bfd-lsp-session-1to3] quit [PE1] bfd 1to2 bind pw interface gigabitethernet 1/0/0.1 secondary [PE1-bfd-lsp-session-1to2] discriminator local 12 [PE1-bfd-lsp-session-1to2] discriminator local 21 [PE1-bfd-lsp-session-1to2] commit [PE1-bfd-lsp-session-1to2] quit

# Configure PE2.
[PE2] bfd [PE2-bfd] quit [PE2] bfd 2to1 bind pw interface gigabitethernet 1/0/0.1 [PE2-bfd-lsp-session-2to1] discriminator local 21 [PE2-bfd-lsp-session-2to1] discriminator local 12 [PE2-bfd-lsp-session-2to1] commit [PE2-bfd-lsp-session-2to1] quit

# Configure PE3.
[PE3] bfd [PE3-bfd] quit [PE3] bfd 3to1 bind pw interface gigabitethernet 1/0/0.1 [PE3-bfd-lsp-session-3to1] discriminator local 31 [PE3-bfd-lsp-session-3to1] discriminator local 13 [PE3-bfd-lsp-session-3to1] commit [PE3-bfd-lsp-session-3to1] quit

After the configuration, BFD sessions are set up between PE1 and PE2, and between PE1 and PE3. Run the display bfd session all command. You can see that State is Up. Take the display on PE1 as an example.
<PE1> display bfd session all ------------------------------------------------------------------------------Local Remote PeerIpAddr InterfaceName State Type ------------------------------------------------------------------------------13 31 --.--.--.-GigabitEthernet1/0/0.1 Up D_PW(M) 12 21 --.--.--.-GigabitEthernet1/0/0.1 Up D_PW(S) ------------------------------------------------------------------------------Total UP/DOWN Session Number : 2/0

9.

Configure Ethernet OAM on PEs and CEs.


NOTE

In this example, Ethernet OAM complies with the IEEE802.1ag protocol (CFM).

# Configure CE2.
[CE2] cfm enable [CE2] cfm trigger vlan 10 mac-renew [CE2] cfm md md1 level 0 [CE2-md-md1] ma ma1 [CE2-md-md1-ma-ma1] map vlan 10 [CE2-md-md1-ma-ma1] mep mep-id 30 interface gigabitethernet 1/0/0 outward [CE2-md-md1-ma-ma1] remote-mep mep-id 31 [CE2-md-md1-ma-ma1] mep ccm-send enable [CE2-md-md1-ma-ma1] remote-mep ccm-receive enable [CE2-md-md1-ma-ma1] quit [CE2-md-md1] ma ma2 [CE2-md-md1-ma-ma1] map vlan 10 [CE2-md-md1-ma-ma1] mep mep-id 40 interface gigabitethernet 1/0/1 outward [CE2-md-md1-ma-ma1] remote-mep mep-id 41 [CE2-md-md1-ma-ma1] mep ccm-send enable [CE2-md-md1-ma-ma1] remote-mep ccm-receive enable

6-256

Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd.

Issue 03 (2008-09-22)

Quidway NetEngine80E/40E Core Router Configuration Guide - VPN


[CE2-md-md1-ma-ma1] quit [CE2-md-md1] quit

6 PWE3 Configuration

# Configure PE2.
[PE2] cfm enable [PE2] cfm md md1 level 0 [PE2-md-md1] ma ma1 [PE2-md-md1-ma-ma1] map vlan 10 [PE2-md-md1-ma-ma1] mep mep-id 41 interface gigabitethernet 1/0/0.1 outward [PE2-md-md1-ma-ma1] remote-mep mep-id 40 [PE2-md-md1-ma-ma1] mep ccm-send enable [PE2-md-md1-ma-ma1] remote-mep ccm-receive enable [PE2-md-md1-ma-ma1] quit [PE2-md-md1] quit

# Configure PE3.
[PE3] cfm enable [PE3] cfm md md1 level 0 [PE3-md-md1] ma ma1 [PE3-md-md1-ma-ma1] map vlan 10 [PE3-md-md1-ma-ma1] mep mep-id 31 interface gigabitethernet 1/0/0.1 outward [PE3-md-md1-ma-ma1] remote-mep mep-id 30 [PE3-md-md1-ma-ma1] mep ccm-send enable [PE3-md-md1-ma-ma1] remote-mep ccm-receive enable [PE3-md-md1-ma-ma1] quit [PE3-md-md1] quit

After the configuration, run the display cfm remote-mep command on PE2, PE3, or CE2. You can see that CFM is Up. Take the display on PE3 as an example.
[PE3] display cfm remote-mep The total number of RMEPs is : 1 ---------------------------------------------------------------------GigabitEthernet1/0/0 detect -<CE1> display efm session all Interface EFM State Loopback Timeou -------------------------------------------------MD Name : md1 Level : 0 MA Name : ma1 RMEP ID : 30 Vlan ID : 10 VSI Name : -MAC : -CCM Receive : enabled Trigger-If-Down : disabled CFM Status : up

10. Configure association between Eth OAM and BFD on PEs. # Take the configuration of PE2 as an example. Configuration on PE3 is the same, and is not mentioned here.
[PE2] oam-mgr [PE2-oam-mgr] oam-bind cfm md md1 ma ma1 bfd-session 21 [PE2-oam-mgr] quit

11. Verify the configuration.


l

View the status of PWs.

Run the display mpls l2vc interface command on PE1. If the configuration is successful, you can see that the working PW is Active, the protection PW is InActive, and BFD for PW for the working and protection PWs is available.
<PE1> display mpls l2vc interface gigabitethernet 1/0/0.1 *client interface : GigabitEthernet1/0/0.1 is up session state : up AC state : up VC state : up

Issue 03 (2008-09-22)

Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd.

6-257

6 PWE3 Configuration

Quidway NetEngine80E/40E Core Router Configuration Guide - VPN


VC ID : 100 VC type : vlan destination : 3.3.3.3 local group ID : 0 remote group ID : 0 local VC label : 21504 remote VC label : 21504 local AC OAM State : up local PSN State : up local forwarding state : forwarding remote AC OAM state : up remote PSN state : up remote forwarding state: forwarding Dynamic BFD for PW : enable Detect Multipier : 3 Min Transit Interval : 1000 Max Receive Interval : 1000 Dynamic BFD Session : built BFD for PW : available BFD sessionIndex : 256 BFD state : up manual fault : not set active state : active forwarding entry : exist link state : up local VC MTU : 1500 remote VC MTU : 1500 local VCCV : cw lsp-ping bfd remote VCCV : cw lsp-ping bfd local control word : enable remote control word : enable tunnel policy : p1 traffic behavior : -PW template name : 1to3 primary or secondary : primary VC tunnel/token info : 1 tunnels/tokens NO.0 TNL type : cr lsp, TNL ID : 0x42002000 create time : 0 days, 1 hours, 5 minutes, 19 seconds up time : 0 days, 0 hours, 43 minutes, 33 seconds last change time : 0 days, 0 hours, 43 minutes, 33 seconds *client interface : GigabitEthernet1/0/0.1 is up session state : up AC state : up VC state : up VC ID : 200 VC type : vlan destination : 2.2.2.2 local group ID : 0 remote group ID : 0 local VC label : 21505 remote VC label : 21505 local AC OAM state : up local PSN state : up local forwarding state : forwarding remote AC OAM state : up remote PSN state : up remote forwarding state: forwarding Dynamic BFD for PW : enable Detect Multipier : 3 Min Transit Interval : 100 Max Receive Interval : 100 Dynamic BFD Session : built BFD for PW : available BFD sessionIndex : 257 BFD state : up manual fault : not set active state : inactive forwarding entry : existent link state : up local VC MTU : 1500 remote VC MTU : 1500 local VCCV : cw lsp-ping bfd remote VCCV : cw lsp-ping bfd local control word : enable remote control word : enable tunnel policy : -traffic behavior : -PW template name : 1to2 primary or secondary : secondary

6-258

Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd.

Issue 03 (2008-09-22)

Quidway NetEngine80E/40E Core Router Configuration Guide - VPN


VC tunnel/token info NO.0 TNL type : lsp create time up time last change time reroute policy reason of last reroute time of last reroute delay timer ID resume timer ID l

6 PWE3 Configuration
: 1 tunnels/tokens , TNL ID : 0x2002001 : 0 days, 1 hours, 4 minutes, 31 seconds : 0 days, 0 hours, 43 minutes, 44 seconds : 0 days, 0 hours, 43 minutes, 44 seconds : delay 30 s, resume 0 s : New LDP mapping message was received : 0 days, 0 hours, 43 minutes, 2 seconds : -rest time :-: -rest time :--

Verify the working-protection switchover of PWs on PE1.

Disable Ethernet OAM on GE1/0/0 of CE2, and simulate a remote AC fault.


[CE2] cfm md md1 [CE2-md-md1] ma ma1 [CE2-md-md1-ma-ma1] undo mep ccm-send enable [CE2-md-md1-ma-ma1] undo remote-mep ccm-receive enable [CE2-md-md1-ma-ma1] quit [CE2-md-md1] quit

Run the display mpls l2vc interface command on PE1. Then, PE1 identifies that OAM is Down on the remote AC. Working-protection switchover of PWs is carried out on PE1: the working PW changes to InActive, and the protection PW changes to Active.
<PE1> display mpls l2vc interface gigabitethernet 1/0/0.1 *client interface : GigabitEthernet1/0/0.1 is up session state : up AC state : up VC state : up VC ID : 100 VC type : vlan destination : 3.3.3.3 local group ID : 0 remote group ID : 0 local VC label : 21504 remote VC label : 21504 local AC OAM State : up local PSN State : up local forwarding state : forwarding remote AC OAM state : down remote PSN state : up remote forwarding state: forwarding Dynamic BFD for PW : enable Detect Multipier : 3 Min Transit Interval : 1000 Max Receive Interval : 1000 Dynamic BFD Session : built BFD for PW : available BFD sessionIndex : 256 BFD state : up manual fault : not set active state : inactive forwarding entry : exist link state : up local VC MTU : 1500 remote VC MTU : 1500 local VCCV : cw lsp-ping bfd remote VCCV : cw lsp-ping bfd local control word : enable remote control word : enable tunnel policy : p1 traffic behavior : -PW template name : 1to3 primary or secondary : primary VC tunnel/token info : 1 tunnels/tokens NO.0 TNL type : cr lsp, TNL ID : 0x42002000 create time : 0 days, 1 hours, 5 minutes, 19 seconds up time : 0 days, 0 hours, 43 minutes, 33 seconds last change time : 0 days, 0 hours, 43 minutes, 33 seconds *client interface : GigabitEthernet1/0/0.1 is up session state : up AC state : up VC state : up VC ID : 200

Issue 03 (2008-09-22)

Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd.

6-259

6 PWE3 Configuration
VC type : destination : local group ID : local VC label : local AC OAM state : local PSN state : local forwarding state : remote AC OAM state : remote PSN state : remote forwarding state: Dynamic BFD for PW : Detect Multipier : Min Transit Interval : Max Receive Interval : Dynamic BFD Session : BFD for PW : BFD sessionIndex : manual fault : active state : forwarding entry : link state : local VC MTU : local VCCV : remote VCCV : local control word : tunnel policy : traffic behavior : PW template name : primary or secondary : VC tunnel/token info : NO.0 TNL type : lsp create time : up time : last change time : reroute policy : reason of last reroute : time of last reroute : delay timer ID : resume timer ID :

Quidway NetEngine80E/40E Core Router Configuration Guide - VPN


vlan 2.2.2.2 0 remote group ID : 0 21505 remote VC label : 21505 up up forwarding up up forwarding enable 3 100 100 built available 257 BFD state : up not set active existent up 1500 remote VC MTU : 1500 cw lsp-ping bfd cw lsp-ping bfd enable remote control word : enable --1to2 secondary 1 tunnels/tokens , TNL ID : 0x2002001 0 days, 1 hours, 6 minutes, 30 seconds 0 days, 0 hours, 1 minutes, 0 seconds 0 days, 0 hours, 1 minutes, 0 seconds delay 30 s, resume 0 s New LDP mapping message was received 0 days, 0 hours, 18 minutes, 37 seconds -rest time :--rest time :--

Client1 can ping through the address 10.1.1.2 on Client2.


[Client1] ping 10.1.1.2 PING 10.1.1.2: 56 data bytes, press CTRL_C to break Reply from 10.1.1.2: bytes=56 Sequence=1 ttl=254 time=210 Reply from 10.1.1.2: bytes=56 Sequence=2 ttl=254 time=190 Reply from 10.1.1.2: bytes=56 Sequence=3 ttl=254 time=160 Reply from 10.1.1.2: bytes=56 Sequence=4 ttl=254 time=130 Reply from 10.1.1.2: bytes=56 Sequence=5 ttl=254 time=190 --- 10.1.1.2 ping statistics --5 packet(s) transmitted 5 packet(s) received 0.00% packet loss round-trip min/avg/max = 130/176/210 ms ms ms ms ms ms

Run the display mac-address dynamic command once again on CEs. Here, CE2 is taken as an example. You can see that GE1/0/1 and GE1/0/2 of CE2 have once again learnt the MAC addresses of Client1 (00e0-413f-8401) and Client2 (00e0-c279-e10a 10). This indicates that the clients now use the protection line CE2 PE2 PE1 for data transmission between themselves.
[CE2] display mac-address dynamic 1 MAC Address VLAN/VSI PEVLAN CEVLAN Port Type Lsp ------------------------------------------------------------------------------00e0-413f-8401 10 GigabitEthernet1/0/1 dynamic 1/0 00e0-c279-e10a 10 GigabitEthernet1/0/2 dynamic 1/0 Total 2 ,2 printed

6-260

Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd.

Issue 03 (2008-09-22)

Quidway NetEngine80E/40E Core Router Configuration Guide - VPN

6 PWE3 Configuration

Configure Ethernet OAM once again on GE1/0/0 of CE2, and disable the fault that is manually simulated.
[CE2] cfm md md1 [CE2-md-md1] ma ma1 [CE2-md-md1-ma-ma1] mep ccm-send enable [CE2-md-md1-ma-ma1] remote-mep ccm-receive enable [CE2-md-md1-ma-ma1] quit [CE2-md-md1] quit

Run the display mpls l2vc interface command on PE1. Then, PE1 identifies that OAM is Up on the remote AC, which indicates that the fault has been rectified. The workingprotection switchover of PWs is carried out on PE1, the working PW changes back to Active, and the protection PW changes back to InActive.
[PE1] display mpls l2vc interface gigabitethernet 1/0/0.1 *client interface : GigabitEthernet1/0/0.1 is up session state : up AC state : up VC state : up VC ID : 100 VC type : vlan destination : 3.3.3.3 local group ID : 0 remote group ID : 0 local VC label : 21504 remote VC label : 21504 local AC OAM State : up local PSN State : up local forwarding state : forwarding remote AC OAM state : up remote PSN state : up remote forwarding state: forwarding Dynamic BFD for PW : enable Detect Multipier : 3 Min Transit Interval : 1000 Max Receive Interval : 1000 Dynamic BFD Session : built BFD for PW : available BFD sessionIndex : 256 BFD state : up manual fault : not set active state : active forwarding entry : exist link state : up local VC MTU : 1500 remote VC MTU : 1500 local VCCV : cw lsp-ping bfd remote VCCV : cw lsp-ping bfd local control word : enable remote control word : enable tunnel policy : p1 traffic behavior : -PW template name : 1to3 primary or secondary : primary VC tunnel/token info : 1 tunnels/tokens NO.0 TNL type : cr lsp, TNL ID : 0x42002000 create time : 0 days, 1 hours, 15 minutes, 40 seconds up time : 0 days, 0 hours, 43 minutes, 33 seconds last change time : 0 days, 0 hours, 43 minutes, 33 seconds *client interface : GigabitEthernet1/0/0.1 is up session state : up AC state : up VC state : up VC ID : 200 VC type : vlan destination : 2.2.2.2 local group ID : 0 remote group ID : 0 local VC label : 21505 remote VC label : 21505 local AC OAM state : up local PSN state : up local forwarding state : forwarding remote AC OAM state : up remote PSN state : up remote forwarding state: forwarding

Issue 03 (2008-09-22)

Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd.

6-261

6 PWE3 Configuration
Dynamic BFD for PW Detect Multipier Min Transit Interval Max Receive Interval Dynamic BFD Session BFD for PW BFD sessionIndex manual fault active state forwarding entry link state local VC MTU local VCCV remote VCCV local control word tunnel policy traffic behavior PW template name primary or secondary VC tunnel/token info NO.0 TNL type : lsp create time up time last change time reroute policy reason of last reroute time of last reroute delay timer ID resume timer ID : : : : : : : : : : : : : : : : : : : : : : : : : : : :

Quidway NetEngine80E/40E Core Router Configuration Guide - VPN


enable 3 100 100 built available 257 BFD state : up not set inactive existent up 1500 remote VC MTU : 1500 cw lsp-ping bfd cw lsp-ping bfd enable remote control word : enable --1to2 secondary 1 tunnels/tokens , TNL ID : 0x2002001 0 days, 1 hours, 16 minutes, 30 seconds 0 days, 0 hours, 1 minutes, 0 seconds 0 days, 0 hours, 1 minutes, 0 seconds delay 30 s, resume 0 s New LDP mapping message was received 0 days, 0 hours, 18 minutes, 37 seconds -rest time :--rest time :--

Client1 can ping through the address 10.1.1.2 on Client2.


[Client1] ping 10.1.1.2 PING 10.1.1.2: 56 data bytes, press CTRL_C to break Reply from 10.1.1.2: bytes=56 Sequence=1 ttl=254 time=210 Reply from 10.1.1.2: bytes=56 Sequence=2 ttl=254 time=190 Reply from 10.1.1.2: bytes=56 Sequence=3 ttl=254 time=160 Reply from 10.1.1.2: bytes=56 Sequence=4 ttl=254 time=130 Reply from 10.1.1.2: bytes=56 Sequence=5 ttl=254 time=190 --- 10.1.1.2 ping statistics --5 packet(s) transmitted 5 packet(s) received 0.00% packet loss round-trip min/avg/max = 130/176/210 ms ms ms ms ms ms

Run the display mac-address dynamic command on CEs. Here, CE2 is taken as an example. You can see that GE1/0/0 and GE1/0/2 of CE2 have once again learnt the MAC addresses of Client1 (00e0-413f-8401) and Client2 (00e0-c279-e10a). This indicates that the clients once again use the working line CE2 PE3 P PE1 for data transmission between themselves.
[CE2] display mac-address dynamic 1 MAC Address VLAN/VSI PEVLAN CEVLAN Port Type Lsp ------------------------------------------------------------------------------00e0-413f-8401 10 GigabitEthernet1/0/1 dynamic 1/0 00e0-c279-e10a 10 GigabitEthernet1/0/2 dynamic 1/0 Total 2 ,2 printed

Configuration Files
l

Configuration file of CE1.


# sysname CE1 # vlan batch 10 # interface GigabitEthernet1/0/0 undo shutdown

6-262

Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd.

Issue 03 (2008-09-22)

Quidway NetEngine80E/40E Core Router Configuration Guide - VPN


portswitch port trunk allow-pass vlan 10 # interface PosGigabitEthernet1/0/1 undo shutdown portswitch port default vlan 10 # return l

6 PWE3 Configuration

Configuration file of CE2.


# sysname CE2 # vlan batch 10 # cfm enable cfm trigger vlan 10 mac-renew # interface GigabitEthernet1/0/0 undo shutdown portswitch port trunk allow-pass vlan 10 # interface GigabitEthernet1/0/1 undo shutdown portswitch port trunk allow-pass vlan 10 # interface GigabitEthernet1/0/2 undo shutdown portswitch port default vlan 10 # cfm md md1 ma ma1 map vlan 10 mep mep-id 30 interface GigabitEthernet1/0/0 outward mep ccm-send mep-id 30 enable remote-mep mep-id 31 remote-mep ccm-receive mep-id 31 enable ma ma2 map vlan 10 mep mep-id 40 interface GigabitEthernet1/0/1 outward mep ccm-send mep-id 40 enable remote-mep mep-id 41 remote-mep ccm-receive mep-id 41 enable return

Configuration file of PE1.


# sysname PE1 # bfd # mpls lsr-id 1.1.1.1 mpls mpls te mpls rsvp-te mpls te cspf # mpls l2vpn # pw-template 1to2 peer-address 2.2.2.2 control-word vccv cc cw cv lsp-ping bfd # pw-template 1to3 peer-address 3.3.3.3

Issue 03 (2008-09-22)

Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd.

6-263

6 PWE3 Configuration

Quidway NetEngine80E/40E Core Router Configuration Guide - VPN


control-word vccv cc cw cv lsp-ping bfd # mpls ldp # mpls ldp remote-peer 3.3.3.3 remote-ip 3.3.3.3 # interface GigabitEthernet1/0/0 undo shutdown # interface GigabitEthernet1/0/0.1 vlan-type dot1q 10 mpls l2vc pw-template 1to3 100 tunnel-policy p1 mpls l2vc pw-template 1to2 200 secondary # interface Pos2/0/1 link-protocol ppp undo shutdown ip address 100.13.1.1 255.255.255.252 mpls mpls te mpls te max-link-bandwidth 50 mpls te max-reservable-bandwidth 30 mpls rsvp-te # interface Pos2/0/2 link-protocol ppp undo shutdown ip address 100.12.1.1 255.255.255.252 mpls mpls ldp # interface LoopBack1 ip address 1.1.1.1 255.255.255.255 # interface Tunnel2/0/0 ip address unnumbered interface LoopBack1 tunnel-protocol mpls te destination 3.3.3.3 mpls te tunnel-id 13 mpls te bandwidth bc0 20 mpls te commit # ospf 1 opaque-capability enable area 0.0.0.0 network 1.1.1.1 0.0.0.0 network 100.13.1.0 0.0.0.3 network 100.12.1.0 0.0.0.3 mpls-te enable # tunnel-policy p1 tunnel select-seq cr-lsp load-balance-number 1 # bfd 1to2 bind pw interface GigabitEthernet1/0/0.1 secondary discriminator local 12 discriminator remote 21 commit # bfd 1to3 bind pw interface GigabitEthernet1/0/0.1 discriminator local 13 discriminator local 31 commit # return

Configuration file of the P device.


# sysname P

6-264

Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd.

Issue 03 (2008-09-22)

Quidway NetEngine80E/40E Core Router Configuration Guide - VPN


# mpls lsr-id 4.4.4.4 mpls mpls te mpls rsvp-te # interface Pos2/0/1 link-protocol ppp undo shutdown ip address 100.13.1.2 255.255.255.252 mpls mpls te mpls te max-link-bandwidth 50 mpls te max-reservable-bandwidth 30 mpls rsvp-te # interface Pos2/0/2 link-protocol ppp undo shutdown ip address 100.34.1.1 255.255.255.252 mpls mpls te mpls te max-link-bandwidth 50 mpls te max-reservable-bandwidth 30 mpls rsvp-te # interface LoopBack1 ip address 4.4.4.4 255.255.255.255 # ospf 1 opaque-capability enable area 0.0.0.0 network 100.13.1.0 0.0.0.3 network 100.34.1.0 0.0.0.3 network 4.4.4.4 0.0.0.0 mpls-te enable # return l

6 PWE3 Configuration

Configuration file of PE3.


# sysname PE3 # cfm enable # bfd # mpls lsr-id 3.3.3.3 mpls mpls te mpls rsvp-te mpls te cspf # mpls l2vpn # pw-template 3to1 peer-address 1.1.1.1 control-word vccv cc cw cv lsp-ping bfd # mpls ldp # mpls ldp remote-peer 1.1.1.1 remote-ip 1.1.1.1 # interface GigabitEthernet1/0/0 undo shutdown # interface GigabitEthernet1/0/0.1 vlan-type dot1q 10

Issue 03 (2008-09-22)

Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd.

6-265

6 PWE3 Configuration

Quidway NetEngine80E/40E Core Router Configuration Guide - VPN


mpls l2vc pw-template 3to1 100 tunnel-policy p1 # interface Pos2/0/1 link-protocol ppp undo shutdown ip address 100.34.1.2 255.255.255.252 mpls mpls te mpls te max-link-bandwidth 50 mpls te max-reservable-bandwidth 30 mpls rsvp-te # interface LoopBack1 ip address 3.3.3.3 255.255.255.255 # interface Tunnel2/0/0 ip address unnumbered interface LoopBack1 tunnel-protocol mpls te destination 1.1.1.1 mpls te tunnel-id 31 mpls te bandwidth bc0 20 mpls te commit # ospf 1 opaque-capability enable area 0.0.0.0 network 3.3.3.3 0.0.0.0 network 100.34.1.0 0.0.0.3 mpls-te enable # cfm md md1 ma ma1 map vlan 10 mep mep-id 31 interface GigabitEthernet1/0/0.1 outward mep ccm-send mep-id 31 enable remote-mep mep-id 30 remote-mep ccm-receive mep-id 30 enable # tunnel-policy p1 tunnel select-seq cr-lsp load-balance-number 1 # bfd 3to1 bind pw interface GigabitEthernet1/0/0.1 discriminator local 31 discriminator remote 13 commint # oam-mgr oam-bind cfm md md1 ma ma1 bfd-session 31 # return

Configuration file of PE2.


# sysname PE2 # efm enable # bfd # mpls lsr-id 2.2.2.2 mpls # mpls l2vpn # pw-template 2to1 peer-address 1.1.1.1 control-word vccv cc cw cv lsp-ping bfd # mpls ldp

6-266

Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd.

Issue 03 (2008-09-22)

Quidway NetEngine80E/40E Core Router Configuration Guide - VPN


# interface GigabitEthernet1/0/0 undo shutdown # interface GigabitEthernet1/0/0.1 vlan-type dot1q 10 mpls l2vc pw-template 2to1 200 # interface Pos2/0/1 link-protocol ppp undo shutdown ip address 100.12.1.2 255.255.255.252 mpls mpls ldp # interface LoopBack1 ip address 2.2.2.2 255.255.255.255 # ospf 1 area 0.0.0.0 network 2.2.2.2 0.0.0.0 network 100.12.1.0 0.0.0.3 # cfm md md1 ma ma1 map vlan 10 mep mep-id 41 interface GigabitEthernet1/0/0.1 outward mep ccm-send mep-id 41 enable remote-mep mep-id 40 remote-mep ccm-receive mep-id 40 enable # bfd 32to1 bind pw interface GigabitEthernet1/0/0.1 discriminator local 21 discriminator remote 12 commint # oam-mgr oam-bind cfm md md1 ma ma1 bfd-session 21 # return

6 PWE3 Configuration

6.14.16 Example for Configuring the PWE3 Internetworking


Networking Requirements
As shown in Figure 6-31, CE1 is linked to PE1 in the backbone through ATM; CE2 is linked to PE2 in the backbone through GE. This requires that a PWE3 with the internetworking capacity be configured.

Issue 03 (2008-09-22)

Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd.

6-267

6 PWE3 Configuration

Quidway NetEngine80E/40E Core Router Configuration Guide - VPN

Figure 6-31 PWE3 internetworking


Loopback1 1.1.1.1/32 Loopback1 2.2.2.2/32

MPLS Backbone
POS1/0/0 10.1.1.2/24

POS2/0/0 10.1.1.1/24 ATM1/0/0 100.1.1.2/24

PE2
GE2/0/0 100.1.1.1/24 GE1/0/0 100.1.1.2/24

PE1
ATM1/0/0 100.1.1.1/24

PW100

CE1

CE2

Configuring Roadmap
The configuration roadmap is as follows: 1. 2. 3. 4. 5. 6. Configure the IGP protocol on routers of the PSN backbone network. Enable MPLS on the PE. Set up the tunnel according to the tunnel policy. Create the static or dynamic MPLS L2VC connection on the PE. Create a PVC and configure IPoA mapping of PVC. Configure local-ce mac or local-ce ip on PE2 since the AC is Ethernet.

Data Preparation
To complete the configuration, you need the following data.
l l l

MPLS LSR ID L2VC IDs at both ends of PW (They are the same.) VPI/VCI value of PVC on AM 1/0/0 of PE1 and that of CE1 (They are the same.)

Configuration Procedure
1. Configure IP address for the interfaces and VC for ATM.
NOTE

l l

VPI/VCI of both ends of Virtual Chunnel must be consistent. When configuring the PWE3 internetworking on PE, the IP address of the interface connected to AC must be configured as the IP address of the interface of destination CE, which is also connected to AC. This is shown in Figure 6-31.

# Configure CE1.
<Quidway> system-view [Quidway] sysname CE1 [CE1] interface atm1/0/0 [CE1-Atm1/0/0] ip address 100.1.1.1 24 [CE1-Atm1/0/0] pvc 100/200 [CE1-atm-pvc-Atm1/0/0-100/200] map ip 100.1.1.2 [CE1-atm-pvc-Atm1/0/0-100/200] quit [CE1-Atm1/0/0] undo shutdown

6-268

Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd.

Issue 03 (2008-09-22)

Quidway NetEngine80E/40E Core Router Configuration Guide - VPN


[CE1-Atm1/0/0] quit

6 PWE3 Configuration

# Configure PE1.
<Quidway> system-view [Quidway] sysname PE1 [PE1] interface atm1/0/0 [PE1-Atm1/0/0] pvc 100/200 [PE1-atm-pvc-Atm1/0/0-100/200] quit [PE1-Atm1/0/0] undo shutdown [PE1-Atm1/0/0] quit [PE1] interface pos 2/0/0 [PE1-Pos2/0/0] ip address 10.1.1.1 24 [PE1-Pos2/0/0] undo shutdown [PE1-Pos2/0/0] quit [PE1] interface loopback 1 [PE1-LoopBack1] ip address 1.1.1.1 32 [PE1-LoopBack1] quit

# Configure PE2.
<Quidway> system-view [Quidway] sysname PE2 [PE2] interface pos1/0/0 [PE2-Pos1/0/0] ip address 10.1.1.2 24 [PE2-Pos1/0/0] undo shutdown [PE2-Pos1/0/0] quit [PE2] interface loopback 1 [PE2-LoopBack1] ip address 2.2.2.2 32 [PE2-LoopBack1] quit [PE2] interface gigabitethernet2/0/0 [PE2-GigabitEthernet2/0/0] local-ce ip 100.1.1.2 [PE2-GigabitEthernet2/0/0] shutdown [PE2-GigabitEthernet2/0/0] undo shutdown [PE2-GigabitEthernet2/0/0] quit

# Configure CE2.
<Quidway> system-view [Quidway] sysname CE2 [CE2] interface gigabitethernet 1/0/0 [CE2-GigabitEthernet1/0/0] ip address 100.1.1.2 24 [CE2-GigabitEthernet1/0/0] undo shutdown [CE2-GigabitEthernet1/0/0] quit

The interfaces on both ends of each network segment can ping through each other. 2. Configuring protocols at network layer Configure the network layer protocol to ensure the PEs of the backbone can communicate. In this example, OSPF is adopted. The configuration procedure is not mentioned here. # Configure PE1.
[PE1] ospf 1 [PE1-ospf-1] area 0 [PE1-ospf-1-area-0.0.0.0] network 1.1.1.1 0.0.0.0 [PE1-ospf-1-area-0.0.0.0] network 10.1.1.0 0.0.0.255

# Configure PE2.
[PE2] ospf 1 [PE2-ospf-1] area 0 [PE2-ospf-1-area-0.0.0.0] network 2.2.2.2 0.0.0.0 [PE2-ospf-1-area-0.0.0.0] network 10.1.1.0 0.0.0.255

After the configuration, run the display ip routing-table command on PEs, and you can see that PE1 and PE2 have learnt the loopback address of each other. Take the display of PE1 as an example:
<PE1> display ip routing-table Route Flags: R - relied, D - download to fib -----------------------------------------------------------------------------Routing Tables: Public Destinations : 7 Routes : 7

Issue 03 (2008-09-22)

Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd.

6-269

6 PWE3 Configuration
Destination/Mask 1.1.1.1/32 2.2.2.2/32 10.1.1.0/24 10.1.1.1/32 10.1.1.2/32 127.0.0.0/8 127.0.0.1/32 Proto Direct OSPF Direct Direct Direct Direct Direct Pre 0 10 0 0 0 0 0 Cost 0 2 0 0 0 0 0

Quidway NetEngine80E/40E Core Router Configuration Guide - VPN


Flags D D D D D D D NextHop 127.0.0.1 10.1.1.2 10.1.1.1 127.0.0.1 10.1.1.2 127.0.0.1 127.0.0.1 Interface InLoopBack0 Pos2/0/0 Pos2/0/0 InLoopBack0 Pos2/0/0 InLoopBack0 InLoopBack0

3.

Configure MPLS for PSN backbone and set up the tunnel. # Enable MPLS, and specify LSR ID as the IP address of loopback 1.Enable MPLS and MPLS LDP for the interfaces in the backbone. # Configure PE1.
[PE1] mpls lsr-id 1.1.1.1 [PE1] mpls [PE1-mpls] quit [PE1] mpls ldp [PE1-mpls-ldp] quit [PE1] interface pos2/0/0 [PE1-Pos2/0/0] mpls [PE1-Pos2/0/0] mpls ldp [PE1-Pos2/0/0] quit

# Configure PE2.
[PE2] mpls lsr-id 2.2.2.2 [PE2] mpls [PE2-mpls] quit [PE2] mpls ldp [PE2-mpls-ldp] quit [PE2] interface pos 1/0/0 [PE2-Pos1/0/0] mpls [PE2-Pos1/0/0] mpls ldp [PE2-Pos1/0/0] quit

After the configuration, run the display tunnel-info all command on PEs, and you can see that there is an MPLS LSP tunnel between PE1 and PE2. Take the display of PE1 as an example.
<PE1> display tunnel-info all * -> Allocated VC Token Tunnel ID Type Destination Token ---------------------------------------------------------------------0x2002000 lsp 2.2.2.2 0

Run the display mpls ldp session command on PEs, and you can see that the status of the LDP peer relationship between PE1 and PE2 is Operational. Take the display of PE1 as an example:
<PE1> display mpls ldp session LDP Session(s) in Public Network -----------------------------------------------------------------------------Peer-ID Status LAM SsnRole SsnAge KA-Sent/Rcv -----------------------------------------------------------------------------2.2.2.2:0 Operational DU Passive 000:00:01 6/6 -----------------------------------------------------------------------------TOTAL: 1 session(s) Found. LAM : Label Advertisement Mode SsnAge Unit : DDD:HH:MM

4.

Enable MPLS L2VPN and configure the L2VC connection. # Configure PE1.
[PE1] mpls l2vpn [PE1-l2vpn] quit [PE1] interface atm 1/0/0 [PE1-Atm1/0/0] mpls l2vc 2.2.2.2 100 ip-interworking

6-270

Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd.

Issue 03 (2008-09-22)

Quidway NetEngine80E/40E Core Router Configuration Guide - VPN


[PE1-Atm1/0/0] quit

6 PWE3 Configuration

# Configure PE2.
[PE2] mpls l2vpn [PE2-l2vpn] quit [PE2] interface gigabitethernet 2/0/0 [PE1-GigabitEthernet2/0/0] mpls l2vc 1.1.1.1 100 ip-interworking [PE1-GigabitEthernet2/0/0] quit

5.

Verify the configuration. After the above configuration, a PW has been set up between each pair of PEs. Execute the display mpls l2vc command on PE. You can find that the "VC state" in displayed is "up". Take PE1 as an example:
<PE1> display mpls l2vc interface atm 1/0/0 *client interface : Atm1/0/0 is up session state : up AC state : up VC state : up VC ID : 100 VC type : IP-interworking destination : 2.2.2.2 local group ID : 0 remote group ID : 0 local VC label : 21504 remote VC label : 21504 local AC OAM State : up local PSN State : up local forwarding state : forwarding remote AC OAM state : up remote PSN state : up remote forwarding state: forwarding BFD for PW : unavailable manual fault : not set active state : active forwarding entry : exist link state : up local VC MTU : 1500 remote VC MTU : 1500 local VCCV : Disable remote VCCV : Disable local fragmentantion : disable remote fragmentantion: disable local control word : disable remote control word : disable tunnel policy : -traffic behavior : -PW template name : -primary or secondary : primary VC tunnel/token info : 1 tunnels/tokens NO.0 TNL type : lsp , TNL ID : 0x2002000 create time : 0 days, 0 hours, 4 minutes, 29 seconds up time : 0 days, 0 hours, 3 minutes, 54 seconds last change time : 0 days, 0 hours, 3 minutes, 54 seconds

CEs can ping through each other. Take CE2 pinging CE1 as an example.
<CE2> ping 100.1.1.1 PING 100.1.1.1: 56 data bytes, press CTRL_C to break Reply from 100.1.1.1: bytes=56 Sequence=1 ttl=254 time=125 Reply from 100.1.1.1: bytes=56 Sequence=2 ttl=254 time=125 Reply from 100.1.1.1: bytes=56 Sequence=3 ttl=254 time=125 Reply from 100.1.1.1: bytes=56 Sequence=4 ttl=254 time=125 Reply from 100.1.1.1: bytes=56 Sequence=5 ttl=254 time=125 ms ms ms ms ms

Configuration Files
l

Configuration file of CE1


# sysname CE1 # interface Atm1/0/0

Issue 03 (2008-09-22)

Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd.

6-271

6 PWE3 Configuration
undo shutdown ip address 100.1.1.1 255.255.255.0 pvc 100/200 map ip 100.1.1.2 # return l

Quidway NetEngine80E/40E Core Router Configuration Guide - VPN

Configuration file of PE1


# sysname PE1 # mpls lsr-id 1.1.1.1 mpls # mpls l2vpn # mpls ldp # interface Pos2/0/0 link-protocol ppp undo shutdown ip address 10.1.1.1 255.255.255.0 mpls mpls ldp # interface Atm1/0/0 undo shutdown ip address 100.1.1.2 255.255.255.0 pvc 100/200 mpls l2vc 2.2.2.2 100 ip-interworking # interface LoopBack1 ip address 1.1.1.1 255.255.255.255 # ospf 1 area 0.0.0.0 network 1.1.1.1 0.0.0.0 network 10.1.1.0 0.0.0.255 # return

Configuration file of PE2


# sysname PE2 # mpls lsr-id 2.2.2.2 mpls # mpls l2vpn # mpls ldp # interface GigabitEthernet2/0/0 undo shutdown local-ce ip 100.1.1.2 mpls l2vc 1.1.1.1 100 ip-interworking # interface Pos1/0/0 link-protocol ppp undo shutdown ip address 10.1.1.2 255.255.255.0 mpls mpls ldp # interface LoopBack1 ip address 2.2.2.2 255.255.255.255 # ospf 1 area 0.0.0.0 network 2.2.2.2 0.0.0.0

6-272

Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd.

Issue 03 (2008-09-22)

Quidway NetEngine80E/40E Core Router Configuration Guide - VPN


network 10.1.1.0 0.0.0.255 # return l

6 PWE3 Configuration

Configuration file of CE2


# sysname CE2 # interface GigabitEthernet1/0/0 undo shutdown ip address 100.1.1.2 255.255.255.0 # return

6.14.17 Example for Configuring Inter-AS PWE3-Option A


Networking Requirements
As shown in Figure 6-32, it is required to realize the inter-AS MPLS PWE3 using Option A. Figure 6-32 Networking diagram for inter-AS PWE3-Option A
MPLS backbone AS 100
Loopback0 1.1.1.9/32 POS2/0/0 10.1.1.1/24 Loopback0 2.2.2.9/32

MPLS backbone AS 200


Loopback0 3.3.3.9/32 POS2/0/0 POS1/0/0 POS2/0/0 30.1.1.1/24 POS1/0/0 30.1.1.2/24 POS2/0/0 Loopback0 4.4.4.9/32

PE1

POS1/0/0 10.1.1.2/24 POS1/0/0

ASBR -PE1

ASBR -PE2

PE2

POS1/0/0 100.1.1.1/24

POS1/0/0 100.1.1.2/24

CE1

CE2

The MPLS backbone networks within the same AS use IS-IS as the IGP protocol.

Configuration Roadmap
The configuration roadmap is as follows: 1. 2. Configure the IGP for the backbone. Configure the basic MPLS functions on the backbone and set up dynamic LSP tunnel between the PE and the ASBR-PE of the same AS. Set up the LDP remote session if the PE and the ASBR-PE are not directly connected. Create the MPLS L2VC connection between a PE and an ASBR PE in an AS.

3.

Issue 03 (2008-09-22)

Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd.

6-273

6 PWE3 Configuration

Quidway NetEngine80E/40E Core Router Configuration Guide - VPN

Data Preparation
To complete the configuration, you need the following data:
l l

Data for configuring IS-IS. IP addresses of the remote peers. (The specified IP address for a remote peer is usually the IP address of its loopback interface.) MPLS LSR-IDs of PEs and ASBR-PEs. The specified MPLS LSR-ID of PE or ASBR-PE is the IP address of the local loopback interface. L2VC-ID

Configuration Procedure
1. Configure the IGP on the MPLS backbone. Configure the IGP protocol for the MPLS backbone so that PEs and ASBR-PEs in the backbone can internetwork. Take IS-IS for an example. The configuration details are not mentioned here. After the configuration, the IS-IS neighbor relationship should have been set up between ASBR-PEs and PEs in the local ASs. Run the display isis peer command, and you can see the status of the neighbor relationship is Up. Take the display of ASBR-PE1 as an example.
<ASBR-PE1> display isis peer Peer information for ISIS(1) ---------------------------System Id Interface Circuit Id State HoldTime Type 0000.0000.0001 P1/0/0 0000000002 Up 28s L1L2 Total Peer(s): 1

PRI --

Run the display ip routing-table command, and you can see that PEs and ASBR-PEs in each corresponding AS have learnt the loopback addresses of each other. Take the display of ASBR-PE1 as an example.
<ASBR-PE1> display ip routing-table Route Flags: R - relied, D - download to fib -----------------------------------------------------------------------------Routing Tables: Public Destinations : 7 Routes : 7 Destination/Mask Proto Pre Cost Flags NextHop Interface 1.1.1.9/32 ISIS 15 10 D 10.1.1.1 Pos1/0/0 2.2.2.9/32 Direct 0 0 D 127.0.0.1 InLoopBack0 10.1.1.0/24 Direct 0 0 D 10.1.1.2 Pos1/0/0 10.1.1.1/32 Direct 0 0 D 10.1.1.1 Pos1/0/0 10.1.1.2/32 Direct 0 0 D 127.0.0.1 InLoopBack0 127.0.0.0/8 Direct 0 0 D 127.0.0.1 InLoopBack0 127.0.0.1/32 Direct 0 0 D 127.0.0.1 InLoopBack0

An ASBR-PE and a PE in the local AS can ping each other successfully. 2. Enable MPLS, configure the dynamic LSP, and set up MPLS LDP remote session. Configure basic MPLS functions for the MPLS backbone. Set up dynamic LDP LSP between a PE and an ASBR-PE in the same AS. After the configuration, an LSP tunnel is set up between each PE and ASBR-PE in the same AS. Take ASBR-PE1 as an example:
<ASBR-PE1> display mpls ldp session LDP Session(s) in Public Network ------------------------------------------------------------------------------

6-274

Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd.

Issue 03 (2008-09-22)

Quidway NetEngine80E/40E Core Router Configuration Guide - VPN


Peer-ID Status LAM SsnRole SsnAge

6 PWE3 Configuration
KA-Sent/Rcv

-----------------------------------------------------------------------------1.1.1.9:0 Operational DU Active 000:00:19 79/79 -----------------------------------------------------------------------------TOTAL: 1 session(s) Found. LAM : Label Advertisement Mode SsnAge Unit : DDD:HH:MM

3.

Configure the MPLS L2VC connection. Configure the L2VC connection between the PE and the ASBR PE.
NOTE

PWE3 does not support P2MP. If the MPLS L2VC is created on an ATM sub-interface, the ATM sub-interface must be a P2P interface. For configuring transparent ATM cell transport, however, there is no such restriction.

# Configure PE1.
[PE1] mpls l2vpn [PE1-l2vpn] quit [PE1] interface pos1/0/0 [PE1-Pos1/0/0] mpls l2vc 2.2.2.9 100 [PE1-Pos1/0/0] undo shutdown [PE1-Pos1/0/0] quit

# Configure ASBR-PE1.
[ASBR-PE1] mpls l2vpn [ASBR-PE1-l2vpn] quit [ASBR-PE1] interface pos2/0/0 [ASBR-PE1-Pos2/0/0] mpls l2vc 1.1.1.9 100 [ASBR-PE1-Pos2/0/0] undo shutdown [ASBR-PE1-Pos2/0/0] quit

# Configure ASBR-PE2.
[ASBR-PE2] mpls l2vpn [ASBR-PE2-l2vpn] quit [ASBR-PE2] interface pos1/0/0 [ASBR-PE2-Pos1/0/0] mpls l2vc 4.4.4.9 100 [ASBR-PE2-Pos1/0/0] undo shutdown [ASBR-PE2-Pos1/0/0] quit

# Configure PE2.
[PE2] mpls l2vpn [PE2-l2vpn] quit [PE2] interface pos2/0/0 [PE2-Pos2/0/0] mpls l2vc 3.3.3.9 100 [PE2-Pos2/0/0] undo shutdown [PE2-Pos2/0/0] quit

# Configure CE1.
[CE1] interface pos1/0/0 [CE1-Pos1/0/0] ip address 100.1.1.1 255.255.255.0 [CE1-Pos1/0/0] undo shutdown [CE1-Pos1/0/0] quit

# Configure CE2.
[CE2] interface pos1/0/0 [CE2-Pos1/0/0] ip address 100.1.1.2 255.255.255.0 [CE2-Pos1/0/0] undo shutdown [CE2-Pos1/0/0] quit

4.

Verify the configuration. Check information about the L2VPN connection on the PE. You can view that an L2VC is set up and the VC status is Up. Take PE1 as an example:
<PE1> display mpls l2vc interface pos 1/0/0

Issue 03 (2008-09-22)

Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd.

6-275

6 PWE3 Configuration

Quidway NetEngine80E/40E Core Router Configuration Guide - VPN


*client interface : Pos1/0/0 is up session state : up AC state : up VC state : up VC ID : 100 VC type : PPP destination : 2.2.2.9 local group ID : 0 remote group ID : 0 local VC label : 21505 remote VC label : 21505 local AC OAM State : up local PSN State : up local forwarding state : forwarding remote AC OAM state : up remote PSN state : up remote forwarding state: forwarding BFD for PW : unavailable manual fault : not set active state : active forwarding entry : exist link state : up local VC MTU : 1500 remote VC MTU : 1500 local VCCV : Disable remote VCCV : Disable local fragmentantion : disable remote fragmentantion: disable local control word : disable remote control word : disable tunnel policy : -traffic behavior : -PW template name : -primary or secondary : primary VC tunnel/token info : 1 tunnels/tokens NO.0 TNL type : lsp , TNL ID : 0x2002001 create time : 0 days, 0 hours, 8 minutes, 8 seconds up time : 0 days, 0 hours, 7 minutes, 26 seconds last change time : 0 days, 0 hours, 7 minutes, 26 seconds <ASBR-PE2> display mpls l2vc interface pos 1/0/0 *client interface : Pos1/0/0 is up session state : up AC state : up VC state : up VC ID : 100 VC type : PPP destination : 4.4.4.9 local group ID : 0 remote group ID : 0 local VC label : 21505 remote VC label : 21505 local AC OAM State : up local PSN State : up local forwarding state : forwarding remote AC OAM state : up remote PSN state : up remote forwarding state: forwarding BFD for PW : unavailable manual fault : not set active state : active forwarding entry : exist link state : up local VC MTU : 4470 remote VC MTU : 4470 local VCCV : Disable remote VCCV : Disable local fragmentantion : disable remote fragmentantion: disable local control word : disable remote control word : disable tunnel policy : -traffic behavior : -PW template name : -primary or secondary : primary VC tunnel/token info : 1 tunnels/tokens NO.0 TNL type : lsp , TNL ID : 0x2002001 create time : 0 days, 0 hours, 8 minutes, 7 seconds up time : 0 days, 0 hours, 7 minutes, 26 seconds last change time : 0 days, 0 hours, 7 minutes, 26 seconds

6-276

Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd.

Issue 03 (2008-09-22)

Quidway NetEngine80E/40E Core Router Configuration Guide - VPN

6 PWE3 Configuration

CE1 and CE2 can ping through each other. Take the display of CE1 as an example:
<CE1> ping 100.1.1.2 PING 100.1.1.2: 56 data bytes, press CTRL_C to break Reply from 100.1.1.2: bytes=56 Sequence=1 ttl=255 time=430 Reply from 100.1.1.2: bytes=56 Sequence=2 ttl=255 time=220 Reply from 100.1.1.2: bytes=56 Sequence=3 ttl=255 time=190 Reply from 100.1.1.2: bytes=56 Sequence=4 ttl=255 time=190 Reply from 100.1.1.2: bytes=56 Sequence=5 ttl=255 time=190 --- 100.1.1.2 ping statistics --5 packet(s) transmitted 5 packet(s) received 0.00% packet loss round-trip min/avg/max = 190/244/430 ms ms ms ms ms ms

Configuration Files
l

Configuration file of CE1


# sysname CE1 # interface Pos1/0/0 link-protocol ppp undo shutdown ip address 100.1.1.1 255.255.255.0 # return

Configuration file of PE1


# sysname PE1 # mpls lsr-id 1.1.1.9 mpls # mpls l2vpn # mpls ldp # isis 1 network-entity 10.0000.0000.0001.00 # interface Pos1/0/0 link-protocol ppp undo shutdown mpls l2vc 2.2.2.9 100 # interface Pos2/0/0 link-protocol ppp undo shutdown ip address 10.1.1.1 255.255.255.0 isis enable 1 mpls mpls ldp # interface LoopBack0 ip address 1.1.1.9 255.255.255.255 isis enable 1 # return

Configuration file of ASBR-PE1


# sysname ASBR-PE1 # mpls lsr-id 2.2.2.9 mpls

Issue 03 (2008-09-22)

Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd.

6-277

6 PWE3 Configuration
# mpls l2vpn # mpls ldp # isis 1 network-entity 10.0000.0000.0002.00 # interface Pos1/0/0 link-protocol ppp undo shutdown ip address 10.1.1.2 255.255.255.0 isis enable 1 mpls mpls ldp # interface Pos2/0/0 link-protocol ppp undo shutdown mpls l2vc 1.1.1.9 100 # interface LoopBack0 ip address 2.2.2.9 255.255.255.255 isis enable 1 # return l

Quidway NetEngine80E/40E Core Router Configuration Guide - VPN

Configuration file of ASBR-PE2


# sysname ASBR-PE2 # mpls lsr-id 3.3.3.9 mpls # mpls l2vpn # mpls ldp # isis 1 network-entity 10.0000.0000.0003.00 # interface Pos1/0/0 link-protocol ppp undo shutdown mpls l2vc 4.4.4.9 100 # interface Pos2/0/0 link-protocol ppp undo shutdown ip address 30.1.1.1 255.255.255.0 isis enable 1 mpls mpls ldp # interface LoopBack0 ip address 3.3.3.9 255.255.255.255 isis enable 1 # return

Configuration file of PE2


# sysname PE2 # mpls lsr-id 4.4.4.9 mpls # mpls l2vpn # mpls ldp

6-278

Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd.

Issue 03 (2008-09-22)

Quidway NetEngine80E/40E Core Router Configuration Guide - VPN


# isis 1 network-entity 10.0000.0000.0004.00 # interface Pos1/0/0 link-protocol ppp undo shutdown ip address 30.1.1.2 255.255.255.0 isis enable 1 mpls mpls ldp # interface Pos2/0/0 link-protocol ppp undo shutdown mpls l2vc 3.3.3.9 100 # interface LoopBack0 ip address 4.4.4.9 255.255.255.255 isis enable 1 # return l

6 PWE3 Configuration

Configuration file of CE2


# sysname CE2 # interface Pos1/0/0 link-protocol ppp undo shutdown ip address 100.1.1.2 255.255.255.0 # return

6.14.18 Example for Configuring Inter-AS PWE3-OptionC


Networking Requirements
In Figure 6-33, the inter-AS BGP/MPLS PWE3 is realized by using Option C. The single-hop PW is set up between PEs of different ASs. The ASBRs do not maintain information about the PW and do not perform the PW switching. The routers in the same AS of MPLS enabled PSN backbone run IS-IS as IGP to realize interconnectivity.

Issue 03 (2008-09-22)

Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd.

6-279

6 PWE3 Configuration

Quidway NetEngine80E/40E Core Router Configuration Guide - VPN

Figure 6-33 Networking diagram of inter-AS PWE3-OptionC


BGP/MPLS Backbone AS 100
Loopback0 1.1.1.9/32 POS2/0/0 10.1.1.1/24 Loopback0 2.2.2.9/32 POS2/0/0 20.1.1.1/24

BGP/MPLS Backbone AS 200


Loopback0 3.3.3.9/32 POS2/0/0 30.1.1.1/24 POS1/0/0 20.1.1.2/24 POS1/0/0 30.1.1.2/24 POS2/0/0 Loopback0 4.4.4.9/32

PE1

POS1/0/0 10.1.1.2/24 POS1/0/0

ASBR -PE1

ASBR -PE2

PE2

POS1/0/0 100.1.1.1/24

POS1/0/0 100.1.1.2/24

CE1

CE2

Configuration Roadmap
The configuration roadmap is as follows: 1. 2. 3. 4. 5. 6. Run the same IGP on routers of the same AS on the PSN backbone to realize interconnectivity of routers of the same AS. Configure MPLS on routers in PSN backbone and set up a dynamic LSP between PE and ASBR-PE of the same AS. Establish IBGP peer relationship between PE and ASBR-PE of the same AS and establish EBGP peer relationship between each pair of ASBR-PEs. Configure the routing policy on each ASBR-PE and enable the labeled routing. Set up MPLS LDP remote peer relationship between PE1and PE2. Create the MPLS L2VC connection between PE1 and PE2.

Data Preparation
To complete the configuration, you need the following data.
l l

Data for IS-IS IP addresses of the remote peers. (The specified IP address for a remote peer is usually the IP address of its loopback interface.) MPLS LSR-IDs of PE and ASBR-PE. (The specified MPLS LSR-ID of PE or ASBR-PE is the IP address of the local loopback interface.) L2VC-ID Route policy on ASBR-PE

l l

Configuration Procedure
1. Configure the IGP protocol for the backbone. Configure the IGP protocol for the MPLS backbone so that PEs and Ps in the backbone can internetwork. Take IS-IS for an example.
6-280 Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd. Issue 03 (2008-09-22)

Quidway NetEngine80E/40E Core Router Configuration Guide - VPN

6 PWE3 Configuration

The configuration details are not mentioned here. Make sure that IS-IS is also enable on loopback 0. After the configuration, the IS-IS neighbor relationship should have been set up between each PE and ASBR-PE in the same AS. Run the display isis peer command, and you can see the status of the neighbor relationship is Up. Take the display of PE1 as an example:
<PE1> display isis peer Peer information for ISIS(1) ---------------------------System Id Interface Circuit Id State HoldTime Type 0000.0000.0002 P2/0/0 0000000002 Up 24s L1L2 Total Peer(s): 1 PRI --

Run the display ip routing-table command, and you can see that PEs and ASBR-PEs in each corresponding zone have learnt the loopback addresses of each other. Take the display of PE1 as an example:
<PE1> display ip routing-table Route Flags: R - relied, D - download to fib -----------------------------------------------------------------------------Routing Tables: Public Destinations : 7 Routes : 7 Destination/Mask Proto Pre Cost Flags NextHop Interface 1.1.1.9/32 Direct 0 0 D 127.0.0.1 InLoopBack0 2.2.2.9/32 ISIS 15 10 D 10.1.1.2 Pos2/0/0 10.1.1.0/24 Direct 0 0 D 10.1.1.1 Pos2/0/0 10.1.1.1/32 Direct 0 0 D 127.0.0.1 InLoopBack0 10.1.1.2/32 Direct 0 0 D 10.1.1.2 Pos2/0/0 127.0.0.0/8 Direct 0 0 D 127.0.0.1 InLoopBack0 127.0.0.1/32 Direct 0 0 D 127.0.0.1 InLoopBack0

ASBR-PEs and PEs in the same AS can ping through the loopback 0 interface of each other.Take ASBR-PE1 as an example:
<ASBR-PE1> ping 1.1.1.9 PING 1.1.1.9: 56 data bytes, press CTRL_C to break Reply from 1.1.1.9: bytes=56 Sequence=1 ttl=255 time=47 Reply from 1.1.1.9: bytes=56 Sequence=2 ttl=255 time=31 Reply from 1.1.1.9: bytes=56 Sequence=3 ttl=255 time=31 Reply from 1.1.1.9: bytes=56 Sequence=4 ttl=255 time=31 Reply from 1.1.1.9: bytes=56 Sequence=5 ttl=255 time=31 --- 1.1.1.9 ping statistics --5 packet(s) transmitted 5 packet(s) received 0.00% packet loss round-trip min/avg/max = 31/34/47 ms ms ms ms ms ms

2.

Enable MPLS and set up LSP tunnels. Enable MPLS on PEs and ASBR-PEs in the same AS, and set up LDP LSPs. The configuration details are not mentioned here. After the configuration, the LDP neighbor relationship should have been set up between each PE and ASBR-PE in the same AS zone. Run the display mpls ldp session command on PEs and ASBR-PEs, and you can see that the Session State is Operational. Take PE1 as an example:
<PE1> display mpls ldp session LDP Session(s) in Public Network --------------------------------------------------------------------Peer-ID Status LAM SsnRole SsnAge KA-Sent/Rcv ---------------------------------------------------------------------2.2.2.9:0 Operational DU Passive 000:00:00 2/2 ---------------------------------------------------------------------TOTAL: 1 session(s) Found LAM : Label Advertisement Mode SsnAge Unit : DDD:HH:MM

Issue 03 (2008-09-22)

Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd.

6-281

6 PWE3 Configuration

Quidway NetEngine80E/40E Core Router Configuration Guide - VPN

3.

Configure MP-BGP. Configure MP-IBGP between PE1 and ASBR-PE1, and PE2 and ASBR-PE2.Configure MP-IBGP between ASBR-PE1 and ASBR-PE2. Make sure that loopback 0 route of PEs in the local AS are advertised to the peer ASBRPEs.
NOTE

If the link between ASBR-PEs is not of P2P type, ASBR-PEs should advertise to the peer ASBRPEs the network segments between them.

# Configure PE1.
[PE1] bgp [PE1-bgp] [PE1-bgp] [PE1-bgp] [PE1-bgp] 100 peer 2.2.2.9 as-number 100 peer 2.2.2.9 label-route-capability peer 2.2.2.9 connect-interface loopback0 quit

# Configure ASBR-PE1. When advertising the routes received from PEs in the local AS to the peer ASBR PEs, the local ASBR PE allocates MPLS labels to the routes. If the routes advertised to PEs in the local AS are labeled IPv4 routes, the local ASBR PE allocates MPLS labels to them.
[ASBR-PE1] interface pos 2/0/0 [ASBR-PE1-Pos2/0/0] mpls [ASBR-PE1-Pos2/0/0] undo shutdown [ASBR-PE1-Pos2/0/0] quit [ASBR-PE1] route-policy policy1 permit node 1 [ASBR-PE1-route-policy] if-match mpls-label [ASBR-PE1-route-policy] apply mpls-label [ASBR-PE1-route-policy] quit [ASBR-PE1] route-policy policy2 permit node 1 [ASBR-PE1-route-policy] apply mpls-label [ASBR-PE1-route-policy] quit [ASBR-PE1] bgp 100 [ASBR-PE1-bgp] network 1.1.1.9 32 [ASBR-PE1-bgp] peer 1.1.1.9 as-number 100 [ASBR-PE1-bgp] peer 1.1.1.9 route-policy policy1 export [ASBR-PE1-bgp] peer 1.1.1.9 label-route-capability [ASBR-PE1-bgp] peer 1.1.1.9 connect-interface loopback0 [ASBR-PE1-bgp] peer 20.1.1.2 as-number 200 [ASBR-PE1-bgp] peer 20.1.1.2 route-policy policy2 export [ASBR-PE1-bgp] peer 20.1.1.2 label-route-capability [ASBR-PE1-bgp] peer 20.1.1.2 connect-interface pos2/0/0 [ASBR-PE1-bgp] quit

# Configure ASBR-PE2. When advertising the routes received from PEs in the local ASs to the peer ASBR PEs, the local ASBR PE allocates MPLS labels to the routes. If the routes advertised to PEs in the local ASs are labeled IPv4 routes, the local ASBR PE allocates MPLS labels to them.
[ASBR-PE2] interface pos 1/0/0 [ASBR-PE2-Pos1/0/0] mpls [ASBR-PE2-Pos1/0/0] undo shutdown [ASBR-PE2-Pos1/0/0] quit [ASBR-PE2] route-policy policy1 permit node 1 [ASBR-PE2-route-policy] if-match mpls-label [ASBR-PE2-route-policy] apply mpls-label [ASBR-PE2-route-policy] quit [ASBR-PE2] route-policy policy2 permit node 1 [ASBR-PE2-route-policy] apply mpls-label [ASBR-PE2-route-policy] quit [ASBR-PE2-bgp] bgp 200 [ASBR-PE2-bgp] network 4.4.4.9 32 [ASBR-PE2-bgp] peer 20.1.1.1 as-number 100 [ASBR-PE2-bgp] peer 20.1.1.1 route-policy policy2 export [ASBR-PE2-bgp] peer 20.1.1.1 label-route-capability

6-282

Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd.

Issue 03 (2008-09-22)

Quidway NetEngine80E/40E Core Router Configuration Guide - VPN


[ASBR-PE2-bgp] [ASBR-PE2-bgp] [ASBR-PE2-bgp] [ASBR-PE2-bgp] [ASBR-PE2-bgp] [ASBR-PE2-bgp] peer peer peer peer peer quit 20.1.1.1 connect-interface pos1/0/0 4.4.4.9 as-number 200 4.4.4.9 route-policy policy1 export 4.4.4.9 label-route-capability 4.4.4.9 connect-interface loopback0

6 PWE3 Configuration

# Configure PE2.
[PE2] bgp [PE2-bgp] [PE2-bgp] [PE2-bgp] [PE2-bgp] 200 peer 3.3.3.9 as-number 200 peer 3.3.3.9 label-route-capability peer 3.3.3.9 connect-interface loopback0 quit

After the configuration, run the display bgp peer command on ASBRs, and you can see that the status of IBGP sessions between PEs and ASBR PEs of the same AS is Established; the status of EBGP sessions between and ASBR PEs is also Established.
<ASBR-PE1> display bgp peer BGP local router ID : 2.2.2.9 Local AS number : 100 Total number of peers : 2 Peer V AS MsgRcvd 1.1.1.9 4 100 14 20.1.1.2 4 200 16

MsgSent 17 18

Peers in established state : 2 OutQ Up/Down State PrefRcv 0 00:12:49 Established 0 0 00:12:57 Established 1

Run the display ip routing command on PEs, and you can see that PEs have the BGP routes to the loopback interfaces of the peer PEs. Take the display of PE1 as an example.
<PE1> display ip routing-table Route Flags: R - relied, D - download to fib -----------------------------------------------------------------------------Routing Tables: Public Destinations : 8 Routes : 8 Destination/Mask Proto Pre Cost Flags NextHop Interface 1.1.1.9/32 Direct 0 0 D 127.0.0.1 InLoopBack0 2.2.2.9/32 ISIS 15 10 D 10.1.1.2 Pos2/0/0 4.4.4.9/32 BGP 255 10 RD 2.2.2.9 Pos2/0/0 10.1.1.0/24 Direct 0 0 D 10.1.1.1 Pos2/0/0 10.1.1.1/32 Direct 0 0 D 127.0.0.1 InLoopBack0 10.1.1.2/32 Direct 0 0 D 10.1.1.2 Pos2/0/0 127.0.0.0/8 Direct 0 0 D 127.0.0.1 InLoopBack0 127.0.0.1/32 Direct 0 0 D 127.0.0.1 InLoopBack0

4.

Set up the remote LDP session between PE1 and PE2. # Configure PE1.
[PE1] mpls ldp remote-peer 4.4.4.9 [PE1-mpls-ldp-remote-4.4.4.9] remote-ip 4.4.4.9 [PE1-mpls-ldp-remote-4.4.4.9] quit

# Configure PE2.
[PE2] mpls ldp remote-peer 1.1.1.9 [PE2-mpls-ldp-remote-1.1.1.9] remote-ip 1.1.1.9 [PE2-mpls-ldp-remote-1.1.1.9] quit

After the configuration, the LDP neighbor relationship should have been set up between PEs in different ASs. Run the display mpls ldp session command on PEs, and you can see that the Session State is Operational. Take PE1 as an example:
<PE1> display mpls ldp session LDP Session(s) in Public Network -----------------------------------------------------------------------------Peer-ID Status LAM SsnRole SsnAge KA-Sent/Rcv -----------------------------------------------------------------------------2.2.2.9:0 Operational DU Passive 000:00:21 87/87 4.4.4.9:0 Operational DU Passive 000:00:18 75/75

Issue 03 (2008-09-22)

Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd.

6-283

6 PWE3 Configuration

Quidway NetEngine80E/40E Core Router Configuration Guide - VPN

-----------------------------------------------------------------------------TOTAL: 2 session(s) Found. LAM : Label Advertisement Mode SsnAge Unit : DDD:HH:MM

5.

Configure PW. Configure PW on PE, and make CE can access PE.


NOTE

The PWE3 does not support P2MP. Therefore, if MPLS L2VC is created on ATM sub-interfaces, ATM sub-interfaces must be of P2P type. For configuring transparent ATM cell transport, however, there is no such restriction.

# Configure PE1.
[PE1] mpls l2vpn [PE1-l2vpn] quit [PE1] interface pos 1/0/0 [PE1-Pos1/0/0] mpls l2vc 4.4.4.9 100 [PE1-Pos1/0/0] undo shutdown [PE1-Pos1/0/0] quit

# Configure PE2.
[PE2] mpls l2vpn [PE2-l2vpn] quit [PE2] interface pos 2/0/0 [PE2-Pos2/0/0] mpls l2vc 1.1.1.9 100 [PE2-Pos2/0/0] undo shutdown [PE2-Pos2/0/0] quit

# Configure CE1.
[CE-1] interface pos 1/0/0 [CE-1-Pos1/0/0] ip address 100.1.1.1 255.255.255.0 [CE-1-Pos1/0/0] undo shutdown [CE-1-Pos1/0/0] quit

# Configure CE2.
[CE-2] interface pos 1/0/0 [CE-2-Pos1/0/0] ip address 100.1.1.2 255.255.255.0 [CE-2-Pos1/0/0] undo shutdown [CE-2-Pos1/0/0] quit

6.

Verify the configuration. Check the information about L2VPN on PE1. You can find that an L2VC has been established, and the "VC state" is "up". Take PE1 as an example:
<PE1> display mpls l2vc interface pos 1/0/0 *client interface : Pos1/0/0 is up session state : up AC state : up VC state : up VC ID : 100 VC type : PPP destination : 4.4.4.9 local group ID : 0 remote group ID local VC label : 21505 remote VC label local AC OAM State : up local PSN State : up local forwarding state : forwarding remote AC OAM state : up remote PSN state : up remote forwarding state: forwarding BFD for PW : unavailable manual fault : not set active state : active forwarding entry : exist link state : up

: 0 : 21505

6-284

Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd.

Issue 03 (2008-09-22)

Quidway NetEngine80E/40E Core Router Configuration Guide - VPN


local VC MTU local VCCV remote VCCV local fragmentantion local control word tunnel policy traffic behavior PW template name primary or secondary VC tunnel/token info NO.0 TNL type : lsp create time up time last change time : : : : : : : : : :

6 PWE3 Configuration
4470 remote VC MTU : 4470 Disable Disable disable remote fragmentantion: disable disable remote control word : disable ---primary 1 tunnels/tokens , TNL ID : 0x2002002 : 0 days, 0 hours, 10 minutes, 24 seconds : 0 days, 0 hours, 6 minutes, 10 seconds : 0 days, 0 hours, 6 minutes, 10 seconds

CE1 and CE2 should have the path to each other, and can ping through each other. Take CE1 as an example:
<CE1> display ip routing-table Route Flags: R - relied, D - download to fib -----------------------------------------------------------------------------Routing Tables: Public Destinations : 5 Routes : 5 Destination/Mask Proto Pre Cost Flags NextHop Interface 100.1.1.0/24 Direct 0 0 D 100.1.1.1 Pos1/0/0 100.1.1.1/32 Direct 0 0 D 127.0.0.1 InLoopBack0 100.1.1.2/32 Direct 0 0 D 100.1.1.2 Pos1/0/0 127.0.0.0/8 Direct 0 0 D 127.0.0.1 InLoopBack0 127.0.0.1/32 Direct 0 0 D 127.0.0.1 InLoopBack0 <CE1> ping 100.1.1.2 PING 100.1.1.2: 56 data bytes, press CTRL_C to break Reply from 100.1.1.2: bytes=56 Sequence=1 ttl=255 time=310 ms Reply from 100.1.1.2: bytes=56 Sequence=2 ttl=255 time=130 ms Reply from 100.1.1.2: bytes=56 Sequence=3 ttl=255 time=190 ms Reply from 100.1.1.2: bytes=56 Sequence=4 ttl=255 time=190 ms Reply from 100.1.1.2: bytes=56 Sequence=5 ttl=255 time=150 ms --- 100.1.1.2 ping statistics --5 packet(s) transmitted 5 packet(s) received 0.00% packet loss round-trip min/avg/max = 130/194/310 ms

Configuration Files
l

Configuration file of CE1


# sysname CE1 # interface Pos1/0/0 link-protocol ppp undo shutdown ip address 100.1.1.1 255.255.255.0 # return

Configuration file of PE1


# sysname PE1 # mpls lsr-id 1.1.1.9 mpls # mpls l2vpn # mpls ldp # mpls ldp remote-peer 4.4.4.9 remote-ip 4.4.4.9 #

Issue 03 (2008-09-22)

Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd.

6-285

6 PWE3 Configuration
isis 1 network-entity 10.0000.0000.0001.00 # interface Pos1/0/0 link-protocol ppp undo shutdown mpls l2vc 4.4.4.9 100 # interface Pos2/0/0 link-protocol ppp undo shutdown ip address 10.1.1.1 255.255.255.0 isis enable 1 mpls mpls ldp # interface LoopBack0 ip address 1.1.1.9 255.255.255.255 isis enable 1 # bgp 100 peer 2.2.2.9 as-number 100 peer 2.2.2.9 connect-interface LoopBack0 # ipv4-family unicast undo synchronization peer 2.2.2.9 enable peer 2.2.2.9 label-route-capability # return l

Quidway NetEngine80E/40E Core Router Configuration Guide - VPN

Configuration file of ASBR-PE1


# sysname ASBR-PE1 # mpls lsr-id 2.2.2.9 mpls # mpls ldp # isis 1 network-entity 10.0000.0000.0002.00 # interface Pos1/0/0 link-protocol ppp undo shutdown ip address 10.1.1.2 255.255.255.0 isis enable 1 mpls mpls ldp # interface Pos2/0/0 link-protocol ppp undo shutdown ip address 20.1.1.1 255.255.255.0 mpls # interface LoopBack0 ip address 2.2.2.9 255.255.255.255 isis enable 1 # bgp 100 peer 20.1.1.2 as-number 200 peer 20.1.1.2 connect-interface Pos2/0/0 peer 1.1.1.9 as-number 100 peer 1.1.1.9 connect-interface LoopBack0 # ipv4-family unicast undo synchronization network 1.1.1.9 255.255.255.255

6-286

Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd.

Issue 03 (2008-09-22)

Quidway NetEngine80E/40E Core Router Configuration Guide - VPN


peer peer peer peer peer peer 20.1.1.2 enable 20.1.1.2 route-policy policy2 export 20.1.1.2 label-route-capability 1.1.1.9 enable 1.1.1.9 route-policy policy1 export 1.1.1.9 label-route-capability

6 PWE3 Configuration

# route-policy policy1 permit node 1 if-match mpls-label apply mpls-label # route-policy policy2 permit node 1 apply mpls-label # return l

Configuration file of ASBR-PE2


# sysname ASBR-PE2 # mpls lsr-id 3.3.3.9 mpls # mpls ldp # isis 1 network-entity 10.0000.0000.0003.00 # interface Pos1/0/0 link-protocol ppp undo shutdown ip address 20.1.1.2 255.255.255.0 mpls # interface Pos2/0/0 link-protocol ppp undo shutdown ip address 30.1.1.1 255.255.255.0 isis enable 1 mpls mpls ldp # interface LoopBack0 ip address 3.3.3.9 255.255.255.255 isis enable 1 # bgp 200 peer 4.4.4.9 as-number 200 peer 4.4.4.9 connect-interface LoopBack0 peer 20.1.1.1 as-number 100 peer 20.1.1.1 connect-interface Pos1/0/0 # ipv4-family unicast undo synchronization network 4.4.4.9 255.255.255.255 peer 4.4.4.9 enable peer 4.4.4.9 route-policy policy1 export peer 4.4.4.9 label-route-capability peer 20.1.1.1 enable peer 20.1.1.1 route-policy policy2 export peer 20.1.1.1 label-route-capability # route-policy policy1 permit node 1 if-match mpls-label apply mpls-label # # route-policy policy2 permit node 1 apply mpls-label #

Issue 03 (2008-09-22)

Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd.

6-287

6 PWE3 Configuration
return l

Quidway NetEngine80E/40E Core Router Configuration Guide - VPN

Configuration file of PE2


# sysname PE2 # mpls lsr-id 4.4.4.9 mpls # mpls l2vpn # mpls ldp # mpls ldp remote-peer 1.1.1.9 remote-ip 1.1.1.9 # isis 1 network-entity 10.0000.0000.0004.00 # interface Pos1/0/0 link-protocol ppp undo shutdown ip address 30.1.1.2 255.255.255.0 isis enable 1 mpls mpls ldp # interface Pos2/0/0 link-protocol ppp undo shutdown mpls l2vc 1.1.1.9 100 # interface LoopBack0 ip address 4.4.4.9 255.255.255.255 isis enable 1 # bgp 200 peer 3.3.3.9 as-number 200 peer 3.3.3.9 connect-interface LoopBack0 # ipv4-family unicast undo synchronization peer 3.3.3.9 enable peer 3.3.3.9 label-route-capability # return

Configuration file of CE2


# sysname CE2 # interface Pos1/0/0 link-protocol ppp undo shutdown ip address 100.1.1.2 255.255.255.0 # return

6.14.19 Example for Configuring Interface-based Remote ATM Cell Transport

6-288

Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd.

Issue 03 (2008-09-22)

Quidway NetEngine80E/40E Core Router Configuration Guide - VPN

6 PWE3 Configuration

Networking Requirement
Figure 6-34 Networking diagram for interface-based remote ATM transparent cell transport
Loopback1 1.1.1.9/32 Loopback1 2.2.2.9/32 Loopback1 3.3.3.9/32 POS1/0/0 100.1.2.2/24 P POS2/0/0 100.1.2.1/24

PE1 ATM2/0/0

POS1/0/0 100.1.1.2/24 POS1/0/0 100.1.1.1/24

PE2 ATM2/0/0

ATM1/0/0.1 ATM1/0/0.2 PVC1:1/100 PVC1:2/200 10.1.1.1/24 10.1.2.1/24 CE1 ATM Netw ork

ATM1/0/0.1 ATM1/0/0.2 PVC1:1/100 PVC1:2/200 10.1.1.2/24 10.1.2.2/24 CE2 ATM Netw ork

The ATM interfaces of the local router CE1 access the MPLS network through PE1 and connected with CE2 through PE2. CE1 and CE2 set up a VC that crosses the MPLS network. As shown in Figure 6-34, PE1, P, and PE2 emulate the leased line between the ATM interfaces of the two remote CEs and the PW connects the ATM interfaces of CE1 and CE2, cells need not be processed on the VPC/VCC. All the ATM cells on CE1 interfaces are transparently transported to the ATM interfaces of CE2 through the ISP network.

Configuration Roadmap
The configuration roadmap is as follows: 1. 2. 3. 4. 5. Configure a routing policy on the devices (PEs and Ps) of the backbone and enable MPLS. Adopt the default tunnel policy and set up the LSP as the tunnel to transmit user data. Enable MPLS L2VPN on the PE and set up the VC connection. Enable the ATM interfaces on the CE and configure the IPoA mapping. Enable the whole port ATM cell transport on the ATM interfaces that connect the PE and the CE.

Data Preparation
To complete the configuration, you need the following data:
l l l l

Data for configuring OSPF Name of the remote PE peer VC ID VPI/VCI value of the CE

Issue 03 (2008-09-22)

Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd.

6-289

6 PWE3 Configuration

Quidway NetEngine80E/40E Core Router Configuration Guide - VPN

Configuration Procedure
1. Enable the ATM interfaces on the CEs. # Configure CE1.
<Quidway> system-view [Quidway] sysname CE1 [CE1] interface atm 1/0/0 [CE1-Atm1/0/0] undo shutdown [CE1-Atm1/0/0] quit [CE1] interface atm 1/0/0.1 [CE1-Atm1/0/0.1] ip address 10.1.1.1 24 [CE1-Atm1/0/0.1] pvc 1/100 [CE1-atm-pvc-Atm1/0/0.1-1/100] map ip 10.1.1.2 [CE1-atm-pvc-Atm1/0/0.1-1/100] quit [CE1-Atm1/0/0.1] undo shutdown [CE1-Atm1/0/0.1] quit [CE1] interface atm 1/0/0.2 [CE1-Atm1/0/0.2] ip address 10.1.2.1 24 [CE1-Atm1/0/0.2] pvc 2/200 [CE1-atm-pvc-Atm1/0/0.2-2/200] map ip 10.1.2.2 [CE1-atm-pvc-Atm1/0/0.2-2/200] quit [CE1-Atm1/0/0.2] undo shutdown [CE1-Atm1/0/0.2] quit

# Configure CE2.
<Quidway> system-view [Quidway] sysname CE2 [CE2] interface atm 1/0/0 [CE2-Atm1/0/0] undo shutdown [CE2-Atm1/0/0] quit [CE2] interface atm 1/0/0.1 [CE2-Atm1/0/0.1] ip address 10.1.1.2 24 [CE2-Atm1/0/0.1] pvc 1/100 [CE2-atm-pvc-Atm1/0/0.1-1/100] map ip 10.1.1.1 [CE2-atm-pvc-Atm1/0/0.1-1/100] quit [CE2-Atm1/0/0.1] undo shutdown [CE2-Atm1/0/0.1] quit [CE2] interface atm 1/0/0.2 [CE2-Atm1/0/0.2] ip address 10.1.2.2 24 [CE2-Atm1/0/0.2] pvc 2/200 [CE2-atm-pvc-Atm1/0/0.2-2/200] map ip 10.1.2.1 [CE2-atm-pvc-Atm1/0/0.2-2/200] quit [CE2-Atm1/0/0.2] undo shutdown [CE2-Atm1/0/0.2] quit

2.

Configure the IGP on the MPLS backbone network. Configure the IGP for the MPLS backbone. Take OSPF as an example. # Configure PE1.
[PE1] interface loopback 1 [PE1-LoopBack1] ip address 1.1.1.9 32 [PE1-LoopBack1] quit [PE1] interface pos 1/0/0 [PE1-Pos1/0/0] ip address 100.1.1.1 24 [PE1-Pos1/0/0] undo shutdown [PE1-Pos1/0/0] quit [PE1] ospf 1 [PE1-ospf-1] area 0 [PE1-ospf-1-area-0.0.0.0] network 1.1.1.9 0.0.0.0 [PE1-ospf-1-area-0.0.0.0] network 100.1.1.0 0.0.0.255

# Configure P.
[P] interface loopback 1 [P-LoopBack1] ip address 2.2.2.9 32 [P-LoopBack1] quit [P] interface pos 1/0/0 [P-Pos1/0/0] ip address 100.1.1.2 24

6-290

Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd.

Issue 03 (2008-09-22)

Quidway NetEngine80E/40E Core Router Configuration Guide - VPN


[P-Pos1/0/0] undo shutdown [P-Pos1/0/0] quit [P] interface pos 2/0/0 [P-Pos2/0/0] ip address 100.1.2.1 24 [P-Pos2/0/0] undo shutdown [P-Pos2/0/0] quit [P] ospf 1 [P-ospf-1] area 0 [P-ospf-1-area-0.0.0.0] network 2.2.2.9 0.0.0.0 [P-ospf-1-area-0.0.0.0] network 100.1.1.0 0.0.0.255 [P-ospf-1-area-0.0.0.0] network 100.1.2.0 0.0.0.255

6 PWE3 Configuration

# Configure PE2.
[PE2] interface loopback 1 [PE2-LoopBack1] ip address 3.3.3.9 32 [PE2-LoopBack1] quit [PE2] interface pos 1/0/0 [PE2-Pos1/0/0] ip address 100.1.2.2 30 [PE2-Pos1/0/0] undo shutdown [PE2-Pos1/0/0] quit [PE2] ospf 1 [PE2-ospf-1] area 0 [PE2-ospf-1-area-0.0.0.0] network 3.3.3.9 0.0.0.0 [PE2-ospf-1-area-0.0.0.0] network 100.1.2.0 0.0.0.255

After the configuration, run the display ip routing-table command on PEs, and you can see that PE1 and PE2 have learnt the loopback address of each other. Take the display of PE1 as an example:
<PE1> display ip routing-table Route Flags: R - relied, D - download to fib -----------------------------------------------------------------------------Routing Tables: Public Destinations : 9 Routes : 9 Destination/Mask Proto Pre Cost Flags NextHop Interface 1.1.1.9/32 Direct 0 0 D 127.0.0.1 InLoopBack0 2.2.2.9/32 OSPF 10 2 D 100.1.1.2 Pos1/0/0 3.3.3.9/32 OSPF 10 3 D 100.1.1.2 Pos1/0/0 100.1.1.0/24 Direct 0 0 D 100.1.1.1 Pos1/0/0 100.1.1.1/32 Direct 0 0 D 127.0.0.1 InLoopBack0 100.1.1.2/32 Direct 0 0 D 100.1.1.2 Pos1/0/0 100.1.2.0/24 OSPF 10 2 D 100.1.1.2 Pos1/0/0 127.0.0.0/8 Direct 0 0 D 127.0.0.1 InLoopBack0 127.0.0.1/32 Direct 0 0 D 127.0.0.1 InLoopBack0

3.

Configure the basic MPLS functions and LDP on the MPLS backbone network. # Configure PE1.
[PE1] mpls lsr-id 1.1.1.9 [PE1] mpls [PE1-mpls] quit [PE1] mpls ldp [PE1-mpls-ldp] quit [PE1] interface pos 1/0/0 [PE1-Pos1/0/0] mpls [PE1-Pos1/0/0] mpls ldp [PE1-Pos1/0/0] quit

# Configure P.
[P] mpls lsr-id 2.2.2.9 [P] mpls [P-mpls] quit [P] mpls ldp [P-mpls-ldp] quit [P] interface pos 1/0/0 [P-Pos1/0/0] mpls [P-Pos1/0/0] mpls ldp [P-Pos1/0/0] quit [P] interface pos 2/0/0 [P-Pos2/0/0] mpls

Issue 03 (2008-09-22)

Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd.

6-291

6 PWE3 Configuration
[P-Pos2/0/0] mpls ldp [P-Pos2/0/0] quit

Quidway NetEngine80E/40E Core Router Configuration Guide - VPN

# Configure PE2.
[PE2] mpls lsr-id 3.3.3.9 [PE2] mpls [PE2-mpls] quit [PE2] mpls ldp [PE2-mpls-ldp] quit [PE2] interface pos 1/0/0 [PE2-Pos1/0/0] mpls [PE2-Pos1/0/0] mpls ldp [PE2-Pos1/0/0] quit

4.

Set up the remote LDP session between the PEs. # Configure PE1.
[PE1] mpls ldp remote-peer 3.3.3.9 [PE1-mpls-ldp-remote-3.3.3.9] remote-ip 3.3.3.9 [PE1-mpls-ldp-remote-3.3.3.9] quit

# Configure PE2.
[PE2] mpls ldp remote-peer 1.1.1.9 [PE2-mpls-ldp-remote-1.1.1.9] remote-ip 1.1.1.9 [PE2-mpls-ldp-remote-1.1.1.9] quit

After the configuration, run the display mpls ldp session command on PEs, and you can see that the status of the remote LDP peer relationship between PEs is Operational. That is, the remote peer relationship has been set up. Take the display of PE1 as an example.
<PE1> display mpls ldp session LDP Session(s) in Public Network -----------------------------------------------------------------------------Peer-ID Status LAM SsnRole SsnAge KA-Sent/Rcv -----------------------------------------------------------------------------2.2.2.9:0 Operational DU Passive 000:00:05 24/24 3.3.3.9:0 Operational DU Passive 000:00:05 22/22 -----------------------------------------------------------------------------TOTAL: 2 session(s) Found. LAM : Label Advertisement Mode SsnAge Unit : DDD:HH:MM

5.

Enable MPLS L2VPN on the PEs and configure the interface-based remote transparent ATM cell transport function. # Configure PE1.
[PE1] mpls l2vpn [PE1-l2vpn] quit [PE1] interface atm2/0/0 [PE1-Atm2/0/0] atm cell transfer [PE1-Atm2/0/0] mpls l2vc 3.3.3.9 101 [PE1-Atm2/0/0] undo shutdown [PE1-Atm2/0/0] quit

# Configure PE2.
[PE2] mpls l2vpn [PE2-l2vpn] quit [PE2] interface atm2/0/0 [PE2-Atm2/0/0] atm cell transfer [PE2-Atm2/0/0] mpls l2vc 1.1.1.9 101 [PE2-Atm2/0/0] undo shutdown [PE2-Atm2/0/0] quit

6.

Verify the configuration. Check information about the L2VPN connection on the PE. You can view that an L2VC is set up and the VC status is Up.

6-292

Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd.

Issue 03 (2008-09-22)

Quidway NetEngine80E/40E Core Router Configuration Guide - VPN

6 PWE3 Configuration

Take PE1 as an example:


<PE1> display mpls l2vc atm 2/0/0 *client interface : Atm2/0/0 is up session state : up AC state : up VC state : up VC ID : 101 VC type : ATM transparent cell destination : 3.3.3.9 local group ID : 0 remote group ID : 0 local VC label : 140289 remote VC label : 140289 local AC OAM State : up local PSN State : up local forwarding state : forwarding remote AC OAM state : up remote PSN state : up remote forwarding state: forwarding BFD for PW : unavailable manual fault : not set active state : active forwarding entry : exist link state : up local ATM cells : 1 remote ATM cells : 1 local VCCV : Disable remote VCCV : Disable local fragmentantion : disable remote fragmentantion: disable local control word : enable remote control word : enable tunnel policy : -traffic behavior : -PW template name : -primary or secondary : primary VC tunnel/token info : 1 tunnels/tokens NO.0 TNL type : lsp , TNL ID : 0x208000 create time : 0 days, 0 hours, 16 minutes, 54 seconds up time : 0 days, 0 hours, 16 minutes, 54 seconds last change time : 0 days, 0 hours, 16 minutes, 54 seconds

CE1 and CE2 can ping through each other. Take the display of CE1 as an example:
<CE1> ping 10.1.1.2 PING 10.1.1.2: 56 data bytes, press CTRL_C to break Reply from 10.1.1.2: bytes=56 Sequence=1 ttl=255 time=31 ms Reply from 10.1.1.2: bytes=56 Sequence=2 ttl=255 time=10 ms Reply from 10.1.1.2: bytes=56 Sequence=3 ttl=255 time=5 ms Reply from 10.1.1.2: bytes=56 Sequence=4 ttl=255 time=2 ms Reply from 10.1.1.2: bytes=56 Sequence=5 ttl=255 time=28 ms --- 10.1.1.2 ping statistics --5 packet(s) transmitted 5 packet(s) received 0.00% packet loss round-trip min/avg/max = 2/15/31 ms <CE1> ping 10.1.2.2 PING 10.1.2.2: 56 data bytes, press CTRL_C to break Reply from 10.1.2.2: bytes=56 Sequence=1 ttl=255 time=31 ms Reply from 10.1.2.2: bytes=56 Sequence=2 ttl=255 time=10 ms Reply from 10.1.2.2: bytes=56 Sequence=3 ttl=255 time=5 ms Reply from 10.1.2.2: bytes=56 Sequence=4 ttl=255 time=2 ms Reply from 10.1.2.2: bytes=56 Sequence=5 ttl=255 time=28 ms --- 10.1.2.2 ping statistics --5 packet(s) transmitted 5 packet(s) received 0.00% packet loss round-trip min/avg/max = 2/15/31 ms

Configuration Files
l

Configuration file of CE1


Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd. 6-293

Issue 03 (2008-09-22)

6 PWE3 Configuration
# sysname CE1 # interface Atm1/0/0.1 undo shutdown ip address 10.1.1.1 255.255.255.0 pvc 1/100 map ip 10.1.1.2 # interface Atm1/0/0.2 undo shutdown ip address 10.1.2.1 255.255.255.0 pvc 2/200 map ip 10.1.2.2 # return l

Quidway NetEngine80E/40E Core Router Configuration Guide - VPN

Configuration file of PE1


# sysname PE1 # mpls lsr-id 1.1.1.9 mpls # mpls l2vpn # mpls ldp # mpls ldp remote-peer 3.3.3.9 remote-ip 3.3.3.9 # interface Pos1/0/0 link-protocol ppp undo shutdown ip address 100.1.1.1 255.255.255.0 mpls mpls ldp # interface Atm2/0/0 undo shutdown atm cell transfer mpls l2vc 3.3.3.9 101 # interface LoopBack1 ip address 1.1.1.9 255.255.255.255 # ospf 1 area 0.0.0.0 network 1.1.1.9 0.0.0.0 network 100.1.1.0 0.0.0.255 # return

Configuration file of P
# sysname P # mpls lsr-id 2.2.2.9 mpls # mpls ldp # interface Pos1/0/0 link-protocol ppp undo shutdown ip address 100.1.1.2 255.255.255.0 mpls mpls ldp # interface Pos2/0/0

6-294

Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd.

Issue 03 (2008-09-22)

Quidway NetEngine80E/40E Core Router Configuration Guide - VPN


link-protocol ppp undo shutdown ip address 100.1.2.1 255.255.255.0 mpls mpls ldp # interface LoopBack1 ip address 2.2.2.9 255.255.255.255 # ospf 1 area 0.0.0.0 network 2.2.2.9 0.0.0.0 network 100.1.1.0 0.0.0.255 network 100.1.2.0 0.0.0.255 # return l

6 PWE3 Configuration

Configuration file of PE2


# sysname PE2 # mpls lsr-id 3.3.3.9 mpls # mpls l2vpn # mpls ldp # mpls ldp remote-peer 1.1.1.9 remote-ip 1.1.1.9 # interface Pos1/0/0 link-protocol ppp undo shutdown ip address 100.1.2.2 255.255.255.0 mpls mpls ldp # interface Atm2/0/0 undo shutdown atm cell transfer mpls l2vc 1.1.1.9 101 # interface LoopBack1 ip address 3.3.3.9 255.255.255.255 # ospf 1 area 0.0.0.0 network 3.3.3.9 0.0.0.0 network 100.1.2.0 0.0.0.255 # return

Configuration file of CE2


# sysname CE2 # interface Atm1/0/0.1 undo shutdown ip address 10.1.1.2 255.255.255.0 pvc 1/100 map ip 10.1.1.1 # interface Atm1/0/0.2 undo shudown ip address 10.1.2.2 255.255.255.0 pvc 2/200 map ip 10.1.2.1 #

Issue 03 (2008-09-22)

Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd.

6-295

6 PWE3 Configuration
return

Quidway NetEngine80E/40E Core Router Configuration Guide - VPN

6.14.20 Example for Configuring 1-to1 VCC ATM Cell Transport


Networking Diagram
Figure 6-35 Networking diagram for 1-to-1 VCC ATM cell transport
Loopback1 1.1.1.9/32 Loopback1 2.2.2.9/32 Loopback1 3.3.3.9/32 POS1/0/0 100.1.2.2/24 P POS2/0/0 100.1.2.1/24 ATM1/0/0.1 PVC1:1/100 10.1.1.2/24 CE1 ATM Netw ork CE2 ATM Netw ork

PE1 ATM2/0/0 ATM1/0/0.1 PVC1:1/100 10.1.1.1/24

POS1/0/0 100.1.1.2/24 POS1/0/0 100.1.1.1/24

PE2 ATM2/0/0

The ATM interfaces of the local router CE1 access the MPLS network through PE1 and connected with CE2 through PE2. CE1 and CE2 set up a VC that crosses the MPLS network. CE1 and CE2 access PE1 and PE2 through the ATM link. Figure 6-35 shows the PVC values and IP addresses. It is required that the PW between PE1, P, and PE2 carries cells of only one ATM VCC between CE1 and CE2. ATM cells between CE1 and CE2 can be transparently transmitted through the ISP network.

Configuration Roadmap
The configuration roadmap is as follows: 1. 2. 3. 4. 5. Configure a routing policy on the devices (PEs and Ps) of the backbone and enable MPLS. Adopt the default tunnel policy and set up the LSP as the tunnel to transmit user data. Enable MPLS L2VPN on the PE and set up the VC connection. Enable the ATM interfaces on the CE and configure the IPoA mapping. On each PE, enable the 1-to-1 VCC ATM cell transport on the ATM sub-interfaces that connect the PE and the CE.

Data Preparation
To complete the configuration, you need the following data:
l l

Data for configuring OSPF Name of the remote PE peer


Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd. Issue 03 (2008-09-22)

6-296

Quidway NetEngine80E/40E Core Router Configuration Guide - VPN


l l

6 PWE3 Configuration

VC ID VPI/VCI value of the CE

Configuration Procedure
1. Enable the ATM interfaces on the CEs. # Configure CE1.
<Quidway> system-view [Quidway] sysname CE1 [CE1] interface atm 1/0/0 [CE1-Atm1/0/0] undo shutdown [CE1-Atm1/0/0] quit [CE1] interface atm 1/0/0.1 [CE1-Atm1/0/0.1] ip address 100.1.1.1 24 [CE1-Atm1/0/0.1] pvc 1/100 [CE1-atm-pvc-Atm1/0/0.1-1/100] map ip 100.1.1.2 [CE1-atm-pvc-Atm1/0/0.1-1/100] quit [CE1-Atm1/0/0.1] undo shutdown [CE1-Atm1/0/0.1] quit

# Configure CE2.
<Quidway> system-view [Quidway] sysname CE2 [CE2] interface atm 1/0/0 [CE2-Atm1/0/0] undo shutdown [CE2-Atm1/0/0] quit [CE2] interface atm 1/0/0.1 [CE2-Atm1/0/0.1] ip address 100.1.1.2 24 [CE2-Atm1/0/0.1] pvc 1/100 [CE2-atm-pvc-Atm1/0/0.1-1/100] map ip 100.1.1.1 [CE2-atm-pvc-Atm1/0/0.1-1/100] quit [CE2-Atm1/0/0.1] undo shutdown [CE2-Atm1/0/0.1] quit

2.

Configure the IGP on the MPLS backbone. Configure IP addresses for the interfaces of PEs and P. For details, see Figure 6-35. Configure the IGP for the MPLS backbone. Take OSPF as an example. While configuring OSPF, advertise the 32-bit loopback addresses of PE1, P, and PE2. For configuration details, see "Example for Configuring Interface-based Remote ATM Cell Transport."

3.

Configure the basic MPLS functions and LDP on the MPLS backbone network. For configuration details, see "Example for Configuring Interface-based Remote ATM Cell Transport."

4.

Set up the remote LDP session between the PEs. For configuration details, see "Example for Configuring Interface-based Remote ATM Cell Transport."

5.

Enable MPLS L2VPN on the PEs and configure the interface-based remote transparent ATM cell transport function. # Configure PE1.
[PE1] mpls l2vpn [PE1-l2vpn] quit [PE1] interface atm 2/0/0 [PE1-Atm2/0/0] undo shutdown [PE1-Atm2/0/0] quit [PE1] interface atm2/0/0.1 p2p [PE1-Atm2/0/0.1] atm cell transfer [PE1-Atm2/0/0.1] pvc 1/100 [PE1-atm-pvc-Atm2/0/0.1-1/100] quit

Issue 03 (2008-09-22)

Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd.

6-297

6 PWE3 Configuration
[PE1-Atm2/0/0.1] mpls l2vc 3.3.3.9 101 [PE1-Atm2/0/0.1] undo shutdown [PE1-Atm2/0/0.1] quit

Quidway NetEngine80E/40E Core Router Configuration Guide - VPN

# Configure PE2.
[PE2] mpls l2vpn [PE2-l2vpn] quit [PE2] interface atm 2/0/0 [PE2-Atm2/0/0] undo shutdown [PE2-Atm2/0/0] quit [PE2] interface atm2/0/0.1 p2p [PE2-Atm2/0/0.1] atm cell transfer [PE2-Atm2/0/0.1] pvc 1/100 [PE2-atm-pvc-Atm2/0/0.1-1/100] quit [PE2-Atm2/0/0.1] mpls l2vc 1.1.1.9 101 [PE2-Atm1/0/0.1] undo shutdown [PE2-Atm1/0/0.1] quit

6.

Verify the configuration. Check information about the L2VPN connection on the PE. You can view that an L2VC is set up and the VC status is Up. Take PE1 as an example:
<PE1> display mpls l2vc interface atm 2/0/0.1 *client interface : Atm2/0/0.1 is up session state : up AC state : up VC state : up VC ID : 101 VC type : ATM 1to1 VCC destination : 3.3.3.9 local group ID : 0 remote group ID : 0 local VC label : 140288 remote VC label : 140288 local AC OAM State : up local PSN State : up local forwarding state : forwarding remote AC OAM state : up remote PSN state : up remote forwarding state: forwarding BFD for PW : unavailable manual fault : not set active state : active forwarding entry : exist link state : up local VC MTU : 1500 remote VC MTU : 0 local VCCV : Disable remote VCCV : Disable local fragmentantion : disable remote fragmentantion: disable local control word : enable remote control word : enable tunnel policy : -traffic behavior : -PW template name : -primary or secondary : primary VC tunnel/token info : 1 tunnels/tokens NO.0 TNL type : lsp , TNL ID : 0x208000 create time : 0 days, 0 hours, 1 minutes, 5 seconds up time : 0 days, 0 hours, 0 minutes, 21 seconds last change time : 0 days, 0 hours, 0 minutes, 21 seconds

CE1 and CE2 can ping through each other. Take the display of CE1 as an example:
<CE1> ping 10.1.1.2 PING 10.1.1.2: 56 data bytes, press CTRL_C to break Reply from 10.1.1.2: bytes=56 Sequence=1 ttl=255 time=31 ms Reply from 10.1.1.2: bytes=56 Sequence=2 ttl=255 time=10 ms Reply from 10.1.1.2: bytes=56 Sequence=3 ttl=255 time=5 ms Reply from 10.1.1.2: bytes=56 Sequence=4 ttl=255 time=2 ms Reply from 10.1.1.2: bytes=56 Sequence=5 ttl=255 time=28 ms

6-298

Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd.

Issue 03 (2008-09-22)

Quidway NetEngine80E/40E Core Router Configuration Guide - VPN


--- 10.1.1.2 ping statistics --5 packet(s) transmitted 5 packet(s) received 0.00% packet loss round-trip min/avg/max = 2/15/31 ms

6 PWE3 Configuration

Configuration Files
l

Configuration file of CE1


# sysname CE1 # interface Atm1/0/0 undo shutdown # interface Atm1/0/0.1 undo shutdown ip address 10.1.1.1 255.255.255.0 pvc 1/100 map ip 10.1.1.2 # return

Configuration file of PE1


# sysname PE1 # mpls lsr-id 1.1.1.9 mpls # mpls l2vpn # mpls ldp # mpls ldp remote-peer 3.3.3.9 remote-ip 3.3.3.9 # interface Pos1/0/0 link-protocol ppp undo shutdown ip address 100.1.1.1 255.255.255.0 mpls mpls ldp # interface Atm2/0/0 undo shutdown # interface Atm2/0/0.1 p2p undo shutdown atm cell transfer pvc 1/100 mpls l2vc 3.3.3.9 101 # interface LoopBack1 ip address 1.1.1.9 255.255.255.255 # ospf 1 area 0.0.0.0 network 1.1.1.9 0.0.0.0 network 100.1.1.0 0.0.0.255 # return

Configuration file of P
# sysname P # mpls lsr-id 2.2.2.9

Issue 03 (2008-09-22)

Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd.

6-299

6 PWE3 Configuration
mpls # mpls ldp # interface Pos1/0/0 link-protocol ppp undo shutdown ip address 100.1.1.2 255.255.255.0 mpls mpls ldp # interface Pos2/0/0 link-protocol ppp undo shutdown ip address 100.1.2.1 255.255.255.0 mpls mpls ldp # interface LoopBack1 ip address 2.2.2.9 255.255.255.255 # ospf 1 area 0.0.0.0 network 2.2.2.9 0.0.0.0 network 100.1.1.0 0.0.0.255 network 100.1.2.0 0.0.0.255 # return l

Quidway NetEngine80E/40E Core Router Configuration Guide - VPN

Configuration file of PE2


# sysname PE2 # mpls lsr-id 3.3.3.9 mpls # mpls l2vpn # mpls ldp # mpls ldp remote-peer 1.1.1.9 remote-ip 1.1.1.9 # interface Pos1/0/0 link-protocol ppp undo shutdown ip address 100.1.2.2 255.255.255.0 mpls mpls ldp # interface Atm2/0/0 undo shutdown # interface Atm2/0/0.1 p2p undo shutdown atm cell transfer pvc 1/100 mpls l2vc 1.1.1.9 101 # interface LoopBack1 ip address 3.3.3.9 255.255.255.255 # ospf 1 area 0.0.0.0 network 3.3.3.9 0.0.0.0 network 100.1.2.0 0.0.0.255 # return

Configuration file of CE2


Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd. Issue 03 (2008-09-22)

6-300

Quidway NetEngine80E/40E Core Router Configuration Guide - VPN


# sysname CE2 # interface Atm1/0/0 undo shutdown # interface Atm1/0/0.1 undo shutdown ip address 10.1.1.2 255.255.255.0 pvc 1/100 map ip 10.1.1.1 # return

6 PWE3 Configuration

6.14.21 Example for Configuring N-to-1 VCC ATM Cell Transport


Networking Diagram
Figure 6-36 Networking diagram for N-to-1 VCC ATM cell transport
Loopback1 1.1.1.9/32 Loopback1 2.2.2.9/32 Loopback1 3.3.3.9/32 POS1/0/0 100.1.2.2/24 P POS2/0/0 100.1.2.1/24

PE1 ATM2/0/0

POS1/0/0 100.1.1.2/24 POS1/0/0 100.1.1.1/24

PE2 ATM2/0/0

ATM1/0/0.1 ATM1/0/0.2 VC1:1/100 VC2:2/200 10.1.1.1/24 10.1.2.1/24 CE1 ATM Netw ork

ATM1/0/0.1 ATM1/0/0.2 VC1:1/100 VC2:2/200 10.1.1.2/24 10.1.2.2/24 CE2 ATM Netw ork

The ATM interfaces of the local router CE1 access the MPLS network through PE1 and connected with CE2 through PE2. CE1 and CE2 set up two VCs that cross the MPLS network. CE1 and CE2 access PE1 and PE2 through the ATM link. Figure 6-36 shows the PVC values and IP addresses. It is required that the two PWs between PE1, P, and PE2 carry cells of the two ATM VCCs between CE1 and CE2. ATM cells between CE1 and CE2 can be transparently transmitted through the ISP network.

Configuration Roadmap
The configuration roadmap is as follows: 1. 2. 3. 4.
Issue 03 (2008-09-22)

Configure a routing policy on the devices (PEs and Ps) of the backbone and enable MPLS. Adopt the default tunnel policy and set up the LSP as the tunnel to transmit user data. Enable MPLS L2VPN on the PE and set up the VC connection. Enable the ATM interfaces on the CE and configure the IPoA mapping.
Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd. 6-301

6 PWE3 Configuration

Quidway NetEngine80E/40E Core Router Configuration Guide - VPN

5.

On each PE, enable the N-to-1 VCC ATM cell transport on the ATM sub-interfaces that connect the PE and the CE.

Data Preparation
To complete the configuration, you need the following data:
l l l l

Data for configuring OSPF Name of the remote PE peer VC ID VPI/VCI value of the CE

Configuration Procedure
1. Enable the ATM interfaces on the CEs. # Configure CE1.
<Quidway> system-view [Quidway] sysname CE1 [CE1] interface atm 1/0/0 [CE1-Atm1/0/0] undo shutdown [CE1-Atm1/0/0] quit [CE1] interface atm 1/0/0.1 [CE1-Atm1/0/0.1] ip address 100.1.1.1 24 [CE1-Atm1/0/0.1] pvc 1/100 [CE1-atm-pvc-Atm1/0/0.1-1/100] map ip 100.1.1.2 [CE1-atm-pvc-Atm1/0/0.1-1/100] quit [CE1-Atm1/0/0.1] undo shutdown [CE1-Atm1/0/0.1] quit [CE1] interface atm 1/0/0.2 [CE1-Atm1/0/0.2] interface atm 1/0/0.2 [CE1-Atm1/0/0.2] ip address 100.1.2.1 24 [CE1-Atm1/0/0.2] pvc 2/200 [CE1-atm-pvc-Atm1/0/0.2-2/200] map ip 100.1.2.2 [CE1-atm-pvc-Atm1/0/0.2-2/200] quit [CE1-Atm1/0/0.2] undo shutdown [CE1-Atm1/0/0.2] quit

# Configure CE2.
<Quidway> system-view [Quidway] sysname CE2 [CE2] interface atm 1/0/0 [CE2-Atm1/0/0] undo shutdown [CE2-Atm1/0/0] quit [CE2] interface atm 1/0/0.1 [CE2-Atm1/0/0.1] ip address 100.1.1.2 [CE2-Atm1/0/0.1] pvc 1/100 [CE2-atm-pvc-Atm1/0/0.1-1/100] map ip [CE2-atm-pvc-Atm1/0/0.1-1/100] quit [CE2-Atm1/0/0.1] undo shutdown [CE2-Atm1/0/0.1] quit [CE2] interface atm 1/0/0.2 [CE2-Atm1/0/0.2] ip address 100.1.2.2 [CE2-Atm1/0/0.2] pvc 2/200 [CE2-atm-pvc-Atm1/0/0.2-2/200] map ip [CE2-atm-pvc-Atm1/0/0.2-2/200] quit [CE2-Atm1/0/0.2] undo shutdown [CE2-Atm1/0/0.2] quit

24 100.1.1.1

24 100.1.2.1

2.

Configure the IGP on the MPLS backbone. Configure IP addresses for the interfaces of PEs and P. For details, see Figure 6-36. Configure the IGP for the MPLS backbone. Take OSPF as an example. While configuring OSPF, advertise the 32-bit loopback addresses of PE1, P, and PE2.

6-302

Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd.

Issue 03 (2008-09-22)

Quidway NetEngine80E/40E Core Router Configuration Guide - VPN

6 PWE3 Configuration

For configuration details, see "Example for Configuring Interface-based Remote ATM Cell Transport." 3. Configure the basic MPLS functions and LDP on the MPLS backbone network. For configuration details, see "Example for Configuring Interface-based Remote ATM Cell Transport." 4. Set up the remote LDP session between the PEs. For configuration details, see "Example for Configuring Interface-based Remote ATM Cell Transport." 5. Enable MPLS L2VPN on the PEs and configure the interface-based remote transparent ATM cell transport function. # Configure PE1.
[PE1] mpls l2vpn [PE1-l2vpn] quit [PE1] interface atm 2/0/0 [PE1-Atm2/0/0] undo shutdown [PE1-Atm2/0/0] quit [PE1] interface atm2/0/0.1 [PE1-Atm2/0/0.1] atm cell transfer [PE1-Atm2/0/0.1] pvc 1/100 [PE1-atm-pvc-Atm2/0/0.1-1/100] quit [PE1-Atm2/0/0.1] pvc 2/200 [PE1-atm-pvc-Atm2/0/0.1-2/200] quit [PE1-Atm2/0/0.1] mpls l2vc 3.3.3.9 101 [PE1-Atm2/0/0.1] undo shutdown [PE1-Atm2/0/0.1] quit

# Configure PE2.
[PE2] mpls l2vpn [PE2-l2vpn] quit [PE2] interface atm 2/0/0 [PE2-Atm2/0/0] undo shutdown [PE2-Atm2/0/0] quit [PE2] interface atm2/0/0.1 [PE2-Atm2/0/0.1] atm cell transfer [PE2-Atm2/0/0.1] pvc 1/100 [PE2-atm-pvc-Atm2/0/0.1-1/100] quit [PE2-Atm2/0/0.1] pvc 2/200 [PE2-atm-pvc-Atm2/0/0.1-2/200] quit [PE2-Atm2/0/0.1] mpls l2vc 1.1.1.9 101 [PE2-Atm2/0/0.1] undo shutdown [PE2-Atm2/0/0.1] quit

6.

Verify the configuration. Run the display mpls l2vc interface command on PEs to view the status of PWs, and you can see the status is up. Take the display of PE1 as an example.
<PE1> display mpls l2vc interface atm 2/0/0.1 *client interface : Atm2/0/0.1 is up session state : up AC state : up VC state : up VC ID : 101 VC type : ATM Nto1 VCC destination : 3.3.3.9 local group ID : 0 remote group ID local VC label : 140289 remote VC label local AC OAM State : up local PSN State : up local forwarding state : forwarding remote AC OAM state : up remote PSN state : up remote forwarding state: forwarding

: 0 : 140289

Issue 03 (2008-09-22)

Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd.

6-303

6 PWE3 Configuration
BFD for PW manual fault active state forwarding entry link state local ATM cells local VCCV remote VCCV local fragmentantion local control word tunnel policy traffic behavior PW template name primary or secondary VC tunnel/token info NO.0 TNL type : lsp create time up time last change time : : : : : : : : : : : : : : :

Quidway NetEngine80E/40E Core Router Configuration Guide - VPN


unavailable not set active exist up 1 remote ATM cells : 1 Disable Disable disable remote fragmentantion: disable disable remote control word : disable ---primary 1 tunnels/tokens , TNL ID : 0x208000 : 0 days, 0 hours, 4 minutes, 53 seconds : 0 days, 0 hours, 3 minutes, 35 seconds : 0 days, 0 hours, 3 minutes, 35 seconds

CE1 and CE2 can ping through each other. Take the display of CE1 as an example:
<CE1> ping 10.1.1.2 PING 10.1.1.2: 56 data bytes, press CTRL_C to break Reply from 10.1.1.2: bytes=56 Sequence=1 ttl=255 time=31 ms Reply from 10.1.1.2: bytes=56 Sequence=2 ttl=255 time=10 ms Reply from 10.1.1.2: bytes=56 Sequence=3 ttl=255 time=5 ms Reply from 10.1.1.2: bytes=56 Sequence=4 ttl=255 time=2 ms Reply from 10.1.1.2: bytes=56 Sequence=5 ttl=255 time=28 ms --- 10.1.1.2 ping statistics --5 packet(s) transmitted 5 packet(s) received 0.00% packet loss round-trip min/avg/max = 2/15/31 ms <CE1> ping 10.1.2.2 PING 10.1.2.2: 56 data bytes, press CTRL_C to break Reply from 10.1.2.2: bytes=56 Sequence=1 ttl=255 time=31 ms Reply from 10.1.2.2: bytes=56 Sequence=2 ttl=255 time=10 ms Reply from 10.1.2.2: bytes=56 Sequence=3 ttl=255 time=5 ms Reply from 10.1.2.2: bytes=56 Sequence=4 ttl=255 time=2 ms Reply from 10.1.2.2: bytes=56 Sequence=5 ttl=255 time=28 ms --- 10.1.2.2 ping statistics --5 packet(s) transmitted 5 packet(s) received 0.00% packet loss round-trip min/avg/max = 2/15/31 ms

Configuration Files
l

Configuration file of CE1


# sysname CE1 # interface Atm1/0/0 undo shutdown # interface Atm1/0/0.1 undo shutdown ip address 10.1.1.1 255.255.255.0 pvc 1/100 map ip 10.1.1.2 # interface Atm1/0/0.2 undo shutdown ip address 10.1.2.1 255.255.255.0 pvc 2/200 map ip 10.1.2.2 #

6-304

Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd.

Issue 03 (2008-09-22)

Quidway NetEngine80E/40E Core Router Configuration Guide - VPN


return l

6 PWE3 Configuration

Configuration file of PE1


# sysname PE1 # mpls lsr-id 1.1.1.9 mpls # mpls l2vpn # mpls ldp # mpls ldp remote-peer 3.3.3.9 remote-ip 3.3.3.9 # interface Pos1/0/0 link-protocol ppp undo shutdown ip address 100.1.1.1 255.255.255.0 mpls mpls ldp # interface Atm2/0/0 undo shutdown # interface Atm2/0/0.1 undo shutdown atm cell transfer pvc 1/100 pvc 2/200 mpls l2vc 3.3.3.9 101 # interface LoopBack1 ip address 1.1.1.9 255.255.255.255 # ospf 1 area 0.0.0.0 network 1.1.1.9 0.0.0.0 network 100.1.1.0 0.0.0.255 # return

Configuration file of P
# sysname P # mpls lsr-id 2.2.2.9 mpls # mpls ldp # interface Pos1/0/0 link-protocol ppp undo shutdown ip address 100.1.1.2 255.255.255.0 mpls mpls ldp # interface Pos2/0/0 link-protocol ppp undo shutdown ip address 100.1.2.1 255.255.255.0 mpls mpls ldp # interface LoopBack1 ip address 2.2.2.9 255.255.255.255 # ospf 1

Issue 03 (2008-09-22)

Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd.

6-305

6 PWE3 Configuration
area 0.0.0.0 network 2.2.2.9 0.0.0.0 network 100.1.1.0 0.0.0.255 network 100.1.2.0 0.0.0.255 # return l

Quidway NetEngine80E/40E Core Router Configuration Guide - VPN

Configuration file of PE2


# sysname PE2 # mpls lsr-id 3.3.3.9 mpls # mpls l2vpn # mpls ldp # mpls ldp remote-peer 1.1.1.9 remote-ip 1.1.1.9 # interface Pos1/0/0 link-protocol ppp undo shutdown ip address 100.1.2.2 255.255.255.0 mpls mpls ldp # interface Atm2/0/0 undo shutdown # interface Atm2/0/0.1 undo shutdown atm cell transfer pvc 1/100 pvc 2/200 mpls l2vc 1.1.1.9 101 # interface LoopBack1 ip address 3.3.3.9 255.255.255.255 # ospf 1 area 0.0.0.0 network 3.3.3.9 0.0.0.0 network 100.1.2.0 0.0.0.255 # return

Configuration file of CE2


# sysname CE2 # interface Atm1/0/0 undo shutdown # interface Atm1/0/0.1 undo shutdown ip address 10.1.1.2 255.255.255.0 pvc 1/100 map ip 10.1.1.1 # interface Atm1/0/0.2 undo shutdown ip address 10.1.2.2 255.255.255.0 pvc 2/200 map ip 10.1.2.1 # return

6-306

Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd.

Issue 03 (2008-09-22)

Quidway NetEngine80E/40E Core Router Configuration Guide - VPN

6 PWE3 Configuration

6.14.22 Example for Configuring N-to-1 VCC ATM Cell Transport with VPI/VCI Mapping
Networking Requirements
Figure 6-37 Networking diagram for N-to-1 VCC ATM cell transport with VPI/VCI mapping
Loopback1 1.1.1.9/32 Loopback1 2.2.2.9/32 Loopbakc1 3.3.3.9/32 POS1/0/0 100.1.2.2/24 P POS2/0/0 100.1.2.1/24

PE1 ATM2/0/0

POS1/0/0 100.1.1.2/24 POS1/0/0 100.1.1.1/24

PE2 ATM2/0/0

ATM1/0/0.1 ATM1/0/0.2 VC1:1/100 VC2:2/200 10.1.1.1/24 10.1.2.1/24 CE1 ATM Netw ork

ATM1/0/0.1 ATM1/0/0.2 VC1:3/300 VC2:4/400 10.1.1.2/24 10.1.2.2/24 CE2 ATM Netw ork

The ATM interfaces of the local router CE1 access the MPLS network through PE1 and connected with CE2 through PE2. CE1 and CE2 set up two VCs that cross the MPLS network. CE1 and CE2 access PE1 and PE2 through the ATM link. Figure 6-37 shows the PVC values and IP addresses. It is required that the two PWs between PE1, P, and PE2 carry cells of the two ATM VCCs (VC1 and VC2) between CE1 and CE2. The VC1 and VC2 values of CE1 are different from those of CE2. Through the configuration of the VPI/VCI mapping, ATM cells between CE1 and CE2 can be transparently transmitted through the ISP network.

Configuration Roadmap
The configuration roadmap is as follows: 1. 2. 3. 4. 5. Configure a routing policy on the devices (PEs and Ps) of the backbone and enable MPLS. Adopt the default tunnel policy and set up the LSP as the tunnel to transmit user data. Enable MPLS L2VPN on the PE and set up the VC connection. Enable the ATM interfaces on the CE and configure the IPoA mapping. On each PE, enable the N-to-1 VCC ATM cell transport with VPI/VCI mapping on the ATM sub-interfaces that connect the PE and the CE.

Data Preparation
To complete the configuration, you need the following data:
l

Data for configuring OSPF


Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd. 6-307

Issue 03 (2008-09-22)

6 PWE3 Configuration
l l l

Quidway NetEngine80E/40E Core Router Configuration Guide - VPN

Name of the remote PE peer VC ID VPI/VCI value of the CE

Configuration Procedure
1. Enable the ATM interfaces on the CEs. # Configure CE1.
<Quidway> system-view [Quidway] sysname CE1 [CE1] interface atm 1/0/0 [CE1-Atm1/0/0] undo shutdown [CE1-Atm1/0/0] quit [CE1] interface atm 1/0/0.1 [CE1-Atm1/0/0.1] ip address 100.1.1.1 [CE1-atm-pvc-Atm1/0/0.1] pvc 1/100 [CE1-atm-pvc-Atm1/0/0.1-1/100] map ip [CE1-Atm1/0/0.1-1/100] quit [CE1-Atm1/0/0.1] undo shutdown [CE1-Atm1/0/0.1] quit [CE1] interface atm 1/0/0.2 [CE1-Atm1/0/0.2] ip address 100.1.2.1 [CE1-Atm1/0/0.2] pvc 2/200 [CE1-atm-pvc-Atm1/0/0.2-2/200] map ip [CE1-atm-pvc-Atm1/0/0.2-2/200] quit [CE1-Atm1/0/0.2] undo shutdown [CE1-Atm1/0/0.2] quit

24 100.1.1.2

24 100.1.2.2

# Configure CE2.
<Quidway> system-view [Quidway] sysname CE2 [CE2] interface atm 1/0/0 [CE2-Atm1/0/0] undo shutdown [CE2-Atm1/0/0] quit [CE2] interface atm 1/0/0.1 [CE2-Atm1/0/0.1] ip address 100.1.1.2 [CE2-Atm1/0/0.1] pvc 3/300 [CE2-atm-pvc-Atm1/0/0.1-3/300] map ip [CE2-atm-pvc-Atm1/0/0.1-3/300] quit [CE2-Atm1/0/0.1] undo shutdown [CE2-Atm1/0/0.1] quit [CE2] interface atm 1/0/0.2 [CE2-Atm1/0/0.2] ip address 100.1.2.2 [CE2-atm-pvc-Atm1/0/0.2] pvc 4/400 [CE2-atm-pvc-Atm1/0/0.2-4/400] map ip [CE2-atm-pvc-Atm1/0/0.2-4/400] quit [CE2-Atm1/0/0.2] undo shutdown [CE2-Atm1/0/0.2] quit

24 100.1.1.1

24 100.1.2.1

2.

Configure the IGP on the MPLS backbone. Configure IP addresses for the interfaces of PEs and P. For details, see Figure 6-37. Configure the IGP for the MPLS backbone. Take OSPF as an example. While configuring OSPF, advertise the 32-bit loopback addresses of PE1, P, and PE2. For configuration details, see "Example for Configuring Interface-based Remote ATM Cell Transport."

3.

Configure the basic MPLS functions and LDP on the MPLS backbone network. For configuration details, see "Example for Configuring Interface-based Remote ATM Cell Transport."

4.
6-308

Set up the remote LDP session between the PEs.


Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd. Issue 03 (2008-09-22)

Quidway NetEngine80E/40E Core Router Configuration Guide - VPN

6 PWE3 Configuration

For configuration details, see "Example for Configuring Interface-based Remote ATM Cell Transport." 5. Enable MPLS L2VPN on the PEs and configure the interface-based remote transparent ATM cell transport function. # Configure PE1.
[PE1] mpls l2vpn [PE1-l2vpn] quit [PE1] interface atm 2/0/0 [PE1-Atm2/0/0] undo shutdown [PE1-Atm2/0/0] quit [PE1] interface atm2/0/0.1 [PE1-Atm2/0/0.1] atm cell transfer [PE1-Atm2/0/0.1] pvc 1/100 [PE1-atm-pvc-Atm2/0/0.1-1/100] quit [PE1-Atm2/0/0.1] pvc 2/200 [PE1-atm-pvc-Atm2/0/0.1-2/200] quit [PE1-Atm2/0/0.1] mpls l2vc 3.3.3.9 101 [PE1-Atm2/0/0.1] undo shutdown [PE1-Atm2/0/0.1] quit

# Configure PE2.
[PE2] mpls l2vpn [PE2-l2vpn] quit [PE2] interface atm 2/0/0 [PE2-Atm2/0/0] undo shutdown [PE2-Atm2/0/0] quit [PE2] interface atm2/0/0.1 [PE2-Atm2/0/0.1] atm cell transfer [PE2-Atm2/0/0.1] pvc 3/300 [PE2-atm-pvc-Atm2/0/0.1-3/300] quit [PE2-Atm2/0/0.1] pvc 4/400 [PE2-atm-pvc-Atm2/0/0.1-4/400] quit [PE2-Atm2/0/0.1] mpls l2vc 1.1.1.9 101 [PE2-Atm2/0/0.1] undo shutdown [PE2-Atm2/0/0.1] quit

6.

Configure the VPI/VCI mapping. # Configure PE1.


[PE1] interface atm 2/0/0.1 [PE1-Atm2/0/0.1] pvc 1/100 [PE1-atm-pvc-Atm2/0/0.1-1/100] [PE1-atm-pvc-Atm2/0/0.1-1/100] [PE1-Atm2/0/0.1] pvc 2/200 [PE1-atm-pvc-Atm2/0/0.1-2/200] [PE1-atm-pvc-Atm2/0/0.1-2/200] map pvc 3/300 quit map pvc 4/400 quit

# Configure PE2.
[PE2] interface atm 2/0/0.1 [PE2-Atm2/0/0.1] pvc 3/300 [PE2-atm-pvc-Atm2/0/0.1-3/300] [PE2-atm-pvc-Atm2/0/0.1-3/300] [PE2-Atm2/0/0.1] pvc 4/400 [PE2-atm-pvc-Atm2/0/0.1-4/400] [PE2-atm-pvc-Atm2/0/0.1-4/400] map pvc 1/100 quit map pvc 2/200 quit

7.

Verify the configuration. Run the display mpls l2vc interface command on PEs to view the status of PWs, and you can see the status is up. Take the display of PE1 as an example.
<PE1> display mpls l2vc interface atm 2/0/0.1 *client interface : Atm2/0/0.1 is up session state : up AC state : up VC state : up

Issue 03 (2008-09-22)

Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd.

6-309

6 PWE3 Configuration
VC ID : VC type : destination : local group ID : local VC label : local AC OAM State : local PSN State : local forwarding state : remote AC OAM state : remote PSN state : remote forwarding state: BFD for PW : manual fault : active state : forwarding entry : link state : local ATM cells : local VCCV : remote VCCV : local fragmentantion : local control word : tunnel policy : traffic behavior : PW template name : primary or secondary : VC tunnel/token info : NO.0 TNL type : lsp create time : up time : last change time :

Quidway NetEngine80E/40E Core Router Configuration Guide - VPN


101 ATM Nto1 VCC 3.3.3.9 0 remote group ID : 0 140288 remote VC label : 140288 up up forwarding up up forwarding unavailable not set active exist up 1 remote ATM cells : 1 Disable Disable disable remote fragmentantion: disable disable remote control word : disable ---primary 1 tunnels/tokens , TNL ID : 0x208000 0 days, 0 hours, 0 minutes, 42 seconds 0 days, 0 hours, 0 minutes, 15 seconds 0 days, 0 hours, 0 minutes, 15 seconds

CE1 and CE2 can ping through each other. Take the display of CE1 as an example:
<CE1> ping 10.1.1.2 PING 10.1.1.2: 56 data bytes, press CTRL_C to break Reply from 10.1.1.2: bytes=56 Sequence=1 ttl=255 time=31 ms Reply from 10.1.1.2: bytes=56 Sequence=2 ttl=255 time=10 ms Reply from 10.1.1.2: bytes=56 Sequence=3 ttl=255 time=5 ms Reply from 10.1.1.2: bytes=56 Sequence=4 ttl=255 time=2 ms Reply from 10.1.1.2: bytes=56 Sequence=5 ttl=255 time=28 ms --- 10.1.1.2 ping statistics --5 packet(s) transmitted 5 packet(s) received 0.00% packet loss round-trip min/avg/max = 2/15/31 ms <CE1> ping 10.1.2.2 PING 10.1.2.2: 56 data bytes, press CTRL_C to break Reply from 10.1.2.2: bytes=56 Sequence=1 ttl=255 time=31 ms Reply from 10.1.2.2: bytes=56 Sequence=2 ttl=255 time=10 ms Reply from 10.1.2.2: bytes=56 Sequence=3 ttl=255 time=5 ms Reply from 10.1.2.2: bytes=56 Sequence=4 ttl=255 time=2 ms Reply from 10.1.2.2: bytes=56 Sequence=5 ttl=255 time=28 ms --- 10.1.2.2 ping statistics --5 packet(s) transmitted 5 packet(s) received 0.00% packet loss round-trip min/avg/max = 2/15/31 ms

Configuration Files
l

Configuration file of CE1


# sysname CE1 # interface Atm1/0/0 undo shutdown # interface Atm1/0/0.1

6-310

Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd.

Issue 03 (2008-09-22)

Quidway NetEngine80E/40E Core Router Configuration Guide - VPN


undo shutdown ip address 10.1.1.1 255.255.255.0 pvc 1/100 map ip 10.1.1.2 # interface Atm1/0/0.2 undo shutdown ip address 10.1.2.1 255.255.255.0 pvc 2/200 map ip 10.1.2.2 # return l

6 PWE3 Configuration

Configuration file of PE1


# sysname PE1 # mpls lsr-id 1.1.1.9 mpls # mpls l2vpn # mpls ldp # mpls ldp remote-peer 3.3.3.9 remote-ip 3.3.3.9 # interface Pos1/0/0 link-protocol ppp undo shutdown ip address 100.1.1.1 255.255.255.0 mpls mpls ldp # interface Atm2/0/0 undo shutdown # interface Atm2/0/0.1 undo shutdown atm cell transfer pvc 1/100 map pvc 3/300 pvc 2/200 map pvc 4/400 mpls l2vc 3.3.3.9 101 # interface LoopBack1 ip address 1.1.1.9 255.255.255.255 # ospf 1 area 0.0.0.0 network 1.1.1.9 0.0.0.0 network 100.1.1.0 0.0.0.255 # return

Configuration file of P
# sysname P # mpls lsr-id 2.2.2.9 mpls # mpls ldp # interface Pos1/0/0 link-protocol ppp undo shutdown ip address 100.1.1.2 255.255.255.0 mpls

Issue 03 (2008-09-22)

Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd.

6-311

6 PWE3 Configuration
mpls ldp # interface Pos2/0/0 link-protocol ppp undo shutdown ip address 100.1.2.1 255.255.255.0 mpls mpls ldp # interface LoopBack1 ip address 2.2.2.9 255.255.255.255 # ospf 1 area 0.0.0.0 network 2.2.2.9 0.0.0.0 network 100.1.1.0 0.0.0.255 network 100.1.2.0 0.0.0.255 # return l

Quidway NetEngine80E/40E Core Router Configuration Guide - VPN

Configuration file of PE2


# sysname PE2 # mpls lsr-id 3.3.3.9 mpls # mpls l2vpn # mpls ldp # mpls ldp remote-peer 1.1.1.9 remote-ip 1.1.1.9 # interface Pos1/0/0 link-protocol ppp undo shutdown ip address 100.1.2.2 255.255.255.0 mpls mpls ldp # interface Atm2/0/0 undo shutdown # interface Atm2/0/0.1 undo shutdown atm cell transfer pvc 3/300 map pvc 1/100 pvc 4/400 map pvc 2/200 mpls l2vc 1.1.1.9 101 # interface LoopBack1 ip address 3.3.3.9 255.255.255.255 # ospf 1 area 0.0.0.0 network 3.3.3.9 0.0.0.0 network 100.1.2.0 0.0.0.255 # return

Configuration file of CE2


# sysname CE2 # interface Atm1/0/0 undo shutdown #

6-312

Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd.

Issue 03 (2008-09-22)

Quidway NetEngine80E/40E Core Router Configuration Guide - VPN


interface Atm1/0/0.1 ip address 100.1.1.2 255.255.255.0 pvc 3/300 map ip 100.1.1.1 # interface Atm1/0/0.2 ip address 100.1.2.2 255.255.255.0 pvc 4/400 map ip 100.1.2.1 # return

6 PWE3 Configuration

6.14.23 Example for Configuring 1-to-1 VPC ATM Cell Transport


Networking Requirements
Figure 6-38 Networking diagram for 1-to-1 VPC ATM cell transport
Loopback1 1.1.1.9/32 Loopback1 2.2.2.9/32 Loopback1 3.3.3.9/32 POS1/0/0 100.1.2.2/24 P POS2/0/0 100.1.2.1/24 ATM1/0/0.1 VC1:1/100 10.1.1.2/24 CE1 ATM Netw ork CE2 ATM Netw ork

PE1 ATM2/0/0 ATM1/0/0.1 VC1:1/100 10.1.1.1/24

POS1/0/0 100.1.1.2/24 POS1/0/0 100.1.1.1/24

PE2 ATM2/0/0

The ATM interfaces of the local router CE1 access the MPLS network through PE1 and connected with CE2 through PE2. CE1 and CE2 set up a VP that crosses the MPLS network. CE1 and CE2 access PE1 and PE2 through the ATM link. Figure 6-38 shows the PVC values and IP addresses. It is required that a PW between PE1, P, and PE2 carries cells of only one ATM VPC between CE1 and CE2. ATM cells between CE1 and CE2 can be transparently transmitted through the ISP network.

Configuration Roadmap
The configuration roadmap is as follows: 1. 2. 3. 4.
Issue 03 (2008-09-22)

Configure a routing policy on the devices (PEs and Ps) of the backbone and enable MPLS. Adopt the default tunnel policy and set up the LSP as the tunnel to transmit user data. Enable MPLS L2VPN on the PE and set up the VC connection. Enable the ATM interfaces on the CE and configure the IPoA mapping.
Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd. 6-313

6 PWE3 Configuration

Quidway NetEngine80E/40E Core Router Configuration Guide - VPN

5.

On each PE, enable the 1-to-1 VPC ATM cell transport on the ATM sub-interfaces that connect the PE and the CE.

Data Preparation
To complete the configuration, you need the following data:
l l l l

Data for configuring OSPF Name of the remote PE peer VC ID VPI/VCI value of the CE

Configuration Procedure
1. Enable the ATM interfaces on the CEs. # Configure CE1.
<Quidway> system-view [Quidway] sysname CE1 [CE1] interface atm 1/0/0 [CE1-Atm1/0/0] undo shutdown [CE1-Atm1/0/0] quit [CE1] interface atm 1/0/0.1 [CE1-Atm1/0/0.1] ip address 100.1.1.1 24 [CE1-Atm1/0/0.1] pvc 1/100 [CE1-atm-pvc-Atm1/0/0.1-1/100] map ip 100.1.1.2 [CE1-atm-pvc-Atm1/0/0.1-1/100] quit [CE1-Atm1/0/0.1] undo shutdown [CE1-Atm1/0/0.1] quit

# Configure CE2.
<Quidway> system-view [Quidway] sysname CE2 [CE2] interface atm 1/0/0 [CE2-Atm1/0/0] undo shutdown [CE2-Atm1/0/0] quit [CE2] interface atm 1/0/0.1 [CE2-Atm1/0/0.1] ip address 100.1.1.2 24 [CE2-Atm1/0/0.1] pvc 1/100 [CE2-atm-pvc-Atm1/0/0.1-1/100] map ip 100.1.1.1 [CE2-atm-pvc-Atm1/0/0.1-1/100] quit [CE2-Atm1/0/0.1] undo shutdown [CE2-Atm1/0/0.1] quit

2.

Configure the IGP on the MPLS backbone. Configure IP addresses for the interfaces of PEs and P. For details, see Figure 6-38. Configure the IGP for the MPLS backbone. Take OSPF as an example. While configuring OSPF, advertise the 32-bit loopback addresses of PE1, P, and PE2. For configuration details, see "Example for Configuring Interface-based Remote ATM Cell Transport."

3.

Configure the basic MPLS functions and LDP on the MPLS backbone network. For configuration details, see "Example for Configuring Interface-based Remote ATM Cell Transport."

4.

Set up the remote LDP session between the PEs. For configuration details, see "Example for Configuring Interface-based Remote ATM Cell Transport."

5.

Enable MPLS L2VPN on the PEs and configure the interface-based remote transparent ATM cell transport function.
Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd. Issue 03 (2008-09-22)

6-314

Quidway NetEngine80E/40E Core Router Configuration Guide - VPN

6 PWE3 Configuration

# Configure PE1.
[PE1] mpls l2vpn [PE1-l2vpn] quit [PE1] interface atm 2/0/0 [PE1-Atm2/0/0] undo shutdown [PE1-Atm2/0/0] quit [PE1] interface atm2/0/0.1 p2p [PE1-Atm2/0/0.1] atm cell transfer [PE1-Atm2/0/0.1] pvp 1 [PE1-atm-pvp-Atm2/0/0.1-1] quit [PE1-Atm2/0/0.1] mpls l2vc 3.3.3.9 101 [PE1-Atm2/0/0.1] undo shutdown [PE1-Atm2/0/0.1] quit

# Configure PE2.
[PE2] mpls l2vpn [PE2-l2vpn] quit [PE2] interface atm 2/0/0 [PE2-Atm2/0/0] undo shutdown [PE2-Atm2/0/0] quit [PE2] interface atm2/0/0.1 p2p [PE2-Atm2/0/0.1] atm cell transfer [PE2-Atm2/0/0.1] pvp 1 [PE2-atm-pvp-Atm2/0/0.1-1] quit [PE2-Atm2/0/0.1] mpls l2vc 1.1.1.9 101 [PE2-Atm2/0/0.1] undo shutdown [PE2-Atm2/0/0.1] quit

6.

Verify the configuration. Run the display mpls l2vc interface command on PEs to view the status of PWs, and you can see the status is up. Take the display of PE1 as an example:
<PE1> display mpls l2vc interface atm 2/0/0.1 *client interface : Atm2/0/0.1 is up session state : up AC state : up VC state : up VC ID : 101 VC type : ATM 1to1 VPC destination : 3.3.3.9 local group ID : 0 remote group ID : 0 local VC label : 140288 remote VC label : 140288 local AC OAM State : up local PSN State : up local forwarding state : forwarding remote AC OAM state : up remote PSN state : up remote forwarding state: forwarding BFD for PW : unavailable manual fault : not set active state : active forwarding entry : exist link state : up local VC MTU : 0 remote VC MTU : 0 local VCCV : Disable remote VCCV : Disable local fragmentantion : disable remote fragmentantion: disable local control word : enable remote control word : enable tunnel policy : -traffic behavior : -PW template name : -primary or secondary : primary VC tunnel/token info : 1 tunnels/tokens NO.0 TNL type : lsp , TNL ID : 0x208000 create time : 0 days, 0 hours, 1 minutes, 10 seconds up time : 0 days, 0 hours, 0 minutes, 21 seconds last change time : 0 days, 0 hours, 0 minutes, 21 seconds

Issue 03 (2008-09-22)

Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd.

6-315

6 PWE3 Configuration

Quidway NetEngine80E/40E Core Router Configuration Guide - VPN

CE1 and CE2 can ping through each other. Take the display of CE1 as an example.
<CE1> ping 10.1.1.2 PING 10.1.1.2: 56 data bytes, press CTRL_C to break Reply from 10.1.1.2: bytes=56 Sequence=1 ttl=255 time=31 ms Reply from 10.1.1.2: bytes=56 Sequence=2 ttl=255 time=10 ms Reply from 10.1.1.2: bytes=56 Sequence=3 ttl=255 time=5 ms Reply from 10.1.1.2: bytes=56 Sequence=4 ttl=255 time=2 ms Reply from 10.1.1.2: bytes=56 Sequence=5 ttl=255 time=28 ms --- 10.1.1.2 ping statistics --5 packet(s) transmitted 5 packet(s) received 0.00% packet loss round-trip min/avg/max = 2/15/31 ms

Configuration Files
l

Configuration file of CE1


# sysname CE1 # interface Atm1/0/0 undo shutdown # interface Atm1/0/0.1 undo shutdown ip address 10.1.1.1 255.255.255.0 pvc 1/100 map ip 10.1.1.2 # return

Configuration file of PE1


# sysname PE1 # mpls lsr-id 1.1.1.9 mpls # mpls l2vpn # mpls ldp # mpls ldp remote-peer 3.3.3.9 remote-ip 3.3.3.9 # interface Pos1/0/0 link-protocol ppp undo shutdown ip address 100.1.1.1 255.255.255.0 mpls mpls ldp # interface Atm2/0/0 undo shutdown # interface Atm2/0/0.1 p2p undo shutdown atm cell transfer pvp 1 mpls l2vc 3.3.3.9 101 # interface LoopBack1 ip address 1.1.1.9 255.255.255.255 # ospf 1 area 0.0.0.0

6-316

Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd.

Issue 03 (2008-09-22)

Quidway NetEngine80E/40E Core Router Configuration Guide - VPN


network 1.1.1.9 0.0.0.0 network 100.1.1.0 0.0.0.255 # return l

6 PWE3 Configuration

Configuration file of P
# sysname P # mpls lsr-id 2.2.2.9 mpls # mpls ldp # interface Pos1/0/0 link-protocol ppp undo shutdown ip address 100.1.1.2 255.255.255.0 mpls mpls ldp # interface Pos2/0/0 link-protocol ppp undo shutdown ip address 100.1.2.1 255.255.255.0 mpls mpls ldp # interface LoopBack1 ip address 2.2.2.9 255.255.255.255 # ospf 1 area 0.0.0.0 network 2.2.2.9 0.0.0.0 network 100.1.1.0 0.0.0.255 network 100.1.2.0 0.0.0.255 # return

Configuration file of PE2


# sysname PE2 # mpls lsr-id 3.3.3.9 mpls # mpls l2vpn # mpls ldp # mpls ldp remote-peer 1.1.1.9 remote-ip 1.1.1.9 # interface Pos1/0/0 link-protocol ppp undo shutdown ip address 100.1.2.2 255.255.255.0 mpls mpls ldp # interface Atm2/0/0 undo shutdown # interface Atm2/0/0.1 p2p undo shutdown atm cell transfer pvp 1 mpls l2vc 1.1.1.9 101 # interface LoopBack1

Issue 03 (2008-09-22)

Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd.

6-317

6 PWE3 Configuration
ip address 3.3.3.9 255.255.255.255 # ospf 1 area 0.0.0.0 network 3.3.3.9 0.0.0.0 network 100.1.2.0 0.0.0.255 # return l

Quidway NetEngine80E/40E Core Router Configuration Guide - VPN

Configuration file of CE2


# sysname CE2 # interface Atm1/0/0 undo shutdown # interface Atm1/0/0.1 undo shutdown ip address 10.1.1.2 255.255.255.0 pvc 1/100 map ip 10.1.1.1 # return

6.14.24 Example for Configuring N-to-1 VPC ATM Cell Transport


Networking Requirements
Figure 6-39 Networking diagram for N-to-1 VPC ATM cell transport
Loopback1 1.1.1.9/32 Loopback1 2.2.2.9/32 Loopbakc1 3.3.3.9/32 POS1/0/0 100.1.2.2/24 P POS2/0/0 100.1.2.1/24

PE1 ATM2/0/0

POS1/0/0 100.1.1.2/24 POS1/0/0 100.1.1.1/24

PE2 ATM2/0/0

ATM1/0/0.1 ATM1/0/0.2 VC1:1/100 VC2:2/200 10.1.1.1/24 10.1.2.1/24 CE1 ATM Netw ork

ATM1/0/0.1 ATM1/0/0.2 VC1:1/100 VC2:2/200 10.1.1.2/24 10.1.2.2/24 CE2 ATM Netw ork

The ATM interfaces of the local router CE1 access the MPLS network through PE1 and connected with CE2 through PE2. CE1 and CE2 set up two VPs that cross the MPLS network. CE1 and CE2 access PE1 and PE2 through the ATM link. Figure 6-39 shows the PVC values and IP addresses. It is required that the two PWs between PE1, P, and PE2 carry cells of the two ATM VPCs between CE1 and CE2. ATM cells between CE1 and CE2 can be transparently transmitted through the ISP network.

6-318

Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd.

Issue 03 (2008-09-22)

Quidway NetEngine80E/40E Core Router Configuration Guide - VPN

6 PWE3 Configuration

Configuration Roadmap
The configuration roadmap is as follows: 1. 2. 3. 4. 5. Configure a routing policy on the devices (PEs and Ps) of the backbone and enable MPLS. Adopt the default tunnel policy and set up the LSP as the tunnel to transmit user data. Enable MPLS L2VPN on the PE and set up the VC connection. Enable the ATM interfaces on the CE and configure the IPoA mapping. On each PE, enable the N-to-1 VPC ATM cell transport on the ATM sub-interfaces that connect the PE and the CE.

Data Preparation
To complete the configuration, you need the following data:
l l l l

Data for configuring OSPF Name of the remote PE peer VC ID VPI/VCI value of the CE

Configuration Procedure
1. Enable the ATM interfaces on the CEs. # Configure CE1.
<Quidway> system-view [Quidway] sysname CE1 [CE1] interface atm 1/0/0 [CE1-Atm1/0/0] undo shutdown [CE1-Atm1/0/0] quit [CE1] interface atm 1/0/0.1 [CE1-Atm1/0/0.1] ip address 100.1.1.1 24 [CE1-Atm1/0/0.1] pvc 1/100 [CE1-atm-pvc-Atm1/0/0.1-1/100] map ip 100.1.1.2 [CE1-atm-pvc-Atm1/0/0.1-1/100] quit [CE1-Atm1/0/0.1] undo shutdown [CE1-Atm1/0/0.1] quit [CE1] interface atm 1/0/0.2 [CE1-Atm1/0/0.2] interface atm 1/0/0.2 [CE1-Atm1/0/0.2] ip address 100.1.2.1 24 [CE1-Atm1/0/0.2] pvc 2/200 [CE1-atm-pvc-Atm1/0/0.2-2/200] map ip 100.1.2.2 [CE1-atm-pvc-Atm1/0/0.2-2/200] quit [CE1-Atm1/0/0.2] undo shutdown [CE1-Atm1/0/0.2] quit

# Configure CE2.
<Quidway> system-view [Quidway] sysname CE2 [CE2] interface atm 1/0/0 [CE2-Atm1/0/0] undo shutdown [CE2-Atm1/0/0] quit [CE2] interface atm 1/0/0.1 [CE2-Atm1/0/0.1] ip address 100.1.1.2 24 [CE2-Atm1/0/0.1] pvc 1/100 [CE2-atm-pvc-Atm1/0/0.1-1/100] map ip 100.1.1.1 [CE2-atm-pvc-Atm1/0/0.1-1/100] quit [CE2-Atm1/0/0.1] undo shutdown [CE2-Atm1/0/0.1] quit [CE2] interface atm 1/0/0.2

Issue 03 (2008-09-22)

Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd.

6-319

6 PWE3 Configuration

Quidway NetEngine80E/40E Core Router Configuration Guide - VPN


[CE2-Atm1/0/0.2] ip address 100.1.2.2 24 [CE2-Atm1/0/0.2] pvc 2/200 [CE2-atm-pvc-Atm1/0/0.2-2/200] map ip 100.1.2.1 [CE2-atm-pvc-Atm1/0/0.2-2/200] quit [CE2-Atm1/0/0.2] undo shutdown [CE2-Atm1/0/0.2] quit

2.

Configure the IGP on the MPLS backbone. Configure IP addresses for the interfaces of PEs and P. For details, see Figure 6-39. Configure the IGP for the MPLS backbone. Take OSPF as an example. While configuring OSPF, advertise the 32-bit loopback addresses of PE1, P, and PE2. For configuration details, see "Example for Configuring Interface-based Remote ATM Cell Transport."

3.

Configure the basic MPLS functions and LDP on the MPLS backbone network. For configuration details, see "Example for Configuring Interface-based Remote ATM Cell Transport."

4.

Set up the remote LDP session between the PEs. For configuration details, see "Example for Configuring Interface-based Remote ATM Cell Transport."

5.

Enable MPLS L2VPN on the PEs and configure the interface-based remote transparent ATM cell transport function. # Configure PE1.
[PE1] mpls l2vpn [PE1-l2vpn] quit [PE1] interface atm 2/0/0 [PE1-Atm2/0/0] undo shutdown [PE1-Atm2/0/0] quit [PE1] interface atm2/0/0.1 [PE1-Atm2/0/0.1] atm cell transfer [PE1-Atm2/0/0.1] pvp 1 [PE1-atm-pvp-Atm2/0/0.1-1] quit [PE1-Atm2/0/0.1] pvp 2 [PE1-atm-pvp-Atm2/0/0.1-2] quit [PE1-Atm2/0/0.1] mpls l2vc 3.3.3.9 101 [PE1-Atm2/0/0.1] undo shutdown [PE1-Atm2/0/0.1] quit

# Configure PE2.
[PE2] mpls l2vpn [PE2-l2vpn] quit [PE2] interface atm 2/0/0 [PE2-Atm2/0/0] undo shutdown [PE2-Atm2/0/0] quit [PE2] interface atm2/0/0.1 [PE2-Atm2/0/0.1] atm cell transfer [PE2-Atm2/0/0.1] pvp 1 [PE2-atm-pvp-Atm2/0/0.1-1] quit [PE2-Atm2/0/0.1] pvp 2 [PE2-atm-pvp-Atm2/0/0.1-2] quit [PE2-Atm2/0/0.1] mpls l2vc 1.1.1.9 101 [PE2-Atm2/0/0.1] undo shutdown [PE2-Atm2/0/0.1] quit

6.

Verify the configuration. Run the display mpls l2vc interface command on PEs to view the status of PWs, and you can see the status is up. Take the display of PE1 as an example:
<PE1> display mpls l2vc interface atm 2/0/0.1 *client interface : Atm2/0/0.1 is up session state : up

6-320

Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd.

Issue 03 (2008-09-22)

Quidway NetEngine80E/40E Core Router Configuration Guide - VPN


AC state : VC state : VC ID : VC type : destination : local group ID : local VC label : local AC OAM State : local PSN State : local forwarding state : remote AC OAM state : remote PSN state : remote forwarding state: BFD for PW : manual fault : active state : forwarding entry : link state : local ATM cells : local VCCV : remote VCCV : local fragmentantion : local control word : tunnel policy : traffic behavior : PW template name : primary or secondary : VC tunnel/token info : NO.0 TNL type : lsp create time : up time : last change time :

6 PWE3 Configuration
up up 101 ATM Nto1 VPC 3.3.3.9 0 remote group ID : 0 140288 remote VC label : 140288 up up forwarding up up forwarding unavailable not set active exist up 1 remote ATM cells : 1 Disable Disable disable remote fragmentantion: disable disable remote control word : disable ---primary 1 tunnels/tokens , TNL ID : 0x208000 0 days, 0 hours, 1 minutes, 3 seconds 0 days, 0 hours, 0 minutes, 38 seconds 0 days, 0 hours, 0 minutes, 38 seconds

CE1 and CE2 can ping through each other. Take the display of CE1 as an example.
<CE1> ping 10.1.1.2 PING 10.1.1.2: 56 data bytes, press CTRL_C to break Reply from 10.1.1.2: bytes=56 Sequence=1 ttl=255 time=31 ms Reply from 10.1.1.2: bytes=56 Sequence=2 ttl=255 time=10 ms Reply from 10.1.1.2: bytes=56 Sequence=3 ttl=255 time=5 ms Reply from 10.1.1.2: bytes=56 Sequence=4 ttl=255 time=2 ms Reply from 10.1.1.2: bytes=56 Sequence=5 ttl=255 time=28 ms --- 10.1.1.2 ping statistics --5 packet(s) transmitted 5 packet(s) received 0.00% packet loss round-trip min/avg/max = 2/15/31 ms <CE1> ping 10.1.2.2 PING 10.1.2.2: 56 data bytes, press CTRL_C to break Reply from 10.1.2.2: bytes=56 Sequence=1 ttl=255 time=31 ms Reply from 10.1.2.2: bytes=56 Sequence=2 ttl=255 time=10 ms Reply from 10.1.2.2: bytes=56 Sequence=3 ttl=255 time=5 ms Reply from 10.1.2.2: bytes=56 Sequence=4 ttl=255 time=2 ms Reply from 10.1.2.2: bytes=56 Sequence=5 ttl=255 time=28 ms --- 10.1.2.2 ping statistics --5 packet(s) transmitted 5 packet(s) received 0.00% packet loss round-trip min/avg/max = 2/15/31 ms

Configuration Files
l

Configuration file of CE1


# sysname CE1 # interface Atm1/0/0 undo shutdown

Issue 03 (2008-09-22)

Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd.

6-321

6 PWE3 Configuration
# interface Atm1/0/0.1 undo shutdown ip address 10.1.1.1 255.255.255.0 pvc 1/100 map ip 10.1.1.2 # interface Atm1/0/0.2 undo shutdown ip address 10.1.2.1 255.255.255.0 pvc 2/200 map ip 10.1.2.2 # return l

Quidway NetEngine80E/40E Core Router Configuration Guide - VPN

Configuration file of PE1


# sysname PE1 # mpls lsr-id 1.1.1.9 mpls # mpls l2vpn # mpls ldp # mpls ldp remote-peer 3.3.3.9 remote-ip 3.3.3.9 # interface Pos1/0/0 link-protocol ppp undo shutdown ip address 100.1.1.1 255.255.255.0 mpls mpls ldp # interface Atm2/0/0 undo shutdown # interface Atm2/0/0.1 undo shutdown atm cell transfer pvp 1 pvp 2 mpls l2vc 3.3.3.9 101 # interface LoopBack1 ip address 1.1.1.9 255.255.255.255 # ospf 1 area 0.0.0.0 network 1.1.1.9 0.0.0.0 network 100.1.1.0 0.0.0.255 # return

Configuration file of P
# sysname P # mpls lsr-id 2.2.2.9 mpls # mpls ldp # interface Pos1/0/0 link-protocol ppp undo shutdown ip address 100.1.1.2 255.255.255.0 mpls

6-322

Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd.

Issue 03 (2008-09-22)

Quidway NetEngine80E/40E Core Router Configuration Guide - VPN


mpls ldp # interface Pos2/0/0 link-protocol ppp undo shutdown ip address 100.1.2.1 255.255.255.0 mpls mpls ldp # interface LoopBack1 ip address 2.2.2.9 255.255.255.255 # ospf 1 area 0.0.0.0 network 2.2.2.9 0.0.0.0 network 100.1.1.0 0.0.0.255 network 100.1.2.0 0.0.0.255 # return l

6 PWE3 Configuration

Configuration file of PE2


# sysname PE2 # mpls lsr-id 3.3.3.9 mpls # mpls l2vpn # mpls ldp # mpls ldp remote-peer 1.1.1.9 remote-ip 1.1.1.9 # interface Pos1/0/0 link-protocol ppp undo shutdown ip address 100.1.2.2 255.255.255.0 mpls mpls ldp # interface Atm2/0/0 undo shutdown # interface Atm2/0/0.1 undo shutdown atm cell transfer pvp 1 pvp 2 mpls l2vc 1.1.1.9 101 # interface LoopBack1 ip address 3.3.3.9 255.255.255.255 # ospf 1 area 0.0.0.0 network 3.3.3.9 0.0.0.0 network 100.1.2.0 0.0.0.255 # return

Configuration file of CE2


# sysname CE2 # interface Atm1/0/0 undo shutdown # interface Atm1/0/0.1 undo shutdown

Issue 03 (2008-09-22)

Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd.

6-323

6 PWE3 Configuration
ip address 10.1.1.2 255.255.255.0 pvc 1/100 map ip 10.1.1.1 # interface Atm1/0/0.2 undo shutdown ip address 10.1.2.2 255.255.255.0 pvc 2/200 map ip 10.1.2.1 # return

Quidway NetEngine80E/40E Core Router Configuration Guide - VPN

6.14.25 Example for Configuring N-to-1 VPC ATM Cell Transport with VPI Mapping
Networking Requirements
In Figure 6-40, the ATM interface of CE1 accesses the MPLS network through PE1, and is connected to CE2 through PE2.Two VCs are set up between CE1 and CE2 across the MPLS network. CE1 and CE2 access PE1 and PE2 respectively through the ATM links. The PVC values and the IP addresses of CE1 and CE2 are shown in Figure 6-40. The PW between PE1 and P and the PW between PE2 and P are required to bear the cells of the two ATM VPCs (VC1 and VC2) of CE1 and CE2. The VPI value of CE1 and that of CE2 are different, and the VCI value of CE1 and that of CE2 are the same. After the configuration of the VPI mapping, the ATM cells between the CEs can be transparently transmitted through the ISP network. Figure 6-40 Networking diagram of N-to-1 VPC ATM cell transport with the VPI mapping
Loopback1 1.1.1.9/32 Loopback1 2.2.2.9/32 Loopback1 3.3.3.9/32 POS1/0/0 100.1.2.2/24 P POS2/0/0 100.1.2.1/24

PE1 ATM2/0/0

POS1/0/0 100.1.1.2/24 POS1/0/0 100.1.1.1/24

PE2 ATM2/0/0

ATM1/0/0.1 ATM1/0/0.2 VC1:1/100 VC2:2/200 10.1.1.1/24 10.1.2.1/24 CE1 ATM Netw ork

ATM1/0/0.1 ATM1/0/0.2 VC1:3/100 VC2:4/200 10.1.1.2/24 10.1.2.2/24 CE2 ATM Netw ork

Configuration Roadmap
The configuration roadmap is as follows: 1. 2. 3.
6-324

Configure routing protocols on the backbone devices (PEs and P) and enable MPLS. Use the default tunnel policy and establish LSPs to transmit data. Enable MPLS L2VPN on the PEs and establish VCs.
Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd. Issue 03 (2008-09-22)

Quidway NetEngine80E/40E Core Router Configuration Guide - VPN

6 PWE3 Configuration

4. 5.

Enable the ATM interface on the CEs and configure the IPoA mapping. Configure N-to-1 VPC ATM cell transport with the VPI mapping on the PE ATM subinterfaces connected to the CEs.

Data Preparation
To complete the configuration, you need the following data:
l l l l

Data required for configuring OSPF Names of the remote peers of the PEs VC ID VPI/VCI values of the CEs

Configuration Procedure
1. Enable the ATM sub-interface of the CEs. # Configure CE1.
<Quidway> system-view [Quidway] sysname CE1 [CE1] interface atm 1/0/0 [CE1-Atm1/0/0] undo shutdown [CE1-Atm1/0/0] quit [CE1] interface atm 1/0/0.1 [CE1-Atm1/0/0.1] ip address 100.1.1.1 [CE1-atm-pvc-Atm1/0/0.1] pvc 1/100 [CE1-atm-pvc-Atm1/0/0.1-1/100] map ip [CE1-Atm1/0/0.1-1/100] quit [CE1-Atm1/0/0.1] undo shutdown [CE1-Atm1/0/0.1] quit [CE1] interface atm 1/0/0.2 [CE1-Atm1/0/0.2] ip address 100.1.2.1 [CE1-Atm1/0/0.2] pvc 2/200 [CE1-atm-pvc-Atm1/0/0.2-2/200] map ip [CE1-atm-pvc-Atm1/0/0.2-2/200] quit [CE1-Atm1/0/0.2] undo shutdown [CE1-Atm1/0/0.2] quit

24 100.1.1.2

24 100.1.2.2

# Configure CE2.
<Quidway> system-view [Quidway] sysname CE2 [CE2] interface atm 1/0/0 [CE2-Atm1/0/0] undo shutdown [CE2-Atm1/0/0] quit [CE2] interface atm 1/0/0.1 [CE2-Atm1/0/0.1] ip address 100.1.1.2 [CE2-Atm1/0/0.1] pvc 3/100 [CE2-atm-pvc-Atm1/0/0.1-3/100] map ip [CE2-atm-pvc-Atm1/0/0.1-3/100] quit [CE2-Atm1/0/0.1] undo shutdown [CE2-Atm1/0/0.1] quit [CE2] interface atm 1/0/0.2 [CE2-Atm1/0/0.2] ip address 100.1.2.2 [CE2-atm-pvc-Atm1/0/0.2] pvc 4/200 [CE2-atm-pvc-Atm1/0/0.2-4/200] map ip [CE2-atm-pvc-Atm1/0/0.2-4/200] quit [CE2-Atm1/0/0.2] undo shutdown [CE2-Atm1/0/0.2] quit

24 100.1.1.1

24 100.1.2.1

2.

Configure the IGP on the MPLS backbone network. OSPF is used as the IGP protocol in this example.
Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd. 6-325

Issue 03 (2008-09-22)

6 PWE3 Configuration

Quidway NetEngine80E/40E Core Router Configuration Guide - VPN

Configure IP addresses for the interfaces of PEs and P. For details, see Figure 6-40.Configure the IGP for the MPLS backbone. Take OSPF as an example. While configuring OSPF, advertise the 32-bit loopback addresses of PE1, P, and PE2. For configuration details, see "Example for Configuring Interface-based Remote ATM Cell Transport." 3. Configure the basic MPLS functions and LDP on the MPLS backbone network. For configuration details, see "Example for Configuring Interface-based Remote ATM Cell Transport." 4. Establish remote LDP sessions between the PEs. For configuration details, see "Example for Configuring Interface-based Remote ATM Cell Transport." 5. Enable MPLS L2VPN and configure the VPC ATM cell transport on the PEs. # Configure PE1.
[PE1] mpls l2vpn [PE1-l2vpn] quit [PE1] interface atm 2/0/0 [PE1-Atm2/0/0] undo shutdown [PE1-Atm2/0/0] quit [PE1] interface atm2/0/0.1 p2mp [PE1-Atm2/0/0.1] atm cell transfer [PE1-Atm2/0/0.1] mpls l2vc 3.3.3.9 101 [PE1-Atm2/0/0.1] undo shutdown [PE1-Atm2/0/0.1] quit

# Configure PE2.
[PE2] mpls l2vpn [PE2-l2vpn] quit [PE2] interface atm 2/0/0 [PE2-Atm2/0/0] undo shutdown [PE2-Atm2/0/0] quit [PE2] interface atm2/0/0.1 p2mp [PE2-Atm2/0/0.1] atm cell transfer [PE2-Atm2/0/0.1] mpls l2vc 1.1.1.9 101 [PE2-Atm2/0/0.1] undo shutdown [PE2-Atm2/0/0.1] quit

6.

Configure the VPI mapping on each interface. # Configure PE1.


[PE1] interface atm2/0/0.1 [PE1-Atm2/0/0.1] pvp 1 [PE1-atm-pvp-Atm2/0/0.1-1] [PE1-atm-pvp-Atm2/0/0.1-1] [PE1-Atm2/0/0.1] pvp 2 [PE1-atm-pvp-Atm2/0/0.1-2] [PE1-atm-pvp-Atm2/0/0.1-2] [PE1-Atm2/0/0.1] quit map pvp 3 quit map pvp 4 quit

# Configure PE2.
[PE2] interface atm2/0/0.1 [PE2-Atm2/0/0.1] pvp 3 [PE2-atm-pvp-Atm2/0/0.1-3] [PE2-atm-pvp-Atm2/0/0.1-3] [PE2-Atm2/0/0.1] pvp 4 [PE2-atm-pvp-Atm2/0/0.1-4] [PE2-atm-pvp-Atm2/0/0.1-4] [PE2-Atm2/0/0.1] quit map pvp 1 quit map pvp 2 quit

7.

Verify the configuration. Run the display mpls l2vc interface command on PEs to view the status of PWs, and you can see the status is up.

6-326

Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd.

Issue 03 (2008-09-22)

Quidway NetEngine80E/40E Core Router Configuration Guide - VPN

6 PWE3 Configuration

Take the display of PE1 as an example:


<PE1> display mpls l2vc interface atm 2/0/0.1 *client interface : Atm2/0/0.1 is up session state : up AC state : up VC state : up VC ID : 101 VC type : ATM Nto1 VPC destination : 3.3.3.9 local group ID : 0 remote group ID : 0 local VC label : 140288 remote VC label : 140288 local AC OAM State : up local PSN State : up local forwarding state : forwarding remote AC OAM state : up remote PSN state : up remote forwarding state: forwarding BFD for PW : unavailable manual fault : not set active state : active forwarding entry : exist link state : up local ATM cells : 1 remote ATM cells : 1 local VCCV : Disable remote VCCV : Disable local fragmentantion : disable remote fragmentantion: disable local control word : disable remote control word : disable tunnel policy : -traffic behavior : -PW template name : -primary or secondary : primary VC tunnel/token info : 1 tunnels/tokens NO.0 TNL type : lsp , TNL ID : 0x208000 create time : 0 days, 0 hours, 1 minutes, 54 seconds up time : 0 days, 0 hours, 1 minutes, 23 seconds last change time : 0 days, 0 hours, 1 minutes, 23 seconds

CE1 and CE2 can ping through each other. Take the display of CE1 as an example:
<CE1> ping 10.1.1.2 PING 10.1.1.2: 56 data bytes, press CTRL_C to break Reply from 10.1.1.2: bytes=56 Sequence=1 ttl=255 time=31 ms Reply from 10.1.1.2: bytes=56 Sequence=2 ttl=255 time=10 ms Reply from 10.1.1.2: bytes=56 Sequence=3 ttl=255 time=5 ms Reply from 10.1.1.2: bytes=56 Sequence=4 ttl=255 time=2 ms Reply from 10.1.1.2: bytes=56 Sequence=5 ttl=255 time=28 ms --- 10.1.1.2 ping statistics --5 packet(s) transmitted 5 packet(s) received 0.00% packet loss round-trip min/avg/max = 2/15/31 ms <CE1> ping 10.1.2.2 PING 10.1.2.2: 56 data bytes, press CTRL_C to break Reply from 10.1.2.2: bytes=56 Sequence=1 ttl=255 time=31 ms Reply from 10.1.2.2: bytes=56 Sequence=2 ttl=255 time=10 ms Reply from 10.1.2.2: bytes=56 Sequence=3 ttl=255 time=5 ms Reply from 10.1.2.2: bytes=56 Sequence=4 ttl=255 time=2 ms Reply from 10.1.2.2: bytes=56 Sequence=5 ttl=255 time=28 ms --- 10.1.2.2 ping statistics --5 packet(s) transmitted 5 packet(s) received 0.00% packet loss round-trip min/avg/max = 2/15/31 ms

Configuration Files
l

Configuration file of CE1


Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd. 6-327

Issue 03 (2008-09-22)

6 PWE3 Configuration
# sysname CE1 # interface Atm1/0/0 undo shutdown # interface Atm1/0/0.1 undo shutdown ip address 10.1.1.1 255.255.255.0 pvc 1/100 map ip 10.1.1.2 # interface Atm1/0/0.2 ip address 10.1.2.1 255.255.255.0 pvc 2/200 map ip 10.1.2.2 # return l

Quidway NetEngine80E/40E Core Router Configuration Guide - VPN

Configuration file of PE1


# sysname PE1 # mpls lsr-id 1.1.1.9 mpls # mpls l2vpn # mpls ldp # mpls ldp remote-peer 3.3.3.9 remote-ip 3.3.3.9 # interface Pos1/0/0 link-protocol ppp undo shutdown ip address 100.1.1.1 255.255.255.0 mpls mpls ldp # interface Atm2/0/0 undo shutdown # interface Atm2/0/0.1 undo shutdown atm cell transfer pvp 1 map pvp 3 pvp 2 map pvp 4 mpls l2vc 3.3.3.9 101 # interface LoopBack1 ip address 1.1.1.9 255.255.255.255 # ospf 1 area 0.0.0.0 network 1.1.1.9 0.0.0.0 network 100.1.1.0 0.0.0.255 # return

Configuration file of P
# sysname P # mpls lsr-id 2.2.2.9 mpls # mpls ldp

6-328

Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd.

Issue 03 (2008-09-22)

Quidway NetEngine80E/40E Core Router Configuration Guide - VPN


# interface Pos1/0/0 link-protocol ppp undo shutdown ip address 100.1.1.2 255.255.255.0 mpls mpls ldp # interface Pos2/0/0 link-protocol ppp undo shutdown ip address 100.1.2.1 255.255.255.0 mpls mpls ldp # interface LoopBack1 ip address 2.2.2.9 255.255.255.255 # ospf 1 area 0.0.0.0 network 2.2.2.9 0.0.0.0 network 100.1.1.0 0.0.0.255 network 100.1.2.0 0.0.0.255 # return l

6 PWE3 Configuration

Configuration file of PE2


# sysname PE2 # mpls lsr-id 3.3.3.9 mpls # mpls l2vpn # mpls ldp # mpls ldp remote-peer 1.1.1.9 remote-ip 1.1.1.9 # interface Pos1/0/0 link-protocol ppp undo shutdown ip address 100.1.2.2 255.255.255.0 mpls mpls ldp # interface Atm2/0/0 undo shutdown # interface Atm2/0/0.1 undo shutdown atm cell transfer pvp 3 map pvp 1 pvp 4 map pvp 2 mpls l2vc 1.1.1.9 101 # interface LoopBack1 ip address 3.3.3.9 255.255.255.255 # ospf 1 area 0.0.0.0 network 3.3.3.9 0.0.0.0 network 100.1.2.0 0.0.0.255 # return

Configuration file of CE2


Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd. 6-329

Issue 03 (2008-09-22)

6 PWE3 Configuration
# sysname CE2 # interface Atm1/0/0 undo shutdown # interface Atm1/0/0.1 undo shutdown ip address 100.1.1.2 255.255.255.0 pvc 3/100 map ip 100.1.1.1 # interface Atm1/0/0.2 undo shutdown ip address 100.1.2.2 255.255.255.0 pvc 4/200 map ip 100.1.2.1 # return

Quidway NetEngine80E/40E Core Router Configuration Guide - VPN

6.14.26 Example for Configuring ATM AAL5 SDU Transport


Networking Requirements
Figure 6-41 Networking diagram for ATM AAL5 SDU transport
Loopback1 1.1.1.9/32 Loopback1 2.2.2.9/32 Loopback1 3.3.3.9/32 POS1/0/0 100.1.2.2/24 P POS2/0/0 100.1.2.1/24 ATM1/0/0.1 PVC1:1/100 10.1.1.2/24 CE1 ATM Netw ork CE2 ATM Netw ork

PE1 ATM2/0/0 ATM1/0/0.1 PVC1:1/100 10.1.1.1/24

POS1/0/0 100.1.1.2/24 POS1/0/0 100.1.1.1/24

PE2 ATM2/0/0

The ATM interfaces of the local router CE1 access the MPLS network through PE1 and connected with CE2 through PE2. CE1 and CE2 set up a VC that crosses the MPLS network. CE1 and CE2 access PE1 and PE2 through the ATM link. Figure 6-41 shows the PVC values and IP addresses. It is required that a PW between PE1, P, and PE2 carry cells of only one ATM VCC between CE1 and CE2. ATM cells between CE1 and CE2 can be transparently transmitted through the ISP network.

Configuration Roadmap
The configuration roadmap is as follows:
6-330 Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd. Issue 03 (2008-09-22)

Quidway NetEngine80E/40E Core Router Configuration Guide - VPN

6 PWE3 Configuration

1. 2. 3. 4. 5.

Configure a routing policy on the devices (PEs and Ps) of the backbone and enable MPLS. Adopt the default tunnel policy and set up the LSP as the tunnel to transmit user data. Enable MPLS L2VPN on the PE and set up the VC connection. Enable the ATM interfaces on the CE and configure the IPoA mapping. On each PE, enable the ATM AAL5 SDU transport on the ATM sub-interfaces that connect the PE and the CE.

Data Preparation
To complete the configuration, you need the following data:
l l l l

Data for configuring OSPF Name of the remote PE peer VC ID VPI/VCI value of the CE

Configuration Procedure
1. Enable the ATM interfaces on the CEs. # Configure CE1.
<Quidway> system-view [Quidway] sysname CE1 [CE1] interface atm 1/0/0 [CE1-Atm1/0/0] undo shutdown [CE1-Atm1/0/0] quit [CE1] interface atm 1/0/0.1 [CE1-Atm1/0/0.1] ip address 100.1.1.1 24 [CE1-Atm1/0/0.1] pvc 1/100 [CE1-atm-pvc-Atm1/0/0.1-1/100] map ip 100.1.1.2 [CE1-atm-pvc-Atm1/0/0.1-1/100] quit [CE1-Atm1/0/0.1] undo shutdown [CE1-Atm1/0/0.1] quit

# Configure CE2.
<Quidway> system-view [Quidway] sysname CE2 [CE1] interface atm 1/0/0 [CE1-Atm1/0/0] undo shutdown [CE1-Atm1/0/0] quit [CE2] interface atm 1/0/0.1 [CE2-Atm1/0/0.1] ip address 100.1.1.2 24 [CE2-Atm1/0/0.1] pvc 1/100 [CE2-atm-pvc-Atm1/0/0.1-1/100] map ip 100.1.1.1 [CE2-atm-pvc-Atm1/0/0.1-1/100] quit [CE2-Atm1/0/0.1] undo shutdown [CE2-Atm1/0/0.1] quit

2.

Configure the IGP on the MPLS backbone. Configure IP addresses for the interfaces of PEs and P. For details, see Figure 6-41. Configure the IGP for the MPLS backbone. Take OSPF as an example. While configuring OSPF, advertise the 32-bit loopback addresses of PE1, P, and PE2. For configuration details, see "Example for Configuring Interface-based Remote ATM Cell Transport."

3.

Configure the basic MPLS functions and LDP on the MPLS backbone network. For configuration details, see "Example for Configuring Interface-based Remote ATM Cell Transport."

Issue 03 (2008-09-22)

Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd.

6-331

6 PWE3 Configuration

Quidway NetEngine80E/40E Core Router Configuration Guide - VPN

4.

Set up the remote LDP session between the PEs. For configuration details, see "Example for Configuring Interface-based Remote ATM Cell Transport."

5.

Enable MPLS L2VPN on the PEs and configure the interface-based remote transparent ATM cell transport function. # Configure PE1.
[PE1] mpls l2vpn [PE1-l2vpn] quit [pE1] interface atm 2/0/0 [PE1-Atm2/0/0] undo shutdown [PE1-Atm2/0/0] quit [PE1] interface atm2/0/0.1 p2p [PE1-Atm2/0/0.1] pvc 1/100 [PE1-atm-pvc-Atm2/0/0.1-1/100] quit [PE1-Atm2/0/0.1] mpls l2vc 3.3.3.9 101 [PE1-Atm2/0/0.1] undo shutdown [PE1-Atm2/0/0.1] quit

# Configure PE2.
[PE2] mpls l2vpn [PE2-l2vpn] quit [PE2] interface atm 2/0/0 [PE2-Atm2/0/0] undo shutdown [PE2-Atm2/0/0] quit [PE2] interface atm2/0/0.1 p2p [PE2-Atm2/0/0.1] pvc 1/100 [PE2-atm-pvc-Atm2/0/0.1-1/100] quit [PE2-Atm2/0/0.1] mpls l2vc 1.1.1.9 101 [PE2-Atm2/0/0.1] undo shutdown [PE2-Atm2/0/0.1] quit

6.

Verify the configuration. Run the display mpls l2vc interface command on PEs to view the status of PWs, and you can see the status is up. Take the display of PE1 as an example:
<PE1> display mpls l2vc interface atm 2/0/0.1 *client interface : Atm2/0/0.1 is up session state : up AC state : up VC state : up VC ID : 101 VC type : ATM AAL5 SDU destination : 3.3.3.9 local group ID : 0 remote local VC label : 140288 remote local AC OAM State : up local PSN State : up local forwarding state : forwarding remote AC OAM state : up remote PSN state : up remote forwarding state: forwarding BFD for PW : unavailable manual fault : not set active state : active forwarding entry : exist link state : up local VC MTU : 1500 remote local VCCV : Disable remote VCCV : Disable local fragmentantion : disable remote local control word : enable remote tunnel policy : -traffic behavior : -PW template name : --

group ID VC label

: 0 : 140288

VC MTU

: 1500

fragmentantion: disable control word : enable

6-332

Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd.

Issue 03 (2008-09-22)

Quidway NetEngine80E/40E Core Router Configuration Guide - VPN


primary or secondary VC tunnel/token info NO.0 TNL type : lsp create time up time last change time

6 PWE3 Configuration
: primary : 1 tunnels/tokens , TNL ID : 0x208000 : 0 days, 0 hours, 0 minutes, 54 seconds : 0 days, 0 hours, 0 minutes, 15 seconds : 0 days, 0 hours, 0 minutes, 15 seconds

CE1 and CE2 can ping through each other. Take the display of CE1 as an example:
<CE1> ping 10.1.1.2 PING 10.1.1.2: 56 data bytes, press CTRL_C to break Reply from 10.1.1.2: bytes=56 Sequence=1 ttl=255 time=31 ms Reply from 10.1.1.2: bytes=56 Sequence=2 ttl=255 time=10 ms Reply from 10.1.1.2: bytes=56 Sequence=3 ttl=255 time=5 ms Reply from 10.1.1.2: bytes=56 Sequence=4 ttl=255 time=2 ms Reply from 10.1.1.2: bytes=56 Sequence=5 ttl=255 time=28 ms --- 10.1.1.2 ping statistics --5 packet(s) transmitted 5 packet(s) received 0.00% packet loss round-trip min/avg/max = 2/15/31 ms

Configuration Files
l

Configuration file of CE1


# sysname CE1 # interface Atm1/0/0 undo shutdown # interface Atm1/0/0.1 undo shutdown ip address 10.1.1.1 255.255.255.0 pvc 1/100 map ip 10.1.1.2 # return

Configuration file of PE1


# sysname PE1 # mpls lsr-id 1.1.1.9 mpls # mpls l2vpn # mpls ldp # mpls ldp remote-peer 1 remote-ip 3.3.3.9 # interface Pos1/0/0 link-protocol ppp undo shutdown ip address 100.1.1.1 255.255.255.0 mpls mpls ldp # interface Atm2/0/0 undo shutdown # interface Atm2/0/0.1 p2p undo shutdown pvc 1/100 mpls l2vc 3.3.3.9 101 #

Issue 03 (2008-09-22)

Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd.

6-333

6 PWE3 Configuration
interface LoopBack1 ip address 1.1.1.9 255.255.255.255 # ospf 1 area 0.0.0.0 network 1.1.1.9 0.0.0.0 network 100.1.1.0 0.0.0.255 # return l

Quidway NetEngine80E/40E Core Router Configuration Guide - VPN

Configuration file of P
# sysname P # mpls lsr-id 2.2.2.9 mpls # mpls ldp # interface Pos1/0/0 link-protocol ppp undo shutdown ip address 100.1.1.2 255.255.255.0 mpls mpls ldp # interface Pos2/0/0 link-protocol ppp undo shutdown ip address 100.1.2.1 255.255.255.0 mpls mpls ldp # interface LoopBack1 ip address 2.2.2.9 255.255.255.255 # ospf 1 area 0.0.0.0 network 2.2.2.9 0.0.0.0 network 100.1.1.0 0.0.0.255 network 100.1.2.0 0.0.0.255 # return

Configuration file of PE2


# sysname PE2 # mpls lsr-id 3.3.3.9 mpls # mpls l2vpn # mpls ldp # mpls ldp remote-peer 1 remote-ip 1.1.1.9 # interface Pos1/0/0 link-protocol ppp undo shutdown ip address 100.1.2.2 255.255.255.0 mpls mpls ldp # interface Atm2/0/0 undo shutdown # interface Atm2/0/0.1 p2p undo shutdown

6-334

Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd.

Issue 03 (2008-09-22)

Quidway NetEngine80E/40E Core Router Configuration Guide - VPN


pvc 1/100 mpls l2vc 1.1.1.9 101 # interface LoopBack1 ip address 3.3.3.9 255.255.255.255 # ospf 1 area 0.0.0.0 network 3.3.3.9 0.0.0.0 network 100.1.2.0 0.0.0.255 # return l

6 PWE3 Configuration

Configuration file of CE2


# sysname CE2 # interface Atm1/0/0 undo shutdown # interface Atm1/0/0.1 undo shutdown ip address 10.1.1.2 255.255.255.0 pvc 1/100 map ip 10.1.1.1 # return

Issue 03 (2008-09-22)

Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd.

6-335

Quidway NetEngine80E/40E Core Router Configuration Guide - VPN

7 VPLS Configuration

7
About This Chapter

VPLS Configuration

This chapter describes the principle, application and configuration for VPLS. 7.1 Introduction This section describes the principles of VPLS. 7.2 Configuring Kompella VPLS This section describes how to configure Kompella VPLS. 7.3 Configuring Martini VPLS This section describes how to configure Martini VPLS. 7.4 Configuring LDP HVPLS This section describes how to configure HVPLS in LDP mode. 7.5 Configuring Loop Detection of ACs in a VPLS Network This section describes how to configure loop detection of attachment circuits (ACs) in a VPLS network. 7.6 Configuring a VLL to Access the VPLS This section describes how to configure a VLL to access a VPLS network. 7.7 Configuring the Static VLL to Access the VPLS Network in Dual-homed Mode This section describes how to configure the static VLL to access the VPLS network in dualhomed mode. 7.8 Configuring Inter-AS Kompella VPLS This section describes how to configure the inter-AS Kompella VPLS. 7.9 Configuring Inter-AS Martini VPLS This section describes how to configure the inter-AS Martini VPLS. 7.10 Configuring Dual-homed Kompella VPLS This section describes how to configure the dual-homed Kompella VPLS. 7.11 Configuring Related Parameters of a VSI This section describes how to configure related parameters of a VSI. 7.12 Maintaining VPLS
Issue 03 (2008-09-22) Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd. 7-1

7 VPLS Configuration

Quidway NetEngine80E/40E Core Router Configuration Guide - VPN

This section describes how to maintain VPLS. 7.13 Configuration Examples This section provides several configuration examples of VPLS.

7-2

Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd.

Issue 03 (2008-09-22)

Quidway NetEngine80E/40E Core Router Configuration Guide - VPN

7 VPLS Configuration

7.1 Introduction
This section describes the principles of VPLS. 7.1.1 VPLS 7.1.2 VPLS Features Supported by the NE80E/40E

7.1.1 VPLS
With the development of Ethernet technology, Ethernet has become a crucial LAN technology. As an access technology, it is widely applied to Metropolitan Area Network (MAN) and Wide Area Network (WAN). Virtual Private LAN Service (VPLS) is used to connect more than one Ethernet LAN segment through the PSN and make them operate in an environment similar to a LAN. The VPLS is also called Transparent LAN Service (TLS) or Virtual Private Switched Network Service, and differs from the point-to-point service of the common L2VPN. With the VPLS technology, the service provider offers Ethernet-based multi-point service to clients through the MPLS backbone network. In a simple case, a VPLS contains multiple sites connected to the Provider Edge Device (PE) to implement emulated LAN. Figure 7-1 VPLS architecture
CE site1 VPLS- A VPLS -B CE site2 PE CE site4 PE PE VPLS- A VPLS -B CE

site3

Emulated LAN

VPLS- A CE site5

In VPLS, the PSN simulates network bridge devices and forwards packets based on MAC addresses, or MAC addresses and VLAN tags. The following lists basic concepts of VPLS:
Issue 03 (2008-09-22) Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd. 7-3

7 VPLS Configuration
l

Quidway NetEngine80E/40E Core Router Configuration Guide - VPN

PW The Pseudo Wire (PW) is a virtual connection used to transmit frames between two PEs. The PE establishes and maintains PWs through signaling and the two PEs on both ends of a PW maintain the PW status.

VSI The Every Virtual Switch Instance (VSI) offers separate VPLS service. The VSI implements Ethernet bridge function and terminates PW.

VC The Virtual Circuit (VC) is a logical unidirectional circuit between two nodes. Two opposite directional VCs constitute a PW. A VC can be used as a unidirectional PW.

AC The CE accesses the PE through the Attachment Circuit (AC) . The AC can be either a physical link or a logical link. The AC transmits frames between the CE and the PE.

The PE implements VPLS forwarding by using the VSIs. Ethernet frames are forwarded between the PEs through the fully-connected PW. Figure 7-2 shows the VPLS forwarding model. Figure 7-2 VPLS forwarding model

CE VLAN1 VSI 1 PE VSI 2 VSI 1 PE VSI 2

CE VLAN1

CE VLAN2

VSI 1

VSI 2

CE VLAN2

PE

CE VLAN1

CE VLAN2

In a VPLS, a connection, namely a PW, must be established between any two PEs. The packets can be directly transmitted from the ingress PE to the egress PE, without going through the intermediate PEs. Loop, therefore, cannot occur between the PEs, and the protocols such as Spanning Tree Protocol (STP), Multiple Spanning Tree Protocol (MSTP), and Rapid Ring Protection Protocol (RRPP) that prevent loop are not needed.

7.1.2 VPLS Features Supported by the NE80E/40E


7-4 Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd. Issue 03 (2008-09-22)

Quidway NetEngine80E/40E Core Router Configuration Guide - VPN

7 VPLS Configuration

Control Plane and Data Plane


The control plane of the VPLS PE has the following functions:
l

Member discovery: To find all the other PEs in the same VPLS, implement it by manually configuring or by automatically running certain protocols. Automatically running the protocols is called "automatic discovery". Signaling mechanism: The signaling protocol establishes, maintains and removes the PW between the PEs in the same VPLS.

The data plane of the VPLS PE has the following functions:


l

Encapsulation: After receiving Ethernet frames from a CE, a PE sends them to the PSN after encapsulation. Forwarding: The mode in which forward packets depends on the interface that receives the packets and the destination MAC addresses of the packets. Decapsulation: After receiving Ethernet frames from a packet switched network, a PE decapsulates the frames, and then forwards the frames to CEs.

The NE80E/40E supports the implementation of the VPLS functions of the control plane in the BGP or the LDP signaling mode, called Kompella VPLS and Martini VPLS, respectively.
l

Kompella VPLS: adopts BGP as signaling. Automatic member discovery of VPLS is implemented by configuring VPN targets. If you want to add or delete a PE, only the operations on one of its peer PEs are needed. Kompella VPLS has better expansibility. Martini VPLS: adopts LDP as signaling. The PE peer must be manually specified because the PEs are fully connected in a VPLS. When adding a new PE, you must modify the configuration on all the related PEs. Since PW is a point-to-point link, the LDP mode establishes, maintains and removes the PWs more effectively.

MAC Address Learning


The Ethernet network sends the broadcast packets, multicast packets and unicast packets with unknown destination MAC addresses to all the other ports on the same Ethernet segment. In the VPLS, the service provider network stimulates network bridge devices and the PE performs the MAC address learning. The PE must associate the destination MAC address with the PW to forward packets. The PE identifies the remote MAC addresses through the PW and the directly-connected MAC addresses through the AC. The MAC address learning has the following two modes:
l

Qualified: The PE identifies the MAC addresses according to the MAC addresses of the Ethernet packets and the VLAN tags, that is, based on every VLAN of every VSI. In this mode, every VLAN has its broadcast domain and independent MAC address range. Unqualified: The PE identifies the MAC addresses according to MAC addresses of the Ethernet packets, that is, based on every VSI. In this mode, all VLANs share a broadcast domain and a MAC address range. The MAC address of a VLAN must be unique, and must not have an overlapped address.
NOTE

Currently, the NE80E/40E supports only the unqualified mode.

If the PE receives broadcast traffic sent by the local customer, the PE forwards it to all the other ports and to the PEs of the same VPLS.
Issue 03 (2008-09-22) Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd. 7-5

7 VPLS Configuration

Quidway NetEngine80E/40E Core Router Configuration Guide - VPN

If the PE receives the broadcast traffic sent by the remote PE, the PE forwards it to the directlyconnected customer devices of the same VPLS, instead of other PEs. For the packet whose destination MAC address is a non-broadcast address, if the PE does not identify this type of MAC address, then the PE broadcasts this packet.

Flooding
The Ethernet broadcasts the packets with unknown addresses. Therefore, in VPLS, the received packets with unknown unicast addresses, broadcast addresses, or multicast addresses are flooded to all the other ports. If multicast needs to be used, PEs need to adopt other methods such as Internet Group Management Protocol (IGMP) snooping and Protocol Independent Multicast (PIM) snooping.

Packet Encapsulation
After the PE discovers its neighbors, two unidirectional VCs going to the opposite direction are established between a pair of PEs. These two VCs form one bidirectional PW. There are two modes of encapsulation for packets on a VC:
l

Ethernet: The packet encapsulated in the Ethernet mode does not carry the VLAN tag when they are transmitted on the public network. VLAN: The packet encapsulated in the VLAN mode carries the VLAN tag when they are transmitted on the public network.

Access Mode
l

VLAN interface of the switch or router The VLAN interface can be one of the following types:

Terminal VLAN interface: reuses a physical interface. For example, you can divide an Ethernet interface into multiple sub interfaces, and take every sub interface as a VLAN interface. Switched VLAN interface: is a logical interface, and not a sub interface of a physical interface. A VLAN interface contains more than one physical interface, that is, the VLAN packets are received from multiple physical interfaces.

The physical interface configured as the switching interface can send VLAN traffic in the following modes:

Access mode: allows only the packets with the default VLAN ID to pass. Trunk mode: allows only the packets with the VLAN ID of this interface to pass. QinQ mode: adds the default VLAN ID to original packets, and allows only the packets with default VLAN ID to pass.
NOTE

l l l

In the QinQ mode, the packet with two tags is transmitted in the tunnel. After the packet reaches the destination PE, the PE removes the outside tag and then forwards the packet to the CE. By using the QinQ mode, you can deploy the Hierarchical Virtual Private LAN Service (HVPLS).

1483B bridge The Virtual-Ethernet of the NE80E/40E supports ATM 1483B, and can also forward VLAN packets.

7-6

Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd.

Issue 03 (2008-09-22)

Quidway NetEngine80E/40E Core Router Configuration Guide - VPN

7 VPLS Configuration

HVPLS
The above mentioned VPLS requires that the PE devices forward the Ethernet frame through the fully-connected Ethernet PW. Thus, each PE must set up connections with the other PEs in the same VPLS. If a VPLS has the PE devices of the number N, the VPLS will possess the connection of N x (N 1)/2. When the number of PEs increases, the VPLS connection increases by squares of N. The introduction of the Hierarchical Virtual Private LAN Service (HVPLS) resolves the problem caused by excessive connections. Figure 7-3 shows the HVPLS basic model. Figure 7-3 HVPLS model
CE basic VPLS full mesh
AC

SPE SPE
PW PW PW

UPE

PW AC

SPE

CE

In the HVPLS model, PEs falls into the following two types:
l

Underlayer PE (UPE) It refers to the user aggregation device. It is directly connected with the CE. It is only necessary for the UPE to set up the connection with a PE in the VPLS fully-connected network. The UPE supports the routing and the MPLS encapsulation.If the UPE is connected with multiple CEs and possesses the bridge function, the frame forwarding can be performed on the UPE. Thus, the load on the SPE can be relieved.

Superstratum PE (SPE) The SPE refers to the core device that is connected with the UPE and located in the VPLS fully-connected network. The SPE sets up the connection with all the other devices within the VPLS fully-connected network. The UPE connected with the SPE is like a CE to the SPE. The PW set up between the UPE and the SPE works as the AC of the SPE. The SPE needs to learn the MAC addresses of all the sites on the UPE side and that of the UPE interface connected with the SPE.

Loop Detection of ACs in a VPLS Network


To avoid the influence of single-point failure on services, the user network accesses the Virtual private LAN service (VPLS) network through redundant links, as shown in the Figure 7-4 and Figure 7-5.
Issue 03 (2008-09-22) Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd. 7-7

7 VPLS Configuration

Quidway NetEngine80E/40E Core Router Configuration Guide - VPN

Figure 7-4 Networking diagram of user network accessing to a single PE through redundant links
PE1 PE2

VPLS network

Switch

CE2

CE1

Figure 7-5 The user network accesses the VPLS network through dual-homing links

VPLS network PE1 PE2

Switch

CE

In the preceding situations, you can configure loop detection on Attachment Circuit (AC) interfaces of a PE, without the deployment of a user network. In this manner, the PE can determine whether a loop occurs by sending Layer 2 detection packets. This effectively avoids loops on the carrier network without any impact on the access of users.

VLL Accessing the VPLS


As shown in Figure 7-6, in the HVPLS, SPE1 and SPE2 support VPLS. VSIs of the SPEs adopt LDP as the signaling protocol of the VPLS.
7-8 Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd. Issue 03 (2008-09-22)

Quidway NetEngine80E/40E Core Router Configuration Guide - VPN

7 VPLS Configuration

In practical networks, such as MAN access networks, virtual leased lines (VLLs) set up between Underlayer Provider Edges (UPEs) and SPEs can connect the Customer Edges (CEs) to the backbone VPLS network. In certain networking environment, if a UPE does not support the dynamic VLL, the UPE needs to access SPEs through the static VLL. A UPE and an SPE generally set up a static virtual circuit (SVC) between each other to create a VLL. Figure 7-6 Networking diagram of the VLL accessing the VPLS
VPLS Network
PW

SPE1

SPE2

UPE1

VL L

VL L

UPE2

CE1

CE2

CE3

CE4

The UPEs add double MPLS labels to the packets sent by the CEs. The outer layer is the LSP label and is switched when a packet passes through the devices on the access network. The inner label is the VC label that identifies the VC. The inner label remains unchanged when a packet is transmitted along the LSP. The packets received by the SPEs contain double labels. The outer label, which is a public network label, is popped up. The inner label decides which VSI the VLL accesses.

Static VLL Accessing the VPLS Network in Dual-homed Mode


To ensure the reliable VLL accessing, the UPE accessing the SPE in dual-homed mode is introduced. In dual-homed mode, if a PW fails, the data traffic is immediately switched to another PW, as shown in Figure 7-7. In VPLS, the bidirectional transmission paths are consistent because the routing information about the Layer 2 forwarding is automatically learned through MAC addresses of the data traffic. If a fault occurs, the VPLS traffic of a UPE device is switched to another LSP. The SPE devices belonging to the VSI delete the MAC entries of this VSI. After the switchover or the deletion, the MAC entries need to be learned afresh.

Issue 03 (2008-09-22)

Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd.

7-9

7 VPLS Configuration

Quidway NetEngine80E/40E Core Router Configuration Guide - VPN

Figure 7-7 Networking diagram of the static VLL accessing the VPLS network in dual-homed mode
SPE1 SPE3

UPE1

x
SPE2 SPE4

UPE2

CE1

CE2

LDP Message

As shown in Figure 7-7, if a fault occurs on the LSP between the UPE1 and the SPE1, SPE1 detects the fault and asks the other SPEs to delete the related MAC addresses by sending LDP messages. The UPEs detect the LSP status through MPLS Operation Administration & Maintenance (OAM). If a fault is found, the traffic switchover is performed. After the switchover, the related VSIs on the SPEs learn the MAC addresses afresh; thus, the traffic can return through the new SPEs. Before other SPEs learn the MAC addresses, the traffic must be broadcast. After the fault is removed, the UPE receives double VLL broadcast traffic: one from the SPEs before the switchover, the other from the SPEs after the switchover. The UPE decides which broadcast traffic to be thrown away. After the faulty VLL restores the normal state, the VPLS traffic will be not switched to the VLL.

Inter-AS VPLS
Martini and Kompella VPLSs can realize the inter-AS Option A. In the inter-AS L2VPN network, the link type between Autonomous System Boundary Routers (ASBRs) must be the same as the VC type. In inter-AS Option A, each ASBR must reserve a sub-interface for each inter-AS VC. If the number of inter-AS VCs is small, Option A can be used. VPLS adopting inter-AS Option A consumes more resources and requires more configurations, and thus it is not recommended. Option C is a better solution. The devices on the SP network need only to set up the outer tunnel on PEs in different ASs. The ASBR does not need to maintain information about the inter-AS VPLS or reserve interfaces for the inter-AS VPLS. VSI information of VPLS is exchanged only between PEs. Thus, resources consumption decreases and configurations do not increase.

7.2 Configuring Kompella VPLS


This section describes how to configure Kompella VPLS. 7.2.1 Establishing the Configuration Task 7.2.2 Enabling the BGP Peer to Exchange VPLS Information 7.2.3 Creating a VSI and Configuring BGP Signaling
7-10 Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd. Issue 03 (2008-09-22)

Quidway NetEngine80E/40E Core Router Configuration Guide - VPN

7 VPLS Configuration

7.2.4 (Optional) Configuring Huawei Devices to Communicate with Non-Huawei Devices 7.2.5 Binding the VSI to the Interface Connected with CE 7.2.6 (Optional) Configuring Route Reflection for BGP VPLS 7.2.7 Checking the Configuration

7.2.1 Establishing the Configuration Task


Applicable Environment
If the PE devices support the BGP as VPLS signaling, you can configure Kompella VPLS. Automatic discovery of the VPLS PE is implemented through the VPN target configuration.

Pre-configuration Tasks
Before configuring Kompella VPLS, complete the following tasks:
l l l

Configuring the LSR ID on the PE and the P and enabling MPLS Enabling MPLS L2VPN on the PE Establishing the tunnel between the PEs to transmit user data

Data Preparation
To configure Kompella VPLS, you need the following data. No. 1 2 3 4 5 Data BGP peer to exchange VPLS information VSI name RD and VPN target of VSI CE ID of the site, the number of CEs allowed to access VPLS, and default offset value of the CE ID Binding interface of the VSI

7.2.2 Enabling the BGP Peer to Exchange VPLS Information


Context
NOTE

For details of commands in BGP VPLS address family view, refer to the chapter "IP Routing Commands" in the Quidway NetEngine80E/40E Router Command Reference.

Do as follows on the PEs of the two ends of the PW:


Issue 03 (2008-09-22) Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd. 7-11

7 VPLS Configuration

Quidway NetEngine80E/40E Core Router Configuration Guide - VPN

Procedure
Step 1 Run:
system-view

The system view is displayed. Step 2 Run:


bgp as-number

The BGP view is displayed. Step 3 Run:


peer peer-address as-number as-number

The BGP peer is configured. Step 4 Run:


peer peer-address connect-interface loopback interface-number

The interface used to set up the TCP connection is specified.


NOTE

To improve reliability, on the PE, the local loopback interface is generally specified as the interface to set up the TCP connection.

Step 5 Run:
vpls-family

The BGP VPLS sub-address family view is displayed. Step 6 Run:


peer peer-address enable

The exchange of VPLS information is enabled on the BGP peer.


NOTE

The BGP VPLS shares a TCP session with the common BGP protocol. Most configurations of the BGP VPLS network are the same as the configurations of the BGP protocol. To exchange information about the VPLS label block, you need to enable peers to exchange the VPLS block label in the BGP VPLS subaddress family view.

----End

7.2.3 Creating a VSI and Configuring BGP Signaling


Context
TIP

A VSI can set up the VSI connection with multiple VSIs with the same site number and the same VPN target of other PEs. Among those VSIs, a VSI is the primary VSI, and the others are backup VSIs. This backup scheme is not recommended. Multiple VSIs with the same site number and the same VPN target are allocated with the same label, and they are actually the same VSI. A VSI can set up only one VSI connection with multiple VSIs with the same site number and the same VPN target.

Do as follows on the PEs of the two ends of the PW:


7-12 Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd. Issue 03 (2008-09-22)

Quidway NetEngine80E/40E Core Router Configuration Guide - VPN

7 VPLS Configuration

Procedure
Step 1 Run:
system-view

The system view is displayed. Step 2 Run:


vsi vsi-name auto

A VSI is created and automatic member discovery mechanism is configured. The Kompella VPLS does not directly deal with the connection between the CEs. It numbers the CEs and creates a VSI on the PE for each CE. Step 3 Run:
pwsignal bgp

The PW signaling protocol is configured as BGP and the VSI-BGP view is displayed. Step 4 Run:
route-distinguisher route-distinguisher

The RD of the VSI is configured. After the PW signaling protocol is configured as BGP, configure the RD to make the VSI take effect.
NOTE

For a PE, different VSIs have different RDs. For the same VSI on different PEs:
l l

If a CE accesses two PEs, RDs of the VSI must be different. If a CE accesses a PE, RDs of the VSI can be either the same or different.

Step 5 Run:
vpn-target vpn-target&<1-16> [ both | export-extcommunity | import-extcommunity ]

The VPN target of the VSI is configured. When using this command, note the mapping between the VPN target attribute at the local end and the VPN target at the remote end. That is,
l

export-extcommunity of the local end must be consistent with import-extcommunity of the peer. import-extcommunity of the local end must be consistent with export-extcommunity of the peer.

Traffic can be normally transmitted in bidirectional way only if the preceding two conditions are satisfied. If only one condition is met, the traffic can be transmitted only in unidirectional way. For convenience of configuration, the four values are generally configured to be the same. Step 6 Run:
site site-id [ range site-range ] [ default-offset { 0 | 1 } ]

The site is configured. The two ends of the VSI cannot be configured with the same site ID. The value of the local site ID cannot be greater than the sum of the site-range and default-offset of the remote end. The
Issue 03 (2008-09-22) Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd. 7-13

7 VPLS Configuration

Quidway NetEngine80E/40E Core Router Configuration Guide - VPN

value of the local site ID, however, must be larger than the value of the default-offset of the remote end.
NOTE

All Kompella L2VPN instances and VPLS VSI instances of one device share one label block; therefore, the sum of the ranges of all Kompella L2VPN instances and VPLS VSI instances cannot be greater than the label block. Otherwise, the system prompts that the labels cannot be obtained because the required labels exceed the upper limit; thus, allocation of a site ID to a VSI or creation of a CE fails.

----End

7.2.4 (Optional) Configuring Huawei Devices to Communicate with Non-Huawei Devices


Context
NOTE

When Huawei devices need to communicate with non-Huawei devices with the VPLS encapsulation type carried by BGP extended community attributes as 19, you need to perform this configuration.
NOTE

The vpls bgp encapsulation { ethernet | vlan } and ignore-mtu-match commands must be used together on Huawei devices so that Huawei devices can communicate with non-Huawei devices.

Do as follows on the PEs of the two ends of the PW:

Procedure
Step 1 Run:
system-view

The system view is displayed. Step 2 Run:


vpls bgp encapsulation { ethernet | vlan }

The global encapsulation type of Kompella VPLS is configured. After this command is used and the VPLS packet with encapsulation type 19 is received, the system re-encapsulates this packet according to the user configuration and then performs other processing related to VPLS. When this command is not used, the system re-encapsulates the received VPLS packet with encapsulation type 19 in VLAN mode. Step 3 Run:
vsi vsi-name

The view of the created VSI is displayed. Step 4 Run:


ignore-mtu-match

The MTU matching check is ignored and the sent VPLS packet is re-encapsulated. By default, the MTU in the VSI view is 1500. If the MTUs of the same VSI on two PEs are different, the two PEs cannot exchange information or establish a connection.
7-14 Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd. Issue 03 (2008-09-22)

Quidway NetEngine80E/40E Core Router Configuration Guide - VPN

7 VPLS Configuration

The equipment of some manufacturers cannot perform the MTU matching check in the VSI. When a Huawei device communicates with a non-Huawei device in Kompella mode, you need to run the ignore-mtu-match command on the Huawei data communication device using the NE80E/40E to ignore the MTU matching check. This ensures that the VC link is Up. In addition, after the ignore-mtu-match command is used, the VPLS packet sent by the device adopts the standard encapsulation type 19. ----End

7.2.5 Binding the VSI to the Interface Connected with CE


Context
According to the link type between the PE and the CE, the binding falls into the following cases:
l

Binding the VSI with the Ethernet interface or GE interface when the PE and the CE are connected through the Ethernet interface Binding the VSI with the Ethernet sub-interface or GE sub-interface when the PE and the CE are connected through the Ethernet sub-interface or GE sub-interface Binding the VSI with the VLAN interface when the PE and the CE are connected through the VLAN interface Binding the VSI with the VE interface when the PE and the CE are connected through the VE interface Binding the VSI with the Eth-Trunk when the PE and the CE are connected through the Eth-Trunk interface Binding the VSI with the Eth-Trunk sub-interface when the PE and the CE are connected through the Eth-Trunk sub-interface Binding the VSI to a sub-interface for QinQ VLAN tag termination. For details, refer to the Quidway NetEngine80E/40E Router Configuration Guide - LAN Access & MAN Access.
NOTE

In VPLS applications, different CEs are transparently connected to each other on the same LAN network segment through VSIs; therefore, the CEs cannot be configured with the same IP address. In addition, PE interfaces connected with CEs cannot be configured with the l2 binding command and the ip address command at the same time. That is, if PE interfaces connected with CEs have been configured with IP addresses, the interfaces cannot be bound to VSI instances; if the interfaces have been bound to VSI instances, the interfaces cannot be configured with IP addresses.

Procedure
l Binding VSI with the Ethernet interface 1. Do as follows on the PEs of the two ends of the PW, and run:
system-view

The system view is displayed. 2. Run:


interface { ethernet | gigabitethernet } interface-number

The Ethernet interface view is displayed. 3.


Issue 03 (2008-09-22)

Run:
Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd. 7-15

7 VPLS Configuration
l2 binding vsi vsi-name

Quidway NetEngine80E/40E Core Router Configuration Guide - VPN

The VSI is bound with the Ethernet interface. l Binding VSI to an Ethernet sub-interface 1. Do as follows on the PEs of the two ends of the PW, and run:
system-view

The system view is displayed. 2. Run:


interface { ethernet | gigabitethernet } interface-number.subnumber

The Ethernet sub-interface view is displayed. 3. Run:


shutdown

The current sub-interface is shut down. 4. Run:


vlan-type dot1q vlan-id

The VLAN type of the interface is configured. 5. Run:


undo shutdown

The current sub-interface is restarted. 6. Run:


l2 binding vsi vsi-name

The VSI is bound with the Ethernet sub-interface. l Binding the VSI to a VLANIF interface 1. Do as follows on the PEs of the two ends of the PW, and run:
system-view

The system view is displayed. 2. Run:


interface vlanif vlan-id

The VLANIF interface view is displayed. 3. Run:


l2 binding vsi vsi-name

The VLANIF interface is bound to the VSI. l Binding the VSI to a VE interface 1. Do as follows on the PEs of the two ends of the PW, create a VE interface, and then configure the mapping of the 1483B service. (1) Run the system-view command to enter the system view. (2) Run the interface virtual-ethernet interface-number command to create a VE interface and enter the VE interface view. (3) Run the quit command to return to the system view. (4) Run the interface atm tunnel-number command to enter the ATM interface view. (5) Run the pvc vpi/vci command to create a PVC.
7-16 Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd. Issue 03 (2008-09-22)

Quidway NetEngine80E/40E Core Router Configuration Guide - VPN

7 VPLS Configuration

(6) Runt the map bridge virtual-ethernet interface-number command to configure the mapping of the 1483B service. (7) Run the quit command to return to the ATM interface view. (8) Run the quit command to return to the system view. 2. Switch the VE interface to a Layer 2 interface and add the VE interface to the specified VLAN. (1) Run the interface virtual-ethernet interface-number command to enter the VE interface view. (2) Run the portswich command to switch the VE interface to a Layer 2 interface. (3) Run the quit command to return to the system view. (4) Run the vlan vlan-id command to create a VLAN and enter the VLAN view. (5) Run the port virtual-ethernet interface-number command to add the Layer 2 VE interface to the specified VLAN. (6) Run the quit command to return to the system view. 3. Bind the VLANIF interface to the VSI. (1) Run the interface vlanif vlan-id command to create a VLANIF interface. (2) Run the l2 binding vsi vsi-name command to bind the VLANIF interface to the VSI. l Binding the VSI to an Eth-Trunk interface 1. Do as follows on the PEs of the two ends of the PW, and run:
system-view

The system view is displayed. 2. Run:


interface eth-trunk trunk-id

An Eth-Trunk interface is created. 3. Run:


quit

Return to the system view. 4. Run:


interface { ethernet | gigabitethernet } interface-number

The view of the interface to be added into the Eth-Trunk is displayed. An Eth-Trunk member interface cannot be configured with a static MAC address.
NOTE

Member interfaces of a trunk cannot be Eth-Trunk interfaces or IP-Trunk interfaces.

5.

Run:
eth-trunk trunk-id

The interface is added into the Eth-Trunk. Before adding an interface into an Eth-Trunk, ensure the interface is not configured with any Layer 3 attributes such as IP address and any services. An Ethernet interface can join only one Eth-Trunk interface. To join another EthTrunk interface, the Ethernet interface must quit from the original one.
Issue 03 (2008-09-22) Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd. 7-17

7 VPLS Configuration

Quidway NetEngine80E/40E Core Router Configuration Guide - VPN

Member interfaces of an Eth-Trunk interface must be of the same type. That is, FE interfaces and GE interfaces cannot join an Eth-Trunk interface. 6. Run:
quit

Return to the system view. 7. Run:


interface eth-trunk trunk-id

The Eth-Trunk interface view is displayed. 8. Run:


l2 binding vsi vsi-name

The Eth-Trunk interface is bound with the VSI. l Binding the VSI with an Eth-Trunk sub-interface 1. Do as follows on the PEs of the two ends of the PW, and run:
system-view

The system view is displayed. 2. Run:


interface eth-trunk trunk-id

An Eth-Trunk interface is created. 3. Run:


quit

Return to the system view. 4. Run:


interface { ethernet | gigabitethernet } interface-number

The view of the interface to be added into the Eth-Trunk is displayed. An Eth-Trunk member interface cannot be configured with a static MAC address.
NOTE

Member interfaces of a trunk cannot be Eth-Trunk interfaces or IP-Trunk interfaces.

5.

Run:
eth-trunk trunk-id

The interface is added into the Eth-Trunk. Before adding an interface into an Eth-Trunk, ensure the interface is not configured with any Layer 3 attributes such as IP address and any services. An Ethernet interface can join only one Eth-Trunk interface. To join another EthTrunk interface, the Ethernet interface must quit from the original one. Member interfaces of an Eth-Trunk interface must be of the same type. That is, FE interfaces and GE interfaces cannot join an Eth-Trunk interface. 6. Run:
quit

Return to the system view. 7. Run:


interface eth-trunk trunk-id .subnumber

7-18

Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd.

Issue 03 (2008-09-22)

Quidway NetEngine80E/40E Core Router Configuration Guide - VPN

7 VPLS Configuration

The Eth-Trunk sub-interface view is displayed. 8. Run:


shutdown

The current sub-interface is shut down. 9. Run:


vlan-type dot1q vlan-id

The VLAN encapsulation type is configured on the sub-interface. 10. Run:


undo shutdown

The current sub-interface is restarted. 11. Run:


l2 binding vsi vsi-name

The Eth-Trunk sub-interface is bound with the VSI. ----End

7.2.6 (Optional) Configuring Route Reflection for BGP VPLS


Context
Do as follows on the PEs of the two ends of the PW:

Procedure
Step 1 Run:
system-view

The system view is displayed. Step 2 Run:


bgp as-number

The BGP view is displayed. Step 3 Run:


vpls-family

The BGP-VPLS sub-address family view is displayed. Step 4 Run:


peer { group-name | peer-address } reflect-client

The route reflector (RR) and its client are configured. Step 5 Run:
undo policy vpn-target

The filtering of VPLS label blocks based on VPN targets is disabled. Step 6 (Optional) Run:
rr-filter extended-list-number

Issue 03 (2008-09-22)

Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd.

7-19

7 VPLS Configuration

Quidway NetEngine80E/40E Core Router Configuration Guide - VPN

The reflection policy is configured. ----End

7.2.7 Checking the Configuration


Run the following commands to check the previous configuration. Action Check the information about the VPLS VSI. Check information about the remote VSI. Check the information about the VPLS connection. Command display vsi [ name vsi-name ] [ verbose ] display vsi remote bgp [ nexthop nexthop-address [ export-vpn-target vpn-target ] | route-distinguisher route-distinguisher ] display vpls connection [ bgp | vsi vsi-name ] [ down | up ] [ verbose ]

Run the display vsi [ name vsi-name ] [ verbose ] command. You can view that the item "VSI State" is displayed as "up". If verbose is selected, the item "Signaling" is displayed as "bgp" and the item "VC State" is displayed as "up". This means that the configuration succeeds. For example:
<Quidway> display vsi name ***VSI Name Administrator VSI Isolate Spoken VSI Index PW Signaling Member Discovery Style PW MAC Learn Style Encapsulation Type MTU Mode Service Class Color DomainId Domain Name VSI State BGP RD SiteID/Range/Offset Import vpn target Export vpn target Remote Label Block Local Label Block Interface Name State **PW Information: *Peer Ip Address PW State Local VC Label Remote VC Label PW Type Tunnel ID bgp1 verbose : bgp1 : no : disable : 0 : bgp : auto : unqualify : vlan : 1500 : uniform : -: -: 0 : : up : 168.1.1.1:1 : 1/5/0 : 100:1, : 100:1, : 25600/5/0, : 25600/5/0, : GigabitEthernet1/0/0.1 : up : : : : : : 3.3.3.9 up 25602 25601 label 0x2002001,

Run the display vsi remote bgp [ nexthop nexthop-address [ export-vpn-target vpn-target ] | route-distinguisher route-distinguisher ] command. If information about the remote VSI established through BGP is displayed, it means that the configuration succeeds. For example:
7-20 Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd. Issue 03 (2008-09-22)

Quidway NetEngine80E/40E Core Router Configuration Guide - VPN


<Quidway> display vsi remote bgp Total Number : 1 **BGP RD : 169.1.1.2:1 NextHop : 3.3.3.9 EncapType : vlan MTU : 1500 Export vpn target : 100:1, SiteID : 2 Remote Label Block : 25600/5/0,

7 VPLS Configuration

Number

: 1

Run the display vpls connection [ bgp | vsi vsi-name ] [ down | up ] [ verbose ] command. You can view that the item "VC State" is displayed as "up". If verbose is selected, the item "Signaling" is displayed as "bgp", the item "VC State" is displayed as "up", and label allocation is complete. For example:
<Quidway> display vpls VSI Name: v1 **Remote Site ID VC State RD Encapsulation MTU Peer Ip Address PW Type Local VC Label Remote VC Label Tunnel Policy Tunnel ID Remote Label Block Export vpn target connection bgp verbose Signaling: bgp : 2 : up : 200:1 : vlan : 1500 : 4.4.4.4 : label : 25602 : 25601 : -: 0x2002001, : 25600/5/0 : 1:1,

7.3 Configuring Martini VPLS


This section describes how to configure Martini VPLS. 7.3.1 Establishing the Configuration Task 7.3.2 Creating a VSI and Configuring LDP Signaling 7.3.3 Binding the VSI to the Interface Connected with CE 7.3.4 Checking the Configuration

7.3.1 Establishing the Configuration Task


Applicable Environment
When the PE devices support the LDP to be the VPLS signaling, you can configure the Martini VPLS. PEs must be fully connected to each other through PWs, each of which requires a dedicated LDP session. As a result, an LDP session must be set up between any two PEs.

Pre-configuration Tasks
Before configuring Martini VPLS, complete the following tasks:
l l l

Configuring the LSR ID and enabling MPLS and MPLS LDP Enabling the MPLS L2VPN on the PEs Establishing the tunnel used to transmit the user data between PEs
Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd. 7-21

Issue 03 (2008-09-22)

7 VPLS Configuration
l

Quidway NetEngine80E/40E Core Router Configuration Guide - VPN

Establishing a remote LDP session between the PEs if they are connected indirectly

Data Preparation
To configure Martini VPLS, you need the following data. No. 1 2 3 4 Data VSI name VSI ID IP address of the peer and tunnel policy to establish the peer Binding interface of the VSI

7.3.2 Creating a VSI and Configuring LDP Signaling


Context
Do as follows on the PEs of the two ends of the PW:

Procedure
Step 1 Run:
system-view

The system view is displayed. Step 2 Run:


vsi vsi-name static

A VSI is created and static member discovery mechanism is adopted. Step 3 Run:
pwsignal ldp

The PW signaling protocol is specified as LDP and the VSI-LDP view is displayed. Step 4 Run:
vsi-id vsi-id

The VSI ID is configured.


NOTE

The two ends of the VSI must agree on the same VSI ID.

The VSI exists only on the PE. One PE can have multiple VSIs. One VPLS on a PE has only one VSI. Step 5 Run:
peer peer-address [ negotiation-vc-id vc-id ] [ tnl-policy policy-name ]

The VSI peer is configured.


7-22 Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd. Issue 03 (2008-09-22)

Quidway NetEngine80E/40E Core Router Configuration Guide - VPN

7 VPLS Configuration

When you take the LDP as PW signaling, you must configure VSI ID for the VSI to take effect. The VSI ID varies with the VSI, and you can use these VSI IDs in the stage of PW signaling negotiation. The LDP does not support the automatic discovery of the VPLS PE. You must manually specify the peer PE of the VPLS. ----End

7.3.3 Binding the VSI to the Interface Connected with CE


Context
According to the link type between the PE and the CE, the binding falls into the following cases:
l

Binding the VSI with the Ethernet interface or GE interface when the PE and the CE are connected through the Ethernet interface Binding the VSI with the Ethernet sub-interface or GE sub-interface when the PE and the CE are connected through the Ethernet sub-interface or GE sub-interface Binding the VSI with the VLAN interface when the PE and the CE are connected through the VLAN interface Binding the VSI with the VE interface when the PE and the CE are connected through the VE interface Binding the VSI with the Eth-Trunk when the PE and the CE are connected through the Eth-Trunk interface Binding the VSI with the Eth-Trunk sub-interface when the PE and the CE are connected through the Eth-Trunk sub-interface Binding the VSI to a sub-interface for QinQ VLAN tag termination. For details, refer to the Quidway NetEngine80E/40E Router Configuration Guide - LAN Access & MAN Access.
NOTE

In VPLS applications, different CEs are transparently connected to each other on the same LAN network segment through VSIs; therefore, the CEs cannot be configured with the same IP address. In addition, PE interfaces connected with CEs cannot be configured with the l2 binding command and the ip address command at the same time. That is, if PE interfaces connected with CEs have been configured with IP addresses, the interfaces cannot be bound to VSI instances; if the interfaces have been bound to VSI instances, the interfaces cannot be configured with IP addresses.

Procedure
l Binding VSI with the Ethernet interface 1. Do as follows on the PEs of the two ends of the PW, and run:
system-view

The system view is displayed. 2. Run:


interface { ethernet | gigabitethernet } interface-number

The Ethernet interface view is displayed. 3. Run:


l2 binding vsi vsi-name

Issue 03 (2008-09-22)

Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd.

7-23

7 VPLS Configuration

Quidway NetEngine80E/40E Core Router Configuration Guide - VPN

The VSI is bound with the Ethernet interface. l Binding VSI to an Ethernet sub-interface 1. Do as follows on the PEs of the two ends of the PW, and run:
system-view

The system view is displayed. 2. Run:


interface { ethernet | gigabitethernet } interface-number.subnumber

The Ethernet sub-interface view is displayed. 3. Run:


shutdown

The current sub-interface is shut down. 4. Run:


vlan-type dot1q vlan-id

The VLAN type of the interface is configured. 5. Run:


undo shutdown

The current sub-interface is restarted. 6. Run:


l2 binding vsi vsi-name

The VSI is bound with the Ethernet sub-interface. l Binding the VSI to a VLANIF interface 1. Do as follows on the PEs of the two ends of the PW, and run:
system-view

The system view is displayed. 2. Run:


interface vlanif vlan-id

The VLANIF interface view is displayed. 3. Run:


l2 binding vsi vsi-name

The VLANIF interface is bound to the VSI. l Binding the VSI to a VE interface 1. Do as follows on the PEs of the two ends of the PW, create a VE interface, and then configure the mapping of the 1483B service. (1) Run the system-view command to enter the system view. (2) Run the interface virtual-ethernet interface-number command to create a VE interface and enter the VE interface view. (3) Run the quit command to return to the system view. (4) Run the interface atm tunnel-number command to enter the ATM interface view. (5) Run the pvc vpi/vci command to create a PVC.
7-24 Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd. Issue 03 (2008-09-22)

Quidway NetEngine80E/40E Core Router Configuration Guide - VPN

7 VPLS Configuration

(6) Runt the map bridge virtual-ethernet interface-number command to configure the mapping of the 1483B service. (7) Run the quit command to return to the ATM interface view. (8) Run the quit command to return to the system view. 2. Switch the VE interface to a Layer 2 interface and add the VE interface to the specified VLAN. (1) Run the interface virtual-ethernet interface-number command to enter the VE interface view. (2) Run the portswich command to switch the VE interface to a Layer 2 interface. (3) Run the quit command to return to the system view. (4) Run the vlan vlan-id command to create a VLAN and enter the VLAN view. (5) Run the port virtual-ethernet interface-number command to add the Layer 2 VE interface to the specified VLAN. (6) Run the quit command to return to the system view. 3. Bind the VLANIF interface to the VSI. (1) Run the interface vlanif vlan-id command to create a VLANIF interface. (2) Run the l2 binding vsi vsi-name command to bind the VLANIF interface to the VSI. l Binding the VSI to an Eth-Trunk interface 1. Do as follows on the PEs of the two ends of the PW, and run:
system-view

The system view is displayed. 2. Run:


interface eth-trunk trunk-id

An Eth-Trunk interface is created. 3. Run:


quit

Return to the system view. 4. Run:


interface { ethernet | gigabitethernet } interface-number

The view of the interface to be added into the Eth-Trunk is displayed. An Eth-Trunk member interface cannot be configured with a static MAC address.
NOTE

Member interfaces of a trunk cannot be Eth-Trunk interfaces or IP-Trunk interfaces.

5.

Run:
eth-trunk trunk-id

The interface is added into the Eth-Trunk. Before adding an interface into an Eth-Trunk, ensure the interface is not configured with any Layer 3 attributes such as IP address and any services. An Ethernet interface can join only one Eth-Trunk interface. To join another EthTrunk interface, the Ethernet interface must quit from the original one.
Issue 03 (2008-09-22) Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd. 7-25

7 VPLS Configuration

Quidway NetEngine80E/40E Core Router Configuration Guide - VPN

Member interfaces of an Eth-Trunk interface must be of the same type. That is, FE interfaces and GE interfaces cannot join an Eth-Trunk interface. 6. Run:
quit

Return to the system view. 7. Run:


interface eth-trunk trunk-id

The Eth-Trunk interface view is displayed. 8. Run:


l2 binding vsi vsi-name

The Eth-Trunk interface is bound with the VSI. l Binding the VSI with an Eth-Trunk sub-interface 1. Do as follows on the PEs of the two ends of the PW, and run:
system-view

The system view is displayed. 2. Run:


interface eth-trunk trunk-id

An Eth-Trunk interface is created. 3. Run:


quit

Return to the system view. 4. Run:


interface { ethernet | gigabitethernet } interface-number

The view of the interface to be added into the Eth-Trunk is displayed. An Eth-Trunk member interface cannot be configured with a static MAC address.
NOTE

Member interfaces of a trunk cannot be Eth-Trunk interfaces or IP-Trunk interfaces.

5.

Run:
eth-trunk trunk-id

The interface is added into the Eth-Trunk. Before adding an interface into an Eth-Trunk, ensure the interface is not configured with any Layer 3 attributes such as IP address and any services. An Ethernet interface can join only one Eth-Trunk interface. To join another EthTrunk interface, the Ethernet interface must quit from the original one. Member interfaces of an Eth-Trunk interface must be of the same type. That is, FE interfaces and GE interfaces cannot join an Eth-Trunk interface. 6. Run:
quit

Return to the system view. 7. Run:


interface eth-trunk trunk-id .subnumber

7-26

Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd.

Issue 03 (2008-09-22)

Quidway NetEngine80E/40E Core Router Configuration Guide - VPN

7 VPLS Configuration

The Eth-Trunk sub-interface view is displayed. 8. Run:


shutdown

The current sub-interface is shut down. 9. Run:


vlan-type dot1q vlan-id

The VLAN encapsulation type is configured on the sub-interface. 10. Run:


undo shutdown

The current sub-interface is restarted. 11. Run:


l2 binding vsi vsi-name

The Eth-Trunk sub-interface is bound with the VSI. ----End

7.3.4 Checking the Configuration


Run the following commands to check the previous configuration. Action Check the information about the VPLS VSI. Check information about the remote VSI. Check information about the VPLS connection. Check information about the outgoing interface of the VSI PW. Check information about the tunnel policy used by the VSI. Command display vsi [ name vsi-name ] [ verbose ] display vsi remote ldp [ router-id ipaddress ] [ pw-id pw-id ] display vpls connection [ ldp | vsi vsi-name ] [ down | up ] [ verbose ] display vsi pw out-interface [ vsi vsi-name ] display l2vpn vsi-list tunnel-policy tunnelpolicy policy-name

Run the display vsi [ name vsi-name ] [ verbose ] command. You can view that the item "VSI State" is displayed as "up". If verbose is selected, the item "Signaling" is displayed as "ldp" and the item "VC State" is displayed as "up". This means that the configuration succeeds. For example:
<Quidway> display vsi name ***VSI Name Administrator VSI Isolate Spoken VSI Index PW Signaling Member Discovery Style PW MAC Learn Style Encapsulation Type MTU Mode a2 verbose : a2 : no : disable : 0 : ldp : static : unqualify : vlan : 1500 : uniform

Issue 03 (2008-09-22)

Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd.

7-27

7 VPLS Configuration
Service Class Color DomainId Domain Name VSI State VSI ID *Peer Router ID VC Label Peer Type Session Tunnel ID Interface Name State **PW Information: *Peer Ip Address PW State Local VC Label Remote VC Label PW Type Tunnel ID : : : : : : : : : : : : : : : : : : : --0

Quidway NetEngine80E/40E Core Router Configuration Guide - VPN

up 2 3.3.3.9 23552 dynamic up 0x2002001, GigabitEthernet1/0/0.1 up 3.3.3.9 up 23552 23552 label 0x2002001,

Run the display vsi remote ldp [ router-id ip-address ] [ pw-id pw-id ] command. If information about the remote VSI established through LDP is displayed, it means that the configuration succeeds. For example:
<Quidway> display vsi remote ldp Vsi Peer VC ID RouterID Label 2 3.3.3.9 23552 Group ID 0 Encap Type vlan MTU Value 1500 Vsi Index 0

Run the display vpls connection [ ldp | vsi vsi-name ] [ down | up ] [ verbose ] command. You can view that the item "VC State" is displayed as "up". If verbose is selected, the item "Signaling" is displayed as "ldp", the item "VC State" is displayed as "up", and label allocation is complete. For example:
<Quidway> display vpls connection ldp verbose VSI Name: a2 Signaling: ldp **Remote Vsi ID : 2 VC State : up Encapsulation : vlan Group ID : 0 MTU : 1500 Peer Ip Address : 3.3.3.9 PW Type : label Local VC Label : 23552 Remote VC Label : 23552 Tunnel Policy : -Tunnel ID : 0x2002002,

7.4 Configuring LDP HVPLS


This section describes how to configure HVPLS in LDP mode. 7.4.1 Establishing the Configuration Task 7.4.2 Configuring SPE 7.4.3 Configuring UPE 7.4.4 Checking the Configuration

7.4.1 Establishing the Configuration Task


7-28 Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd. Issue 03 (2008-09-22)

Quidway NetEngine80E/40E Core Router Configuration Guide - VPN

7 VPLS Configuration

Applicable Environment
If the VPLS possess excessive PEs, you can adopt the HVPLS to reduce the performance requirement of the PE devices.

Pre-configuration Tasks
Before configuring the HVPLS, complete the following tasks:
l l l l l

Complete the task of Configuring Martini VPLS between the SPE and the PE Set up the MPLS LDP peer between the UPE and the SPE Create the VSI instance on the SPE and specify the UPE as its PE of lower layer Create the VSI instance on the UPE and specify the SPE as the VSI peer Configure the CE1 and the CE2 to access the UPE, and configure the CE3 to access the PE
NOTE

The Kompella VPLS uses BGP as the signaling. The configuration of the route reflector can solve the problem of excessive connections caused by the VPLS fully connection. Therefore, the NE80E/40E supports only the Martini HVPLS.

Data Preparation
To configure the HVPLS, you need the following data. No. 1 2 3 4 Data Corresponding relationship between the UPE and the SPE IP address of the peer VSI name, VSI ID, and the interface bound with VSI Tunnel policy

7.4.2 Configuring SPE


Context
Do as follows on the SPE.

Procedure
Step 1 Run
system-view

The system view is displayed. Step 2 Run:


vsi vsi-name static

The VSI and is created and the static member discovery mechanism is adopted.
Issue 03 (2008-09-22) Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd. 7-29

7 VPLS Configuration

Quidway NetEngine80E/40E Core Router Configuration Guide - VPN

Step 3 Run:
pwsignal ldp

The PW signaling protocol is specified as the LDP and the VSI-LDP view is displayed. Step 4 Run:
vsi-id vsi-id

The VSI ID is configured. Step 5 Run:


peer peer-address [ negotiation-vc-id vc-id ] [ tnl-policy policy-name ]

The VSI peer between the SPEs is configured. Step 6 Run:


peer peer-address upe [ negotiation-vc-id vc-id ] [ tnl-policy policy-name ]

The VSI peer between the SPE and the UPE is configured. ----End

7.4.3 Configuring UPE


The configuration of the UPE is similar to that on the PE of the VPLS fully-connected network. The difference is that the UPE sets up connections only with the connected SPEs. For the detailed configuration, see Configuring Martini VPLS.

7.4.4 Checking the Configuration


Run the following commands to check the previous configuration. Action Check information about the VPLS VSI. Check information about the remote VSI. Check information about the outgoing interface of the VSI PW. Check information about the tunnel policy used by the VSI. Command display vsi [ name vsi-name ] [ verbose ] display vsi remote ldp [ router-id ipaddress ] [ pw-id pw-id ] display vsi pw out-interface [ vsi vsiname ] display l2vpn vsi-list tunnel-policy tunnelpolicy policy-name

Run the display vsi [ name vsi-name ] [ verbose ] command. You can view that the item "VSI State" is displayed as "up". If verbose is selected, the item "Signaling" is displayed as "ldp" and the item "VSI State" is displayed as "up". This means that the configuration succeeds. For example:
<Quidway> display vsi name vsi123 verbose ***VSI Name : v123 Administrator VSI : no Isolate Spoken : disable VSI Index : 0

7-30

Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd.

Issue 03 (2008-09-22)

Quidway NetEngine80E/40E Core Router Configuration Guide - VPN


PW Signaling Member Discovery Style PW MAC Learn Style Encapsulation Type MTU Mode Service Class Color DomainId Domain Name VSI State VSI ID *Peer Router ID VC Label Peer Type Session Tunnel ID *Peer Router ID VC Label Peer Type Session Tunnel ID **PW Information: *Peer Ip Address PW State Local VC Label Remote VC Label PW Type Tunnel ID *Peer Ip Address PW State Local VC Label Remote VC Label PW Type Tunnel ID : : : : : : : : : : : : : : : : : : : : : : : : : : : : : : : : : : ldp static unqualify vlan 1500 uniform --0 up 123 3.3.3.9 23552 dynamic up 0x2002002, 1.1.1.9 23553 dynamic up 0x1002000, 1.1.1.9 up 23553 23552 MEHVPLS 0x1002000, 3.3.3.9 up 23552 23552 label 0x2002002,

7 VPLS Configuration

Run the display vsi remote ldp [ router-id ip-address ] [ pw-id pw-id ] command. If information about the remote VSI established through LDP is displayed, it means that the configuration succeeds. For example:
<Quidway> display vsi remote ldp Vsi Peer VC ID RouterID Label 123 2.2.2.9 23553 Group ID 0 Encap Type vlan MTU Value 1500 Vsi Index 0

7.5 Configuring Loop Detection of ACs in a VPLS Network


This section describes how to configure loop detection of attachment circuits (ACs) in a VPLS network. 7.5.1 Establishing the Configuration Task 7.5.2 Enabling Loop Detection Globally 7.5.3 Configuring Loop Detection 7.5.4 Checking the Configuration

7.5.1 Establishing the Configuration Task

Issue 03 (2008-09-22)

Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd.

7-31

7 VPLS Configuration

Quidway NetEngine80E/40E Core Router Configuration Guide - VPN

Applicable Environment
If the VPLS network that CE devices access has redundant links, configure loop detection for the AC interface of PE to protect the network from broadcast storm.

Pre-configuration Tasks
Before configuring loop detection of ACs in a VPLS network, complete the following task: Deploying the VPLS in network, and making CE devices interact

Data Preparation
To configure loop detection of ACs in a VPLS network, prepare the following data. No. 1 Data Recovery time of the backup link when the active link is faulty

7.5.2 Enabling Loop Detection Globally


Context
Do as follows on PEs.

Procedure
Step 1 Run:
system-view

The system view is displayed. Step 2 Run:


loop-detection enable

The loop detection is globally enabled. ----End

7.5.3 Configuring Loop Detection


Context
Do as follows on PEs.

Procedure
Step 1 Run:
system-view

7-32

Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd.

Issue 03 (2008-09-22)

Quidway NetEngine80E/40E Core Router Configuration Guide - VPN

7 VPLS Configuration

The system view is displayed. Step 2 Run:


interface { ethernet | gigabitethernet } interface-number.subinterface-number

The Ethernet sub-interface view is displayed. The interface must be already associated with the AC interface of a VSI.
NOTE

The Sub-Interface can be that for dot1q VLAN Tag Termination.

Step 3 Run:
loop-detect enable

The loop detection is enabled at the AC interface. Step 4 Run:


loop-detect block [ block-time ]

The AC interface is set to blocking the interface when a loop is detected, and the delay for interface recovery after the loop elimination is set. ----End

7.5.4 Checking the Configuration


Run the following command to check the previous configuration. Action Check the status of the AC interface. Commands display interface { ethernet | gigabitethernet } interface-number.subinterface-number

Run the display interface { ethernet | gigabitethernet } interface-number.subinterfacenumber command. If the current State in the display result of the AC interface is up, it means the interface is blocked. For example:
<Quidway> display interface gigabitethernet 1/0/0.1 GigabitEthernet1/0/0.1 current state : UP (interface is blocked) Line protocol current state : DOWN Description : HUAWEI, Quidway Series, GigabitEthernet1/0/0.1 Interface, Route Po rt The Maximum Transmit Unit is 1500 bytes Internet protocol processing : disabled IP Sending Frames' Format is PKTFMT_ETHNT_2, Hardware address is 00e0-fc5b-8101 Encapsulation dot1q Virtual LAN, The number of Vlan is 1 The Vendor PN is HFBR-5710L Port BW: 1G, Transceiver max BW: 1G, Transceiver Mode: MultiMode WaveLength: 850nm, Transmission Distance: 550m Loopback:none, full-duplex mode, negotiation: disable, Pause Flowcontrol:Send a nd Receive Enable Last 300 seconds input rate 0 bytes/sec, 0 packets/sec Last 300 seconds output rate 0 bytes/sec, 0 packets/sec Input: 0 packets,0 bytes, 0 unicast,0 broadcast,0 multicasts 0 errors,0 drops,0 unknowprotocol Output:0 packets,0 bytes, 0 unicast,0 broadcast,0 multicasts

Issue 03 (2008-09-22)

Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd.

7-33

7 VPLS Configuration
0 errors,0 drops

Quidway NetEngine80E/40E Core Router Configuration Guide - VPN

7.6 Configuring a VLL to Access the VPLS


This section describes how to configure a VLL to access a VPLS network. 7.6.1 Establishing the Configuration Task 7.6.2 Configuring a Dynamic VLL to Access the VPLS 7.6.3 Configuring a Static VLL to Access the VPLS 7.6.4 Checking the Configuration

7.6.1 Establishing the Configuration Task


Applicable Environment
In a practical network such as a MAN, the VLL set up between a UPE device and an SPE device connects the CE to the backbone VPLS network.

Pre-configuration Tasks
Before configuring a VLL to access the VPLS, complete the following tasks:
l

Configuring an IGP protocol on the SPE and P devices in the MPLS backbone network to ensure the IP connectivity Realizing the connectivity between the SPE devices in the VPLS meshed network Setting up a dynamic LSP or a static LSP between the UPE and the SPE devices Enabling MPLS L2VPN on the interfaces connected the UPE and the SPE devices Configuring the tunnel policy

l l l l

Data Preparation
To configure a VLL to access the VPLS, you need the following data. No. 1 2 3 4 5 6 7 Data Mappings between the UPE and the SPE devices IP address of the peer VSI name, VSI ID, the interface bound with the VSI Destination IP address of the L2VC and VC ID ID of the destination LSR of the static VLL Transmit and receive labels of the static VLL Tunnel policy of the static VLL

7-34

Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd.

Issue 03 (2008-09-22)

Quidway NetEngine80E/40E Core Router Configuration Guide - VPN

7 VPLS Configuration

7.6.2 Configuring a Dynamic VLL to Access the VPLS


Procedure
l Creating a VLL in Martini Mode Do as follows on the UPEs. 1. Run:
system-view

The system view is displayed. 2. Run:


mpls l2vpn

The MPLS L2VPN view is displayed. 3. Run:


mpls l2vpn default martini

The Martini mode is set. 4. Run:


quit

Return to the system view. 5. Run:


interface interface-type interface-number

The view of the AC interface is displayed. 6. Run:


mpls l2vc dest-ip-addr vc-id [ [ tunnel-policy policy-name ] | [ raw | tagged ] ] *

A Martini VLL is created. The VC ID of the VLL must be the same with the VSI ID of the VPLS to be accessed. The tunnel policy for the Martini VLL defaults to LSPs and only one LSP is used for load balancing. If a tunnel of other types is needed, you can specify tunnel-policy policy-name to obtain the tunnel policy. Because VPLS packets can adopt Ethernet encapsulation and VLAN encapsulation only, VC interfaces of the VLL must be Ethernet interfaces. In addition, the VC type of the VLL must be consistent with the encapsulation type of the VPLS. If they are inconsistent, you can specify tagged or raw to change the VC type to VLAN encapsulation or Ethernet encapsulation to make them consistent.
NOTE

An interface cannot be used as the AC interface of a VLL and the AC interface of an L3VPN at the same time. When an interface is bound to a VLL, the Layer 3 features such as the IP address and routing protocol configured on this interface become invalid. If an interface is bound to a VLL and an L3VPN at the same time, only the VLL is available. After the VLL is deleted, the bound L3VPN can become available.

Configuring the VLL to Access the VPLS Do as follows on the SPEs.

Issue 03 (2008-09-22)

Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd.

7-35

7 VPLS Configuration

Quidway NetEngine80E/40E Core Router Configuration Guide - VPN

1.

Run:
system-view

The system view is displayed. 2. Run:


vsi vsi-name static

The view of the VSI is displayed and the static member discovery mechanism is adopted. 3. Run:
pwsignal ldp

The VSI LDP view is displayed. 4. Run:


vsi-id vsi-id

The ID of the VSI is set. The VSI ID of the VPLS and the VC ID of the VLL must be the same. 5. Run:
peer peer-address [ negotiation-vc-id vc-id ] [ tnl-policy policy-name ] upe

A peer is configured for the VSI. When the VSI ID of the VPLS and the VC ID of the VLL are inconsistent, you can specify negotiate-vc-id vc-id, and vc-id must be the same as the VC ID of the VLL. In this case, vc-id cannot be the same as other configured local VSI IDs and other local VC IDs specified by negotiate-vc-id. The tunnel policy for the Martini VPLS defaults to LSPs and only one LSP is used for load balancing. If a tunnel of other types is needed, you can specify tnl-policy policy-name to obtain the tunnel policy. ----End

7.6.3 Configuring a Static VLL to Access the VPLS


Procedure
l Creating a VLL in SVC Mode Do as follows on the UPE. 1. Run:
system-view

The system view is displayed. 2. Enter the interface view. Run the interface { ethernet | gigabitethernet } interface-number.subinterfacenumber command to enter the Ethernet interface view. Run the vlan-type dot1q vlan-id command to add the Ethernet sub-interface to the VLAN and specify the VLAN encapsulation type. 3.
7-36

Run:
Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd. Issue 03 (2008-09-22)

Quidway NetEngine80E/40E Core Router Configuration Guide - VPN

7 VPLS Configuration

mpls static-l2vc destination dest-ip-addr transmit-vpn-label transmitlabel-value receive-vpn-label receive-label-value [ tunnel-policy tnlpolicy-name | [ control-word | no-control-word ] | [ raw | tagged | ipinterworking ] ] *

A static VC is created between the UPE and the SPE devices. l Binding the VSI of the SPE to the Static VLL Do as follows on the SPE devices. 1. Run:
system-view

The system view is displayed. 2. Run:


vsi vsi-name static

A VSI is created and the static member discovery is enabled. 3. Run:


pwsignal ldp

The LDP is specified as the PW signaling protocol and the VSI LDP view is displayed. 4. Run:
vsi-id vsi-id

The VSI ID is set. 5. Run:


mac-withdraw

After the configuration, when an AC fault or a UPE fault occurs and the VSI remains Up, the local MAC address is deleted and all the remote peers are informed of the deletion. 6. Run:
peer peer-address [ negotiation-vc-id vc-id ] [ tunnel-policy policyname ]

The VSI peer is configured. 7. Run:


peer peer-address [ tunnel-policy policy-name ] static-upe trans transmitlabel recv receive-label

The transmit and receive labels between the SPE and the static UPE are configured. The label trans here must be the same as the label receive-vpn-label that is configured on UPE. In addition, the label recv must be the same as the label transmit-vpnlabel that is configured on UPE. ----End

7.6.4 Checking the Configuration


Run the following commands to check the previous configuration.

Issue 03 (2008-09-22)

Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd.

7-37

7 VPLS Configuration

Quidway NetEngine80E/40E Core Router Configuration Guide - VPN

Action Check information about the VLL connection in Martini mode. Check information about the VLL connection in SVC mode. Check information about the SVC interface in the Up state. Check information about the VSI of the VPLS. Check information about the remote VSI. Check information about the VPLS connection. Check the dynamic MAC address entries.

Command display mpls l2vc [ vc-id | interface interface-type interface-number ] display mpls static-l2vc [ interface interface-type interface-number ] display l2vpn ccc-interface vc-type static-vc up display vsi [ name vsi-name ] [ verbose ] display vsi remote ldp [ route-id ip-address ] [ pw-id pw-id ] display vpls connection [ ldp | vsi vsi-name ] [ down | up ] [ verbose ] display mac-address dynamic slot-id

Run the display mpls l2vc command. If the destination is the peer IP address of the specified VC and the VC is in the Up state, it means that the configuration succeeds. For example:
<Quidway> display mpls l2vc total LDP VC : 1 1 up 0 down *client interface : GigabitEthernet1/0/0.1 session state : up AC status : up VC state : up VC ID : 101 VC type : VLAN destination : 3.3.3.9 local VC label : 21504 remote VC label : 21504 control word : disable forwarding entry : existent local group ID : 0 manual fault : not set active state : active link state : up local VC MTU : 1500 remote VC MTU : 1500 tunnel policy name : -traffic behavior name: -PW template name : -primary or secondary : primary create time : 0 days, 0 hours, 7 minutes, 55 seconds up time : 0 days, 0 hours, 4 minutes, 58 seconds last change time : 0 days, 0 hours, 4 minutes, 58 seconds

Run the display mpls static-l2vc command. You can view that the VC status is Up. For example:
<Quidway> display mpls static-l2vc interface gigabitethernet 2/0/0.1 *Client Interface : GigabitEthernet2/0/0.1 is up AC Status : up VC State : up VC ID : 0 VC Type : VLAN Destination : 1.1.1.9 Transmit VC Label : 100 Receive VC Label : 100

7-38

Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd.

Issue 03 (2008-09-22)

Quidway NetEngine80E/40E Core Router Configuration Guide - VPN


Control Word : VCCV Capabilty : Tunnel Policy : PW Template Name : Traffic Behavior : Main or Secondary : VC tunnel/token info NO.0 TNL Type : lsp Create time UP time Last change time

7 VPLS Configuration
Disable Disable ---Main : 1 tunnels/tokens , TNL ID : 0x1002000 : 0 days, 0 hours, 10 minutes, 45 seconds : 0 days, 0 hours, 10 minutes, 45 seconds : 0 days, 0 hours, 10 minutes, 45 seconds

Run the display l2vpn ccc-interface vc-type static-vc up command. You can view that the VC type is SVC and the status is Up. For example:
<Quidway> display l2vpn ccc-interface vc-type static-vc up Total ccc-interface of CCC VC: 1 up (1), down (0) Interface Encap Type State VC Type GigabitEthernet1/0/0 vlan up SVC

Run the display vsi [ name vsi-name ] [ verbose ] command. You can find the item "VSI State" is displayed as "up". If verbose is selected, the item "Signaling" is displayed as "ldp" and the item "VC State" is "up". This means that the configuration succeeds. For example:
<Quidway> display vsi name ***VSI Name Administrator VSI Isolate Spoken VSI Index PW Signaling Member Discovery Style PW MAC Learn Style Encapsulation Type MTU Mode Service Class Color DomainId Domain Name VSI State VSI ID *Peer Router ID VC Label Peer Type Session Tunnel ID *Peer Router ID VC Label Peer Type Tunnel ID **PW Information: *Peer Ip Address PW State Local VC Label Remote VC Label PW Type Tunnel ID *Peer Ip Address PW State Local VC Label Remote VC Label PW Type Tunnel ID v100 verbose : v100 : no : disable : 0 : ldp : static : unqualify : vlan : 1500 : uniform : -: -: 0 : : up : 100 : 3.3.3.9 : 23552 : dynamic : up : 0x1002001, : 4.4.4.9 : 100 : static : 0x2002004, : : : : : : : : : : : : 4.4.4.9 up 100 100 MEHVPLS 0x2002004, 3.3.3.9 up 23552 23552 label 0x1002001,

Run the display vsi remote ldp [ router-id ip-address ] [ pw-id pw-id ] command. If information about the remote VSI established through LDP is displayed, it means that the configuration succeeds. For example:
Issue 03 (2008-09-22) Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd. 7-39

7 VPLS Configuration
<Quidway> display vsi remote ldp Vsi Peer VC ID RouterID Label 123 3.3.3.9 17408

Quidway NetEngine80E/40E Core Router Configuration Guide - VPN

Group ID 0

Vsi Type vlan

MTU Value 1500

Vsi Index 1

Run the display mac-address dynamic slot-id command. You can view the MAC address learned by the corresponding interface. For example:
<Quidway> display mac-address dynamic 1 MAC Address VLAN/VSI PEVLAN CEVLAN Port Type Lsp -------------------------------------------------------------------------------0000-c101-0202 100 123 12 GigabitEthernet1/0/0 dynamic 3/4137 0000-c101-0102 100 123 12 GigabitEthernet1/0/1 dynamic 3/3366 Total 2 ,2 printed

7.7 Configuring the Static VLL to Access the VPLS Network in Dual-homed Mode
This section describes how to configure the static VLL to access the VPLS network in dualhomed mode. 7.7.1 Establishing the Configuration Task 7.7.2 Configuring L2VPN and OAM to Detect PSN Tunnels 7.7.3 Configuring Static LSPs Between the UPE and the SPE 7.7.4 Configuring the Primary Tunnel, Protection Tunnel, and Reverse LSP of MPLS TE 7.7.5 Configuring the Tunnel Policy 7.7.6 Configuring UPEs to Access SPEs Through Static VLLs 7.7.7 Configuring MPLS OAM 7.7.8 Configuring HVPLS for the SPE 7.7.9 Checking the Configuration

7.7.1 Establishing the Configuration Task


Applicable Environment
In the practical network such as a MAN, if a UPE device does not support the dynamic VLL, the UPE device has to access the SPE through the static VLL. To ensure the reliable VLL accessing, the UPE accessing the SPE in dual-homed mode is introduced. In dual-homed mode, if a PW fails, the data traffic is immediately switched to another PW.

Pre-configuration Tasks
Before configuring the static VLL to access the VPLS network, complete the following tasks:
7-40 Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd. Issue 03 (2008-09-22)

Quidway NetEngine80E/40E Core Router Configuration Guide - VPN


l

7 VPLS Configuration

Configuring IGP on the SPE and P devices in the MPLS backbone network to ensure the IP connectivity Realizing the connectivity between the UPE and the SPE devices in the VPLS meshed network Enabling MPLS L2VPN on the interfaces connected the UPE and the SPE devices Configuring the tunnel policy of the SPE devices

l l

Data Preparation
To configure the static VLL to access the VPLS network in dual-homed mode, you need the following data. No. 1 2 3 4 5 6 7 8 Data Mappings between the UPE and the SPE devices IP address of the peer VSI name, VSI ID, the interface bound with the VSI ID of the destination LSR of the static VLL Sent and received label value of the static VLL between the SPE and the UPE devices Tunnel policy of the static VLL Interval for sending MPLS OAM FFD packets Name of the reverse LSP of the MPLS TE tunnel

7.7.2 Configuring L2VPN and OAM to Detect PSN Tunnels


Context
Do as follows on the SPE:

Procedure
Step 1 Run:
system-view

The system view is displayed. Step 2 Run:


mpls l2vpn

The MPLS L2VPN view is displayed. Step 3 Run:


oam-detecting enable

L2VPN and OAM are enabled to detect PSN tunnels. ----End


Issue 03 (2008-09-22) Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd. 7-41

7 VPLS Configuration

Quidway NetEngine80E/40E Core Router Configuration Guide - VPN

7.7.3 Configuring Static LSPs Between the UPE and the SPE
Context
Do as follows on the SPE and the UPE:

Procedure
Step 1 Run:
system-view

The system view is displayed. Step 2 Run:


static-lsp ingress tunnel-interface tunnel tunnel-number destination ip-address { nexthop next-hop-address | outgoing-interface interface-type interface-number } out-label out-label

The ingress of the LSP is configured. Step 3 Run:


static-lsp egress lsp-name incoming-interface interface-type interface-number inlabel in-label [ lsrid ingress-lsr-id tunnel-id tunnel-id ]

The egress of the LSP is configured. ----End

7.7.4 Configuring the Primary Tunnel, Protection Tunnel, and Reverse LSP of MPLS TE
Context
Do as follows on the SPE and the UPE:

Procedure
Step 1 Run:
system-view

The system view is displayed. Step 2 Run:


interface tunnel interface-number

The tunnel interface view is displayed. Step 3 Run:


ip address unnumbered interface interface-type interface-number

The IP address of the tunnel interface is configured. Step 4 Run:


tunnel-protocol mpls te

7-42

Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd.

Issue 03 (2008-09-22)

Quidway NetEngine80E/40E Core Router Configuration Guide - VPN

7 VPLS Configuration

The tunnel protocol is configured as MPLS TE, and an MPLS TE tunnel is created. Step 5 Run:
mpls te signal-protocol static

The tunnel protocol is configured as the static LSP protocols. Step 6 Run:
destination ip-address

The destination address of the tunnel is configured. Step 7 Run:


mpls te tunnel-id tunnel-id

The tunnel ID is configured. Step 8 Run:


mpls te protection tunnel tunnel-id [ holdoff holdoff-time ] [ mode { nonrevertive | revertive [ wtr wtr-time ] } ]

The protection tunnel of the primary tunnel is configured. You need to run this command in the primary tunnel view rather than the protection tunnel view of the UPE nor the tunnel view of the SPE. Step 9 Run:
mpls te reverse-lsp lsp-name lsp-name

The reverse LSP of the tunnel interface is configured. This reverse LSP and the positive LSP on the tunnel interface form a bidirectional LSP. Step 10 Run:
mpls te reserved-for-binding

The MPLS TE tunnel is configured for VPN binding. Step 11 Run:


mpls te commit

The current tunnel configurations are committed. ----End

7.7.5 Configuring the Tunnel Policy


Context
Do as follows on the SPE:

Procedure
Step 1 Run:
system-view

The system view is displayed. Step 2 Run:


Issue 03 (2008-09-22) Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd. 7-43

7 VPLS Configuration
tunnel-policy policy-name

Quidway NetEngine80E/40E Core Router Configuration Guide - VPN

The tunnel policy view is displayed. Step 3 Run:


tunnel binding destination dest-ip-address te tunnel interface-number

The specified tunnel is bound to the destination IP address. After the binding, this tunnel can be used to transmit only specific VPN services. ----End

7.7.6 Configuring UPEs to Access SPEs Through Static VLLs


Context
Do as follows on the UPE:

Procedure
Step 1 Run:
system-view

The system view is displayed. Step 2 Run:


interface { ethernet | gigabitethernet } interface-number.subinterface-number

The Ethernet sub-interface view is displayed. Step 3 Run:


vlan-type dot1q vlan-id

The Ethernet sub-interface is added to the VLAN. Step 4 Run:


mpls static-l2vc destination dest-ip-addr transmit-vpn-label transmit-label-value receive-vpn-label receive-label-value [ tunnel-policy tnl-policy-name | [ controlword | no-control-word ] | [ raw | tagged | ip-interworking ] ] *

The static VC is created between the UPE and the SPE. ----End

7.7.7 Configuring MPLS OAM


Context
Do as follows on the SPE and the UPE:

Procedure
Step 1 Run:
system-view

7-44

Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd.

Issue 03 (2008-09-22)

Quidway NetEngine80E/40E Core Router Configuration Guide - VPN

7 VPLS Configuration

The system view is displayed. Step 2 Run:


mpls

The MPLS view is displayed. Step 3 Run:


mpls oam

MPLS OAM is enabled globally. Step 4 Run:


quit

The system view is displayed. Step 5 Run:


mpls oam ingress tunnel tunnel-number [ type { cv | ffd frequency ffd-fre } ] [ backward-lsp { lsp-name lsp-name | lsr-id rev-ingress-lsr-id tunnel-id rev-tunnelid | share } ] [ packet-priority priority ]

MPLS OAM parameters are configured for the ingress. By default, note the following:
l

The detection packet is a connectivity verification (CV) packet. The interval for sending CV packets is 1 second. The shared reverse channel (share) is used. The priority of sending detection packets is 0, which is the highest priority.

l l

Step 6 Run:
mpls oam ingress enable { all | tunnel tunnel-number }

OAM is enabled on the ingress. Step 7 Run:


mpls oam egress { lsp-name lsp-name | lsr-id ingress-lsr-id tunnel-id tunnel-id } type { cv | ffd frequency ffd-fre } [ backward-lsp tunnel tunnel-number [ private | share ] ] [ bdi-frequence { detect-freq | per-second } ]

OAM parameters are configured for the egress when OAM automatic protocol extension is disabled. Step 8 Run:
mpls oam egress enable { all | lsp-name lsp-name | lsr-id ingress-lsr-id tunnel-id tunnel-id }

OAM is enabled on the egress. ----End

7.7.8 Configuring HVPLS for the SPE


Context
Do as follows on the SPE:
Issue 03 (2008-09-22) Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd. 7-45

7 VPLS Configuration

Quidway NetEngine80E/40E Core Router Configuration Guide - VPN

Procedure
Step 1 Run:
system-view

The system view is displayed. Step 2 Run:


vsi vsi-name static

The VSI view is created and the static member discovery mechanism is adopted. Step 3 Run:
pwsignal ldp

LDP is configured as the PW signaling protocol and the VSI LDP view is displayed. Step 4 Run:
vsi-id vsi-id

The VSI ID is configured. Step 5 Run:


mac-withdraw enable

After the configuration, when the AC or UPE fails and the VSI remains Up, the VSI can delete the local MAC address and notify all remote peers of the fault. Step 6 Run:
peer peer-address

The VSI peer is configured. Step 7 Run:


peer peer-address tnl-policy policy-name static-upe trans transmit-label recv receive-label

The local label and the remote label are configured between the SPE and the UPE. ----End

7.7.9 Checking the Configuration


Run the following commands to check the previous configuration. Action Check information about SVC L2VPN connections. Check information about the interface with the VC in the Up state established in SVC mode. Check information about the VSI of the VPLS.
7-46

Command display mpls static-l2vc [ interface interface-type interface-number ] display l2vpn ccc-interface vc-type static-vc up

display vsi [ name vsi-name ] [ verbose ]

Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd.

Issue 03 (2008-09-22)

Quidway NetEngine80E/40E Core Router Configuration Guide - VPN

7 VPLS Configuration

Action Check information about the remote VSI. Check dynamic MAC address entries. Check the LSP status and configuration of the OAM ingress. Check the LSP status and configuration of the OAM egress. Check information about the specified tunnel and its protection tunnel.

Command display vsi remote ldp [ router-id ip-address ] [ pw-id pw-id ] display mac-address dynamic slot-id display mpls oam ingress { all | tunnel tunnelnumber } [ slot slot-id | verbose ] display mpls oam egress { all | lsp-name lspname | lsr-id ingress-lsr-id tunnel-id tunnel-id } [ slot slot-id | verbose ] display mpls te protection tunnel { all | tunnelid } [ verbose ]

Run the display mpls static-l2vc command. You can view that the VC status is Up. For example:
<Quidway> display mpls static-l2vc interface gigabitethernet 2/0/0.1 *Client Interface : GigabitEthernet2/0/0.1 is up AC Status : up VC State : up VC ID : 0 VC Type : VLAN Destination : 1.1.1.9 Transmit VC Label : 100 Receive VC Label : 100 Control Word : Disable VCCV Capabilty : Disable Tunnel Policy : -PW Template Name : -Traffic Behavior : -Main or Secondary : Main VC tunnel/token info : 1 tunnels/tokens NO.0 TNL Type : lsp , TNL ID : 0x1002000 Create time : 0 days, 0 hours, 10 minutes, 45 seconds UP time : 0 days, 0 hours, 10 minutes, 45 seconds Last change time : 0 days, 0 hours, 10 minutes, 45 seconds

Run the display l2vpn ccc-interface vc-type static-vc up command. You can view that the VC type is SVC and the status is Up. For example:
<Quidway> display l2vpn ccc-interface vc-type static-vc up Total ccc-interface of CCC VC: 1 up (1), down (0) Interface Encap Type State VC Type GigabitEthernet1/0/0 vlan up SVC

Run the display vsi [ name vsi-name ] [ verbose ] command. You can find the item "VSI State" is displayed as "up". If verbose is selected, the item "Signaling" is displayed as "ldp" and the item "VSI State" is "up". This means that the configuration succeeds. For example:
<Quidway> display vsi name ***VSI Name Administrator VSI Isolate Spoken VSI Index PW Signaling Member Discovery Style PW MAC Learn Style Encapsulation Type v100 verbose : v100 : no : disable : 0 : ldp : static : unqualify : vlan

Issue 03 (2008-09-22)

Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd.

7-47

7 VPLS Configuration
MTU Mode Service Class Color DomainId Domain Name VSI State VSI ID *Peer Router ID VC Label Peer Type Session Tunnel ID *Peer Router ID VC Label Peer Type Tunnel ID **PW Information: *Peer Ip Address PW State Local VC Label Remote VC Label PW Type Tunnel ID *Peer Ip Address PW State Local VC Label Remote VC Label PW Type Tunnel ID : : : : : : : : : : : : : : : : : : : : : : : : : : : : : 1500 uniform --0 up 100 3.3.3.9 23552 dynamic up 0x1002001, 4.4.4.9 100 static 0x2002004, 4.4.4.9 up 100 100 MEHVPLS 0x2002004, 3.3.3.9 up 23552 23552 label 0x1002001,

Quidway NetEngine80E/40E Core Router Configuration Guide - VPN

Run the display vsi remote ldp [ router-id ip-address ] [ pw-id pw-id ] command. If information about the VSI established through LDP is displayed, it means that the configuration succeeds. For example:
<Quidway> display vsi remote ldp Vsi Peer VC ID RouterID Label 123 3.3.3.9 17408 Group ID 0 Vsi Type vlan MTU Value 1500 Vsi Index 1

Run the display mac-address dynamic slot-id command. You can view the MAC address learned by the corresponding interface. For example:
<Quidway> display mac-address dynamic 1 MAC Address VLAN/VSI Port Type Lsp ---------------------------------------------------------------------------00eo-fc01-0202 100 GigabitEthernet1/0/0 dynamic 3/4137 00e0-fc01-0102 100 GigabitEthernet1/0/1 dynamic 3/3366 Total matching items displayed = 2

After the configuration, run the display mpls oam ingress all command, and you can view that the detection status of the OAM ingress is "Start/Non-defect". For example:
<Quidway> display mpls oam ingress all -------------------------------------------------------------------------------No. Tunnel-name Ttsi Type Frequency Status -------------------------------------------------------------------------------1 Tunnel2/0/0 5.5.5.9 : 1 FFD 100 ms Start/Non-defect 2 Tunnel1/0/0 5.5.5.9 : 11 FFD 100 ms Start/Non-defect -------------------------------------------------------------------------------Total Oam Num: 2 Total Start Oam Num: 0 Total Defect Oam Num: 0

After the configuration, run the display mpls oam ingress all command, and you can view that the detection status of the OAM egress is "Non-defect". For example:
<Quidway> display mpls oam egress all --------------------------------------------------------------------------------

7-48

Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd.

Issue 03 (2008-09-22)

Quidway NetEngine80E/40E Core Router Configuration Guide - VPN

7 VPLS Configuration

No. Lsp-name Ttsi Type Frequency Status -------------------------------------------------------------------------------1 b1 2.2.2.9 : 2 None -Start/Non-defect

Run the display mpls te protection tunnel command. You can check the status of the tunnel protection group. For example:
<Quidway> display mpls te protection tunnel all verbose ---------------------------------------------------------------Verbose information about the 1th proteciton-group ---------------------------------------------------------------Work-tunnel id : 2 Protect-tunnel id : 21 Work-tunnel name : Tunnel2/0/0 Protect-tunnel name : Tunnel1/0/0 Work-tunnel reverse-lsp name : b1 Protect-tunnel reverse-lsp name : b21 switch result : work-tunnel work-tunnel defect state : non-defect protect-tunnel defect state : non-defect work-tunnel reverse-lsp defect state : non-defect protect-tunnel reverse-lsp defect state : non-defect HoldOff : 0ms WTR : 60s Mode : revertive

7.8 Configuring Inter-AS Kompella VPLS


This section describes how to configure the inter-AS Kompella VPLS. 7.8.1 Establishing the Configuration Task 7.8.2 Configuring Inter-AS Kompella VPLS Option A 7.8.3 Configuring Inter-AS Kompella VPLS Option C 7.8.4 Checking the Configuration

7.8.1 Establishing the Configuration Task


Applicable Environment
If the MPLS backbone network bearing VPLS spans multiple ASs, the inter-AS VPLS must be configured. If the number of CEs that access PEs is small, inter-AS VPLS Option A can be adopted. In Option A, ASBRs in the AS must support VSIs and must be capable of managing VPLS label blocks. In addition, ASBRs must reserve dedicated interfaces including sub-interfaces, physical interfaces, and bound logical interfaces for each inter-AS VPLS network. That is, Option A poses high requirements of ASBRs; however, for inter-AS networking, ASBRs do not need any special configurations. If each AS has a great amount of information about VPLS label blocks to exchange, Option C is a good choice to prevent ASBR PEs from becoming a bottleneck that impedes network expansion.

Pre-configuration Tasks
Before configuring the Kompella VPLS, complete the following tasks:
Issue 03 (2008-09-22) Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd. 7-49

7 VPLS Configuration
l

Quidway NetEngine80E/40E Core Router Configuration Guide - VPN

Configuring IGP for MPLS backbone networks in each AS to ensure IP connectivity within an AS Configuring the basic MPLS functions for MPLS backbone networks in each AS Configuring the VSI on the PE connected with the CE and binding the VSI to the AC interface Configuring the IP address on the CE interface that accesses the PE Establishing the tunnel between the PE and the ASBR PE in the same AS (Option A) Configuring MPLS LDP and establishing LSP between the PE and the ASBR PE in the same AS (Option C) Configuring IBGP peer relationship between the PE and the ASBR PE in the same AS (Option C)

l l

l l l

Data Preparation
To configure the Kompella VPLS, you need the following data. No. 1 Data To configure the VSI on the PE and the ASBR PE, you need the following data:
l l l l

VSI name and RD (Optional) Description of the VSI VPN target (Optional) Routing policy that controls sending and receiving of information about VPLS label blocks (Optional) Tunnel policy (Optional) Permitted maximum number of label blocks saved in a VSI

l l

2 3 4 5 6 7

CE ID of the site, number of permitted CEs that access the VPLS network, CE ID and default CE offset PE interfaces that bound to VSIs AS number of the PEs IP addresses and interfaces used to establish the IBGP peers between the PEs and the ASBR PEs IP addresses of the interfaces that connect ASBR PEs (Option C) Routing policy on the ASBR PEs (Option C)

According to the actual scenario, choose either Configuring Inter-AS Kompella VPLS Option A or Configuring Inter-AS Kompella VPLS Option C.

7.8.2 Configuring Inter-AS Kompella VPLS Option A


The configurations of Kompella VPLS Option A can be summarized as follows:
7-50 Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd. Issue 03 (2008-09-22)

Quidway NetEngine80E/40E Core Router Configuration Guide - VPN


l l l

7 VPLS Configuration

Configuring the Kompella VPLS for each AS Configuring ASBR PE by considering the peer ASBR PE as its CE Configuring the VSIs on the PE and the ASBR PE respectively and binding the VSIs to the AC interfaces (The PE provides the access service for the CE; the ASBR PE accesses the peer ASBR-PEs)
NOTE

In inter-AS VPLS Option A, for the same VPLS network, the VPN target of the VSI on the ASBR PE and that on the PE in the same AS must be matched. The VPN target of the VSI on the ASBR PE and that on the PE in different ASs need not be matched.

7.8.3 Configuring Inter-AS Kompella VPLS Option C


Procedure
l Enabling the Capability of Exchanging Labeled IPv4 Routes on PEs 1. Run:
system-view

The system view is displayed. 2. Run:


bgp as-number

The BGP view is displayed. 3. Run:


peer peer-address label-route-capability

The capability of exchanging labeled IPv4 routes with the ASBR PE in the local AS is enabled. l Enabling the Capability of Exchanging Labeled IPv4 Routes on ASBR PEs 1. Run:
system-view

The system view is displayed. 2. Run:


interface interface-type interface-number

The view of the ASBR PE interface that connects the peer is displayed. 3. Run:
ip address ip-address { mask | mask-length }

The IP address is configured for the interface. 4. Run:


mpls

The MPLS capability is enabled. 5. Run:


quit

Return to the system view. 6. Run:


bgp as-number

Issue 03 (2008-09-22)

Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd.

7-51

7 VPLS Configuration

Quidway NetEngine80E/40E Core Router Configuration Guide - VPN

The BGP view is displayed. 7. Run:


peer peer-address label-route-capability

The capability of exchanging labeled IPv4 routes with the PE in the local AS is enabled. In Option C, an inter-AS VPN LSP must be set up. The public routes advertised between the related PEs and the ASBR PEs carry MPLS label information. If an ASBR PE and its peer ASBR PE set up the EBGP peer relationship, the labeled IPv4 routes can be exchanged. The public routes carrying the MPLS label are advertised by MP BGP. According to RFC 3107 (Carrying Label Information in BGP-4), label mapping information of a route can be carried in the BGP route update. The feature is realized through the BGP extended attribute. BGP peers must be capable of processing labeled IPv4 routes. By default, a BGP peer cannot process labeled IPv4 routes. 8. Run:
peer peer-address as-number as-number

The peer ASBR PE is specified as the EBGP peer. 9. Run:


peer peer-address label-route-capability

The capability of exchanging labeled IPv4 routes with the peer ASBR PE is enabled. l Configuring the Routing Policy to Control Label Allocation By configuring routing policies on ASBR PEs, you can control the label allocation for IPv4 routes. After the configuration, ASBR PEs allocate MPLS labels only to the routes that satisfy certain conditions. The routes that do not meet the conditions are non-labeled routes. By default, IPv4 routes do not carry MPLS labels. 1. Run:
system-view

The system view is displayed. 2. Run:


route-policy policy-name1 permit node seq-number

The routing policy applied to the local PE is created. For the labeled IPv4 routes advertised to the PE in the local AS, MPLS labels are reassigned to the routes. 3. Run:
if-match mpls-label

The labeled IPv4 routes are matched. 4. Run:


apply mpls-label

The capability of allocating labels to the IPv4 routes is enabled. 5. Run:


quit

7-52

Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd.

Issue 03 (2008-09-22)

Quidway NetEngine80E/40E Core Router Configuration Guide - VPN

7 VPLS Configuration

Return to the system view. 6. Run:


route-policy policy-name2 permit node seq-number

The routing policy applied to the peer ASBR PE is created. For the routes received from the PE in the local AS, MPLS labels are allocated to the routes when they are advertised to the peer ASBR PE. 7. Run:
apply mpls-label

The label is allocated to the IPv4 route. 8. Run:


quit

Return to the system view. 9. Run:


system-view

The system view is displayed. 10. Run:


bgp as-number

The BGP view is displayed. 11. Run:


peer peer-address route-policy policy-name1 export

The routing policy applied when the routes are advertised to the local PE is configured. 12. Run:
peer peer-address route-policy policy-name2 export

The routing policy applied when the routes are advertised to the peer ASBR PE is configured. l Establishing MP EBGP VPLS Peer Relationship on ASBR PEs On ASBR PEs, configure the advertisement of the PE loopback interface addresses used in BGP sessions to the peer ASBR PEs, and then to the PEs in other ASs. 1. Run:
system-view

The system view is displayed. 2. Run:


bgp as-number

The BGP view is displayed. 3. Run:


network ip-address [ mask | mask-length ] [ route-policy route-policyname ]

The local PE loopback interface address used in BGP sessions is advertised to the peer ASBR PE. l Establishing MP EBGP VPLS Peer Relationship on PEs 1.
Issue 03 (2008-09-22)

Do as follows on the PEs that access the CEs, run:


Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd. 7-53

7 VPLS Configuration
system-view

Quidway NetEngine80E/40E Core Router Configuration Guide - VPN

The system view is displayed. 2. Run:


bgp as-number

The BGP view is displayed. 3. Run:


peer peer-address as-number as-number

The peer PE is specified as the EBGP peer of the PE. 4. Run:


peer peer-address ebgp-max-hop [ hop-count ]

The maximum number of permitted hops in setting up the EBGP peer is configured. PEs of different ASs are generally not directly connected. Therefore, to set up the EBGP peer relationship between the PEs of different ASs, you need to configure the permitted maximum hops between the PEs and ensure that the PEs are reachable. 5. Run:
vpls-family

The BGP-VPLS sub-address family view is displayed. 6. Run:


peer peer-address enable

The capability of exchanging information about VPLS label blocks with the peer PE is enabled. 7. Run:
peer peer-address next-hop-invariable

The next hop is specified to be unchanged when information about VPLS label blocks is sent to the EBGP peer. ----End

7.8.4 Checking the Configuration


Run the following commands to check the previous configurations. Action Check information about BGP VPLS peers (groups) on the PE or the ASBR PE. Check information about BGP VPLS label blocks on the PE or the ASBR PE. Check the VPLS connection on the PE. Check label information about labeled IPv4 routes on the PE or the ASBR PE. Command display bgp vpls { group [ group-name ] | peer [ ip-address ] } display bgp vpls all display vpls connection [ bgp | vsi vsi-name ] [ down | up ] [ verbose ] display bgp routing-table label

7-54

Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd.

Issue 03 (2008-09-22)

Quidway NetEngine80E/40E Core Router Configuration Guide - VPN

7 VPLS Configuration

After the configurations, run the display bgp vpls peer command on the PE or the ASBR PE. You can view that the status of the BGP VPLS peer between the PE and the ASBR PE in the same AS is "Established". For example:
<Quidway> display bgp vpls peer BGP local router ID : 1.1.1.1 Local AS number : 100 Total number of peers : 1 Peer V AS MsgRcvd 4.4.4.4 4 200 5

MsgSent 8

Peers in established state : 1 OutQ Up/Down State PrefRcv 0 00:02:04 Established 0

Run the display bgp vpls all command on the PE or ASBR PE. You can view information about the VPLS label block on the ASBR PE. For example:
<Quidway> display bgp vpls all BGP Local Router ID : 1.1.1.1, Local AS Number : 100 Status codes : * - active, > - best BGP.VPLS : 2 Label Blocks -------------------------------------------------------------------------------Route Distinguisher: 100:1 SiteID Offset NextHop Range LabBase TunnelID FromPeer MHPref -------------------------------------------------------------------------------> 1 0 0.0.0.0 5 25600 0x0 0.0.0.0 0 -------------------------------------------------------------------------------Route Distinguisher: 200:1 SiteID Offset NextHop Range LabBase TunnelID FromPeer MHPref -------------------------------------------------------------------------------*> 2 0 4.4.4.4 5 25600 0x0 4.4.4.4 0

Run the display vpls connection command on the PE or the ASBR PE. You can view that the status of the VPLS connection on the PE or the ASBR PE is "up". For example:
<Quidway> display vpls connection 1 total connections, connections: 1 up, 0 down, 0 ldp, 1 bgp VSI Name: v1 SiteID RD PeerAddr 2 200:1 4.4.4.4

Signaling: bgp InLabel 25602

OutLabel 25601

VCState up

Run the display bgp routing-table label command on the PE or ASBR PE. You can view information about the labeled IPv4 routes. For example:
<Quidway> display bgp routing-table label Total Number of Routes: 1 BGP Local router ID is 1.1.1.1 Status codes: * - valid, > - best, d - damped, h - history, i - internal, s - suppressed, S - Stale Origin : i - IGP, e - EGP, ? - incomplete Network NextHop In/Out Label *>i 4.4.4.4 2.2.2.2 NULL/15361

7.9 Configuring Inter-AS Martini VPLS


This section describes how to configure the inter-AS Martini VPLS. 7.9.1 Establishing the Configuration Task 7.9.2 Configuring Inter-AS Martini VPLS Option A 7.9.3 Configuring Inter-AS Martini VPLS Option C 7.9.4 Checking the Configuration
Issue 03 (2008-09-22) Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd. 7-55

7 VPLS Configuration

Quidway NetEngine80E/40E Core Router Configuration Guide - VPN

7.9.1 Establishing the Configuration Task


Applicable Environment
If the MPLS backbone network bearing the Martini VPLS spans multiple ASs, you must configure the inter-AS Martini VPLS. There are two solutions to the inter-AS Martini VPLS:
l

Inter-AS Option A: This solution can be easily implemented. When the number of interAS Martini VPLS routes on ASBRs is small, Option A is recommended. Inter-AS Option C: In this solution, ASBRs need not to create or maintain VCs. When each AS has a large number of Martini L2VPN routes to be exchanged, Option C can be used to prevent the ASBR from hindering the network extension.

Pre-configuration Tasks
Before configuring inter-AS Martini VPLS, complete the following tasks:
l

Configuring static routes or the IGP protocol on the PE or P devices in the MPLS backbone network of ASs to implement the IP connectivity of the backbone network devices in the same AS Configuring the basic MPLS capability on the MPLS backbone network of each AS Configuring MPLS LDP and establishing LDP LSP for the MPLS backbone of each AS Establishing the IBGP peer relationship between the PE and ASBR in the same AS and the EBGP peer relationship between two ASBRs in different ASs (for Option C)

l l l

Data Preparation
To configure the inter-AS Martini L2VPN, you need the following data. No. 1 2 3 4 Data Mode of the inter-AS VPN Number of each AS IP addresses of the interfaces between ASBRs (for Option C) Routing policy (for Option C)

7.9.2 Configuring Inter-AS Martini VPLS Option A


The configuration of inter-AS Martini VPLS Option A is as follows:
l l

Configuring Martini VPLS for each AS Configuring the ASBR by regarding the peer ASBR as the local CE
NOTE

No inter-AS-related configuration needs to be performed on the ASBR. No IP address needs to be configured for the interfaces between ASBRs. The configuration procedure is not mentioned.

7-56

Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd.

Issue 03 (2008-09-22)

Quidway NetEngine80E/40E Core Router Configuration Guide - VPN

7 VPLS Configuration

7.9.3 Configuring Inter-AS Martini VPLS Option C


Procedure
l Configuring PEs to Exchange Labeled IPv4 Routes 1. Do as follows on the PEs, run:
system-view

The system view is displayed. 2. Run:


bgp as-number

The BGP view is displayed. 3. Run:


peer peer-address label-route-capability

The capability of exchanging labeled IPv4 routes with the PEs in the local AS is enabled. l Configuring ASBRs to Exchange Labeled IPv4 Routes 1. Do as follows on ASBR PEs, run:
system-view

The system view is displayed. 2. Run:


interface interface-type interface-number

The view of the interface that is connected to the peer ASBR PE is displayed. 3. Run:
ip address ip-address { mask | mask-length }

The IP address is configured for the interface. 4. Run:


mpls

The MPLS capability is enabled. 5. Run:


quit

Return to the system view. 6. Run:


bgp as-number

The BGP view is displayed. 7. Run:


peer peer-address label-route-capability

The capability of exchanging labeled IPv4 routes with the PE in the local AS is enabled. 8. Run:
peer peer-address as-number as-number

The peer ASBR PE is configured as the EBGP peer.


Issue 03 (2008-09-22) Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd. 7-57

7 VPLS Configuration

Quidway NetEngine80E/40E Core Router Configuration Guide - VPN

9.

Run:
peer peer-address label-route-capability

The capability of exchanging labeled IPv4 routes with the peer ASBR PE is enabled. In the VPLS using Option C, you must establish an inter-AS LSP. The public network routes advertised between related PEs and ASBRs carry the MPLS labels. The ASBR establishes the EBGP peer relationship with the peer ASBR to exchange the labeled IPv4 routes. The public network routes carrying the MPLS labels are advertised through MP-BGP. According to RFC 3107 (Carrying Label Information in BGP-4), the label mapping information about a route is contained in the BGP Update message (piggyback). This feature is implemented through the BGP extension attribute, which requires BGP peers to process the labeled IPv4 routes. By default, the BGP peers cannot process the labeled IPv4 routes. l Creating a Routing Policy 1. Do as follows on ASBR PEs, run:
system-view

The system view is displayed on the ASBR. 2. Run:


route-policy policy-name1 permit node seq-number

The routing policy applied to the local PE is created. 3. Run:


if-match mpls-label

The labeled IPv4 routes are matched. 4. Run:


apply mpls-label

Labels are allocated to IPv4 routes. 5. Run:


quit

The system view is displayed. 6. Run:


route-policy policy-name2 permit node seq-number

The routing policy applied to the peer ASBR PE is created. 7. Run:


apply mpls-label

Labels are allocated to IPv4 routes. l Applying a Routing Policy 1. Do as follows on ASBR PEs, run:
system-view

The system view is displayed on the ASBR. 2. Run:


bgp as-number

7-58

Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd.

Issue 03 (2008-09-22)

Quidway NetEngine80E/40E Core Router Configuration Guide - VPN

7 VPLS Configuration

The BGP view is displayed. 3. Run:


peer peer-address route-policy policy-name1 export

The routing policy applied when routes are advertised to the local PE is configured. 4. Run:
peer peer-address route-policy policy-name2 export

The routing policy applied when routes are advertised to the peer ASBR PE is configured. After the routing policy is applied to the ASBR, the following situations occur:

For the routes received from the PE in the local AS and advertised to the peer ASBR, the ASBR allocates MPLS labels to the routes. For the labeled IPv4 routes advertised to the PE in the local AS, the ASBR allocates new MPLS labels to the routes.

MPLS label allocation is controlled by a routing policy. Labels are allocated to eligible IPv4 routes. By default, IPv4 routes do not carry MPLS labels. l Establishing Remote MPLS LDP Sessions Between PEs 1. Do as follows on the PEs, run:
system-view

The system view is displayed. 2. Run:


mpls ldp remote-peer peer-name

The name of the remote LDP session is specified. To exchange PW information between PEs, you must establish MPLS LDP sessions between the PEs. 3. Run:
remote-ip ip-address

The peer IP address of the remote LDP session is specified. l Configuring VPLS Connections Configure VC connections on PEs. For the configuration procedure, see Configuring Martini VPLS. ----End

7.9.4 Checking the Configuration


Run the following commands to check the previous configuration. Action Check information about the VSI of the VPLS.
Issue 03 (2008-09-22)

Command display vsi [ name vsi-name ] [ verbose ]

Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd.

7-59

7 VPLS Configuration

Quidway NetEngine80E/40E Core Router Configuration Guide - VPN

Action Check information about the remote VSI. Check information about the VPLS connection.

Command display vsi remote ldp [ router-id ip-address ] [ pw-id pw-id ] display vpls connection [ ldp | vsi vsi-name ] [ down | up ] [ verbose ]

Run the display vsi [ name vsi-name ] [ verbose ] command. You can view that the item "VSI State" is displayed as "up". If verbose is selected, the item "Signaling" is displayed as "ldp" and the item "VSI State" is displayed as "up". This means that the configuration succeeds. For example:
<Quidway> display vsi name *** VSI Name VSI Index PW Signaling Member Discovery Style PW MAC Learn Style Encapulation Type MTU VSI State VSI ID *Peer Router ID VC Label Session Tunnel ID Interface Name State *Peer Ip Address PW State Local VC Label Remote VC Label PW Type Tunnel ID vsi1 verbose : vsi1 : 0 : ldp : static : unqualify : vlan : 1500 : up : 2 : 3.3.3.9 : 17408 : up : 0x6002001, : GigabitEthernet1/0/0.1 : up : 3.3.3.9 : up : 17408 : 17408 : label : 0x6002001,

Run the display vsi remote ldp [ router-id ip-address ] [ pw-id pw-id ] command. If information about the remote VSI established through LDP is displayed, it means that the configuration succeeds. For example:
<Quidway> display vsi remote ldp Vsi Peer VC ID RouterID Label 123 3.3.3.9 17408 Group ID 0 Vsi Type vlan MTU Value 1500 Vsi Index 1

Run the display vpls connection [ ldp | vsi vsi-name ] [ down | up ] [ verbose ] command. You can view that the item "VC State" is displayed as "up". If verbose is selected, the item "Signaling" is displayed as "ldp", the item "VC State" is displayed as "up", and label allocation is complete. For example:
<Quidway> display vpls connection 2 total connections, connections: 2 up, 0 down, 1 ldp, 1 bgp VSI Name: a2 VsiID EncapType 2 vlan VSI Name: bgp1 SiteID RD 1 168.1.1.1:1 PeerAddr 1.1.1.1 PeerAddr 1.1.1.1 Signaling: ldp InLabel OutLabel VCState 17408 17409 up Signaling: bgp InLabel OutLabel VCState 19457 19458 up

7-60

Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd.

Issue 03 (2008-09-22)

Quidway NetEngine80E/40E Core Router Configuration Guide - VPN

7 VPLS Configuration

7.10 Configuring Dual-homed Kompella VPLS


This section describes how to configure the dual-homed Kompella VPLS. 7.10.1 Establishing the Configuration Task 7.10.2 Creating VSIs and Configuring BGP Signaling 7.10.3 Configuring the Multi-homed Preference for a VSI 7.10.4 Binding a VSI to an AC Interface 7.10.5 Checking the Configuration

7.10.1 Establishing the Configuration Task


Applicable Environment
To improve the reliability of VPLS and prevent the fault on a PE, you can adopt the networking where a CE accesses two PEs.

Pre-configuration Tasks
Before configuring dual-homed Kompella VPLS, complete the following tasks:
l l l l

Configuring LSR IDs and enabling MPLS on PEs and Ps Enabling MPLS L2VPN on PEs Establishing the tunnels between PEs to transmit user data Establishing BGP VPLS peer relationship between PEs

Data Preparation
To configure dual-homed Kompella VPLS, you need the following data. No. 1 2 3 4 5 Data BGP peers used to exchange VPLS information Name of the VSI RDs and VPN Targets of the VSI CE ID of the site, maximum number of permitted CEs that access the VPLS network, and default CE offset Interface bound to the VSI

7.10.2 Creating VSIs and Configuring BGP Signaling


Issue 03 (2008-09-22) Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd. 7-61

7 VPLS Configuration

Quidway NetEngine80E/40E Core Router Configuration Guide - VPN

Context
Configure two VSIs with the same attributes on two dual-homed PEs. Do as follows on the PEs:

Procedure
Step 1 Run:
system-view

The system view is displayed. Step 2 Run:


vsi vsi-name auto

VSIs are created and the automatic member discovery mechanism is adopted. The Kompella VPLS does not directly operate on the connection between CEs. Each CE has a globally unique number. On a PE, a VSI is created for each CE that is directly connected to this PE device. Step 3 Run:
pwsignal bgp

BGP is configured as the PW signaling protocol and the VSI BGP view is displayed. Step 4 Run:
route-distinguisher route-distinguisher

The RD is configured for the VSI. After configuring BGP as the PW signaling protocol, you must configure the RD of the VSI to validate the VSI. Step 5 Run:
vpn-target vpn-target&<1-16> [ both | export-extcommunity | import-extcommunity ]

The VPN Target is configured for the VSI. When configuring the VPN Target of the VSI, ensure that the VPN target of exportextcommunity is the same as that of import-extcommunity. Step 6 Run:
site site-id [ range site-range ] [ default-offset { 0 | 1 } ]

Information about the sites of the VSI is configured. The site ID of the local end cannot be greater than the sum of the site-range value and defaultoffset value on the peer end. The site ID of the local end must be greater than the defaultoffset value of the peer end.
NOTE

At present, the VSIs of the two dual-homed PEs can be configured with only one label block. To enlarge the range, use the undo site command to delete all the original sites and then configure a larger range. In addition, the VSIs of the two dual-homed PEs can be configured with only one AC.

Step 7 Run:
quit

7-62

Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd.

Issue 03 (2008-09-22)

Quidway NetEngine80E/40E Core Router Configuration Guide - VPN

7 VPLS Configuration

The VSI view is displayed. Step 8 Run:


quit

The system view is displayed. Step 9 (Optional) Run:


vpls bgp encapsulation { ethernet | vlan }

The encapsulation type is configured for the VPLS. Step 9 is configured only when the PE communicates with non-Huawei devices. Before performing Step 9, check the encapsulation type of the VSI on the peer PE. The local VSI and peer VSI can communicate only when the VSI encapsulation type of the peer PE is the same as that configured for the local PE. In VPLS BGP mode, the default encapsulation type of VPLS packets is VLAN.
NOTE

The signaling protocol, RD, default-offset, site ID, and encapsulation type of the VSIs on the two PEs that a CE accesses must be the same.

----End

7.10.3 Configuring the Multi-homed Preference for a VSI


Context
Do as follows on the PEs:

Procedure
Step 1 Run:
system-view

The system view is displayed. Step 2 Run:


vsi vsi-name

The VSI view is displayed. Step 3 Run:


multi-homing-preference preference-value

The multi-homed preference is configured for a VSI. When the VSIs of the two PEs that a CE accesses are Up, the PE with the higher preference serves as the active PE, and the PE with the lower preference works as the standby PE. In addition, both PEs need be configured with different preferences to realize a smooth active/standby negotiation. The active PE is responsible for forwarding the traffic of the CE; the standby PE is only responsible for checking whether the VSI of the active PE is Up. After a PE is selected as the standby PE, the status of the VSI of the standby PE is set to Down. After the VSI of the active PE becomes Down, the standby PE becomes the new active PE.
Issue 03 (2008-09-22) Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd. 7-63

7 VPLS Configuration

Quidway NetEngine80E/40E Core Router Configuration Guide - VPN

After the BGP session between the two PEs that a CE accesses becomes Down, the PW of the PE with the lower preference becomes Up, and the PW between the two PEs becomes Up. ----End

7.10.4 Binding a VSI to an AC Interface


For the configuration procedure, see "Binding the VSI to the Interface Connected with CE".

7.10.5 Checking the Configuration


Run the following commands to check the previous configuration. Action Check information about the BGP VPLS peers on the PE or the ASBR PE. Check information about the BGP VPLS label blocks on the PE or ASBR PE. Check information about the VPLS connection on the PE. Command display bgp vpls { group [ group-name ] | peer [ ip-address ] } display bgp vpls all display vpls connection [ bgp | vsi vsi-name ] [ down | up ] [ verbose ]

After the configurations, run the display bgp vpls peer command on the PE or the ASBR PE. You can view that the status of the BGP VPLS peer relationship between PEs is "Established". For example:
<Quidway> display bgp vpls peer BGP local router ID : 1.1.1.1 Local AS number : 100 Total number of peers : 1 Peer V AS MsgRcvd 4.4.4.4 4 200 5

MsgSent 8

Peers in established state : 1 OutQ Up/Down State PrefRcv 0 00:02:04 Established 0

Run the display bgp vpls all command on the PE. You can view information about the VPLS label block on the PE. For example:
<Quidway> display bgp vpls all BGP Local Router ID : 1.1.1.1, Local AS Number : 100 Status codes : * - active, > - best BGP.VPLS : 2 Label Blocks -------------------------------------------------------------------------------Route Distinguisher: 100:1 SiteID Offset NextHop Range LabBase TunnelID FromPeer MHPref -------------------------------------------------------------------------------> 1 0 0.0.0.0 5 25600 0x0 0.0.0.0 0 -------------------------------------------------------------------------------Route Distinguisher: 200:1 SiteID Offset NextHop Range LabBase TunnelID FromPeer MHPref -------------------------------------------------------------------------------*> 2 0 4.4.4.4 5 25600 0x0 4.4.4.4 0

Run the display vpls connection command on the PE. You can view that the status of the VPLS connection on the PE is "up". For example:
<Quidway> display vpls connection 1 total connections,

7-64

Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd.

Issue 03 (2008-09-22)

Quidway NetEngine80E/40E Core Router Configuration Guide - VPN


connections: 1 up, 0 down, 0 ldp, 1 bgp VSI Name: v1 SiteID RD PeerAddr 2 200:1 4.4.4.4

7 VPLS Configuration

Signaling: bgp InLabel 25602

OutLabel 25601

VCState up

7.11 Configuring Related Parameters of a VSI


This section describes how to configure related parameters of a VSI. 7.11.1 Establishing the Configuration Task 7.11.2 Configuring General Parameters of the VSI 7.11.3 Configuring MAC Address Learning 7.11.4 Configuring Delay Processing on VPLS

7.11.1 Establishing the Configuration Task


Applicable Environment
After creating a VSI and assigning a signaling protocol to it, you can adjust general parameters of the VSI. According to different applicable environments, you can modify the MAC address learning mode and the MAC address entry.

Pre-configuration Tasks
Before configuring related parameters of the VSI, complete the following tasks:
l l

Creating a VSI Configuring Kompella VPLS or Configuring Martini VPLS

Data Preparation
To configure basic VPLS capability, you need the following data. No. 1 2 3 Data Encapsulation type of the VSI MAC address learning mode and MAC address entry Descriptive information of the VSI

7.11.2 Configuring General Parameters of the VSI


Context
Do as follows on the PEs of the two ends of the PW:
Issue 03 (2008-09-22) Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd. 7-65

7 VPLS Configuration

Quidway NetEngine80E/40E Core Router Configuration Guide - VPN

Procedure
Step 1 Run:
system-view

The system view is displayed. Step 2 Run:


vsi vsi-name [ auto | static ]

The VSI view is displayed. Step 3 Run:


encapsulation { ethernet | vlan }

The VPLS encapsulation mode is configured for the VSI. Step 4 (Optional) Run:
description text

The descriptive information about the VSI is configured. ----End

7.11.3 Configuring MAC Address Learning


Context
A physical interface can belong to multiple VLANs at the same time. Multiple VLAN interfaces can be bound with the same VSI. Therefore, when configuring MAC address static entries or blackhole entries for VSI bound to the VLAN interfaces, you must specify the physical interface and VLAN interface. Do as follows on the PEs of the two ends of the PW:

Procedure
Step 1 Run:
system-view

The system view is displayed. Step 2 Run:


mac-address aging-time interval

The aging time of MAC address entries for the VPLS is configured. Step 3 Run:
mac-address static mac-address interface-type interface-number [ vlanif interfacenumber ] vsi vsi-name

Static MAC address entries are configured. Step 4 Run:


mac-address blackhole mac-address interface-type interface-number [ vlanif interface-number ] vsi vsi-name

MAC address blackhole entries are configured.


7-66 Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd. Issue 03 (2008-09-22)

Quidway NetEngine80E/40E Core Router Configuration Guide - VPN

7 VPLS Configuration

Step 5 Run:
vsi vsi-name

The VSI view is displayed. Step 6 Run:


mac-learning { enable | disable }

The MAC address learning is enabled or disabled. Step 7 Run:


mac-learn-style unqualify

The MAC address learning mode is configured. Step 8 Run:


mac-limit { action { discard | forward } | alarm { disable | enable } | maximum max rate interval } *

The MAC address learning is configured. ----End

7.11.4 Configuring Delay Processing on VPLS


Context
Do as follows on the PEs on the two ends of the PW:

Procedure
Step 1 Run:
system-view

The system view is displayed. Step 2 Run:


mpls l2vpn

The MPLS L2VPN view is displayed. Step 3 Run:


vpls pw-down-delay pw-down-delay-time

The number of times for VPLS PW Down delay is configured. ----End

Postrequisite
In the case of a multi-homed CE, the vpls pw-down-delay command needs not to be run on the PEs. That is, the default value 0 is adopted. In the case of a non-multi-homed CE, it is recommended to run the vpls pw-down-delay command on the PEs to set the number of times for VPLS PW Down delay to a non-zero value (the value 5 is recommended). This can greatly improve the convergence performance of the VPLS.
Issue 03 (2008-09-22) Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd. 7-67

7 VPLS Configuration

Quidway NetEngine80E/40E Core Router Configuration Guide - VPN

After the vpls pw-down-delay command is run, the delay for the system to process the event PW Down is determined by the number of PWs and the number of times for delay set on the device.

7.12 Maintaining VPLS


This section describes how to maintain VPLS. 7.12.1 Collecting the Statistics of the Traffic on a VPLS PW 7.12.2 Checking the Traffic on a VPLS PW 7.12.3 Clearing the Traffic Statistics 7.12.4 Debugging VPLS 7.12.5 Enabling or Disabling VSI 7.12.6 Clearing MAC Address Entries

7.12.1 Collecting the Statistics of the Traffic on a VPLS PW


Context
NOTE

If a carrier needs to establish a model of the traffic between IP MANs and between MPLS core MANs for the reference of Diff-serv TE deployment and maintenance, or the carrier needs to charge the subscribers who do not use the monthly paid service by traffic, you can collect the statistics of the traffic on the specified PW.

Do as follows on the PE configured with the VPLS:

Procedure
Step 1 Run:
system-view

The system view is displayed. Step 2 Run:


vsi vsi-name [ auto | static ]

The VSI view is displayed. Step 3 Choose one of the following commands to enable the function of collecting the statistics of the traffic.
l

Kompella VPL

Run the pwsignal bgp command. The PW signaling protocol is configured as BGP and the VSI-BGP view is displayed. To enable the function of collecting the statistics of the traffic on the public network of the specified Kompella VPLS PW, run the traffic-statistics peer peer-ip-address remote-site site-id enable command.

Martini VPLS
Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd. Issue 03 (2008-09-22)

7-68

Quidway NetEngine80E/40E Core Router Configuration Guide - VPN

7 VPLS Configuration

Run the pwsignal ldp command. The PW signaling protocol is configured as LDP and the VSI-LDP view is displayed. To enable the function of collecting the statistics of the traffic on the public network of the specified Martini VPLS PW, run the traffic-statistics peer peer-ip-address [ negotiation-vc-id vc-id ] enable command.

----End

7.12.2 Checking the Traffic on a VPLS PW


NOTE

If a PW becomes Down in five minutes, the traffic calculated before the PW becomes Down is not used to calculate the 5-minute traffic rate.

After the traffic on a VPLS PW is set, you can run the following commands in any view to view the running status of the traffic on a VPLS PW. Action Check the statistics of the traffic on the public network of the specified Kompella VPLS PW in the specified VSI. Check the statistics of the traffic on the public network of the specified LDP VPLS PW in the specified VSI. Command display traffic-statistics vsi vsi-name peer peer-address remote-site site-id display traffic-statistics vsi vsi-name peer peer-address [ negotiation-vc-id vc-id ]

7.12.3 Clearing the Traffic Statistics


To clear the traffic statistics, run the following reset commands in the user view. Action Clear the statistics of the traffic on the specified PWs of all VPLSs. Clear the statistics of the traffic on the public network of the specified LDP VPLS PW in the specified VSI. Clear the statistics of the traffic on the public network of the specified BGP VPLS PW in the specified VSI. Command reset traffic-statistics vsi all reset traffic-statistics vsi name vsi-name [ peer peer-address [ negotiation-vc-id vcid ] ] reset traffic-statistics vsi name vsi-name [ peer peer-address remote-site site-id ]

7.12.4 Debugging VPLS

Issue 03 (2008-09-22)

Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd.

7-69

7 VPLS Configuration

Quidway NetEngine80E/40E Core Router Configuration Guide - VPN

CAUTION
Debugging affects the system performance. So, after debugging, run the undo debugging all command to disable it immediately. When a fault occurs, run the debugging commands in the user view to check the debugging information and locate the fault. For the detailed procedure of outputting debugging information, refer to the chapter "Maintenance and Debugging" in the Quidway NetEngine80E/40E Router Configuration Guide - System Management. Action Enable MPLS L2VPN debugging. Enable VPLS debugging. Enable the MPLS packet debugging. Enable the LDP debugging. Command debugging mpls l2vpn { advertisement | all | connections interface [ interface-type interface-number ] | error | event | timer } debugging mpls l2vpn { vpls_fib | vpls_mid } debugging mpls packet [ error ] [ acl acl-number ] [ inlabel outer-in-label [ inner-in-label ] ] [ l2vpn-in-interface interfacetype interface-number ] debugging mpls ldp { advertisement | all | error | main | notification | pdu | session | socket | timer } [ interface interface-type interface-number ]debugging mpls ldp { hsb | remote-peer remote-peer-name }

7.12.5 Enabling or Disabling VSI


Do as follows in the VSI view. Action Enable VSI. Disable VSI. Command undo shutdown shutdown

Regarding requirements of service management such as service debugging and service suspension, you can temporarily shut down the VSI, and then add, delete or adjust the VSI function. The shutdown command affects the PW connection. The AC is Down, and the Layer 2 forwarding table is deleted.

7.12.6 Clearing MAC Address Entries


7-70 Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd. Issue 03 (2008-09-22)

Quidway NetEngine80E/40E Core Router Configuration Guide - VPN

7 VPLS Configuration

CAUTION
After the MAC address entries are cleared, the entries cannot be restored. So, confirm the action before you clear the entries. After confirming the MAC address entries to be cleared, run the following commands in the system view. Action Clear the MAC address entries of the VSI. Clear the dynamic, static, blackhole, or all the MAC address entries. Command undo mac-address mac-address vsi vsi-name undo mac-address { dynamic | static | blackhole | all }

7.13 Configuration Examples


This section provides several configuration examples of VPLS. 7.13.1 Example for Configuring Kompella VPLS 7.13.2 Example for Configuring Martini VPLS 7.13.3 Example for Configuring VPLS over TE in Martini Mode 7.13.4 Example for Configuring LDP HVPLS 7.13.5 Example for Configuring Loop Detection of ACs in a VPLS Network 7.13.6 Example for Configuring a dynamic VLL to Access the VPLS 7.13.7 Example for Configuring the Static VLL to Access the VPLS Network 7.13.8 Example for Configuring the Static VLL to Access the VPLS Network in Dual-homed Mode 7.13.9 Example for Configuring Inter-AS Kompella VPLS Option A 7.13.10 Example for Configuring Inter-AS Kompella VPLS Option C 7.13.11 Example for Configuring the Inter-AS Martini VPLS Option A 7.13.12 Example for Configuring Inter-AS Martini VPLS Option C 7.13.13 Example for Configuring Dual-homed Kompella VPLS 7.13.14 Example for Configuring Kompella VPLS with Two Reflectors

7.13.1 Example for Configuring Kompella VPLS

Issue 03 (2008-09-22)

Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd.

7-71

7 VPLS Configuration

Quidway NetEngine80E/40E Core Router Configuration Guide - VPN

Networking Requirements
As shown in Figure 7-8, two routers, PE1 and PE2, are PE routers enabled with the VPLS function. CE1 is connected with PE1, while CE2 is connected with PE2. CE1 and CE2 belong to the same VPLS. In the network, construct a VPLS for CE1 and CE2 and adopt BGP as the VPLS signaling to establish the PW. Figure 7-8 Kompella VPLS
Loopback1 1.1.1.9/32 POS2/0/0 168.1.1.1/24 POS1/0/0 168.1.1.2/24 Loopback1 2.2.2.9/32 POS2/0/0 169.1.1.1/24 Loopback1 3.3.3.9/32

PE1
GE1/0/0.1 GE1/0/0.1 10.1.1.1/24

PE2
GE2/0/0.1 GE1/0/0.1 10.1.1.2/24

POS1/0/0 169.1.1.2/24

CE1

CE2

Configuration Roadmap
The configuration roadmap is as follows: 1. 2. 3. 4. 5. 6. Configure the routing protocol on the backbone network and the MPLS basic capability. Set up the LSP tunnel between PEs. Enable the MPLS L2VPN on the PE. On the PE, enable the BGP peer to exchange the VPLS information. Create the VSI on the PE. Specify the signaling protocol as BGP. Specify the RD, VPN target, and site. Bind the AC interface with the VSI.

Data Preparation
To complete the configuration, you need the following data:
l l l l l

IP address of the peer Name of the VSI on the PE1 and the PE2 BGP AS number of the PE1 and the PE2 Signaling mode, namely BGP RD and VPN-target of the VSI on the PE and the number of the site to which the VSI belongs Interface bound with the VSI and the VLAN ID encapsulated on the interface

7-72

Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd.

Issue 03 (2008-09-22)

Quidway NetEngine80E/40E Core Router Configuration Guide - VPN

7 VPLS Configuration

Configuration Procedure
1. Configure OSPF. Configure the IP addresses of the PE and P as shown in Figure 7-8. When configuring OSPF, configure OSPF to advertise the 32-bit address of the loopback interface of the PE1, P and PE2. After the configuration, run the display ip routing-table command on the PE1, P, and PE2, and you can view that the routing information is learnt by one another. For the details on the configuration of the OSPF in this instance, see the following Configuration Files. 2. Configure basic MPLS basic capability and LDP. For details on the configuration procedure, see the following Configuration Files. After the configuration, run the display mpls ldp peer command on PE1, P and PE2, and you find that the peer relationship is established between PE1 and P, between PE2 and P. Run the display mpls ldp session command on PE1 and PE2, to find that the LDP session is established between the peers. Run the display mpls lsp command, to see the information of the LSPs established. 3. Enable BGP peers to exchange the VPLS information. # Configure PE1.
[PE1] bgp 100 [PE1-bgp] peer 3.3.3.9 as-number 100 [PE1-bgp] peer 3.3.3.9 connect-interface loopback1 [PE1-bgp] vpls-family [PE1-bgp-af-vpls] peer 3.3.3.9 enable [PE1-bgp-af-vpls] quit

# Configure PE2.
[PE2] bgp 100 [PE2-bgp] peer 1.1.1.9 as-number 100 [PE2-bgp] peer 1.1.1.9 connect-interface loopback1 [PE2-bgp] vpls-family [PE2-bgp-af-vpls] peer 1.1.1.9 enable [PE2-bgp-af-vpls] quit

4.

Enable MPLS L2VPN on PEs. # Configure PE1.


[PE1] mpls l2vpn

# Configure PE2.
[PE2] mpls l2vpn

5.

Configure a VSI on each PE.


NOTE

The ID of the site on both ends of the VSI should not be the same.

# Configure PE1.
[PE1] vsi bgp1 auto [PE1-vsi-bgp1] pwsignal bgp [PE1-vsi-bgp1-bgp] route-distinguisher 168.1.1.1:1 [PE1-vsi-bgp1-bgp] vpn-target 100:1 import-extcommunity [PE1-vsi-bgp1-bgp] vpn-target 100:1 export-extcommunity [PE1-vsi-bgp1-bgp] site 1 range 5 default-offset 0

# Configure PE2.
[PE2] vsi bgp1 auto [PE2-vsi-bgp1] pwsignal bgp [PE2-vsi-bgp1-bgp] route-distinguisher 169.1.1.2:1 [PE2-vsi-bgp1-bgp] vpn-target 100:1 import-extcommunity

Issue 03 (2008-09-22)

Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd.

7-73

7 VPLS Configuration

Quidway NetEngine80E/40E Core Router Configuration Guide - VPN


[PE2-vsi-bgp1-bgp] vpn-target 100:1 export-extcommunity [PE2-vsi-bgp1-bgp] site 2 range 5 default-offset 0

6.

Bind the VSI with the AC interface on PE. # Create a sub interface on PE1, allow it to receive packets of VLAN 10, and bind it with the VSI.
[PE1] interface gigabitethernet1/0/0.1 [PE1-GigabitEthernet1/0/0.1] shutdown [PE1-GigabitEthernet1/0/0.1] vlan-type dot1q 10 [PE1-GigabitEthernet1/0/0.1] l2 binding vsi bgp1 [PE1-GigabitEthernet1/0/0.1] undo shutdown

# Create a sub interface on PE2, allow it to receive packets of VLAN 10, and bind it with the VSI.
[PE2] interface gigabitethernet2/0/0.1 [PE2-GigabitEthernet2/0/0.1] shutdown [PE2-GigabitEthernet2/0/0.1] vlan-type dot1q 10 [PE2-GigabitEthernet2/0/0.1] l2 binding vsi bgp1 [PE2-GigabitEthernet2/0/0.1] undo shutdown

7.

Configure the CEs. # Configure CE1.


<Quidway> sysname CE1 [CE1] interface gigabitethernet1/0/0.1 [CE1-GigabitEthernet1/0/0.1] shutdown [CE1-GigabitEthernet1/0/0.1] vlan-type dot1q 10 [CE1-GigabitEthernet1/0/0.1] ip address 10.1.1.1 255.255.255.0 [CE1-GigabitEthernet1/0/0.1] undo shutdown

# Configure CE2.
<Quidway> sysname CE2 [CE2] interface gigabitethernet1/0/0.1 [CE2-GigabitEthernet1/0/0.1] shutdown [CE2-GigabitEthernet1/0/0.1] vlan-type dot1q 10 [CE2-GigabitEthernet1/0/0.1] ip address 10.1.1.2 255.255.255.0 [CE2-GigabitEthernet1/0/0.1] undo shutdown

8.

Verify the configuration. After the configuration, run the display vsi bgp1 verbose command on PE1, and you can see that VSI named "bgp1" establishes a PW to PE2 and the VSI state is "up".
<PE1> display vsi name bgp1 verbose ***VSI Name : bgp1 Administrator VSI : no Isolate Spoken : disable VSI Index : 0 PW Signaling : bgp Member Discovery Style : auto PW MAC Learn Style : unqualify Encapsulation Type : vlan MTU : 1500 Mode : uniform Service Class : -Color : -DomainId : 0 Domain Name : VSI State : up BGP RD : 168.1.1.1:1 SiteID/Range/Offset : 1/5/0 Import vpn target : 100:1, Export vpn target : 100:1, Remote Label Block : 25600/5/0, Local Label Block : 25600/5/0, Interface Name : GigabitEthernet1/0/0.1 State : up **PW Information: *Peer Ip Address : 3.3.3.9

7-74

Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd.

Issue 03 (2008-09-22)

Quidway NetEngine80E/40E Core Router Configuration Guide - VPN


PW State Local VC Label Remote VC Label PW Type Tunnel ID : : : : : up 25602 25601 label 0x2002001,

7 VPLS Configuration

CE1 (10.1.1.1) can ping through CE2 (10.1.1.2).


<CE1> ping 10.1.1.2 PING 10.1.1.2: 56 data bytes, press CTRL_C to break Reply from 10.1.1.2: bytes=56 Sequence=1 ttl=255 time=90 Reply from 10.1.1.2: bytes=56 Sequence=2 ttl=255 time=77 Reply from 10.1.1.2: bytes=56 Sequence=3 ttl=255 time=34 Reply from 10.1.1.2: bytes=56 Sequence=4 ttl=255 time=46 Reply from 10.1.1.2: bytes=56 Sequence=5 ttl=255 time=94 --- 10.1.1.2 ping statistics --5 packet(s) transmitted 5 packet(s) received 0.00% packet loss round-trip min/avg/max = 34/68/94 ms ms ms ms ms ms

Configuration Files
l

Configuration file of CE1


# sysname CE1 # interface GigabitEthernet1/0/0.1 undo shutdown vlan-type dot1q 10 ip address 10.1.1.1 255.255.255.0 # return

Configuration file of CE2


# sysname CE2 # interface GigabitEthernet1/0/0.1 undo shutdown vlan-type dot1q 10 ip address 10.1.1.2 255.255.255.0 # return

Configuration file of PE1


# sysname PE1 # mpls lsr-id 1.1.1.9 mpls # mpls l2vpn # vsi bgp1 auto pwsignal bgp route-distinguisher 168.1.1.1:1 vpn-target 100:1 import-extcommunity vpn-target 100:1 export-extcommunity site 1 range 5 default-offset 0 # mpls ldp # interface GigabitEthernet1/0/0.1 undo shutdown vlan-type dot1q 10 l2 binding vsi bgp1 # interface Pos2/0/0

Issue 03 (2008-09-22)

Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd.

7-75

7 VPLS Configuration
link-protocol ppp undo shutdown ip address 168.1.1.1 255.255.255.0 mpls mpls ldp # interface LoopBack1 ip address 1.1.1.9 255.255.255.255 # bgp 100 peer 3.3.3.9 as-number 100 peer 3.3.3.9 connect-interface LoopBack1 # vpls-family policy vpn-target peer 3.3.3.9 enable # ospf 1 area 0.0.0.0 network 1.1.1.9 0.0.0.0 network 168.1.1.0 0.0.0.255 # return l

Quidway NetEngine80E/40E Core Router Configuration Guide - VPN

Configuration file of P
# sysname P # mpls lsr-id 2.2.2.9 mpls # mpls ldp # interface Pos1/0/0 link-protocol ppp undo shutdown ip address 168.1.1.2 255.255.255.0 mpls mpls ldp # interface Pos2/0/0 link-protocol ppp undo shutdown ip address 169.1.1.1 255.255.255.0 mpls mpls ldp # interface LoopBack1 ip address 2.2.2.9 255.255.255.255 # ospf 1 area 0.0.0.0 network 168.1.1.0 0.0.0.255 network 169.1.1.0 0.0.0.255 network 2.2.2.9 0.0.0.0 # return

Configuration file of PE2


# sysname PE2 # mpls lsr-id 3.3.3.9 mpls # mpls l2vpn # vsi bgp1 auto pwsignal bgp route-distinguisher 169.1.1.2:1

7-76

Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd.

Issue 03 (2008-09-22)

Quidway NetEngine80E/40E Core Router Configuration Guide - VPN


vpn-target 100:1 import-extcommunity vpn-target 100:1 export-extcommunity site 2 range 5 default-offset 0 # mpls ldp # interface Pos1/0/0 link-protocol ppp undo shutdown ip address 169.1.1.2 255.255.255.0 mpls mpls ldp # interface GigabitEthernet2/0/0.1 undo shutdown vlan-type dot1q 10 l2 binding vsi bgp1 # interface LoopBack1 ip address 3.3.3.9 255.255.255.255 # bgp 100 peer 1.1.1.9 as-number 100 peer 1.1.1.9 connect-interface LoopBack1 # vpls-family policy vpn-target peer 1.1.1.9 enable # ospf 1 area 0.0.0.0 network 3.3.3.9 0.0.0.0 network 169.1.1.0 0.0.0.255 # return

7 VPLS Configuration

7.13.2 Example for Configuring Martini VPLS


Networking Requirements
As shown in Figure 7-9, two routers, PE1 and PE2, are PEs to be enabled with the VPLS function. CE1 is connected with PE1, while CE2 is connected with PE2. CE1 and CE2 belong to the same VPLS. After the VPLS configuration, interworking between CE1 and CE2 is available. In the network, construct a VPLS VPN for CE1 and CE2 and adopt the LDP as the VPLS signaling to establish the PW. Figure 7-9 Martini VPLS
Loopback1 1.1.1.9/32 POS2/0/0 168.1.1.1/24 POS1/0/0 168.1.1.2/24 Loopback1 2.2.2.9/32 POS2/0/0 169.1.1.1/24 Loopback1 3.3.3.9/32

PE1
GE1/0/0.1 GE1/0/0.1 10.1.1.1/24

PE2
GE2/0/0.1 GE1/0/0.1 10.1.1.2/24

POS1/0/0 169.1.1.2/24

CE1

CE2

Issue 03 (2008-09-22)

Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd.

7-77

7 VPLS Configuration

Quidway NetEngine80E/40E Core Router Configuration Guide - VPN

Configuration Roadmap
The configuration roadmap is as follows: 1. 2. 3. 4. 5. Configure the routing protocol on the backbone network. Set up the remote LDP session between PEs. Set up the tunnel used to transmit the user data between PEs. Enable the MPLS L2VPN on the PE. Create the VSI on the PE. Specify the signaling as LDP and then bind the VSI with the AC interface.

Data Preparation
To configure the Martini VPLS, you need the following data:
l l l

VSI name and VSI ID IP address and tunnel policy used in setting up the peer Interface bound to the VSI

Configuration Procedure
1. Configure OSPF. Configure the IP addresses of the PE and P as shown in Figure 7-9. When configuring OSPF, configure OSPF to advertise the 32-bit address of the loopback interface (LSR-ID) of the PE1, P and PE2. After the configuration, run the display ip routing-table command on PE1, P and PE2. The output shows that PE1 and PE2 know each others routing information. For the details on the configuration of the OSPF in this instance, see the following Configuration Files. 2. Configure basic MPLS capability and LDP. For the detailed procedure of the configuration, see the following Configuration Files. Run the display mpls ldp session command on PE1 and PE2, and you can see that LDP sessions are established between the peers. Run the display mpls lsp command, and you can see the information of established LSPs. 3. Configure remote session of LDP. # Configure PE1.
[PE1] mpls ldp [PE1-mpls-ldp-remote-pe2] remote-ip 3.3.3.9 [PE1-mpls-ldp-remote-pe2] quit

# Configure PE2.
[PE2] mpls ldp [PE2-mpls-ldp-remote-pe1] remote-ip 1.1.1.9 [PE2-mpls-ldp-remote-pe1] quit

After the configuration, run the display mpls ldp session command on PE1 or PE2, and you can find the status of the peers PE1 and PE2 is "operational". That is, the remote peer relationship is set up. 4. Enable MPLS L2VPN on PEs. # Configure PE1.
[PE1] mpls l2vpn

7-78

Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd.

Issue 03 (2008-09-22)

Quidway NetEngine80E/40E Core Router Configuration Guide - VPN

7 VPLS Configuration

# Configure PE2.
[PE2] mpls l2vpn

5.

Configure a VSI on each PE. # Configure PE1.


[PE1] vsi a2 static [PE1-vsi-v] pwsignal ldp [PE1-vsi-v-ldp] vsi-id 2 [PE1-vsi-v-ldp] peer 3.3.3.9

# Configure PE2.
[PE2] vsi a2 static [PE2-vsi-v] pwsignal ldp [PE2-vsi-v-ldp] vsi-id 2 [PE2-vsi-v-ldp] peer 1.1.1.9

6.

Bind the VSI with the AC interface on PE. # Configure PE1.


[PE1] interface gigabitethernet1/0/0.1 [PE1-GigabitEthernet1/0/0.1] shutdown [PE1-GigabitEthernet1/0/0.1] vlan-type dot1q 10 [PE1-GigabitEthernet1/0/0.1] l2 binding vsi a2 [PE1-GigabitEthernet1/0/0.1] undo shutdown

# Configure PE2.
[PE2] interface gigabitethernet2/0/0.1 [PE2-GigabitEthernet2/0/0.1] shutdown [PE2-GigabitEthernet2/0/0.1] vlan-type dot1q 10 [PE2-GigabitEthernet2/0/0.1] l2 binding vsi a2 [PE2-GigabitEthernet2/0/0.1] undo shutdown

7.

Configure the CEs. # Configure CE1.


<Quidway> sysname CE1 [CE1] interface gigabitethernet1/0/0.1 [CE1-GigabitEthernet1/0/0.1] shutdown [CE1-GigabitEthernet1/0/0.1] vlan-type dot1q 10 [CE1-GigabitEthernet1/0/0.1] ip address 10.1.1.1 255.255.255.0 [CE1-GigabitEthernet1/0/0.1] undo shutdown

# Configure CE2.
<Quidway> sysname CE2 [CE2] interface gigabitethernet1/0/0.1 [CE2-GigabitEthernet1/0/0.1] shutdown [CE2-GigabitEthernet1/0/0.1] vlan-type dot1q 10 [CE2-GigabitEthernet1/0/0.1] ip address 10.1.1.2 255.255.255.0 [CE2-GigabitEthernet1/0/0.1] undo shutdown

8.

Verify the configuration. After the configuration, run the display vsi name a2 verbose command on PE1, and you can see that VSI named a2 establishes a PW to PE2 and the VSI is Up.
<PE1> display vsi name a2 verbose ***VSI Name : a2 Administrator VSI : no Isolate Spoken : disable VSI Index : 0 PW Signaling : ldp Member Discovery Style : static PW MAC Learn Style : unqualify Encapsulation Type : vlan MTU : 1500 Mode : uniform Service Class : -Color : -DomainId : 0

Issue 03 (2008-09-22)

Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd.

7-79

7 VPLS Configuration
Domain Name VSI State VSI ID *Peer Router ID VC Label Peer Type Session Tunnel ID Interface Name State **PW Information: *Peer Ip Address PW State Local VC Label Remote VC Label PW Type Tunnel ID : : : : : : : : : : : : : : : :

Quidway NetEngine80E/40E Core Router Configuration Guide - VPN

up 2 3.3.3.9 23552 dynamic up 0x2002001, GigabitEthernet1/0/0.1 up 3.3.3.9 up 23552 23552 label 0x2002001,

CE1 (10.1.1.1) can ping through CE2 (10.1.1.2).


<CE1> ping 10.1.1.2 PING 10.1.1.2: 56 data bytes, press CTRL_C to break Reply from 10.1.1.2: bytes=56 Sequence=1 ttl=255 time=90 Reply from 10.1.1.2: bytes=56 Sequence=2 ttl=255 time=77 Reply from 10.1.1.2: bytes=56 Sequence=3 ttl=255 time=34 Reply from 10.1.1.2: bytes=56 Sequence=4 ttl=255 time=46 Reply from 10.1.1.2: bytes=56 Sequence=5 ttl=255 time=94 --- 10.1.1.2 ping statistics --5 packet(s) transmitted 5 packet(s) received 0.00% packet loss round-trip min/avg/max = 34/68/94 ms ms ms ms ms ms

Configuration Files
l

Configuration file of CE1


# sysname CE1 # interface GigabitEthernet1/0/0.1 undo shutdown vlan-type dot1q 10 ip address 10.1.1.1 255.255.255.0 # return

Configuration file of CE2


# sysname CE2 # interface GigabitEthernet1/0/0.1 undo shutdown vlan-type dot1q 10 ip address 10.1.1.2 255.255.255.0 # return

Configuration file of PE1


# sysname PE1 # mpls lsr-id 1.1.1.9 mpls # mpls l2vpn # vsi a2 static pwsignal ldp vsi-id 2

7-80

Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd.

Issue 03 (2008-09-22)

Quidway NetEngine80E/40E Core Router Configuration Guide - VPN


peer 3.3.3.9 # mpls ldp # mpls ldp remote-peer 3.3.3.9 remote-ip 3.3.3.9 # interface GigabitEthernet1/0/0.1 undo shutdown vlan-type dot1q 10 l2 binding vsi a2 # interface Pos2/0/0 link-protocol ppp undo shutdown ip address 168.1.1.1 255.255.255.0 mpls mpls ldp # interface LoopBack1 ip address 1.1.1.9 255.255.255.255 # ospf 1 area 0.0.0.0 network 1.1.1.9 0.0.0.0 network 168.1.1.0 0.0.0.255 # return l

7 VPLS Configuration

Configuration file of P
# sysname P # mpls lsr-id 2.2.2.9 mpls # mpls ldp # interface Pos1/0/0 link-protocol ppp undo shutdown ip address 168.1.1.2 255.255.255.0 mpls mpls ldp # interface Pos2/0/0 link-protocol ppp undo shutdown ip address 169.1.1.1 255.255.255.0 mpls mpls ldp # interface LoopBack1 ip address 2.2.2.9 255.255.255.255 # ospf 1 area 0.0.0.0 network 168.1.1.0 0.0.0.255 network 169.1.1.0 0.0.0.255 network 2.2.2.9 0.0.0.0 # return

Configuration file of PE2


# sysname PE2 # mpls lsr-id 3.3.3.9 mpls #

Issue 03 (2008-09-22)

Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd.

7-81

7 VPLS Configuration
mpls l2vpn # vsi a2 static pwsignal ldp vsi-id 2 peer 1.1.1.9 # mpls ldp # mpls ldp remote-peer 1.1.1.9 remote-ip 1.1.1.9 # interface Pos1/0/0 link-protocol ppp undo shutdown ip address 169.1.1.2 255.255.255.0 mpls mpls ldp # interface GigabitEthernet2/0/0.1 undo shutdown vlan-type dot1q 10 l2 binding vsi a2 # interface LoopBack1 ip address 3.3.3.9 255.255.255.255 # ospf 1 area 0.0.0.0 network 3.3.3.9 0.0.0.0 network 169.1.1.0 0.0.0.255 # return

Quidway NetEngine80E/40E Core Router Configuration Guide - VPN

7.13.3 Example for Configuring VPLS over TE in Martini Mode


Networking Requirements
Figure 7-10 VPLS over TE in Martini mode
Loopback1 1.1.1.9/32 POS1/0/0 POS1/0/0 100.1.1.1/24 100.1.1.2/24 Loopback1 2.2.2.9/32 Loopback1 3.3.3.9/32

P POS2/0/0

PE1
GE2/0/0.1

POS1/0/0 100.2.1.1/24 100.2.1.2/24

PE2
GE2/0/0.1

MPLS TE Tunnel

GE1/0/0.1 10.1.1.1/24

GE1/0/0.1 10.1.1.2/24

CE1

CE2

As shown in Figure 7-10, CE1 and CE2 are in the same VPLS network. They access the MPLS core network through PE1 and PE2 respectively. In the MPLS core network, OSPF is adopted as the IGP protocol.
7-82 Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd. Issue 03 (2008-09-22)

Quidway NetEngine80E/40E Core Router Configuration Guide - VPN

7 VPLS Configuration

Martini VPLS is required and the dynamic signaling protocol RSVP-TE is used to establish the MPLS TE tunnel between PE1 and PE2 to bear the VPLS service.

Configuration Roadmap
The configuration roadmap is as follows: 1. 2. Configure routing protocols on the core network devices (PE and P) to implement network interworking and enable MPLS. Establish the MPLS TE tunnel and configure the tunnel policy. For the details of establishing the MPLS TE tunnel, refer to the chapter "MPLS TE Configuration" in the Quidway NetEngine80E/40E Router Configuration Guide - MPLS. Enable MPLS L2VPN on the PE. Create the VSI on the PE, specify the signaling protocol as LDP, and bind the VSI and the AC interface. Configure the VSI to use the MPLS TE tunnel.

3. 4. 5.

Data Preparation
To complete the configuration, you need the following data:
l l l l

OSPF area that is enabled with TE VSI name and VSI ID Peer IP address and tunnel policy Interface bound with the VSI

Configuration Procedure
1. 2. Configure the IP address for each interface and configure OSPF in the core network. The detailed configurations are not mentioned here. Enable MPLS, MPLS TE, MPLS RSVP-TE, and MPLS CSPF. Enable MPLS, MPLS TE, and MPLS RSVP-TE in the system view and the interface view of each node along the tunnel, and enable MPLS TE CSPF in the system view of the ingress of the tunnel. # Configure PE1.
[PE1] mpls lsr-id 1.1.1.9 [PE1] mpls [PE1-mpls] mpls te [PE1-mpls] mpls rsvp-te [PE1-mpls] mpls te cspf [PE1-mpls] quit [PE1] interface pos1/0/0 [PE1-Pos1/0/0] mpls [PE1-Pos1/0/0] mpls te [PE1-Pos1/0/0] mpls rsvp-te [PE1-Pos1/0/0] quit

# Configure P.
[P] mpls lsr-id 2.2.2.9 [P] mpls [P-mpls] mpls te [P-mpls] mpls rsvp-te [P-mpls] quit [P] interface pos1/0/0

Issue 03 (2008-09-22)

Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd.

7-83

7 VPLS Configuration
[P-Pos1/0/0] mpls [P-Pos1/0/0] mpls te [P-Pos1/0/0] mpls rsvp-te [P-Pos1/0/0] quit [P] interface pos2/0/0 [P-Pos2/0/0] mpls [P-Pos2/0/0] mpls te [P-Pos2/0/0] mpls rsvp-te [P-Pos2/0/0] quit

Quidway NetEngine80E/40E Core Router Configuration Guide - VPN

# Configure PE2.
[PE2] mpls lsr-id 1.1.1.9 [PE2] mpls [PE2-mpls] mpls te [PE2-mpls] mpls rsvp-te [PE2-mpls] mpls te cspf [PE2-mpls] quit [PE2] interface pos1/0/0 [PE2-Pos1/0/0] mpls [PE2-Pos1/0/0] mpls te [PE2-Pos1/0/0] mpls rsvp-te [PE2-Pos1/0/0] quit

3.

Configure OSPF TE on the core network. # Configure PE1.


[PE1] ospf [PE1-ospf-1] opaque-capability enable [PE1-ospf-1] area 0.0.0.0 [PE1-ospf-1-area-0.0.0.0] network 1.1.1.9 0.0.0.0 [PE1-ospf-1-area-0.0.0.0] network 100.1.1.0 0.0.0.255 [PE1-ospf-1-area-0.0.0.0] mpls-te enable

# Configure P.
[P] ospf [P-ospf-1] opaque-capability enable [P-ospf-1] area 0.0.0.0 [P-ospf-1-area-0.0.0.0] network 2.2.2.9 0.0.0.0 [P-ospf-1-area-0.0.0.0] network 100.1.1.0 0.0.0.255 [P-ospf-1-area-0.0.0.0] network 100.2.1.0 0.0.0.255 [P-ospf-1-area-0.0.0.0] mpls-te enable

# Configure PE2.
[PE2] ospf [PE2-ospf-1] opaque-capability enable [PE2-ospf-1] area 0.0.0.0 [PE2-ospf-1-area-0.0.0.0] network 3.3.3.9 0.0.0.0 [PE2-ospf-1-area-0.0.0.0] network 100.2.1.0 0.0.0.255 [PE2-ospf-1-area-0.0.0.0] mpls-te enable

4.

Configure the tunnel interface. # Create the tunnel interface on the PE, and specify the tunnel protocol as MPLS TE and the signaling protocol as RSVP-TE. # Configure PE1.
[PE1] interface tunnel 1/0/0 [PE1-Tunnel1/0/0] ip address unnumbered interface loopback1 [PE1-Tunnel1/0/0] tunnel-protocol mpls te [PE1-Tunnel1/0/0] destination 3.3.3.9 [PE1-Tunnel1/0/0] mpls te tunnel-id 100 [PE1-Tunnel1/0/0] mpls te reserved-for-binding [PE1-Tunnel1/0/0] mpls te commit

# Configure PE2.
[PE2] interface tunnel 1/0/0 [PE2-Tunnel1/0/0] ip address unnumbered interface loopback1 [PE2-Tunnel1/0/0] tunnel-protocol mpls te [PE2-Tunnel1/0/0] destination 1.1.1.9 [PE2-Tunnel1/0/0] mpls te tunnel-id 100

7-84

Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd.

Issue 03 (2008-09-22)

Quidway NetEngine80E/40E Core Router Configuration Guide - VPN


[PE2-Tunnel1/0/0] mpls te reserved-for-binding [PE2-Tunnel1/0/0] mpls te commit

7 VPLS Configuration

After the preceding configuration, running the display this interface command in the tunnel interface view, you can view that the MPLS TE tunnel is established successfully. That is, Line protocol current state displays UP. Take PE1 as an example:
[PE1-Tunnel1/0/0] display this interface Tunnel1/0/0 current state : UP Line protocol current state : UP Description : HUAWEI, Quidway Series, Tunnel1/0/0 Interface, Route Port The Maximum Transmit Unit is 1500 bytes Internet Address is unnumbered, using address of LoopBack1(1.1.1.9/32) Encapsulation is TUNNEL, loopback not set Tunnel destination 3.3.3.9 Tunnel protocol/transport MPLS/MPLS, ILM is available, primary tunnel id is 0x1002003, secondary tunnel id is 0x0 5 minutes output rate 0 bytes/sec, 0 packets/sec 0 packets output, 0 bytes 0 output error

Running the display tunnel-info all command in the system view, you can view that the TE tunnel with the destination address as the peer MPLS LSR ID exists between PEs. Take PE1 as an example:
<PE1> display tunnel-info all * -> Allocated VC Token Tunnel ID Type Destination Token ---------------------------------------------------------------------0x41002000 cr lsp 3.3.3.9 0 0x1002001 lsp -1 0x1002002 lsp(*) -2

5.

Configure the LDP remote session. Establish a remote peer session between PE1 and PE2. # Configure PE1.
[PE1] mpls ldp [PE1-mpls-ldp] quit [PE1] mpls ldp remote-peer 3.3.3.9 [PE1-mpls-ldp-remote-3.3.3.9] remote-ip 3.3.3.9 [PE1-mpls-ldp-remote-3.3.3.9] quit

# Configure PE2.
[PE2] mpls ldp [PE2-mpls-ldp] quit [PE2] mpls ldp remote-peer 1.1.1.9 [PE2-mpls-ldp-remote-1.1.1.9] remote-ip 1.1.1.9 [PE2-mpls-ldp-remote-1.1.1.9] quit

After the configuration, an LDP session is established between PEs. Take PE1 as an example:
[PE1] display mpls ldp session LDP Session(s) in Public Network ---------------------------------------------------------------------Peer-ID Status LAM SsnRole SsnAge KA-Sent/Rcv ---------------------------------------------------------------------3.3.3.9:0 Operational DU Passive 000:00:06 26/26 ---------------------------------------------------------------------TOTAL: 1 session(s) Found. LAM : Label Advertisement Mode SsnAge Unit : DDD:HH:MM

6.

Configure the tunnel policy. # Configure PE1.


[PE1] tunnel-policy policy1 [PE1-tunnel-policy-policy1] tunnel binding destination 3.3.3.9 te tunnel1/0/0 [PE1-tunnel-policy-policy1] quit

# Configure PE2.
Issue 03 (2008-09-22) Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd. 7-85

7 VPLS Configuration

Quidway NetEngine80E/40E Core Router Configuration Guide - VPN


[PE2] tunnel-policy policy1 [PE2-tunnel-policy-policy1] tunnel binding destination 1.1.1.9 te tunnel1/0/0 [PE2-tunnel-policy-policy1] quit

7.

Enable MPLS L2VPN on the PEs. # Configure PE1.


[PE1] mpls l2vpn

# Configure PE2.
[PE2] mpls l2vpn

# Configure ASBR-PE1. 8. Create the VSI on the PEs and configure the tunnel policy. # Configure PE1.
[PE1] vsi a2 static [PE1-vsi-a2] pwsignal ldp [PE1-vsi-a2-ldp] vsi-id 2 [PE1-vsi-a2-ldp] peer 3.3.3.9 tnl-policy policy1 [PE1-vsi-a2-ldp] quit

# Configure PE2.
[PE2] vsi a2 static [PE2-vsi-a2] pwsignal ldp [PE2-vsi-a2-ldp] vsi-id 2 [PE2-vsi-a2-ldp] peer 1.1.1.9 tnl-policy policy1 [PE2-vsi-a2-ldp] quit

9.

Bind the VSI and the interface on the PEs. # Configure PE1.
[PE1] interface gigabitethernet2/0/0.1 [PE1-GigabitEthernet2/0/0.1] shutdown [PE1-GigabitEthernet2/0/0.1] vlan-type dot1q 10 [PE1-GigabitEthernet2/0/0.1] l2 binding vsi a2 [PE1-GigabitEthernet2/0/0.1] undo shutdown

# Configure PE2.
[PE2] interface gigabitethernet2/0/0.1 [PE2-GigabitEthernet2/0/0.1] shutdown [PE2-GigabitEthernet2/0/0.1] vlan-type dot1q 10 [PE2-GigabitEthernet2/0/0.1] l2 binding vsi a2 [PE2-GigabitEthernet2/0/0.1] undo shutdown

# Configure CE1.
[CE1] interface gigabitethernet1/0/0.1 [CE1-GigabitEthernet1/0/0.1] shutdown [CE1-GigabitEthernet1/0/0.1] vlan-type dot1q 10 [CE1-GigabitEthernet1/0/0.1] ip address 10.1.1.1 255.255.255.0 [CE1-GigabitEthernet1/0/0.1] undo shutdown

# Configure CE2.
[CE2] interface gigabitethernet1/0/0.1 [CE2-GigabitEthernet1/0/0.1] shutdown [CE2-GigabitEthernet1/0/0.1] vlan-type dot1q 10 [CE2-GigabitEthernet1/0/0.1] ip address 10.1.1.2 255.255.255.0 [CE2-GigabitEthernet1/0/0.1] undo shutdown

10. Verify the configuration. After the preceding configuration, running the display vsi name verbose command on PE1, you can view that the VSI named a2 establishes a PW to PE2. The status of the VSI is Up.
<PE1> display vsi name a2 verbose ***VSI Name : a2 Administrator VSI : no Isolate Spoken : disable

7-86

Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd.

Issue 03 (2008-09-22)

Quidway NetEngine80E/40E Core Router Configuration Guide - VPN


VSI Index PW Signaling Member Discovery Style PW MAC Learn Style Encapsulation Type MTU VSI State VSI ID *Peer Router ID VC Label Peer Type Session Tunnel ID Tunnel Policy Name Interface Name State **PW Information: *Peer Ip Address PW State Local VC Label Remote VC Label PW Type Tunnel ID : : : : : : : : : : : : : : : : : : : : : : 0 ldp static unqualify vlan 1500 up 2 3.3.3.9 23552 dynamic up 0x41002000, policy1 GigabitEthernet2/0/0.1 up 3.3.3.9 up 23552 23552 label 0x41002000,

7 VPLS Configuration

Run the display mpls lsp include 3.3.3.9 32 verbose command on PE1, and you can view the information about the LSP destined to 3.3.3.9/32.
<PE1> display mpls lsp include 3.3.3.3 32 verbose -----------------------------------------------------------------------------LSP Information: RSVP LSP -----------------------------------------------------------------------------No SessionID IngressLsrID LocalLspID Tunnel-Interface Fec Nexthop In-Label Out-Label In-Interface Out-Interface LspIndex Token LsrType Bypass In Use Bypass Tunnel Id BypassTunnel Mpls-Mtu TimeStamp Bfd-State : : : : : : : : : : : : : : : : : : : : 1 100 1.1.1.1 1 Tunnel1/0/0 3.3.3.9/32 100.1.1.2 NULL 13312 ---------POS1/0/0 4096 0x3008000 Ingress Not Exists 0x0 Tunnel Index[---] 1500 2040sec ---

Run the display vsi pw out-interface vsi a2 command on PE1, you can find that the MPLS TE tunnel established between 1.1.1.9 and 3.3.3.9 has the outgoing interface as Tunnel1/0/0, but the actual outgoing interface is POS1/0/0.
<PE1> display vsi pw out-interface vsi a2 Total: 1 ------------------------------------------------------------------------------Vsi Name peer vcid interface ------------------------------------------------------------------------------a2 3.3.3.9 100 Tunnel1/0/0 POS1/0/0

CE1 and CE2 can ping through each other.


<CE1> ping 10.1.1.2

Issue 03 (2008-09-22)

Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd.

7-87

7 VPLS Configuration

Quidway NetEngine80E/40E Core Router Configuration Guide - VPN


PING 10.1.1.2: 56 data bytes, press CTRL_C to break Reply from 10.1.1.2: bytes=56 Sequence=1 ttl=255 time=125 ms Reply from 10.1.1.2: bytes=56 Sequence=2 ttl=255 time=125 ms Reply from 10.1.1.2: bytes=56 Sequence=3 ttl=255 time=94 ms Reply from 10.1.1.2: bytes=56 Sequence=4 ttl=255 time=125 ms Reply from 10.1.1.2: bytes=56 Sequence=5 ttl=255 time=125 ms --- 10.1.1.2 ping statistics --5 packet(s) transmitted 5 packet(s) received 0.00% packet loss round-trip min/avg/max = 94/118/125 ms

After CE1 pings through CE2, run the display interface tunnel command on the PE to view the tunnel interface information, and you can view that the number of data packets passing through the interface increases. Take PE1 as an example:
Output queue : (Urgent queue : Size/Length/Discards) 0/50/0 Output queue : (Protocol queue : Size/Length/Discards) 0/1000/0 Output queue : (FIFO queuing : Size/Length/Discards) 0/75/0 5 minutes output rate 0 bytes/sec, 0 packets/sec 1249 packets output, 21526 bytes 0 output error

Configuration Files
l

Configuration file of CE1


# sysname CE1 # interface GigabitEthernet1/0/0.1 undo shutdown vlan-type dot1q 10 ip address 10.1.1.1 255.255.255.0 # return

Configuration file of PE1


# sysname PE1 # mpls lsr-id 1.1.1.9 mpls mpls te mpls rsvp-te mpls te cspf # mpls l2vpn # vsi a2 static pwsignal ldp vsi-id 2 peer 3.3.3.9 tnl-policy policy1 # mpls ldp # mpls ldp remote-peer 3.3.3.9 remote-ip 3.3.3.9 # interface GigabitEthernet2/0/0.1 undo shutdown vlan-type dot1q 10 l2 binding vsi a2 # interface Pos1/0/0 link-protocol ppp undo shutdown ip address 100.1.1.1 255.255.255.0

7-88

Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd.

Issue 03 (2008-09-22)

Quidway NetEngine80E/40E Core Router Configuration Guide - VPN


ospf cost 1 mpls mpls te mpls rsvp-te # interface LoopBack1 ip address 1.1.1.9 255.255.255.255 # interface Tunnel1/0/0 ip address unnumbered interface LoopBack1 tunnel-protocol mpls te destination 3.3.3.9 mpls te tunnel-id 100 mpls te reserved-for-binding mpls te commit # ospf 1 opaque-capability enable area 0.0.0.0 network 1.1.1.9 0.0.0.0 network 100.1.1.0 0.0.0.255 mpls-te enable # tunnel-policy policy1 tunnel binding destination 3.3.3.9 te Tunnel1/0/0 # return l

7 VPLS Configuration

Configuration file of P
# sysname P # mpls lsr-id 2.2.2.9 mpls mpls te mpls rsvp-te # interface Pos1/0/0 link-protocol ppp undo shutdown ip address 100.1.1.2 255.255.255.0 ospf cost 1 mpls mpls te mpls rsvp-te # interface Pos2/0/0 link-protocol ppp undo shutdown ip address 100.2.1.1 255.255.255.0 ospf cost 1 mpls mpls te mpls rsvp-te # interface LoopBack1 ip address 2.2.2.9 255.255.255.255 # ospf 1 opaque-capability enable area 0.0.0.0 network 2.2.2.9 0.0.0.0 network 100.1.1.0 0.0.0.255 network 100.2.1.0 0.0.0.255 mpls-te enable # return

Configuration file of PE2


#

Issue 03 (2008-09-22)

Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd.

7-89

7 VPLS Configuration

Quidway NetEngine80E/40E Core Router Configuration Guide - VPN


sysname PE2 # mpls lsr-id 3.3.3.9 mpls mpls te mpls rsvp-te mpls te cspf # mpls l2vpn # vsi a2 static pwsignal ldp vsi-id 2 peer 1.1.1.9 tnl-policy policy1 # mpls ldp # mpls ldp remote-peer 1.1.1.9 remote-ip 1.1.1.9 # interface GigabitEthernet2/0/0.1 undo shutdown vlan-type dot1q 10 l2 binding vsi a2 # interface Pos1/0/0 link-protocol ppp undo shutdown ip address 100.2.1.2 255.255.255.0 ospf cost 1 mpls mpls te mpls rsvp-te # interface LoopBack1 ip address 3.3.3.9 255.255.255.255 # interface Tunnel1/0/0 ip address unnumbered interface LoopBack1 tunnel-protocol mpls te destination 1.1.1.9 mpls te tunnel-id 100 mpls te reserved-for-binding mpls te commit # ospf 1 opaque-capability enable area 0.0.0.0 network 3.3.3.9 0.0.0.0 network 100.2.1.0 0.0.0.255 mpls-te enable # tunnel-policy policy1 tunnel binding destination 1.1.1.9 te Tunnel1/0/0 # return

Configuration file of CE2


# sysname CE2 # interface GigabitEthernet1/0/0.1 undo shutdown vlan-type dot1q 10 ip address 10.1.1.2 255.255.255.0 # return

7-90

Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd.

Issue 03 (2008-09-22)

Quidway NetEngine80E/40E Core Router Configuration Guide - VPN

7 VPLS Configuration

7.13.4 Example for Configuring LDP HVPLS


Networking Requirements
As shown in Figure 7-11:
l l

Site1, Site2, and Site3 belong to the same VPLS. CE1 and CE2 access the basic VPLS fully-connected network through UPE while CE3 through PE.

Figure 7-11 Networking diagram of configuring LDP HVPLS


basic VPLS full mesh
Loopbcack1 2.2.2.9/32 POS1/0/0 100.1.1.2/24 Loopbcack1 1.1.1.9/32 POS1/0/0 100.2.1.2/24 Loopbcack1 3.3.3.9/32

SPE
POS3/0/0 100.1.1.1/24

POS2/0/0 100.2.1.1/24

PE
GE2/0/0.1

UPE
GE1/0/0.1

GE2/0/0.1 GE1/0/0.1 10.1.1.2/24

GE1/0/0.1 10.1.1.3/24

CE3
GE1/0/0.1 10.1.1.1/24 Site3

CE1
Site1 Site2

CE2

Configuration Roadmap
The configuration roadmap is as follows: 1. 2. 3. 4. 5. Complete the task of Configuring Martini VPLS between the SPE and the PE. Set up the MPLS LDP peer between the UPE and the SPE. Create the VSI instance on the SPE and specify the UPE as its PE of lower layer. Create the VSI instance on the UPE and specify the SPE as the VSI peer. Configure the CE1 and the CE2 to access the UPE, and configure the CE3 to access the PE.

Data Preparation
To configure the HVPLS, you need the following data:
l l l

VSI name and VSI ID MPLS LSR ID (as the IP address of the peer) of the UPE, SPE, and PE Routing protocol
Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd. 7-91

Issue 03 (2008-09-22)

7 VPLS Configuration

Quidway NetEngine80E/40E Core Router Configuration Guide - VPN

Configuration Procedure
1. Configure IGP. This example adopts OSPF. For the detailed configuration, see the following Configuration Files. After the configuration, executing the display ip routing-table command, you can see that the UPE, SPE and PE have learned the address of the loopback interface of each other. 2. Configure the basic MPLS capability and LDP. For the detailed configuration, see the following Configuration Files. After the configuration, executing the display mpls ldp session command, you can see that the status of the peer between UPE and SPE or that between PE and SPE is "Operational". That means the peer is set up. Executing the display mpls lsp command, you can see information about the LSP. 3. Enable MPLS L2VPN and configure VSI. # Configure the UPE.
<UPE> system-view [UPE] mpls l2vpn [UPE] vsi v123 static [UPE-vsi-v123] pwsignal ldp [UPE-vsi-v123-ldp] vsi-id 123 [UPE-vsi-v123-ldp] peer 2.2.2.9

# Configure the SPE.


<SPE> system-view [SPE] mpls l2vpn [SPE] vsi v123 static [SPE-vsi-v123] pwsignal ldp [SPE-vsi-v123-ldp] vsi-id 123 [SPE-vsi-v123-ldp] peer 3.3.3.9 [SPE-vsi-v123-ldp] peer 1.1.1.9 upe

# Configure the PE.


<PE> system-view [PE] mpls l2vpn [PE] vsi v123 static [PE-vsi-v123] pwsignal ldp [PE-vsi-v123-ldp] vsi-id 123 [PE-vsi-v123-ldp] peer 2.2.2.9

4.

Bind the VSI with the interface on the UPE and the PE. # Configure the UPE.
[UPE] interface gigabitethernet1/0/0.1 [UPE-GigabitEthernet1/0/0.1] shutdown [UPE-GigabitEthernet1/0/0.1] vlan-type dot1q 10 [UPE-GigabitEthernet1/0/0.1] l2 binding vsi v123 [UPE-GigabitEthernet1/0/0.1] undo shutdown [UPE-GigabitEthernet1/0/0.1] quit [UPE] interface gigabitethernet2/0/0.1 [UPE-GigabitEthernet2/0/0.1] shutdown [UPE-GigabitEthernet2/0/0.1] vlan-type dot1q 10 [UPE-GigabitEthernet2/0/0.1] l2 binding vsi v123 [UPE-GigabitEthernet2/0/0.1] undo shutdonw

# Configure the PE.


[PE] interface gigabitethernet2/0/0.1 [PE-GigabitEthernet2/0/0.1] shutdown [PE-GigabitEthernet2/0/0.1] vlan-type dot1q 10 [PE-GigabitEthernet2/0/0.1] l2 binding vsi v123 [PE-GigabitEthernet2/0/0.1] undo shutdown

5.
7-92

Verify the configuration.


Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd. Issue 03 (2008-09-22)

Quidway NetEngine80E/40E Core Router Configuration Guide - VPN

7 VPLS Configuration

After the configuration, executing the display vsi v123 verbose command on the SPE, you can see that the status of the VSI with the name v123 is Up and the PW status is Up.
<SPE> display vsi name v123 verbose ***VSI Name : v123 Administrator VSI : no Isolate Spoken : disable VSI Index : 0 PW Signaling : ldp Member Discovery Style : static PW MAC Learn Style : unqualify Encapsulation Type : vlan MTU : 1500 Mode : uniform Service Class : -Color : -DomainId : 0 Domain Name : VSI State : up VSI ID : 123 *Peer Router ID : 3.3.3.9 VC Label : 23552 Peer Type : dynamic Session : up Tunnel ID : 0x2002002, *Peer Router ID : 1.1.1.9 VC Label : 23553 Peer Type : dynamic Session : up Tunnel ID : 0x1002000, **PW Information: *Peer Ip Address : 1.1.1.9 PW State : up Local VC Label : 23553 Remote VC Label : 23552 PW Type : MEHVPLS Tunnel ID : 0x1002000, *Peer Ip Address : 3.3.3.9 PW State : up Local VC Label : 23552 Remote VC Label : 23552 PW Type : label Tunnel ID : 0x2002002,

CE1, CE2 and CE3 can ping each other. After the shutdown command is run on GE 2/0/0.1 bound with the VSI on the UPE or the PE, CE2 and CE3 cannot ping through each other. It indicates that the user data is transmitted through the PW of the VSI.

Configuration Files
l

Configuration file of UPE


# sysname UPE # mpls lsr-id 1.1.1.9 mpls # mpls l2vpn # vsi v123 static pwsignal ldp vsi-id 123 peer 2.2.2.9 # mpls ldp # interface GigabitEthernet1/0/0.1 undo shutdown

Issue 03 (2008-09-22)

Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd.

7-93

7 VPLS Configuration
vlan-type dot1q 10 l2 binding vsi v123 # interface GigabitEthernet2/0/0.1 undo shutdown vlan-type dot1q 10 l2 binding vsi v123 # interface Pos3/0/0 link-protocol ppp undo shutdown ip address 100.1.1.1 255.255.255.0 mpls mpls ldp # interface LoopBack1 ip address 1.1.1.9 255.255.255.255 # ospf 1 area 0.0.0.0 network 1.1.1.9 0.0.0.0 network 100.1.1.0 0.0.0.255 # return l

Quidway NetEngine80E/40E Core Router Configuration Guide - VPN

Configuration file of SPE


# sysname SPE # mpls lsr-id 2.2.2.9 mpls # mpls l2vpn # vsi v123 static pwsignal ldp vsi-id 123 peer 3.3.3.9 peer 1.1.1.9 upe # mpls ldp # interface Pos1/0/0 link-protocol ppp undo shutdown ip address 100.1.1.2 255.255.255.0 mpls mpls ldp # interface Pos2/0/0 link-protocol ppp undo shutdown ip address 100.2.1.1 255.255.255.0 mpls mpls ldp # interface LoopBack1 ip address 2.2.2.9 255.255.255.255 # ospf 1 area 0.0.0.0 network 2.2.2.9 0.0.0.0 network 100.2.1.0 0.0.0.255 network 100.1.1.0 0.0.0.255 # return

Configuration file of PE
# sysname PE

7-94

Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd.

Issue 03 (2008-09-22)

Quidway NetEngine80E/40E Core Router Configuration Guide - VPN


# mpls lsr-id 3.3.3.9 mpls # mpls l2vpn # vsi v123 static pwsignal ldp vsi-id 123 peer 2.2.2.9 # mpls ldp # interface GigabitEthernet2/0/0.1 undo shutdown vlan-type dot1q 10 l2 binding vsi v123 # interface Pos1/0/0 link-protocol ppp undo shutdown ip address 100.2.1.2 255.255.255.0 mpls mpls ldp # interface LoopBack1 ip address 3.3.3.9 255.255.255.255 # ospf 1 area 0.0.0.0 network 100.2.1.0 0.0.0.255 network 3.3.3.9 0.0.0.0 # return l

7 VPLS Configuration

Configuration file of CE1


# sysname CE1 # interface GigabitEthernet1/0/0.1 undo shutdown vlan-type dot1q 10 ip address 10.1.1.1 255.255.255.0 # return

Configuration file of CE2


# sysname CE2 # interface GigabitEthernet1/0/0.1 undo shutdown vlan-type dot1q 10 ip address 10.1.1.2 255.255.255.0 # return

Configuration file of CE3


# sysname CE3 # interface GigabitEthernet1/0/0.1 undo shutdown vlan-type dot1q 10 ip address 10.1.1.3 255.255.255.0 # return

Issue 03 (2008-09-22)

Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd.

7-95

7 VPLS Configuration

Quidway NetEngine80E/40E Core Router Configuration Guide - VPN

7.13.5 Example for Configuring Loop Detection of ACs in a VPLS Network


Networking Requirements
As shown in Figure 7-12, both PE1 and PE2 enabling VPLS work as PE. CE1 directly connects to PE1 through the Switch; there are redundant links between PE1 and the Switch. Both CE1 and CE2 belong to one VPLS network. LDP is used as VPLS signaling to set up a PW; after the VPLS is configured, CE1 and CE2 can communicate with each other. Configure loop detection on the redundant link between PE1 and the Switch, so no loop occurs to the redundant links connecting to the VPLS network, free from the broadcast storm. In addition, if the active link is faulty, the standby link blocked works after 3 seconds of the delay. Figure 7-12 Networking diagram of configuring loop detection of ACs in a VPLS network
Loopback1 1.1.1.9/32 POS2/0/0 100.1.1.1/30 GE1/0/1.1 POS1/0/0 100.1.1.2/30 Loopback1 2.2.2.9/32 POS2/0/0 100.2.1.1/30 POS1/0/0 100.2.1.2/30 Loopback1 3.3.3.9/32

PE1
GE1/0/0.1

PE2
GE2/0/0.1 GE2/0/0.1 10.1.1.2/24

GE1/0/0

GE1/0/1

Switch
GE1/0/2 GE1/0/0 10.1.1.1/24

CE2

CE1

Configuration Roadmap
The configuration roadmap is as follows: 1. 2. 3. 4. 5. 6. Configure routing protocols on the backbone network for communication. Establish the remote LDP sessions between PEs. Establish a tunnel for data transmission of users between PEs. Enable MPLS L2VPN on PE. Create a VSI on PE, and use LDP as signaling; bind the VSI to the AC interface. Configure loop detection on the AC interface that has redundant links.

Data Preparation
To complete the configuration, you need the following data:
l

VSI and VSI ID


Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd. Issue 03 (2008-09-22)

7-96

Quidway NetEngine80E/40E Core Router Configuration Guide - VPN


l l l

7 VPLS Configuration

IP address of the peer and the tunnel used to set up the peer Interface bound to the VSI Time interval for block-to-recovery by loop detection

Configuration Procedure
1. 2. Configure the IP addresses of interfaces. The detailed configurations are not mentioned here. Configure IGP, and the example uses OSPF.
NOTE

When enabling OSPF, advertise the 32-bit address for the loopback interface of PE.

# Configure PE1.
[PE1] ospf 1 [PE1-ospf-1] area 0 [PE1-ospf-1-area-0.0.0.0] network 1.1.1.9 0.0.0.0 [PE1-ospf-1-area-0.0.0.0] network 100.1.1.0 0.0.0.3 [PE1-ospf-1-area-0.0.0.0] quit [PE1-ospf-1] quit

# Configure the P.
[P] ospf 1 [P-ospf-1] area 0 [P-ospf-1-area-0.0.0.0] [P-ospf-1-area-0.0.0.0] [P-ospf-1-area-0.0.0.0] [P-ospf-1-area-0.0.0.0] [P-ospf-1] quit network 2.2.2.9 0.0.0.0 network 100.1.1.0 0.0.0.3 network 100.2.1.0 0.0.0.3 quit

# Configure PE2.
[PE2] ospf 1 [PE2-ospf-1] area 0 [PE2-ospf-1-area-0.0.0.0] network 3.3.3.9 0.0.0.0 [PE2-ospf-1-area-0.0.0.0] network 100.2.1.0 0.0.0.3 [PE2-ospf-1-area-0.0.0.0] quit [PE2-ospf-1] quit

After this step, PE1, PE2, and PE3 discover the IP routes of each other through OSPF. # Take PE1 as an example.
[PE1] display ip routing-table Route Flags: R - relied, D - download to fib -----------------------------------------------------------------------------Routing Tables: Public Destinations : 8 Routes : 8 Destination/Mask Proto Pre Cost Flags NextHop Interface 1.1.1.9/32 Direct 0 0 D 127.0.0.1 InLoopBack0 2.2.2.9/32 OSPF 10 2 D 100.1.1.2 GigabitEthernet2/0/0 3.3.3.9/32 OSPF 10 3 D 100.1.1.2 GigabitEthernet2/0/0 100.1.1.0/30 Direct 0 0 D 100.1.1.1 GigabitEthernet2/0/0 100.1.1.1/32 Direct 0 0 D 127.0.0.1 InLoopBack0 100.2.1.0/30 OSPF 10 2 D 100.1.1.2 GigabitEthernet2/0/0 127.0.0.0/8 Direct 0 0 D 127.0.0.1 InLoopBack0 127.0.0.1/32 Direct 0 0 D 127.0.0.1 InLoopBack0

3.

Configure the basic MPLS functions and the LDP. # Configure PE1.
[PE1] mpls lsr-id 1.1.1.9 [PE1] mpls [PE1-mpls] quit [PE1] mpls ldp [PE1-mpls-ldp] quit [PE1] interface gigabitethernet 2/0/0

Issue 03 (2008-09-22)

Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd.

7-97

7 VPLS Configuration
[PE1-GigabitEthernet2/0/0] mpls [PE1-GigabitEthernet2/0/0] mpls ldp [PE1-GigabitEthernet2/0/0] quit

Quidway NetEngine80E/40E Core Router Configuration Guide - VPN

# Configure the P.
[P] mpls lsr-id 2.2.2.9 [P] mpls [P-mpls] quit [P] mpls ldp [P-mpls-ldp] quit [P] interface gigabitethernet [P-GigabitEthernet1/0/0] mpls [P-GigabitEthernet1/0/0] mpls [P-GigabitEthernet1/0/0] quit [P] interface gigabitethernet [P-GigabitEthernet2/0/0] mpls [P-GigabitEthernet2/0/0] mpls [P-GigabitEthernet2/0/0] quit

1/0/0 ldp 2/0/0 ldp

# Configure PE2.
[PE2] mpls lsr-id 3.3.3.9 [PE2] mpls [PE2-mpls] quit [PE2] mpls ldp [PE2-mpls-ldp] quit [PE2] interface gigabitethernet2/0/0 [PE2-GigabitEthernet2/0/0] mpls [PE2-GigabitEthernet2/0/0] mpls ldp [PE2-GigabitEthernet2/0/0] quit

After the configurations above, PE and the P set up the LDP session. Run the display mpls ldp session command. You van view the Status in the displayed information is Operational. # Take PE1 as an example.
[PE1] display mpls ldp session LDP Session(s) in Public Network -----------------------------------------------------------------------------Peer-ID Status LAM SsnRole SsnAge KA-Sent/Rcv -----------------------------------------------------------------------------2.2.2.9:0 Operational DU Passive 000:00:02 10/10 -----------------------------------------------------------------------------TOTAL: 1 session(s) Found. LAM : Label Advertisement Mode SsnAge Unit : DDD:HH:MM

4.

Establish remote LDP sessions between PEs. # Configure PE1.


[PE1] mpls ldp remote-peer pe2 [PE1-mpls-ldp-remote-pe2] remote-ip 3.3.3.9 [PE1-mpls-ldp-remote-pe2] quit

# Configure PE2.
[PE2] mpls ldp remote-peer pe1 [PE2-mpls-ldp-remote-pe1] remote-ip 1.1.1.9 [PE2-mpls-ldp-remote-pe1] quit

After the configurations above, run the display mpls ldp session command on either PE1 or PE2. If the status of the peers for PE1 and PE2 is Operational, it means the remote peer relationship has been set up. # Take PE1 as an example.
[PE1] display mpls ldp session LDP Session(s) in Public Network -----------------------------------------------------------------------------Peer-ID Status LAM SsnRole SsnAge KA-Sent/Rcv

7-98

Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd.

Issue 03 (2008-09-22)

Quidway NetEngine80E/40E Core Router Configuration Guide - VPN

7 VPLS Configuration

-----------------------------------------------------------------------------2.2.2.9:0 Operational DU Passive 000:00:02 10/10 3.3.3.9:0 Operational DU Passive 000:00:02 9/9 -----------------------------------------------------------------------------TOTAL: 2 session(s) Found. LAM : Label Advertisement Mode SsnAge Unit : DDD:HH:MM

5.

Enable MPLS L2VPN on PE. # Configure PE1.


[PE1] mpls l2vpn [PE1-l2vpn] quit

# Configure PE2.
[PE2] mpls l2vpn [PE2-l2vpn] quit

6.

Configure the VSI on PE. # Configure PE1.


[PE1] vsi a2 static [PE1-vsi-a2] pwsignal ldp [PE1-vsi-a2-ldp] vsi-id 2 [PE1-vsi-a2-ldp] peer 3.3.3.9 [PE1-vsi-a2-ldp] quit [PE1-vsi-a2] quit

# Configure PE2.
[PE2] vsi a2 static [PE2-vsi-a2] pwsignal ldp [PE2-vsi-a2-ldp] vsi-id 2 [PE2-vsi-a2-ldp] peer 1.1.1.9 [PE2-vsi-a2-ldp] quit [PE2-vsi-a2] quit

7.

On PE, bind VSI to interfaces. # Configure PE1.


[PE1] interface gigabitethernet1/0/0 [PE1-GigabitEthernet1/0/0] undo shutdown [PE1-GigabitEthernet1/0/0] quit [PE1] interface gigabitethernet1/0/0.1 [PE1-GigabitEthernet1/0/0.1] vlan-type dot1q 10 [PE1-GigabitEthernet1/0/0.1] l2 binding vsi a2 [PE1-GigabitEthernet1/0/0.1] quit [PE1] interface gigabitethernet1/0/1 [PE1-GigabitEthernet1/0/1] undo shutdown [PE1-GigabitEthernet1/0/1] quit [PE1] interface gigabitethernet1/0/1.1 [PE1-GigabitEthernet1/0/1.1] vlan-type dot1q 10 [PE1-GigabitEthernet1/0/1.1] l2 binding vsi a2 [PE1-GigabitEthernet1/0/1.1] quit

# Configure PE2.
[PE2] interface gigabitethernet2/0/0 [PE2-GigabitEthernet2/0/0] undo shutdown [PE2-GigabitEthernet2/0/0] quit [PE2] interface gigabitethernet2/0/0.1 [PE2-GigabitEthernet2/0/0.1] vlan-type dot1q 10 [PE2-GigabitEthernet2/0/0.1] l2 binding vsi a2 [PE2-GigabitEthernet2/0/0.1] quit

8.

Configure the connection of CE to the VPLS network. # Configure the Switch


<Quidway> system-view [Quidway] sysname Switch [Switch] vlan 10

Issue 03 (2008-09-22)

Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd.

7-99

7 VPLS Configuration
[Switch-vlan10] quit [Switch] interface gigabitethernet [Switch-GigabitEthernet1/0/0] port [Switch-GigabitEthernet1/0/0] quit [Switch] interface gigabitethernet [Switch-GigabitEthernet1/0/1] port [Switch-GigabitEthernet1/0/1] quit [Switch] interface gigabitethernet [Switch-GigabitEthernet1/0/2] port [Switch-GigabitEthernet1/0/2] port [Switch-GigabitEthernet1/0/2] quit

Quidway NetEngine80E/40E Core Router Configuration Guide - VPN

1/0/0 trunk allow-pass vlan 10 1/0/1 trunk allow-pass vlan 10 1/0/2 link-type access default vlan 10

# Configure CE1.
<Quidway> sysname CE1 [CE1] interface gigabitethernet1/0/0 [CE1-GigabitEthernet1/0/0] ip address 10.1.1.1 255.255.255.0 [CE1-GigabitEthernet1/0/0] undo shutdown [CE1-GigabitEthernet1/0/0] quit

# Configure CE2.
<Quidway> sysname CE2 [CE2] interface gigabitethernet1/0/0 [CE2-GigabitEthernet1/0/0] undo shutdown [CE2-GigabitEthernet1/0/0] quit [CE2] interface gigabitethernet1/0/0.1 [CE2-GigabitEthernet1/0/0.1] vlan-type dot1q 10 [CE2-GigabitEthernet1/0/0.1] ip address 10.1.1.2 255.255.255.0 [CE2-GigabitEthernet1/0/0.1] quit

9.

Configure loop detection on PE1. # Configure PE1.


[PE1] loop-detection enable [PE1] interface gigabitethernet1/0/0.1 [PE1-GigabitEthernet1/0/0.1] loop-detect [PE1-GigabitEthernet1/0/0.1] loop-detect [PE1-GigabitEthernet1/0/0.1] quit [PE1] interface gigabitethernet1/0/1.1 [PE1-GigabitEthernet1/0/1.1] loop-detect [PE1-GigabitEthernet1/0/1.1] loop-detect [PE1-GigabitEthernet1/0/1.1] quit enable block 3 enable block 3

After the configurations above, run the display interface command on PE1. You can view that one of the AC interfaces of PE1 is blocked.
[PE1] display interface gigabitethernet 1/0/0.1 GigabitEthernet1/0/0.1 current state : UP (interface is blocked) Line protocol current state : UP Description : HUAWEI, Quidway Series, GigabitEthernet1/0/0.1 Interface, Route Po rt The Maximum Transmit Unit is 1500 bytes Internet protocol processing : disabled IP Sending Frames' Format is PKTFMT_ETHNT_2, Hardware address is 00e0-fc7d-a498 Encapsulation dot1q Virtual LAN, The number of Vlan is 1 The Vendor PN is HFBR-5710L Port BW: 1G, Transceiver max BW: 1G, Transceiver Mode: MultiMode WaveLength: 850nm, Transmission Distance: 550m Loopback:none, full-duplex mode, negotiation: disable, Pause Flowcontrol:Send a nd Receive Enable Last 300 seconds input rate 0 bytes/sec, 0 packets/sec Last 300 seconds output rate 0 bytes/sec, 0 packets/sec Input: 0 packets,0 bytes, 0 unicast,0 broadcast,0 multicasts 0 errors,0 drops,0 unknowprotocol Output:0 packets,0 bytes, 0 unicast,0 broadcast,0 multicasts 0 errors,0 drops [PE1] display interface gigabitethernet 1/0/1.1

7-100

Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd.

Issue 03 (2008-09-22)

Quidway NetEngine80E/40E Core Router Configuration Guide - VPN

7 VPLS Configuration

GigabitEthernet1/0/1.1 current state : UP Line protocol current state : UP Description : HUAWEI, Quidway Series, GigabitEthernet1/0/1.1 Interface, Route Po rt The Maximum Transmit Unit is 1500 bytes Internet protocol processing : disabled IP Sending Frames' Format is PKTFMT_ETHNT_2, Hardware address is 00e0-fc7d-a499 Encapsulation dot1q Virtual LAN, The number of Vlan is 1 The Vendor PN is HFBR-5710L Port BW: 1G, Transceiver max BW: 1G, Transceiver Mode: MultiMode WaveLength: 850nm, Transmission Distance: 550m Loopback:none, full-duplex mode, negotiation: disable, Pause Flowcontrol:Send a nd Receive Enable Last 300 seconds input rate 0 bytes/sec, 0 packets/sec Last 300 seconds output rate 0 bytes/sec, 0 packets/sec Input: 0 packets,0 bytes, 0 unicast,0 broadcast,0 multicasts 0 errors,0 drops,0 unknowprotocol Output:0 packets,0 bytes, 0 unicast,0 broadcast,0 multicasts 0 errors,0 drops

10. Verify the configuration. After the configuration above, run the display vsi name a2 verbose command on PE1. You can view that the VSI named a2 sets up a PW to PE2, and VSI is Up.
[PE1] display vsi name a2 verbose *** VSI Name : a2 VSI Index : 0 PW Signaling : ldp Member Discovery Style : static PW MAC Learn Style : unqualify Encapulation Type : vlan MTU : 1500 VSI State : up VSI ID : 2 *Peer Router ID : 3.3.3.9 VC Label : 17408 Peer Type : dynamic Session : up Tunnel ID : 0x6002001, Interface Name : GigabitEthernet1/0/0.1 State : down Interface Name : GigabitEthernet1/0/1.1 State : up *Peer Ip Address : 3.3.3.9 PW State : up Local VC Label : 17408 Remote VC Label : 17408 PW Type : label Tunnel ID : 0x6002001,

CE1 (10.1.1.1) can ping through CE2 (10.1.1.2).


[CE1] ping 10.1.1.2 PING 10.1.1.2: 56 data bytes, press CTRL_C to break Reply from 10.1.1.2: bytes=56 Sequence=1 ttl=255 time=90 Reply from 10.1.1.2: bytes=56 Sequence=2 ttl=255 time=77 Reply from 10.1.1.2: bytes=56 Sequence=3 ttl=255 time=34 Reply from 10.1.1.2: bytes=56 Sequence=4 ttl=255 time=46 Reply from 10.1.1.2: bytes=56 Sequence=5 ttl=255 time=94 --- 10.1.1.2 ping statistics --5 packet(s) transmitted 5 packet(s) received 0.00% packet loss round-trip min/avg/max = 34/68/94 ms ms ms ms ms ms

Issue 03 (2008-09-22)

Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd.

7-101

7 VPLS Configuration

Quidway NetEngine80E/40E Core Router Configuration Guide - VPN

Configuration Files
l

Configuration file of CE1


# sysname CE1 # interface GigabitEthernet1/0/0 undo shutdown ip address 10.1.1.1 255.255.255.0 # return

Configuration file of CE2


# sysname CE2 # interface GigabitEthernet1/0/0 undo shutdown # interface GigabitEthernet1/0/0.1 vlan-type dot1q 10 ip address 10.1.1.2 255.255.255.0 # Return

Configuration file of Switch


# sysname Switch # vlan batch 10 # interface GigabitEthernet1/0/0 port trunk allow-pass vlan 10 # interface GigabitEthernet1/0/1 port trunk allow-pass vlan 10 # interface GigabitEthernet1/0/2 port link-type access port default vlan 10 # return

Configuration file of PE1


# sysname PE1 # loop-detection enable # mpls lsr-id 1.1.1.9 mpls # mpls l2vpn # vsi a2 static pwsignal ldp vsi-id 2 peer 3.3.3.9 # mpls ldp # mpls ldp remote-peer pe2 remote-ip 3.3.3.9 # interface GigabitEthernet1/0/0 undo shutdown # interface GigabitEthernet1/0/0.1 vlan-type dot1q 10

7-102

Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd.

Issue 03 (2008-09-22)

Quidway NetEngine80E/40E Core Router Configuration Guide - VPN


l2 binding vsi a2 loop-detect enable loop-detect block 3 # interface GigabitEthernet2/0/0 undo shutdown ip address 100.1.1.1 255.255.255.252 mpls mpls ldp # interface LoopBack1 ip address 1.1.1.9 255.255.255.255 # ospf 1 area 0.0.0.0 network 1.1.1.9 0.0.0.0 network 100.1.1.0 0.0.0.3 # return l

7 VPLS Configuration

Configuration file of the P.


# sysname P # mpls lsr-id 2.2.2.9 mpls # mpls ldp # interface GigabitEthernet1/0/0 undo shutdown ip address 100.1.1.2 255.255.255.252 mpls mpls ldp # interface GigabitEthernet2/0/0 undo shutdown ip address 100.2.1.1 255.255.255.252 mpls mpls ldp # interface LoopBack1 ip address 2.2.2.9 255.255.255.255 # ospf 1 area 0.0.0.0 network 100.1.1.0 0.0.0.3 network 100.2.1.0 0.0.0.3 network 2.2.2.9 0.0.0.0 # return

Configuration file of PE2


# sysname PE2 # loop-detection enable # mpls lsr-id 3.3.3.9 mpls # mpls l2vpn # vsi a2 static pwsignal ldp vsi-id 2 peer 1.1.1.9 # mpls ldp #

Issue 03 (2008-09-22)

Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd.

7-103

7 VPLS Configuration
mpls ldp remote-peer pe1 remote-ip 1.1.1.9 # interface GigabitEthernet1/0/0 undo shutdown ip address 100.2.1.2 255.255.255.0 mpls mpls ldp # interface GigabitEthernet2/0/0 undo shutdown # interface GigabitEthernet2/0/0.1 vlan-type dot1q 10 l2 binding vsi a2 loop-detect enable loop-detect block 3 # interface LoopBack1 ip address 3.3.3.9 255.255.255.255 # ospf 1 area 0.0.0.0 network 3.3.3.9 0.0.0.0 network 100.2.1.0 0.0.0.3 # return

Quidway NetEngine80E/40E Core Router Configuration Guide - VPN

7.13.6 Example for Configuring a dynamic VLL to Access the VPLS


Networking Requirements
As shown in Figure 7-13, VLLs are set up between UPEs and SPEs in Martini mode. CE1 and CE2 access the full-meshed VPLS network through UPEs. Figure 7-13 Diagram of configuring dynamic VLLs to access the VPLS network
Loopback1 1.1.1.9/32 POS1/0/0 100.1.1.1/24 POS1/0/0 100.1.1.2/24 GE2/0/0 100.1.3.1/24 GE1/0/0 100.1.3.2/24 Loopback1 2.2.2.9/32 Loopback1 3.3.3.9/32

SPE1

POS1/0/0 100.1.2.2/24 POS2/0/0 100.1.2.1/24 GE2/0/0 100.1.4.1/24 GE1/0/0 100.1.4.2/24

SPE2
Loopback1 5.5.5.9/32

Loopback1 4.4.4.9/32

UPE1
GE2/0/0.1 GE1/0/0.1 10.1.1.1/24

UPE2
GE2/0/0.1 GE1/0/0.1 10.1.1.2/24

CE1

CE2

Configuration Roadmap
The configuration roadmap is as follows: 1.
7-104

Complete the task of Figure 7-13 between the SPE devices


Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd. Issue 03 (2008-09-22)

Quidway NetEngine80E/40E Core Router Configuration Guide - VPN

7 VPLS Configuration

2. 3. 4.

Configure the basic MPLS L2VPN capability on the UPE and the SPE devices Configure the dynamic VLL and VSI on the SPE devices and enable the MAC withdraw function of the VSI. Configure the dynamic VLL on the UPE devices to access the SPE devices.

Data Preparation
To complete the configuration, you need the following data:
l l l l

VSI name and VSI ID VC ID of the L2VC MPLS LSR ID (IP address of the peer) of the UPE and the SPE devices Routing protocol

Configuration Procedure
1. Configure the IP addresses. As shown in Figure 7-13, configure the IP addresses and masks for the interfaces including loopback interfaces. Run the undo shutdown command to turn all the physical interfaces to Up.
NOTE

If all the UPE interfaces are Layer 2 GE interfaces, they cannot be configured with the IP addresses. The IP addresses can be configured only after those interfaces join the VLAN and become the VLANIF interfaces. For detailed configuration, refer to the chapter "VLAN Configuration" in the Quidway NetEngine80E/40E Router Configuration Guide - LAN Access and MAN Access.

2.

Configure IGP. Configure OSPF on the SPE and P devices and advertise the network segment address and the LSR IP address. # Configure SPE1.
[SPE1] ospf [SPE1-ospf-1] area 0 [SPE1-ospf-1-area-0.0.0.0] [SPE1-ospf-1-area-0.0.0.0] [SPE1-ospf-1-area-0.0.0.0] [SPE1-ospf-1-area-0.0.0.0] [SPE1-ospf-1] quit network 1.1.1.9 0.0.0.0 network 100.1.1.0 0.0.0.255 network 100.1.3.0 0.0.0.255 quit

# Configure P.
[P] ospf [P-ospf-1] area 0 [P-ospf-1-area-0.0.0.0] [P-ospf-1-area-0.0.0.0] [P-ospf-1-area-0.0.0.0] [P-ospf-1-area-0.0.0.0] [P-ospf-1] quit network 2.2.2.9 0.0.0.0 network 100.1.1.0 0.0.0.255 network 100.1.2.0 0.0.0.255 quit

# Configure SPE2.
[SPE2] ospf [SPE2-ospf-1] area 0 [SPE2-ospf-1-area-0.0.0.0] [SPE2-ospf-1-area-0.0.0.0] [SPE2-ospf-1-area-0.0.0.0] [SPE2-ospf-1-area-0.0.0.0] [SPE2-ospf-1] quit network 3.3.3.9 0.0.0.0 network 100.1.2.0 0.0.0.255 network 100.1.4.0 0.0.0.255 quit

# Configure UPE1.
Issue 03 (2008-09-22) Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd. 7-105

7 VPLS Configuration

Quidway NetEngine80E/40E Core Router Configuration Guide - VPN


[UPE1] ospf [UPE1-ospf-1] area 0 [UPE1-ospf-1-area-0.0.0.0] network 4.4.4.9 0.0.0.0 [UPE1-ospf-1-area-0.0.0.0] network 100.1.3.0 0.0.0.255 [UPE1-ospf-1-area-0.0.0.0] quit [UPE1-ospf-1] quit

# Configure UPE2.
[UPE2] ospf [UPE2-ospf-1] area 0 [UPE2-ospf-1-area-0.0.0.0] network 5.5.5.9 0.0.0.0 [UPE2-ospf-1-area-0.0.0.0] network 100.1.4.0 0.0.0.255 [UPE2-ospf-1-area-0.0.0.0] quit [UPE2-ospf-1] quit

3.

Configure the basic MPLS capability and LDP. # Configure SPE1.


[SPE1] mpls lsr-id 1.1.1.9 [SPE1] mpls [SPE1-mpls] quit [SPE1] mpls ldp [SPE1-mpls-ldp] quit [SPE1] interface pos 1/0/0 [SPE1-Pos1/0/0] mpls [SPE1-Pos1/0/0] mpls ldp [SPE1-Pos1/0/0] quit [SPE1] interface gigabitethernet 2/0/0 [SPE1-GigabitEthernet2/0/0] mpls [SPE1-GigabitEthernet2/0/0] mpls ldp [SPE1-GigabitEthernet2/0/0] quit

# Configure P.
[P] mpls lsr-id 2.2.2.9 [P] mpls [P-mpls] quit [P] mpls ldp [P-mpls-ldp] quit [P] interface pos 1/0/0 [P-Pos1/0/0] mpls [P-Pos1/0/0] mpls ldp [P-Pos1/0/0] quit [P] interface gigabitethernet 2/0/0 [P-GigabitEthernet2/0/0] mpls [P-GigabitEthernet2/0/0] mpls ldp [P-GigabitEthernet2/0/0] quit

# Configure SPE2.
[SPE2] mpls lsr-id 3.3.3.9 [SPE2] mpls [SPE2-mpls] quit [SPE2] mpls ldp [SPE2-mpls-ldp] quit [SPE2] interface pos 1/0/0 [SPE2-Pos1/0/0] mpls [SPE2-Pos1/0/0] mpls ldp [SPE2-Pos1/0/0] quit [SPE2] interface gigabitethernet 2/0/0 [SPE2-GigabitEthernet2/0/0] mpls [SPE2-GigabitEthernet2/0/0] mpls ldp [SPE2-GigabitEthernet2/0/0] quit

# Configure UPE1.
[UPE1] mpls lsr-id 4.4.4.9 [UPE1] mpls [UPE1-mpls] quit [UPE1] mpls ldp [UPE1-mpls-ldp] quit [UPE1] interface gigabitethernet 1/0/0 [UPE1-GigabitEthernet1/0/0] mpls

7-106

Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd.

Issue 03 (2008-09-22)

Quidway NetEngine80E/40E Core Router Configuration Guide - VPN


[UPE1-GigabitEthernet1/0/0] mpls ldp [UPE1-GigabitEthernet1/0/0] quit

7 VPLS Configuration

# Configure UPE2.
[UPE2] mpls lsr-id 5.5.5.9 [UPE2] mpls [UPE2-mpls] quit [UPE2] mpls ldp [UPE2-mpls-ldp] quit [UPE2] interface gigabitethernet 1/0/0 [UPE2-GigabitEthernet1/0/0] mpls [UPE2-GigabitEthernet1/0/0] mpls ldp [UPE2-GigabitEthernet1/0/0] quit

After the configuration, run the display mpls ldp session command on the UPE, P and SPE. You can find the "Status" is "Operational". It means the peer between the UPE and SPE or the peer between the SPE and P is set up. Running the display mpls lsp command, you can view information about the LSP setup. 4. Establish the remote LDP session between the SPE devices. # Configure SPE1.
[SPE1] mpls ldp remote-peer 1 [SPE1-mpls-ldp-remote-1] remote-ip 3.3.3.9 [SPE1-mpls-ldp-remote-1] quit

# Configure SPE2.
[SPE2] mpls ldp remote-peer 1 [SPE2-mpls-ldp-remote-1] remote-ip 1.1.1.9 [SPE2-mpls-ldp-remote-1] quit

5.

Enable the MPLS L2VPN fucntion of the UPE devices and configure the UPE devices to access the SPE devices through the Martini VLL. # Configure UPE1.
[UPE1] mpls l2vpn [UPE1-l2vpn] quit [UPE1] interface gigabitethernet 2/0/0.1 [UPE1-GigabitEthernet2/0/0.1] vlan-type dot1q 1 [UPE1-GigabitEthernet2/0/0.1] mpls l2vc 1.1.1.9 100 [UPE1-GigabitEthernet2/0/0.1] quit

# Configure UPE2.
[UPE2] mpls l2vpn [UPE2-l2vpn] quit [UPE2] interface gigabitethernet 2/0/0.1 [UPE2-GigabitEthernet2/0/0.1] vlan-type dot1q 1 [UPE2-GigabitEthernet2/0/0.1] mpls l2vc 3.3.3.9 100 [UPE2-GigabitEthernet2/0/0.1] quit

6.

Enable the MPLS L2VPN function of the SPE devices and create VSIs. # Configure SPE1.
[SPE1] mpls l2vpn [SPE1-l2vpn] quit [SPE1] vsi V100 static [SPE1-vsi-v100] pwsignal ldp [SPE1-vsi-v100-ldp] vsi-id 100 [SPE1-vsi-v100-ldp] peer 3.3.3.9 [SPE1-vsi-v100-ldp] peer 4.4.4.9 upe [SPE1-vsi-v100-ldp] quit

# Configure SPE2.
[SPE2] mpls l2vpn [SPE2-l2vpn] quit [SPE2] vsi V100 static [SPE2-vsi-v100] pwsignal ldp [SPE2-vsi-v100-ldp] vsi-id 100 [SPE2-vsi-v100-ldp] peer 1.1.1.9

Issue 03 (2008-09-22)

Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd.

7-107

7 VPLS Configuration
[SPE2-vsi-v100-ldp] peer 5.5.5.9 upe [SPE2-vsi-v100-ldp] quit

Quidway NetEngine80E/40E Core Router Configuration Guide - VPN

7.

Verify the configuration. After the previous configuration, run the display mpls l2vc command on the UPE devices. You can find that the Martini VLL is established and the VC status is Up. Take the UPE1 as an example:
[UPE1] display mpls l2vc total LDP VC : 1 1 up 0 down *client interface : GigabitEthernet2/0/0.1 session state : up AC status : up VC state : up VC ID : 100 VC type : VLAN destination : 1.1.1.9 local VC label : 21504 remote VC label : 21504 control word : disable forwarding entry : existent local group ID : 0 manual fault : not set active state : active link state : up local VC MTU : 1500 remote VC MTU : 1500 tunnel policy name : -traffic behavior name: -PW template name : -primary or secondary : primary create time : 0 days, 0 hours, 7 minutes, 55 seconds up time : 0 days, 0 hours, 4 minutes, 58 seconds last change time : 0 days, 0 hours, 4 minutes, 58 seconds

Run the display vsi v100 command on the SPE devices. You can find the status of the VSI named v100 is Up, and the corresponding PW status is also Up. Take the SPE1 as an example:
<SPE1> display vsi v100 Vsi Mem PW Mac Encap Name Disc Type Learn Type v100 static ldp unqualify vlan Mtu Vsi Value State 1500 up

The CE1 and CE2 on the same network segment can successfully ping each other. Before GE 2/0/0 of the SPE1 is shutdown, view the MAC address table on the SPE2 as follows:
[SPE2] display mac-address dynamic 2 MAC Address VLAN/VSI Port Type Lsp ---------------------------------------------------------------------------0000-c101-0102 100 GigabitEthernet2/0/0 dynamic 3/3366 Total matching items displayed = 2

After GE 2/0/0 of the SPE1 is shutdown, the VSI bound with the static VLL is informed that the interface is Down. Check the MAC address table learned by the VSI on the SPE2. You can find the MAC address learned from GE 2/0/0 is deleted.
[SPE2] display mac-address dynamic 2 MAC Address VLAN/VSI Port Type Lsp ---------------------------------------------------------------------------Total matching items displayed = 0

Configuration Files
l

Configuration file of CE1


# sysname CE1 # interface GigabitEthernet1/0/0

7-108

Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd.

Issue 03 (2008-09-22)

Quidway NetEngine80E/40E Core Router Configuration Guide - VPN


undo shutdown # interface GigabitEthernet1/0/0.1 vlan-type dot1q 1 ip address 10.1.1.1 255.255.255.0 # return l

7 VPLS Configuration

Configuration file of CE2


# sysname CE2 # interface GigabitEthernet1/0/0 undo shutdown # interface GigabitEthernet1/0/0.1 vlan-type dot1q 1 ip address 10.1.1.2 255.255.255.0 # return

Configuration files of the UPE1


# sysname UPE1 # mpls lsr-id 4.4.4.9 mpls # mpls l2vpn # mpls ldp # interface GigabitEthernet1/0/0 undo shutdown ip address 100.1.3.2 255.255.255.0 mpls mpls ldp # interface GigabitEthernet2/0/0 undo shutdown # interface GigabitEthernet2/0/0.1 vlan-type dot1q 1 mpls l2vc 1.1.1.9 100 # interface LoopBack1 ip address 4.4.4.9 255.255.255.255 # ospf 1 area 0.0.0.0 network 4.4.4.9 0.0.0.0 network 100.1.3.0 0.0.0.255 # return

Configuration files of the SPE1


# sysname SPE1 # mpls lsr-id 1.1.1.9 mpls # mpls l2vpn # vsi v100 static pwsignal ldp vsi-id 100 peer 3.3.3.9 peer 4.4.4.9 upe #

Issue 03 (2008-09-22)

Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd.

7-109

7 VPLS Configuration
mpls ldp # mpls ldp remote-peer 1 remote-ip 3.3.3.9 # interface GigabitEthernet2/0/0 undo shutdown ip address 100.1.3.1 255.255.255.0 mpls mpls ldp # interface Pos1/0/0 undo shutdown link-protocol ppp ip address 100.1.1.1 255.255.255.0 mpls mpls ldp # interface LoopBack1 ip address 1.1.1.9 255.255.255.255 # ospf 1 area 0.0.0.0 network 1.1.1.9 0.0.0.0 network 100.1.1.0 0.0.0.255 network 100.1.3.0 0.0.0.255 # return l

Quidway NetEngine80E/40E Core Router Configuration Guide - VPN

Configuration files of the P


# sysname P # mpls lsr-id 2.2.2.9 mpls # mpls ldp # interface Pos1/0/0 undo shutdown link-protocol ppp ip address 100.1.1.2 255.255.255.0 mpls mpls ldp # interface Pos2/0/0 undo shutdown link-protocol ppp ip address 100.1.2.1 255.255.255.0 mpls mpls ldp # interface LoopBack1 ip address 2.2.2.9 255.255.255.255 # ospf 1 area 0.0.0.0 network 2.2.2.9 0.0.0.0 network 100.1.1.0 0.0.0.255 network 100.1.2.0 0.0.0.255 # return

Configuration files of the SPE2


# sysname SPE2 # mpls lsr-id 3.3.3.9 mpls #

7-110

Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd.

Issue 03 (2008-09-22)

Quidway NetEngine80E/40E Core Router Configuration Guide - VPN


mpls l2vpn # vsi v100 static pwsignal ldp vsi-id 100 mac-withdraw enable peer 1.1.1.9 peer 5.5.5.9 upe # mpls ldp # mpls ldp remote-peer 1 remote-ip 1.1.1.9 # interface GigabitEthernet2/0/0 undo shutdown ip address 100.1.4.1 255.255.255.0 mpls mpls ldp # interface Pos1/0/0 undo shutdown link-protocol ppp ip address 100.1.2.2 255.255.255.0 mpls mpls ldp # interface LoopBack1 ip address 3.3.3.9 255.255.255.255 # ospf 1 area 0.0.0.0 network 3.3.3.9 0.0.0.0 network 100.1.2.0 0.0.0.255 network 100.1.4.0 0.0.0.255 # return l

7 VPLS Configuration

Configuration files of the UPE2


# sysname UPE2 # mpls lsr-id 5.5.5.9 mpls # mpls l2vpn # mpls ldp # interface GigabitEthernet1/0/0 undo shutdown ip address 100.1.4.2 255.255.255.0 mpls mpls ldp # interface GigabitEthernet2/0/0 undo shutdown # interface GigabitEthernet2/0/0.1 vlan-type dot1q 1 mpls l2vc 3.3.3.9 100 # interface LoopBack1 ip address 5.5.5.9 255.255.255.255 # ospf 1 area 0.0.0.0 network 5.5.5.9 0.0.0.0 network 100.1.4.0 0.0.0.255 #

Issue 03 (2008-09-22)

Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd.

7-111

7 VPLS Configuration
return

Quidway NetEngine80E/40E Core Router Configuration Guide - VPN

7.13.7 Example for Configuring the Static VLL to Access the VPLS Network
Networking Requirements
As shown in Figure 7-14, the UPE devices do not support the dynamic VLL. Thus, the UPE devices have to access the SPE devices through the static VLL. It is required that the VLL in SVC mode is created between the UPE and the SPE devices, and the CE1 and CE2 access the VPLS meshed network through the UPE devices. Figure 7-14 Networking diagram of configuring static VLL to access the VPLS network
Loopback1 1.1.1.9/32 POS1/0/0 100.1.1.1/24 GE2/0/0 100.1.3.1/24 GE1/0/0 100.1.3.2/24 UPE1 GE2/0/0.1 GE1/0/0.1 10.1.1.1/24 POS1/0/0 100.1.1.2/24 P Loopback1 2.2.2.9/32 Loopback1 3.3.3.9/32

SPE1

POS1/0/0 100.1.2.2/24 POS2/0/0 100.1.2.1/24 GE2/0/0 100.1.4.1/24 GE1/0/0 100.1.4.2/24 UPE2 GE2/0/0.1 GE1/0/0.1 10.1.1.2/24

SPE2

Loopback1 4.4.4.9/32

Loopback1 5.5.5.9/32

CE1

CE2

Configuration Roadmap
The configuration roadmap is as follows: 1. 2. 3. 4. Complete the task of Configuring Martini VPLS between the SPE devices Configure the basic MPLS L2VPN capability on the UPE and the SPE devices Configure the static VLL and VSI on the SPE devices and enable the MAC withdraw function of the VSI. Configure the static VLL on the UPE devices to access the SPE devices.

Data Preparation
To complete the configuration, you need the following data:
l l l l

VSI name and VSI ID MPLS LSR ID (IP address of the peer) of the UPE and the SPE device Routing protocol Received and sent label of the static LSP of the UPE and the SPE devices
Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd. Issue 03 (2008-09-22)

7-112

Quidway NetEngine80E/40E Core Router Configuration Guide - VPN

7 VPLS Configuration

Configuration Procedure
1. Configure the IP addresses. As shown in Figure 7-14, configure the IP addresses and masks for the interfaces including loopback interfaces.
NOTE

If all the UPE interfaces are Layer 2 GE interfaces, they cannot be configured with the IP addresses. The IP addresses can be configured only after those interfaces join the VLAN and become the VLANIF interfaces. For detailed configuration, refer to the chapter "VLAN Configuration" in the Quidway NetEngine80E/40E Router Configuration Guide - LAN Access & MAN Access.

2.

Configure IGP. Configure OSPF on the SPE and P routers and advertise the network segment address and the LSR IP address. # Configure SPE1.
<SPE1> system-view [SPE1] ospf [SPE1-ospf-1] area 0 [SPE1-ospf-1-area-0.0.0.0] [SPE1-ospf-1-area-0.0.0.0] [SPE1-ospf-1-area-0.0.0.0] [SPE1-ospf-1-area-0.0.0.0] [SPE1-ospf-1] quit

network 1.1.1.9 0.0.0.0 network 100.1.1.0 0.0.0.255 network 100.1.3.0 0.0.0.255 quit

# Configure P.
<P> system-view [P] ospf [P-ospf-1] area 0 [P-ospf-1-area-0.0.0.0] [P-ospf-1-area-0.0.0.0] [P-ospf-1-area-0.0.0.0] [P-ospf-1-area-0.0.0.0] [P-ospf-1] quit

network 2.2.2.9 0.0.0.0 network 100.1.1.0 0.0.0.255 network 100.1.2.0 0.0.0.255 quit

# Configure SPE2.
<SPE2> system-view [SPE2] ospf [SPE2-ospf-1] area 0 [SPE2-ospf-1-area-0.0.0.0] [SPE2-ospf-1-area-0.0.0.0] [SPE2-ospf-1-area-0.0.0.0] [SPE2-ospf-1-area-0.0.0.0] [SPE2-ospf-1] quit

network 3.3.3.9 0.0.0.0 network 100.1.2.0 0.0.0.255 network 100.1.4.0 0.0.0.255 quit

# Configure UPE1.
<UPE1> system-view [UPE1] ospf [UPE1-ospf-1] area 0 [UPE1-ospf-1-area-0.0.0.0] network 4.4.4.9 0.0.0.0 [UPE1-ospf-1-area-0.0.0.0] network 100.1.3.0 0.0.0.255 [UPE1-ospf-1-area-0.0.0.0] quit [UPE1-ospf-1] quit

# Configure UPE2.
<UPE2> system-view [UPE2] ospf [UPE2-ospf-1] area 0 [UPE2-ospf-1-area-0.0.0.0] network 5.5.5.9 0.0.0.0 [UPE2-ospf-1-area-0.0.0.0] network 100.1.4.0 0.0.0.255 [UPE2-ospf-1-area-0.0.0.0] quit [UPE2-ospf-1] quit

3.

Configure the basic MPLS capability and LDP. # Configure SPE1.

Issue 03 (2008-09-22)

Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd.

7-113

7 VPLS Configuration
[SPE1] mpls lsr-id 1.1.1.9 [SPE1] mpls [SPE1-mpls] quit [SPE1] quit [SPE1] mpls ldp [SPE1-mpls-ldp] quit [SPE1] interface pos 1/0/0 [SPE1-Pos1/0/0] mpls [SPE1-Pos1/0/0] mpls ldp [SPE1-Pos1/0/0] quit [SPE1] interface gigabitethernet 2/0/0 [SPE1-GigabitEthernet2/0/0] mpls [SPE1-GigabitEthernet2/0/0] quit

Quidway NetEngine80E/40E Core Router Configuration Guide - VPN

# Configure P.
[P] mpls lsr-id 2.2.2.9 [P] mpls [P-mpls] quit [P] quit [P] mpls ldp [P-mpls-ldp] quit [P] interface pos 1/0/0 [P-Pos1/0/0] mpls [P-Pos1/0/0] mpls ldp [P-Pos1/0/0] quit [P] interface pos 2/0/0 [P-Pos2/0/0] mpls [P-Pos2/0/0] mpls ldp [P-Pos2/0/0] quit

# Configure SPE2.
[SPE2] mpls lsr-id 3.3.3.9 [SPE2] mpls [SPE2-mpls] quit [SPE2] quit [SPE2] mpls ldp [SPE2-mpls-ldp] quit [SPE2] interface pos 1/0/0 [SPE2-Pos1/0/0] mpls [SPE2-Pos1/0/0] mpls ldp [SPE2-Pos1/0/0] quit [SPE2] interface gigabitethernet 2/0/0 [SPE2-GigabitEthernet2/0/0] mpls [SPE2-GigabitEthernet2/0/0] quit

After the configuration, run the display mpls ldp session command on the SPE1, P, and SPE2. You can find the "Status" is "Operational". It means the peer between the SPE1 and P or the peer between the SPE2 and P is set up. Running the display mpls lsp command, you can view information about the LSP setup. Take SPE1 as an example:
<SPE1> display mpls ldp session LDP Session(s) in Public Network -----------------------------------------------------------------------------Peer-ID Status LAM SsnRole SsnAge KA-Sent/Rcv -----------------------------------------------------------------------------2.2.2.9:0 Operational DU Passive 000:00:01 7/7 -----------------------------------------------------------------------------TOTAL: 1 session(s) Found. LAM : Label Advertisement Mode SsnAge Unit : DDD:HH:MM <SPE1> display mpls lsp ---------------------------------------------------------------------LSP Information: LDP LSP ---------------------------------------------------------------------FEC In/Out Label In/Out IF Vrf Name 2.2.2.9/32 NULL/3 -/Pos1/0/0

7-114

Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd.

Issue 03 (2008-09-22)

Quidway NetEngine80E/40E Core Router Configuration Guide - VPN


1.1.1.9/32 3.3.3.9/32 3/NULL NULL/1025 -/-/Pos1/0/0

7 VPLS Configuration

4.

Establish the remote LDP session between the SPE devices. # Configure SPE1.
[SPE1] mpls ldp remote-peer 1 [SPE1-mpls-ldp-remote-1] remote-ip 3.3.3.9 [SPE1-mpls-ldp-remote-1] quit

# Configure SPE2.
[SPE2] mpls ldp remote-peer 1 [SPE2-mpls-ldp-remote-1] remote-ip 1.1.1.9 [SPE2-mpls-ldp-remote-1] quit

After the configuration, run the display mpls ldp session command on SPE1 or SPE2. You can view that the status of the peers between SPE1 and SPE2 is "Operational". That is, the peer relationship is established. Take SPE1 as an example:
<SPE1> display mpls ldp session LDP Session(s) in Public Network -----------------------------------------------------------------------------Peer-ID Status LAM SsnRole SsnAge KA-Sent/Rcv -----------------------------------------------------------------------------2.2.2.9:0 Operational DU Passive 000:00:05 24/24 3.3.3.9:0 Operational DU Passive 000:00:01 5/5 -----------------------------------------------------------------------------TOTAL: 2 session(s) Found. LAM : Label Advertisement Mode SsnAge Unit : DDD:HH:MM

5.

Configure the static LSP between the UPE and the SPE devices. # Configure UPE1.
[UPE1] mpls lsr-id 4.4.4.9 [UPE1] mpls [UPE1-mpls] quit [UPE1] interface gigabitethernet 1/0/0 [UPE1-GigabitEthernet1/0/0] mpls [UPE1-GigabitEthernet1/0/0] quit [UPE1] static-lsp ingress UPE1toSPE1 destination 1.1.1.9 32 nexthop 100.1.3.1 out-label 20 [UPE1] static-lsp egress SPE1toUPE1 incoming-interface gigabitethernet 1/0/0 in-label 30

# Configure UPE2.
[UPE2] mpls lsr-id 5.5.5.9 [UPE2] mpls [UPE2-mpls] quit [UPE2] interface gigabitethernet 1/0/0 [UPE2-GigabitEthernet1/0/0] mpls [UPE2-GigabitEthernet1/0/0] quit [UPE2] static-lsp ingress UPE2toSPE2 destination 3.3.3.9 32 nexthop 100.1.4.1 out-label 40 [UPE2] static-lsp egress SPE2toUPE2 incoming-interface gigabitethernet 1/0/0 in-label 50

# Configure SPE1.
[SPE1] static-lsp ingress SPE1toUPE1 destination 4.4.4.9 32 nexthop 100.1.3.2 out-label 30 [SPE1] static-lsp egress UPE1toSPE1 incoming-interface gigabitethernet 2/0/0 in-label 20

# Configure SPE2.
[SPE2] static-lsp ingress SPE2toUPE2 destination 5.5.5.9 32 nexthop 100.1.4.2 out-label 50

Issue 03 (2008-09-22)

Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd.

7-115

7 VPLS Configuration

Quidway NetEngine80E/40E Core Router Configuration Guide - VPN


[SPE2] static-lsp egress UPE2toSPE2 incoming-interface gigabitethernet 2/0/0 in-label 40

6.

Enable the MPLS L2VPN fucntion of the UPE devices and configure the UPE devices to access the SPE devices through the static VLL. # Configure UPE1.
<UPE1> system-view [UPE1] mpls l2vpn [UPE1-l2vpn] quit [UPE1] interface gigabitethernet 2/0/0.1 [UPE1-GigabitEthernet2/0/0.1] shutdown [UPE1-GigabitEthernet2/0/0.1] vlan-type dot1q 1 [UPE1-GigabitEthernet2/0/0.1] mpls static-l2vc destination 1.1.1.9 transmitvpn-label 100 receive-vpn-label 100 [UPE1-GigabitEthernet2/0/0.1] undo shutdown [UPE1-GigabitEthernet2/0/0.1] quit

# Configure UPE2.
<UPE2> system-view [UPE2] mpls l2vpn [UPE2-l2vpn] quit [UPE2] interface gigabitethernet 2/0/0.1 [UPE2-GigabitEthernet2/0/0.1] shutdown [UPE2-GigabitEthernet2/0/0.1] vlan-type dot1q 1 [UPE2-GigabitEthernet2/0/0.1] mpls static-l2vc destination 3.3.3.9 transmitvpn-label 100 receive-vpn-label 100 [UPE2-GigabitEthernet2/0/0.1] undo shutdown [UPE2-GigabitEthernet2/0/0.1] quit

7.

Enable the MPLS L2VPN function of the SPE devices and bind the VSI with the UPE. # Configure SPE1.
<SPE1> system-view [SPE1] mpls l2vpn [SPE1] vsi V100 static [SPE1-vsi-v100] pwsignal ldp [SPE1-vsi-v100-ldp] vsi-id 100 [SPE1-vsi-v100-ldp] mac-withdraw enable [SPE1-vsi-v100-ldp] peer 3.3.3.9 [SPE1-vsi-v100-ldp] peer 4.4.4.9 static-upe trans 100 recv 100 [SPE1-vsi-v100-ldp] quit

# Configure SPE2.
<SPE2> system-view [SPE2] mpls l2vpn [SPE2] vsi V100 static [SPE2-vsi-v100] pwsignal ldp [SPE2-vsi-v100-ldp] vsi-id 100 [SPE2-vsi-v100-ldp] mac-withdraw enable [SPE2-vsi-v100-ldp] peer 1.1.1.9 [SPE2-vsi-v100-ldp] peer 5.5.5.9 static-upe trans 100 recv 100 [SPE2-vsi-v100-ldp] quit

8.

Verify the configuration. After the previous configuration, run the display mpls static-l2vc command on the UPE devices. You can find the static VLL is established and the VC status is Up. Take UPE1 as an example:
<UPE1> display mpls static-l2vc interface gigabitethernet 2/0/0.1 *Client Interface : GigabitEthernet2/0/0.1 is up AC Status : up VC State : up VC ID : 0 VC Type : VLAN Destination : 1.1.1.9 Transmit VC Label : 100 Receive VC Label : 100 Control Word : Disable

7-116

Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd.

Issue 03 (2008-09-22)

Quidway NetEngine80E/40E Core Router Configuration Guide - VPN


VCCV Capabilty : Tunnel Policy : PW Template Name : Traffic Behavior : Main or Secondary : VC tunnel/token info NO.0 TNL Type : lsp Create time UP time Last change time

7 VPLS Configuration
Disable ---Main : 1 tunnels/tokens , TNL ID : 0x1002000 : 0 days, 0 hours, 10 minutes, 45 seconds : 0 days, 0 hours, 10 minutes, 45 seconds : 0 days, 0 hours, 10 minutes, 45 seconds

Run the display vsi name v100 command on SPEs. You can view that the VSI named v100 is Up and the corresponding PW is also Up. Take SPE1 as an example:
<SPE1> display vsi name v100 ***VSI Name : Administrator VSI : Isolate Spoken : VSI Index : PW Signaling : Member Discovery Style : PW MAC Learn Style : Encapsulation Type : MTU : Mode : Service Class : Color : DomainId : Domain Name : VSI State : VSI ID : *Peer Router ID : VC Label : Peer Type : Session : Tunnel ID : *Peer Router ID : VC Label : Peer Type : Tunnel ID : **PW Information: *Peer Ip Address : PW State : Local VC Label : Remote VC Label : PW Type : Tunnel ID : *Peer Ip Address : PW State : Local VC Label : Remote VC Label : PW Type : Tunnel ID : verbose v100 no disable 0 ldp static unqualify vlan 1500 uniform --0 up 100 3.3.3.9 23552 dynamic up 0x1002001, 4.4.4.9 100 static 0x2002004, 4.4.4.9 up 100 100 MEHVPLS 0x2002004, 3.3.3.9 up 23552 23552 label 0x1002001,

CE1 and CE2, which reside in the same network segment, can ping through each other. After you run the shutdown command on GE 2/0/0.1 (bound to the VSI) of the UPE or PE, CE1 and CE2 cannot ping through each other. This indicates that user data is transmitted through the PW of this VSI. Before GE 2/0/0 of SPE1 is shut down, check the MAC addresses learnt by the VSI on SPE2.
<SPE2> display mac-address dynamic MAC Address VLAN/VSI Port Type Lsp ---------------------------------------------------------------------------0000-c101-0102 100 GigabitEthernet2/0/0 dynamic 3/3366 Total matching items displayed = 2

Issue 03 (2008-09-22)

Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd.

7-117

7 VPLS Configuration

Quidway NetEngine80E/40E Core Router Configuration Guide - VPN

After GE 2/0/0 of SPE1 is shut down, the VSI bound to the static VLL becomes Down. Check the MAC addresses learnt by the VSI on SPE2, and you can view that one MAC address learnt from GE 2/0/0 is deleted.
<SPE2> display mac-address dynamic MAC Address VLAN/VSI Port Type Lsp -------------------------------------------------------------------Total matching items displayed = 0

Configuration Files
l

Configuration file of CE1


# sysname CE1 # interface GigabitEthernet1/0/0 undo shutdown # interface GigabitEthernet1/0/0.1 undo shutdown vlan-type dot1q 1 ip address 10.1.1.1 255.255.255.0 # return

Configuration file of CE2


# sysname CE2 # interface GigabitEthernet1/0/0 undo shutdown # interface GigabitEthernet1/0/0.1 undo shutdown vlan-type dot1q 1 ip address 10.1.1.2 255.255.255.0 # return

Configuration file of UPE1


# sysname UPE1 # mpls lsr-id 4.4.4.9 mpls # mpls l2vpn # interface GigabitEthernet1/0/0 undo shutdown ip address 100.1.3.2 255.255.255.0 mpls # interface GigabitEthernet2/0/0 undo shutdown # interface GigabitEthernet2/0/0.1 undo shutdown vlan-type dot1q 1 mpls static-l2vc destination 1.1.1.9 transmit-vpn-label 100 receive-vpn-label 100 # interface LoopBack1 ip address 4.4.4.9 255.255.255.255 # ospf 1 area 0.0.0.0 network 4.4.4.9 0.0.0.0

7-118

Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd.

Issue 03 (2008-09-22)

Quidway NetEngine80E/40E Core Router Configuration Guide - VPN

7 VPLS Configuration

network 100.1.3.0 0.0.0.255 # static-lsp ingress UPE1toSPE1 destination 1.1.1.9 32 nexthop 100.1.3.1 outlabel 20 static-lsp egress SPE1toUPE1 incoming-interface GigabitEthernet1/0/0 in-label 30 # return l

Configuration file of SPE1


# sysname SPE1 # mpls lsr-id 1.1.1.9 mpls # mpls l2vpn # vsi v100 static pwsignal ldp vsi-id 100 peer 3.3.3.9 peer 4.4.4.9 static-upe tran 100 recv 100 # mpls ldp # mpls ldp remote-peer 3.3.3.9 remote-ip 3.3.3.9 # interface GigabitEthernet2/0/0 undo shutdown ip address 100.1.3.1 255.255.255.0 mpls # interface Pos1/0/0 link-protocol ppp undo shutdown ip address 100.1.1.1 255.255.255.0 mpls mpls ldp # interface LoopBack1 ip address 1.1.1.9 255.255.255.255 # ospf 1 area 0.0.0.0 network 1.1.1.9 0.0.0.0 network 100.1.1.0 0.0.0.255 network 100.1.3.0 0.0.0.255 # static-lsp ingress SPE1toUPE1 destination 4.4.4.9 32 nexthop 100.1.3.2 outlabel 30 static-lsp egress UPE1toSPE1 incoming-interface Ethernet2/0/0 in-label 20 # return

Configuration file of P
# sysname P # mpls lsr-id 2.2.2.9 mpls # mpls ldp # interface Pos1/0/0 link-protocol ppp undo shutdown ip address 100.1.1.2 255.255.255.0 mpls

Issue 03 (2008-09-22)

Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd.

7-119

7 VPLS Configuration
mpls ldp # interface Pos2/0/0 link-protocol ppp undo shutdown ip address 100.1.2.1 255.255.255.0 mpls mpls ldp # interface LoopBack1 ip address 2.2.2.9 255.255.255.255 # ospf 1 area 0.0.0.0 network 2.2.2.9 0.0.0.0 network 100.1.1.0 0.0.0.255 network 100.1.2.0 0.0.0.255 # return l

Quidway NetEngine80E/40E Core Router Configuration Guide - VPN

Configuration file of SPE2


# sysname SPE2 # mpls lsr-id 3.3.3.9 mpls # mpls l2vpn # vsi v100 static pwsignal ldp vsi-id 100 peer 1.1.1.9 peer 5.5.5.9 static-upe tran 100 recv 100 # mpls ldp # mpls ldp remote-peer 1.1.1.9 remote-ip 1.1.1.9 # interface GigabitEthernet2/0/0 undo shutdown ip address 100.1.4.1 255.255.255.0 mpls # interface Pos1/0/0 link-protocol ppp undo shutdown ip address 100.1.2.2 255.255.255.0 mpls mpls ldp # interface LoopBack1 ip address 3.3.3.9 255.255.255.255 # ospf 1 area 0.0.0.0 network 3.3.3.9 0.0.0.0 network 100.1.2.0 0.0.0.255 network 100.1.4.0 0.0.0.255 # static-lsp ingress SPE2toUPE2 destination 5.5.5.9 32 nexthop 100.1.4.2 outlabe l 50 static-lsp egress UPE2toSPE2 incoming-interface Ethernet2/0/0 in-label 40 # return

Configuration file of UPE2


#

7-120

Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd.

Issue 03 (2008-09-22)

Quidway NetEngine80E/40E Core Router Configuration Guide - VPN

7 VPLS Configuration

sysname UPE2 # mpls lsr-id 5.5.5.9 mpls # mpls l2vpn # interface GigabitEthernet1/0/0 undo shutdown ip address 100.1.4.2 255.255.255.0 mpls # interface GigabitEthernet2/0/0 undo shutdown # interface GigabitEthernet2/0/0.1 undo shutdown vlan-type dot1q 1 mpls static-l2vc destination 3.3.3.9 transmit-vpn-label 100 receive-vpn-label 100 # interface LoopBack1 ip address 5.5.5.9 255.255.255.255 # ospf 1 area 0.0.0.0 network 5.5.5.9 0.0.0.0 network 100.1.4.0 0.0.0.255 # static-lsp ingress UPE2toSPE2 destination 3.3.3.9 32 nexthop 100.1.4.1 outlabel 40 static-lsp egress SPE2toUPE2 incoming-interface GigabitEthernet1/0/0 in-label 50 # return

7.13.8 Example for Configuring the Static VLL to Access the VPLS Network in Dual-homed Mode
Networking Requirements
As shown in Figure 7-15, the UPE devices do not support the dynamic VLL. The UPE devices need to access the SPE devices through the static VLL in dual-homed mode. Between the UPE and the SPE devices, the active and standby PWs are adopted. After the MPLS TE and the MPLS OAM function are configured, if a PW fails, data traffic is switched to another PW. It is required that the VLL in SVC mode is created between the UPE and the SPE devices, and the CE1 and CE2 access the basic VPLS meshed network through the UPE devices.

Issue 03 (2008-09-22)

Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd.

7-121

7 VPLS Configuration

Quidway NetEngine80E/40E Core Router Configuration Guide - VPN

Figure 7-15 Networking diagram of configuring the static VLL to access the VPLS network in dual-homed mode
Loopback1 1.1.1.9/32 Loopback1 5.5.5.9/32
UPE1 GE3/0/0 100.1.5.1/24

Loopback1 3.3.3.9/32
GE3/0/0 100.1.7.1/24

POS1/0/0 POS1/0/0 100.1.1.1/24 100.1.1.2/24

Loopback1 6.6.6.9/32
UPE2

SPE1 POS2/0/0 GE1/0/0 100.1.4.2/24 100.1.5.2/24 GE2/0/0 100.1.6.2/24 POS2/0/0 SPE2 100.1.4.1/24 GE3/0/0 100.1.6.1/24

GE3/0/0.1 GE1/0/0.1 10.1.1.1/24

POS2/0/0 SPE3 100.1.2.1/24 GE1/0/0 100.1.7.2/24 GE2/0/0 100.1.8.2/24 POS2/0/0 100.1.2.2/24 SPE4 GE3/0/0 100.1.8.1/24

POS1/0/0 POS1/0/0 100.1.3.2/24 100.1.3.1/24

GE3/0/0.1 GE1/0/0.1 10.1.1.2/24

CE1

Loopback1 2.2.2.9/32

Loopback1 4.4.4.9/32

CE2

Configuration Roadmap
The configuration roadmap is as follows: 1. 2. 3. 4. 5. Configure IGP, MPLS, MPLS LDP, MPLS TE, and MPLS L2VPN functions on UPEs and SPEs. Configure active and standby MPLS TE tunnels and static LSPs between UPEs and SPEs. Enable MPLS OAM on SPEs to check tunnels. Configure UPEs to access SPEs through static VLLs. Configure HVPLSs on SPEs and enable MAC address withdraw in the VSI.

Data Preparation
To complete the configuration, you need the following data:
l

VSI name, VSI ID, MPLS LSR IDs (peer IP addresses) of UPEs and SPEs, and routing protocol running on the network Names of active and standby PWs and interfaces between UPEs and SPEs, and name of the reverse LSP of the MPLS TE tunnel Interval for sending FFD packets of MPLS OAM Inbound and outbound labels on the static LSPs between UPEs and SPEs

l l

Configuration Procedure
1. 2. Configure the IGP functions. Configure the IP addresses. As shown in Figure 7-15, configure the IP addresses and masks for the interfaces including loopback interfaces.

7-122

Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd.

Issue 03 (2008-09-22)

Quidway NetEngine80E/40E Core Router Configuration Guide - VPN


NOTE

7 VPLS Configuration

If all the UPE interfaces are Layer 2 GE interfaces, they cannot be configured with the IP addresses. The IP addresses can be configured only after those interfaces join the VLAN and become the VLANIF interfaces. For detailed configuration, refer to the chapter "VLAN Configuration" in the Quidway NetEngine80E/40E Router Configuration Guide - LAN Access and MAN Access.

3.

Configure IGP. Configure OSPF on SPEs and UPEs to advertise the network segment and the host routes of LSR IDs. # Configure SPE1.
<SPE1> system-view [SPE1] ospf [SPE1-ospf-1] area 0 [SPE1-ospf-1-area-0.0.0.0] [SPE1-ospf-1-area-0.0.0.0] [SPE1-ospf-1-area-0.0.0.0] [SPE1-ospf-1-area-0.0.0.0] [SPE1-ospf-1-area-0.0.0.0] [SPE1-ospf-1] quit

network network network network quit

1.1.1.9 0.0.0.0 100.1.1.0 0.0.0.255 100.1.4.0 0.0.0.255 100.1.5.0 0.0.0.255

# Configure SPE2.
<SPE2> system-view [SPE2] ospf [SPE2-ospf-1] area 0 [SPE2-ospf-1-area-0.0.0.0] [SPE2-ospf-1-area-0.0.0.0] [SPE2-ospf-1-area-0.0.0.0] [SPE2-ospf-1-area-0.0.0.0] [SPE2-ospf-1-area-0.0.0.0] [SPE2-ospf-1] quit

network network network network quit

2.2.2.9 0.0.0.0 100.1.3.0 0.0.0.255 100.1.4.0 0.0.0.255 100.1.6.0 0.0.0.255

# Configure SPE3.
<SPE3> system-view [SPE3] ospf [SPE3-ospf-1] area 0 [SPE3-ospf-1-area-0.0.0.0] [SPE3-ospf-1-area-0.0.0.0] [SPE3-ospf-1-area-0.0.0.0] [SPE3-ospf-1-area-0.0.0.0] [SPE3-ospf-1-area-0.0.0.0] [SPE3-ospf-1] quit

network network network network quit

3.3.3.9 0.0.0.0 100.1.1.0 0.0.0.255 100.1.2.0 0.0.0.255 100.1.7.0 0.0.0.255

# Configure SPE4.
<SPE4> system-view [SPE4] ospf [SPE4-ospf-1] area 0 [SPE4-ospf-1-area-0.0.0.0] [SPE4-ospf-1-area-0.0.0.0] [SPE4-ospf-1-area-0.0.0.0] [SPE4-ospf-1-area-0.0.0.0] [SPE4-ospf-1-area-0.0.0.0] [SPE4-ospf-1] quit

network network network network quit

4.4.4.9 0.0.0.0 100.1.2.0 0.0.0.255 100.1.3.0 0.0.0.255 100.1.8.0 0.0.0.255

# Configure UPE1.
<UPE1> system-view [UPE1] ospf [UPE1-ospf-1] area 0 [UPE1-ospf-1-area-0.0.0.0] [UPE1-ospf-1-area-0.0.0.0] [UPE1-ospf-1-area-0.0.0.0] [UPE1-ospf-1-area-0.0.0.0] [UPE1-ospf-1] quit

network 5.5.5.9 0.0.0.0 network 100.1.5.0 0.0.0.255 network 100.1.6.0 0.0.0.255 quit

# Configure UPE2.
<UPE2> system-view [UPE2] ospf

Issue 03 (2008-09-22)

Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd.

7-123

7 VPLS Configuration
[UPE2-ospf-1] area 0 [UPE2-ospf-1-area-0.0.0.0] [UPE2-ospf-1-area-0.0.0.0] [UPE2-ospf-1-area-0.0.0.0] [UPE2-ospf-1-area-0.0.0.0] [UPE2-ospf-1] quit

Quidway NetEngine80E/40E Core Router Configuration Guide - VPN

network 6.6.6.9 0.0.0.0 network 100.1.7.0 0.0.0.255 network 100.1.8.0 0.0.0.255 quit

After the configuration, run the display ip routing-table command on SPEs or UPEs. You can view that the routers have learnt routes from each other. Take SPE1 as an example:
<SPE1> display ip routing-table Route Flags: R - relied, D - download to fib -----------------------------------------------------------------------------Routing Tables: Public Destinations : 21 Routes : 24 Destination/Mask Proto Pre Cost Flags NextHop Interface 1.1.1.9/32 Direct 0 0 D 127.0.0.1 InLoopBack0 2.2.2.9/32 OSPF 10 2 D 100.1.4.1 Pos2/0/0 3.3.3.9/32 OSPF 10 2 D 100.1.1.2 Pos1/0/0 4.4.4.9/32 OSPF 10 3 D 100.1.4.1 Pos2/0/0 OSPF 10 3 D 100.1.1.2 Pos1/0/0 5.5.5.9/32 OSPF 10 2 D 100.1.5.2 GigabitEthernet3/0/0 6.6.6.9/32 OSPF 10 3 D 100.1.1.2 Pos1/0/0 100.1.1.0/24 Direct 0 0 D 100.1.1.1 Pos1/0/0 100.1.1.1/32 Direct 0 0 D 127.0.0.1 InLoopBack0 100.1.1.2/32 Direct 0 0 D 100.1.1.2 Pos1/0/0 100.1.2.0/24 OSPF 10 2 D 100.1.1.2 Pos1/0/0 100.1.3.0/24 OSPF 10 2 D 100.1.4.1 Pos2/0/0 100.1.4.0/24 Direct 0 0 D 100.1.4.2 Pos2/0/0 100.1.4.1/32 Direct 0 0 D 100.1.4.1 Pos2/0/0 100.1.4.2/32 Direct 0 0 D 127.0.0.1 InLoopBack0 100.1.5.0/24 Direct 0 0 D 100.1.5.1 GigabitEthernet3/0/0 100.1.5.1/32 Direct 0 0 D 127.0.0.1 InLoopBack0 100.1.6.0/24 OSPF 10 2 D 100.1.5.2 GigabitEthernet3/0/0 OSPF 10 2 D 100.1.4.1 Pos2/0/0 100.1.7.0/24 OSPF 10 2 D 100.1.1.2 Pos1/0/0 100.1.8.0/24 OSPF 10 3 D 100.1.1.2 Pos1/0/0 OSPF 10 3 D 100.1.4.1 Pos2/0/0 127.0.0.0/8 Direct 0 0 D 127.0.0.1 InLoopBack0 127.0.0.1/32 Direct 0 0 D 127.0.0.1 InLoopBack0

4. 5.

Configure MPLS functions. Configure the basic MPLS capability and MPLS LDP. # Configure SPE1.
[SPE1] mpls lsr-id 1.1.1.9 [SPE1] mpls [SPE1-mpls] mpls te [SPE1-mpls] mpls rsvp-te [SPE1-mpls] quit [SPE1] mpls ldp [SPE1-mpls-ldp] quit [SPE1] interface pos 1/0/0 [SPE1-Pos1/0/0] mpls [SPE1-Pos1/0/0] mpls ldp [SPE1-Pos1/0/0] quit [SPE1] interface pos 2/0/0 [SPE1-Pos2/0/0] mpls [SPE1-Pos2/0/0] mpls ldp [SPE1-Pos2/0/0] quit [SPE1] interface gigabitethernet 3/0/0 [SPE1-GigabitEthernet3/0/0] mpls [SPE1-GigabitEthernet3/0/0] mpls te [SPE1-GigabitEthernet3/0/0] mpls rsvp-te [SPE1-GigabitEthernet3/0/0] quit

# Configure SPE2.
[SPE2] mpls lsr-id 2.2.2.9

7-124

Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd.

Issue 03 (2008-09-22)

Quidway NetEngine80E/40E Core Router Configuration Guide - VPN


[SPE2] mpls [SPE2-mpls] mpls te [SPE2-mpls] mpls rsvp-te [SPE2-mpls] quit [SPE2] mpls ldp [SPE2-mpls-ldp] quit [SPE2] interface pos 1/0/0 [SPE2-Pos1/0/0] mpls [SPE2-Pos1/0/0] mpls ldp [SPE2-Pos1/0/0] quit [SPE2] interface pos 2/0/0 [SPE2-Pos2/0/0] mpls [SPE2-Pos2/0/0] mpls ldp [SPE2-Pos2/0/0] quit [SPE2] interface gigabitethernet 3/0/0 [SPE2-GigabitEthernet3/0/0] mpls [SPE2-GigabitEthernet3/0/0] mpls te [SPE2-GigabitEthernet3/0/0] mpls rsvp-te [SPE2-GigabitEthernet3/0/0] quit

7 VPLS Configuration

# Configure SPE3.
[SPE3] mpls lsr-id 3.3.3.9 [SPE3] mpls [SPE3-mpls] mpls te [SPE3-mpls] mpls rsvp-te [SPE3-mpls] quit [SPE3] mpls ldp [SPE3-mpls-ldp] quit [SPE2] interface pos 1/0/0 [SPE3-Pos1/0/0] mpls [SPE3-Pos1/0/0] mpls ldp [SPE3-Pos1/0/0] quit [SPE3] interface pos 2/0/0 [SPE3-Pos2/0/0] mpls [SPE3-Pos2/0/0] mpls ldp [SPE3-Pos2/0/0] quit [SPE3] interface gigabitethernet 3/0/0 [SPE3-GigabitEthernet3/0/0] mpls [SPE3-GigabitEthernet3/0/0] mpls te [SPE3-GigabitEthernet3/0/0] mpls rsvp-te [SPE3-GigabitEthernet3/0/0] quit

# Configure SPE4.
[SPE4] mpls lsr-id 4.4.4.9 [SPE4] mpls [SPE4-mpls] mpls te [SPE4-mpls] mpls rsvp-te [SPE4-mpls] quit [SPE4] mpls ldp [SPE4-mpls-ldp] quit [SPE4] interface pos 1/0/0 [SPE4-Pos1/0/0] mpls [SPE4-Pos1/0/0] mpls ldp [SPE4-Pos1/0/0] quit [SPE4] interface pos 2/0/0 [SPE4-Pos2/0/0] mpls [SPE4-Pos2/0/0] mpls ldp [SPE4-Pos2/0/0] quit [SPE4] interface gigabitethernet 3/0/0 [SPE4-GigabitEthernet3/0/0] mpls [SPE4-GigabitEthernet3/0/0] mpls te [SPE4-GigabitEthernet3/0/0] mpls rsvp-te [SPE4-GigabitEthernet3/0/0] quit

After the configuration, run the display mpls ldp session command on SPE1, SPE2, SPE3, and SPE4, and you can view that the status of the peers between the adjacent SPEs is "Operational". That is, the peer relationship is established. Run the display mpls lsp command, and you can view information about the establishment of LSPs.
Issue 03 (2008-09-22) Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd. 7-125

7 VPLS Configuration

Quidway NetEngine80E/40E Core Router Configuration Guide - VPN

Take SPE1 as an example:


<SPE1> display mpls ldp session LDP Session(s) in Public Network -----------------------------------------------------------------------------Peer-ID Status LAM SsnRole SsnAge KA-Sent/Rcv -----------------------------------------------------------------------------2.2.2.9:0 Operational DU Passive 000:00:02 10/10 3.3.3.9:0 Operational DU Passive 000:00:01 7/7 -----------------------------------------------------------------------------TOTAL: 2 session(s) Found. LAM : Label Advertisement Mode SsnAge Unit : DDD:HH:MM <SPE1> display mpls lsp ---------------------------------------------------------------------LSP Information: LDP LSP ---------------------------------------------------------------------FEC In/Out Label In/Out IF Vrf Name 1.1.1.9/32 3/NULL -/2.2.2.9/32 NULL/3 -/p2/0/0 2.2.2.9/32 1024/3 -/P2/0/0 3.3.3.9/32 NULL/3 -/P1/0/0 3.3.3.9/32 1025/3 -/P1/0/0 4.4.4.9/32 NULL/1026 -/P2/0/0 4.4.4.9/32 NULL/1026 -/P1/0/0

# Configure UPE1.
[UPE1] mpls lsr-id 5.5.5.9 [UPE1] mpls [UPE1-mpls] mpls te [UPE1-mpls] mpls rsvp-te [UPE1-mpls] quit [UPE1] interface gigabitethernet [UPE1-GigabitEthernet1/0/0] mpls [UPE1-GigabitEthernet1/0/0] mpls [UPE1-GigabitEthernet1/0/0] mpls [UPE1-GigabitEthernet1/0/0] quit [UPE1] interface gigabitethernet [UPE1-GigabitEthernet2/0/0] mpls [UPE1-GigabitEthernet2/0/0] mpls [UPE1-GigabitEthernet2/0/0] mpls [UPE1-GigabitEthernet2/0/0] quit

1/0/0 te rsvp-te 2/0/0 te rsvp-te

# Configure UPE2.
[UPE2] mpls lsr-id 6.6.6.9 [UPE2] mpls [UPE2-mpls] mpls te [UPE2-mpls] mpls rsvp-te [UPE2-mpls] quit [UPE2] interface gigabitethernet [UPE2-GigabitEthernet1/0/0] mpls [UPE2-GigabitEthernet1/0/0] mpls [UPE2-GigabitEthernet1/0/0] mpls [UPE2-GigabitEthernet1/0/0] quit [UPE2] interface gigabitethernet [UPE2-GigabitEthernet2/0/0] mpls [UPE2-GigabitEthernet2/0/0] mpls [UPE2-GigabitEthernet2/0/0] mpls [UPE2-GigabitEthernet2/0/0] quit

1/0/0 te rsvp-te 2/0/0 te rsvp-te

6.

Establish remote LDP sessions between the SPEs. # Configure SPE1.


[SPE1] mpls ldp remote-peer 4.4.4.9 [SPE1-mpls-ldp-remote-4.4.4.9] remote-ip 4.4.4.9 [SPE1-mpls-ldp-remote-4.4.4.9] quit

# Configure SPE2.
7-126 Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd. Issue 03 (2008-09-22)

Quidway NetEngine80E/40E Core Router Configuration Guide - VPN


[SPE2] mpls ldp remote-peer 3.3.3.9 [SPE2-mpls-ldp-remote-3.3.3.9] remote-ip 3.3.3.9 [SPE2-mpls-ldp-remote-3.3.3.9] quit

7 VPLS Configuration

# Configure SPE3.
[SPE3] mpls ldp remote-peer 2.2.2.9 [SPE3-mpls-ldp-remote-2.2.2.9] remote-ip 2.2.2.9 [SPE3-mpls-ldp-remote-2.2.2.9] quit

# Configure SPE4.
[SPE4] mpls ldp remote-peer 1.1.1.9 [SPE4-mpls-ldp-remote-1.1.1.9] remote-ip 1.1.1.9 [SPE4-mpls-ldp-remote-1.1.1.9] quit

After the configuration, run the display mpls ldp session command on SPE1, SPE2, SPE3, and SPE4, and you can view that the status of the peers between the local and adjacent SPEs and between the local and remote SPEs are "Operational". That is, the peer relationship is established. Run the display mpls lsp command, and you can view information about the establishment of LSPs. Take SPE1 as an example:
<SPE1> display mpls ldp session LDP Session(s) in Public Network -----------------------------------------------------------------------------Peer-ID Status LAM SsnRole SsnAge KA-Sent/Rcv -----------------------------------------------------------------------------2.2.2.9:0 Operational DU Passive 000:00:08 33/33 3.3.3.9:0 Operational DU Passive 000:00:07 29/29 4.4.4.9:0 Operational DU Passive 000:00:00 1/1 -----------------------------------------------------------------------------TOTAL: 3 session(s) Found. LAM : Label Advertisement Mode SsnAge Unit : DDD:HH:MM <SPE1> display mpls lsp ---------------------------------------------------------------------LSP Information: LDP LSP ---------------------------------------------------------------------FEC In/Out Label In/Out IF Vrf Name 1.1.1.9/32 3/NULL -/2.2.2.9/32 NULL/3 -/S2/0/0 2.2.2.9/32 1024/3 -/S2/0/0 3.3.3.9/32 NULL/3 -/S1/0/0 3.3.3.9/32 1025/3 -/S1/0/0 4.4.4.9/32 NULL/1026 -/S2/0/0 4.4.4.9/32 NULL/1026 -/S1/0/0 4.4.4.9/32 1026/1026 -/S2/0/0 4.4.4.9/32 1026/1026 -/S1/0/0

7.

Configure MPLS L2VPN functions on SPEs and UPEs. # Configure UPE1.


[UPE1] mpls l2vpn

# Configure UPE2.
[UPE2] mpls l2vpn

# Configure SPE1.
[SPE1] mpls l2vpn

# Configure SPE2.
[SPE2] mpls l2vpn

# Configure SPE3.
[SPE3] mpls l2vpn

# Configure SPE4.
Issue 03 (2008-09-22) Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd. 7-127

7 VPLS Configuration
[SPE4] mpls l2vpn

Quidway NetEngine80E/40E Core Router Configuration Guide - VPN

8. 9.

Configure TE tunnels and tunnel policies. Configure active MPLS TE tunnels, standby tunnels, and reverse LSPs between SPEs and UPEs. Static LSP tunnels are used to establish the TE tunnels. # Configure UPE1.
[UPE1] interface tunnel 2/0/0 [UPE1-Tunnel2/0/0] ip address unnumbered interface loopback 1 [UPE1-Tunnel2/0/0] tunnel-protocol mpls te [UPE1-Tunnel2/0/0] destination 2.2.2.9 [UPE1-Tunnel2/0/0] mpls te tunnel-id 1 [UPE1-Tunnel2/0/0] mpls te signal-protocol static [UPE1-Tunnel2/0/0] mpls te protection tunnel 11 mode revertive wtr 2 [UPE1-Tunnel2/0/0] mpls te reverse-lsp lsp-name b1 [UPE1-Tunnel2/0/0] mpls te reserved-for-binding [UPE1-Tunnel2/0/0] mpls te commit [UPE1-Tunnel2/0/0] quit [UPE1] interface tunnel 1/0/0 [UPE1-Tunnel1/0/0] ip address unnumbered interface loopback 1 [UPE1-Tunnel1/0/0] tunnel-protocol mpls te [UPE1-Tunnel1/0/0] destination 1.1.1.9 [UPE1-Tunnel1/0/0] mpls te tunnel-id 11 [UPE1-Tunnel1/0/0] mpls te signal-protocol static [UPE1-Tunnel1/0/0] mpls te reverse-lsp lsp-name b11 [UPE1-Tunnel1/0/0] mpls te commit [UPE1-Tunnel1/0/0] quit

# Configure UPE2.
[UPE2] interface tunnel 2/0/0 [UPE2-Tunnel2/0/0] ip address unnumbered interface loopback 1 [UPE2-Tunnel2/0/0] tunnel-protocol mpls te [UPE2-Tunnel2/0/0] destination 4.4.4.9 [UPE2-Tunnel2/0/0] mpls te tunnel-id 3 [UPE2-Tunnel2/0/0] mpls te signal-protocol static [UPE2-Tunnel2/0/0] mpls te protection tunnel 31 mode revertive wtr 2 [UPE2-Tunnel2/0/0] mpls te reverse-lsp lsp-name b3 [UPE2-Tunnel2/0/0] mpls te reserved-for-binding [UPE2-Tunnel2/0/0] mpls te commit [UPE2-Tunnel2/0/0] quit [UPE2] interface tunnel 1/0/0 [UPE2-Tunnel1/0/0] ip address unnumbered interface loopback 1 [UPE2-Tunnel1/0/0] tunnel-protocol mpls te [UPE2-Tunnel1/0/0] destination 3.3.3.9 [UPE2-Tunnel1/0/0] mpls te tunnel-id 31 [UPE2-Tunnel1/0/0] mpls te signal-protocol static [UPE2-Tunnel1/0/0] mpls te reverse-lsp lsp-name b31 [UPE2-Tunnel1/0/0] mpls te commit [UPE2-Tunnel1/0/0] quit

# Configure SPE1.
[SPE1] interface tunnel 3/0/0 [SPE1-Tunnel3/0/0] ip address unnumbered interface loopback 1 [SPE1-Tunnel3/0/0] tunnel-protocol mpls te [SPE1-Tunnel3/0/0] destination 5.5.5.9 [SPE1-Tunnel3/0/0] mpls te tunnel-id 21 [SPE1-Tunnel3/0/0] mpls te signal-protocol static [SPE1-Tunnel3/0/0] mpls te reverse-lsp lsp-name b21 [SPE1-Tunnel3/0/0] mpls te reserved-for-binding [SPE1-Tunnel3/0/0] mpls te commit [SPE1-Tunnel3/0/0] quit

# Configure SPE2.
[SPE2] interface tunnel 3/0/0 [SPE2-Tunnel3/0/0] ip address unnumbered interface loopback 1 [SPE2-Tunnel3/0/0] tunnel-protocol mpls te [SPE2-Tunnel3/0/0] destination 5.5.5.9 [SPE2-Tunnel3/0/0] mpls te tunnel-id 2 [SPE2-Tunnel3/0/0] mpls te signal-protocol static

7-128

Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd.

Issue 03 (2008-09-22)

Quidway NetEngine80E/40E Core Router Configuration Guide - VPN


[SPE2-Tunnel3/0/0] [SPE2-Tunnel3/0/0] [SPE2-Tunnel3/0/0] [SPE2-Tunnel3/0/0] mpls te reverse-lsp lsp-name b2 mpls te reserved-for-binding mpls te commit quit

7 VPLS Configuration

# Configure SPE3.
[SPE3] interface tunnel 3/0/0 [SPE3-Tunnel3/0/0] ip address unnumbered interface loopback 1 [SPE3-Tunnel3/0/0] tunnel-protocol mpls te [SPE3-Tunnel3/0/0] destination 6.6.6.9 [SPE3-Tunnel3/0/0] mpls te tunnel-id 41 [SPE3-Tunnel3/0/0] mpls te signal-protocol static [SPE3-Tunnel3/0/0] mpls te reverse-lsp lsp-name b41 [SPE3-Tunnel3/0/0] mpls te reserved-for-binding [SPE3-Tunnel3/0/0] mpls te commit [SPE3-Tunnel3/0/0] quit

# Configure SPE4.
[SPE4] interface tunnel 3/0/0 [SPE4-Tunnel3/0/0] ip address unnumbered interface loopback 1 [SPE4-Tunnel3/0/0] tunnel-protocol mpls te [SPE4-Tunnel3/0/0] destination 6.6.6.9 [SPE4-Tunnel3/0/0] mpls te tunnel-id 4 [SPE4-Tunnel3/0/0] mpls te signal-protocol static [SPE4-Tunnel3/0/0] mpls te reverse-lsp lsp-name b4 [SPE4-Tunnel3/0/0] mpls te reserved-for-binding [SPE4-Tunnel3/0/0] mpls te commit [SPE4-Tunnel3/0/0] quit

10. Configure tunnel policies applied to UPEs and SPEs. # Configure UPE1.
[UPE1] tunnel-policy vll [UPE1-tunnel-policy-vll] tunnel binding destination 2.2.2.9 te tunnel 2/0/0

# Configure UPE2.
[UPE2] tunnel-policy vll [UPE2-tunnel-policy-vll] tunnel binding destination 4.4.4.9 te tunnel 2/0/0

# Configure SPE1.
[SPE1] tunnel-policy vsi [SPE1-tunnel-policy-vsi] tunnel binding destination 5.5.5.9 te tunnel 3/0/0

# Configure SPE2.
[SPE2] tunnel-policy vsi [SPE2-tunnel-policy-vsi] tunnel binding destination 5.5.5.9 te tunnel 3/0/0

# Configure SPE3.
[SPE3] tunnel-policy vsi [SPE3-tunnel-policy-vsi] tunnel binding destination 6.6.6.9 te tunnel 3/0/0

# Configure SPE4.
[SPE4] tunnel-policy vsi [SPE4-tunnel-policy-vsi] tunnel binding destination 6.6.6.9 te tunnel 3/0/0

11. Configure MPLS OAM functions on SPEs and UPEs. # Configure UPE1.
[UPE1] mpls [UPE1-mpls] [UPE1-mpls] [UPE1] mpls [UPE1] mpls [UPE1] mpls [UPE1] mpls [UPE1] mpls [UPE1] mpls mpls oam quit oam egress lsp-name b1 oam egress lsp-name b11 oam ingress tunnel 1/0/0 type ffd frequency 100 oam ingress enable tunnel 1/0/0 oam ingress tunnel 2/0/0 type ffd frequency 100 oam ingress enable tunnel 2/0/0

# Configure UPE2.
Issue 03 (2008-09-22) Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd. 7-129

7 VPLS Configuration
[UPE2] mpls [UPE2-mpls] [UPE2-mpls] [UPE2] mpls [UPE2] mpls [UPE2] mpls [UPE2] mpls [UPE2] mpls [UPE2] mpls

Quidway NetEngine80E/40E Core Router Configuration Guide - VPN

mpls oam quit oam egress lsp-name b3 oam egress lsp-name b31 oam ingress tunnel 1/0/0 type ffd frequency 100 oam ingress enable tunnel 1/0/0 oam ingress tunnel 2/0/0 type ffd frequency 100 oam ingress enable tunnel 2/0/0

# Configure SPE1.
[SPE1] mpls [SPE1-mpls] [SPE1-mpls] [SPE1] mpls [SPE1] mpls [SPE1] mpls mpls oam quit oam egress lsp-name b21 oam ingress tunnel 3/0/0 type ffd frequency 100 oam ingress enable tunnel 3/0/0

# Configure SPE2.
[SPE2] mpls [SPE2-mpls] [SPE2-mpls] [SPE2] mpls [SPE2] mpls [SPE2] mpls mpls oam quit oam egress lsp-name b2 oam ingress tunnel 3/0/0 type ffd frequency 100 oam ingress enable tunnel 3/0/0

# Configure SPE3.
[SPE3] mpls [SPE3-mpls] [SPE3-mpls] [SPE3] mpls [SPE3] mpls [SPE3] mpls mpls oam quit oam egress lsp-name b41 oam ingress tunnel 3/0/0 type ffd frequency 100 oam ingress enable tunnel 3/0/0

# Configure SPE4.
[SPE4] mpls [SPE4-mpls] [SPE4-mpls] [SPE4] mpls [SPE4] mpls [SPE4] mpls mpls oam quit oam egress lsp-name b4 oam ingress tunnel 3/0/0 type ffd frequency 100 oam ingress enable tunnel 3/0/0

12. Configure routers to access the VPLS network through static VLLs. 13. Establish static LSPs between UPEs and SPEs. # Configure a static LSP from UPE1 to SPE1.
[UPE1] static-lsp nexthop 100.1.5.1 [UPE1] static-lsp 201 lsrid 1.1.1.9 ingress tunnel-interface tunnel 1/0/0 destination 1.1.1.9 out-label 200 egress b11 incoming-interface gigabitethernet 1/0/0 in-label tunnel-id 21

# Configure a static LSP from SPE1 to UPE1.


[SPE1] static-lsp nexthop 100.1.5.2 [SPE1] static-lsp 200 lsrid 5.5.5.9 ingress tunnel-interface tunnel 3/0/0 destination 5.5.5.9 out-label 201 egress b21 incoming-interface gigabitethernet 3/0/0 in-label tunnel-id 11

# Configure a static LSP from UPE1 to SPE2.


[UPE1] static-lsp nexthop 100.1.6.1 [UPE1] static-lsp 101 lsrid 2.2.2.9 ingress tunnel-interface tunnel 2/0/0 destination 2.2.2.9 out-label 100 egress b1 incoming-interface gigabitethernet 2/0/0 in-label tunnel-id 2

# Configure a static LSP from SPE2 to UPE1.


[SPE2] static-lsp nexthop 100.1.6.2 [SPE2] static-lsp 100 lsrid 5.5.5.9 ingress tunnel-interface tunnel 3/0/0 destination 5.5.5.9 out-label 101 egress b2 incoming-interface gigabitethernet 3/0/0 in-label tunnel-id 1

7-130

Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd.

Issue 03 (2008-09-22)

Quidway NetEngine80E/40E Core Router Configuration Guide - VPN

7 VPLS Configuration

# Configure a static LSP from UPE2 to SPE3.


[UPE2]static-lsp ingress tunnel-interface tunnel 1/0/0 destination 3.3.3.9 nexthop 100.1.7.1 out-label 400 [UPE2] static-lsp egress b31 incoming-interface gigabitethernet 1/0/0 in-label 401 lsrid 3.3.3.9 tunnel-id 41

# Configure a static LSP from SPE3 to UPE2.


[SPE3] static-lsp nexthop 100.1.7.2 [SPE3] static-lsp 400 lsrid 6.6.6.9 ingress tunnel-interface tunnel 3/0/0 destination 6.6.6.9 out-label 401 egress b41 incoming-interface gigabitethernet 3/0/0 in-label tunnel-id 31

# Configure a static LSP from UPE2 to SPE4.


[UPE2] static-lsp nexthop 100.1.8.1 [UPE2] static-lsp 301 lsrid 4.4.4.9 ingress tunnel-interface tunnel 2/0/0 destination 4.4.4.9 out-label 300 egress b3 incoming-interface gigabitethernet 2/0/0 in-label tunnel-id 4

# Configure a static LSP from SPE4 to UPE2.


[SPE4] static-lsp nexthop 100.1.8.2 [SPE4] static-lsp 300 lsrid 6.6.6.9 ingress tunnel-interface tunnel 3/0/0 destination 6.6.6.9 out-label 301 egress b4 incoming-interface gigabitethernet 3/0/0 in-label tunnel-id 3

14. Configure UPEs to access SPEs through static VLLs. # Configure UPE1.
[UPE1] interface gigabitethernet 3/0/0.1 [UPE1-GigabitEthernet3/0/0.1] shutdown [UPE1-GigabitEthernet3/0/0.1] vlan-type dot1q 10 [UPE1-GigabitEthernet3/0/0.1] mpls static-l2vc destination 2.2.2.9 transmitvpn-label 500 receive-vpn-label 500 tunnel-policy vll [UPE1-GigabitEthernet3/0/0.1] undo shutdown [UPE1-GigabitEthernet3/0/0.1] quit

# Configure UPE2.
[UPE2] interface gigabitethernet 3/0/0.1 [UPE2-GigabitEthernet3/0/0.1] shutdown [UPE2-GigabitEthernet3/0/0.1] vlan-type dot1q 10 [UPE2-GigabitEthernet3/0/0.1] mpls static-l2vc destination 4.4.4.9 transmitvpn-label 600 receive-vpn-label 600 tunnel-policy vll [UPE2-GigabitEthernet3/0/0.1] undo shutdown [UPE2-GigabitEthernet3/0/0.1] quit

15. Configure HVPLSs on SPEs and enable MAC address withdraw in the VSI. # Configure SPE1.
[SPE1] vsi v100 static [SPE1-vsi-v100] pwsignal ldp [SPE1-vsi-v100-ldp] vsi-id 100 [SPE1-vsi-v100-ldp] mac-withdraw enable [SPE1-vsi-v100-ldp] peer 2.2.2.9 [SPE1-vsi-v100-ldp] peer 3.3.3.9 [SPE1-vsi-v100-ldp] peer 4.4.4.9 [SPE1-vsi-v100-ldp] peer 5.5.5.9 tnl-policy vsi static-upe trans 500 recv 500 [SPE1-vsi-v100-ldp] quit

# Configure SPE2.
[SPE2] vsi v100 static [SPE2-vsi-v100] pwsignal ldp [SPE2-vsi-v100-ldp] vsi-id 100 [SPE2-vsi-v100-ldp] mac-withdraw enable [SPE2-vsi-v100-ldp] peer 1.1.1.9 [SPE2-vsi-v100-ldp] peer 3.3.3.9 [SPE2-vsi-v100-ldp] peer 4.4.4.9 [SPE2-vsi-v100-ldp] peer 5.5.5.9 tnl-policy vsi static-upe trans 500 recv 500 [SPE2-vsi-v100-ldp] quit

# Configure SPE3.
Issue 03 (2008-09-22) Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd. 7-131

7 VPLS Configuration

Quidway NetEngine80E/40E Core Router Configuration Guide - VPN


[SPE3] vsi v100 static [SPE3-vsi-v100] pwsignal ldp [SPE3-vsi-v100-ldp] vsi-id 100 [SPE3-vsi-v100-ldp] mac-withdraw enable [SPE3-vsi-v100-ldp] peer 1.1.1.9 [SPE3-vsi-v100-ldp] peer 2.2.2.9 [SPE3-vsi-v100-ldp] peer 4.4.4.9 [SPE3-vsi-v100-ldp] peer 6.6.6.9 tnl-policy vsi static-upe trans 600 recv 600 [SPE3-vsi-v100-ldp] quit

# Configure SPE4.
[SPE4] vsi v100 static [SPE4-vsi-v100] pwsignal ldp [SPE4-vsi-v100-ldp] vsi-id 100 [SPE4-vsi-v100-ldp] mac-withdraw enable [SPE4-vsi-v100-ldp] peer 1.1.1.9 [SPE4-vsi-v100-ldp] peer 2.2.2.9 [SPE4-vsi-v100-ldp] peer 3.3.3.9 [SPE4-vsi-v100-ldp] peer 6.6.6.9 tnl-policy vsi static-upe trans 600 recv 600 [SPE4-vsi-v100-ldp] quit

16. Verify the configuration After the configuration, run the display mpls oam ingress all command on UPEs, and you can view that the detection status of the OAM ingress is "Non-defect". Take UPE1 as an example:
<UPE1> display mpls oam ingress all ------------------------------------------------------------------------------No. Tunnel-name Ttsi Type Frequency Status ------------------------------------------------------------------------------1 Tunnel2/0/0 5.5.5.9 : 1 FFD 100 ms Start/Non-defect 2 Tunnel1/0/0 5.5.5.9 : 11 FFD 100 ms Start/Non-defect ------------------------------------------------------------------------------Total Oam Num: 2 Total Start Oam Num: 0 Total Defect Oam Num: 0

Run the display mpls oam egress all command on UPEs, and you can view that the detection status of the OAM egress is "Non-defect". Take UPE1 as an example:
<UPE1> display mpls oam egress all ------------------------------------------------------------------------------No. Lsp-name Ttsi Type Frequency Status ------------------------------------------------------------------------------1 b1 2.2.2.9 : 2 None -Start/Non-defect

Run the shutdown command on GE 1/0/0 on UPE1, and then run the display mpls te protection tunnel command. You can view that the status of the primary tunnel is "in defect".
<UPE1> display mpls te protection tunnel all verbose ---------------------------------------------------------------Verbose information about the 1th proteciton-group ---------------------------------------------------------------Work-tunnel id : 2 Protect-tunnel id : 21 Work-tunnel name : Tunnel2/0/0 Protect-tunnel name : Tunnel1/0/0 Work-tunnel reverse-lsp name : b1 Protect-tunnel reverse-lsp name : b21 switch result : work-tunnel work-tunnel defect state : non-defect protect-tunnel defect state : non-defect work-tunnel reverse-lsp defect state : non-defect protect-tunnel reverse-lsp defect state : non-defect

7-132

Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd.

Issue 03 (2008-09-22)

Quidway NetEngine80E/40E Core Router Configuration Guide - VPN


HoldOff WTR Mode : 0ms : 60s : revertive

7 VPLS Configuration

Run the display mpls static-l2vc on UPEs, and you can view that static VLLs are established and the VC status is Up. Take UPE1 as an example:
<UPE1> display mpls static-l2vc interface gigabitethernet 3/0/0.1 *Client Interface : GigabitEthernet3/0/0.1 is up AC Status : up VC State : up VC ID : 0 VC Type : VLAN Destination : 2.2.2.9 Transmit VC Label : 500 Receive VC Label : 500 Control Word : Disable VCCV Capabilty : Disable Tunnel Policy : vll PW Template Name : -Traffic Behavior : -Main or Secondary : Main VC tunnel/token info : 1 tunnels/tokens NO.0 TNL Type : cr lsp, TNL ID : 0x42002000 Create time : 0 days, 0 hours, 7 minutes, 56 seconds UP time : 0 days, 0 hours, 7 minutes, 55 seconds Last change time : 0 days, 0 hours, 7 minutes, 55 seconds

Run the display vsi name v100 verbose command on SPEs, and you can view that the VSI named v100 is Up and the corresponding PW is also Up. Take SPE1 as an example:
<SPE1> display vsi name v100 ***VSI Name : Administrator VSI : Isolate Spoken : VSI Index : PW Signaling : Member Discovery Style : PW MAC Learn Style : Encapsulation Type : MTU : Mode : Service Class : Color : DomainId : Domain Name : VSI State : VSI ID : *Peer Router ID : VC Label : Peer Type : Session : Tunnel ID : *Peer Router ID : VC Label : Peer Type : Session : Tunnel ID : *Peer Router ID : VC Label : Peer Type : Session : Tunnel ID : *Peer Router ID : VC Label : Peer Type : Tunnel ID : Tunnel Policy Name : **PW Information: *Peer Ip Address : PW State : verbose v100 no disable 0 ldp static unqualify vlan 1500 uniform --0 up 100 2.2.2.9 23552 dynamic up 0x2002000, 3.3.3.9 23553 dynamic up 0x1002002, 4.4.4.9 23554 dynamic up 0x2002004, 5.5.5.9 500 static 0x43002008, vsi 5.5.5.9 up

Issue 03 (2008-09-22)

Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd.

7-133

7 VPLS Configuration
Local VC Label Remote VC Label PW Type Tunnel ID *Peer Ip Address PW State Local VC Label Remote VC Label PW Type Tunnel ID *Peer Ip Address PW State Local VC Label Remote VC Label PW Type Tunnel ID *Peer Ip Address PW State Local VC Label Remote VC Label PW Type Tunnel ID : : : : : : : : : : : : : : : : : : : : : : 500 500 MEHVPLS 0x43002008, 2.2.2.9 up 23552 23552 label 0x2002000, 3.3.3.9 up 23553 23552 label 0x1002002, 4.4.4.9 up 23554 23552 label 0x2002004,

Quidway NetEngine80E/40E Core Router Configuration Guide - VPN

CE1 and CE2, which reside in the same network segment, can ping through each other. After you run the shutdown command on the interface bound to the VSI on a UPE or an SPE, CE1 and CE2 cannot ping through each other. This indicates that user data is transmitted through the PW of this VSI. Before GE 1/0/0 of SPE1 is shut down, view the MAC addresses learnt by the VSI on SPE3.
<SPE3> display mac-address dynamic 3 MAC Address VLAN/VSI Port Type Lsp ---------------------------------------------------------------------------00e0-fc01-0202 v100 Tunnel3/0/0 dynamic 3/4137 Total matching items displayed = 1

After GE 1/0/0 of SPE1 is shut down, the VSI bound to the static VLL becomes Down. Check the MAC addresses learnt by the VSI, and you can view that SPE3 has learned a new MAC address.
<SPE3> display mac-address dynamic MAC Address VLAN/VSI Port Type Lsp ---------------------------------------------------------------------------00e0-fc01-0515 v100 Tunnel3/0/0 dynamic 3/4137 Total matching items displayed = 0

Configuration Files
l

Configuration file of CE1


# sysname CE1 # interface GigabitEthernet1/0/0 undo shutdown # interface GigabitEthernet1/0/0.1 undo shutdown vlan-type dot1q 10 ip address 10.1.1.1 255.255.255.0 # return

Configuration file of CE2


# sysname CE2 # interface GigabitEthernet1/0/0 undo shutdown #

7-134

Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd.

Issue 03 (2008-09-22)

Quidway NetEngine80E/40E Core Router Configuration Guide - VPN


interface GigabitEthernet1/0/0.1 undo shutdown vlan-type dot1q 10 ip address 10.1.1.2 255.255.255.0 # return l

7 VPLS Configuration

Configuration file of UPE1


# sysname UPE1 # mpls lsr-id 5.5.5.9 mpls mpls te mpls rsvp-te mpls oam # mpls l2vpn # interface GigabitEthernet1/0/0 undo shutdown ip address 100.1.5.2 255.255.255.0 ospf cost 1 mpls mpls te mpls rsvp-te # interface GigabitEthernet2/0/0 undo shutdown ip address 100.1.6.2 255.255.255.0 ospf cost 1 mpls mpls te mpls rsvp-te # interface GigabitEthernet3/0/0 undo shutdown # interface GigabitEthernet3/0/0.1 undo shutdown vlan-type dot1q 10 mpls static-l2vc destination 2.2.2.9 transmit-vpn-label 500 receive-vpn-label 5 00 tunnel-policy vll # interface LoopBack1 ip address 5.5.5.9 255.255.255.255 # interface Tunnel1/0/0 ip address unnumbered interface LoopBack1 tunnel-protocol mpls te destination 1.1.1.9 mpls te signal-protocol static mpls te tunnel-id 11 mpls te reverse-lsp b11 mpls te commit # interface Tunnel2/0/0 ip address unnumbered interface LoopBack1 tunnel-protocol mpls te destination 2.2.2.9 mpls te signal-protocol static mpls te tunnel-id 1 mpls te protection tunnel 11 mode revertive wtr 2 mpls te reverse-lsp b1 mpls te reserved-for-binding mpls te commit # ospf 1 area 0.0.0.0

Issue 03 (2008-09-22)

Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd.

7-135

7 VPLS Configuration
network 5.5.5.9 0.0.0.0 network 100.1.5.0 0.0.0.255 network 100.1.6.0 0.0.0.255

Quidway NetEngine80E/40E Core Router Configuration Guide - VPN

# static-lsp ingress tunnel-interface Tunnel1/0/0 destination 1.1.1.9 nexthop 10 0.1.5.1 out-label 200 static-lsp egress b11 incoming-interface GigabitEthernet1/0/0 in-label 201 lsrid 1.1.1 .9 tunnel-id 21 static-lsp ingress tunnel-interface Tunnel2/0/0 destination 2.2.2.9 nexthop 10 0.1.6.1 out-label 100 static-lsp egress b1 incoming-interface GigabitEthernet2/0/0 in-label 101 lsrid 2.2.2. 9 tunnel-id 2 # mpls oam egress lsp-name b1 mpls oam egress lsp-name b11 mpls oam ingress Tunnel2/0/0 type ffd frequency 100 mpls oam ingress enable Tunnel2/0/0 mpls oam ingress Tunnel1/0/0 type ffd frequency 100 mpls oam ingress enable Tunnel1/0/0 # tunnel-policy vll tunnel binding destination 2.2.2.9 te Tunnel2/0/0 # return l

Configuration file of UPE2


# sysname UPE2 # mpls lsr-id 6.6.6.9 mpls mpls te mpls rsvp-te mpls oam # mpls l2vpn # interface GigabitEthernet1/0/0 ip address 100.1.7.2 255.255.255.0 ospf cost 1 mpls mpls te mpls rsvp-te # interface GigabitEthernet2/0/0 ip address 100.1.8.2 255.255.255.0 ospf cost 1 mpls mpls te mpls rsvp-te # interface GigabitEthernet3/0/0 # interface GigabitEthernet3/0/0.1 vlan-type dot1q 10 mpls static-l2vc destination 4.4.4.9 transmit-vpn-label 600 receive-vpn-label 6 00 tunnel-policy vll # interface LoopBack1 ip address 6.6.6.9 255.255.255.255 # interface Tunnel1/0/0 ip address unnumbered interface LoopBack1 tunnel-protocol mpls te destination 3.3.3.9

7-136

Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd.

Issue 03 (2008-09-22)

Quidway NetEngine80E/40E Core Router Configuration Guide - VPN

7 VPLS Configuration

mpls te signal-protocol static mpls te tunnel-id 31 mpls te reverse-lsp b31 mpls te commit # interface Tunnel2/0/0 ip address unnumbered interface LoopBack1 tunnel-protocol mpls te destination 4.4.4.9 mpls te signal-protocol static mpls te tunnel-id 3 mpls te protection tunnel 31 mode revertive wtr 2 mpls te reverse-lsp b3 mpls te reserved-for-binding mpls te commit # ospf 1 area 0.0.0.0 network 6.6.6.9 0.0.0.0 network 100.1.7.0 0.0.0.255 network 100.1.8.0 0.0.0.255 # static-lsp ingress tunnel-interface Tunnel1/0/0 destination 3.3.3.9 nexthop 10 0.1.7.1 out-label 400 static-lsp egress b31 incoming-interface GigabitEthernet1/0/0 in-label 401 lsrid 3.3.3 .9 tunnel-id 41 static-lsp ingress tunnel-interface Tunnel2/0/0 destination 4.4.4.9 nexthop 10 0.1.8.1 out-label 300 static-lsp egress b3 incoming-interface GigabitEthernet2/0/0 in-label 301 lsrid 4.4.4. 9 tunnel-id 4 # mpls oam egress lsp-name b3 mpls oam egress lsp-name b31 mpls oam ingress Tunnel1/0/0 type ffd frequency 100 mpls oam ingress enable Tunnel1/0/0 mpls oam ingress Tunnel2/0/0 type ffd frequency 100 mpls oam ingress enable Tunnel2/0/0 # tunnel-policy vll tunnel binding destination 4.4.4.9 te Tunnel2/0/0 # return l

Configuration file of SPE1


# sysname SPE1 # mpls lsr-id 1.1.1.9 mpls mpls te mpls rsvp-te mpls oam # mpls l2vpn # vsi v100 static pwsignal ldp vsi-id 100 peer 2.2.2.9 peer 3.3.3.9 peer 4.4.4.9 peer 5.5.5.9 tnl-policy vsi static-upe tran 500 recv 500 # mpls ldp # mpls ldp remote-peer 4.4.4.9

Issue 03 (2008-09-22)

Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd.

7-137

7 VPLS Configuration

Quidway NetEngine80E/40E Core Router Configuration Guide - VPN


remote-ip 4.4.4.9 # interface GigabitEthernet3/0/0 undo shutdown ip address 100.1.5.1 255.255.255.0 ospf cost 1 mpls mpls te mpls rsvp-te # interface Pos1/0/0 link-protocol ppp undo shutdown ip address 100.1.1.1 255.255.255.0 ospf cost 1 mpls mpls ldp # interface Pos2/0/0 link-protocol ppp undo shutdown ip address 100.1.4.2 255.255.255.0 ospf cost 1 mpls mpls ldp # interface LoopBack1 ip address 1.1.1.9 255.255.255.255 # interface Tunnel3/0/0 ip address unnumbered interface LoopBack1 tunnel-protocol mpls te destination 5.5.5.9 mpls te signal-protocol static mpls te tunnel-id 21 mpls te reverse-lsp b21 mpls te reserved-for-binding mpls te commit # ospf 1 area 0.0.0.0 network 1.1.1.9 0.0.0.0 network 100.1.1.0 0.0.0.255 network 100.1.4.0 0.0.0.255 network 100.1.5.0 0.0.0.255 # static-lsp ingress tunnel-interface Tunnel3/0/0 destination 5.5.5.9 nexthop 10 0.1.5.2 out-label 201 static-lsp egress b21 incoming-interface GigabitEthernet3/0/0 in-label 200 lsrid 5.5.5 .9 tunnel-id 11 # mpls oam egress lsp-name b21 mpls oam ingress Tunnel3/0/0 type ffd frequency 100 mpls oam ingress enable Tunnel3/0/0 # tunnel-policy vsi tunnel binding destination 5.5.5.9 te Tunnel3/0/0 # return

Configuration file of SPE2


# sysname SPE2 # mpls lsr-id 2.2.2.9 mpls mpls te mpls rsvp-te

7-138

Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd.

Issue 03 (2008-09-22)

Quidway NetEngine80E/40E Core Router Configuration Guide - VPN

7 VPLS Configuration

mpls oam # mpls l2vpn # vsi v100 static pwsignal ldp vsi-id 100 peer 1.1.1.9 peer 3.3.3.9 peer 4.4.4.9 peer 5.5.5.9 tnl-policy vsi static-upe tran 500 recv 500 # mpls ldp # mpls ldp remote-peer 3.3.3.9 remote-ip 3.3.3.9 # interface GigabitEthernet3/0/0 undo shutdown ip address 100.1.6.1 255.255.255.0 ospf cost 1 mpls mpls te mpls rsvp-te # interface Pos1/0/0 link-protocol ppp undo shutdown ip address 100.1.3.2 255.255.255.0 ospf cost 1 mpls mpls ldp # interface Pos2/0/0 link-protocol ppp undo shutdown ip address 100.1.4.1 255.255.255.0 ospf cost 1 mpls mpls ldp # interface LoopBack1 ip address 2.2.2.9 255.255.255.255 # interface Tunnel3/0/0 ip address unnumbered interface LoopBack1 tunnel-protocol mpls te destination 5.5.5.9 mpls te signal-protocol static mpls te tunnel-id 2 mpls te reverse-lsp b2 mpls te reserved-for-binding mpls te commit # ospf 1 area 0.0.0.0 network 2.2.2.9 0.0.0.0 network 100.1.3.0 0.0.0.255 network 100.1.4.0 0.0.0.255 network 100.1.6.0 0.0.0.255 # static-lsp ingress tunnel-interface Tunnel3/0/0 destination 5.5.5.9 nexthop 10 0.1.6.2 out-label 101 static-lsp egress b2 incoming-interface GigabitEthernet3/0/0 in-label 100 lsrid 5.5.5. 9 tunnel-id 1 # mpls oam egress lsp-name b2

Issue 03 (2008-09-22)

Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd.

7-139

7 VPLS Configuration

Quidway NetEngine80E/40E Core Router Configuration Guide - VPN


mpls oam ingress Tunnel3/0/0 type ffd frequency 100 mpls oam ingress enable Tunnel3/0/0 # tunnel-policy vsi tunnel binding destination 5.5.5.9 te Tunnel3/0/0 # return

Configuration file of SPE3


# sysname SPE3 # mpls lsr-id 3.3.3.9 mpls mpls te mpls rsvp-te mpls oam # mpls l2vpn # vsi v100 static pwsignal ldp vsi-id 100 peer 1.1.1.9 peer 2.2.2.9 peer 4.4.4.9 peer 6.6.6.9 tnl-policy vsi static-upe tran 600 recv 600 # mpls ldp # mpls ldp remote-peer 2.2.2.9 remote-ip 2.2.2.9 # interface GigabitEthernet3/0/0 undo shutdown ip address 100.1.7.1 255.255.255.0 ospf cost 1 mpls mpls te mpls rsvp-te # interface Pos1/0/0 link-protocol ppp undo shutdown ip address 100.1.1.2 255.255.255.0 ospf cost 1 mpls mpls ldp # interface Pos2/0/0 link-protocol ppp undo shutdown ip address 100.1.2.1 255.255.255.0 ospf cost 1 mpls mpls ldp # interface LoopBack1 ip address 3.3.3.9 255.255.255.255 # interface Tunnel3/0/0 ip address unnumbered interface LoopBack1 tunnel-protocol mpls te destination 6.6.6.9 mpls te signal-protocol static mpls te tunnel-id 41 mpls te reverse-lsp b41 mpls te reserved-for-binding mpls te commit #

7-140

Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd.

Issue 03 (2008-09-22)

Quidway NetEngine80E/40E Core Router Configuration Guide - VPN

7 VPLS Configuration

ospf 1 area 0.0.0.0 network 3.3.3.9 0.0.0.0 network 100.1.1.0 0.0.0.255 network 100.1.2.0 0.0.0.255 network 100.1.7.0 0.0.0.255 # static-lsp ingress tunnel-interface Tunnel3/0/0 destination 6.6.6.9 nexthop 10 0.1.7.2 out-label 401 static-lsp egress b41 incoming-interface GigabitEthernet3/0/0 in-label 400 lsrid 6.6.6 .9 tunnel-id 31 # mpls oam egress lsp-name b41 mpls oam ingress Tunnel3/0/0 type ffd frequency 100 mpls oam ingress enable Tunnel3/0/0 # tunnel-policy vsi tunnel binding destination 6.6.6.9 te Tunnel3/0/0 # return l

Configuration file of SPE4


# sysname SPE4 # mpls lsr-id 4.4.4.9 mpls mpls te mpls rsvp-te mpls oam # mpls l2vpn # vsi v100 static pwsignal ldp vsi-id 100 peer 1.1.1.9 peer 2.2.2.9 peer 3.3.3.9 peer 6.6.6.9 tnl-policy vsi static-upe tran 600 recv 600 # mpls ldp # mpls ldp remote-peer 1.1.1.9 remote-ip 1.1.1.9 # interface GigabitEthernet3/0/0 undo shutdown ip address 100.1.8.1 255.255.255.0 ospf cost 1 mpls mpls te mpls rsvp-te # interface Pos1/0/0 link-protocol ppp undo shutdown ip address 100.1.3.1 255.255.255.0 ospf cost 1 mpls mpls ldp # interface Pos2/0/0 link-protocol ppp undo shutdown ip address 100.1.2.2 255.255.255.0 ospf cost 1 mpls

Issue 03 (2008-09-22)

Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd.

7-141

7 VPLS Configuration

Quidway NetEngine80E/40E Core Router Configuration Guide - VPN


mpls ldp # interface LoopBack1 ip address 4.4.4.9 255.255.255.255 # interface Tunnel3/0/0 ip address unnumbered interface LoopBack1 tunnel-protocol mpls te destination 6.6.6.9 mpls te signal-protocol static mpls te tunnel-id 4 mpls te reverse-lsp b4 mpls te reserved-for-binding mpls te commit # ospf 1 area 0.0.0.0 network 4.4.4.9 0.0.0.0 network 100.1.2.0 0.0.0.255 network 100.1.3.0 0.0.0.255 network 100.1.8.0 0.0.0.255 # static-lsp ingress tunnel-interface Tunnel3/0/0 destination 6.6.6.9 nexthop 10 0.1.8.2 out-label 301 static-lsp egress b4 incoming-interface GigabitEthernet3/0/0 in-label 300 lsrid 6.6.6. 9 tunnel-id 3 # mpls oam egress lsp-name b4 mpls oam ingress Tunnel3/0/0 type ffd frequency 100 mpls oam ingress enable Tunnel3/0/0 # tunnel-policy vsi tunnel binding destination 6.6.6.9 te Tunnel3/0/0 # return

7.13.9 Example for Configuring Inter-AS Kompella VPLS Option A


Networking Requirements
As shown in Figure 7-16, CE1 and CE2 belong to the same VPLS network, and access the backbone network through PE1 in AS100 and PE2 in AS200 respectively. Option A of inter-AS Kompella VPLS needs to be implemented. The interfaces that connect ASBR PEs serve as AC interfaces and are bound to the VSI, that is, the interfaces are exclusively used by the VSI.

7-142

Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd.

Issue 03 (2008-09-22)

Quidway NetEngine80E/40E Core Router Configuration Guide - VPN

7 VPLS Configuration

Figure 7-16 Networking diagram of configuring Kompella VPLS Option A


VPLS Backbone AS 100
Loopback1 1.1.1.1/32 POS2/0/0 100.1.1.1/30 Loopback1 2.2.2.2/32 GE2/0/0.1 GE1/0/0.1

VPLS Backbone AS 200


Loopback1 3.3.3.3/32 POS2/0/0 100.3.1.1/30 POS1/0/0 100.3.1.2/30 GE2/0/0.1 Loopback1 4.4.4.4/32

PE1

POS1/0/0 100.1.1.2/30 GE1/0/0.1

ASBR -PE1

ASBR -PE2

PE2

VLAN10
GE1/0/0.1 10.1.1.1/24

VLAN10
GE1/0/0.1 10.1.1.2/24

CE1

CE2

Configuration Roadmap
The configuration roadmap is as follows: 1. 2. 3. Configure IGP on the backbone network to ensure connectivity between ASBR-PEs and PEs. Establish MP IBGP peer relationship between the PEs and the ASBR-PEs in the same AS. Configure the VSIs on PE1, ASBR-PE1, ASBR-PE2, and PE2 and bind the VSIs to the AC interfaces.

Data Preparation
To complete the configuration, you need the following data:
l l

Data required for configuring IS-IS MPLS LSR IDs (configured as the IP addresses of the local loopback interfaces) of the PEs and the ASBR-PEs CE IDs and CE ranges IP addresses of the CE interfaces that access the PEs

l l

Configuration Procedure
1. Configure IGP for the backbone network. Configure IGP for the MPLS backbone network to implement connectivity between routers in the backbone network. In this example, IS-IS is configured. The detailed configurations are not mentioned here. Note that Loopback 1 must be enabled with IS-IS. After the configuration, the ASBR-PEs and the PEs in the same AS can establish IS-IS neighbor relationship. Run the display isis peer command, and you can view that the neighbor status is Up. In addition, the ASBR-PEs and the PEs can learn the loopback addresses from each other.
Issue 03 (2008-09-22) Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd. 7-143

7 VPLS Configuration

Quidway NetEngine80E/40E Core Router Configuration Guide - VPN

Take PE1 as an example:


<PE1> display isis peer Peer information for ISIS(1) ---------------------------System Id Interface Circuit Id State HoldTime Type PRI 0000.0000.0002 P2/0/0 001 Up 23s L1L2 -<PE1> display ip routing-table Route Flags: R - relied, D - download to fib -----------------------------------------------------------------------------Routing Tables: Public Destinations : 7 Routes : 7 Destination/Mask Proto Pre Cost Flags NextHop Interface 1.1.1.1/32 Direct 0 0 D 127.0.0.1 InLoopBack0 2.2.2.2/32 ISIS 15 10 D 100.1.1.2 Pos2/0/0 100.1.1.0/30 Direct 0 0 D 100.1.1.1 Pos2/0/0 100.1.1.1/32 Direct 0 0 D 127.0.0.1 InLoopBack0 100.1.1.2/32 Direct 0 0 D 100.1.1.2 Pos2/0/0 127.0.0.0/8 Direct 0 0 D 127.0.0.1 InLoopBack0 127.0.0.1/32 Direct 0 0 D 127.0.0.1 InLoopBack0

The ASBR-PEs and the PEs in the same AS can successfully ping Loopbakck1 interfaces of each other. Take ASBR-PE1 as an example:
<ASBR-PE1> ping 1.1.1.1 PING 1.1.1.1: 56 data bytes, press CTRL_C to break Reply from 1.1.1.1: bytes=56 Sequence=1 ttl=255 time=47 Reply from 1.1.1.1: bytes=56 Sequence=2 ttl=255 time=31 Reply from 1.1.1.1: bytes=56 Sequence=3 ttl=255 time=31 Reply from 1.1.1.1: bytes=56 Sequence=4 ttl=255 time=31 Reply from 1.1.1.1: bytes=56 Sequence=5 ttl=255 time=31 --- 1.1.1.1 ping statistics --5 packet(s) transmitted 5 packet(s) received 0.00% packet loss round-trip min/avg/max = 31/34/47 ms ms ms ms ms ms

2.

Enable MPLS and MPLS LDP and establish LSPs. Enable MPLS and MPLS LDP on the PEs and the ASBR-PEs in the same AS and establish LDP LSPs. The detailed configurations are not mentioned here. After the configuration, run the display mpls lsp command on each device, and you can view that LSPs are successfully set up between the PEs and the ASBR-PEs in the same AS. Take PE1 as an example:
<PE1> display mpls lsp ---------------------------------------------------------------------LSP Information: LDP LSP ---------------------------------------------------------------------FEC In/Out Label In/Out IF Vrf Name 1.1.1.1/32 3/NULL -/2.2.2.2/32 NULL/3 -/Pos2/0/0

3.

Configure the MP IBGP connection within the AS. # Establish the MP IBGP connection and enable BGP VPLS. # Configure PE1.
<PE1> system-view [PE1] bgp 100 [PE1-bgp] peer 2.2.2.2 as-number 100 [PE1-bgp] peer 2.2.2.2 connect-interface loopback 1 [PE1-bgp] vpls-family [PE1-bgp-af-vpls] peer 2.2.2.2 enable

# Configure ASBR-PE1.
<ASBR-PE1> system-view [ASBR-PE1] bgp 100

7-144

Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd.

Issue 03 (2008-09-22)

Quidway NetEngine80E/40E Core Router Configuration Guide - VPN


[ASBR-PE1-bgp] peer 1.1.1.1 as-number 100 [ASBR-PE1-bgp] peer 1.1.1.1 connect-interface loopback 1 [ASBR-PE1-bgp] vpls-family [ASBR-PE1-bgp-af-vpls] peer 1.1.1.1 enable
NOTE

7 VPLS Configuration

The configurations of AS200 are similar to those of AS100, and thus are not mentioned here.

After this step, run the display bgp vpls peer command on the PEs or the ASBR-PEs, and you can find that the status of the MP IBGP peer is "Established". Take PE1 as an example:
[PE1] display bgp vpls peer BGP local router ID : 1.1.1.1 Local AS number : 100 Total number of peers : 1 Peer V AS MsgRcvd 2.2.2.2 4 100 10 0

MsgSent

Peers in established state : 1 OutQ Up/Down State PrefRcv 8 0 00:04:56 Established

4.

Enable MPLS L2VPN on the PEs and the ASBR-PEs. # Configure PE1.
[PE1] mpls l2vpn

# Configure ASBR-PE1.
[ASBR-PE1] mpls l2vpn

# Configure ASBR-PE2.
[ASBR-PE2] mpls l2vpn

# Configure PE2.
[PE2] mpls l2vpn

5.

Configure VSIs on the PEs and the ASBR-PEs and bind the VSIs to the AC interfaces. # Configure PE1.
[PE1] vsi v1 auto [PE1-vsi-v1] pwsignal bgp [PE1-vsi-v1-bgp] route-distinguisher 100:1 [PE1-vsi-v1-bgp] vpn-target 1:1 import-extcommunity [PE1-vsi-v1-bgp] vpn-target 1:1 export-extcommunity [PE1-vsi-v1-bgp] site 1 range 5 default-offset 0 [PE1-vsi-v1-bgp] quit [PE1-vsi-v1] quit [PE1] interface gigabitethernet1/0/0.1 [PE1-GigabitEthernet1/0/0.1] shutdown [PE1-GigabitEthernet1/0/0.1] vlan-type dot1q 10 [PE1-GigabitEthernet1/0/0.1] l2 binding vsi v1 [PE1-GigabitEthernet1/0/0.1] undo shutdown [PE1-GigabitEthernet1/0/0.1] quit

# Configure ASBR-PE1.
[ASBR-PE1] vsi v1 auto [ASBR-PE1-vsi-v1] pwsignal bgp [ASBR-PE1-vsi-v1-bgp] route-distinguisher 100:2 [ASBR-PE1-vsi-v1-bgp] vpn-target 1:1 import-extcommunity [ASBR-PE1-vsi-v1-bgp] vpn-target 1:1 export-extcommunity [ASBR-PE1-vsi-v1-bgp] site 2 range 5 default-offset 0 [ASBR-PE1-vsi-v1-bgp] quit [ASBR-PE1-vsi-v1] quit [ASBR-PE1] interface gigabitethernet2/0/0.1 [ASBR-PE1-GigabitEthernet2/0/0.1] shutdown [ASBR-PE1-GigabitEthernet2/0/0.1] vlan-type dot1q 10 [ASBR-PE1-GigabitEthernet2/0/0.1] l2 binding vsi v1 [ASBR-PE1-GigabitEthernet2/0/0.1] undo shudown [ASBR-PE1-GigabitEthernet2/0/0.1] quit

# Configure ASBR-PE2.
Issue 03 (2008-09-22) Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd. 7-145

7 VPLS Configuration

Quidway NetEngine80E/40E Core Router Configuration Guide - VPN


[ASBR-PE2] vsi v1 auto [ASBR-PE2-vsi-v1] pwsignal bgp [ASBR-PE2-vsi-v1-bgp] route-distinguisher 200:1 [ASBR-PE2-vsi-v1-bgp] vpn-target 1:1 import-extcommunity [ASBR-PE2-vsi-v1-bgp] vpn-target 1:1 export-extcommunity [ASBR-PE2-vsi-v1-bgp] site 1 range 5 default-offset 0 [ASBR-PE2-vsi-v1-bgp] quit [ASBR-PE2-vsi-v1] quit [ASBR-PE2] interface gigabitethernet1/0/0.1 [ASBR-PE2-GigabitEthernet1/0/0.1] shutdown [ASBR-PE2-GigabitEthernet1/0/0.1] vlan-type dot1q 10 [ASBR-PE2-GigabitEthernet1/0/0.1] l2 binding vsi v1 [ASBR-PE2-GigabitEthernet1/0/0.1] undo shutdown [ASBR-PE2-GigabitEthernet1/0/0.1] quit

# Configure PE2.
[PE2] vsi v1 auto [PE2-vsi-v1] pwsignal bgp [PE2-vsi-v1-bgp] route-distinguisher 200:2 [PE2-vsi-v1-bgp] vpn-target 1:1 import-extcommunity [PE2-vsi-v1-bgp] vpn-target 1:1 export-extcommunity [PE2-vsi-v1-bgp] site 2 range 5 default-offset 0 [PE2-vsi-v1-bgp] quit [PE2-vsi-v1] quit [PE2] interface gigabitethernet2/0/0.1 [PE2-GigabitEthernet2/0/0.1] shutdown [PE2-GigabitEthernet2/0/0.1] vlan-type dot1q 10 [PE2-GigabitEthernet2/0/0.1] l2 binding vsi v1 [PE2-GigabitEthernet2/0/0.1] undo shutdown [PE2-GigabitEthernet2/0/0.1] quit

6.

Configure the CEs. # Configure CE1.


[CE1] interface gigabitethernet1/0/0.1 [CE1-GigabitEthernet1/0/0.1] shutdown [CE1-GigabitEthernet1/0/0.1] vlan-type dot1q 10 [CE1-GigabitEthernet1/0/0.1] ip address 10.1.1.1 24 [CE1-GigabitEthernet1/0/0.1] undo shutdown [CE1-GigabitEthernet1/0/0.1] quit

# Configure CE2.
[CE2] interface gigabitethernet1/0/0.1 [CE2-GigabitEthernet1/0/0.1] shutdown [CE2-GigabitEthernet1/0/0.1] vlan-type dot1q 10 [CE2-GigabitEthernet1/0/0.1] ip address 10.1.1.2 24 [CE2-GigabitEthernet1/0/0.1] undo shutdown [CE2-GigabitEthernet1/0/0.1] quit

7.

Verify the configuration. Run the display vpls connection bgp command on a PE, and you can view that the status of the VSI is Up. Take PE1 as an example:
<PE1> display vpls connection bgp verbose VSI Name: v1 **Remote Site ID : 2 VC State : up RD : 100:2 Encapsulation : vlan MTU : 1500 Peer Ip Address : 2.2.2.2 PW Type : label Local VC Label : 25602 Remote VC Label : 25601 Tunnel Policy : -Tunnel ID : 0x2002000, Remote Label Block : 25600/5/0 Export vpn target : 1:1, Signaling: bgp

7-146

Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd.

Issue 03 (2008-09-22)

Quidway NetEngine80E/40E Core Router Configuration Guide - VPN

7 VPLS Configuration

CE1 and CE2 can ping through each other.


<CE1> ping 10.1.1.2 PING 10.1.1.2: 56 data bytes, press CTRL_C to break Reply from 10.1.1.2: bytes=56 Sequence=1 ttl=255 time=90 Reply from 10.1.1.2: bytes=56 Sequence=2 ttl=255 time=77 Reply from 10.1.1.2: bytes=56 Sequence=3 ttl=255 time=34 Reply from 10.1.1.2: bytes=56 Sequence=4 ttl=255 time=46 Reply from 10.1.1.2: bytes=56 Sequence=5 ttl=255 time=94 --- 10.1.1.2 ping statistics --5 packet(s) transmitted 5 packet(s) received 0.00% packet loss round-trip min/avg/max = 34/68/94 ms ms ms ms ms ms

Run the display bgp vpls all command on a PE or an ASBR PE, and you can view information about the VPLS label block of BGP. Take ASBR-PE1 as an example:
<ASBR-PE1> display bgp vpls all BGP Local Router ID : 2.2.2.2, Local AS Number : 100 Status codes : * - active, > - best BGP.VPLS : 2 Label Blocks ------------------------------------------------------------------------------Route Distinguisher: 100:1 SiteID Offset NextHop Range LabBase TunnelID FromPeer MHPref ------------------------------------------------------------------------------*> 1 0 1.1.1.1 5 25600 0x0 1.1.1.1 0 ------------------------------------------------------------------------------Route Distinguisher: 100:2 SiteID Offset NextHop Range LabBase TunnelID FromPeer MHPref ------------------------------------------------------------------------------> 2 0 0.0.0.0 5 25600 0x0 0.0.0.0 0

Configuration Files
l

Configuration file of CE1


# sysname CE1 # interface GigabitEthernet1/0/0 undo shutdown # interface GigabitEthernet1/0/0.1 undo shutdown vlan-type dot1q 10 ip address 10.1.1.1 255.255.255.0 # return

Configuration file of PE1


# sysname PE1 # mpls lsr-id 1.1.1.1 mpls # mpls l2vpn # vsi v1 auto pwsignal bgp route-distinguisher 100:1 vpn-target 1:1 import-extcommunity vpn-target 1:1 export-extcommunity site 1 range 5 default-offset 0

Issue 03 (2008-09-22)

Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd.

7-147

7 VPLS Configuration
# mpls ldp # isis 1 network-entity 10.0000.0000.0001.00 # interface GigabitEthernet1/0/0 undo shutdown # interface GigabitEthernet1/0/0.1 undo shutdown vlan-type dot1q 10 l2 binding vsi v1 # interface Pos2/0/0 link-protocol ppp undo shutdown ip address 100.1.1.1 255.255.255.252 isis enable 1 mpls mpls ldp # interface LoopBack1 ip address 1.1.1.1 255.255.255.255 isis enable 1 # bgp 100 peer 2.2.2.2 as-number 100 peer 2.2.2.2 connect-interface LoopBack1 # ipv4-family unicast undo synchronization peer 2.2.2.2 enable # vpls-family policy vpn-target peer 2.2.2.2 enable # return l

Quidway NetEngine80E/40E Core Router Configuration Guide - VPN

Configuration file of ASBR-PE1


# sysname ASBR-PE1 # mpls lsr-id 2.2.2.2 mpls # mpls l2vpn # vsi v1 auto pwsignal bgp route-distinguisher 100:2 vpn-target 1:1 import-extcommunity vpn-target 1:1 export-extcommunity site 2 range 5 default-offset 0 # mpls ldp # isis 1 network-entity 10.0000.0000.0002.00 # interface GigabitEthernet2/0/0 undo shutdown # interface GigabitEthernet2/0/0.1 undo shutdown vlan-type dot1q 10 l2 binding vsi v1 # interface Pos1/0/0

7-148

Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd.

Issue 03 (2008-09-22)

Quidway NetEngine80E/40E Core Router Configuration Guide - VPN


link-protocol ppp undo shutdown ip address 100.1.1.2 255.255.255.252 isis enable 1 mpls mpls ldp # interface LoopBack1 ip address 2.2.2.2 255.255.255.255 isis enable 1 # bgp 100 peer 1.1.1.1 as-number 100 peer 1.1.1.1 connect-interface LoopBack1 # ipv4-family unicast undo synchronization peer 1.1.1.1 enable # vpls-family policy vpn-target peer 1.1.1.1 enable # return l

7 VPLS Configuration

Configuration file of ASBR-PE2


# sysname ASBR-PE2 # mpls lsr-id 3.3.3.3 mpls # mpls l2vpn # vsi v1 auto pwsignal bgp route-distinguisher 200:1 vpn-target 1:1 import-extcommunity vpn-target 1:1 export-extcommunity site 1 range 5 default-offset 0 # mpls ldp # isis 1 network-entity 10.0000.0000.0003.00 # interface GigabitEthernet1/0/0 undo shutdown # interface GigabitEthernet1/0/0.1 undo shutdown vlan-type dot1q 10 l2 binding vsi v1 # interface Pos2/0/0 link-protocol ppp undo shutdown ip address 100.3.1.1 255.255.255.252 isis enable 1 mpls mpls ldp # interface LoopBack1 ip address 3.3.3.3 255.255.255.255 isis enable 1 # bgp 200 peer 4.4.4.4 as-number 200 peer 4.4.4.4 connect-interface LoopBack1 #

Issue 03 (2008-09-22)

Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd.

7-149

7 VPLS Configuration
ipv4-family unicast undo synchronization peer 4.4.4.4 enable # vpls-family policy vpn-target peer 4.4.4.4 enable # return l

Quidway NetEngine80E/40E Core Router Configuration Guide - VPN

Configuration file of PE2


# sysname PE2 # mpls lsr-id 4.4.4.4 mpls # mpls l2vpn # vsi v1 auto pwsignal bgp route-distinguisher 200:2 vpn-target 1:1 import-extcommunity vpn-target 1:1 export-extcommunity site 2 range 5 default-offset 0 # mpls ldp # isis 1 network-entity 10.0000.0000.0004.00 # interface GigabitEthernet2/0/0 undo shutdown # interface GigabitEthernet2/0/0.1 undo shutdown vlan-type dot1q 10 l2 binding vsi v1 # interface Pos1/0/0 link-protocol ppp undo shutdown ip address 100.3.1.2 255.255.255.252 isis enable 1 mpls mpls ldp # interface LoopBack1 ip address 4.4.4.4 255.255.255.255 isis enable 1 # bgp 200 peer 3.3.3.3 as-number 200 peer 3.3.3.3 connect-interface LoopBack1 # ipv4-family unicast undo synchronization peer 3.3.3.3 enable # vpls-family policy vpn-target peer 3.3.3.3 enable # return

Configuration file of CE2


# sysname CE2 # interface GigabitEthernet1/0/0

7-150

Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd.

Issue 03 (2008-09-22)

Quidway NetEngine80E/40E Core Router Configuration Guide - VPN


undo shutdown # interface GigabitEthernet1/0/0.1 undo shutdown ip address 100.1.1.2 255.255.255.0 # return

7 VPLS Configuration

7.13.10 Example for Configuring Inter-AS Kompella VPLS Option C


Networking Requirements
As shown in Figure 7-17, CE1 and CE2 belong to the same VPLS network, and access the backbone network through PE1 in AS100 and PE2 in AS200 respectively. Option C of inter-AS Kompella VPLS needs to be implemented.
l l

The ASBRs do not maintain information about VPLS label blocks. The PEs directly exchange information about VPLS label blocks.

Figure 7-17 Networking diagram of configuring inter-AS Kompella VPLS Option C


VPLS Backbone AS 100
Loopback1 1.1.1.1/32 POS2/0/0 100.1.1.1/30 Loopback1 2.2.2.2/32 POS2/0/0 100.2.1.1/30

VPLS Backbone AS 200


Loopback1 3.3.3.3/32 POS2/0/0 100.3.1.1/30 POS1/0/0 100.2.1.2/30 POS1/0/0 100.3.1.2/30 GE2/0/0.1 Loopback1 4.4.4.4/32

PE1

POS1/0/0 100.1.1.2/30 GE1/0/0.1

ASBR -PE1

ASBR -PE2

PE2

VLAN10
GE1/0/0.1 10.1.1.1/24

VLAN10
GE1/0/0.1 10.1.1.2/24

CE1

CE2

Configuration Roadmap
The configuration roadmap is as follows: 1. 2. 3. 4. Run IGP on the backbone network to ensure the connectivity between routers in the same AS. Enable MPLS on the backbone network and establish dynamic LSPs between the PEs and the ASBR-PEs. Enable MPLS on the interfaces that connect the ASBRs. Establish IBGP peer relationship between the PEs and the ASBR PEs in the same AS. Run EBGP between the ASBR-PEs, configure the routing policy on the ASBR-PEs, and enable the capability of label allocation. Establish MP EBGP peer relationship between PE1 and PE2.
Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd. 7-151

Issue 03 (2008-09-22)

7 VPLS Configuration

Quidway NetEngine80E/40E Core Router Configuration Guide - VPN

5.

Create VSIs between PE1 and PE2 and configure CEs to access the VSIs on the PEs.

Data Preparation
To complete the configuration, you need the following data:
l l l l l

Data required for configuring IS-IS MPLS LSR ID of the PEs and the ASBR-PEs Name of the VSIs, RD and VPN target on the PEs AC interfaces on the PE that are bound to VSIs Routing policy on the ASBR PEs

Configuration Procedure
1. Configure IGP for the backbone network. Configure IGP on the MPLS backbone network to interconnect the PEs and the Ps on the backbone network. In this example, IS-IS is configured. The detailed configurations are not mentioned here. Note that Loopback 1 must be enabled with IS-IS. After the configuration, the ASBR-PEs and the PEs in the same AS can establish IS-IS neighbor relationship. Run the display isis peer command, and you can view that the neighbor status is Up. In addition, the ASBR-PEs and the PEs can learn the loopback addresses from each other. 2. Enable MPLS and MPLS LDP and establish LSPs. Enable MPLS and MPLS LDP on the PEs and the ASBR-PEs in the same AS and establish LDP LSPs. The detailed configurations are not mentioned here. After the configuration, run the display mpls lsp command on each router, and you can view that LSPs are successfully set up between the PEs and the ASBR-PEs in the same AS. Take PE1 as an example:
<PE1> display mpls lsp ---------------------------------------------------------------------LSP Information: LDP LSP ---------------------------------------------------------------------FEC In/Out Label In/Out IF Vrf Name 1.1.1.1/32 3/NULL -/2.2.2.2/32 NULL/3 -/Pos2/0/0

3.

Configure MP-BGP. Configure MP IBGP between PE1 and ASBR-PE1, and between PE2 and ASBR-PE2. Configure MP EBGP between ASBR-PE1 and ASBR-PE2. Advertise the route of the interface Loopback1 on the PE in the local AS to the peer ASBRPE.
NOTE

If the links between the ASBR-PEs are non-P2P links, the routes of the network segment between the ASBR-PEs must be advertised on the local ASBR-PE to the peer ASBR-PE.

# Configure PE1.
<PE1> system-view [PE1] bgp 100 [PE1-bgp] peer 2.2.2.2 as-number 100 [PE1-bgp] peer 2.2.2.2 label-route-capability

7-152

Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd.

Issue 03 (2008-09-22)

Quidway NetEngine80E/40E Core Router Configuration Guide - VPN


[PE1-bgp] peer 2.2.2.2 connect-interface LoopBack 1

7 VPLS Configuration

# Configure ASBR-PE1. For the routes received from the PE in the same AS and advertised to the peer ASBR PE, the ASBR PE allocates MPLS labels to the routes. For the labeled IPv4 routes advertised to the PE in the same AS, the ASBR PE allocates new MPLS labels to the routes.
<ASBR-PE1> system-view [ASBR-PE1] interface pos 2/0/0 [ASBR-PE1-Pos2/0/0] shutdown [ASBR-PE1-Pos2/0/0] mpls [ASBR-PE1-Pos2/0/0] undo shutdown [ASBR-PE1-Pos2/0/0] quit [ASBR-PE1] route-policy policy1 permit node 1 [ASBR-PE1-route-policy] apply mpls-label [ASBR-PE1-route-policy] quit [ASBR-PE1] route-policy policy2 permit node 1 [ASBR-PE1-route-policy] if-match mpls-label [ASBR-PE1-route-policy] apply mpls-label [ASBR-PE1-route-policy] quit [ASBR-PE1] bgp 100 [ASBR-PE1-bgp] network 1.1.1.1 32 [ASBR-PE1-bgp] peer 1.1.1.1 as-number 100 [ASBR-PE1-bgp] peer 1.1.1.1 route-policy policy2 export [ASBR-PE1-bgp] peer 1.1.1.1 label-route-capability [ASBR-PE1-bgp] peer 1.1.1.1 connect-interface loopback 1 [ASBR-PE1-bgp] peer 100.2.1.2 as-number 200 [ASBR-PE1-bgp] peer 100.2.1.2 route-policy policy1 export [ASBR-PE1-bgp] peer 100.2.1.2 label-route-capability

# Configure ASBR-PE2.
<ASBR-PE1> system-view [ASBR-PE2] interface pos 1/0/0 [ASBR-PE2-Pos1/0/0] shutdown [ASBR-PE2-Pos1/0/0] mpls [ASBR-PE2-Pos1/0/0] undo shutdown [ASBR-PE2-Pos1/0/0] quit [ASBR-PE2] route-policy policy1 permit node 1 [ASBR-PE2-route-policy] apply mpls-label [ASBR-PE2-route-policy] quit [ASBR-PE2] route-policy policy2 permit node 1 [ASBR-PE2-route-policy] if-match mpls-label [ASBR-PE2-route-policy] apply mpls-label [ASBR-PE2-route-policy] quit [ASBR-PE2] bgp 200 [ASBR-PE2-bgp] network 4.4.4.4 32 [ASBR-PE2-bgp] peer 100.2.1.1 as-number 100 [ASBR-PE2-bgp] peer 100.2.1.1 route-policy policy1 export [ASBR-PE2-bgp] peer 100.2.1.1 label-route-capability [ASBR-PE2-bgp] peer 4.4.4.4 as-number 200 [ASBR-PE2-bgp] peer 4.4.4.4 route-policy policy2 export [ASBR-PE2-bgp] peer 4.4.4.4 label-route-capability [ASBR-PE2-bgp] peer 4.4.4.4 connect-interface loopback 1

# Configure PE2.
[PE2] bgp [PE2-bgp] [PE2-bgp] [PE2-bgp] 200 peer 3.3.3.3 as-number 200 peer 3.3.3.3 label-route-capability peer 3.3.3.3 connect-interface loopback 1

After the configuration, run the display bgp peer command on the ASBR. You can view that the status of the IBGP sessions between the PE and the ASBR PE in the same AS and the status of the EBGP sessions between the ASBR PEs are "Established".
<ASBR-PE1> display bgp peer BGP local router ID : 2.2.2.2 Local AS number : 100 Total number of peers : 2 Peers in established state : 2 Peer V AS MsgRcvd MsgSent OutQ Up/Down State PrefRcv 1.1.1.1 4 100 111 128 0 00:34:24 Established 0

Issue 03 (2008-09-22)

Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd.

7-153

7 VPLS Configuration
100.2.1.2 4 200 75 89

Quidway NetEngine80E/40E Core Router Configuration Guide - VPN


0 00:38:40 Established 1

Run the display tunnel-info all command on the ASBR-PEs, and you can view that the tunnel with the type as "mpls local ifnet" is established. Take ASBR-PE1 as an example:
<ASBR-PE1> display tunnel-info all * -> Allocated VC Token Tunnel ID Type Destination Token ---------------------------------------------------------------------0x66002001 mpls local ifnet -1 0x6002007 lsp 1.1.1.1 7

4.

Establish EBGP peer relationship between PE1 and PE2. To exchange information about VPLS label blocks between PE1 and PE2, enable the BGP peer in the BGP VPLS address family view. # Configure PE1.
[PE1] bgp 100 [PE1-bgp] peer 4.4.4.4 [PE1-bgp] peer 4.4.4.4 [PE1-bgp] peer 4.4.4.4 [PE1-bgp] vpls-family [PE1-bgp-af-vpls] peer as-number 200 ebgp-max-hop 255 connect-interface loopback 1 4.4.4.4 enable

# Configure PE2.
[PE2] bgp 200 [PE2-bgp] peer 1.1.1.1 [PE2-bgp] peer 1.1.1.1 [PE2-bgp] peer 1.1.1.1 [PE2-bgp] vpls-family [PE2-bgp-af-vpls] peer as-number 100 ebgp-max-hop 255 connect-interface loopback 1 1.1.1.1 enable

After the configuration, run the display bgp vpls peer command on PE1 or PE2, and you can view that the status of the EBGP peer relationship is "Established". Take PE1 as an example:
<PE1> display bgp vpls peer BGP local router ID : 1.1.1.1 Local AS number : 100 Total number of peers : 1 Peer V AS MsgRcvd 4.4.4.4 4 200 74

MsgSent 66

Peers in established state : 1 OutQ Up/Down State PrefRcv 0 00: 46:06 Established 1

Run the display tunnel-info all command on the PEs, and you can view that an inter-AS tunnel is established. Take PE1 as an example:
<PE1> display tunnel-info all * -> Allocated VC Token Tunnel ID Type Destination Token ---------------------------------------------------------------------0x6002015 lsp 2.2.2.2 21 0x6002024 lsp 4.4.4.4 36

5.

Configure VSIs on the PEs and configure the CEs to access the VISs. Enable MPLS L2VPN on the PEs, configure VSIs on the PEs, and bind the VSIs to the AC interfaces. Configure the IP addresses of the same network segment on the CE1 access interfaces and the CE2 access interfaces. # Configure PE1.
[PE1] vsi v1 auto [PE1-vsi-v1] pwsignal bgp [PE1-vsi-v1-bgp] route-distinguisher 100:1 [PE1-vsi-v1-bgp] vpn-target 1:1 import-extcommunity [PE1-vsi-v1-bgp] vpn-target 1:1 export-extcommunity [PE1-vsi-v1-bgp] site 1 range 5 default-offset 0 [PE1-vsi-v1-bgp] quit

7-154

Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd.

Issue 03 (2008-09-22)

Quidway NetEngine80E/40E Core Router Configuration Guide - VPN


[PE1-vsi-v1] quit [PE1] interface gigabitethernet1/0/0.1 [PE1-GigabitEthernet1/0/0.1] shutdown [PE1-GigabitEthernet1/0/0.1] vlan-type dot1q 10 [PE1-GigabitEthernet1/0/0.1] l2 binding vsi v1 [PE1-GigabitEthernet1/0/0.1] undo shutdown [PE1-GigabitEthernet1/0/0.1] quit

7 VPLS Configuration

# Configure PE2.
[PE2] vsi v1 auto [PE2-vsi-v1] pwsignal bgp [PE2-vsi-v1-bgp] route-distinguisher 200:1 [PE2-vsi-v1-bgp] vpn-target 1:1 import-extcommunity [PE2-vsi-v1-bgp] vpn-target 1:1 export-extcommunity [PE2-vsi-v1-bgp] site 2 range 5 default-offset 0 [PE2-vsi-v1-bgp] quit [PE2-vsi-v1] quit [PE2] interface gigabitethernet2/0/0.1 [PE2-GigabitEthernet2/0/0.1] shutdown [PE2-GigabitEthernet2/0/0.1] vlan-type dot1q 10 [PE2-GigabitEthernet2/0/0.1] l2 binding vsi v1 [PE2-GigabitEthernet2/0/0.1] undo shutdown [PE2-GigabitEthernet2/0/0.1] quit

# Configure CE1.
[CE1] interface gigabitethernet1/0/0.1 [CE1-GigabitEthernet1/0/0.1] shutdown [CE1-GigabitEthernet1/0/0.1] vlan-type dot1q 10 [CE1-GigabitEthernet1/0/0.1] ip address 10.1.1.1 24 [CE1-GigabitEthernet1/0/0.1] undo shutdown [CE1-GigabitEthernet1/0/0.1] quit

# Configure CE2.
[CE2] interface gigabitethernet1/0/0.1 [CE2-GigabitEthernet1/0/0.1] shutdown [CE2-GigabitEthernet1/0/0.1] vlan-type dot1q 10 [CE2-GigabitEthernet1/0/0.1] ip address 10.1.1.2 24 [CE2-GigabitEthernet1/0/0.1] undo shutdown [CE2-GigabitEthernet1/0/0.1] quit

6.

Verify the configuration. Run the display vsi verbose command on the PEs, and you can view that the VSI status is Up, the status of the PW to the peer PE is Up, and the tunnel of the PW is the established inter-AS LSP. Take PE1 as an example:
<PE1> display vsi name v1 verbose ***VSI Name : v1 Administrator VSI : no Isolate Spoken : disable VSI Index : 0 PW Signaling : bgp Member Discovery Style : auto PW MAC Learn Style : unqualify Encapsulation Type : vlan MTU : 1500 Mode : uniform Service Class : -Color : -DomainId : 0 Domain Name : VSI State : up BGP RD : 100:1 SiteID/Range/Offset : 1/5/0 Import vpn target : 1:1, Export vpn target : 1:1, Remote Label Block : 25600/5/0, Local Label Block : 25600/5/0,

Issue 03 (2008-09-22)

Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd.

7-155

7 VPLS Configuration
Interface Name State **PW Information: *Peer Ip Address PW State Local VC Label Remote VC Label PW Type Tunnel ID

Quidway NetEngine80E/40E Core Router Configuration Guide - VPN


: GigabitEthernet1/0/0.1 : up : : : : : : 4.4.4.4 up 25602 25601 label 0x6002024,

Run the display vpls connection bgp command on a PE, and you can view that the VC status of the BGP VPLS is Up.
<PE1> display vpls connection bgp verbose VSI Name: v1 **Remote Site ID : 2 VC State : up RD : 200:1 Encapsulation : vlan MTU : 1500 Peer Ip Address : 4.4.4.4 PW Type : label Local VC Label : 25602 Remote VC Label : 25601 Tunnel Policy : -Tunnel ID : 0x2002001, Remote Label Block : 25600/5/0 Export vpn target : 1:1, Signaling: bgp

CE1 and CE2 can ping through each other.


<CE1> ping 10.1.1.2 PING 10.1.1.2: 56 data bytes, press CTRL_C to break Reply from 10.1.1.2: bytes=56 Sequence=1 ttl=255 time=90 Reply from 10.1.1.2: bytes=56 Sequence=2 ttl=255 time=77 Reply from 10.1.1.2: bytes=56 Sequence=3 ttl=255 time=34 Reply from 10.1.1.2: bytes=56 Sequence=4 ttl=255 time=46 Reply from 10.1.1.2: bytes=56 Sequence=5 ttl=255 time=94 --- 10.1.1.2 ping statistics --5 packet(s) transmitted 5 packet(s) received 0.00% packet loss round-trip min/avg/max = 34/68/94 ms ms ms ms ms ms

Configuration Files
l

Configuration file of CE1


# sysname CE1 # interface GigabitEthernet1/0/0 undo shutdown # interface GigabitEthernet1/0/0.1 undo shutdown vlan-type dot1q 10 ip address 10.1.1.1 255.255.255.0 # return

Configuration file of PE1


# sysname PE1 # mpls lsr-id 1.1.1.1 mpls # mpls l2vpn # vsi v1 auto

7-156

Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd.

Issue 03 (2008-09-22)

Quidway NetEngine80E/40E Core Router Configuration Guide - VPN


pwsignal bgp route-distinguisher 100:1 vpn-target 1:1 import-extcommunity vpn-target 1:1 export-extcommunity site 1 range 5 default-offset 0 # mpls ldp # isis 1 network-entity 10.0000.0000.0001.00 # interface GigabitEthernet1/0/0 undo shutdown # interface GigabitEthernet1/0/0.1 undo shutdown vlan-type dot1q 10 l2 binding vsi v1 # interface Pos2/0/0 link-protocol ppp ip address 100.1.1.1 255.255.255.252 isis enable 1 mpls mpls ldp # interface LoopBack1 ip address 1.1.1.1 255.255.255.255 isis enable 1 # bgp 100 peer 4.4.4.4 as-number 200 peer 4.4.4.4 ebgp-max-hop 255 peer 4.4.4.4 connect-interface LoopBack1 peer 2.2.2.2 as-number 100 peer 2.2.2.2 connect-interface LoopBack1 # ipv4-family unicast undo synchronization peer 4.4.4.4 enable peer 2.2.2.2 enable peer 2.2.2.2 label-route-capability # vpls-family policy vpn-target peer 4.4.4.4 enable # return l

7 VPLS Configuration

Configuration file of ASBR-PE1


# sysname ASBR-PE1 # mpls lsr-id 2.2.2.2 mpls # mpls l2vpn # mpls ldp # isis 1 network-entity 10.0000.0000.0002.00 # interface Pos1/0/0 link-protocol ppp undo shutdown ip address 100.1.1.2 255.255.255.252 isis enable 1 mpls mpls ldp

Issue 03 (2008-09-22)

Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd.

7-157

7 VPLS Configuration

Quidway NetEngine80E/40E Core Router Configuration Guide - VPN


# interface Pos2/0/0 link-protocol ppp undo shutdown ip address 100.2.1.1 255.255.255.252 mpls # interface LoopBack1 ip address 2.2.2.2 255.255.255.255 isis enable 1 # bgp 100 peer 1.1.1.1 as-number 100 peer 1.1.1.1 connect-interface LoopBack1 peer 100.2.1.2 as-number 200 # ipv4-family unicast undo synchronization network 1.1.1.1 255.255.255.255 peer 1.1.1.1 enable peer 1.1.1.1 route-policy policy2 export peer 1.1.1.1 label-route-capability peer 100.2.1.2 enable peer 100.2.1.2 route-policy policy1 export peer 100.2.1.2 label-route-capability # route-policy policy1 permit node 1 apply mpls-label route-policy policy2 permit node 1 if-match mpls-label apply mpls-label # return

Configuration file of ASBR-PE2


# sysname ASBR-PE2 # mpls lsr-id 3.3.3.3 mpls # mpls l2vpn # mpls ldp # isis 1 network-entity 10.0000.0000.0003.00 # interface Pos1/0/0 link-protocol ppp undo shutdown ip address 100.2.1.2 255.255.255.252 mpls # interface Pos2/0/0 link-protocol ppp undo shutdown ip address 100.3.1.1 255.255.255.252 isis enable 1 mpls mpls ldp # interface LoopBack1 ip address 3.3.3.3 255.255.255.255 isis enable 1 # bgp 200 peer 4.4.4.4 as-number 200 peer 4.4.4.4 connect-interface LoopBack1 peer 100.2.1.1 as-number 100

7-158

Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd.

Issue 03 (2008-09-22)

Quidway NetEngine80E/40E Core Router Configuration Guide - VPN


# ipv4-family unicast undo synchronization network 4.4.4.4 255.255.255.255 peer 4.4.4.4 enable peer 4.4.4.4 route-policy policy2 export peer 4.4.4.4 label-route-capability peer 100.2.1.1 enable peer 100.2.1.1 route-policy policy1 export peer 100.2.1.1 label-route-capability # route-policy policy1 permit node 1 apply mpls-label route-policy policy2 permit node 1 if-match mpls-label apply mpls-label # return l

7 VPLS Configuration

Configuration file of PE2


# sysname PE2 # mpls lsr-id 4.4.4.4 mpls # mpls l2vpn # vsi v1 auto pwsignal bgp route-distinguisher 200:1 vpn-target 1:1 import-extcommunity vpn-target 1:1 export-extcommunity site 2 range 5 default-offset 0 # mpls ldp # isis 1 network-entity 10.0000.0000.0004.00 # interface GigabitEthernet2/0/0 undo shutdown # interface GigabitEthernet2/0/0.1 undo shutdown vlan-type dot1q 10 l2 binding vsi v1 # interface Pos1/0/0 link-protocol ppp undo shutdown ip address 100.3.1.2 255.255.255.252 isis enable 1 mpls mpls ldp # interface LoopBack1 ip address 4.4.4.4 255.255.255.255 isis enable 1 # bgp 200 peer 1.1.1.1 as-number 100 peer 1.1.1.1 ebgp-max-hop 255 peer 1.1.1.1 connect-interface LoopBack1 peer 3.3.3.3 as-number 200 peer 3.3.3.3 connect-interface LoopBack1 # ipv4-family unicast undo synchronization peer 1.1.1.1 enable

Issue 03 (2008-09-22)

Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd.

7-159

7 VPLS Configuration
peer 3.3.3.3 enable peer 3.3.3.3 label-route-capability # vpls-family policy vpn-target peer 1.1.1.1 enable # return l

Quidway NetEngine80E/40E Core Router Configuration Guide - VPN

Configuration file of CE2


# sysname CE2 # interface GigabitEthernet1/0/0 undo shutdown # interface GigabitEthernet1/0/0.1 undo shutdown vlan-type dot1q 10 ip address 10.1.1.2 255.255.255.0 # return

7.13.11 Example for Configuring the Inter-AS Martini VPLS Option A


Networking Requirements
As shown in Figure 7-18, the Option A scheme is adopted to establish the inter-AS Martini VPLS. Figure 7-18 Networking diagram of configuring the inter-AS Martini VPLS Option A

AS 100
Loopback1 1.1.1.9/32 POS2/0/0 100.1.1.1/24 Loopback1 2.2.2.9/32 Loopback1 3.3.3.9/32 GE2/0/0.1 GE1/0/0.1

AS 200
Loopback1 4.4.4.9/32

POS2/0/0 200.1.1.1/24 POS1/0/0 200.1.1.2/24 GE2/0/0.1

PE1

POS1/0/0 100.1.1.2/24 GE1/0/0.1

ASBR -PE1

ASBR -PE2

PE2

GE1/0/0.1 10.1.1.1/24

GE1/0/0.1 10.1.1.2/24

CE1

CE2

The MPLS backbone network in an AS uses IS-IS as the IGP protocol.

Configuration Roadmap
The configuration roadmap is as follows:
7-160 Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd. Issue 03 (2008-09-22)

Quidway NetEngine80E/40E Core Router Configuration Guide - VPN

7 VPLS Configuration

1. 2.

Run an IGP protocol on the MPLS backbone network so that the routers in the same AS can communicate with each other. Configure the MPLS capability on the backbone network and establish dynamic LSPs between PEs and ASBR-PEs in the same AS. Establish a remote LDP session if PEs and ASBR PEs are not directly connected. Establish VPLS connections between PEs and ASBR PEs in the same AS.

3.

Data Preparation
To complete the configuration, you need the following data:
l l l l

IS-IS data IP address of the remote peer MPLS LSR IDs on PEs and ASBR PEs VSI ID

Configuration Procedure
1. Configure IGP on the MPLS backbone network. PEs and ASBR PEs on the backbone network can communicate with each other by using IGP. In this example, IS-IS is used as IGP and the configuration procedure is not mentioned. After the configuration, IS-IS neighbor relationship is established between ASBR PEs and PEs in the same AS. Run the display isis peer command, and you can view that the status of IS-IS neighbors is Up, and the PEs can learn loopback addresses from each other. Take PE1 as an example:
<PE1> display isis peer Peer information for ISIS(1) ---------------------------System Id Interface Circuit Id State HoldTime Type 0000.0000.0002 P2/0/0 0000000002 Up 23s L1L2 Total Peer(s): 1 PRI --

ASBR PEs and PEs in the same AS can ping through each other. Take PE1 as an example:
<PE1> ping 2.2.2.9 PING 2.2.2.9: 56 data bytes, press CTRL_C to break Reply from 2.2.2.9: bytes=56 Sequence=1 ttl=255 time=180 ms Reply from 2.2.2.9: bytes=56 Sequence=2 ttl=255 time=90 ms Reply from 2.2.2.9: bytes=56 Sequence=3 ttl=255 time=60 ms Reply from 2.2.2.9: bytes=56 Sequence=4 ttl=255 time=60 ms Reply from 2.2.2.9: bytes=56 Sequence=5 ttl=255 time=100 ms --- 2.2.2.9 ping statistics --5 packet(s) transmitted 5 packet(s) received 0.00% packet loss round-trip min/avg/max = 60/98/180 ms

2.

Enable MPLS and configure dynamic LSPs. Configure the MPLS capability on the MPLS backbone network. Establish a dynamic LDP LSP between the PE and ASBR PE in the same AS. After this step, an LSP tunnel is established between the PE and ASBR PE in the same AS. Take ASBR-PE1 as an example:
<ASBR-PE1> display mpls ldp session

Issue 03 (2008-09-22)

Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd.

7-161

7 VPLS Configuration

Quidway NetEngine80E/40E Core Router Configuration Guide - VPN


LDP Session(s) in Public Network -----------------------------------------------------------------------------Peer-ID Status LAM SsnRole SsnAge KA-Sent/Rcv -----------------------------------------------------------------------------1.1.1.9:0 Operational DU Active 000:00:08 34/34 -----------------------------------------------------------------------------TOTAL: 1 session(s) Found. LAM : Label Advertisement Mode SsnAge Unit : DDD:HH:MM

3.

Enable the MPLS L2VPN on PEs. # Configure PE1.


[PE1] mpls l2vpn

# Configure PE2.
[PE2] mpls l2vpn

# Configure ASBR-PE1.
[ASBR-PE1] mpls l2vpn

# Configure ASBR-PE2.
[ASBR-PE2] mpls l2vpn

4.

Bind VSIs to related interfaces. Configure VSIs on PEs and ASBR PEs respectively and bind the VSIs to the related interfaces. # Configure PE1.
[PE1] vsi a1 static [PE1-vsi-a1] pwsignal ldp [PE1-vsi-a1-ldp] vsi-id 2 [PE1-vsi-a1-ldp] peer 2.2.2.9 [PE1-vsi-a1-ldp] quit [PE1-vsi-a1] quit [PE1] interface gigabitethernet 1/0/0.1 [PE1-GigabitEthernet1/0/0.1] shutdown [PE1-GigabitEthernet1/0/0.1] vlan-type dot1q 10 [PE1-GigabitEthernet1/0/0.1] l2 binding vsi a1 [PE1-GigabitEthernet1/0/0.1] undo shutdown [PE1-GigabitEthernet1/0/0.1] quit

# Configure ASBR-PE1.
[ASBR-PE1] vsi a1 static [ASBR-PE1-vsi-a1] pwsignal ldp [ASBR-PE1-vsi-a1-ldp] vsi-id 2 [ASBR-PE1-vsi-a1-ldp] peer 1.1.1.9 [ASBR-PE1-vsi-a1-ldp] quit [ASBR-PE1-vsi-a1] quit [ASBR-PE1] interface gigabitethernet 2/0/0.1 [ASBR-PE1-GigabitEthernet2/0/0.1] shutdown [ASBR-PE1-GigabitEthernet2/0/0.1] vlan-type dot1q 10 [ASBR-PE1-GigabitEthernet2/0/0.1] l2 binding vsi a1 [ASBR-PE1-GigabitEthernet2/0/0.1] undo shutdown [ASBR-PE1-GigabitEthernet2/0/0.1] quit

# Configure ASBR-PE2.
[ASBR-PE2] vsi a1 static [ASBR-PE2-vsi-a1] pwsignal ldp [ASBR-PE2-vsi-a1-ldp] vsi-id 3 [ASBR-PE2-vsi-a1-ldp] peer 4.4.4.9 [ASBR-PE2-vsi-a1-ldp] quit [ASBR-PE2-vsi-a1] quit [ASBR-PE2] interface gigabitethernet 1/0/0.1 [ASBR-PE2-GigabitEthernet1/0/0.1] shutdown [ASBR-PE2-GigabitEthernet1/0/0.1] vlan-type dot1q 10

7-162

Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd.

Issue 03 (2008-09-22)

Quidway NetEngine80E/40E Core Router Configuration Guide - VPN


[ASBR-PE2-GigabitEthernet1/0/0.1] l2 binding vsi a1 [ASBR-PE2-GigabitEthernet1/0/0.1] undo shutdown [ASBR-PE2-GigabitEthernet1/0/0.1] quit

7 VPLS Configuration

# Configure PE2.
[PE2] vsi a1 static [PE2-vsi-a1] pwsignal ldp [PE2-vsi-a1-ldp] vsi-id 3 [PE2-vsi-a1-ldp] peer 3.3.3.9 [PE2-vsi-a1-ldp] quit [PE2-vsi-a1] quit [PE2] interface gigabitethernet 2/0/0.1 [PE2-GigabitEthernet2/0/0.1] shutdown [PE2-GigabitEthernet2/0/0.1] vlan-type dot1q 10 [PE2-GigabitEthernet2/0/0.1] l2 binding vsi a1 [PE2-GigabitEthernet2/0/0.1] undo shutdown [PE2-GigabitEthernet2/0/0.1] quit

5.

Configure CEs. # Configure CE1.


[CE1] interface gigabitethernet 1/0/0.1 [CE1-GigabitEthernet1/0/0.1] shutdown [CE1-GigabitEthernet1/0/0.1] vlan-type dot1q 10 [CE1-GigabitEthernet1/0/0.1] ip address 10.1.1.1 24 [CE1-GigabitEthernet1/0/0.1] undo shutdown [CE1-GigabitEthernet1/0/0.1] quit

# Configure CE2.
[CE2] interface gigabitethernet 1/0/0.1 [CE2-GigabitEthernet1/0/0.1] shutdown [CE2-GigabitEthernet1/0/0.1] vlan-type dot1q 10 [CE2-GigabitEthernet1/0/0.1] ip address 10.1.1.2 24 [CE2-GigabitEthernet1/0/0.1] undo shutdown [CE2-GigabitEthernet1/0/0.1] quit

6.

Verify the configuration. After the configuration, run the display vsi name verbose command on PE1. You can view that the VSI named a1 establishes a PW to PE2 and the VSI status is Up.
<PE1> display vsi name a1 verbose ***VSI Name : a1 Administrator VSI : no Isolate Spoken : disable VSI Index : 0 PW Signaling : ldp Member Discovery Style : static PW MAC Learn Style : unqualify Encapsulation Type : vlan MTU : 1500 Mode : uniform Service Class : -Color : -DomainId : 0 Domain Name : VSI State : up VSI ID : 2 *Peer Router ID : 2.2.2.9 VC Label : 23552 Peer Type : dynamic Session : up Tunnel ID : 0x2002000, Interface Name : GigabitEthernet1/0/0.1 State : up **PW Information: *Peer Ip Address : 2.2.2.9 PW State : up Local VC Label : 23552 Remote VC Label : 23552 PW Type : label

Issue 03 (2008-09-22)

Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd.

7-163

7 VPLS Configuration
Tunnel ID : 0x2002000,

Quidway NetEngine80E/40E Core Router Configuration Guide - VPN

CE1 and CE2 can ping through each other. Take CE1 as an example:
<CE1> ping 10.1.1.2 PING 10.1.1.2: 56 data bytes, press CTRL_C to break Reply from 10.1.1.2: bytes=56 Sequence=1 ttl=255 time=172 Reply from 10.1.1.2: bytes=56 Sequence=2 ttl=255 time=156 Reply from 10.1.1.2: bytes=56 Sequence=3 ttl=255 time=156 Reply from 10.1.1.2: bytes=56 Sequence=4 ttl=255 time=156 Reply from 10.1.1.2: bytes=56 Sequence=5 ttl=255 time=156 --- 10.1.1.2 ping statistics --5 packet(s) transmitted 5 packet(s) received 0.00% packet loss round-trip min/avg/max = 156/159/172 ms ms ms ms ms ms

Configuration Files
l

Configuration file of CE1


# sysname CE1 # interface GigabitEthernet1/0/0 undo shutdown # interface GigabitEthernet1/0/0.1 undo shutdown vlan-type dot1q 10 ip address 10.1.1.1 255.255.255.0 # return

Configuration file of PE1


# sysname PE1 # mpls lsr-id 1.1.1.9 mpls # mpls l2vpn # vsi a1 static pwsignal ldp vsi-id 2 peer 2.2.2.9 # mpls ldp # isis 1 network-entity 10.0000.0000.0001.00 # interface GigabitEthernet1/0/0 undo shutdown # interface GigabitEthernet1/0/0.1 undo shutdown vlan-type dot1q 10 ip address 10.1.1.2 255.255.255.0 l2 binding vsi a1 # interface Pos2/0/0 link-protocol ppp ip address 100.1.1.1 255.255.255.0 isis enable 1 mpls mpls ldp #

7-164

Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd.

Issue 03 (2008-09-22)

Quidway NetEngine80E/40E Core Router Configuration Guide - VPN


interface LoopBack1 ip address 1.1.1.9 255.255.255.255 isis enable 1 # return l

7 VPLS Configuration

Configuration file of ASBR-PE1


# sysname ASBR-PE1 # mpls lsr-id 2.2.2.9 mpls # mpls l2vpn # vsi a1 static pwsignal ldp vsi-id 2 peer 1.1.1.9 # mpls ldp # isis 1 network-entity 10.0000.0000.0002.00 # interface GigabitEthernet2/0/0 undo shutdown # interface GigabitEthernet2/0/0.1 undo shutdown vlan-type dot1q 10 l2 binding vsi a1 # interface Posl1/0/0 link-protocol ppp undo shutdown ip address 100.1.1.2 255.255.255.0 isis enable 1 mpls mpls ldp # interface LoopBack1 ip address 2.2.2.9 255.255.255.255 isis enable 1 # return

Configuration file of ASBR-PE2


# sysname ASBR-PE2 # mpls lsr-id 3.3.3.9 mpls # mpls l2vpn # vsi a1 static pwsignal ldp vsi-id 3 peer 4.4.4.9 # mpls ldp # isis 1 network-entity 10.0000.0000.0003.00 # interface GigabitEthernet1/0/0 undo shutdown # #

Issue 03 (2008-09-22)

Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd.

7-165

7 VPLS Configuration
interface GigabitEthernet1/0/0.1 undo shutdown vlan-type dot1q 10 l2 binding vsi a1 # interface Pos2/0/0 link-protocol ppp undo shutdown ip address 200.1.1.1 255.255.255.0 isis enable 1 mpls mpls ldp # interface LoopBack1 ip address 3.3.3.9 255.255.255.255 isis enable 1 # return l

Quidway NetEngine80E/40E Core Router Configuration Guide - VPN

Configuration file of PE2


# sysname PE2 # mpls lsr-id 4.4.4.9 mpls # mpls l2vpn # vsi a1 static pwsignal ldp vsi-id 3 peer 3.3.3.9 # mpls ldp # isis 1 network-entity 10.0000.0000.0004.00 # interface GigabitEthernet2/0/0 undo shutdown # # interface GigabitEthernet2/0/0.1 undo shutdown vlan-type dot1q 10 l2 binding vsi a1 # interface Pos1/0/0 link-protocol ppp undo shutdown ip address 200.1.1.2 255.255.255.0 isis enable 1 mpls mpls ldp # interface LoopBack1 ip address 4.4.4.9 255.255.255.255 isis enable 1 # return

Configuration file of CE2


# sysname CE2 # interface GigabitEthernet1/0/0 undo shutdown # interface GigabitEthernet1/0/0.1 undo shutdown

7-166

Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd.

Issue 03 (2008-09-22)

Quidway NetEngine80E/40E Core Router Configuration Guide - VPN


vlan-type dot1q 10 ip address 10.1.1.2 255.255.255.0 # return

7 VPLS Configuration

7.13.12 Example for Configuring Inter-AS Martini VPLS Option C


Networking Requirements
As shown in Figure 7-19, CE1 and CE2 belong to the same VPN, and access the backbone network through PE1 in AS100 and PE2 in AS200 respectively. The multi-hop mode is adopted to establish the inter-AS Martini VPLS. Figure 7-19 Networking diagram of configuring the inter-AS Martini VPLS Option C
BGP/MPLS Backbone AS 100
Loopback1 1.1.1.9/32 POS2/0/0 100.1.1.1/24 Loopback1 2.2.2.9/32 POS2/0/0 100.1.2.1/24

BGP/MPLS Backbone AS 200


Loopback1 3.3.3.9/32 POS2/0/0 100.1.3.1/24 POS1/0/0 100.1.2.2/24 POS1/0/0 100.1.3.2/24 GE2/0/0.1 Loopback1 4.4.4.9/32

PE1

POS1/0/0 100.1.1.2/24 GE1/0/0.1

ASBR -PE1

ASBR -PE2

PE2

GE1/0/0.1 10.1.1.1/24

GE1/0/0.1 10.1.1.2/24

CE1

CE2

Configuration Roadmap
The configuration roadmap is as follows: 1. 2. 3. 4. 5. 6. Run an IGP protocol on the MPLS backbone network so that the routers in the same AS can communicate with each other. Enable MPLS on the backbone network and establish a dynamic LSP tunnel between the PE and the ASBR. Establish IBGP peers between PEs and ASBRs in the same AS and configure the EBGP protocol between ASBR PEs. Configure routing policies on ASBR PEs and enable the labeled route function. Establish MPLS LDP remote peers between PE1 and PE2. Establish a VPLS connection between PE1 and PE2.

Data Preparation
To complete the configuration, you need the following data:
Issue 03 (2008-09-22) Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd. 7-167

7 VPLS Configuration
l l l

Quidway NetEngine80E/40E Core Router Configuration Guide - VPN

IS-IS data IP addresses of peers (IP addresses of the loopback interfaces on the peers) MPLS LSR IDs of the PE and the ASBR PE (IP addresses of the loopback interfaces on the local device) VSI ID Routing policies applied to ASBR PEs IP addresses of the interfaces through which CEs access PEs (IP addresses of the interfaces through which PEs access CEs are not required.)

l l l

Configuration Procedure
1. Configure IGP on the MPLS backbone network. PEs and Ps on the backbone network can communicate with each other by using IGP. The IS-IS protocol is used as IGP in this example. The configuration procedure is not mentioned here. Note that IS-IS must be enabled on the loopback interfaces. After the configuration, IS-IS peers are established between ASBR PEs and PEs in the same AS. Run the display isis peer command, and you can view that the status of the peers is Up. ASBRs and PEs can learn the loopback addresses of each other. Take PE1 as an example:
<PE1> display isis peer Peer information for ISIS(1) ---------------------------System Id Interface Circuit Id State HoldTime Type PRI 0000.0000.0002 P2/0/0 0000000002 Up 25s L1L2 -Total Peer(s): 1 <PE1> display ip routing-table Route Flags: R - relied, D - download to fib -----------------------------------------------------------------------------Routing Tables: Public Destinations : 7 Routes : 7 Destination/Mask Proto Pre Cost Flags NextHop Interface 1.1.1.9/32 Direct 0 0 D 127.0.0.1 InLoopBack0 2.2.2.9/32 ISIS 15 10 D 100.1.1.2 Pos2/0/0 100.1.1.0/24 Direct 0 0 D 100.1.1.1 Pos2/0/0 100.1.1.1/32 Direct 0 0 D 127.0.0.1 InLoopBack0 100.1.1.2/32 Direct 0 0 D 100.1.1.2 Pos2/0/0 127.0.0.0/8 Direct 0 0 D 127.0.0.1 InLoopBack0 127.0.0.1/32 Direct 0 0 D 127.0.0.1 InLoopBack0

The ASBR and the PE in the same AS can ping through each other's Loopback1 address. Take ASBR-PE1 as an example:
<ASBR-PE1> ping 1.1.1.9 PING 1.1.1.9: 56 data bytes, press CTRL_C to break Reply from 1.1.1.9: bytes=56 Sequence=1 ttl=255 time=47 Reply from 1.1.1.9: bytes=56 Sequence=2 ttl=255 time=31 Reply from 1.1.1.9: bytes=56 Sequence=3 ttl=255 time=31 Reply from 1.1.1.9: bytes=56 Sequence=4 ttl=255 time=31 Reply from 1.1.1.9: bytes=56 Sequence=5 ttl=255 time=31 --- 1.1.1.9 ping statistics --5 packet(s) transmitted 5 packet(s) received 0.00% packet loss round-trip min/avg/max = 31/34/47 ms ms ms ms ms ms

2.

Enable MPLS and establish LSPs. Enable MPLS and establish LDP LSPs on ASBR PEs and PEs in the same AS. The configuration procedure is not mentioned here.

7-168

Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd.

Issue 03 (2008-09-22)

Quidway NetEngine80E/40E Core Router Configuration Guide - VPN

7 VPLS Configuration

After the configuration, LDP peers are established between PEs and ASBR PEs in the same AS. Run the display mpls ldp session command, and you can view that the item "Session State" is displayed as "Operational". Take PE1 as an example:
<PE1> display mpls ldp session LDP Session(s) in Public Network -----------------------------------------------------------------------------Peer-ID Status LAM SsnRole SsnAge KA-Sent/Rcv -----------------------------------------------------------------------------2.2.2.9:0 Operational DU Passive 000:00:01 7/7 -----------------------------------------------------------------------------TOTAL: 1 session(s) Found. LAM : Label Advertisement Mode SsnAge Unit : DDD:HH:MM

3.

Configure MP-BGP. Configure MP-IBGP between PE1 and ASBR-PE1, and between PE2 and ASBR-PE2. Configure MP-EBGP between ASBR-PE1 and ASBR-PE2. Loopback1 route of the PE in the same AS must be advertised to the peer ASBR PE. # Configure PE1.
[PE1] bgp [PE1-bgp] [PE1-bgp] [PE1-bgp] [PE1-bgp] 100 peer 2.2.2.9 as-number 100 peer 2.2.2.9 label-route-capability peer 2.2.2.9 connect-interface LoopBack1 quit

# Configure ASBR-PE1. For the routes received from the PE in the same AS and advertised to the peer ASBR PE, the ASBR PE allocates MPLS labels to the routes. For the labeled IPv4 routes advertised to the PE in the same AS, the ASBR PE allocates new MPLS labels to the routes.
[ASBR-PE1] interface pos 2/0/0 [ASBR-PE1-Pos2/0/0] shutdown [ASBR-PE1-Pos2/0/0] mpls [ASBR-PE1-Pos2/0/0] undo shutdown [ASBR-PE1-Pos2/0/0] quit [ASBR-PE1] route-policy policy1 permit node 1 [ASBR-PE1-route-policy] if-match mpls-label [ASBR-PE1-route-policy] apply mpls-label [ASBR-PE1-route-policy] quit [ASBR-PE1] route-policy policy2 permit node 1 [ASBR-PE1-route-policy] apply mpls-label [ASBR-PE1-route-policy] quit [ASBR-PE1] bgp 100 [ASBR-PE1-bgp] network 1.1.1.9 32 [ASBR-PE1-bgp] peer 1.1.1.9 as-number 100 [ASBR-PE1-bgp] peer 1.1.1.9 route-policy policy1 export [ASBR-PE1-bgp] peer 1.1.1.9 label-route-capability [ASBR-PE1-bgp] peer 1.1.1.9 connect-interface loopback1 [ASBR-PE1-bgp] peer 100.1.2.2 as-number 200 [ASBR-PE1-bgp] peer 100.1.2.2 route-policy policy2 export [ASBR-PE1-bgp] peer 100.1.2.2 label-route-capability [ASBR-PE1-bgp] quit

# Configure ASBR-PE2. For the routes received from the PE in the same AS and advertised to the peer ASBR PE, the ASBR PE allocates MPLS labels to the routes. For the labeled IPv4 routes advertised to the PE in the same AS, the ASBR PE allocates new MPLS labels to the routes.
[ASBR-PE2] interface pos 1/0/0 [ASBR-PE2-Pos1/0/0] shutdown [ASBR-PE2-Pos1/0/0] mpls

Issue 03 (2008-09-22)

Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd.

7-169

7 VPLS Configuration

Quidway NetEngine80E/40E Core Router Configuration Guide - VPN


[ASBR-PE2-Pos1/0/0] undo shutdown [ASBR-PE2-Pos1/0/0] quit [ASBR-PE2] route-policy policy1 permit node 1 [ASBR-PE2-route-policy] if-match mpls-label [ASBR-PE2-route-policy] apply mpls-label [ASBR-PE2-route-policy] quit [ASBR-PE2] route-policy policy2 permit node 1 [ASBR-PE2-route-policy] apply mpls-label [ASBR-PE2-route-policy] quit [ASBR-PE2] bgp 200 [ASBR-PE2-bgp] network 4.4.4.9 32 [ASBR-PE2-bgp] peer 4.4.4.9 as-number 200 [ASBR-PE2-bgp] peer 4.4.4.9 route-policy policy1 export [ASBR-PE2-bgp] peer 4.4.4.9 label-route-capability [ASBR-PE2-bgp] peer 4.4.4.9 connect-interface loopback1 ASBR-PE2-bgp] peer 100.1.2.1 as-number 100 [ASBR-PE2-bgp] peer 100.1.2.1 route-policy policy2 export [ASBR-PE2-bgp] peer 100.1.2.1 label-route-capability [ASBR-PE2-bgp] quit

# Configure PE2.
[PE2] bgp [PE2-bgp] [PE2-bgp] [PE2-bgp] [PE2-bgp] 200 peer 3.3.3.9 as-number 200 peer 3.3.3.9 label-route-capability peer 3.3.3.9 connect-interface loopback1 quit

After the configuration, run the display bgp peer command on the ASBR. You can view that the status of the IBGP sessions between the PE and the ASBR PE in the same AS and the status of the EBGP sessions between the ASBR PEs are "Established". Take ASBRPE1 as an example:
<ASBR-PE1> display bgp peer BGP local router ID : 2.2.2.9 Local AS number : 100 Total number of peers : 2 Peer V AS MsgRcvd 1.1.1.9 4 100 10 100.1.2.2 4 200 3 <ASBR-PE1>

MsgSent 11 4

Peers in established state : 2 OutQ Up/Down State PrefRcv 0 00:06:51 Established 0 0 00:00:43 Established 1

4.

Establish remote LDP sessions between PE1 and PE2. # Configure PE1.
[PE1] mpls ldp remote-peer 4.4.4.9 [PE1-mpls-ldp-remote-4.4.4.9] remote-ip 4.4.4.9 [PE1-mpls-ldp-remote-4.4.4.9] quit

# Configure PE2.
[PE2] mpls ldp remote-peer 1.1.1.9 [PE2-mpls-ldp-remote-1.1.1.9] remote-ip 1.1.1.9 [PE2-mpls-ldp-remote-1.1.1.9] quit

After the configuration, LDP peers are established between the PE and the ASBR in different ASs. Run the display mpls ldp session command on a PE, and you can view that the item "Session State" is displayed as "Operational". Take PE1 as an example:
<PE1> display mpls ldp session LDP Session(s) in Public Network -----------------------------------------------------------------------------Peer-ID Status LAM SsnRole SsnAge KA-Sent/Rcv -----------------------------------------------------------------------------2.2.2.9:0 Operational DU Passive 000:00:31 125/125 4.4.4.9:0 Operational DU Passive 000:00:05 21/21 ------------------------------------------------------------------------------

7-170

Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd.

Issue 03 (2008-09-22)

Quidway NetEngine80E/40E Core Router Configuration Guide - VPN


TOTAL: 2 session(s) Found. LAM : Label Advertisement Mode

7 VPLS Configuration

SsnAge Unit : DDD:HH:MM

5.

Enable the MPLS L2VPN on PEs. # Configure PE1.


[PE1] mpls l2vpn

# Configure PE2.
[PE2] mpls l2vpn

6.

Bind VSIs to related interfaces. Configure VSIs on PEs and bind the VSIs to the related interfaces. # Configure PE1.
[PE1] vsi a1 static [PE1-vsi-a1] pwsignal ldp [PE1-vsi-a1-ldp] vsi-id 2 [PE1-vsi-a1-ldp] peer 4.4.4.9 [PE1-vsi-a1-ldp] quit [PE1-vsi-a1] quit [PE1] interface gigabitethernet 1/0/0.1 [PE1-GigabitEthernet1/0/0.1] shutdown [PE1-GigabitEthernet1/0/0.1] vlan-type dot1q 10 [PE1-GigabitEthernet1/0/0.1] l2 binding vsi a1 [PE1-GigabitEthernet1/0/0.1] undo shutdown [PE1-GigabitEthernet1/0/0.1] quit

# Configure PE2.
[PE2] vsi a1 static [PE2-vsi-a1] pwsignal ldp [PE2-vsi-a1-ldp] vsi-id 2 [PE2-vsi-a1-ldp] peer 1.1.1.9 [PE2-vsi-a1-ldp] quit [PE2-vsi-a1] quit [PE2] interface gigabitethernet 2/0/0.1 [PE2-GigabitEthernet2/0/0.1] shutdown [PE2-GigabitEthernet2/0/0.1] vlan-type dot1q 10 [PE2-GigabitEthernet2/0/0.1] l2 binding vsi a1 [PE2-GigabitEthernet2/0/0.1] undo shutdown [PE2-GigabitEthernet2/0/0.1] quit

7.

Configure CEs. # Configure CE1.


[CE1] interface gigabitethernet 1/0/0.1 [CE1-GigabitEthernet1/0/0.1] shutdown [CE1-GigabitEthernet1/0/0.1] vlan-type dot1q 10 [CE1-GigabitEthernet1/0/0.1] ip address 10.1.1.1 24 [CE1-GigabitEthernet1/0/0.1] undo shutdown [CE1-GigabitEthernet1/0/0.1] quit

# Configure CE2.
[CE2] interface gigabitethernet 1/0/0.1 [CE2-GigabitEthernet1/0/0.1] shutdown [CE2-GigabitEthernet1/0/0.1] vlan-type dot1q 10 [CE2-GigabitEthernet1/0/0.1] ip address 10.1.1.2 24 [CE2-GigabitEthernet1/0/0.1] undo shutdown [CE2-GigabitEthernet1/0/0.1] quit

8.

Verify the configuration. After the configuration, run the display vsi name verbose command on PE1. You can view that the VSI named a1 establishes a PW to PE2 and the VSI status is Up.
<PE1> display vsi name a1 verbose ***VSI Name : a1 Administrator VSI : no Isolate Spoken : disable VSI Index : 0

Issue 03 (2008-09-22)

Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd.

7-171

7 VPLS Configuration
PW Signaling Member Discovery Style PW MAC Learn Style Encapsulation Type MTU Mode Service Class Color DomainId Domain Name VSI State VSI ID *Peer Router ID VC Label Peer Type Session Tunnel ID Interface Name State **PW Information: *Peer Ip Address PW State Local VC Label Remote VC Label PW Type Tunnel ID : : : : : : : : : : : : : : : : : : : : : : : : : ldp static unqualify vlan 1500 uniform --0

Quidway NetEngine80E/40E Core Router Configuration Guide - VPN

up 2 4.4.4.9 23552 dynamic up 0x2002001, GigabitEthernet1/0/0.1 up 4.4.4.9 up 23552 23552 label 0x2002001,

CE1 and CE2 can ping through each other. Take CE1 as an example:
<CE1> ping 10.1.1.2 PING 10.1.1.2: 56 data bytes, press CTRL_C to break Reply from 10.1.1.2: bytes=56 Sequence=1 ttl=255 time=172 Reply from 10.1.1.2: bytes=56 Sequence=2 ttl=255 time=156 Reply from 10.1.1.2: bytes=56 Sequence=3 ttl=255 time=156 Reply from 10.1.1.2: bytes=56 Sequence=4 ttl=255 time=156 Reply from 10.1.1.2: bytes=56 Sequence=5 ttl=255 time=156 --- 10.1.1.2 ping statistics --5 packet(s) transmitted 5 packet(s) received 0.00% packet loss round-trip min/avg/max = 156/159/172 ms ms ms ms ms ms

Configuration Files
l

Configuration file of CE1


# sysname CE1 # interface GigabitEthernet1/0/0 undo shutdown # interface GigabitEthernet1/0/0.1 undo shutdown vlan-type dot1q 10 ip address 10.1.1.1 255.255.255.0 # return

Configuration file of PE1


# sysname PE1 # mpls lsr-id 1.1.1.9 mpls # mpls l2vpn # vsi a1 static

7-172

Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd.

Issue 03 (2008-09-22)

Quidway NetEngine80E/40E Core Router Configuration Guide - VPN


pwsignal ldp vsi-id 2 peer 4.4.4.9 # mpls ldp # mpls ldp remote-peer 4.4.4.9 remote-ip 4.4.4.9 # isis 1 network-entity 10.0000.0000.0001.00 # interface GigabitEthernet1/0/0 undo shutdown # interface GigabitEthernet1/0/0.1 undo shutdown vlan-type dot1q 10 l2 binding vsi a1 # interface Pos2/0/0 link-protocol ppp undo shutdown ip address 100.1.1.1 255.255.255.0 isis enable 1 mpls mpls ldp # interface LoopBack1 ip address 1.1.1.9 255.255.255.255 isis enable 1 # bgp 100 peer 2.2.2.9 as-number 100 peer 2.2.2.9 connect-interface LoopBack1 # ipv4-family unicast undo synchronization peer 2.2.2.9 enable peer 2.2.2.9 label-route-capability # return l

7 VPLS Configuration

Configuration file of ASBR-PE1


# sysname ASBR-PE1 # mpls lsr-id 2.2.2.9 mpls # mpls ldp # isis 1 network-entity 10.0000.0000.0002.00 # interface Pos1/0/0 link-protocol ppp undo shutdown ip address 100.1.1.2 255.255.255.0 isis enable 1 mpls mpls ldp # interface Pos2/0/0 link-protocol ppp undo shutdown ip address 100.1.2.1 255.255.255.0 mpls # interface LoopBack1

Issue 03 (2008-09-22)

Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd.

7-173

7 VPLS Configuration

Quidway NetEngine80E/40E Core Router Configuration Guide - VPN


ip address 2.2.2.9 255.255.255.255 isis enable 1 # bgp 100 peer 1.1.1.9 as-number 100 peer 1.1.1.9 connect-interface LoopBack1 peer 100.1.2.2 as-number 200 # ipv4-family unicast undo synchronization network 1.1.1.9 255.255.255.255 peer 1.1.1.9 enable peer 1.1.1.9 route-policy policy1 export peer 1.1.1.9 label-route-capability peer 100.1.2.2 enable peer 100.1.2.2 route-policy policy2 export peer 100.1.2.2 label-route-capability # route-policy policy1 permit node 1 if-match mpls-label apply mpls-label route-policy policy2 permit node 1 apply mpls-label # return

Configuration file of ASBR-PE2


# sysname ASBR-PE2 # mpls lsr-id 3.3.3.9 mpls # mpls ldp # isis 1 network-entity 10.0000.0000.0003.00 # interface Pos1/0/0 link-protocol ppp undo shutdown ip address 100.1.2.2 255.255.255.0 mpls # interface Pos2/0/0 link-protocol ppp undo shutdown ip address 100.1.3.1 255.255.255.0 isis enable 1 mpls mpls ldp # interface LoopBack1 ip address 3.3.3.9 255.255.255.255 isis enable 1 # bgp 200 peer 4.4.4.9 as-number 200 peer 4.4.4.9 connect-interface LoopBack1 peer 100.1.2.1 as-number 100 # ipv4-family unicast undo synchronization network 4.4.4.9 255.255.255.255 peer 4.4.4.9 enable peer 4.4.4.9 route-policy policy1 export peer 4.4.4.9 label-route-capability peer 100.1.2.1 enable peer 100.1.2.1 route-policy policy2 export peer 100.1.2.1 label-route-capability

7-174

Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd.

Issue 03 (2008-09-22)

Quidway NetEngine80E/40E Core Router Configuration Guide - VPN


# route-policy policy1 permit node 1 if-match mpls-label apply mpls-label route-policy policy2 permit node 1 apply mpls-label # return l

7 VPLS Configuration

Configuration file of PE2


# sysname PE2 # mpls lsr-id 4.4.4.9 mpls # mpls l2vpn # vsi a1 static pwsignal ldp vsi-id 2 peer 1.1.1.9 # mpls ldp # mpls ldp remote-peer 1.1.1.9 remote-ip 1.1.1.9 # isis 1 network-entity 10.0000.0000.0004.00 # interface GigabitEthernet2/0/0 undo shutdown # interface GigabitEthernet2/0/0.1 undo shutdown vlan-type dot1q 10 l2 binding vsi a1 # interface Pos1/0/0 link-protocol ppp undo shutdown ip address 100.1.3.2 255.255.255.0 isis enable 1 mpls mpls ldp # interface LoopBack1 ip address 4.4.4.9 255.255.255.255 isis enable 1 # bgp 200 peer 3.3.3.9 as-number 200 peer 3.3.3.9 connect-interface LoopBack1 # ipv4-family unicast undo synchronization peer 3.3.3.9 enable peer 3.3.3.9 label-route-capability # return

Configuration file of CE2


# sysname CE2 # interface GigabitEthernet1/0/0 undo shutdown # interface GigabitEthernet1/0/0.1

Issue 03 (2008-09-22)

Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd.

7-175

7 VPLS Configuration
undo shutdown vlan-type dot1q 10 ip address 10.1.1.2 255.255.255.0 # return

Quidway NetEngine80E/40E Core Router Configuration Guide - VPN

7.13.13 Example for Configuring Dual-homed Kompella VPLS


Networking Requirements
As shown in Figure 7-20, CE1 and CE2 belong to the same VPLS. CE1 access the backbone network through PE1 and an RR, and CE2 accesses the backbone network through PE2. RR is a route reflector, and PE1 and PE2 are the client PEs of the RR. It is required that CE1 and CE2 can communicate with each other, CE1-PE1-RR-PE2-CE2 acts as a main path, and CE1-RR-PE2-CE2 acts as a backup path. Figure 7-20 Networking diagram of configuring dual-homed Kompella VPLS
Loopback1 1.1.1.1/32 POS2/0/0 100.1.1.1/30 Loopback1 2.2.2.2/32 POS1/0/0 100.1.1.2/30 GE3/0/0 POS2/0/0 POS1/0/0 100.2.1.1/30 100.2.1.2/30 Loopback1 3.3.3.3/32

PE1
GE1/0/0

PE2

RR

GE2/0/0

VLAN10 VLAN10
Vlanif10 10.1.1.1/24 GE1/0/0 GE2/0/0 GE1/0/0 10.1.1.2/24

CE2 CE1

Configuration Roadmap
The configuration roadmap is as follows: 1. 2. 3. 4. 5. Run IGP on the backbone network to enable PE1, RR, and PE2 to communicate. Establish an LSP tunnel between PE1 and PE2, and between RR and PE2 respectively. Establish MP IBGP peer relationship between PE1 and RR, and between PE2 and RR respectively. Configure route reflection on RR. Configure VSIs on PE1, RR, and PE2 and bind the VSIs to the interfaces on the AC side. Increase the multi-homed preference of the VSI on PE1 to enable BGP to preferentially select the label block of this VSI.

Data Preparation
To complete the configuration, you need the following data:
7-176 Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd. Issue 03 (2008-09-22)

Quidway NetEngine80E/40E Core Router Configuration Guide - VPN


l l

7 VPLS Configuration

IS-IS data MPLS LSR IDs of PE1, RR, and PE2 (IP addresses of the loopback interfaces on the local device) CE ID and CE range IP addresses of the AC interfaces on CEs (IP addresses of the AC interfaces on PEs are not required.)

l l

Configuration Procedure
1. Configure IGP on the MPLS backbone network. PE1, RR, and PE2 on the backbone network can communicate by using IGP. The IS-IS protocol is used as IGP in this example. The configuration procedure is not mentioned here. Note that IS-IS must be enabled on Loopback1. After the configuration, PE1, RR, and PE2 can learn loopback addresses from each other. Take PE1 as an example:
<PE1> display ip routing-table Route Flags: R - relied, D - download to fib -----------------------------------------------------------------------------Routing Tables: Public Destinations : 9 Routes : 9 Destination/Mask Proto Pre Cost Flags NextHop Interface 1.1.1.1/32 Direct 0 0 D 127.0.0.1 InLoopBack0 2.2.2.2/32 ISIS 15 10 D 100.1.1.2 Pos2/0/0 3.3.3.3/32 ISIS 15 20 D 100.1.1.2 Pos2/0/0 100.1.1.0/30 Direct 0 0 D 100.1.1.1 Pos2/0/0 100.1.1.1/32 Direct 0 0 D 127.0.0.1 InLoopBack0 100.1.1.2/32 Direct 0 0 D 100.1.1.2 Pos2/0/0 100.2.1.0/30 ISIS 15 20 D 100.1.1.2 Pos2/0/0 127.0.0.0/8 Direct 0 0 D 127.0.0.1 InLoopBack0 127.0.0.1/32 Direct 0 0 D 127.0.0.1 InLoopBack0

PE1, RR, and PE2 can ping through each other's Loopback1 address. 2. Enable MPLS and MPLS LDP, and establish tunnels. Enable MPLS and MPLS LDP on PE1, RR, PE2, the interfaces through which PE1 is connected to RR, and the interfaces through which RR is connected to PE2 to establish LSPs. The configuration procedure is not mentioned here. After the configuration, run the display mpls lsp command on each device. You can view that LSPs exist between each pair of routers. Take PE1 as an example:
<PE1> display mpls lsp ---------------------------------------------------------------------LSP Information: LDP LSP ---------------------------------------------------------------------FEC In/Out Label In/Out IF Vrf Name 1.1.1.1/32 3/NULL -/2.2.2.2/32 NULL/3 -/P2/0/0 3.3.3.3/32 NULL/1025 -/P2/0/0

3.

Configure MP EBGP connections. # Establish the MP IBGP connection and enable BGP VPLS. # Configure PE1.
<PE1> system-view [PE1] bgp 100

Issue 03 (2008-09-22)

Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd.

7-177

7 VPLS Configuration

Quidway NetEngine80E/40E Core Router Configuration Guide - VPN


[PE1-bgp] peer 2.2.2.2 as-number 100 [PE1-bgp] peer 2.2.2.2 connect-interface loopback 1 [PE1-bgp] vpls-family [PE1-bgp-af-vpls] peer 2.2.2.2 enable

# Configure RR.
<RR> system-view [RR] bgp 100 [RR-bgp] peer 1.1.1.1 [RR-bgp] peer 3.3.3.3 [RR-bgp] peer 1.1.1.1 [RR-bgp] peer 3.3.3.3 [RR-bgp] vpls-family [RR-bgp-af-vpls] peer [RR-bgp-af-vpls] peer as-number 100 as-number 100 connect-interface loopback 1 connect-interface loopback 1 1.1.1.1 enable 3.3.3.3 enable

# Configure PE2.
<PE2> system-view [PE2] bgp 100 [PE2-bgp] peer 2.2.2.2 as-number 100 [PE2-bgp] peer 2.2.2.2 connect-interface loopback 1 [PE2-bgp] vpls-family [PE2-bgp-af-vpls] peer 2.2.2.2 enable

After this step, run the display bgp vpls peer command on the PEs or RR. You can view that the status of the MP IBGP peers is "Established". Take RR as an example:
<RR> display bgp vpls peer BGP local router ID : 2.2.2.2 Local AS number : 100 Total number of peers : 2 Peer V AS MsgRcvd 1.1.1.1 4 100 8 3.3.3.3 4 100 7

MsgSent 8 8

Peers in established state : 2 OutQ Up/Down State PrefRcv 0 00:05:30 Established 0 0 00:04:13 Established 0

4.

Configure route reflection on RR. # Configure RR.


[RR] bgp 100 [RR-bgp] vpls-family [RR-bgp-af-vpls] reflector cluster-id 100 [RR-bgp-af-vpls] peer 1.1.1.1 reflect-client [RR-bgp-af-vpls] peer 3.3.3.3 reflect-client [RR-bgp-af-vpls] undo policy vpn-target

5.

Enable MPLS L2VPN on PE1, RR, and PE2. # Configure PE1.


[PE1] mpls l2vpn

# Configure RR.
[RR] mpls l2vpn

# Configure PE2.
[PE2] mpls l2vpn

6.

Configure VSIs on PE1, RR, and PE2 and bind the VSIs to VLANIF interfaces. # Configure PE1.
[PE1] vsi v1 auto [PE1-vsi-v1] pwsignal bgp [PE1-vsi-v1-bgp] route-distinguisher 100:1 [PE1-vsi-v1-bgp] vpn-target 1:1 import-extcommunity [PE1-vsi-v1-bgp] vpn-target 1:1 export-extcommunity [PE1-vsi-v1-bgp] site 1 range 5 default-offset 0 [PE1-vsi-v1-bgp] quit [PE1-vsi-v1] quit [PE1] interface gigabitethernet1/0/0 [PE1-GigabitEthernet1/0/0] shutdown

7-178

Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd.

Issue 03 (2008-09-22)

Quidway NetEngine80E/40E Core Router Configuration Guide - VPN


[PE1-GigabitEthernet1/0/0] portswitch [PE1-GigabitEthernet1/0/0] undo shutdown [PE1-GigabitEthernet1/0/0] quit [PE1] vlan 10 [PE1-vlan10] port gigabitethernet1/0/0 [PE1-vlan10] quit [PE1] interface vlanif 10 [PE1-Vlanif10] shutdown [PE1-Vlanif10] l2 binding vsi v1 [PE1-Vlanif10] undo shutdown [RE1-Vlanif10] quit

7 VPLS Configuration

# Configure RR.
[RR] vsi v1 auto [RR-vsi-v1] pwsignal bgp [RR-vsi-v1-bgp] route-distinguisher 100:1 [RR-vsi-v1-bgp] vpn-target 1:1 import-extcommunity [RR-vsi-v1-bgp] vpn-target 1:1 export-extcommunity [RR-vsi-v1-bgp] site 1 range 5 default-offset 0 [RR-vsi-v1-bgp] quit [RR-vsi-v1] quit [RR] interface gigabitethernet3/0/0 [RR-GigabitEthernet3/0/0] shutdown [RR-GigabitEthernet3/0/0] portswitch [RR-GigabitEthernet3/0/0] undo shutdown [RR-GigabitEthernet3/0/0] quit [RR] vlan 10 [RR-vlan10] port gigabitethernet3/0/0 [RR-vlan10] quit [RR] interface vlanif 10 [RR-Vlanif10] shutdown [RR-Vlanif10] l2 binding vsi v1 [RR-Vlanif10] undo shutdown [RR-Vlanif10] quit

# Configure PE2.
[PE2] vsi v1 auto [PE2-vsi-v1] pwsignal bgp [PE2-vsi-v1-bgp] route-distinguisher 100:2 [PE2-vsi-v1-bgp] vpn-target 1:1 import-extcommunity [PE2-vsi-v1-bgp] vpn-target 1:1 export-extcommunity [PE2-vsi-v1-bgp] site 2 range 5 default-offset 0 [PE2-vsi-v1-bgp] quit [PE2-vsi-v1] quit [PE2] interface gigabitethernet2/0/0 [PE2-GigabitEthernet2/0/0] shutdown [PE2-GigabitEthernet2/0/0] portswitch [PE2-GigabitEthernet2/0/0] undo shutdown [PE2-GigabitEthernet2/0/0] quit [PE2] vlan 10 [PE2-vlan10] port gigabitethernet2/0/0 [PE2-vlan10] quit [PE2] interface vlanif 10 [PE2-Vlanif10] shutdown [PE2-Vlanif10] l2 binding vsi v1 [PE2-Vlanif10] undo shutdown [PE2-Vlanif10] quit

After the configuration, run the display bgp vpls all command on PEs or RR. You can view information about the local and remote label blocks of the VPLS. RR preferentially selects the local label block.
<RR> display bgp vpls all BGP Local Router ID : 2.2.2.2, Local AS Number : 100 Status codes : * - active, > - best BGP.VPLS : 3 Label Blocks ------------------------------------------------------------------------------Route Distinguisher: 100:1 SiteID Offset NextHop Range LabBase TunnelID FromPeer MHPref

Issue 03 (2008-09-22)

Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd.

7-179

7 VPLS Configuration

Quidway NetEngine80E/40E Core Router Configuration Guide - VPN


------------------------------------------------------------------------------> 1 0 0.0.0.0 5 25600 0x0 0.0.0.0 0 1 0 1.1.1.1 5 25600 0x0 1.1.1.1 0 ------------------------------------------------------------------------------Route Distinguisher: 100:2 SiteID Offset NextHop Range LabBase TunnelID FromPeer MHPref ------------------------------------------------------------------------------*> 2 0 3.3.3.3 5 25600 0x0 3.3.3.3 0

7.

Modify the multi-homed preference of the VSI. # Increase the multi-homed preference of the VSI on PE1 to enable BGP to preferentially select the label block advertised by PE1.
[PE1] vsi v1 [PE1-vsi-v1] multi-homing-preference 10

After the configuration, run the display bgp vpls all command on RR. You can view that RR preferentially selects the label block advertised by PE1.
<RR> display bgp vpls all BGP Local Router ID : 2.2.2.2, Local AS Number : 100 Status codes : * - active, > - best BGP.VPLS : 3 Label Blocks ------------------------------------------------------------------------------Route Distinguisher: 100:1 SiteID Offset NextHop Range LabBase TunnelID FromPeer MHPref ------------------------------------------------------------------------------1 0 0.0.0.0 5 25600 0x0 0.0.0.0 0 *> 1 0 1.1.1.1 5 25600 0x0 1.1.1.1 10 ------------------------------------------------------------------------------Route Distinguisher: 100:2 SiteID Offset NextHop Range LabBase TunnelID FromPeer MHPref ------------------------------------------------------------------------------*> 2 0 3.3.3.3 5 25600 0x0 3.3.3.3 0

Run the display bgp vpls all command on PE2, and you can view that the remote label block of PE2 is advertised by PE1.
<PE2> display bgp vpls all BGP Local Router ID : 3.3.3.3, Local AS Number : 100 Status codes : * - active, > - best BGP.VPLS : 2 Label Blocks ------------------------------------------------------------------------------Route Distinguisher: 100:1 SiteID Offset NextHop Range LabBase TunnelID FromPeer MHPref ------------------------------------------------------------------------------*> 1 0 1.1.1.1 5 25600 0x0 2.2.2.2 10 ------------------------------------------------------------------------------Route Distinguisher: 100:2 SiteID Offset NextHop Range LabBase TunnelID FromPeer MHPref ------------------------------------------------------------------------------> 2 0 0.0.0.0 5 25600 0x0 0.0.0.0 0

8.

Configure CEs. # Configure CE1.


[CE1] interface gigabitethernet1/0/0 [CE1-GigabitEthernet1/0/0] shutdown [CE1-GigabitEthernet1/0/0] portswitch [CE1-GigabitEthernet1/0/0] undo shutdown

7-180

Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd.

Issue 03 (2008-09-22)

Quidway NetEngine80E/40E Core Router Configuration Guide - VPN


[CE1-GigabitEthernet1/0/0] quit [CE1] interface gigabitethernet2/0/0 [CE1-GigabitEthernet2/0/0] shutdown [CE1-GigabitEthernet2/0/0] portswitch [CE1-GigabitEthernet2/0/0] undo shutdown [CE1-GigabitEthernet2/0/0] quit [CE1] vlan 10 [CE1-vlan10] port gigabitethernet 1/0/0 [CE1-vlan10] port gigabitethernet 2/0/0 [CE1-vlan10] quit [CE1] interface vlanif 10 [CE1-Vlanif10] shutdown [CE1-Vlanif10] ip address 10.1.1.1 24 [CE1-Vlanif10] undo shutdown [CE1-Vlanif10] quit

7 VPLS Configuration

# Configure CE2.
[CE2] interface gigabitethernet1/0/0 [CE2-GigabitEthernet1/0/0] shutdown [CE2-GigabitEthernet1/0/0] portswitch [CE2-GigabitEthernet1/0/0] undo shutdown [CE2-GigabitEthernet1/0/0] quit [CE2] vlan 10 [CE2-vlan10] port gigabitethernet1/0/0 [CE2-vlan10] quit [CE2] interface vlanif 10 [CE2-Vlanif10] shutdown [CE2-Vlanif10] ip address 10.1.1.1 24 [CE2-Vlanif10] undo shutdown [CE2-Vlanif10] quit

9.

Verify the configuration. Run the display vpls connection bgp command on PE1 and RR to view information about VPLS connections, and you can view that the VC status on PE1 is Up.
<PE1> display vpls connection bgp verbose VSI Name: v1 **Remote Site ID : 2 VC State : up RD : 100:2 Encapsulation : vlan MTU : 1500 Peer Ip Address : 3.3.3.3 PW Type : label Local VC Label : 25602 Remote VC Label : 25601 Tunnel Policy : -Tunnel ID : 0x2002001, Remote Label Block : 25600/5/0 Export vpn target : 1:1, Signaling: bgp

The display on RR is null.


<RR> display vpls connection bgp

This indicates that PE1 is the active PE and RR is the standby PE. Run the ping command on CEs, and you can find that CE1 and CE2 can ping through each other.
<CE1> ping 10.1.1.2 PING 10.1.1.2: 56 data bytes, press CTRL_C to break Reply from 10.1.1.2: bytes=56 Sequence=1 ttl=255 time=90 Reply from 10.1.1.2: bytes=56 Sequence=2 ttl=255 time=77 Reply from 10.1.1.2: bytes=56 Sequence=3 ttl=255 time=34 Reply from 10.1.1.2: bytes=56 Sequence=4 ttl=255 time=46 Reply from 10.1.1.2: bytes=56 Sequence=5 ttl=255 time=94 --- 10.1.1.2 ping statistics --5 packet(s) transmitted 5 packet(s) received 0.00% packet loss ms ms ms ms ms

Issue 03 (2008-09-22)

Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd.

7-181

7 VPLS Configuration
round-trip min/avg/max = 34/68/94 ms

Quidway NetEngine80E/40E Core Router Configuration Guide - VPN

Configuration Files
l

Configuration file of CE1


# sysname CE1 # vlan batch 10 # interface Vlanif10 undo shutdown ip address 10.1.1.1 255.255.255.0 # interface GigabitEthernet1/0/0 undo shutdown portswitch port default vlan 10 # interface GigabitEthernet2/0/0 undo shutdown portswitch port default vlan 10 # return

Configuration file of PE1


# sysname PE1 # vlan batch 10 # mpls lsr-id 1.1.1.1 mpls # mpls l2vpn # vsi v1 auto pwsignal bgp route-distinguisher 100:1 vpn-target 1:1 import-extcommunity vpn-target 1:1 export-extcommunity site 1 range 5 default-offset 0 multi-homing-preference 10 # mpls ldp # isis 1 network-entity 10.0000.0000.0001.00 # interface Vlanif10 undo shutdown l2 binding vsi v1 # interface GigabitEthernet1/0/0 undo shutdown portswitch port default vlan 10 # interface Pos2/0/0 link-protocol ppp undo shutdown ip address 100.1.1.1 255.255.255.252 isis enable 1 mpls mpls ldp # interface LoopBack1 ip address 1.1.1.1 255.255.255.255

7-182

Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd.

Issue 03 (2008-09-22)

Quidway NetEngine80E/40E Core Router Configuration Guide - VPN


isis enable 1 # bgp 100 peer 2.2.2.2 as-number 100 peer 2.2.2.2 connect-interface LoopBack1 # ipv4-family unicast undo synchronization peer 2.2.2.2 enable # vpls-family policy vpn-target peer 2.2.2.2 enable # return l

7 VPLS Configuration

Configuration file of RR
# sysname RR # vlan batch 10 # mpls lsr-id 2.2.2.2 mpls # mpls l2vpn # vsi v1 auto pwsignal bgp route-distinguisher 100:1 vpn-target 1:1 import-extcommunity vpn-target 1:1 export-extcommunity site 1 range 5 default-offset 0 # mpls ldp # isis 1 network-entity 10.0000.0000.0002.00 # interface Vlanif10 undo shutdown l2 binding vsi v1 # interface GigabitEthernet3/0/0 undo shutdown portswitch port default vlan 10 # interface Pos1/0/0 link-protocol ppp undo shutdown ip address 100.1.1.2 255.255.255.252 isis enable 1 mpls mpls ldp # interface Pos2/0/0 link-protocol ppp undo shutdown ip address 100.2.1.1 255.255.255.252 isis enable 1 mpls mpls ldp # interface LoopBack1 ip address 2.2.2.2 255.255.255.255 isis enable 1 # bgp 100 peer 1.1.1.1 as-number 100

Issue 03 (2008-09-22)

Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd.

7-183

7 VPLS Configuration
peer 3.3.3.3 as-number 100 peer 1.1.1.1 connect-interface LoopBack1 peer 3.3.3.3 connect-interface LoopBack1 # ipv4-family unicast undo synchronization peer 1.1.1.1 enable peer 3.3.3.3 enable # vpls-family undo policy vpn-target reflector cluster-id 100 peer 1.1.1.1 reflect-client peer 1.1.1.1 enable peer 3.3.3.3 reflect-client peer 3.3.3.3 enable # return l

Quidway NetEngine80E/40E Core Router Configuration Guide - VPN

Configuration file of PE2


# sysname PE2 # vlan batch 10 # mpls lsr-id 3.3.3.3 mpls # mpls l2vpn # vsi v1 auto pwsignal bgp route-distinguisher 100:2 vpn-target 1:1 import-extcommunity vpn-target 1:1 export-extcommunity site 2 range 5 default-offset 0 # mpls ldp # isis 1 network-entity 10.0000.0000.0004.00 # interface Vlanif10 undo shutdown l2 binding vsi v1 # interface GigabitEthernet2/0/0 undo shutdown portswitch port default vlan 10 # interface Pos1/0/0 link-protocol ppp undo shutdown ip address 100.2.1.2 255.255.255.252 isis enable 1 mpls mpls ldp # interface LoopBack1 ip address 3.3.3.3 255.255.255.255 isis enable 1 # bgp 100 peer 2.2.2.2 as-number 100 peer 2.2.2.2 connect-interface LoopBack1 # ipv4-family unicast undo synchronization peer 2.2.2.2 enable

7-184

Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd.

Issue 03 (2008-09-22)

Quidway NetEngine80E/40E Core Router Configuration Guide - VPN


# vpls-family policy vpn-target peer 2.2.2.2 enable # return l

7 VPLS Configuration

Configuration file of CE2


# sysname CE2 # vlan batch 10 # interface Vlanif10 undo shutdown ip address 10.1.1.2 255.255.255.0 # interface GigabitEthernet1/0/0 undo shutdown portswitch port default vlan 10 # return

7.13.14 Example for Configuring Kompella VPLS with Two Reflectors


Networking Requirements
When deploying Kompella VPLS, you can configure the VPLS with two RRs to improve the reliability. Select two Ps or PEs in the same AS on the backbone network as RRs, which back up each other, to reflect information about the Kompella VPLS label block. As shown in Figure 7-21, PE1, PE2, RR1, and RR2 are in the backbone network AS100. It is required that CE1 and CE2 can communicate with each other by configuring the Kompella VPLS with two reflectors RR1 and RR2. Figure 7-21 Networking diagram of configuring Kompella VPLS with two reflectors
Loopback1 2.2.2.9/32 POS1/0/0 100.1.2.2/30

VPN backbone AS100 RR1 RR2

Loopback1 3.3.3.9/32 POS2/0/0 100.3.4.1/30

POS1/0/0 100.1.2.1/30 Loopback1 1.1.1.9/32

POS3/0/0 100.2.4.1/30

POS3/0/0 100.1.3.2/30

POS1/0/0 100.3.4.2/30 Loopback1 4.4.4.9/32

POS3/0/0 100.1.3.1/30

POS3/0/0 100.2.4.2/30 GE2/0/0.1 GE1/0/0.1 10.1.1.2/24

PE1

GE2/0/0.1 GE1/0/0.1 10.1.1.1/24

PE2

CE1

CE2

Issue 03 (2008-09-22)

Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd.

7-185

7 VPLS Configuration

Quidway NetEngine80E/40E Core Router Configuration Guide - VPN

Configuration Roadmap
The configuration roadmap is as follows: 1. 2. 3. 4. 5. Use MPLS LSPs as public network tunnels. Establish MP IBGP connections between PEs and RRs (no MP IBGP connection needs to be established between PEs). RR1 and RR2 back up each other. Configure the same reflector ID for RR1 and RR2. RR1 and RR2 need to store information about all the VPLS labels to advertise it to PEs. Thus, configure RR1 and RR2 not to filter VPLS label blocks based on VPN targets. Configure VSIs on PEs and connect the PEs to CEs.
NOTE

In the VPLS with two reflectors, the two reflection paths cannot share the same network segment or node (excluding the PE nodes on both ends); otherwise, it is meaningless to configure two reflectors.

Data Preparation
To complete the configuration, you need the following data:
l l

Names, RDs, and VPN targets of the VPN instances created on PE1 and PE2 VSI names

Configuration Procedure
1. Configure IGP on the MPLS backbone network to enable the devices on LSPs to communicate with each other. In this example, IS-IS is used as IGP and the configuration procedure is not mentioned.
NOTE

Advertise the loopback interface addresses that act as LSR IDs.

After the configuration, the devices along the LSP can learn loopback interface addresses from each other. Take PE1 as an example:
<PE1> display ip routing-table Routing Tables: Public Destinations : 14 Destination/Mask Proto Pre 1.1.1.9/32 Direct 0 2.2.2.9/32 ISIS 15 3.3.3.9/32 ISIS 15 4.4.4.9/32 ISIS 15 ISIS 15 100.1.2.0/24 Direct 0 100.1.2.1/32 Direct 0 100.1.2.2/32 Direct 0 100.1.3.0/24 Direct 0 100.1.3.1/32 Direct 0 100.1.3.2/32 Direct 0 100.2.4.0/24 ISIS 15 100.3.4.0/24 ISIS 15 127.0.0.0/8 Direct 0 127.0.0.1/32 Direct 0 Routes : 15 Cost NextHop 0 127.0.0.1 20 100.1.2.2 20 100.1.3.2 30 100.1.3.2 30 100.1.2.2 0 100.1.2.1 0 127.0.0.1 0 100.1.2.2 0 100.1.3.1 0 127.0.0.1 0 100.1.3.2 20 100.1.2.2 20 100.1.3.2 0 127.0.0.1 0 127.0.0.1

Interface InLoopBack0 Pos1/0/0 Pos3/0/0 Pos3/0/0 Pos1/0/0 Pos1/0/0 InLoopBack0 Pos1/0/0 Pos3/0/0 InLoopBack0 Pos3/0/0 Pos1/0/0 Pos3/0/0 InLoopBack0 InLoopBack0

2.

Establish LSPs on the MPLS backbone network. Enable MPLS and MPLS LDP on the devices and interfaces, which LSPs pass through. The configuration procedure is not mentioned here.

7-186

Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd.

Issue 03 (2008-09-22)

Quidway NetEngine80E/40E Core Router Configuration Guide - VPN

7 VPLS Configuration

After the configuration, run the display mpls lsp command on each PE and RR. You can view the LSPs of each PE and RR. Take PE1 and RR1 as an example:
<PE1> display mpls lsp ---------------------------------------------------------------------LSP Information: LDP LSP ---------------------------------------------------------------------FEC In/Out Label In/Out IF Vrf Name 1.1.1.9/32 3/NULL -/2.2.2.9/32 NULL/3 -/P1/0/0 4.4.4.9/32 NULL/1025 -/P1/0/0 2.2.2.9/32 1024/3 -/P1/0/0 3.3.3.9/32 1028/3 -/P3/0/0 3.3.3.9/32 NULL/3 -/P3/0/0 4.4.4.9/32 NULL/1027 -/P3/0/0 <RR1> display mpls lsp ---------------------------------------------------------------------LSP Information: LDP LSP ---------------------------------------------------------------------FEC In/Out Label In/Out IF Vrf Name 1.1.1.9/32 NULL/3 -/P1/0/0 2.2.2.9/32 3/NULL -/3.3.3.9/32 NULL/1028 -/P1/0/0 1.1.1.9/32 1024/3 -/P1/0/0 4.4.4.9/32 1025/3 -/P3/0/0 4.4.4.9/32 NULL/3 -/P3/0/0 3.3.3.9/32 NULL/1026 -/P3/0/0

3.

Establish MP IBGP peer relationship between PEs and RRs. # Establish the MP IBGP connection and enable BGP VPLS. # Configure PE1.
<PE1> system-view [PE1] bgp 100 [PE1-bgp] peer 2.2.2.9 [PE1-bgp] peer 2.2.2.9 [PE1-bgp] peer 3.3.3.9 [PE1-bgp] peer 3.3.3.9 [PE1-bgp] vpls-family [PE1-bgp-af-vpls] peer [PE1-bgp-af-vpls] peer as-number 100 connect-interface loopback 1 as-number 100 connect-interface loopback 1 2.2.2.9 enable 3.3.3.9 enable

# Configure RR1.
<RR1> system-view [RR1] bgp 100 [RR1-bgp] group rr1 internal [RR1-bgp] peer rr1 connect-interface loopback 1 [RR1-bgp] vpls-family [RR1-bgp-af-vpls] peer rr1 enable [RR1-bgp-af-vpls] peer 1.1.1.9 group rr1 [RR1-bgp-af-vpls] peer 4.4.4.9 group rr1

# Configure RR2.
<RR2> system-view [RR2] bgp 100 [RR2-bgp] group rr2 internal [RR2-bgp] peer rr2 connect-interface loopback 1 [RR2-bgp] vpls-family [RR2-bgp-af-vpls] peer rr2 enable [RR2-bgp-af-vpls] peer 1.1.1.9 group rr2 [RR2-bgp-af-vpls] peer 4.4.4.9 group rr2

# Configure PE2.
<PE22> system-view [PE2] bgp 100 [PE2-bgp] peer 2.2.2.9 as-number 100 [PE2-bgp] peer 2.2.2.9 connect-interface loopback 1

Issue 03 (2008-09-22)

Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd.

7-187

7 VPLS Configuration
[PE2-bgp] peer 3.3.3.9 [PE2-bgp] peer 3.3.3.9 [PE2-bgp] vpls-family [PE2-bgp-af-vpls] peer [PE2-bgp-af-vpls] peer

Quidway NetEngine80E/40E Core Router Configuration Guide - VPN


as-number 100 connect-interface loopback 1 2.2.2.9 enable 3.3.3.9 enable

After this step, run the display bgp vpls peer command on PEs or run the display bgp vpls group group-name command on RRs. You can view that MP BGP connections are established between PEs and RRs. Take PE1 and RR1 as an example:
<PE1> display bgp vpls peer BGP local router ID : 1.1.1.9 Local AS number : 100 Total number of peers : 2 Peers in established state : 2 Peer V AS MsgRcvd MsgSent OutQ Up/Down State PrefRcv 2.2.2.9 4 100 6 6 0 00:03:50 Established 0 3.3.3.9 4 100 4 5 0 00:01:05 Established 0 <RR1> display bgp vpls group rr1 BGP peer-group: rr1 Remote AS 100 Type : internal Configured hold timer value: 180 Keepalive timer value: 60 Minimum route advertisement interval is 15 seconds Connect-interface has been configured PeerSession Members: NONE It's route-reflector-client Peer Preferred Value: 0 No routing policy is configured Peer Members: Peer V AS MsgRcvd MsgSent OutQ Up/Down State PrefRcv 1.1.1.9 4 100 7 8 0 00:04:33 Established 0 4.4.4.9 4 100 3 3 0 00:00:52 Established 0

4.

Configure route reflection on RR1 and RR2. # Reflectors need to store information about all L2VPN labels to advertise it to clients. Thus, configure RR1 and RR2 not to filter L2VPN label blocks based on VPN targets. # Configure RR1.
[RR1] bgp 100 [RR1-bgp] vpls-family [RR1-bgp-af-vpls] reflector cluster-id 100 [RR1-bgp-af-vpls] peer rr1 reflect-client [RR1-bgp-af-vpls] undo policy vpn-target

# Configure RR2.
[RR2] bgp 100 [RR2-bgp] vpls-family [RR2-bgp-af-vpls] reflector cluster-id 100 [RR2-bgp-af-vpls] peer rr2 reflect-client [RR2-bgp-af-vpls] undo policy vpn-target

5.

Configure VSIs on PEs and bind the VSIs to the interfaces on the AC side. On CE1 and CE2, configure IP addresses in the same network segment for the interfaces through which CE1 and CE2 access the PEs. # Configure PE1.
[PE1] vsi v1 auto [PE1-vsi-v1] pwsignal bgp [PE1-vsi-v1-bgp] route-distinguisher 100:1 [PE1-vsi-v1-bgp] vpn-target 1:1 import-extcommunity [PE1-vsi-v1-bgp] vpn-target 1:1 export-extcommunity [PE1-vsi-v1-bgp] site 1 range 5 default-offset 0 [PE1-vsi-v1-bgp] quit [PE1-vsi-v1] quit [PE1] interface gigabitethernet2/0/0.1

7-188

Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd.

Issue 03 (2008-09-22)

Quidway NetEngine80E/40E Core Router Configuration Guide - VPN


[PE1-GigabitEthernet2/0/0.1] [PE1-GigabitEthernet2/0/0.1] [PE1-GigabitEthernet2/0/0.1] [PE1-GigabitEthernet2/0/0.1] [PE1-GigabitEthernet2/0/0.1] shutdown vlan-type dot1q 10 l2 binding vsi v1 undo shutdown quit

7 VPLS Configuration

# Configure PE2.
[PE2] vsi v1 auto [PE2-vsi-v1] pwsignal bgp [PE2-vsi-v1-bgp] route-distinguisher 100:2 [PE2-vsi-v1-bgp] vpn-target 1:1 import-extcommunity [PE2-vsi-v1-bgp] vpn-target 1:1 export-extcommunity [PE2-vsi-v1-bgp] site 2 range 5 default-offset 0 [PE2-vsi-v1-bgp] quit [PE2-vsi-v1] quit [PE2] interface gigabitethernet2/0/0.1 [PE2-GigabitEthernet2/0/0.1] shutdown [PE2-GigabitEthernet2/0/0.1] vlan-type dot1q 10 [PE2-GigabitEthernet2/0/0.1] l2 binding vsi v1 [PE2-GigabitEthernet2/0/0.1] undo shutdown [PE2-GigabitEthernet2/0/0.1] quit

# Configure CE1.
[CE1] interface gigabitethernet1/0/0.1 [CE1-GigabitEthernet1/0/0.1] shutdown [CE1-GigabitEthernet1/0/0.1] vlan-type dot1q 10 [CE1-GigabitEthernet1/0/0.1] ip address 10.1.1.1 24 [CE1-GigabitEthernet1/0/0.1] undo shutdown

# Configure CE2.
[CE2] interface gigabitethernet1/0/0.1 [CE2-GigabitEthernet1/0/0.1] shutdown [CE2-GigabitEthernet1/0/0.1] vlan-type dot1q 10 [CE2-GigabitEthernet1/0/0.1] ip address 10.1.1.2 24 [CE2-GigabitEthernet1/0/0.1] undo shutdown [CE2-GigabitEthernet1/0/0.1] quit

6.

Verify the configuration. Check VSI information on PE1, and you can view that the VSI status is Up. The PW to the remote PE is also Up. Take PE1 as an example:
<PE1> display vsi name v1 verbose ***VSI Name : v1 Administrator VSI : no Isolate Spoken : disable VSI Index : 0 PW Signaling : bgp Member Discovery Style : auto PW MAC Learn Style : unqualify Encapsulation Type : vlan MTU : 1500 Mode : uniform Service Class : -Color : -DomainId : 0 Domain Name : VSI State : up BGP RD : 100:1 SiteID/Range/Offset : 1/5/0 Import vpn target : 1:1, Export vpn target : 1:1, Remote Label Block : 25600/5/0, Local Label Block : 25600/5/0, Interface Name : GigabitEthernet2/0/0.1 State : up **PW Information: *Peer Ip Address : 4.4.4.9 PW State : up

Issue 03 (2008-09-22)

Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd.

7-189

7 VPLS Configuration
Local VC Label Remote VC Label PW Type Tunnel ID : : : : 25602 25601 label 0x3002004,

Quidway NetEngine80E/40E Core Router Configuration Guide - VPN

CE1 and CE2 can ping through each other. This indicates that reflectors are successfully configured.
<CE1> ping 10.1.1.2 PING 10.1.1.2: 56 data bytes, press CTRL_C to break Reply from 10.1.1.2: bytes=56 Sequence=1 ttl=255 time=90 Reply from 10.1.1.2: bytes=56 Sequence=2 ttl=255 time=77 Reply from 10.1.1.2: bytes=56 Sequence=3 ttl=255 time=34 Reply from 10.1.1.2: bytes=56 Sequence=4 ttl=255 time=46 Reply from 10.1.1.2: bytes=56 Sequence=5 ttl=255 time=94 --- 10.1.1.2 ping statistics --5 packet(s) transmitted 5 packet(s) received 0.00% packet loss round-trip min/avg/max = 34/68/94 ms ms ms ms ms ms

After the shutdown command is run in the view of POS 3/0/0 on PE1 or POS 3/0/0 on PE2, CE1 and CE2 still can ping through each other. This indicates that the two reflectors are successfully configured. Run the display bgp vpls route-distinguisher route-distinguisher site-id site-id labeloffset default- offset command on PEs or RRs, and you can view the BGP attributes of label blocks, such as the AS-path attribute. Take PE1 as an example:
<PE1> display bgp vpls route-distinguisher 100:1 site-id 1 label-offset 0 BGP Local Router ID : 1.1.1.9, Local AS Number : 100 Status codes: * - active, > - best BGP VPLS Label Block Information of 100:1(RD)/1(SiteID)/0(Offset) ------------------------------------------------------------------------------Basic Info: NextHop=0.0.0.0, Range=5, (*)Best Label Base=25600(Received)/0(Applied), Tunnel ID=0x0 Advertise Info: FromPeer=0.0.0.0, Last Message Type=UNREACH RibOutNum=0, InTobeUpdateNum=0 Layer-2 Encap Info: MTU=1500, EncapType=VLAN, CtrlFlag=0x0, Reserved=0 Path Attribute Info: Pointer=0x7a138f0, RefCount=1, Attribute Flag=0x0 MED=0, LocalPref=0 Origin=0, OriginatorID=0x0 -------------------------------------------------------------------------------

Configuration Files
l

Configuration file of PE1


# sysname PE1 # mpls lsr-id 1.1.1.9 mpls # mpls l2vpn # vsi v1 auto pwsignal bgp route-distinguisher 100:1 vpn-target 1:1 import-extcommunity vpn-target 1:1 export-extcommunity site 1 range 5 default-offset 0

7-190

Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd.

Issue 03 (2008-09-22)

Quidway NetEngine80E/40E Core Router Configuration Guide - VPN


# mpls ldp # interface GigabitEthernet2/0/0 undo shutdown # interface GigabitEthernet2/0/0.1 undo shutdown vlan-type dot1q 10 l2 binding vsi v1 # interface Pos1/0/0 link-protocol ppp undo shutdown ip address 100.1.2.1 255.255.255.252 mpls mpls ldp # interface Pos3/0/0 link-protocol ppp undo shutdown ip address 100.1.3.1 255.255.255.252 mpls mpls ldp # interface LoopBack1 ip address 1.1.1.9 255.255.255.255 # bgp 100 peer 2.2.2.9 as-number 100 peer 2.2.2.9 connect-interface LoopBack1 peer 3.3.3.9 as-number 100 peer 3.3.3.9 connect-interface LoopBack1 # ipv4-family unicast undo synchronization peer 2.2.2.9 enable peer 3.3.3.9 enable # vpls-family policy vpn-target peer 2.2.2.9 enable peer 3.3.3.9 enable # ospf 1 area 0.0.0.0 network 1.1.1.9 0.0.0.0 network 100.1.2.0 0.0.0.3 network 100.1.3.0 0.0.0.3 # return l

7 VPLS Configuration

Configuration file of RR1


# sysname RR1 # mpls lsr-id 2.2.2.9 mpls # mpls ldp # interface Pos1/0/0 link-protocol ppp undo shutdown ip address 100.1.2.2 255.255.255.252 mpls mpls ldp # interface Pos3/0/0 link-protocol ppp

Issue 03 (2008-09-22)

Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd.

7-191

7 VPLS Configuration
undo shutdown ip address 100.2.4.1 255.255.255.252 mpls mpls ldp # interface LoopBack1 ip address 2.2.2.9 255.255.255.255 # bgp 100 peer 4.4.4.9 as-number 100 peer 1.1.1.9 as-number 100 group rr1 internal peer rr1 connect-interface LoopBack1 # ipv4-family unicast undo synchronization undo peer 4.4.4.9 enable undo peer 1.1.1.9 enable peer rr1 enable # vpls-family reflector cluster-id 100 undo policy vpn-target peer rr1 enable peer rr1 reflect-client peer 1.1.1.9 enable peer 1.1.1.9 group rr1 peer 4.4.4.9 enable peer 4.4.4.9 group rr1 # ospf 1 area 0.0.0.0 network 100.1.2.0 0.0.0.3 network 100.2.4.0 0.0.0.3 network 2.2.2.9 0.0.0.0 # return l

Quidway NetEngine80E/40E Core Router Configuration Guide - VPN

Configuration file of RR2


# sysname RR2 # mpls lsr-id 3.3.3.9 mpls # mpls ldp # interface Pos2/0/0 link-protocol ppp undo shutdown ip address 100.3.4.1 255.255.255.252 mpls mpls ldp # interface Pos3/0/0 link-protocol ppp undo shutdown ip address 100.1.3.2 255.255.255.252 mpls mpls ldp # interface LoopBack1 ip address 3.3.3.9 255.255.255.255 # bgp 100 peer 4.4.4.9 as-number 100 peer 1.1.1.9 as-number 100 group rr2 internal peer rr2 connect-interface LoopBack1 #

7-192

Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd.

Issue 03 (2008-09-22)

Quidway NetEngine80E/40E Core Router Configuration Guide - VPN


ipv4-family unicast undo synchronization undo peer 4.4.4.9 enable undo peer 1.1.1.9 enable peer rr2 enable # vpls-family reflector cluster-id 100 undo policy vpn-target peer rr2 enable peer rr2 reflect-client peer 1.1.1.9 enable peer 1.1.1.9 group rr2 peer 4.4.4.9 enable peer 4.4.4.9 group rr2 # ospf 1 area 0.0.0.0 network 100.3.4.0 0.0.0.3 network 100.1.3.0 0.0.0.3 network 3.3.3.9 0.0.0.0 # return l

7 VPLS Configuration

Configuration file of PE2


# sysname PE2 # mpls lsr-id 4.4.4.9 mpls # mpls l2vpn # vsi v1 auto pwsignal bgp route-distinguisher 100:2 vpn-target 1:1 import-extcommunity vpn-target 1:1 export-extcommunity site 2 range 5 default-offset 0 # mpls ldp # interface GigabitEthernet2/0/0 undo shutdown # interface GigabitEthernet2/0/0.1 undo shutdown vlan-type dot1q 10 l2 binding vsi v1 # interface Pos1/0/0 link-protocol ppp undo shutdown ip address 100.3.4.2 255.255.255.252 mpls mpls ldp # interface Pos3/0/0 link-protocol ppp undo shutdown ip address 100.2.4.2 255.255.255.252 mpls mpls ldp # interface LoopBack1 ip address 4.4.4.9 255.255.255.255 # bgp 100 peer 2.2.2.9 as-number 100 peer 2.2.2.9 connect-interface LoopBack1

Issue 03 (2008-09-22)

Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd.

7-193

7 VPLS Configuration
peer 3.3.3.9 as-number 100 peer 3.3.3.9 connect-interface LoopBack1 # ipv4-family unicast undo synchronization peer 2.2.2.9 enable peer 3.3.3.9 enable # vpls-family policy vpn-target peer 2.2.2.9 enable peer 3.3.3.9 enable # ospf 1 area 0.0.0.0 network 4.4.4.9 0.0.0.0 network 100.3.4.0 0.0.0.3 network 100.2.4.0 0.0.0.3 # return l

Quidway NetEngine80E/40E Core Router Configuration Guide - VPN

Configuration file of CE1


# sysname CE1 # interface GigabitEthernet1/0/0 undo shutdown # interface GigabitEthernet1/0/0.1 undo shutdown vlan-type dot1q 10 ip address 10.1.1.1 255.255.255.0 # return

Configuration file of CE2


# sysname CE2 # interface GigabitEthernet1/0/0 undo shutdown # interface GigabitEthernet1/0/0.1 undo shutdown vlan-type dot1q 10 ip address 10.1.1.2 255.255.255.0 # return

7-194

Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd.

Issue 03 (2008-09-22)

Quidway NetEngine80E/40E Core Router Configuration Guide - VPN

8 Access of L2VPN to L3VPN Configuration

Access of L2VPN to L3VPN Configuration

About This Chapter


This chapter describes the basic concept of Access of L2VPN to L3VPN, and configuration steps, along with examples 8.1 Overview This section describes the background and scenarios of the access of L2VPN to L3VPN. 8.2 Configuring the Access of VLL to the Public Network or L3VPN This section describes how to configure the access of VLL to the public network or L3VPN; that is, the VLL technology is used on the access network. 8.3 Configuring the Access of VPLS to the Public Network or L3VPN This section describes how to configure the access of the VPLS network to the public network or L3VPN; that is the VPLS technology is used on the access network. 8.4 Configuring an L2VPN to Access Multiple L3VPNs Through Sub-interfaces for QinQ VLAN Tag Termination This section describes how to configure the access of L2VPN to L3VPN through terminating L3VE sub-interfaces by QinQ; that is, the inner VLAN tag is used to identify the packets of users, and to send the packets to the desired L3VPN. 8.5 Configuration Examples This section provides several configuration examples for the access of L2VPN to L3VPN.

Issue 03 (2008-09-22)

Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd.

8-1

8 Access of L2VPN to L3VPN Configuration

Quidway NetEngine80E/40E Core Router Configuration Guide - VPN

8.1 Overview
This section describes the background and scenarios of the access of L2VPN to L3VPN. 8.1.1 L2VPN to L3VPN 8.1.2 Access of L2VPN to L3VPN Implemented on the NE80E/40E

8.1.1 L2VPN to L3VPN


Layer 2 VPN (L2VPN) is a type of technology that provides L2VPN services on the basis of an MPLS network. L2VPN data is transmitted transparently over the MPLS network that features high reliability and security, easy maintenance, and powerful QoS. L2VPN provides tunnels for transmitting user data. This reduces the number of links maintained by the routers in the middle. Using an L2VPN, users can access L3VPN services running on an access network or bearer network. This reduces the user information that is maintained by access devices. Therefore, the low-end devices can be deployed in the access network, reducing the networking cost. For users, the access network is transparent, and users seem to connect to the public network or L3VPN directly. This makes the networking more flexible. Figure 8-1 Networking diagram of traditional access of L2VPN to L3VPN
Access network UPE L2VPN PE-AGG NPE L3VPN Bearer network PE

CE1

CE2

In a traditional network, a Provider Edge Aggregation (PE-AGG) and a Network Provider Edge (NPE) are required to connect the access network to the bearer network. Then, L2VPN can access the public network or L3VPN. As shown in Figure 8-1, the User Provider Edge (UPE) devices are responsible for accessing user sites by creating an L2VPN tunnel between the access network and PE-AGG. The PE-AGG terminates L2VPN and connects to the other NPE. L3VPN is set up between the NPE and other common PEs on the bearer network of the carrier. As a CE of L2VPN, NPE connects to the PEAGG. For the L3VPN on the bearer network, CE1 accesses the L3VPN through the leased line emulated by L2VPN.

8-2

Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd.

Issue 03 (2008-09-22)

Quidway NetEngine80E/40E Core Router Configuration Guide - VPN

8 Access of L2VPN to L3VPN Configuration

Figure 8-2 Networking diagram of connection from L2VPN to L3VPN supported by the
Bearer network Access network
N

NPE L3VPN

PE

UPE

VP L2

CE1

CE2

If an NPE device can provide the functions of both PE-AGG and NPE devices, it helps lower the networking cost and simplify the network. As shown in Figure 8-2, the NE80E/40E functions as an NPE, and it is connected to and terminates the L2VPN and L3VPN on a same device by creating a Virtual Ethernet group (VE-group). Therefore, the NE80E/40E realizes the functionalities of both PE-AGG and NPE devices on traditional network. In a VE-group, the VE interface used to terminate L2VPN is called Layer 2 Virtual Ethernet (L2VE), and that used to terminate L3VPN is called Layer 3 Virtual Ethernet (L3VE).

8.1.2 Access of L2VPN to L3VPN Implemented on the NE80E/40E


Access of a VLL to the Public Network or L3VPN
A Virtual Leased Line (VLL) provides MPLS-network-based L2VPN services, and transparently transmits Layer 2 data of users over the MPLS network. From the viewpoint of users, the MPLS access network is a Layer 2 switching network that establishes a Layer 2 connection between users and the carrier network. Users can access the L3VPN on the public network or the bearer network of carriers. On the access network, the NE80E/40E can only deploy Martini VLL for the access to the public network or L3VPN.

Configuring the Access of VPLS to the Public Network or L3VPN


The Virtual Private LAN Service (VPLS) connects multiple Ethernet LAN segments through the Packet Switch Network (PSN) to make them work as one LAN. Unlike the point-to-point service of L2VPN, VPLS can be used to connect multiple Ethernet sites of a carrier to the L3VPN on the bearer network or to the public network through the MPLS access network. On the access network, the NE80E/40E can deploy only the Martini VPLS for access to the public network or L3VPN.

Issue 03 (2008-09-22)

Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd.

8-3

8 Access of L2VPN to L3VPN Configuration

Quidway NetEngine80E/40E Core Router Configuration Guide - VPN

Configuring an L2VPN to Access Multiple L3VPNs Through Sub-interfaces for QinQ VLAN Tag Termination
QinQ is an IEEE 802.1Q-based Layer 2 tunnel protocol, and packets transmitted through QinQ have two layers of 802.1Q tag headers. QinQ helps distinguish diverse services of different users. For the NE80E/40E, the data of different users is sent to the desired L2VPN according to the outer VLAN tags. When the packets with two layers of tags reach L3VE through L2VPN, the carrier can use the L3VE sub-interface to terminate the QinQ user packets with specified inner tags. Therefore, services of different types can access their target L3VPN on bearer network through different L3VE sub-interfaces. In this manner, carriers provide appropriate quality for different services on the bearer network, and make full use of the network resources. Users can obtain Differentiated Services (DS).

8.2 Configuring the Access of VLL to the Public Network or L3VPN


This section describes how to configure the access of VLL to the public network or L3VPN; that is, the VLL technology is used on the access network. 8.2.1 Establishing the Configuration Task 8.2.2 Creating an L2VE Interface 8.2.3 Creating an L3VE Interface 8.2.4 Associating the L2VE Interface with a VLL 8.2.5 Configuring the Access to the Public Network or L3VPN 8.2.6 Checking the Configuration

8.2.1 Establishing the Configuration Task


Applicable Environment
As shown in Figure 8-3, when a customer needs to access the public network or the MPLS L3VPN of the bearer network over the MPLS L2VPN of a carrier, the carrier can deploy a VLL to connect the customer to the public network or the MPLS L3VPN of the bearer network through virtual leased line.

8-4

Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd.

Issue 03 (2008-09-22)

Quidway NetEngine80E/40E Core Router Configuration Guide - VPN

8 Access of L2VPN to L3VPN Configuration

Figure 8-3 Networking diagram of connecting a VLL to an L3VPN

NPE Access network 1

Bearer network MPLS L3VPN

NPE Access network 2

UPE

UPE

CE Logical link between CE and NPE VLLtunnel L3VPN tunnel

CE

Pre-configuration Tasks
Before configuring a VLL to access an L3VPN, complete the following tasks:
l

Connecting the interfaces and configuring their physical parameters so as to make their physical layer Up Enabling IGP on the MPLS access network to implement IP connectivity Enabling MPLS L2VPN on UPEs and NPEs Creating L2VPN tunnels between UPEs and NPEs Creating LDP sessions between NPEs and UPEs Creating remote LDP sessions if NPEs and UPEs are not connected directly Enabling an IGP on the MPLS bearer network to realize IP connectivity Configuring the basic functions of L3VPN on NPEs

l l l l l l l

Data Preparation
To configure a VLL to access an L3VPN, you need the following data. No. 1 2 3 Data VE interface number VE-group number Destination IP address of the L2VC, VC ID and VC Type

Issue 03 (2008-09-22)

Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd.

8-5

8 Access of L2VPN to L3VPN Configuration

Quidway NetEngine80E/40E Core Router Configuration Guide - VPN

8.2.2 Creating an L2VE Interface


Context
Do as follows on NPEs.

Procedure
Step 1 Run:
system-view

The system view is displayed. Step 2 Run:


interface virtual-ethernet interface-number

A VE1 interface is created and the VE1 interface view is displayed. Step 3 Run:
ve-group ve-group-id l2-terminate

The VE1 interface is set to an L2VE interface that terminates VLL, and it is bound to a VEgroup. ----End

8.2.3 Creating an L3VE Interface


Context
Do as follows on NPEs.

Procedure
Step 1 Run:
system-view

The system view is displayed. Step 2 Run:


interface virtual-ethernet interface-number

A VE 2 interface is created and the VE2 interface view is displayed. Step 3 Run:
ve-group ve-group-id l3-access

The VE2 interface is set to an L3VE interface that accesses the MPLS L3VPN, and it is bound to a VE-Group.
NOTE

A VLL cannot function well unless the L3VE and the L2VE interfaces are bound to the same VE-group. In addition, the L2VE and L3VE interfaces in a VE-group cannot be on different boards.

----End
8-6 Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd. Issue 03 (2008-09-22)

Quidway NetEngine80E/40E Core Router Configuration Guide - VPN

8 Access of L2VPN to L3VPN Configuration

8.2.4 Associating the L2VE Interface with a VLL


Context
Do as follows on NPEs.

Procedure
Step 1 Run:
system-view

The system view is displayed. Step 2 Run:


mpls 12vpn default martini

The Martini mode is set. Step 3 Run:


interface virtual-ethernet interface-number

The L2VE interface view is displayed. Step 4 Run:


mpls l2vc dest-ip-addr vc-id [ [ control-word | no-control-word ] | [ raw | tagged | ip-interworking ] | tunnel-policy policy-name ] *

A Martini VLL is created. The tunnel policy for a Martini VLL defaults to LSPs and only one LSP is used for load balancing. If a tunnel of other types is needed, you can specify tunnel-policy policy-name to obtain the tunnel policy. To create a Martini VLL, you need to specify the IP address and VC ID of the destination PE. The VC IDs of PEs at both ends of the VC must be consistent. The VC type of the VLL for VE interfaces defaults to Ethernet. If the AC interfaces on the peer PE are Ethernet sub-interfaces, you need to specify tagged to change the local VC type to VLAN, or specify raw on the Ethernet sub-interfaces of the peer PE to change the peer VC type to Ethernet. The VC types for PEs at both ends of the VLL must be consistent. When the AC interfaces on the peer PE are of other types, you can specify ip-interworking on the local PE to enable IP-interworking of Martini VLLs. ----End

8.2.5 Configuring the Access to the Public Network or L3VPN


Context
Do as follows on NPEs.

Procedure
l
Issue 03 (2008-09-22)

Configuring a User to Access the Public Network


Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd. 8-7

8 Access of L2VPN to L3VPN Configuration

Quidway NetEngine80E/40E Core Router Configuration Guide - VPN

1.

Run:
system-view

The system view is displayed. 2. Run:


interface virtual-ethernet interface-number

The L3VE interface view is displayed. 3. Run:


ip address ip-address { mask | mask-length }

An IP address is configured for the L3VE interface. Configure a routing protocol on the NPEs to exchange routes with the CE device on the MPLS L2VPN network. For more information, refer to the Quidway NetEngine80E/40E Router Configuration Guide - IP Routing. l Configuring a User to Access the MPLS L3VPN Network 1. Run:
system-view

The system view is displayed. 2. Run:


interface virtual-ethernet interface-number

The L3VE interface view is displayed. 3. Run:


ip binding vpn-instance vpn-instance-name

The L3VE interface is associated with a VPN instance. 4. Run:


ip address ip-address { mask | mask-length }

An IP address is configured for the L3VE interface.


NOTE

The IP address is a private network address of MPLS L3VPN.

----End

8.2.6 Checking the Configuration


Run the following commands to check the previous configuration. Action Check the binding relationship between VE interfaces and a VE-group. Check information about a Martini VLL. Command display virtual-ethernet ve-group [ vegroup-id | slot slot-id ] display mpls l2vc [ vc-id | interface interfacetype interface-number ]

Run the display virtual-ethernet ve-group command. You can view the VE interfaces in a VEgroup. For example:
8-8 Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd. Issue 03 (2008-09-22)

Quidway NetEngine80E/40E Core Router Configuration Guide - VPN

8 Access of L2VPN to L3VPN Configuration

<Quidway> display virtual-ethernet ve-group Ve-groupID L2VE L3VE 1 Virtual-Ethernet2/0/0 Virtual-Ethernet2/0/1 Total 1, 1 printed

Run the display mpls l2vc command for the Martini VLL. You can view that the VC State is up and the "Client Interface" is a VE interface. For example:
<Quidway> display mpls l2vc Total ldp vc : 1 1 up 0 down *Client Interface : Virtual-ethernet2/0/0 Session State : up AC Status : up VC State : up VC ID : 101 VC Type : ethernet Destination : 3.3.3.9 local VC label : 140288 remote VC label : 140292 control word : disable forwarding entry : not exist local group ID : 0 manual fault : not set active state : active link state : up local VC MTU : 1500 remote VC MTU : 1500 tunnel policy name : lsp traffic behavior name: -PW template name : -primary or secondary : primary create time : 0 days, 0 hours, 30 minutes, 18 seconds up time : 0 days, 0 hours, 0 minutes, 0 seconds last change time : 0 days, 0 hours, 30 minutes, 18 seconds

8.3 Configuring the Access of VPLS to the Public Network or L3VPN


This section describes how to configure the access of the VPLS network to the public network or L3VPN; that is the VPLS technology is used on the access network. 8.3.1 Establishing the Configuration Task 8.3.2 Creating an L2VE Interface 8.3.3 Creating an L3VE Interface 8.3.4 Binding a VSI to the L2VE Interface 8.3.5 Configuring the Access to the Public Network or an L3VPN 8.3.6 Checking the Configuration

8.3.1 Establishing the Configuration Task


Applicable Environment
As shown in Figure 8-4, a user has many scattered sites on the access network of a carrier, and they are connected through Ethernet. These sites are required to interconnect to form an integrated network. In this case, the VPLS can be deployed on the access network to network those sites, and to access the MPLS L3VPN service running on the bearer network. If there are many scattered sites on the access network, deploy the HVPLS on it, as shown in the access
Issue 03 (2008-09-22) Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd. 8-9

8 Access of L2VPN to L3VPN Configuration

Quidway NetEngine80E/40E Core Router Configuration Guide - VPN

network 2 in Figure 8-4. The NPE works as PE at upper layer and UPEs as PE at lower layer. Therefore, the logical connections between PEs are reduced. Figure 8-4 Networking diagram of VPLS accessing L3VPN
CE CE

UPE NPE Access network 1 VPLS UPE

Bearer network MPLS L3VPN

UPE NPE Access network 2 HVPLS UPE

CE VPLS tunnel L3VPN tunnel

CE

Pre-configuration Tasks
Before configuring a VPLS to access an L3VPN, complete the following tasks:
l

Connecting the interfaces and configuring their physical parameters so as to make their physical layer Up Enabling IGP on the MPLS access network to realize IP connectivity Creating full-mesh VPLS between UPEs and NPEs Enabling IGP on the MPLS bearer network to realize IP connectivity Configuring the basic functions of L3VPN on NPEs

l l l l

Data Preparation
To configure a VPLS to access an L3VPN, you need the following data. No. 1 2 3
8-10

Data VE interface number VE-group number VSI name and VSI ID


Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd. Issue 03 (2008-09-22)

Quidway NetEngine80E/40E Core Router Configuration Guide - VPN

8 Access of L2VPN to L3VPN Configuration

No. 4

Data Name of the VPN instance, RD, and VPN target

8.3.2 Creating an L2VE Interface


Context
Do as follows on NPEs.

Procedure
Step 1 Run:
system-view

The system view is displayed. Step 2 Run:


interface virtual-ethernet interface-number

A VE1 interface is created and the VE1 interface view is displayed. Step 3 Run:
ve-group ve-group-id l2-terminate

The VE1 interface is set to an L2VE interface that terminates VLL, and it is bound to a VEgroup. ----End

8.3.3 Creating an L3VE Interface


Context
Do as follows on NPEs.

Procedure
Step 1 Run:
system-view

The system view is displayed. Step 2 Run:


interface virtual-ethernet interface-number

A VE 2 interface is created and the VE2 interface view is displayed. Step 3 Run:
ve-group ve-group-id l3-access

The VE2 interface is set to an L3VE interface that accesses the MPLS L3VPN, and it is bound to a VE-Group.
Issue 03 (2008-09-22) Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd. 8-11

8 Access of L2VPN to L3VPN Configuration


NOTE

Quidway NetEngine80E/40E Core Router Configuration Guide - VPN

A VLL cannot function well unless the L3VE and the L2VE interfaces are bound to the same VE-group. In addition, the L2VE and L3VE interfaces in a VE-group cannot be on different boards.

----End

8.3.4 Binding a VSI to the L2VE Interface


Context
Do as follows on NPEs.

Procedure
Step 1 Run:
system-view

The system view is displayed. Step 2 Run:


interface virtual-ethernet interface-number

The L2VE interface view is displayed. Step 3 Run:


l2 binding vsi vsi-name

The L2VE interface is bound to a VSI.


NOTE

The product supports the binding of L2VE interface to a VSI instance of Martini VPLS. For more on configurations of Martini VPLS, see "VPLS Configurations".

----End

8.3.5 Configuring the Access to the Public Network or an L3VPN


Context
The configuration of L3VE interface that is used to access the public network or MPLS L3VPN network varies with the network environment, as follows:

Procedure
l Configuring the Users to Access the Public Network Do as follows on NPEs. 1. Run:
system-view

The system view is displayed. 2. Run:


interface virtual-ethernet interface-number

8-12

Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd.

Issue 03 (2008-09-22)

Quidway NetEngine80E/40E Core Router Configuration Guide - VPN

8 Access of L2VPN to L3VPN Configuration

The L3VE interface view is displayed. 3. Run:


ip address ip-address { mask | mask-length }

The IP address is configured. Configure the routing protocol on the NPEs to exchange routes with the CE device on the MPLS L2VPN network. For details, refer to the Quidway NetEngine80E/ 40E Router Configuration Guide - IP Route. l Configuring the Users to Access an MPLS L3VPN Do as follows on NPEs. 1. Run:
system-view

The system view is displayed. 2. Run:


interface virtual-ethernet interface-number

The L3VE interface view is displayed. 3. Run:


ip binding vpn-instance vpn-instance-name

The L3VE interface is associated with a VPN instance. 4. Run:


ip address ip-address { mask | mask-length }

The IP address is configured.


NOTE

The IP address is a private network address of an MPLS L3VPN.

----End

8.3.6 Checking the Configuration


Run the following commands to check the previous configuration. Action Check the binding relationship between VE interfaces and a VE-group. Check information about the VPLS VSI. Command display virtual-ethernet ve-group [ vegroup-id | slot slot-id ] display vsi [ name vsi-name ] [ verbose ]

Run the display virtual-ethernet ve-group command. You can view the VE interfaces in the VE-group. For example:
<Quidway> display virtual-ethernet ve-group Ve-groupID L2VE L3VE 1 Virtual-Ethernet2/0/0 Virtual-Ethernet2/0/1 Total 1, 1 printed

Issue 03 (2008-09-22)

Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd.

8-13

8 Access of L2VPN to L3VPN Configuration

Quidway NetEngine80E/40E Core Router Configuration Guide - VPN

Run the display vsi [ name vsi-name ] [ verbose ] command. You can view that the "VSI State" is Up; if the parameter is verbose, the "Interface Name" is "Virtual-Ethernet". For example:
<Quidway> display vsi name *** VSI Name Administrator VSI Isolate Spoken VSI Index PW Signaling Member Discovery Style PW MAC Learn Style Encapulation Type MTU Diffserv Mode Service Class Color DomainId Domain Name VSI State VSI ID *Peer Router ID VC Label Session Tunnel ID Interface Name State *Peer Ip Address PW State Local VC Label Remote VC Label PW Type Tunnel ID vsi1 verbose : vsi1 : no : disable : 0 : ldp : static : unqualify : ethernet : 1500 : uniform : -: -: 255 : : up : 2 : 3.3.3.9 : 17408 : up : 0x6002001, : Virtual-Ethernet2/0/0 : up : 3.3.3.9 : up : 17408 : 17408 : label : 0x6002001,

8.4 Configuring an L2VPN to Access Multiple L3VPNs Through Sub-interfaces for QinQ VLAN Tag Termination
This section describes how to configure the access of L2VPN to L3VPN through terminating L3VE sub-interfaces by QinQ; that is, the inner VLAN tag is used to identify the packets of users, and to send the packets to the desired L3VPN. 8.4.1 Establishing the Configuration Task 8.4.2 Creating an L2VE Interface 8.4.3 Creating an L3VE Interface 8.4.4 Setting the L3VE Interface to User Termination Mode 8.4.5 Creating the L3VE Sub-interface Terminated by QinQ 8.4.6 Associating the L3VE Sub-interface Terminated by QinQ with an L3VPN Instance 8.4.7 Binding the L2VE to VLL or VPLS 8.4.8 Checking the Configuration

8.4.1 Establishing the Configuration Task


Applicable Environment
As shown in Figure 8-5, a user network often carries the data, audio, and video, and so on. The QinQ technique can be deployed to encapsulate different inner VLAN tags for different services,
8-14 Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd. Issue 03 (2008-09-22)

Quidway NetEngine80E/40E Core Router Configuration Guide - VPN

8 Access of L2VPN to L3VPN Configuration

and proper outer VLAN tags for different users. The inner and outer VLAN tags of different types help services access the relevant MPLS L3VPNs on the bearer network through the L2VPN on the access network, so the carrier can allocate the network resources on the bearer network according to service types. This gives full play to the network resources of the carrier, and proper QoS can be guaranteed for different services. Figure 8-5 Networking diagram of configuring an L2VPN to access multiple L3VPNs through sub-interfaces for QinQ VLAN tag termination
CE3 NPE Bearer network MPLS L3VPN CE4 VPN2 PE VPN1

Access network

UPE

VLAN100

VLAN10 CE1

VLAN20 CE2

Logical link between CE and NPE VLL tunnel L3VPN tunnel VPN1 VPN2

Pre-configuration Task
To configure an L2VPN to access multiple L3VPNs through sub-interfaces for QinQ VLAN tag termination, complete the following tasks:
l

Connecting the interfaces and configuring their physical parameters so as to make their physical layer Up Enabling IGP on the MPLS access network to realize IP connectivity Creating VPLS or VLL between UPEs and NPEs Enabling IGP on the MPLS bearer network to realize IP connectivity Configuring the basic functions of L3VPN on NPEs

l l l l

Data Preparations
To configure an L2VPN to access multiple L3VPNs through sub-interfaces for QinQ VLAN tag termination, you need the following data.
Issue 03 (2008-09-22) Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd. 8-15

8 Access of L2VPN to L3VPN Configuration

Quidway NetEngine80E/40E Core Router Configuration Guide - VPN

No. 1 2 3

Data VE interface number VE-group number Value range of the inner tag in the QinQ packet terminated at the VE sub-interface

8.4.2 Creating an L2VE Interface


Context
Do as follows on NPEs.

Procedure
Step 1 Run:
system-view

The system view is displayed. Step 2 Run:


interface virtual-ethernet interface-number

A VE1 interface is created and the VE1 interface view is displayed. Step 3 Run:
ve-group ve-group-id l2-terminate

The VE1 interface is set to an L2VE interface that terminates VLL, and it is bound to a VEgroup. ----End

8.4.3 Creating an L3VE Interface


Context
Do as follows on NPEs.

Procedure
Step 1 Run:
system-view

The system view is displayed. Step 2 Run:


interface virtual-ethernet interface-number

A VE 2 interface is created and the VE2 interface view is displayed.


8-16 Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd. Issue 03 (2008-09-22)

Quidway NetEngine80E/40E Core Router Configuration Guide - VPN

8 Access of L2VPN to L3VPN Configuration

Step 3 Run:
ve-group ve-group-id l3-access

The VE2 interface is set to an L3VE interface that accesses the MPLS L3VPN, and it is bound to a VE-Group.
NOTE

A VLL cannot function well unless the L3VE and the L2VE interfaces are bound to the same VE-group. In addition, the L2VE and L3VE interfaces in a VE-group cannot be on different boards.

----End

8.4.4 Setting the L3VE Interface to User Termination Mode


Context
Do as follows on NPEs.

Procedure
Step 1 Run:
system-view

The system view is displayed. Step 2 Run:


interface virtual-ethernet interface-number

The L3VE interface view is displayed. Step 3 Run:


mode user-termination

The L3VE interface is set to user termination mode. Bind the VE interfaces to a VE-group and set them to L3VE before configuring the user termination mode. ----End

8.4.5 Creating the L3VE Sub-interface Terminated by QinQ


Context
Do as follows on NPEs.

Procedure
Step 1 Run:
system-view

The system view is displayed. Step 2 Run:


interface virtual-ethernet interface-number.subinterface-number

Issue 03 (2008-09-22)

Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd.

8-17

8 Access of L2VPN to L3VPN Configuration

Quidway NetEngine80E/40E Core Router Configuration Guide - VPN

A L3VE sub-interface is created the sub-interface view is displayed. You can create sub-interfaces only on the L3VE interface that operates in user termination mode. Step 3 Run:
qinq termination ce-vid low-ce-vid [ to high-ce-vid ] [ vlan-group group-id ]

The QinQ termination is configured for the L3VE sub-interface. When the L3VE sub-interface receives packets with double tags from users, it will terminate the packets whose inner tag is in the range specified by the CE-vid. Step 4 Run:
arp broadcast enable

The ARP broadcast function is enabled for the sub-interface for QinQ VLAN tag termination. When you enable or disable the ARP broadcast function on a termination sub-interface, the routing status of the sub-interface becomes Down and then Up. This may result in a flapping of routes on the entire network, affecting the normal operation of services. ----End

8.4.6 Associating the L3VE Sub-interface Terminated by QinQ with an L3VPN Instance
Context
Do as follows on NPEs.

Procedure
Step 1 Run:
system-view

The system view is displayed. Step 2 Run:


interface virtual-ethernet interface-number subinterface-number

The L3VE sub-interface view is displayed. Step 3 Run:


ip binding vpn-instance vpn-instance-name

The L3VE sub-interface is associated with a VPN instance. Step 4 Run:


ip address ip-address { mask | mask-length } [ sub ]

The IP address is configured.


NOTE

The IP address is a private network address of MPLS L3VPN.

----End
8-18 Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd. Issue 03 (2008-09-22)

Quidway NetEngine80E/40E Core Router Configuration Guide - VPN

8 Access of L2VPN to L3VPN Configuration

8.4.7 Binding the L2VE to VLL or VPLS


Context
For details about creating L2VE and L3VE interfaces, see the sections"8.4 Configuring an L2VPN to Access Multiple L3VPNs Through Sub-interfaces for QinQ VLAN Tag Termination8.4.6 Associating the L3VE Sub-interface Terminated by QinQ with an L3VPN Instance" and "8.3 Configuring the Access of VPLS to the Public Network or L3VPN8.3.4 Binding a VSI to the L2VE Interface".

8.4.8 Checking the Configuration


Run the following commands to check the previous configuration. Action Check the binding relationship between VE interfaces and a VEgroup Check information about QinQ termination on VE sub-interfaces Command display virtual-ethernet ve-group [ ve-group-id | slot slot-id ] display qinq information termination [ interface virtual-ethernet interface-number.subinterfacenumber ]

Run the display virtual-ethernet ve-group command. You can view the VE interfaces in a VEgroup. For example:
<Quidway> display virtual-ethernet ve-group Ve-groupID L2VE L3VE 1 Virtual-Ethernet2/0/0 Virtual-Ethernet2/0/1 Total 1, 1 printed

Run the display qinq information termination command. You can view the detailed information terminated by QinQ on VE sub-interfaces. For example:
<Quidway> display qinq information termination Virtual-Ethernet5/0/9.1 L3VPN binded Total QINQ Num: 1 qinq termination pe-vid 2 ce-vid 20 to 30 Total vlan-group Num: 0 control-vid 1 qinq-termination

8.5 Configuration Examples


This section provides several configuration examples for the access of L2VPN to L3VPN. 8.5.1 Example for Configuring a Martini VLL to Access an L3VPN 8.5.2 Example for Configuring the Access of Martini VLL to the Public Network 8.5.3 Example for Configuring the Access of Martini VPLS to L3VPN
Issue 03 (2008-09-22) Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd. 8-19

8 Access of L2VPN to L3VPN Configuration

Quidway NetEngine80E/40E Core Router Configuration Guide - VPN

8.5.4 Example for Configuring the Dual-homing Access of Dynamic Master/Backup VPLS to an L3VPN 8.5.5 Example for Configuring an L2VPN to Access Multiple L3VPNs Through Sub-interfaces for QinQ VLAN Tag Termination

8.5.1 Example for Configuring a Martini VLL to Access an L3VPN


Networking Requirements
As shown in Figure 8-6, the NPE and PE2 serve as the PE of IP/MPLS backbone network, and UPE works as the PE on the VLL access network CE1 accesses the MPLS L3VPN on the IP/ MPLS backbone network through the VLL, and communicates with CE2. Create VE 2/0/0 and VE 2/0/1 on the NPE. The VE 2/0/0 terminates the L2VE of VLL, and VE 2/0/1 connects to the L3VE on MPLS L3VPN. The networking requirements include:
l l l

The PPP link is used between CE1 and the UPE. The VLL is in Martini mode (internetworking). VPN1 is the VPN instance of MPLS L3VPN; the route-distinguisher is 200:1; the vpntarget is 111:1. The backbone network belongs to AS 100. The NPE exchanges the VPN routing information with the PE (PE2) at the peer of MPLS L3VPN through IBGP. CE1 exchanges the VPN routing information with the NPE through EBGP; CE1 belongs to AS 65010. CE1 exchanges the VPN routing information through EBGP with PE2; CE2 belongs to AS 65020.

8-20

Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd.

Issue 03 (2008-09-22)

Quidway NetEngine80E/40E Core Router Configuration Guide - VPN

8 Access of L2VPN to L3VPN Configuration

Figure 8-6 Networking diagram of the access of Martini VLL to MPLS L3VPN
IP/MPLS core network Loopback1 3.3.3.9/32 NPE POS 1/0/0 10.3.3.1/24 Loopback1 4.4.4.9/32 POS 2/0/0 10.3.3.2/24 GE 1/0/0 100.2.1.1/24 GE 1/0/0 100.2.1.2/24 POS 1/0/0 10.2.2.1/24 PE2

POS 2/0/0 10.2.2.2/24 Access network Loopback1 1.1.1.9/32 UPE POS 2/0/0 P 10.2.1.2/24 POS 2/0/0 10.2.1.1/24

VPN1

CE2

POS 1/0/0

Loopback1 2.2.2.9/32 POS 1/0/0 100.1.1.1/24 VPN1

CE1

Configuration Roadmap
The configuration roadmap is as follows: 1. 2. 3. Configure the MPLS L3VPN backbone network. Create the L2VE interface on the NPE to terminate the VLL, and the L3VE interface to access L3VPN. Bind them to the same VE-group. Configure the Martini VLL:
l

Configure routing protocols for the devices including the UPE, P, and the NPE on access network to make them communicate, and enable MPLS. The default tunnel policy is used in the example; that is, establish LSPs to transmit user data. Enable MPLS L2VPN on the UPE and NPE, and establish VCs.

4.

Configure the access of CE devices to L3VPN. EBGP is used to exchange VPN routing information between CE1 and the NPE.

Data Preparations
To complete the configuration, you need the following data:
Issue 03 (2008-09-22) Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd. 8-21

8 Access of L2VPN to L3VPN Configuration


l l l

Quidway NetEngine80E/40E Core Router Configuration Guide - VPN

VE-group number IP addresses of VE interfaces Names of VPN instances for MPLS L3VPN

Configuration Procedure
1. Configure an IP address for each interface. The configuration details are not mentioned here. Configure the IP addresses for physical interfaces and the loopback interface according to the configurations in Figure 8-6. The configuration details are not mentioned here. 2. Create VE 2/0/0 and VE 2/0/1 on the NPE, and bind them to the same VE-group. # Create VE 2/0/0 to terminate the MPLS L2VPN.
<Quidway> system-view [Quidway] sysname NPE [NPE] interface virtual-ethernet2/0/0 [NPE-Virtual-Ethernet2/0/0] ve-group 1 l2-terminate [NPE-Virtual-Ethernet2/0/0] quit

# Create VE 2/0/1 to access the MPLS L3VPN.


[NPE] interface virtual-ethernet2/0/1 [NPE-Virtual-Ethernet2/0/1] ve-group 1 l3-access [NPE-Virtual-Ethernet2/0/1] quit

After the configuration is complete, run the display virtual-ethernet ve-group command. You can view the binding relationship between VE interfaces and a VE-group.
[NPE] display virtual-ethernet ve-group Ve-groupID L2VE 1 Virtual-Ethernet2/0/0 Total 1, 1 printed L3VE Virtual-Ethernet2/0/1

3.

Run an IGP on the VLL access network. OSPF is used in the example. The configuration details are not mentioned here. When configuring OSPF, advertise the 32-bit Loopback interface addresses of the UPE, the P, and the NPE. For more configurations, see "Configuration Files."

4.

Configure basic MPLS functions and LDP on the VLL access network. # Configure the UPE.
<Quidway> system-view [Quidway] sysname UPE [UPE] mpls lsr-id 1.1.1.9 [UPE] mpls [UPE-mpls] quit [UPE] mpls ldp [UPE-mpls-ldp] quit [UPE] interface pos 2/0/0 [UPE-Pos2/0/0] mpls [UPE-Pos2/0/0] mpls ldp [UPE-Pos2/0/0] undo shutdown [UPE-Pos2/0/0] quit

# Configure the P.
<Quidway> system-view [Quidway] sysname P [P] mpls lsr-id 2.2.2.9 [P] mpls [P-mpls] quit [P] mpls ldp [P-mpls-ldp] quit [P] interface pos 1/0/0

8-22

Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd.

Issue 03 (2008-09-22)

Quidway NetEngine80E/40E Core Router Configuration Guide - VPN


[P-Pos1/0/0] mpls [P-Pos1/0/0] mpls [P-Pos1/0/0] undo [P-Pos1/0/0] quit [P] interface pos [P-Pos2/0/0] mpls [P-Pos2/0/0] mpls [P-Pos2/0/0] undo [P-Pos2/0/0] quit

8 Access of L2VPN to L3VPN Configuration

ldp shutdown 2/0/0 ldp shutdown

# Configure the NPE.


[NPE] mpls lsr-id 3.3.3.9 [NPE] mpls [NPE-mpls] quit [NPE] mpls ldp [NPE-mpls-ldp] quit [NPE] interface pos 2/0/0 [NPE-Pos2/0/0] mpls [NPE-Pos2/0/0] mpls ldp [NPE-Pos2/0/0] undo shutdown [NPE-Pos2/0/0] quit

5.

Establish remote LDP sessions between the NPE and the UPE. # Configure the UPE.
[UPE] mpls ldp remote-peer 1 [UPE-mpls-ldp-remote-1] remote-ip 3.3.3.9 [UPE-mpls-ldp-remote-1] quit

# Configure the NPE.


[NPE] mpls ldp remote-peer 1 [NPE-mpls-ldp-remote-1] remote-ip 1.1.1.9 [NPE-mpls-ldp-remote-1] quit

6.

Enable MPLS L2VPN on the PE, and establish VCs. # Configure the UPE.
[UPE] mpls l2vpn [UPE-l2vpn] mpls l2vpn default martini [UPE-l2vpn] quit [UPE] interface pos 1/0/0 [UPE-Pos1/0/0] mtu 1500 [UPE-Pos1/0/0] mpls l2vc 3.3.3.9 101 ip-interworking [UPE-Pos1/0/0] ip address 100.1.1.2 24 [UPE-Pos1/0/0] undo shutdown [UPE-Pos1/0/0] quit

# Configure the NPE.


[NPE] mpls l2vpn [NPE-l2vpn] mpls l2vpn default martini [NPE-l2vpn] quit [NPE] interface virtual-ethernet2/0/0 [NPE-Virtual-Ethernet2/0/0] mpls l2vc 1.1.1.9 101 ip-interworking [NPE-Virtual-Ethernet2/0/0] local-ce ip 100.1.1.2 [NPE-Virtual-Ethernet2/0/0] quit

After the configuration is complete, check the VLL connections on the UPE and NPE. You can view one static L2VC. Take the NPE as an example.
[NPE] display mpls l2vc Total ldp vc : 1 1 up 0 down *Client Interface : Virtual-Ethernet2/0/0 Session State : up AC Status : up VC State : up VC ID : 101 VC Type : ip-interworking Destination : 1.1.1.9 local VC label : 140288 remote VC label

: 140292

Issue 03 (2008-09-22)

Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd.

8-23

8 Access of L2VPN to L3VPN Configuration


control word : forwarding entry : local group ID : manual fault : active state : link state : local VC MTU : tunnel policy name : traffic behavior name: PW template name : primary or secondary : create time : up time : last change time :

Quidway NetEngine80E/40E Core Router Configuration Guide - VPN


disable not exist 0 not set active up 1500 remote VC MTU : 1500 lsp --primary 0 days, 0 hours, 30 minutes, 18 seconds 0 days, 0 hours, 0 minutes, 0 seconds 0 days, 0 hours, 30 minutes, 18 seconds

7.

Run an IGP on the MPLS backbone network. IS-IS is used as the IGP protocol in this example. The configuration details are not mentioned here. When configuring IS-IS, advertise the 32-bit loopback interface addresses of the PE2 and the NPE. For more configurations, see "Configuration Files."

8.

Create VPN instances, and configure CEs to access the instances. # Configure the NPE.
[NPE] ip vpn-instance VPN1 [NPE-vpn-instance-VPN1] route-distinguisher 200:1 [NPE-vpn-instance-VPN1] vpn-target 111:1 both [NPE-vpn-instance-VPN1] quit [NPE] interface virtual-ethernet2/0/1 [NPE-Virtual-Ethernet2/0/1] ip binding vpn-instance VPN1 [NPE-Virtual-Ethernet2/0/1] ip address 100.1.1.2 24 [NPE-Virtual-Ethernet2/0/1] quit

# Configure CE1.
<Quidway> system-view [Quidway] sysname CE1 [CE1] interface pos 1/0/0 [CE1-Pos1/0/0] mtu 1500 [CE1-Pos1/0/0] ip address 100.1.1.1 24 [CE1-Pos1/0/0] undo shutdown [CE1-Pos1/0/0] quit

# Configure PE2.
<Quidway> system-view [Quidway] sysname PE2 [PE2] ip vpn-instance VPN1 [PE2-vpn-instance-VPN1] route-distinguisher 200:1 [PE2-vpn-instance-VPN1] vpn-target 111:1 both [PE2-vpn-instance-VPN1] quit [PE2] interface gigabitethernet1/0/0 [PE2-GigabitEthernet1/0/0] ip binding vpn-instance VPN1 [PE2-GigabitEthernet1/0/0] ip address 100.2.1.1 24 [PE2-GigabitEthernet1/0/0] undo shutdown [PE2-GigabitEthernet1/0/0] quit

# Configure CE2.
<Quidway> system-view [Quidway] sysname CE2 [CE2] interface gigabitethernet1/0/0 [CE2-GigabitEthernet1/0/0] ip address 100.2.1.2 24 [CE2-GigabitEthernet1/0/0] undo shutdown [CE2-GigabitEthernet1/0/0] quit

After the configuration is complete, run the display ip vpn-instance verbose command on the NPE and PE2. You can view the configurations of the VPN instance. The NPE and PE can ping through the CE devices that they are connected to.
8-24 Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd. Issue 03 (2008-09-22)

Quidway NetEngine80E/40E Core Router Configuration Guide - VPN


NOTE

8 Access of L2VPN to L3VPN Configuration

If the PE has multiple interfaces bound to the same VPN, and the ping -vpn-instance command is used to ping the CE device that the peer PE accesses, specify the source IP address; that is, specify the -a source-ip-address in the ping -vpn-instance vpn-instance-name -a source-ip-address dest-ipaddress command; otherwise, the ping command fails.

Take the NPE as an example:


[NPE] display ip vpn-instance verbose Total VPN-Instances configured : 1 VPN-Instance Name and ID : VPN1, 1 Create date : 2007/09/21 11:30:35 Up time : 0 days, 00 hours, 05 minutes and 19 seconds Route Distinguisher : 200:1 Export VPN Targets : 111:1 Import VPN Targets : 111:1 Label policy: label per route The diffserv-mode Information is : uniform The ttl-mode Information is : pipe Interfaces : Virtual-Ethernet2/0/1 [NPE] ping -vpn-instance VPN1 100.1.1.1 PING 100.1.1.1: 56 data bytes, press CTRL_C to break Reply from 100.1.1.1: bytes=56 Sequence=1 ttl=255 time=56 ms Reply from 100.1.1.1: bytes=56 Sequence=2 ttl=255 time=4 ms Reply from 100.1.1.1: bytes=56 Sequence=3 ttl=255 time=4 ms Reply from 100.1.1.1: bytes=56 Sequence=4 ttl=255 time=52 ms Reply from 100.1.1.1: bytes=56 Sequence=5 ttl=255 time=3 ms --- 100.1.1.1 ping statistics --5 packet(s) transmitted 5 packet(s) received 0.00% packet loss round-trip min/avg/max = 3/23/56 ms

9.

Set up EBGP peer relationships between PEs and CEs, and import the VPN routes. # Configure CE1.
[CE1] bgp 65010 [CE1-bgp] peer 100.1.1.2 as-number 100 [CE1-bgp] import-route direct

# Configure CE2.
[CE2] bgp 65020 [CE2-bgp] peer 100.2.1.1 as-number 100 [CE2-bgp] import-route direct

# Configure the NPE.


[NPE] bgp 100 [NPE-bgp] ipv4-family vpn-instance VPN1 [NPE-bgp-VPN1] peer 100.1.1.1 as-number 65010 [NPE-bgp-VPN1] import-route direct [NPE-bgp-VPN1] quit

# Configure PE2.
[PE2] bgp 100 [PE2-bgp] ipv4-family vpn-instance VPN1 [PE2-bgp-VPN1] peer 100.2.1.2 as-number 65020 [PE2-bgp-VPN1] import-route direct [PE2-bgp-VPN1] quit

10. Set up MP-IBGP peer relationships between the NPE and PE2. # Configure the NPE.
[NPE] bgp 100 [NPE-bgp] peer 4.4.4.9 as-number 100 [NPE-bgp] peer 4.4.4.9 connect-interface loopback 1 [NPE-bgp] ipv4-family vpnv4 [NPE-bgp-af-vpnv4] peer 4.4.4.9 enable [NPE-bgp-af-vpnv4] quit

# Configure PE2.
Issue 03 (2008-09-22) Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd. 8-25

8 Access of L2VPN to L3VPN Configuration

Quidway NetEngine80E/40E Core Router Configuration Guide - VPN

[PE2] bgp 100 [PE2-bgp] peer 3.3.3.9 as-number 100 [PE2-bgp] peer 3.3.3.9 connect-interface loopback 1 [PE2-bgp] ipv4-family vpnv4 [PE2-bgp-af-vpnv4] peer 3.3.3.9 enable [PE2-bgp-af-vpnv4] quit

11. Verify the configuration. CE1 and CE2 can ping through each other. Take CE1 as example:
[CE1] ping 100.2.1.2 PING 100.2.1.2: 56 data bytes, press CTRL_C to break Reply from 100.2.1.2: bytes=56 Sequence=1 ttl=255 time=31 ms Reply from 100.2.1.2: bytes=56 Sequence=2 ttl=255 time=10 ms Reply from 100.2.1.2: bytes=56 Sequence=3 ttl=255 time=5 ms Reply from 100.2.1.2: bytes=56 Sequence=4 ttl=255 time=2 ms Reply from 100.2.1.2: bytes=56 Sequence=5 ttl=255 time=28 ms --- 100.2.1.2 ping statistics --5 packet(s) transmitted 5 packet(s) received 0.00% packet loss round-trip min/avg/max = 2/15/31 ms

Configuration Files
l

Configuration file of UPE


# sysname UPE # mpls lsr-id 1.1.1.9 mpls # mpls l2vpn mpls l2vpn default martini # mpls ldp # mpls ldp remote-peer 1 remote-ip 3.3.3.9 # interface Pos1/0/0 mtu 1500 undo shutdown link-protocol ppp ip address 100.1.1.2 255.255.255.0 mpls l2vc 3.3.3.9 101 ip-interworking # interface Pos2/0/0 undo shutdown link-protocol ppp ip address 10.2.1.1 255.255.255.0 mpls mpls ldp # interface LoopBack1 ip address 1.1.1.9 255.255.255.255 # ospf 1 area 0.0.0.0 network 1.1.1.9 0.0.0.0 network 10.2.1.0 0.0.0.255 # return

Configuration file of P
# sysname P # mpls lsr-id 2.2.2.9

8-26

Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd.

Issue 03 (2008-09-22)

Quidway NetEngine80E/40E Core Router Configuration Guide - VPN


mpls # mpls ldp # interface Pos1/0/0 undo shutdown link-protocol ppp ip address 10.2.2.1 255.255.255.0 mpls mpls ldp # interface Pos2/0/0 undo shutdown link-protocol ppp ip address 10.2.1.2 255.255.255.0 mpls mpls ldp # interface LoopBack1 ip address 2.2.2.9 255.255.255.255 # ospf 1 area 0.0.0.0 network 2.2.2.9 0.0.0.0 network 10.2.1.0 0.0.0.255 network 10.2.2.0 0.0.0.255 # return l

8 Access of L2VPN to L3VPN Configuration

Configuration file of NPE


# sysname NPE # ip vpn-instance VPN1 route-distinguisher 200:1 vpn-target 111:1 export-extcommunity vpn-target 111:1 import-extcommunity # mpls lsr-id 3.3.3.9 mpls # mpls l2vpn mpls l2vpn default martini # mpls ldp # mpls ldp remote-peer 1 remote-ip 1.1.1.9 # isis 1 network-entity 10.0000.0000.0001.00 # interface Pos1/0/0 undo shutdown link-protocol ppp ip address 10.3.3.1 255.255.255.0 isis enable 1 mpls mpls ldp # interface Pos2/0/0 undo shutdown link-protocol ppp ip address 10.2.2.2 255.255.255.0 mpls mpls ldp # interface Virtual-Ethernet2/0/0 ve-group 1 l2-terminate local-ce ip 100.1.1.2

Issue 03 (2008-09-22)

Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd.

8-27

8 Access of L2VPN to L3VPN Configuration


mpls l2vc 1.1.1.9 101 ip-interworking # interface Virtual-Ethernet2/0/1 ve-group 1 l3-access ip binding vpn-instance VPN1 ip address 100.1.1.2 255.255.255.0 # interface LoopBack1 ip address 3.3.3.9 255.255.255.255 isis enable 1 # bgp 100 peer 4.4.4.9 as-number 100 peer 4.4.4.9 connect-interface LoopBack1 # ipv4-family unicast undo synchronization peer 4.4.4.9 enable # ipv4-family vpnv4 policy vpn-target peer 4.4.4.9 enable # ipv4-family vpn-instance VPN1 peer 100.1.1.1 as-number 65010 import-route direct # ospf 1 area 0.0.0.0 network 3.3.3.9 0.0.0.0 network 10.2.2.0 0.0.0.255 # return l

Quidway NetEngine80E/40E Core Router Configuration Guide - VPN

Configuration file of PE2


# sysname PE2 # ip vpn-instance VPN1 route-distinguisher 200:1 vpn-target 111:1 export-extcommunity vpn-target 111:1 import-extcommunity # mpls lsr-id 4.4.4.9 mpls # mpls ldp # isis 1 network-entity 10.0000.0000.0002.00 # interface GigabitEthernet1/0/0 undo shutdown ip binding vpn-instance VPN1 ip address 100.2.1.1 255.255.255.0 # interface Pos1/0/0 undo shutdown link-protocol ppp ip address 10.3.3.2 255.255.255.0 isis enable 1 mpls mpls ldp # interface LoopBack1 ip address 4.4.4.9 255.255.255.255 isis enable 1 # bgp 100 peer 3.3.3.9 as-number 100

8-28

Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd.

Issue 03 (2008-09-22)

Quidway NetEngine80E/40E Core Router Configuration Guide - VPN

8 Access of L2VPN to L3VPN Configuration

peer 3.3.3.9 connect-interface LoopBack1 # ipv4-family unicast undo synchronization peer 3.3.3.9 enable # ipv4-family vpnv4 policy vpn-target peer 3.3.3.9 enable # ipv4-family vpn-instance VPN1 peer 100.2.1.2 as-number 65020 import-route direct # return l

Configuration file of CE1


# sysname CE1 # interface Pos1/0/0 mtu 1500 undo shutdown link-protocol ppp ip address 100.1.1.1 255.255.255.0 # bgp 65010 peer 100.1.1.2 as-number 100 # ipv4-family unicast undo synchronization import-route direct peer 100.1.1.2 enable # Return

Configuration file of CE2


# sysname CE2 # interface GigabitEthernet1/0/0 undo shutdown ip address 100.2.1.2 255.255.255.0 # bgp 65020 peer 100.2.1.1 as-number 100 # ipv4-family unicast undo synchronization import-route direct peer 100.2.1.1 enable # return

8.5.2 Example for Configuring the Access of Martini VLL to the Public Network
Networking Requirements
As shown in Figure 8-7, the Martini VLL access network consists of the UPE, the P, and the NPE. The CE accesses the public network through the VLL.
l

Create VE 2/0/0 and VE 2/0/1 on the NPE. VE 2/0/0 serves as the L2VE to terminate the VLL, and VE 2/0/1 serves as the L3VE to access the public network.
Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd. 8-29

Issue 03 (2008-09-22)

8 Access of L2VPN to L3VPN Configuration


l

Quidway NetEngine80E/40E Core Router Configuration Guide - VPN

OSPF is used to advertise the public network routes, and the OPSF process ID is 2.

Figure 8-7 Networking diagram of configuring the Martini VLL to public network
Loopback1 1.1.1.9/32 POS 2/0/0 10.2.1.2/24 POS 2/0/0 10.2.1.1/24 P Loopback1 2.2.2.9/32 POS 1/0/0 10.2.2.1/24 POS 2/0/0 10.2.2.2/24 VE 2/0/0 NPE Loopback1 3.3.3.9/32

UPE GE 1/0/0.1

Internet

Martini VLL GE 1/0/0.1 100.1.1.1/24

VE 2/0/1 100.1.1.2/24

CE

Configuration Roadmap
The configuration roadmap is as follows: 1. 2. Create L2VE and L3VE interfaces on the NPE. Bind them to the same VE-group. Configure the Martini VLL:
l

Configure routing protocols for the devices (UPE, P, and NPE) on access network to make the devices communicate, and enable MPLS. The default tunnel policy is used in the example. LSPs are created to transmit user data. Enable MPLS L2VPN on PEs and establish VCs.

l l

3.

Configure the access of the CE to the public network.

Data Preparation
To complete the configuration, you need the following data:
l l

VE-group number IP address for VE 2/0/1

Configuration Procedure
1. Create two VE interfaces on the NPE, and bind them to the same VE-group. # Create VE 2/0/0 to terminate the MPLS L2VPN.
<Quidway> system-view [Quidway] sysname NPE [NPE] interface virtual-ethernet2/0/0 [NPE-Virtual-Ethernet2/0/0] ve-group 1 l2-terminate [NPE-Virtual-Ethernet2/0/0] quit

# Create VE 2/0/1 to access the MPLS L3VPN.


[NPE] interface virtual-ethernet2/0/1 [NPE-Virtual-Ethernet2/0/1] ve-group 1 l3-access [NPE-Virtual-Ethernet2/0/1] quit

8-30

Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd.

Issue 03 (2008-09-22)

Quidway NetEngine80E/40E Core Router Configuration Guide - VPN

8 Access of L2VPN to L3VPN Configuration

After the configuration is complete, run the display virtual-ethernet ve-group command. You can view the binding relationship between VE interfaces and a VE-group.
[NPE] display virtual-ethernet ve-group Ve-groupID L2VE 1 Virtual-Ethernet2/0/0 Total 1, 1 printed L3VE Virtual-Ethernet2/0/1

2.

Run an IGP on the VLL access network. OSPF is used in the example. The configuration details are not mentioned here. Configure the addresses for the interfaces of the UPE, the P, and the NPE according to Figure 8-7. When configuring OSPF, advertise the 32-bit loopback interface addresses of the UPE, the P, and the NPE. For more configurations, see "Configuration Files."

3.

Configure basic MPLS functions and LDP on the access network. # Configure the UPE.
<Quidway> system-view [Quidway] sysname UPE [UPE] mpls lsr-id 1.1.1.9 [UPE] mpls [UPE-mpls] quit [UPE] mpls ldp [UPE-mpls-ldp] quit [UPE] interface pos 2/0/0 [UPE-Pos2/0/0] mpls [UPE-Pos2/0/0] mpls ldp [UPE-Pos2/0/0] quit

# Configure the P.
<Quidway> system-view [Quidway] sysname P [P] mpls lsr-id 2.2.2.9 [P] mpls [P-mpls] quit [P] mpls ldp [P-mpls-ldp] quit [P] interface pos 1/0/0 [P-Pos1/0/0] mpls [P-Pos1/0/0] mpls ldp [P-Pos1/0/0] quit [P] interface pos 2/0/0 [P-Pos2/0/0] mpls [P-Pos2/0/0] mpls ldp [P-Pos2/0/0] quit

# Configure the NPE.


[NPE] mpls lsr-id 3.3.3.9 [NPE] mpls [NPE-mpls] quit [NPE] mpls ldp [NPE-mpls-ldp] quit [NPE] interface pos 2/0/0 [NPE-Pos2/0/0] mpls [NPE-Pos2/0/0] mpls ldp [NPE-Pos2/0/0] quit

4.

Establish a remote LDP session between the UPE and the NPE. # Configure the UPE.
[UPE] mpls ldp remote-peer 1 [UPE-mpls-ldp-remote-1] remote-ip 3.3.3.9 [UPE-mpls-ldp-remote-1] quit

# Configure the NPE.


[NPE] mpls ldp remote-peer 1 [NPE-mpls-ldp-remote-1] remote-ip 1.1.1.9

Issue 03 (2008-09-22)

Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd.

8-31

8 Access of L2VPN to L3VPN Configuration


[NPE-mpls-ldp-remote-1] quit

Quidway NetEngine80E/40E Core Router Configuration Guide - VPN

5.

Enable MPLS L2VPN on the UPE and the NPE, and establish VCs.
NOTE

The default VC type of a VLL on a VE interface is Ethernet. Therefore, when creating an L2VC on the UPE, you need to specify raw to change the VC type to Ethernet so that the encapsulation types at both ends of a VC are the same.

# Configure the UPE.


[UPE] mpls l2vpn [UPE-l2vpn] mpls l2vpn default martini [UPE-l2vpn] quit [UPE] interface gigabitethernet 1/0/0.1 [UPE-GigabitEthernet1/0/0.1] shutdown [UPE-GigabitEthernet1/0/0.1] vlan-type dot1q 10 [UPE-GigabitEthernet1/0/0.1] mpls l2vc 3.3.3.9 101 raw [UPE-GigabitEthernet1/0/0.1] undo shutdown [UPE-GigabitEthernet1/0/0.1] quit

# Configure the NPE.


[NPE] mpls l2vpn [NPE-l2vpn] mpls l2vpn default martini [NPE-l2vpn] quit [NPE] interface virtual-ethernet2/0/0 [NPE-Virtual-Ethernet2/0/0] mpls l2vc 1.1.1.9 101 [NPE-Virtual-Ethernet2/0/0] quit

6.

Verify the configuration. Check the L2VPN connection on the PE. You can view that an L2VC in the Up state is set up. Take the NPE as an example.
[NPE] display mpls l2vc Total ldp vc : 1 1 up 0 down *Client Interface : Virtual-Ethernet2/0/0 Session State : up AC Status : up VC State : up VC ID : 101 VC Type : ethernet Destination : 1.1.1.9 local VC label : 140288 remote VC label : 140292 control word : disable forwarding entry : not exist local group ID : 0 manual fault : not set active state : active link state : up local VC MTU : 1500 remote VC MTU : 1500 tunnel policy name : lsp traffic behavior name: -PW template name : -primary or secondary : primary create time : 0 days, 0 hours, 30 minutes, 18 seconds up time : 0 days, 0 hours, 0 minutes, 0 seconds last change time : 0 days, 0 hours, 30 minutes, 18 seconds

7.

Configure the access of CE to the public network. # Configure the NPE.


[NPE] interface virtual-ethernet2/0/1 [NPE-Virtual-Ethernet2/0/1] ip address 100.1.1.2 24 [NPE-Virtual-Ethernet2/0/1] quit [NPE] ospf 2 [NPE-ospf-2] area 0 [NPE-ospf-2-area-0.0.0.0] network 100.1.1.0 0.0.0.255 [NPE-ospf-2-area-0.0.0.0] quit

8-32

Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd.

Issue 03 (2008-09-22)

Quidway NetEngine80E/40E Core Router Configuration Guide - VPN


[NPE-ospf-2] quit

8 Access of L2VPN to L3VPN Configuration

Configure CE.
<Quidway> system-view [Quidway] sysname CE [CE] interface gigabitethernet1/0/0.1 [CE-GigabitEthernet1/0/0.1] vlan-type dot1q 10 [CE-GigabitEthernet1/0/0.1] ip address 100.1.1.1 24 [CE-GigabitEthernet1/0/0.1] quit [CE] ospf 2 [CE-ospf-2] area 0 [CE-ospf-2-area-0.0.0.0] network 100.1.1.0 0.0.0.255 [CE-ospf-2-area-0.0.0.0] quit [CE-ospf-2] quit

8.

Verify the configuration. # The CE and NPE can ping through each other through VE 2/0/1. Take CE as example:
[CE] ping 100.1.1.2 PING 100.1.1.2: 56 data bytes, press CTRL_C to break Reply from 100.1.1.2: bytes=56 Sequence=1 ttl=255 time=31 ms Reply from 100.1.1.2: bytes=56 Sequence=2 ttl=255 time=10 ms Reply from 100.1.1.2: bytes=56 Sequence=3 ttl=255 time=5 ms Reply from 100.1.1.2: bytes=56 Sequence=4 ttl=255 time=2 ms Reply from 100.1.1.2: bytes=56 Sequence=5 ttl=255 time=28 ms --- 100.1.1.2 ping statistics --5 packet(s) transmitted 5 packet(s) received 0.00% packet loss round-trip min/avg/max = 2/15/31 ms

Configuration Files
l

Configuration file of the UPE


# sysname UPE # mpls lsr-id 1.1.1.9 mpls # mpls l2vpn mpls l2vpn default martini # mpls ldp # mpls ldp remote-peer 1 remote-ip 3.3.3.9 # interface GigabitEthernet1/0/0 undo shutdown # interface GigabitEthernet1/0/0.1 vlan-type dot1q 10 mpls l2vc 3.3.3.9 101 raw # interface Pos2/0/0 undo shutdown link-protocol ppp ip address 10.2.1.1 255.255.255.0 mpls mpls ldp # interface LoopBack1 ip address 1.1.1.9 255.255.255.255 # ospf 1 area 0.0.0.0

Issue 03 (2008-09-22)

Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd.

8-33

8 Access of L2VPN to L3VPN Configuration


network 1.1.1.9 0.0.0.0 network 10.2.1.0 0.0.0.255 # return l

Quidway NetEngine80E/40E Core Router Configuration Guide - VPN

Configuration file of the P


# sysname P # mpls lsr-id 2.2.2.9 mpls # mpls ldp # interface Pos1/0/0 undo shutdown link-protocol ppp ip address 10.2.2.1 255.255.255.0 mpls mpls ldp # interface Pos2/0/0 undo shutdown link-protocol ppp ip address 10.2.1.2 255.255.255.0 mpls mpls ldp # interface LoopBack1 ip address 2.2.2.9 255.255.255.255 # ospf 1 area 0.0.0.0 network 2.2.2.9 0.0.0.0 network 10.2.1.0 0.0.0.255 network 10.2.2.0 0.0.0.255 # return

Configuration file of the NPE


# sysname NPE # mpls lsr-id 3.3.3.9 mpls # mpls l2vpn mpls l2vpn default martini # mpls ldp # mpls ldp remote-peer 1 remote-ip 1.1.1.9 # interface Pos2/0/0 undo shutdown link-protocol ppp ip address 10.2.2.2 255.255.255.0 mpls mpls ldp # interface Virtual-Ethernet2/0/0 ve-group 1 l2-terminate mpls l2vc 1.1.1.9 101 # interface Virtual-Ethernet2/0/1 ve-group 1 l3-access ip address 100.1.1.2 255.255.255.0 # interface LoopBack1

8-34

Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd.

Issue 03 (2008-09-22)

Quidway NetEngine80E/40E Core Router Configuration Guide - VPN


ip address 3.3.3.9 255.255.255.255 # ospf 1 area 0.0.0.0 network 3.3.3.9 0.0.0.0 network 10.2.2.0 0.0.0.255 # ospf 2 area 0.0.0.0 network 100.1.1.0 0.0.0.255 # return l

8 Access of L2VPN to L3VPN Configuration

Configuration file of the CE


# sysname CE # interface GigabitEthernet1/0/0 undo shutdown # interface GigabitEthernet1/0/0.1 vlan-type dot1q 10 ip address 100.1.1.1 255.255.255.0 # ospf 2 area 0.0.0.0 network 100.1.1.0 0.0.0.255 # return

8.5.3 Example for Configuring the Access of Martini VPLS to L3VPN


Networking Requirements
As shown in Figure 8-8, the NPE and PE3 serve as the PE of the IP/MPLS backbone network; UPE1 and UPE2 serve as the UPE of the VPLS access network. LDP is used as the signaling protocol between UPE1, UPE2, and the NPE to set up HVPLS. CE1 and CE2 access the MPLS L3VPN on the IP/MPLS backbone network through the VPLS network, and communicate with CE3. Create VE 2/0/0 and VE 2/0/1 on the NPE. VE 2/0/0 terminates the L2VE of VPLS, and the VE 2/0/1 connects to the L3VE on MPLS L3VPN. The networking requirements include:
l l

LDP is used as the signaling protocol of VPLS. HVPLS is set up between UPE1, UPE2, and the NPE; UPE1 and UPE2 serve as the lower layer PE. VPN1 serves as the VPN instance of MPLS L3VPN; the route-distinguisher is 200:1; the vpn-target is 111:1. The backbone network belongs to AS 100. The NPE exchanges the VPN routing information with the peer PE (PE3) at MPLS L3VPN through IBGP. CE1, CE2, and the NPE exchange the VPN routing information through OSPF. CE3 and PE3 exchange the VPN routing information through OSPF.

l l

Issue 03 (2008-09-22)

Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd.

8-35

8 Access of L2VPN to L3VPN Configuration

Quidway NetEngine80E/40E Core Router Configuration Guide - VPN

Figure 8-8 Networking diagram of configuring the access of Martini VPLS to L3VPN
IP/MPLS core network

Loopback1 4.4.4.9/32

Loopback1 5.5.5.9/32 POS2/0/0 40.1.1.2/24

NPE

POS1/0/0 40.1.1.1/24 POS2/0/0 30.1.1.2/24

PE3

GE1/0/0.1 200.1.1.1/24

Access network

Loopback1 3.3.3.9/32

POS1/0/0 30.1.1.1/24

GE1/0/0.1 200.1.1.2/24

P
POS2/0/0 10.1.1.2/24 Loopback1 1.1.1.9/32 POS2/0/0 10.1.1.1/24 POS2/0/0 20.1.1.1/24 POS3/0/0 20.1.1.2/24 Loopback1 2.2.2.9/32

CE3

UPE1
GE1/0/0.1

UPE2
GE1/0/0.1

GE1/0/0.1 100.1.1.1/24

GE1/0/0.1 100.1.1.2/24

CE1

CE2

Configuration Roadmap
The configuration roadmap is as follows: 1. 2. 3. Configure the MPLS L3VPN backbone network. Create the L2VE interface on NPE to terminate the VPLS, and the L3VE interface to access L3VPN. Bind them to the same VE-group. To configure Martini HVPLS, perform the following procedures:
l

Configure routing protocols for the devices on the access network including the UPE, the P, and the NPE to make them communicate, and enable MPLS. Create a VSI instance on the NPE, and specify the lower layer PE to be the UPE of the VSI. Create a VSI instance on one UPE, and specify the NPE as the peer of the VSI.

4.

Configure the access of CE devices to L3VPN. OSPF is used to exchange VPN routing information between CE1, CE2 and the NPE.
Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd. Issue 03 (2008-09-22)

8-36

Quidway NetEngine80E/40E Core Router Configuration Guide - VPN

8 Access of L2VPN to L3VPN Configuration

Data Preparation
To complete the configuration, you need the following data:
l l l

VE-group number IP addresses of VE interfaces Names of VPN instances for MPLS L3VPN

Configuration Procedure
1. Configure an IP address for each interface. The configuration details are not mentioned here. Configure the IP addresses for physical interfaces and the loopback interface according to Figure 8-8. The configuration details are not mentioned here. 2. Create VE 2/0/0 and VE 2/0/1 on the NPE, and bind them to the same VE-group. # Create VE 2/0/0 to terminate the MPLS L2VPN.
<Quidway> system-view [Quidway] sysname NPE [NPE] interface virtual-ethernet2/0/0 [NPE-Virtual-Ethernet2/0/0] ve-group 1 l2-terminate [NPE-Virtual-Ethernet2/0/0] quit

# Create VE 2/0/1 to access the MPLS L3VPN.


[NPE] interface virtual-ethernet2/0/1 [NPE-Virtual-Ethernet2/0/1] ve-group 1 l3-access [NPE-Virtual-Ethernet2/0/1] quit

After the configuration is complete, run the display virtual-ethernet ve-group command on the NPE. You can view the binding relationship between VE interfaces and a VE-group.
[NPE] display virtual-ethernet ve-group Ve-groupID L2VE 1 Virtual-Ethernet2/0/0 Total 1, 1 printed L3VE Virtual-Ethernet2/0/1

3.

Run an IGP on the VPLS access network. OSPF is used in the example. The configuration details are not mentioned here. When configuring OSPF, advertise the 32-bit loopback interface addresses of the UPE, the P, and the NPE. For more configurations, see "Configuration Files."

4.

Configure basic MPLS functions and LDP on the VPLS access network. # Configure UPE1.
<Quidway> system-view [Quidway] sysname UPE1 [UPE1] mpls lsr-id 1.1.1.9 [UPE1] mpls [UPE1-mpls] quit [UPE1] mpls ldp [UPE1-mpls-ldp] quit [UPE1] interface pos 2/0/0 [UPE1-Pos2/0/0] mpls [UPE1-Pos2/0/0] mpls ldp [UPE1-Pos2/0/0] undo shutdown [UPE1-Pos2/0/0] quit

# Configure UPE2.
<Quidway> system-view [Quidway] sysname UPE2 [UPE2] mpls lsr-id 2.2.2.9 [UPE2] mpls

Issue 03 (2008-09-22)

Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd.

8-37

8 Access of L2VPN to L3VPN Configuration


[UPE2-mpls] quit [UPE2] mpls ldp [UPE2-mpls-ldp] quit [UPE2] interface pos 2/0/0 [UPE2-Pos2/0/0] mpls [UPE2-Pos2/0/0] mpls ldp [UPE2-Pos2/0/0] undo shutdown [UPE2-Pos2/0/0] quit

Quidway NetEngine80E/40E Core Router Configuration Guide - VPN

# Configure the P.
<Quidway> system-view [Quidway] sysname P [P] mpls lsr-id 3.3.3.9 [P] mpls [P-mpls] quit [P] mpls ldp [P-mpls-ldp] quit [P] interface pos 1/0/0 [P-Pos1/0/0] mpls [P-Pos1/0/0] mpls ldp [P-Pos1/0/0] undo shutdown [P-Pos1/0/0] quit [P] interface pos 2/0/0 [P-Pos2/0/0] mpls [P-Pos2/0/0] mpls ldp [P-Pos2/0/0] undo shutdown [P-Pos2/0/0] quit [P] interface pos 3/0/0 [P-Pos3/0/0] mpls [P-Pos3/0/0] mpls ldp [P-Pos3/0/0] undo shutdown [P-Pos3/0/0] quit

# Configure the NPE.


[NPE] mpls lsr-id 4.4.4.9 [NPE] mpls [NPE-mpls] quit [NPE] mpls ldp [NPE-mpls-ldp] quit [NPE] interface pos 2/0/0 [NPE-Pos2/0/0] mpls [NPE-Pos2/0/0] mpls ldp [NPE-Pos2/0/0] undo shutdown [NPE-Pos2/0/0] quit

5.

Establish remote LDP sessions between the NPE and UPE. # Configure UPE1.
[UPE1] mpls ldp remote-peer npe [UPE1-mpls-ldp-remote-npe] remote-ip 4.4.4.9 [UPE1-mpls-ldp-remote-npe] quit

# Configure UPE2.
[UPE2] mpls ldp remote-peer npe [UPE2-mpls-ldp-remote-npe] remote-ip 4.4.4.9 [UPE2-mpls-ldp-remote-npe] quit

# Configure the NPE.


[NPE] mpls ldp remote-peer [NPE-mpls-ldp-remote-upe1] [NPE-mpls-ldp-remote-upe1] [NPE] mpls ldp remote-peer [NPE-mpls-ldp-remote-upe2] [NPE-mpls-ldp-remote-upe2] upe1 remote-ip 1.1.1.9 quit upe2 remote-ip 2.2.2.9 quit

6.

Create a VSI on the PE, and bind it to an interface. # Configure UPE1.


[UPE1] mpls l2vpn [UPE1-l2vpn] quit

8-38

Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd.

Issue 03 (2008-09-22)

Quidway NetEngine80E/40E Core Router Configuration Guide - VPN

8 Access of L2VPN to L3VPN Configuration

[UPE1] vsi a2 static [UPE1-vsi-a2] pwsignal ldp [UPE1-vsi-a2-ldp] vsi-id 2 [UPE1-vsi-a2-ldp] peer 4.4.4.9 [UPE1-vsi-a2-ldp] quit [UPE1-vsi-a2] quit [UPE1] interface gigabitethernet 1/0/0.1 [UPE1-GigabitEthernet1/0/0.1] shutdown [UPE1-GigabitEthernet1/0/0.1] vlan-type dot1q 10 [UPE1-GigabitEthernet1/0/0.1] l2 binding vsi a2 [UPE1-GigabitEthernet1/0/0.1] undo shutdown [UPE1-GigabitEthernet1/0/0.1] quit

# Configure UPE2.
[UPE2] mpls l2vpn [UPE2-l2vpn] quit [UPE2] vsi a2 static [UPE2-vsi-a2] pwsignal ldp [UPE2-vsi-a2-ldp] vsi-id 2 [UPE2-vsi-a2-ldp] peer 4.4.4.9 [UPE2-vsi-a2-ldp] quit [UPE2-vsi-a2] quit [UPE2] interface gigabitethernet 1/0/0.1 [UPE2-GigabitEthernet1/0/0.1] shutdown [UPE2-GigabitEthernet1/0/0.1] vlan-type dot1q 10 [UPE2-GigabitEthernet1/0/0.1] l2 binding vsi a2 [UPE2-GigabitEthernet1/0/0.1] undo shutdown [UPE2-GigabitEthernet1/0/0.1] quit

# Configure the NPE.


[NPE] mpls l2vpn [NPE-l2vpn] quit [NPE] vsi a2 static [NPE-vsi-a2] pwsignal ldp [NPE-vsi-a2-ldp] vsi-id 2 [NPE-vsi-a2-ldp] peer 1.1.1.9 upe [NPE-vsi-a2-ldp] peer 2.2.2.9 upe [NPE-vsi-a2-ldp] quit [NPE-vsi-a2] quit [NPE] interface virtual-ethernet2/0/0 [NPE-Virtual-Ethernet2/0/0] l2 binding vsi a2 [NPE-Virtual-Ethernet2/0/0] quit

After the configuration is complete, check the VSI connections on the NPE. You can view that two PWs are set up. Take the NPE as an example.
[NPE] display vsi name a2 verbose ***VSI Name : a2 Administrator VSI : no Isolate Spoken : disable VSI Index : 0 PW Signaling : ldp Member Discovery Style : static PW MAC Learn Style : unqualify Encapsulation Type : vlan MTU : 1500 Diffserv Mode : uniform Service Class : -Color : -DomainId : 255 Domain Name : VSI State : up VSI ID : 2 *Peer Router ID : 1.1.1.9 VC Label : 23552 Peer Type : dynamic Session : up Tunnel ID : 0x1002000, *Peer Router ID : 2.2.2.9

Issue 03 (2008-09-22)

Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd.

8-39

8 Access of L2VPN to L3VPN Configuration


VC Label Peer Type Session Tunnel ID Interface Name State **PW Information: *Peer Ip Address PW State Local VC Label Remote VC Label PW Type Tunnel ID *Peer Ip Address PW State Local VC Label Remote VC Label PW Type Tunnel ID : : : : : : : : : : : : : : : : : :

Quidway NetEngine80E/40E Core Router Configuration Guide - VPN


23553 dynamic up 0x1002002, Virtual-Ethernet2/0/0 up 1.1.1.9 up 23552 23552 MEHVPLS 0x1002000, 2.2.2.9 up 23553 23552 MEHVPLS 0x1002002,

7.

Run the IGP on the MPLS backbone network. IS-IS is used as the IGP protocol in this example. When configuring the IS-IS, advertise the 32-bit loopback interface addresses of PE3 and the NPE. For more configurations, see "Configuration Files."

8.

Create VPN instances, and configure the CEs to access the instances. # Configure the NPE.
[NPE] ip vpn-instance VPN1 [NPE-vpn-instance-VPN1] route-distinguisher 200:1 [NPE-vpn-instance-VPN1] vpn-target 111:1 both [NPE-vpn-instance-VPN1] quit [NPE] interface virtual-ethernet2/0/1 [NPE-Virtual-Ethernet2/0/1] ip binding vpn-instance VPN1 [NPE-Virtual-Ethernet2/0/1] ip address 100.1.1.3 24 [NPE-Virtual-Ethernet2/0/1] quit

# Configure CE1.
<Quidway> system-view [Quidway] sysname CE1 [CE1] interface gigabitethernet1/0/0.1 [CE1-GigabitEthernet1/0/0.1] vlan-type dot1q 10 [CE1-GigabitEthernet1/0/0.1] ip address 100.1.1.1 24 [CE1-GigabitEthernet1/0/0.1] quit

# Configure CE2.
<Quidway> system-view [Quidway] sysname CE2 [CE2] interface gigabitethernet1/0/0.1 [CE2-GigabitEthernet1/0/0.1] vlan-type dot1q 10 [CE2-GigabitEthernet1/0/0.1] ip address 100.1.1.2 24 [CE2-GigabitEthernet1/0/0.1] quit

# Configure PE3.
<Quidway> system-view [Quidway] sysname PE3 [PE3] ip vpn-instance VPN1 [PE3-vpn-instance-VPN1] route-distinguisher 200:1 [PE3-vpn-instance-VPN1] vpn-target 111:1 both [PE3-vpn-instance-VPN1] quit [PE3] interface gigabitethernet1/0/0.1 [PE3-GigabitEthernet1/0/0.1] vlan-type dot1q 10 [PE3-GigabitEthernet1/0/0.1] ip binding vpn-instance VPN1 [PE3-GigabitEthernet1/0/0.1] ip address 200.1.1.1 24 [PE3-GigabitEthernet1/0/0.1] quit

# Configure CE3.
8-40 Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd. Issue 03 (2008-09-22)

Quidway NetEngine80E/40E Core Router Configuration Guide - VPN

8 Access of L2VPN to L3VPN Configuration

<Quidway> system-view [Quidway] sysname CE3 [CE3] interface gigabitethernet1/0/0.1 [CE3-GigabitEthernet1/0/0.1] vlan-type dot1q 10 [CE3-GigabitEthernet1/0/0.1] ip address 200.1.1.2 24 [CE3-GigabitEthernet1/0/0.1] quit

9.

Configure OSPF between the PE and CE devices, and import the VPN routes. # Configure the NPE.
[NPE] ospf 100 vpn-instance VPN1 [NPE-ospf-100] domain-id 10 [NPE-ospf-100] import-route bgp [NPE-ospf-100] area 0 [NPE-ospf-100-area-0.0.0.0] network 100.1.1.0 0.0.0.255 [NPE-ospf-100-area-0.0.0.0] quit [NPE-ospf-100] quit [NPE] bgp 100 [NPE-bgp] ipv4-family vpn-instance VPN1 [NPE-bgp-VPN1] import-route direct [NPE-bgp-VPN1] import-route ospf 100 [NPE-bgp-VPN1] quit [NPE-bgp] quit

# Configure CE1.
[CE1] ospf 100 [CE1-ospf-100] area 0 [CE1-ospf-100-area-0.0.0.0] network 100.1.1.0 0.0.0.255 [CE1-ospf-100-area-0.0.0.0] quit [CE1-ospf-100] quit

# Configure CE2.
[CE2] ospf 100 [CE2-ospf-100] area 0 [CE2-ospf-100-area-0.0.0.0] network 100.1.1.0 0.0.0.255 [CE2-ospf-100-area-0.0.0.0] quit [CE2-ospf-100] quit

# Configure PE3.
[PE3] ospf 100 vpn-instance VPN1 [PE3-ospf-100] domain-id 10 [PE3-ospf-100] import-route bgp [PE3-ospf-100] area 0 [PE3-ospf-100-area-0.0.0.0] network 200.1.1.0 0.0.0.255 [PE3-ospf-100-area-0.0.0.0] quit [PE3-ospf-100] quit [PE3] bgp 100 [PE3-bgp] ipv4-family vpn-instance VPN1 [PE3-bgp-VPN1] import-route direct [PE3-bgp-VPN1] import-route ospf 100 [PE3-bgp-VPN1] quit [PE3-bgp] quit

# Configure CE3.
[CE3] ospf 100 [CE3-ospf-100] area 0 [CE3-ospf-100-area-0.0.0.0] network 200.1.1.0 0.0.0.255 [CE3-ospf-100-area-0.0.0.0] quit [CE3-ospf-100] quit

10. Set up MP-IBGP peer relationships between the NPE and PE3. # Configure the NPE.
[NPE] bgp 100 [NPE-bgp] peer 5.5.5.9 as-number 100 [NPE-bgp] peer 5.5.5.9 connect-interface loopback 1 [NPE-bgp] ipv4-family vpnv4 [NPE-bgp-af-vpnv4] peer 5.5.5.9 enable [NPE-bgp-af-vpnv4] quit

Issue 03 (2008-09-22)

Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd.

8-41

8 Access of L2VPN to L3VPN Configuration

Quidway NetEngine80E/40E Core Router Configuration Guide - VPN

# Configure PE3.
[PE3] bgp 100 [PE3-bgp] peer 4.4.4.9 as-number 100 [PE3-bgp] peer 4.4.4.9 connect-interface loopback 1 [PE3-bgp] ipv4-family vpnv4 [PE3-bgp-af-vpnv4] peer 4.4.4.9 enable [PE3-bgp-af-vpnv4] quit

11. Verify the configuration. CE1, CE2 and CE3 can ping through each other. Take CE1 as example:
[CE1] ping 100.1.1.2 PING 100.1.1.2: 56 data bytes, press CTRL_C to break Reply from 100.1.1.2: bytes=56 Sequence=1 ttl=255 time=31 ms Reply from 100.1.1.2: bytes=56 Sequence=2 ttl=255 time=10 ms Reply from 100.1.1.2: bytes=56 Sequence=3 ttl=255 time=5 ms Reply from 100.1.1.2: bytes=56 Sequence=4 ttl=255 time=2 ms Reply from 100.1.1.2: bytes=56 Sequence=5 ttl=255 time=28 ms --- 100.1.1.2 ping statistics --5 packet(s) transmitted 5 packet(s) received 0.00% packet loss round-trip min/avg/max = 2/15/31 ms [CE1] ping 200.1.1.2 PING 200.1.1.2: 56 data bytes, press CTRL_C to break Reply from 200.1.1.2: bytes=56 Sequence=1 ttl=255 time=31 ms Reply from 200.1.1.2: bytes=56 Sequence=2 ttl=255 time=10 ms Reply from 200.1.1.2: bytes=56 Sequence=3 ttl=255 time=5 ms Reply from 200.1.1.2: bytes=56 Sequence=4 ttl=255 time=2 ms Reply from 200.1.1.2: bytes=56 Sequence=5 ttl=255 time=28 ms --- 200.1.1.2 ping statistics --5 packet(s) transmitted 5 packet(s) received 0.00% packet loss round-trip min/avg/max = 2/15/31 ms

Configuration Files
l

Configuration file of UPE1


# sysname UPE1 # mpls lsr-id 1.1.1.9 mpls # mpls l2vpn # vsi a2 static pwsignal ldp vsi-id 2 peer 4.4.4.9 # mpls ldp # mpls ldp remote-peer npe remote-ip 4.4.4.9 # interface GigabitEthernet1/0/0 undo shutdown # interface GigabitEthernet1/0/0.1 vlan-type dot1q 10 l2 binding vsi a2 # interface Pos2/0/0 undo shutdown link-protocol ppp ip address 10.1.1.1 255.255.255.0

8-42

Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd.

Issue 03 (2008-09-22)

Quidway NetEngine80E/40E Core Router Configuration Guide - VPN


mpls mpls ldp # interface LoopBack1 ip address 1.1.1.9 255.255.255.255 # ospf 1 area 0.0.0.0 network 1.1.1.9 0.0.0.0 network 10.1.1.0 0.0.0.255 # return l

8 Access of L2VPN to L3VPN Configuration

Configuration file of UPE2


# sysname UPE2 # mpls lsr-id 2.2.2.9 mpls # mpls l2vpn # vsi a2 static pwsignal ldp vsi-id 2 peer 4.4.4.9 # mpls ldp # mpls ldp remote-peer npe remote-ip 4.4.4.9 # interface GigabitEthernet1/0/0 undo shutdown # interface GigabitEthernet1/0/0.1 vlan-type dot1q 10 l2 binding vsi a2 # interface Pos2/0/0 undo shutdown link-protocol ppp ip address 20.1.1.1 255.255.255.0 mpls mpls ldp # interface LoopBack1 ip address 2.2.2.9 255.255.255.255 # ospf 1 area 0.0.0.0 network 2.2.2.9 0.0.0.0 network 20.1.1.0 0.0.0.255 # return

Configuration file of P
# sysname P # mpls lsr-id 3.3.3.9 mpls # mpls ldp # interface Pos1/0/0 undo shutdown link-protocol ppp ip address 30.1.1.1 255.255.255.0 mpls

Issue 03 (2008-09-22)

Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd.

8-43

8 Access of L2VPN to L3VPN Configuration


mpls ldp # interface Pos2/0/0 undo shutdown link-protocol ppp ip address 10.1.1.2 255.255.255.0 mpls mpls ldp # interface Pos3/0/0 undo shutdown link-protocol ppp ip address 20.1.1.2 255.255.255.0 mpls mpls ldp # interface LoopBack1 ip address 3.3.3.9 255.255.255.255 # ospf 1 area 0.0.0.0 network 3.3.3.9 0.0.0.0 network 10.1.1.0 0.0.0.255 network 20.1.1.0 0.0.0.255 network 30.1.1.0 0.0.0.255 # return l

Quidway NetEngine80E/40E Core Router Configuration Guide - VPN

Configuration file of NPE


# sysname NPE # ip vpn-instance VPN1 route-distinguisher 200:1 vpn-target 111:1 export-extcommunity vpn-target 111:1 import-extcommunity # mpls lsr-id 4.4.4.9 mpls # mpls l2vpn # vsi a2 static pwsignal ldp vsi-id 2 peer 1.1.1.9 upe peer 2.2.2.9 upe # mpls ldp # mpls ldp remote-peer upe1 remote-ip 1.1.1.9 # mpls ldp remote-peer upe2 remote-ip 2.2.2.9 # isis 1 network-entity 10.0000.0000.0001.00 # interface Pos1/0/0 undo shutdown link-protocol ppp ip address 40.1.1.1 255.255.255.0 isis enable 1 mpls mpls ldp # interface Pos2/0/0 undo shutdown link-protocol ppp

8-44

Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd.

Issue 03 (2008-09-22)

Quidway NetEngine80E/40E Core Router Configuration Guide - VPN

8 Access of L2VPN to L3VPN Configuration

ip address 30.1.1.2 255.255.255.0 mpls mpls ldp # interface Virtual-Ethernet2/0/0 ve-group 1 l2-terminate l2 binding vsi a2 # interface Virtual-Ethernet2/0/1 ve-group 1 l3-access ip binding vpn-instance VPN1 ip address 100.1.1.3 255.255.255.0 # interface LoopBack1 ip address 4.4.4.9 255.255.255.255 isis enable 1 # bgp 100 peer 5.5.5.9 as-number 100 peer 5.5.5.9 connect-interface LoopBack1 # ipv4-family unicast undo synchronization peer 5.5.5.9 enable # ipv4-family vpnv4 policy vpn-target peer 5.5.5.9 enable # ipv4-family vpn-instance VPN1 import-route direct import-route ospf 100 # ospf 1 area 0.0.0.0 network 4.4.4.9 0.0.0.0 network 30.1.1.0 0.0.0.255 # ospf 100 vpn-instance VPN1 import-route bgp domain-id 0.0.0.10 area 0.0.0.0 network 100.1.1.0 0.0.0.255 # return l

Configuration file of PE3


# sysname PE3 # ip vpn-instance VPN1 route-distinguisher 200:1 vpn-target 111:1 export-extcommunity vpn-target 111:1 import-extcommunity # mpls lsr-id 5.5.5.9 mpls # mpls ldp # isis 1 network-entity 10.0000.0000.0002.00 # interface GigabitEthernet1/0/0 undo shutdown # interface GigabitEthernet1/0/0.1 vlan-type dot1q 10 ip binding vpn-instance VPN1 ip address 200.1.1.1 255.255.255.0

Issue 03 (2008-09-22)

Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd.

8-45

8 Access of L2VPN to L3VPN Configuration


# interface Pos1/0/0 undo shutdown link-protocol ppp ip address 40.1.1.2 255.255.255.0 isis enable 1 mpls mpls ldp # interface LoopBack1 ip address 5.5.5.9 255.255.255.255 isis enable 1 # bgp 100 peer 5.5.5.9 as-number 100 peer 5.5.5.9 connect-interface LoopBack1 # ipv4-family unicast undo synchronization peer 5.5.5.9 enable # ipv4-family vpnv4 policy vpn-target peer 5.5.5.9 enable # ipv4-family vpn-instance VPN1 import-route direct import-route ospf 100 # ospf 100 vpn-instance VPN1 import-route bgp domain-id 0.0.0.10 area 0.0.0.0 network 200.1.1.0 0.0.0.255 # return l

Quidway NetEngine80E/40E Core Router Configuration Guide - VPN

Configuration file of CE1


# sysname CE1 # interface GigabitEthernet1/0/0 undo shutdown # interface GigabitEthernet1/0/0.1 vlan-type dot1q 10 ip address 100.1.1.1 255.255.255.0 # ospf 100 area 0.0.0.0 network 100.1.1.0 0.0.0.255 # return

Configuration file of CE2


# sysname CE2 # interface GigabitEthernet1/0/0 undo shutdown # interface GigabitEthernet1/0/0.1 vlan-type dot1q 10 ip address 100.1.1.2 255.255.255.0 # ospf 100 area 0.0.0.0 network 100.1.1.0 0.0.0.255 #

8-46

Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd.

Issue 03 (2008-09-22)

Quidway NetEngine80E/40E Core Router Configuration Guide - VPN


return l

8 Access of L2VPN to L3VPN Configuration

Configuration file of CE3


# sysname CE3 # interface GigabitEthernet1/0/0 undo shutdown # interface GigabitEthernet1/0/0.1 vlan-type dot1q 10 ip address 200.1.1.2 255.255.255.0 # ospf 100 area 0.0.0.0 network 200.1.1.0 0.0.0.255 # return

8.5.4 Example for Configuring the Dual-homing Access of Dynamic Master/Backup VPLS to an L3VPN
Networking Requirements
As shown in Figure 8-9, NPE1, NPE2, and PE3 serve as the PE of the IP/MPLS backbone network, and UPE1 and UPE2 serve as the PE on the VPLS access network. The networking requirements are as follows:
l

Create an mVSI on the UPEs, and connect it to two NPEs through dual-homing links. Set up LDP sessions between the UPEs and NPEs. Create remote LDP sessions if NPEs and UPEs are not connected directly. The administrator VSI manages the VRRP packets and the exchange of the NPE packets and peer BFD packets. Create a service VSI on the UPEs, and connect it to two NPEs through dual-homing links. Set up LDP sessions between the UPE and the NPE. Create remote LDP sessions if NPEs and UPEs are not connected directly. The service VSI is responsible for the exchange of the VPLS service packets. Bind the service VSI and the mVSI on the UPEs. When the master/backup switchover of the NPEs is performed, the MAC addresses of all service VSIs that are bound to the mVSI on the UPE are cleared. The service VSIs learn the MAC address of the new master NPE again, which does not interrupt user services. Create eight VE interfaces on the NPE. VE 2/0/0, VE 2/0/2, VE 2/0/4, and VE 2/0/6, which are L2VEs, are used to terminate VPLS; VE 2/0/1, VE 2/0/3, VE 2/0/5, and VE 2/0/7, which are L3VEs, are used to access the MPLS L3VPN. Configure the mVRRP between NPEs. The VSI of the UPE forwards the mVRRP packets. Whether the NPE is master or backup NPE depends on the priority of the VRRP. If the links related to the master NPE or the master NPE itself is faulty, the backup NPE switches to be the master as specified in VRRP. This helps distinguish the master and backup devices, and ensure the reliability of services. Run the service VRRP between NPEs. The service VRRP and the mVRRP are bound on the NPE; the mVRRP determines the master or backup status of the service VRRP. Set the interval for the peer BFD detection between the NPEs to 30 ms, the link BFD detection between an NPE and a UPE to 10 ms. Peer BFD is used to perform the master/
Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd. 8-47

Issue 03 (2008-09-22)

8 Access of L2VPN to L3VPN Configuration

Quidway NetEngine80E/40E Core Router Configuration Guide - VPN

backup VRRP switchover, and link BFD is used to monitor a link. Peer BFD and link BFD are used together to perform the fast master/backup switchover of NPEs.
NOTE

When the master NPE restarts or the master link BFD reports a fault, the backup NPE receives the fault notification from peer BFD and thus starts to check the status of the backup link BFD. If the backup link BFD is Up, the backup NPE becomes the master and advertises routes to the remote PE. In addition, the backup NPE sends gratuitous ARPs to the UPE to clear the MAC address table of VPLS on the UPE. At this time, the previous master NPE cancels the advertisement of routes to the remote PE When the backup NPE restarts or the backup link BFD reports a fault, the master/backup switchover of NPEs is not performed.

Figure 8-9 Networking diagram of configuring the dual-homing access of dynamic master/ backup VPLS to an L3VPN
VPN1 CE3 CE4 VPN2

GE1/0/0 100.3.1.1/24

Loopback1 5.5.5.9/32

GE1/0/0 100.4.1.1/24

IP/MPLS core network

PE3
GE1/0/0 100.3.1.2/24 GE1/0/1 100.4.1.2/24

NPE1

POS2/0/0 POS3/0/0 50.1.1.1/24 60.1.1.1/24 Loopback1 Loopback1 3.3.3.9/32 4.4.4.9/32 POS1/0/0 POS1/0/0 50.1.1.2/24 60.1.1.2/24 GE2/0/1 GE2/0/1 30.1.1.2/24 20.1.1.2/24

NPE2

GE2/0/0 10.1.1.2/24

GE2/0/0 40.1.1.2/24

Access network
GE1/0/0 10.1.1.1/24 Loopback1 1.1.1.9/32 GE1/0/0 40.1.1.1/24 Loopback1 2.2.2.9/32

GE1/0/1 GE1/0/1 20.1.1.1/24 30.1.1.1/24

UPE1
GE1/0/2.1 GE1/0/2.1

UPE2

GE1/0/0.1 100.1.1.1/24

GE1/0/0.1 100.2.1.1/24

CE1 VPN1

CE2 VPN2

Configuration Roadmap
The configuration roadmap is as follows:
8-48 Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd. Issue 03 (2008-09-22)

Quidway NetEngine80E/40E Core Router Configuration Guide - VPN

8 Access of L2VPN to L3VPN Configuration

1. 2. 3. 4. 5. 6. 7. 8.

Configure the MPLS L3VPN backbone network. Create the L2VE interface on the NPE to terminate the VPLS, and the L3VE interface to access L3VPN. Bind them to the same VE-group. Configure the basic MPLS functions of the UPEs and NPEs. Set up MPLS LDP sessions between UPEs and NPEs. Create an mVSI on the UPE, and connect the NPE to the mVSI through VLL. Create a service VSI on the UPE, and connect the NPE to the service VSI through VLL. Run the mVRRP between NPEs. The protocol packets are forwarded between members in the VRRP backup group by the mVSI on the UPE. Run the service VRRP between NPEs. Bind the service VRRP to the mVRRP. Configure the Peer BFD between NPEs; run the Link BFD between NPEs and UPEs. The mVRRP determines the master or backup status of the routers in the VRRP backup group according to the status of the Peer BFD and the Link BFD. Configure the access of CEs to MPLS L3VPN.

9.

Data Preparation
To complete the configuration, you need the following data:
l

Interface number, interface IP address, OSPF process number, OSPF area number, and ISIS process number LSR ID VSI name and VSI ID VC ID of VLL Name of the BFD, the local or remote discriminator, the VRRP backup group number and priority of VRRP VE-group number Names of VPN instances for MPLS L3VPN

l l l l

l l

Configuration Procedure
1. Configure an IP address for each interface. The configuration details are not mentioned here. Configure the IP addresses for the physical interfaces and the loopback interfaces as specified inFigure 8-9. Run the undo shutdown command to start the interfaces. The configuration details are not mentioned here. 2. Create eight VE interfaces in four groups on each NPE. # Configure NPE1.
<Quidway> system-view [Quidway] sysname NPE1 [NPE1] interface virtual-ethernet2/0/0 [NPE1-Virtual-Ethernet2/0/0] ve-group 1 [NPE1-Virtual-Ethernet2/0/0] quit [NPE1] interface virtual-ethernet2/0/1 [NPE1-Virtual-Ethernet2/0/1] ve-group 1 [NPE1-Virtual-Ethernet2/0/1] quit [NPE1] interface virtual-ethernet2/0/2 [NPE1-Virtual-Ethernet2/0/2] ve-group 2 [NPE1-Virtual-Ethernet2/0/2] quit [NPE1] interface virtual-ethernet2/0/3 [NPE1-Virtual-Ethernet2/0/3] ve-group 2

l2-terminate l3-access l2-terminate l3-access

Issue 03 (2008-09-22)

Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd.

8-49

8 Access of L2VPN to L3VPN Configuration


[NPE1-Virtual-Ethernet2/0/3] quit [NPE1] interface virtual-ethernet2/0/4 [NPE1-Virtual-Ethernet2/0/4] ve-group 3 [NPE1-Virtual-Ethernet2/0/4] quit [NPE1] interface virtual-ethernet2/0/5 [NPE1-Virtual-Ethernet2/0/5] ve-group 3 [NPE1-Virtual-Ethernet2/0/5] quit [NPE1] interface virtual-ethernet2/0/6 [NPE1-Virtual-Ethernet2/0/6] ve-group 4 [NPE1-Virtual-Ethernet2/0/6] quit [NPE1] interface virtual-ethernet2/0/7 [NPE1-Virtual-Ethernet2/0/7] ve-group 4 [NPE1-Virtual-Ethernet2/0/7] quit

Quidway NetEngine80E/40E Core Router Configuration Guide - VPN

l2-terminate l3-access l2-terminate l3-access

# Configure NPE2.
<Quidway> system-view [Quidway] sysname NPE2 [NPE2] interface virtual-ethernet2/0/0 [NPE2-Virtual-Ethernet2/0/0] ve-group 1 [NPE2-Virtual-Ethernet2/0/0] quit [NPE2] interface virtual-ethernet2/0/1 [NPE2-Virtual-Ethernet2/0/1] ve-group 1 [NPE2-Virtual-Ethernet2/0/1] quit [NPE2] interface virtual-ethernet2/0/2 [NPE2-Virtual-Ethernet2/0/2] ve-group 2 [NPE2-Virtual-Ethernet2/0/2] quit [NPE2] interface virtual-ethernet2/0/3 [NPE2-Virtual-Ethernet2/0/3] ve-group 2 [NPE2-Virtual-Ethernet2/0/3] quit [NPE2] interface virtual-ethernet2/0/4 [NPE2-Virtual-Ethernet2/0/4] ve-group 3 [NPE2-Virtual-Ethernet2/0/4] quit [NPE2] interface virtual-ethernet2/0/5 [NPE2-Virtual-Ethernet2/0/5] ve-group 3 [NPE2-Virtual-Ethernet2/0/5] quit [NPE2] interface virtual-ethernet2/0/6 [NPE2-Virtual-Ethernet2/0/6] ve-group 4 [NPE2-Virtual-Ethernet2/0/6] quit [NPE2] interface virtual-ethernet2/0/7 [NPE2-Virtual-Ethernet2/0/7] ve-group 4 [NPE2-Virtual-Ethernet2/0/7] quit

l2-terminate l3-access l2-terminate l3-access l2-terminate l3-access l2-terminate l3-access

After the configuration is complete, run the display virtual-ethernet ve-group command. You can view the binding relationship between VE interfaces and a VE-group. Take NPE1 as example:
[NPE1] display virtual-ethernet ve-group Ve-groupID L2VE 1 Virtual-Ethernet2/0/0 2 Virtual-Ethernet2/0/2 3 Virtual-Ethernet2/0/4 4 Virtual-Ethernet2/0/6 Total 4, 4 printed L3VE Virtual-Ethernet2/0/1 Virtual-Ethernet2/0/3 Virtual-Ethernet2/0/5 Virtual-Ethernet2/0/7

3.

Configure the MPLS L3VPN on backbone network. (1) Configure the IGP between the NPE and the PE on the backbone network. IS-IS is used in the example. # Configure NPE1.
[NPE1] isis 1 [NPE1-isis-1] network-entity 10.0000.0000.0001.00 [NPE1-isis-1] quit [NPE1] interface loopback1 [NPE1-LoopBack1] isis enable 1 [NPE1-LoopBack1] quit [NPE1] interface pos1/0/0 [NPE1-Pos1/0/0] isis enable 1 [NPE1-Pos1/0/0] quit

8-50

Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd.

Issue 03 (2008-09-22)

Quidway NetEngine80E/40E Core Router Configuration Guide - VPN

8 Access of L2VPN to L3VPN Configuration

# Configure NPE2.
[NPE2] isis 1 [NPE2-isis-1] network-entity 10.0000.0000.0002.00 [NPE2-isis-1] quit [NPE2] interface loopback1 [NPE2-LoopBack1] isis enable 1 [NPE2-LoopBack1] quit [NPE2] interface pos1/0/0 [NPE2-Pos1/0/0] isis enable 1 [NPE2-Pos1/0/0] quit

# Configure PE3.
<Quidway> system-view [Quidway] sysname PE3 [PE3] isis 1 [PE3-isis-1] network-entity 10.0000.0000.0003.00 [PE3-isis-1] quit [PE3] interface loopback1 [PE3-LoopBack1] isis enable 1 [PE3-LoopBack1] quit [PE3] interface pos2/0/0 [PE3-Pos2/0/0] isis enable 1 [PE3-Pos2/0/0] quit [PE3] interface pos3/0/0 [PE3-Pos3/0/0] isis enable 1 [PE3-Pos3/0/0] quit

After the configuration is complete, run the display isis route command. You can view that the NPEs and PEs can learn the loopback1 route of each other. Take NPE1 as an example.
[NPE1] display isis route Route information for ISIS(1) ----------------------------ISIS(1) Level-1 Forwarding Table -------------------------------IPV4 Destination IntCost ExtCost ExitInterface NextHop Flags ------------------------------------------------------------------------------5.5.5.9/32 0 NULL Loop1 Direct D/-/L/4.4.4.9/32 10 NULL Pos3/0/0 60.1.1.2 A/-/L/3.3.3.9/32 10 NULL Pos2/0/0 50.1.1.2 A/-/L/50.1.1.0/24 10 NULL Pos2/0/0 Direct D/-/L/60.1.1.0/24 10 NULL Pos3/0/0 Direct D/-/L/Flags: D-Direct, A-Added to URT, L-Advertised in LSPs, S-IGP Shortcut, U-Up/Down Bit Set ISIS(1) Level-2 Forwarding Table -------------------------------IPV4 Destination IntCost ExtCost ExitInterface NextHop Flags ------------------------------------------------------------------------------5.5.5.9/32 0 NULL Loop1 Direct D/-/L/4.4.4.9/32 10 NULL 3.3.3.9/32 10 NULL 50.1.1.0/24 10 NULL Pos2/0/0 Direct D/-/L/60.1.1.0/24 10 NULL Pos3/0/0 Direct D/-/L/Flags: D-Direct, A-Added to URT, L-Advertised in LSPs, S-IGP Shortcut, U-Up/Down Bit Set

Issue 03 (2008-09-22)

Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd.

8-51

8 Access of L2VPN to L3VPN Configuration

Quidway NetEngine80E/40E Core Router Configuration Guide - VPN

(2) Configure the basic MPLS functions and LDP on the backbone network. # Configure NPE1.
[NPE1] mpls lsr-id 3.3.3.9 [NPE1] mpls [NPE1-mpls] quit [NPE1] mpls ldp [NPE1-mpls-ldp] quit [NPE1] interface pos1/0/0 [NPE1-Pos1/0/0] mpls [NPE1-Pos1/0/0] mpls ldp [NPE1-Pos1/0/0] quit

# Configure NPE2.
[NPE2] mpls lsr-id 4.4.4.9 [NPE2] mpls [NPE2-mpls] quit [NPE2] mpls ldp [NPE2-mpls-ldp] quit [NPE2] interface pos1/0/0 [NPE2-Pos1/0/0] mpls [NPE2-Pos1/0/0] mpls ldp [NPE2-Pos1/0/0] quit

# Configure PE3.
[PE3] mpls lsr-id 5.5.5.9 [PE3] mpls [PE3-mpls] quit [PE3] mpls ldp [PE3-mpls-ldp] quit [PE3] interface pos2/0/0 [PE3-Pos2/0/0] mpls [PE3-Pos2/0/0] mpls ldp [PE3-Pos2/0/0] quit [PE3] interface pos3/0/0 [PE3-Pos3/0/0] mpls [PE3-Pos3/0/0] mpls ldp [PE3-Pos3/0/0] quit

After the configuration is complete, LDP sessions can be set up between PE3 and the NPEs. Run the display mpls ldp session command. You can view that the "Status" in the output is "Operational". Take PE3 as an example.
[PE3] display mpls ldp session LDP Session(s) in Public Network ----------------------------------------------------------------------------Peer-ID Status LAM SsnRole SsnAge KA-Sent/Rcv ----------------------------------------------------------------------------3.3.3.9:0 Operational DU Passive 000:00:02 10/10 4.4.4.9:0 Operational DU Passive 000:00:10 12/12 ----------------------------------------------------------------------------TOTAL: 2 session(s) Found. LAM : Label Advertisement Mode SsnAge Unit : DDD:HH:MM

(3) Configure the L3VPN instance on NPEs and PEs, and bind the instance to AC interfaces. # Configure NPE1.
[NPE1] ip vpn-instance VPN1 [NPE1-vpn-instance-VPN1] route-distinguisher 100:1 [NPE1-vpn-instance-VPN1] vpn-target 111:1 both [NPE1-vpn-instance-VPN1] quit [NPE1] ip vpn-instance VPN2

8-52

Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd.

Issue 03 (2008-09-22)

Quidway NetEngine80E/40E Core Router Configuration Guide - VPN

8 Access of L2VPN to L3VPN Configuration

[NPE1-vpn-instance-VPN2] route-distinguisher 100:21 [NPE1-vpn-instance-VPN2] vpn-target 222:1 both [NPE1-vpn-instance-VPN2] quit [NPE1] interface virtual-ethernet2/0/5 [NPE1-Virtual-Ethernet2/0/5] ip binding vpn-instance VPN1 [NPE1-Virtual-Ethernet2/0/5] ip address 100.1.1.2 24 [NPE1-Virtual-Ethernet2/0/5] quit [NPE1] interface virtual-ethernet2/0/7 [NPE1-Virtual-Ethernet2/0/7] ip binding vpn-instance VPN2 [NPE1-Virtual-Ethernet2/0/7] ip address 100.2.1.2 24 [NPE1-Virtual-Ethernet2/0/7] quit

# Configure NPE2.
[NPE2] ip vpn-instance VPN1 [NPE2-vpn-instance-VPN1] route-distinguisher 100:2 [NPE2-vpn-instance-VPN1] vpn-target 111:1 both [NPE2-vpn-instance-VPN1] quit [NPE2] ip vpn-instance VPN2 [NPE2-vpn-instance-VPN2] route-distinguisher 100:22 [NPE2-vpn-instance-VPN2] vpn-target 222:1 both [NPE2-vpn-instance-VPN2] quit [NPE2] interface virtual-ethernet2/0/5 [NPE2-Virtual-Ethernet2/0/5] ip binding vpn-instance VPN1 [NPE2-Virtual-Ethernet2/0/5] ip address 100.1.1.3 24 [NPE2-Virtual-Ethernet2/0/5] quit [NPE2] interface virtual-ethernet2/0/7 [NPE2-Virtual-Ethernet2/0/7] ip binding vpn-instance VPN2 [NPE2-Virtual-Ethernet2/0/7] ip address 100.2.1.3 24 [NPE2-Virtual-Ethernet2/0/7] quit

# Configure PE3.
[PE3] ip vpn-instance VPN1 [PE3-vpn-instance-VPN1] route-distinguisher 100:3 [PE3-vpn-instance-VPN1] vpn-target 111:1 both [PE3-vpn-instance-VPN1] quit [PE3] ip vpn-instance VPN2 [PE3-vpn-instance-VPN2] route-distinguisher 100:23 [PE3-vpn-instance-VPN2] vpn-target 222:1 both [PE3-vpn-instance-VPN2] quit [PE3] interface gigabitethernet1/0/0 [PE3-GigabitEthernet1/0/0] ip binding vpn-instance VPN1 [PE3-GigabitEthernet1/0/0] ip address 100.3.1.2 24 [PE3-GigabitEthernet1/0/0] undo shutdown [PE3-GigabitEthernet1/0/0] quit [PE3] interface gigabitethernet1/0/1 [PE3-GigabitEthernet1/0/1] ip binding vpn-instance VPN2 [PE3-GigabitEthernet1/0/1] ip address 100.4.1.2 24 [PE3-GigabitEthernet1/0/1] undo shutdown [PE3-GigabitEthernet1/0/1] quit

(4) Configure the OSPF multi-instance on NPEs and PEs, and import the VPN routes. # Configure NPE1.
[NPE1] ospf 100 vpn-instance VPN1 [NPE1-ospf-100] domain-id 10 [NPE1-ospf-100] import-route bgp [NPE1-ospf-100] area 0 [NPE1-ospf-100-area-0.0.0.0] network 100.1.1.0 0.0.0.255 [NPE1-ospf-100-area-0.0.0.0] quit [NPE1-ospf-100] quit [NPE1] ospf 200 vpn-instance VPN2 [NPE1-ospf-200] domain-id 20 [NPE1-ospf-200] import-route bgp [NPE1-ospf-200] area 0 [NPE1-ospf-200-area-0.0.0.0] network 100.2.1.0 0.0.0.255 [NPE1-ospf-200-area-0.0.0.0] quit [NPE1-ospf-200] quit [NPE1] bgp 100 [NPE1-bgp] ipv4-family vpn-instance VPN1 [NPE1-bgp-VPN1] import-route direct

Issue 03 (2008-09-22)

Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd.

8-53

8 Access of L2VPN to L3VPN Configuration

Quidway NetEngine80E/40E Core Router Configuration Guide - VPN

[NPE1-bgp-VPN1] import-route ospf 100 [NPE1-bgp-VPN1] quit [NPE1-bgp] ipv4-family vpn-instance VPN2 [NPE1-bgp-VPN2] import-route direct [NPE1-bgp-VPN2] import-route ospf 200 [NPE1-bgp-VPN2] quit [NPE1-bgp] quit

# Configure NPE2.
[NPE2] ospf 100 vpn-instance VPN1 [NPE2-ospf-100] domain-id 10 [NPE2-ospf-100] import-route bgp [NPE2-ospf-100] area 0 [NPE2-ospf-100-area-0.0.0.0] network 100.1.1.0 0.0.0.255 [NPE2-ospf-100-area-0.0.0.0] quit [NPE2-ospf-100] quit [NPE2] ospf 200 vpn-instance VPN2 [NPE2-ospf-200] domain-id 20 [NPE2-ospf-200] import-route bgp [NPE2-ospf-200] area 0 [NPE2-ospf-200-area-0.0.0.0] network 100.2.1.0 0.0.0.255 [NPE2-ospf-200-area-0.0.0.0] quit [NPE2-ospf-200] quit [NPE2] bgp 100 [NPE2-bgp] ipv4-family vpn-instance VPN1 [NPE2-bgp-VPN1] import-route direct [NPE2-bgp-VPN1] import-route ospf 100 [NPE2-bgp-VPN1] quit [NPE2-bgp] ipv4-family vpn-instance VPN2 [NPE2-bgp-VPN2] import-route direct [NPE2-bgp-VPN2] import-route ospf 200 [NPE2-bgp-VPN2] quit [NPE2-bgp] quit

# Configure PE3.
[PE3] ospf 100 vpn-instance VPN1 [PE3-ospf-100] domain-id 10 [PE3-ospf-100] import-route bgp [PE3-ospf-100] area 0 [PE3-ospf-100-area-0.0.0.0] network 100.3.1.0 0.0.0.255 [PE3-ospf-100-area-0.0.0.0] quit [PE3-ospf-100] quit [PE3] ospf 200 vpn-instance VPN2 [PE3-ospf-200] domain-id 20 [PE3-ospf-200] import-route bgp [PE3-ospf-200] area 0 [PE3-ospf-200-area-0.0.0.0] network 100.4.1.0 0.0.0.255 [PE3-ospf-200-area-0.0.0.0] quit [PE3-ospf-200] quit [PE3] bgp 100 [PE3-bgp] ipv4-family vpn-instance VPN1 [PE3-bgp-VPN1] import-route direct [PE3-bgp-VPN1] import-route ospf 100 [PE3-bgp-VPN1] quit [PE3-bgp] ipv4-family vpn-instance VPN2 [PE3-bgp-VPN2] import-route direct [PE3-bgp-VPN2] import-route ospf 200 [PE3-bgp-VPN2] quit [PE3-bgp] quit

(5) Set up MP-IBGP peer relationships between the NPE and PE. # Configure PE2.
[NPE1] bgp 100 [NPE1-bgp] peer 5.5.5.9 as-number 100 [NPE1-bgp] peer 5.5.5.9 connect-interface loopback 1 [NPE1-bgp] ipv4-family vpnv4 [NPE1-bgp-af-vpnv4] peer 5.5.5.9 enable [NPE1-bgp-af-vpnv4] quit

8-54

Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd.

Issue 03 (2008-09-22)

Quidway NetEngine80E/40E Core Router Configuration Guide - VPN

8 Access of L2VPN to L3VPN Configuration

# Configure NPE2.
[NPE2] bgp 100 [NPE2-bgp] peer 5.5.5.9 as-number 100 [NPE2-bgp] peer 5.5.5.9 connect-interface loopback 1 [NPE2-bgp] ipv4-family vpnv4 [NPE2-bgp-af-vpnv4] peer 5.5.5.9 enable [NPE2-bgp-af-vpnv4] quit

# Configure PE3.
[PE3] bgp 100 [PE3-bgp] peer 3.3.3.9 as-number 100 [PE3-bgp] peer 3.3.3.9 connect-interface loopback 1 [PE3-bgp] peer 4.4.4.9 as-number 100 [PE3-bgp] peer 4.4.4.9 connect-interface loopback 1 [PE3-bgp] ipv4-family vpnv4 [PE3-bgp-af-vpnv4] peer 3.3.3.9 enable [PE3-bgp-af-vpnv4] peer 4.4.4.9 enable [PE3-bgp-af-vpnv4] quit

After the configuration is complete, run the display bgp peer or display bgp vpn4 all peer command. You can view that the BGP peer relationship is set up between NPE and PE, and it is in the Established status. Take NPE1 as an example.
[NPE1] display bgp peer BGP local router ID : 3.3.3.9 Local AS number : 100 Total number of peers : 1 Peers in established state : 1 Peer V AS MsgRcvd MsgSent OutQ Up/Down State PrefRcv 5.5.5.9 4 100 2 6 0 00:00:12 Established 2 [NPE1] display bgp vpnv4 all peer BGP local router ID : 3.3.3.9 Local AS number : 100 Total number of peers : 3 Peers in established state : 3 Peer V AS MsgRcvd MsgSent OutQ Up/Down State PrefRcv 5.5.5.9 4 100 12 18 0 00:09:38 Established 2

Run the display ip routing-table vpn-instance command on NPE or PE devices. You can view the routes to CEs at peer. Take NPE1 as an example.
[NPE1] display ip routing-table vpn-instance VPN1 Route Flags: R - relied, D - download to fib ----------------------------------------------------------------------------Routing Tables: VPN1 Destinations : 3 Routes : 3 Destination/Mask Proto Pre Cost Flags NextHop Interface 100.1.1.0/24 Direct 0 0 D 100.1.1.2 VirtualEthernet2/0/5 100.1.1.2/32 Direct 0 0 D 127.0.0.1 InLoopBack0 100.3.1.0/24 BGP 255 0 RD 5.5.5.9 Pos1/0/0

4.

Configure MPLS L2VPN on the access network. (1) Run IGP between NPE and UPE. OSPF is used in the example. # Configure UPE1.
<Quidway> system-view [Quidway] sysname UPE1 [UPE1] ospf [UPE1-ospf-1] area 0 [UPE1-ospf-1-area-0.0.0.0] [UPE1-ospf-1-area-0.0.0.0] [UPE1-ospf-1-area-0.0.0.0] [UPE1-ospf-1-area-0.0.0.0] [UPE1-ospf-1] quit

network 10.1.1.0 0.0.0.255 network 20.1.1.0 0.0.0.255 network 1.1.1.9 0.0.0.0 quit

Issue 03 (2008-09-22)

Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd.

8-55

8 Access of L2VPN to L3VPN Configuration

Quidway NetEngine80E/40E Core Router Configuration Guide - VPN

# Configure UPE2.
<Quidway> system-view [Quidway] sysname UPE2 [UPE2] ospf [UPE2-ospf-1] area 0 [UPE2-ospf-1-area-0.0.0.0] [UPE2-ospf-1-area-0.0.0.0] [UPE2-ospf-1-area-0.0.0.0] [UPE2-ospf-1-area-0.0.0.0] [UPE2-ospf-1] quit

network 30.1.1.0 0.0.0.255 network 40.1.1.0 0.0.0.255 network 2.2.2.9 0.0.0.0 quit

# Configure NPE1.
[NPE1] ospf [NPE1-ospf-1] area 0 [NPE1-ospf-1-area-0.0.0.0] [NPE1-ospf-1-area-0.0.0.0] [NPE1-ospf-1-area-0.0.0.0] [NPE1-ospf-1-area-0.0.0.0] [NPE1-ospf-1] quit network 10.1.1.0 0.0.0.255 network 30.1.1.0 0.0.0.255 network 3.3.3.9 0.0.0.0 quit

# Configure NPE2.
[NPE2] ospf [NPE2-ospf-1] area 0 [NPE2-ospf-1-area-0.0.0.0] network 20.1.1.0 0.0.0.255 [NPE2-ospf-1-area-0.0.0.0] network 40.1.1.0 0.0.0.255 [NPE2-ospf-1-area-0.0.0.0] network 4.4.4.9 0.0.0.0 [NPE2-ospf-1-area-0.0.0.0] [NPE2-ospf-1] quit

After the configuration is complete, run the display ospf routing command. You can view that the UPE and NPE can learn the loopback1 route of each other. Take NPE1 as an example.
[NPE1] display ospf routing OSPF Process 1 with Router ID 3.3.3.9 Routing Tables Routing for Network Destination Cost Type NextHop 30.1.1.0/24 1 Stub 30.1.1.2 20.1.1.0/24 3 Stub 10.1.1.1 4.4.4.9/32 4 Stub 10.1.1.1 4.4.4.9/32 4 Stub 30.1.1.1 40.1.1.0/24 3 Stub 30.1.1.1 3.3.3.9/32 1 Stub 3.3.3.9 2.2.2.9/32 2 Stub 30.1.1.1 10.1.1.0/24 1 Stub 10.1.1.2 1.1.1.9/32 2 Stub 10.1.1.1 Total Nets: 9 Intra Area: 9 Inter Area: 0 ASE: 0 NSSA: 0

AdvRouter 3.3.3.9 1.1.1.9 4.4.4.9 4.4.4.9 2.2.2.9 3.3.3.9 2.2.2.9 3.3.3.9 1.1.1.9

Area 0.0.0.0 0.0.0.0 0.0.0.0 0.0.0.0 0.0.0.0 0.0.0.0 0.0.0.0 0.0.0.0 0.0.0.0

(2) Configure the basic MPLS functions and MPLS LDP on the UPEs and NPEs. Specify the LSR-ID as loopback interface address, and set up LSPs. # Configure UPE1.
[UPE1] mpls lsr-id 1.1.1.9 [UPE1] mpls [UPE1-mpls] quit [UPE1] mpls ldp [UPE1-mpls-ldp] quit [UPE1] interface gigabitethernet [UPE1-GigabitEthernet1/0/0] mpls [UPE1-GigabitEthernet1/0/0] mpls [UPE1-GigabitEthernet1/0/0] quit [UPE1] interface gigabitethernet [UPE1-GigabitEthernet1/0/1] mpls [UPE1-GigabitEthernet1/0/1] mpls [UPE1-GigabitEthernet1/0/1] quit

1/0/0 ldp 1/0/1 ldp

# Configure UPE2.
8-56 Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd. Issue 03 (2008-09-22)

Quidway NetEngine80E/40E Core Router Configuration Guide - VPN


[UPE2] mpls lsr-id 2.2.2.9 [UPE2] mpls [UPE2-mpls] quit [UPE2] mpls ldp [UPE2-mpls-ldp] quit [UPE2] interface gigabitethernet [UPE2-GigabitEthernet1/0/0] mpls [UPE2-GigabitEthernet1/0/0] mpls [UPE2-GigabitEthernet1/0/0] quit [UPE2] interface gigabitethernet [UPE2-GigabitEthernet1/0/1] mpls [UPE2-GigabitEthernet1/0/1] mpls [UPE2-GigabitEthernet1/0/1] quit

8 Access of L2VPN to L3VPN Configuration

1/0/0 ldp 1/0/1 ldp

# Configure NPE1.
[NPE1] interface gigabitethernet [NPE1-GigabitEthernet2/0/0] mpls [NPE1-GigabitEthernet2/0/0] mpls [NPE1-GigabitEthernet2/0/0] quit [NPE1] interface gigabitethernet [NPE1-GigabitEthernet2/0/1] mpls [NPE1-GigabitEthernet2/0/1] mpls [NPE1-GigabitEthernet2/0/1] quit 2/0/0 ldp 2/0/1 ldp

# Configure NPE2.
[NPE2] interface gigabitethernet [NPE2-GigabitEthernet2/0/0] mpls [NPE2-GigabitEthernet2/0/0] mpls [NPE2-GigabitEthernet2/0/0] quit [NPE2] interface gigabitethernet [NPE2-GigabitEthernet2/0/1] mpls [NPE2-GigabitEthernet2/0/1] mpls [NPE2-GigabitEthernet2/0/1] quit 2/0/0 ldp 2/0/1 ldp

After the configuration is complete, LDP sessions can be set up between UPEs and the NPEs. Run the display mpls ldp session command. You can view that the "Status" in the output is "Operational". Take NPE1 as an example.
[NPE1] display mpls ldp session LDP Session(s) in Public Network ----------------------------------------------------------------------------Peer-ID Status LAM SsnRole SsnAge KA-Sent/Rcv ----------------------------------------------------------------------------1.1.1.9:0 Operational DU Passive 000:00:02 12/12 2.2.2.9:0 Operational DU Passive 000:00:02 9/9 5.5.5.9:0 Operational DU Passive 000:00:02 10/10 ----------------------------------------------------------------------------TOTAL: 3 session(s) Found. LAM : Label Advertisement Mode SsnAge Unit : DDD:HH:MM

(3) Create a Martini administrator VSI on UPEs.


NOTE

The default VC type of a VLL on a VE interface of the peer NPE is Ethernet. Therefore, when creating a VSI on the UPE, you need to change the encapsulation type to Ethernet so that the encapsulation types at both ends of a VC are the same.

# Configure UPE1.
[UPE1] mpls l2vpn [UPE1-l2vpn] quit [UPE1] vsi admin-vsi1 static [UPE1-admin-vsi1] pwsignal ldp

Issue 03 (2008-09-22)

Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd.

8-57

8 Access of L2VPN to L3VPN Configuration

Quidway NetEngine80E/40E Core Router Configuration Guide - VPN

[UPE1-admin-vsi1-ldp] vsi-id 10 [UPE1-admin-vsi1-ldp] peer 3.3.3.9 upe [UPE1-admin-vsi1-ldp] peer 4.4.4.9 upe [UPE1-admin-vsi1-ldp] quit [UPE1-admin-vsi1] encapsulation ethernet [UPE1-admin-vsi1] admin-vsi [UPE1-admin-vsi1] quit

# Configure UPE2.
[UPE2] mpls l2vpn [UPE2-l2vpn] quit [UPE2] vsi admin-vsi2 static [UPE2-admin-vsi2] pwsignal ldp [UPE2-admin-vsi2-ldp] vsi-id 20 [UPE2-admin-vsi2-ldp] peer 3.3.3.9 upe [UPE2-admin-vsi2-ldp] peer 4.4.4.9 upe [UPE2-admin-vsi2-ldp] quit [UPE2-admin-vsi2] encapsulation ethernet [UPE2-admin-vsi2] admin-vsi [UPE2-admin-vsi2] quit

An NPE does not need to learn the MAC addresses of other NPEs, so it is recommended that NPEs connect to the mVSIs on UPEs through VLL. The VC ID must be the same as the ID of the VSI that the NPE accesses. # Configure NPE1.
[NPE1] mpls l2vpn [NPE1-l2vpn] mpls l2vpn default martini [NPE1-l2vpn] quit [NPE1] interface virtual-ethernet2/0/0 [NPE1-Virtual-Ethernet2/0/0] mpls l2vc 1.1.1.9 10 [NPE1-Virtual-Ethernet2/0/0] quit [NPE1] interface virtual-ethernet2/0/2 [NPE1-Virtual-Ethernet2/0/2] mpls l2vc 2.2.2.9 20 [NPE1-Virtual-Ethernet2/0/2] quit

# Configure NPE2.
[NPE2] mpls l2vpn [NPE2-l2vpn] mpls l2vpn default martini [NPE2-l2vpn] quit [NPE2] interface virtual-ethernet2/0/0 [NPE2-Virtual-Ethernet2/0/0] mpls l2vc 1.1.1.9 10 [NPE2-Virtual-Ethernet2/0/0] quit [NPE2] interface virtual-ethernet2/0/2 [NPE2-Virtual-Ethernet2/0/2] mpls l2vc 2.2.2.9 20 [NPE2-Virtual-Ethernet2/0/2] quit

After the configuration is complete, run the display vsi name verbose command on UPEs. You can view that the Administrator VSI in the output is yes. Take UPE1 as an example.
[UPE1] display vsi name admin-vsi1 verbose ***VSI Name : admin-vsi1 Administrator VSI : yes Isolate Spoken : disable VSI Index : 0 PW Signaling : ldp Member Discovery Style : static PW MAC Learn Style : unqualify Encapsulation Type : ethernet MTU : 1500 Diffserv Mode : uniform Service Class : -Color : -DomainId : 255 Domain Name : Tunnel Policy Name : lsp VSI State : up VSI ID : 10

8-58

Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd.

Issue 03 (2008-09-22)

Quidway NetEngine80E/40E Core Router Configuration Guide - VPN


*Peer Router ID VC Label Peer Type Session Tunnel ID *Peer Router ID VC Label Peer Type Session Tunnel ID **PW Information: *Peer Ip Address PW State Local VC Label Remote VC Label PW Type Tunnel ID *Peer Ip Address PW State Local VC Label Remote VC Label PW Type Tunnel ID : : : : : : : : : : : : : : : : : : : : : :

8 Access of L2VPN to L3VPN Configuration


3.3.3.9 148480 dynamic up 0x60818000, 4.4.4.9 148481 dynamic up 0x60818001, 3.3.3.9 up 148480 140289 MEHVPLS 0x60818000, 4.4.4.9 up 148481 140290 MEHVPLS 0x60818001,

Run the display mpls l2vc command on NPEs. You can view that the VC State in the output is up. Take NPE1 as an example.
[NPE1] display mpls l2vc total LDP VC : 2 2 up 0 down *client interface : Virtual-Ethernet2/0/0 session state : up AC status : up VC state : up VC ID : 10 VC type : Ethernet destination : 1.1.1.9 local VC label : 140289 remote VC label : 148480 control word : disable forwarding entry : existent local group ID : 0 manual fault : not set active state : active link state : up local VC MTU : 1500 remote VC MTU : 1500 tunnel policy name : -traffic behavior name: -PW template name : -primary or secondary : primary create time : 0 days, 0 hours, 0 minutes, 51 seconds up time : 0 days, 0 hours, 0 minutes, 50 seconds last change time : 0 days, 0 hours, 0 minutes, 50 seconds *client interface : Virtual-Ethernet2/0/2 session state : up AC status : up VC state : up VC ID : 20 VC type : Ethernet destination : 2.2.2.9 local VC label : 140290 remote VC label : 148481 control word : disable forwarding entry : existent local group ID : 0 manual fault : not set active state : active link state : up local VC MTU : 1500 remote VC MTU : 1500 tunnel policy name : -traffic behavior name: -PW template name : --

Issue 03 (2008-09-22)

Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd.

8-59

8 Access of L2VPN to L3VPN Configuration


primary or secondary create time up time last change time : : : :

Quidway NetEngine80E/40E Core Router Configuration Guide - VPN


primary 0 days, 0 hours, 0 minutes, 51 seconds 0 days, 0 hours, 0 minutes, 50 seconds 0 days, 0 hours, 0 minutes, 50 seconds

(4) Create a Martini service VSI on UPEs, bind the service VSI to an mVSI, and connect it to CEs. # Configure UPE1.
[UPE1] vsi vsi1 static [UPE1-vsi1] pwsignal ldp [UPE1-vsi1-ldp] vsi-id 101 [UPE1-vsi1-ldp] peer 3.3.3.9 [UPE1-vsi1-ldp] peer 4.4.4.9 [UPE1-vsi1-ldp] quit [UPE1-vsi1] encapsulation ethernet [UPE1-vsi1] track admin-vsi admin-vsi1 [UPE1-vsi1] quit [UPE1] interface gigabitethenet 1/0/2.1 [UPE1-GigabitEthernet1/0/2.1] vlan-type dot1q 101 [UPE1-GigabitEthernet1/0/2.1] l2 binding vsi vsi1 [UPE1-GigabitEthernet1/0/2.1] quit

# Configure UPE2.
[UPE2] vsi vsi2 static [UPE2-vsi2] pwsignal ldp [UPE2-vsi2-ldp] vsi-id 102 [UPE2-vsi2-ldp] peer 3.3.3.9 [UPE2-vsi2-ldp] peer 4.4.4.9 [UPE2-vsi2-ldp] quit [UPE2-vsi2] encapsulation ethernet [UPE1-vsi2] track admin-vsi admin-vsi2 [UPE2-vsi2] quit [UPE2] interface gigabitethenet 1/0/2.1 [UPE2-GigabitEthernet1/0/2.1] vlan-type dot1q 102 [UPE2-GigabitEthernet1/0/2.1] l2 binding vsi vsi2 [UPE2-GigabitEthernet1/0/2.1] quit

An NPE does not need to learn the MAC addresses of other NPEs, so it is recommended that NPEs connect to the mVSIs on UPEs through VLL. The VC ID must be the same as the ID of the VSI that the NPE accesses. # Configure NPE1.
[NPE1] interface virtual-ethernet2/0/4 [NPE1-Virtual-Ethernet2/0/4] mpls l2vc 1.1.1.9 101 [NPE1-Virtual-Ethernet2/0/4] quit [NPE1] interface virtual-ethernet2/0/6 [NPE1-Virtual-Ethernet2/0/6] mpls l2vc 2.2.2.9 102 [NPE1-Virtual-Ethernet2/0/6] quit

# Configure NPE2.
[NPE2] interface virtual-ethernet2/0/4 [NPE2-Virtual-Ethernet2/0/4] mpls l2vc 1.1.1.9 101 [NPE2-Virtual-Ethernet2/0/4] quit [NPE2] interface virtual-ethernet2/0/6 [NPE2-Virtual-Ethernet2/0/6] mpls l2vc 2.2.2.9 102 [NPE2-Virtual-Ethernet2/0/6] quit

After the configuration is complete, run the display vsi command on UPEs. You can view that the VSI State in the output is up. Take UPE1 as an example.
[UPE1] display vsi name vsi1 Total VSI number is 1, 0 is up, 1 is down, 1 is LDP mode, 0 is BGP mode Vsi Mem PW Mac Encap Mtu Vsi Name Disc Type Learn Type Value State ------------------------------------------------------------------------vsi1 static ldp unqualify ethernet 1500 up

8-60

Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd.

Issue 03 (2008-09-22)

Quidway NetEngine80E/40E Core Router Configuration Guide - VPN

8 Access of L2VPN to L3VPN Configuration

Run the display mpls l2vc interface command on NPEs. You can view that the VC State in the output is up. Take NPE1 as an example.
[NPE1] display mpls l2vc *client interface session state AC state VC state VC ID VC type destination local group ID local VC label local AC OAM State local PSN State BFD for PW manual fault active state forwarding entry link state local VC MTU local VCCV remote VCCV local fragmentantion local control word tunnel policy traffic behavior PW template name primary or secondary VC tunnel/token info create time up time last change time interface virtual-ethernet2/0/4 : Virtual-Ethernet2/0/4 is up : up : up : up : 101 : Ethernet : 1.1.1.9 : 0 remote group ID : 0 : 140288 remote VC label : 140292 : up : up : unavailable : not set : active : exist : up : 1500 remote VC MTU : 1500 : Disable : none : disable remote fragmentantion: none : disable remote control word : none : lsp : -: -: primary : 0 tunnels/tokens : 0 days, 0 hours, 0 minutes, 10 seconds : 0 days, 0 hours, 0 minutes, 0 seconds : 0 days, 0 hours, 0 minutes, 10 seconds

Run the display admin-vsi binding command on the UPE. You can view the binding relationship of the service VSI and the mVSI. Take UPE1 as an example:
[UPE1] display admin-vsi binding Admin-vsi Service-vsi -------------------------------------------admin-vsi1 vsi1

5.

Configure the reliability of MPLS L2VPN on the access network. (1) Configure the mVRRP for NPEs. NPEs work in load balancing mode. For the VSI of UPE1, NPE1 serves as the master NPE; for the VSI of UPE2, NPE2 serves as the master NPE. # Configure NPE1.
[NPE1] interface virtual-ethernet2/0/1 [NPE1-Virtual-Ethernet2/0/1] ip address 192.168.1.1 24 [NPE1-Virtual-Ethernet2/0/1] vrrp vrid 1 virtual-ip 192.168.1.254 [NPE1-Virtual-Ethernet2/0/1] vrrp vrid 1 priority 120 [NPE1-Virtual-Ethernet2/0/1] admin-vrrp vrid 1 [NPE1-Virtual-Ethernet2/0/1] quit [NPE1] interface virtual-ethernet2/0/3 [NPE1-Virtual-Ethernet2/0/3] ip address 192.168.2.1 24 [NPE1-Virtual-Ethernet2/0/3] vrrp vrid 2 virtual-ip 192.168.2.254 [NPE1-Virtual-Ethernet2/0/3] admin-vrrp vrid 2 [NPE1-Virtual-Ethernet2/0/3] quit

# Configure NPE2.
[NPE2] interface virtual-ethernet2/0/1 [NPE2-Virtual-Ethernet2/0/1] ip address 192.168.1.2 24 [NPE2-Virtual-Ethernet2/0/1] vrrp vrid 1 virtual-ip 192.168.1.254 [NPE2-Virtual-Ethernet2/0/1] admin-vrrp vrid 1 [NPE2-Virtual-Ethernet2/0/1] quit [NPE2] interface virtual-ethernet2/0/3

Issue 03 (2008-09-22)

Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd.

8-61

8 Access of L2VPN to L3VPN Configuration


[NPE2-Virtual-Ethernet2/0/3] [NPE2-Virtual-Ethernet2/0/3] [NPE2-Virtual-Ethernet2/0/3] [NPE2-Virtual-Ethernet2/0/3] [NPE2-Virtual-Ethernet2/0/3]

Quidway NetEngine80E/40E Core Router Configuration Guide - VPN


ip address 192.168.2.2 24 vrrp vrid 2 virtual-ip 192.168.2.254 vrrp vrid 2 priority 120 admin-vrrp vrid 2 quit

After the configuration is complete, run the display vrrp command on NPEs. You can view that VRRP backup group 1 is the Master in VE 2/0/1 of NPE1; VRRP backup group 2 is the Backup in VE 2/0/3. VRRP backup group 1 is the Backup in VE 2/0/1 of NPE2; VRRP backup group 2 is the Master in VE2/0/3. All these VRRP backup groups are mVRRPs. Take NPE1 as an example.
[NPE1] display vrrp Virtual-Ethernet2/0/3 | Virtual Router 2 state : Backup Virtual IP : 192.168.2.254 PriorityRun : 100 PriorityConfig : 100 MasterPriority : 120 preempt : yes delay time : 0 Timer : 1 Auth Type : NONE Virtual Mac : 0000-5e00-0102 Check TTL : YES Config type : admin-vrrp Virtual-Ethernet2/0/1 | Virtual Router 1 state : Master Virtual IP : 192.168.1.254 PriorityRun : 120 PriorityConfig : 120 MasterPriority : 120 preempt : yes delay time : 0 Timer : 1 Auth Type : NONE Virtual Mac : 0000-5e00-0101 Check TTL : YES Config type : admin-vrrp

(2) Configure the service VRRP for NPEs. # Configure NPE1.


[NPE1] interface virtual-ethernet2/0/5 [NPE1-Virtual-Ethernet2/0/5] vrrp vrid 3 virtual-ip 100.1.1.254 [NPE1-Virtual-Ethernet2/0/5] quit [NPE1] interface virtual-ethernet2/0/7 [NPE1-Virtual-Ethernet2/0/7] vrrp vrid 4 virtual-ip 100.2.1.254 [NPE1-Virtual-Ethernet2/0/7] quit

# Configure NPE2.
[NPE2] interface virtual-ethernet2/0/5 [NPE2-Virtual-Ethernet2/0/5] vrrp vrid 3 virtual-ip 100.1.1.254 [NPE2-Virtual-Ethernet2/0/5] quit [NPE2] interface virtual-ethernet2/0/7 [NPE2-Virtual-Ethernet2/0/7] vrrp vrid 4 virtual-ip 100.2.1.254 [NPE2-Virtual-Ethernet2/0/7] quit

(3) Bind the service VRRP to the mVRRP. # Configure NPE1.


[NPE1] interface virtual-ethernet2/0/5 [NPE1-Virtual-Ethernet2/0/5] vrrp vrid 3 track admin-vrrp interface virtual-ethernet2/0/1 vrid 1 [NPE1-Virtual-Ethernet2/0/5] quit [NPE1] interface virtual-ethernet2/0/7 [NPE1-Virtual-Ethernet2/0/7] vrrp vrid 4 track admin-vrrp interface virtual-ethernet2/0/3 vrid 2 [NPE1-Virtual-Ethernet2/0/7] quit

# Configure NPE2.
8-62 Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd. Issue 03 (2008-09-22)

Quidway NetEngine80E/40E Core Router Configuration Guide - VPN

8 Access of L2VPN to L3VPN Configuration

[NPE2] interface virtual-ethernet2/0/5 [NPE2-Virtual-Ethernet2/0/5] vrrp vrid 3 track admin-vrrp interface virtual-ethernet2/0/1 vrid 1 [NPE2-Virtual-Ethernet2/0/5] quit [NPE2] interface virtual-ethernet2/0/7 [NPE2-Virtual-Ethernet2/0/7] vrrp vrid 4 track admin-vrrp interface virtual-ethernet2/0/3 vrid 2 [NPE2-Virtual-Ethernet2/0/7] quit

After the configuration is complete, run the display vrrp command on NPEs. You can view that the service VRRP status is the same as the status of the bound mVRRP. Take NPE1 as an example.
[NPE1] display vrrp Virtual-Ethernet2/0/7 | Virtual Router state : Initialize Virtual IP : 100.2.1.254 PriorityRun : 100 PriorityConfig : 100 MasterPriority : 100 preempt : yes delay time : 0 Timer : 1 Auth Type : NONE Virtual Mac : 0000-5e00-0104 Check TTL : YES Config type : member-vrrp Virtual-Ethernet2/0/5 | Virtual Router state : Master Virtual IP : 100.1.1.254 PriorityRun : 100 PriorityConfig : 100 MasterPriority : 100 preempt : yes delay time : 0 Timer : 1 Auth Type : NONE Virtual Mac : 0000-5e00-0103 Check TTL : YES Config type : member-vrrp Virtual-Ethernet2/0/3 | Virtual Router state : Backup Virtual IP : 192.168.2.254 PriorityRun : 100 PriorityConfig : 100 MasterPriority : 120 preempt : yes delay time : 0 Timer : 1 Auth Type : NONE Virtual Mac : 0000-5e00-0102 Check TTL : YES Config type : admin-vrrp Virtual-Ethernet2/0/1 | Virtual Router state : Master Virtual IP : 192.168.1.254 PriorityRun : 120 PriorityConfig : 120 MasterPriority : 120 preempt : yes delay time : 0 Timer : 1 Auth Type : NONE Virtual Mac : 0000-5e00-0101 Check TTL : YES Config type : admin-vrrp 4

Run the display vrrp binding admin-vrrp member-vrrp command on NPEs. You can view the binding relationships between the mVRRP backup group and the member VRRP backup groups. Take NPE1 as an example.
[NPE1] display vrrp binding admin-vrrp member-vrrp

Issue 03 (2008-09-22)

Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd.

8-63

8 Access of L2VPN to L3VPN Configuration

Quidway NetEngine80E/40E Core Router Configuration Guide - VPN


state: Master Master state: Backup Initialize

Interface: Virtual-Ethernet2/0/1, admin-vrrp vrid: 1, Member-vrrp number: 1 Interface: Virtual-Ethernet2/0/5, vrid: 3, state: Interface: Virtual-Ethernet2/0/3, admin-vrrp vrid: 2, Member-vrrp number: 1 Interface: Virtual-Ethernet2/0/7, vrid: 4, state:

(4) Configure the Peer BFD between NPEs. # Configure NPE1.


[NPE1] bfd [NPE1-bfd] quit [NPE1] bfd peer1 bind peer-ip 192.168.1.2 [NPE1-bfd-session-peer1] discriminator local 341 [NPE1-bfd-session-peer1] discriminator remote 431 [NPE1-bfd-session-peer1] min-tx-interval 30 [NPE1-bfd-session-peer1] min-rx-interval 30 [NPE1-bfd-session-peer1] commit [NPE1-bfd-session-peer1] quit [NPE1] bfd peer2 bind peer-ip 192.168.2.2 [NPE1-bfd-session-peer2] discriminator local 342 [NPE1-bfd-session-peer2] discriminator remote 432 [NPE1-bfd-session-peer2] min-tx-interval 30 [NPE1-bfd-session-peer2] min-rx-interval 30 [NPE1-bfd-session-peer2] commit [NPE1-bfd-session-peer2] quit

# Configure NPE2.
[NPE2] bfd [NPE2-bfd] quit [NPE2] bfd peer1 bind peer-ip 192.168.1.1 [NPE2-bfd-session-peer1] discriminator local 431 [NPE2-bfd-session-peer1] discriminator remote 341 [NPE2-bfd-session-peer1] min-tx-interval 30 [NPE2-bfd-session-peer1] min-rx-interval 30 [NPE2-bfd-session-peer1] commit [NPE2-bfd-session-peer1] quit [NPE2] bfd peer2 bind peer-ip 192.168.2.1 [NPE2-bfd-session-peer2] discriminator local 432 [NPE2-bfd-session-peer2] discriminator remote 342 [NPE2-bfd-session-peer2] min-tx-interval 30 [NPE2-bfd-session-peer2] min-rx-interval 30 [NPE2-bfd-session-peer2] commit [NPE2-bfd-session-peer2] quit

After the configuration is complete, run the display bfd session all command on NPEs. You can view that the status of BFD is Up. Take PE1 as an example.
[NPE1] display bfd session all ------------------------------------------------------------------------------Local Remote PeerIpAddr InterfaceName State Type ------------------------------------------------------------------------------341 431 192.168.1.2 -Up S_IP 342 432 192.168.2.2 -Up S_IP ------------------------------------------------------------------------------Total UP/DOWN Session Number : 2/0

(5) Configure the Link BFD between NPEs and UPEs. # Configure UPE1.
[UPE1] bfd [UPE1-bfd] quit [UPE1] bfd link1 bind ldp-lsp peer-ip 3.3.3.9 nexthop 10.1.1.2 interface gigabitethernet 1/0/0

8-64

Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd.

Issue 03 (2008-09-22)

Quidway NetEngine80E/40E Core Router Configuration Guide - VPN

8 Access of L2VPN to L3VPN Configuration

[UPE1-bfd-session-link1] discriminator local 13 [UPE1-bfd-session-link1] discriminator remote 31 [UPE1-bfd-session-link1] process-pst [UPE1-bfd-session-link1] commit [UPE1-bfd-session-link1] quit [UPE1] bfd link2 bind ldp-lsp peer-ip 4.4.4.9 nexthop 20.1.1.2 interface gigabitethernet 1/0/1 [UPE1-bfd-session-link2] discriminator local 14 [UPE1-bfd-session-link2] discriminator remote 41 [UPE1-bfd-session-link2] process-pst [UPE1-bfd-session-link2] commit [UPE1-bfd-session-link2] quit

# Configure UPE2.
[UPE2] bfd [UPE2-bfd] quit [UPE2] bfd link1 bind ldp-lsp peer-ip 3.3.3.9 nexthop 30.1.1.2 interface gigabitethernet 1/0/1 [UPE2-bfd-session-link1] discriminator local 23 [UPE2-bfd-session-link1] discriminator remote 32 [UPE2-bfd-session-link1] process-pst [UPE2-bfd-session-link1] commit [UPE2-bfd-session-link1] quit [UPE2] bfd link2 bind ldp-lsp peer-ip 4.4.4.9 nexthop 40.1.1.2 interface gigabitethernet 1/0/0 [UPE2-bfd-session-link2] discriminator local 24 [UPE2-bfd-session-link2] discriminator remote 42 [UPE2-bfd-session-link2] process-pst [UPE2-bfd-session-link2] commit [UPE2-bfd-session-link2] quit

# Configure NPE1.
[NPE1] bfd link1 bind ldp-lsp peer-ip 1.1.1.9 nexthop 10.1.1.1 interface gigabitethernet 2/0/0 [NPE1-bfd-session-link1] discriminator local 31 [NPE1-bfd-session-link1] discriminator remote 13 [NPE1-bfd-session-link1] process-pst [NPE1-bfd-session-link1] commit [NPE1-bfd-session-link1] quit [NPE1] bfd link2 bind ldp-lsp peer-ip 2.2.2.9 nexthop 30.1.1.1 interface gigabitethernet 2/0/1 [NPE1-bfd-session-link2] discriminator local 32 [NPE1-bfd-session-link2] discriminator remote 23 [NPE1-bfd-session-link2] process-pst [NPE1-bfd-session-link2] commit [NPE1-bfd-session-link2] quit

# Configure NPE2.
[NPE2] bfd link1 bind ldp-lsp peer-ip 1.1.1.9 nexthop 20.1.1.1 interface gigabitethernet 2/0/1 [NPE2-bfd-session-link1] discriminator local 41 [NPE2-bfd-session-link1] discriminator remote 14 [NPE2-bfd-session-link1] process-pst [NPE2-bfd-session-link1] commit [NPE2-bfd-session-link1] quit [NPE2] bfd link2 bind ldp-lsp peer-ip 2.2.2.9 nexthop 40.1.1.1 interface gigabitethernet 2/0/0 [NPE2-bfd-session-link2] discriminator local 42 [NPE2-bfd-session-link2] discriminator remote 24 [NPE2-bfd-session-link2] process-pst [NPE2-bfd-session-link2] commit [NPE2-bfd-session-link2] quit

After the configuration is complete, run the display bfd session all command on UPEs and NPEs. You can view that the status of BFD is Up. Take UPE1 and NPE1 as examples.
[UPE1] display bfd session all -------------------------------------------------------------------------------

Issue 03 (2008-09-22)

Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd.

8-65

8 Access of L2VPN to L3VPN Configuration

Quidway NetEngine80E/40E Core Router Configuration Guide - VPN

Local Remote PeerIpAddr InterfaceName State Type ------------------------------------------------------------------------------13 31 3.3.3.9 GigabitEthernet1/0/0 Up S_LDPLSP 14 41 4.4.4.9 GigabitEthernet1/0/1 Up S_LDPLSP ------------------------------------------------------------------------------Total UP/DOWN Session Number : 2/0 [NPE1] display bfd session all ------------------------------------------------------------------------------Local Remote PeerIpAddr InterfaceName State Type ------------------------------------------------------------------------------31 13 1.1.1.9 GigabitEthernet2/0/0 Up S_LDPLSP 32 23 2.2.2.9 GigabitEthernet2/0/1 Up S_LDPLSP 341 431 192.168.1.2 -Up S_IP 342 432 192.168.2.2 -Up S_IP ------------------------------------------------------------------------------Total UP/DOWN Session Number : 4/0

(6) Bind the mVRRP to Peer BFD and Link BFD. # Configure NPE1.
[NPE1] interface virtual-ethernet2/0/1 [NPE1-Virtual-Ethernet2/0/1] vrrp vrid [NPE1-Virtual-Ethernet2/0/1] vrrp vrid [NPE1-Virtual-Ethernet2/0/1] quit [NPE1] interface virtual-ethernet2/0/3 [NPE1-Virtual-Ethernet2/0/3] vrrp vrid [NPE1-Virtual-Ethernet2/0/3] vrrp vrid [NPE1-Virtual-Ethernet2/0/3] quit 1 track bfd-session 341 peer 1 track bfd-session 31 link 2 track bfd-session 342 peer 2 track bfd-session 32 link

# Configure NPE2.
[NPE2] interface virtual-ethernet2/0/1 [NPE2-Virtual-Ethernet2/0/1] vrrp vrid [NPE2-Virtual-Ethernet2/0/1] vrrp vrid [NPE2-Virtual-Ethernet2/0/1] quit [NPE2] interface virtual-ethernet2/0/3 [NPE2-Virtual-Ethernet2/0/3] vrrp vrid [NPE2-Virtual-Ethernet2/0/3] vrrp vrid [NPE2-Virtual-Ethernet2/0/3] quit 1 track bfd-session 431 peer 1 track bfd-session 41 link 2 track bfd-session 432 peer 2 track bfd-session 42 link

After the configuration is complete, run the display vrrp command on NPEs. You can view that the mVRRP is bound to the Peer BFD and the Link BFD; the mVRRP is Up. Take NPE1 as an example.
[NPE1] display vrrp Virtual-Ethernet2/0/7 | Virtual Router 4 state : Initialize Virtual IP : 100.2.1.254 PriorityRun : 100 PriorityConfig : 100 MasterPriority : 100 preempt : yes delay time : 0 Timer : 1 Auth Type : NONE Virtual Mac : 0000-5e00-0104 Check TTL : YES Config type : member-vrrp Virtual-Ethernet2/0/5 | Virtual Router 3

8-66

Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd.

Issue 03 (2008-09-22)

Quidway NetEngine80E/40E Core Router Configuration Guide - VPN

8 Access of L2VPN to L3VPN Configuration

state : Master Virtual IP : 100.1.1.254 PriorityRun : 100 PriorityConfig : 100 MasterPriority : 100 preempt : yes delay time : 0 Timer : 1 Auth Type : NONE Virtual Mac : 0000-5e00-0103 Check TTL : YES Config type : member-vrrp Virtual-Ethernet2/0/3 | Virtual Router 2 state : Backup Virtual IP : 192.168.2.254 PriorityRun : 100 PriorityConfig : 100 MasterPriority : 120 preempt : yes delay time : 0 Timer : 1 Auth Type : NONE Virtual Mac : 0000-5e00-0102 Check TTL : YES Config type : admin-vrrp Track BFD : 32 type: link bfd-session state : up Track BFD : 342 type: peer bfd-session state : up Virtual-Ethernet2/0/1 | Virtual Router 1 state : Master Virtual IP : 192.168.1.254 PriorityRun : 120 PriorityConfig : 120 MasterPriority : 120 preempt : yes delay time : 0 Timer : 1 Auth Type : NONE Virtual Mac : 0000-5e00-0101 Check TTL : YES Config type : admin-vrrp Track BFD : 31 type: link bfd-session state : up Track BFD : 341 type: peer bfd-session state : up

6.

Configure the access of CEs through the access network to MPLS L3VPN with NPEs. # Configure CE1.
<Quidway> system-view [Quidway] sysname CE1 [CE1] interface gigabitethernet1/0/0.1 [CE1-GigabitEthernet1/0/0.1] vlan-type dot1q 101 [CE1-GigabitEthernet1/0/0.1] ip address 100.1.1.1 24 [CE1-GigabitEthernet1/0/0.1] quit [CE1] ospf 100 [CE1-ospf-100] area 0 [CE1-ospf-100-area-0.0.0.0] network 100.1.1.0 0.0.0.255 [CE1-ospf-100-area-0.0.0.0] quit [CE1-ospf-100] quit

# Configure CE2.
<Quidway> system-view [Quidway] sysname CE2 [CE2] interface gigabitethernet1/0/0.1 [CE2-GigabitEthernet1/0/0.1] vlan-type dot1q 102 [CE2-GigabitEthernet1/0/0.1] ip address 100.2.1.1 24 [CE2-GigabitEthernet1/0/0.1] quit [CE2] ospf 200 [CE2-ospf-200] area 0 [CE2-ospf-200-area-0.0.0.0] network 100.2.1.0 0.0.0.255

Issue 03 (2008-09-22)

Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd.

8-67

8 Access of L2VPN to L3VPN Configuration


[CE2-ospf-200-area-0.0.0.0] quit [CE2-ospf-200] quit

Quidway NetEngine80E/40E Core Router Configuration Guide - VPN

# Configure CE3.
<Quidway> system-view [Quidway] sysname CE3 [CE3] interface gigabitethernet1/0/0 [CE3-GigabitEthernet1/0/0] ip address 100.3.1.1 24 [CE3-GigabitEthernet1/0/0] undo shutdown [CE3-GigabitEthernet1/0/0] quit [CE3] ospf 100 [CE3-ospf-100] area 0 [CE3-ospf-100-area-0.0.0.0] network 100.3.1.0 0.0.0.255 [CE3-ospf-100-area-0.0.0.0] quit [CE3-ospf-100] quit

# Configure CE4.
<Quidway> system-view [Quidway] sysname CE4 [CE4] interface gigabitethernet1/0/0 [CE4-GigabitEthernet1/0/0] ip address 100.4.1.1 24 [CE4-GigabitEthernet1/0/0] undo shutdown [CE4-GigabitEthernet1/0/0] quit [CE4] ospf 200 [CE4-ospf-200] area 0 [CE4-ospf-200-area-0.0.0.0] network 100.4.1.0 0.0.0.255 [CE4-ospf-200-area-0.0.0.0] quit [CE4-ospf-200] quit

7.

Verify the configuration. CE1, CE2, CE3, and CE4 can ping through each other.Take CE1 as example:
[CE1] ping 100.3.1.1 PING 100.3.1.1: 56 data bytes, press CTRL_C to break Reply from 100.3.1.1: bytes=56 Sequence=1 ttl=255 time=31 ms Reply from 100.3.1.1: bytes=56 Sequence=2 ttl=255 time=10 ms Reply from 100.3.1.1: bytes=56 Sequence=3 ttl=255 time=5 ms Reply from 100.3.1.1: bytes=56 Sequence=4 ttl=255 time=2 ms Reply from 100.3.1.1: bytes=56 Sequence=5 ttl=255 time=28 ms --- 100.3.1.1 ping statistics --5 packet(s) transmitted 5 packet(s) received 0.00% packet loss round-trip min/avg/max = 2/15/31 ms

# When the link between NPE1 and UPE1 is Down, run the display vrrp command on the NPE. You can view that the previous backup mVRRP is now the master and the status of the service VRRP is the same as that of the bound mVRRP. Take NPE1 as an example:
[NPE1] interface gigabitethernet2/0/0 [NPE1-GigabitEthernet2/0/0] shutdown [NPE1-GigabitEthernet2/0/0] quit [NPE1] display vrrp Virtual-Ethernet2/0/7 | Virtual Router 4 state : Master Virtual IP : 100.2.1.254 PriorityRun : 100 PriorityConfig : 100 MasterPriority : 100 preempt : yes delay time : 0 Timer : 1 Auth Type : NONE Virtual Mac : 0000-5e00-0104 Check TTL : YES Config type : member-vrrp Virtual-Ethernet2/0/5 | Virtual Router 3 state : Initialize Virtual IP : 100.1.1.254 PriorityRun : 100 PriorityConfig : 100

8-68

Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd.

Issue 03 (2008-09-22)

Quidway NetEngine80E/40E Core Router Configuration Guide - VPN

8 Access of L2VPN to L3VPN Configuration

MasterPriority : 100 preempt : yes delay time : 0 Timer : 1 Auth Type : NONE Virtual Mac : 0000-5e00-0103 Check TTL : YES Config type : member-vrrp Virtual-Ethernet2/0/3 | Virtual Router 2 state : Master Virtual IP : 192.168.2.254 PriorityRun : 100 PriorityConfig : 100 MasterPriority : 120 preempt : yes delay time : 0 Timer : 1 Auth Type : NONE Virtual Mac : 0000-5e00-0102 Check TTL : YES Config type : admin-vrrp Virtual-Ethernet2/0/1 | Virtual Router 1 state : Initialize Virtual IP : 192.168.1.254 PriorityRun : 120 PriorityConfig : 120 MasterPriority : 120 preempt : yes delay time : 0 Timer : 1 Auth Type : NONE Virtual Mac : 0000-5e00-0101 Check TTL : YES Config type : admin-vrrp

CE1 and CE3 can ping through each other. Take CE1 as example:
<CE1> ping 100.3.1.1 PING 100.3.1.1: 56 data bytes, press CTRL_C to break Reply from 100.3.1.1: bytes=56 Sequence=1 ttl=255 time=31 ms Reply from 100.3.1.1: bytes=56 Sequence=2 ttl=255 time=10 ms Reply from 100.3.1.1: bytes=56 Sequence=3 ttl=255 time=5 ms Reply from 100.3.1.1: bytes=56 Sequence=4 ttl=255 time=2 ms Reply from 100.3.1.1: bytes=56 Sequence=5 ttl=255 time=28 ms --- 100.3.1.1 ping statistics --5 packet(s) transmitted 5 packet(s) received 0.00% packet loss round-trip min/avg/max = 2/15/31 ms

Configuration Files
l

Configuration file of UPE1


# sysname UPE1 # mpls lsr-id 1.1.1.9 mpls # mpls l2vpn # vsi admin-vsi1 static pwsignal ldp vsi-id 10 peer 3.3.3.9 upe peer 4.4.4.9 upe encapsulation ethernet admin-vsi # vsi vsi1 static pwsignal ldp vsi-id 101 peer 3.3.3.9

Issue 03 (2008-09-22)

Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd.

8-69

8 Access of L2VPN to L3VPN Configuration

Quidway NetEngine80E/40E Core Router Configuration Guide - VPN

peer 4.4.4.9 encapsulation ethernet track admin-vsi admin-vsi1 # mpls ldp # interface GigabitEthernet1/0/0 undo shutdown ip address 10.1.1.1 255.255.255.0 mpls mpls ldp # interface GigabitEthernet1/0/1 undo shutdown ip address 20.1.1.1 255.255.255.0 mpls mpls ldp # interface GigabitEthernet1/0/2 undo shutdown # interface GigabitEthernet1/0/2.1 vlan-type dot1q 10 l2 binding vsi vsi1 # interface LoopBack1 ip address 1.1.1.9 255.255.255.255 # bfd link1 bind ldp-lsp peer-ip 3.3.3.9 nexthop 10.1.1.2 interface gigabitethernet 1/0/0 discriminator local 13 discriminator remote 31 process-pst commit # bfd link2 bind ldp-lsp peer-ip 4.4.4.9 nexthop 20.1.1.2 interface gigabitethernet 1/0/1 discriminator local 14 discriminator remote 41 process-pst commit # ospf 1 area 0.0.0.0 network 1.1.1.9 0.0.0.0 network 10.1.1.0 0.0.0.255 network 20.1.1.0 0.0.0.255 # return l

Configuration file of UPE2


# sysname UPE2 # mpls lsr-id 2.2.2.9 mpls # mpls l2vpn # vsi admin-vsi2 static pwsignal ldp vsi-id 20 peer 3.3.3.9 upe peer 4.4.4.9 upe encapsulation ethernet admin-vsi # vsi vsi2 static pwsignal ldp vsi-id 102

8-70

Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd.

Issue 03 (2008-09-22)

Quidway NetEngine80E/40E Core Router Configuration Guide - VPN

8 Access of L2VPN to L3VPN Configuration

peer 3.3.3.9 peer 4.4.4.9 encapsulation ethernet track admin-vsi admin-vsi2 # mpls ldp # interface GigabitEthernet1/0/0 undo shutdown ip address 40.1.1.1 255.255.255.0 mpls mpls ldp # interface GigabitEthernet1/0/1 undo shutdown ip address 30.1.1.1 255.255.255.0 mpls mpls ldp # interface GigabitEthernet1/0/2 undo shutdown # interface GigabitEthernet1/0/2.1 vlan-type dot1q 10 l2 binding vsi vsi2 # interface LoopBack1 ip address 2.2.2.9 255.255.255.255 # bfd link1 bind ldp-lsp peer-ip 3.3.3.9 nexthop 30.1.1.2 interface gigabitethernet 1/0/1 discriminator local 23 discriminator remote 32 process-pst commit # bfd link2 bind ldp-lsp peer-ip 4.4.4.9 nexthop 40.1.1.2 interface gigabitethernet 1/0/0 discriminator local 24 discriminator remote 42 process-pst commit # ospf 1 area 0.0.0.0 network 2.2.2.9 0.0.0.0 network 30.1.1.0 0.0.0.255 network 40.1.1.0 0.0.0.255 # return l

Configuration file of NPE1


# sysname NPE1 # ip vpn-instance VPN1 route-distinguisher 100:1 vpn-target 111:1 export-extcommunity vpn-target 111:1 import-extcommunity # ip vpn-instance VPN2 route-distinguisher 100:21 vpn-target 222:1 export-extcommunity vpn-target 222:1 import-extcommunity # mpls lsr-id 3.3.3.9 mpls # mpls l2vpn mpls l2vpn default martini

Issue 03 (2008-09-22)

Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd.

8-71

8 Access of L2VPN to L3VPN Configuration

Quidway NetEngine80E/40E Core Router Configuration Guide - VPN

# mpls ldp # isis 1 network-entity 10.0000.0000.0001.00 # interface Pos1/0/0 undo shutdown link-protocol ppp ip address 50.1.1.2 255.255.255.0 isis enable 1 mpls mpls ldp # interface GigabitEthernet2/0/0 undo shutdown ip address 10.1.1.2 255.255.255.0 mpls mpls ldp # interface GigabitEthernet2/0/1 undo shutdown ip address 30.1.1.2 255.255.255.0 mpls mpls ldp # interface Virtual-Ethernet2/0/0 ve-group 1 l2-terminate mpls l2vc 1.1.1.9 10 # interface Virtual-Ethernet2/0/1 ve-group 1 l3-access ip address 192.168.1.1 255.255.255.0 vrrp vrid 1 virtual-ip 192.168.1.254 vrrp vrid 1 priority 120 vrrp vrid 1 track bfd-session 31 link vrrp vrid 1 track bfd-session 341 peer admin-vrrp vrid 1 # interface Virtual-Ethernet2/0/2 ve-group 2 l2-terminate mpls l2vc 2.2.2.9 20 # interface Virtual-Ethernet2/0/3 ve-group 2 l3-access ip address 192.168.2.1 255.255.255.0 vrrp vrid 2 virtual-ip 192.168.2.254 vrrp vrid 2 track bfd-session 32 link vrrp vrid 2 track bfd-session 342 peer admin-vrrp vrid 2 # interface Virtual-Ethernet2/0/4 ve-group 3 l2-terminate mpls l2vc 1.1.1.9 101 # interface Virtual-Ethernet2/0/5 ve-group 3 l3-access ip binding vpn-instance VPN1 ip address 100.1.1.2 255.255.255.0 vrrp vrid 3 virtual-ip 100.1.1.254 vrrp vrid 3 track admin-vrrp interface virtual-ethernet2/0/1 vrid 1 # interface Virtual-Ethernet2/0/6 ve-group 4 l2-terminate mpls l2vc 2.2.2.9 102 # interface Virtual-Ethernet2/0/7 ve-group 4 l3-access ip binding vpn-instance VPN2

8-72

Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd.

Issue 03 (2008-09-22)

Quidway NetEngine80E/40E Core Router Configuration Guide - VPN

8 Access of L2VPN to L3VPN Configuration

ip address 100.2.1.2 255.255.255.0 vrrp vrid 4 virtual-ip 100.2.1.254 vrrp vrid 4 track admin-vrrp interface virtual-ethernet2/0/3 vrid 2 # interface LoopBack1 ip address 3.3.3.9 255.255.255.255 isis enable 1 # bfd link1 bind ldp-lsp peer-ip 1.1.1.9 nexthop 10.1.1.1 interface gigabitethernet 2/0/0 discriminator local 31 discriminator remote 13 process-pst commit # bfd link2 bind ldp-lsp peer-ip 2.2.2.9 nexthop 30.1.1.1 interface gigabitethernet 2/0/1 discriminator local 32 discriminator remote 23 process-pst commit # bfd peer1 bind peer-ip 192.168.1.2 discriminator local 341 discriminator remote 431 min-tx-interval 30 min-rx-interval 30 commit # bfd peer2 bind peer-ip 192.168.2.2 discriminator local 342 discriminator remote 432 min-tx-interval 30 min-rx-interval 30 commit # bgp 100 peer 5.5.5.9 as-number 100 peer 5.5.5.9 connect-interface LoopBack1 # ipv4-family unicast undo synchronization peer 5.5.5.9 enable # ipv4-family vpnv4 policy vpn-target peer 5.5.5.9 enable # ipv4-family vpn-instance VPN1 import-route ospf 100 import-route direct # ipv4-family vpn-instance VPN2 import-route ospf 200 import-route direct # ospf 1 area 0.0.0.0 network 3.3.3.9 0.0.0.0 network 10.1.1.0 0.0.0.255 network 30.1.1.0 0.0.0.255 # ospf 100 vpn-instance VPN1 import-route bgp domain-id 0.0.0.10 area 0.0.0.0 network 100.1.1.0 0.0.0.255 # ospf 200 vpn-instance VPN2

Issue 03 (2008-09-22)

Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd.

8-73

8 Access of L2VPN to L3VPN Configuration


import-route bgp domain-id 0.0.0.20 area 0.0.0.0 network 100.2.1.0 0.0.0.255 # return l

Quidway NetEngine80E/40E Core Router Configuration Guide - VPN

Configuration file of NPE2


# sysname NPE2 # ip vpn-instance VPN1 route-distinguisher 100:2 vpn-target 111:1 export-extcommunity vpn-target 111:1 import-extcommunity # ip vpn-instance VPN2 route-distinguisher 100:22 vpn-target 222:1 export-extcommunity vpn-target 222:1 import-extcommunity # mpls lsr-id 4.4.4.9 mpls # mpls l2vpn mpls l2vpn default martini # mpls ldp # isis 1 network-entity 10.0000.0000.0002.00 # interface Pos1/0/0 undo shutdown link-protocol ppp ip address 60.1.1.2 255.255.255.0 isis enable 1 mpls mpls ldp # interface GigabitEthernet2/0/0 undo shutdown ip address 40.1.1.2 255.255.255.0 mpls mpls ldp # interface GigabitEthernet2/0/1 undo shutdown ip address 20.1.1.2 255.255.255.0 mpls mpls ldp # interface Virtual-Ethernet2/0/0 ve-group 1 l2-terminate mpls l2vc 1.1.1.9 10 # interface Virtual-Ethernet2/0/1 ve-group 1 l3-access ip address 192.168.1.2 255.255.255.0 vrrp vrid 1 virtual-ip 192.168.1.254 vrrp vrid 1 track bfd-session 41 link vrrp vrid 1 track bfd-session 431 peer admin-vrrp vrid 1 # interface Virtual-Ethernet2/0/2 ve-group 2 l2-terminate mpls l2vc 2.2.2.9 20 # interface Virtual-Ethernet2/0/3 ve-group 2 l3-access

8-74

Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd.

Issue 03 (2008-09-22)

Quidway NetEngine80E/40E Core Router Configuration Guide - VPN

8 Access of L2VPN to L3VPN Configuration

ip address 192.168.2.2 255.255.255.0 vrrp vrid 2 virtual-ip 192.168.2.254 vrrp vrid 2 priority 120 vrrp vrid 2 track bfd-session 42 link vrrp vrid 2 track bfd-session 432 peer admin-vrrp vrid 2 # interface Virtual-Ethernet2/0/4 ve-group 3 l2-terminate mpls l2vc 1.1.1.9 101 # interface Virtual-Ethernet2/0/5 ve-group 3 l3-access ip binding vpn-instance VPN1 ip address 100.1.1.3 255.255.255.0 vrrp vrid 3 virtual-ip 100.1.1.254 vrrp vrid 3 track admin-vrrp interface virtual-ethernet2/0/1 vrid 1 # interface Virtual-Ethernet2/0/6 ve-group 4 l2-terminate mpls l2vc 2.2.2.9 102 # interface Virtual-Ethernet2/0/7 ve-group 4 l3-access ip binding vpn-instance VPN2 ip address 100.2.1.3 255.255.255.0 vrrp vrid 4 virtual-ip 100.2.1.254 vrrp vrid 4 track admin-vrrp interface virtual-ethernet2/0/3 vrid 2 # interface LoopBack1 ip address 4.4.4.9 255.255.255.255 isis enable 1 # bfd link1 bind ldp-lsp peer-ip 1.1.1.9 nexthop 20.1.1.1 interface gigabitethernet 2/0/1 discriminator local 41 discriminator remote 14 process-pst commit # bfd link2 bind ldp-lsp peer-ip 2.2.2.9 nexthop 40.1.1.1 interface gigabitethernet 2/0/0 discriminator local 42 discriminator remote 24 process-pst commit # bfd peer1 bind peer-ip 192.168.1.1 discriminator local 431 discriminator remote 341 min-tx-interval 30 min-rx-interval 30 commit # bfd peer2 bind peer-ip 192.168.2.1 discriminator local 432 discriminator remote 342 min-tx-interval 30 min-rx-interval 30 commit # bgp 100 peer 5.5.5.9 as-number 100 peer 5.5.5.9 connect-interface LoopBack1 # ipv4-family unicast undo synchronization peer 5.5.5.9 enable #

Issue 03 (2008-09-22)

Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd.

8-75

8 Access of L2VPN to L3VPN Configuration


ipv4-family vpnv4 policy vpn-target peer 5.5.5.9 enable # ipv4-family vpn-instance VPN1 import-route ospf 100 import-route direct # ipv4-family vpn-instance VPN2 import-route ospf 200 import-route direct # ospf 1 area 0.0.0.0 network 4.4.4.9 0.0.0.0 network 20.1.1.0 0.0.0.255 network 40.1.1.0 0.0.0.255 # ospf 100 vpn-instance VPN1 import-route bgp domain-id 0.0.0.10 area 0.0.0.0 network 100.1.1.0 0.0.0.255 # ospf 200 vpn-instance VPN2 import-route bgp domain-id 0.0.0.20 area 0.0.0.0 network 100.2.1.0 0.0.0.255 # return l

Quidway NetEngine80E/40E Core Router Configuration Guide - VPN

Configuration file of PE3


# sysname PE3 # ip vpn-instance VPN1 route-distinguisher 100:3 vpn-target 111:1 export-extcommunity vpn-target 111:1 import-extcommunity # ip vpn-instance VPN2 route-distinguisher 100:23 vpn-target 222:1 export-extcommunity vpn-target 222:1 import-extcommunity # mpls lsr-id 5.5.5.9 mpls # mpls ldp # isis 1 network-entity 10.0000.0000.0003.00 # interface GigabitEthernet1/0/0 undo shutdown ip binding vpn-instance VPN1 ip address 100.3.1.2 255.255.255.0 # interface GigabitEthernet1/0/1 undo shutdown ip binding vpn-instance VPN2 ip address 100.4.1.2 255.255.255.0 # interface Pos2/0/0 undo shutdown link-protocol ppp ip address 50.1.1.1 255.255.255.0 isis enable 1 mpls

8-76

Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd.

Issue 03 (2008-09-22)

Quidway NetEngine80E/40E Core Router Configuration Guide - VPN

8 Access of L2VPN to L3VPN Configuration

mpls ldp # interface Pos3/0/0 undo shutdown link-protocol ppp ip address 60.1.1.1 255.255.255.0 isis enable 1 mpls mpls ldp # interface LoopBack1 ip address 5.5.5.9 255.255.255.255 isis enable 1 # bgp 100 peer 3.3.3.9 as-number 100 peer 3.3.3.9 connect-interface LoopBack1 peer 4.4.4.9 as-number 100 peer 4.4.4.9 connect-interface LoopBack1 # ipv4-family unicast undo synchronization peer 3.3.3.9 enable peer 4.4.4.9 enable # ipv4-family vpnv4 policy vpn-target peer 3.3.3.9 enable peer 4.4.4.9 enable # ipv4-family vpn-instance VPN1 import-route ospf 100 import-route direct # ipv4-family vpn-instance VPN2 import-route ospf 200 import-route direct # ospf 100 vpn-instance VPN1 import-route bgp domain-id 0.0.0.10 area 0.0.0.0 network 100.3.1.0 0.0.0.255 # ospf 200 vpn-instance VPN2 import-route bgp domain-id 0.0.0.20 area 0.0.0.0 network 100.4.1.0 0.0.0.255 # return l

Configuration file of CE1


# sysname CE1 # interface GigabitEthernet1/0/0 undo shutdown # interface GigabitEthernet1/0/0.1 vlan-type dot1q 10 ip address 100.1.1.1 255.255.255.0 # ospf 100 area 0.0.0.0 network 100.1.1.0 0.0.0.255 # return

Configuration file of CE2


Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd. 8-77

Issue 03 (2008-09-22)

8 Access of L2VPN to L3VPN Configuration


# sysname CE2 # interface GigabitEthernet1/0/0 undo shutdown # interface GigabitEthernet1/0/0.1 vlan-type dot1q 10 ip address 100.2.1.1 255.255.255.0 # ospf 200 area 0.0.0.0 network 100.2.1.0 0.0.0.255 # return l

Quidway NetEngine80E/40E Core Router Configuration Guide - VPN

Configuration file of CE3


# sysname CE3 # interface GigabitEthernet1/0/0 undo shutdown ip address 100.3.1.1 255.255.255.0 # ospf 100 area 0.0.0.0 network 100.3.1.0 0.0.0.255 # return

Configuration file of CE4


# sysname CE4 # interface GigabitEthernet1/0/0 undo shutdown ip address 100.4.1.1 255.255.255.0 # ospf 200 area 0.0.0.0 network 100.4.1.0 0.0.0.255 # return

8.5.5 Example for Configuring an L2VPN to Access Multiple L3VPNs Through Sub-interfaces for QinQ VLAN Tag Termination
Networking Requirements
As shown in Figure 8-10, NPEs and PEs serve as the PE of the IP/MPLS backbone network; UPEs serve as the PE of the VLL access network. LDP is used as the signaling protocol to set up a VLL between the UPE and the NPE. CE1 and CE2 are two sites of the same user, and they carry different types of services. The inner VLAN tag 10 and 20 are used to distinguish the services. The user services are tagged with outer VLAN tag100 after convergence by the Switch. UPEs send the packets to NPE by using the specified VLL on the access network according to the outer VLAN tag. Create VE 2/0/0 and VE 2/0/1 on NPE. VE 2/0/0 terminates the L2VE of VLL, and the VE 2/0/1 connects to the L3VE on MPLS L3VPN. Create two VE sub-interfaces on VE 2/0/1. VE 2/0/1.1 terminates the QinQ user packets with inner VLAN tag as 10, and connects to VPN1; VE 2/0/1.2 terminates the QinQ user packets with an inner VLAN tag as 20, and connects to VPN2. Therefore, the ping operations between CE1 and CE3, and CE2 and CE4 succeed.
8-78 Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd. Issue 03 (2008-09-22)

Quidway NetEngine80E/40E Core Router Configuration Guide - VPN

8 Access of L2VPN to L3VPN Configuration

Figure 8-10 Networking diagram of configuring an L2VPN to access multiple L3VPNs through sub-interfaces for QinQ VLAN tag termination
VPN1 CE1 CE3 VPN1

GE1/0/0.1 100.1.1.1/24

VLAN10
GE1/0/1 GE1/0/0

Loopback1 1.1.1.9/32 POS2/0/0 10.1.1.1/24

Loopback1 2.2.2.9/32 POS1/0/0 20.1.1.1/24

GE1/0/0 100.3.1.1/24 GE1/0/0 100.3.1.2/24 Loopback1 3.3.3.9/32 GE1/0/1 100.4.1.2/24

Switch
GE1/0/2

GE1/0/0.1

VLAN100 VLAN20

UPE

POS2/0/0 10.1.1.2/24

NPE

POS2/0/0 20.1.1.2/24

PE

Access network

IP/MPLS core network

GE1/0/0.1 100.2.1.1/24

GE1/0/0 100.4.1.1/24

VPN2

CE2

CE4

VPN2

Configuration Roadmap
The configuration roadmap is as follows: 1. 2. 3. Configure the MPLS L3VPN backbone network. Create the L2VE interface on NPE to terminate the VLL, and the L3VE interface to access L3VPN. Bind them to the same VE-group. To configure the Martini VLL on the access network, perform the following procedures:
l

Configure routing protocols for devices (UPEs, P, and NPEs) on the access network to make them communicate, and enable MPLS. The default tunnel policy is used, and LSPs are set up to transmit user data. Enable MPLS L2VPN on the UPE and NPE, and establish VCs.

l l

4. 5.

Enable Layer 2 forwarding and QinQ on the Switch. Configure the access of CEs to MPLS L3VPN.

Data Preparation
To complete the configuration, you need the following data:
l l l l

VE-group number IP addresses of VE interfaces Names of VPN instances for MPLS L3VPN Value of inner and outer VLAN tag of user packets

Configuration Procedure
1. Configure an IP address for each interface. The configuration details are not mentioned here.
Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd. 8-79

Issue 03 (2008-09-22)

8 Access of L2VPN to L3VPN Configuration

Quidway NetEngine80E/40E Core Router Configuration Guide - VPN

Configure the IP addresses for physical interfaces and the loopback interface according to Figure 8-10. The configuration details are not mentioned here. 2. Create VE 2/0/0 and VE 2/0/1 on NPEs, and bind them to the same VE-group. # Create VE 2/0/0 to terminate the MPLS L2VPN.
<Quidway> system-view [Quidway] sysname NPE [NPE] interface virtual-ethernet2/0/0 [NPE-Virtual-Ethernet2/0/0] ve-group 1 l2-terminate [NPE-Virtual-Ethernet2/0/0] quit

# Create VE 2/0/1 to access the MPLS L3VPN.


[NPE] interface virtual-ethernet2/0/1 [NPE-Virtual-Ethernet2/0/1] ve-group 1 l3-access [NPE-Virtual-Ethernet2/0/1] quit

After the configuration is complete, run the display virtual-ethernet ve-group command. You can view the binding relationship between VE interfaces and a VE-group.
[NPE] display virtual-ethernet ve-group Ve-groupID L2VE 1 Virtual-Ethernet2/0/0 Total 1, 1 printed L3VE Virtual-Ethernet2/0/1

3.

Run an IGP on the VLL access network. OSPF is used in the example. The configuration details are not mentioned here. When configuring OSPF, advertise the 32-bit loopback interface addresses of the UPE and the NPE. For more configurations, see "Configuration Files."

4.

Configure basic MPLS functions and LDP on the VLL access network. # Configure the UPE.
<Quidway> system-view [Quidway] sysname UPE [UPE] mpls lsr-id 1.1.1.9 [UPE] mpls [UPE-mpls] quit [UPE] mpls ldp [UPE-mpls-ldp] quit [UPE] interface pos 2/0/0 [UPE-Pos2/0/0] mpls [UPE-Pos2/0/0] mpls ldp [UPE-Pos2/0/0] undo shutdown [UPE-Pos2/0/0] quit

# Configure the NPE.


<Quidway> system-view [Quidway] sysname NPE [NPE] mpls lsr-id 2.2.2.9 [NPE] mpls [NPE-mpls] quit [NPE] mpls ldp [NPE-mpls-ldp] quit [NPE] interface pos 2/0/0 [NPE-Pos2/0/0] mpls [NPE-Pos2/0/0] mpls ldp [NPE-Pos2/0/0] undo shutdown [NPE-Pos2/0/0] quit

5.

Enable MPLS L2VPN on the PE and establish VCs. # Configure the UPE.
[UPE] mpls l2vpn [UPE-l2vpn] mpls l2vpn default martini [UPE-l2vpn] quit [UPE] interface gigabitethernet 1/0/0.1

8-80

Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd.

Issue 03 (2008-09-22)

Quidway NetEngine80E/40E Core Router Configuration Guide - VPN


[UPE-GigabitEthernet1/0/0.1] [UPE-GigabitEthernet1/0/0.1] [UPE-GigabitEthernet1/0/0.1] [UPE-GigabitEthernet1/0/0.1] [UPE-GigabitEthernet1/0/0.1]

8 Access of L2VPN to L3VPN Configuration


shutdown vlan-type dot1q 100 mpls l2vc 2.2.2.9 101 undo shutdown quit

# Configure the NPE.


NOTE

The default VC type of a VLL on a VE interface is Ethernet. Therefore, when creating an L2VC on the UPE, you need to specify tagged to change the VC type to VLAN so that the encapsulation types at both ends of a VC are the same.
[NPE] mpls l2vpn [NPE-l2vpn] mpls l2vpn default martini [NPE-l2vpn] quit [NPE] interface virtual-ethernet2/0/0 [NPE-Virtual-Ethernet2/0/0] mpls l2vc 1.1.1.9 101 [NPE-Virtual-Ethernet2/0/0] quit

tagged

After the configuration is complete, check the VLL connections on the UPE and NPE. You can find one static L2VC. Take the NPE as an example.
[NPE] display mpls l2vc Total ldp vc : 1 1 up 0 down *Client Interface : Virtual-Ethernet2/0/0 Session State : up AC Status : up VC State : up VC ID : 101 VC Type : vlan Destination : 1.1.1.9 local VC label : 140288 remote VC label : 140292 control word : disable forwarding entry : not exist local group ID : 0 manual fault : not set active state : active link state : up local VC MTU : 1500 remote VC MTU : 1500 tunnel policy name : lsp traffic behavior name: -PW template name : -primary or secondary : primary create time : 0 days, 0 hours, 30 minutes, 18 seconds up time : 0 days, 0 hours, 0 minutes, 0 seconds last change time : 0 days, 0 hours, 30 minutes, 18 seconds

6.

Enable QinQ to add double tags for packets being sent to UPE by the Switch. # Configure the Switch.
<Quidway> system-view [Quidway] sysname Switch [Switch] vlan 100 [Switch-vlan100] quit [Switch] interface gigabitethernet [Switch-GigabitEthernet1/0/0] port [Switch-GigabitEthernet1/0/0] quit [Switch] interface gigabitethernet [Switch-GigabitEthernet1/0/1] port [Switch-GigabitEthernet1/0/1] quit [Switch] interface gigabitethernet [Switch-GigabitEthernet1/0/2] port [Switch-GigabitEthernet1/0/2] quit

1/0/0 trunk allow-pass vlan 100 1/0/1 vlan-stacking outside-vlan 10 stack-vlan 100 1/0/2 vlan-stacking outside-vlan 20 stack-vlan 100

# Configure CE1.
<Quidway> system-view [Quidway] sysname CE1 [CE1] interface gigabitethernet 1/0/0.1

Issue 03 (2008-09-22)

Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd.

8-81

8 Access of L2VPN to L3VPN Configuration

Quidway NetEngine80E/40E Core Router Configuration Guide - VPN

[CE1-GigabitEthernet1/0/0.1] ip address 100.1.1.1 24 [CE1-GigabitEthernet1/0/0.1] vlan-type dot1q 10 [CE1-GigabitEthernet1/0/0.1] quit

# Configure CE2.
<Quidway> system-view [Quidway] sysname CE2 [CE2] interface gigabitethernet 1/0/0.1 [CE2-GigabitEthernet1/0/0.1] ip address 100.2.1.1 24 [CE2-GigabitEthernet1/0/0.1] vlan-type dot1q 20 [CE2-GigabitEthernet1/0/0.1] quit

7.

Run the IGP on the MPLS backbone network. IS-IS is used as the IGP protocol in this example. The configuration details are not mentioned here. When configuring IS-IS, advertise the 32-bit loopback interface addresses of the PE and the NPE. For more configurations, see "Configuration Files."

8.

Create VPN instances, and configure the CEs to access the instances. # Configure the NPE.
[NPE] ip vpn-instance VPN1 [NPE-vpn-instance-VPN1] route-distinguisher 100:1 [NPE-vpn-instance-VPN1] vpn-target 111:1 both [NPE-vpn-instance-VPN1] quit [NPE] ip vpn-instance VPN2 [NPE-vpn-instance-VPN2] route-distinguisher 200:1 [NPE-vpn-instance-VPN2] vpn-target 222:1 both [NPE-vpn-instance-VPN2] quit [NPE] interface virtual-ethernet2/0/1 [NPE-Virtual-Ethernet2/0/1] mode user-termination [NPE-Virtual-Ethernet2/0/1] quit [NPE] interface virtual-ethernet2/0/1.1 [NPE-Virtual-Ethernet2/0/1.1] qinq termination ce-vid [NPE-Virtual-Ethernet2/0/1.1] ip binding vpn-instance [NPE-Virtual-Ethernet2/0/1.1] ip address 100.1.1.2 24 [NPE-Virtual-Ethernet2/0/1.1] arp broadcast enable [NPE-Virtual-Ethernet2/0/1.1] quit [NPE] interface virtual-ethernet2/0/1.2 [NPE-Virtual-Ethernet2/0/1.2] qinq termination ce-vid [NPE-Virtual-Ethernet2/0/1.2] ip binding vpn-instance [NPE-Virtual-Ethernet2/0/1.2] ip address 100.2.1.2 24 [NPE-Virtual-Ethernet2/0/1.2] arp broadcast enable [NPE-Virtual-Ethernet2/0/1.2] quit

10 VPN1

20 VPN2

# Configure the PE.


[PE] ip vpn-instance VPN1 [PE-vpn-instance-VPN1] route-distinguisher 100:2 [PE-vpn-instance-VPN1] vpn-target 111:1 both [PE-vpn-instance-VPN1] quit [PE] ip vpn-instance VPN2 [PE-vpn-instance-VPN2] route-distinguisher 200:2 [PE-vpn-instance-VPN2] vpn-target 222:1 both [PE-vpn-instance-VPN2] quit [PE] interface gigabitethernet1/0/0 [PE-GigabitEthernet1/0/0] ip binding vpn-instance VPN1 [PE-GigabitEthernet1/0/0] ip address 100.3.1.2 24 [PE-GigabitEthernet1/0/0] undo shutdown [PE-GigabitEthernet1/0/0] quit [PE] interface gigabitethernet1/0/1 [PE-GigabitEthernet1/0/1] ip binding vpn-instance VPN2 [PE-GigabitEthernet1/0/1] ip address 100.4.1.2 24 [PE-GigabitEthernet1/0/1] undo shutdown [PE-GigabitEthernet1/0/1] quit

# Configure CE3.
<Quidway> system-view [Quidway] sysname CE3

8-82

Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd.

Issue 03 (2008-09-22)

Quidway NetEngine80E/40E Core Router Configuration Guide - VPN

8 Access of L2VPN to L3VPN Configuration

[CE3] interface gigabitethernet1/0/0 [CE3-GigabitEthernet1/0/0] ip address 100.3.1.1 24 [CE3-GigabitEthernet1/0/0] undo shutdown [CE3-GigabitEthernet1/0/0] quit

# Configure CE4.
<Quidway> system-view [Quidway] sysname CE4 [CE4] interface gigabitethernet1/0/0 [CE4-GigabitEthernet1/0/0] ip address 100.4.1.1 24 [CE4-GigabitEthernet1/0/0] undo shutdown [CE4-GigabitEthernet1/0/0] quit

9.

Run OSPF between the PE and CE devices, and import the VPN routes. # Configure the NPE.
[NPE] ospf 100 vpn-instance VPN1 [NPE-ospf-100] domain-id 10 [NPE-ospf-100] import-route bgp [NPE-ospf-100] area 0 [NPE-ospf-100-area-0.0.0.0] network 100.1.1.0 0.0.0.255 [NPE-ospf-100-area-0.0.0.0] quit [NPE-ospf-100] quit [NPE] ospf 200 vpn-instance VPN2 [NPE-ospf-200] domain-id 20 [NPE-ospf-200] import-route bgp [NPE-ospf-200] area 0 [NPE-ospf-200-area-0.0.0.0] network 100.2.1.0 0.0.0.255 [NPE-ospf-200-area-0.0.0.0] quit [NPE-ospf-200] quit [NPE] bgp 100 [NPE-bgp] ipv4-family vpn-instance VPN1 [NPE-bgp-VPN1] import-route direct [NPE-bgp-VPN1] import-route ospf 100 [NPE-bgp-VPN1] quit [NPE-bgp] ipv4-family vpn-instance VPN2 [NPE-bgp-VPN2] import-route direct [NPE-bgp-VPN2] import-route ospf 200 [NPE-bgp-VPN2] quit [NPE-bgp] quit

# Configure CE1.
[CE1] ospf 100 [CE1-ospf-100] area 0 [CE1-ospf-100-area-0.0.0.0] network 100.1.1.0 0.0.0.255 [CE1-ospf-100-area-0.0.0.0] quit [CE1-ospf-100] quit

# Configure CE2.
[CE2] ospf 200 [CE2-ospf-200] area 0 [CE2-ospf-200-area-0.0.0.0] network 100.2.1.0 0.0.0.255 [CE2-ospf-200-area-0.0.0.0] quit [CE2-ospf-200] quit

# Configure the PE.


[PE] ospf 100 vpn-instance [PE-ospf-100] domain-id 10 [PE-ospf-100] import-route [PE-ospf-100] area 0 [PE-ospf-100-area-0.0.0.0] [PE-ospf-100-area-0.0.0.0] [PE-ospf-100] quit [PE] ospf 200 vpn-instance [PE-ospf-200] domain-id 20 [PE-ospf-200] import-route [PE-ospf-200] area 0 [PE-ospf-200-area-0.0.0.0] [PE-ospf-200-area-0.0.0.0] [PE-ospf-200] quit VPN1 bgp network 100.3.1.0 0.0.0.255 quit VPN2 bgp network 100.4.1.0 0.0.0.255 quit

Issue 03 (2008-09-22)

Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd.

8-83

8 Access of L2VPN to L3VPN Configuration


[PE] bgp 100 [PE-bgp] ipv4-family vpn-instance VPN1 [PE-bgp-VPN1] import-route direct [PE-bgp-VPN1] import-route ospf 100 [PE-bgp-VPN1] quit [PE-bgp] ipv4-family vpn-instance VPN2 [PE-bgp-VPN2] import-route direct [PE-bgp-VPN2] import-route ospf 200 [PE-bgp-VPN2] quit [PE-bgp] quit

Quidway NetEngine80E/40E Core Router Configuration Guide - VPN

# Configure CE3.
[CE3] ospf 100 [CE3-ospf-100] area 0 [CE3-ospf-100-area-0.0.0.0] network 100.3.1.0 0.0.0.255 [CE3-ospf-100-area-0.0.0.0] quit [CE3-ospf-100] quit

# Configure CE4.
[CE4] ospf 200 [CE4-ospf-200] area 0 [CE4-ospf-200-area-0.0.0.0] network 100.4.1.0 0.0.0.255 [CE4-ospf-200-area-0.0.0.0] quit [CE4-ospf-200] quit

10. Set up MP-IBGP peer relationships between the NPE and PE. # Configure the NPE.
[NPE] bgp 100 [NPE-bgp] peer 3.3.3.9 as-number 100 [NPE-bgp] peer 3.3.3.9 connect-interface loopback 1 [NPE-bgp] ipv4-family vpnv4 [NPE-bgp-af-vpnv4] peer 3.3.3.9 enable [NPE-bgp-af-vpnv4] quit

# Configure the PE.


[PE] bgp 100 [PE-bgp] peer 2.2.2.9 as-number 100 [PE-bgp] peer 2.2.2.9 connect-interface loopback 1 [PE-bgp] ipv4-family vpnv4 [PE-bgp-af-vpnv4] peer 2.2.2.9 enable [PE-bgp-af-vpnv4] quit

After the configuration, run the display bgp peer command on the PE or the NPE. You can view that the BGP peer relationship between the PE and the NPE is set up and the status of the peer relationship is Established. Take the NPE as an example.
[NPE] display bgp peer BGP local router ID : 2.2.2.9 Local AS number : 100 Total number of peers : 1 Peers in established state : 1 Peer V AS MsgRcvd MsgSent OutQ Up/Down State PrefRcv 3.3.3.9 4 100 2 6 0 00:00:12 Established 2

11. Verify the configuration. # Run the display ip routing-table vpn-instance command on the PE or the NPE. You can view the routes to the remote CE. Take the NPE as an example.
[NPE] display ip routing-table vpn-instance VPN1 Route Flags: R - relay, D - download to fib -----------------------------------------------------------------------------Routing Tables: VPN1 Destinations : 3 Routes : 3 Destination/Mask Proto Pre Cost Flags NextHop Interface 100.1.1.0/24 Direct 0 0 D 100.1.1.2 Virtual-Ethernet2 /0/1.1 100.1.1.2/32 Direct 0 0 D 127.0.0.1 InLoopBack0

8-84

Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd.

Issue 03 (2008-09-22)

Quidway NetEngine80E/40E Core Router Configuration Guide - VPN

8 Access of L2VPN to L3VPN Configuration

100.3.1.0/24 BGP 255 0 RD 3.3.3.9 Pos1/0/0 [NPE] display ip routing-table vpn-instance VPN2 Route Flags: R - relay, D - download to fib -----------------------------------------------------------------------------Routing Tables: VPN2 Destinations : 3 Routes : 3 Destination/Mask Proto Pre Cost Flags NextHop Interface 100.2.1.0/24 Direct 0 0 D 100.2.1.2 Virtual-Ethernet2 /0/1.2 100.2.1.2/32 Direct 0 0 D 127.0.0.1 InLoopBack0 100.4.1.0/24 BGP 255 0 RD 3.3.3.9 Pos1/0/0

# The ping operations between CE1 and CE3, and CE2 and CE4 succeed. Take CE1 as example:
[CE1] ping 100.3.1.1 PING 100.3.1.1: 56 data bytes, press CTRL_C to break Reply from 100.3.1.1: bytes=56 Sequence=1 ttl=255 time=31 ms Reply from 100.3.1.1: bytes=56 Sequence=2 ttl=255 time=10 ms Reply from 100.3.1.1: bytes=56 Sequence=3 ttl=255 time=5 ms Reply from 100.3.1.1: bytes=56 Sequence=4 ttl=255 time=2 ms Reply from 100.3.1.1: bytes=56 Sequence=5 ttl=255 time=28 ms --- 100.3.1.1 ping statistics --5 packet(s) transmitted 5 packet(s) received 0.00% packet loss round-trip min/avg/max = 2/15/31 ms

Configuration Files
l

Configuration file of the UPE


# sysname UPE # mpls lsr-id 1.1.1.9 mpls # mpls l2vpn mpls l2vpn default martini # mpls ldp # interface GigabitEthernet1/0/0 undo shutdown # interface GigabitEthernet1/0/0.1 vlan-type dot1q 100 mpls l2vc 2.2.2.9 101 # interface Pos2/0/0 undo shutdown link-protocol ppp ip address 10.1.1.1 255.255.255.0 mpls mpls ldp # interface LoopBack1 ip address 1.1.1.9 255.255.255.255 # ospf 1 area 0.0.0.0 network 1.1.1.9 0.0.0.0 network 10.1.1.0 0.0.0.255 # return

Configuration file of the NPE


# sysname NPE

Issue 03 (2008-09-22)

Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd.

8-85

8 Access of L2VPN to L3VPN Configuration


# ip vpn-instance VPN1 route-distinguisher 100:1 vpn-target 111:1 export-extcommunity vpn-target 111:1 import-extcommunity # ip vpn-instance VPN2 route-distinguisher 200:1 vpn-target 222:1 export-extcommunity vpn-target 222:1 import-extcommunity # mpls lsr-id 2.2.2.9 mpls # mpls l2vpn mpls l2vpn default martini # mpls ldp # isis 1 network-entity 10.0000.0000.0001.00 # interface Pos1/0/0 undo shutdown link-protocol ppp ip address 20.1.1.1 255.255.255.0 isis enable 1 mpls mpls ldp # interface Pos2/0/0 undo shutdown link-protocol ppp ip address 10.1.1.2 255.255.255.0 mpls mpls ldp # interface Virtual-Ethernet2/0/0 ve-group 1 l2-terminate mpls l2vc 1.1.1.9 101 tagged # interface Virtual-Ethernet2/0/1 ve-group 1 l3-access mode user-termination # interface Virtual-Ethernet2/0/1.1 qinq termination ce-vid 10 ip binding vpn-instance VPN1 ip address 100.1.1.2 255.255.255.0 arp broadcast enable # interface Virtual-Ethernet2/0/1.2 qinq termination ce-vid 20 ip binding vpn-instance VPN2 ip address 100.2.1.2 255.255.255.0 arp broadcast enable # interface LoopBack1 ip address 2.2.2.9 255.255.255.255 isis enable 1 # bgp 100 peer 3.3.3.9 as-number 100 peer 3.3.3.9 connect-interface LoopBack1 # ipv4-family unicast undo synchronization peer 3.3.3.9 enable #

Quidway NetEngine80E/40E Core Router Configuration Guide - VPN

8-86

Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd.

Issue 03 (2008-09-22)

Quidway NetEngine80E/40E Core Router Configuration Guide - VPN


ipv4-family vpnv4 policy vpn-target peer 3.3.3.9 enable # ipv4-family vpn-instance VPN1 import-route ospf 100 import-route direct # ipv4-family vpn-instance VPN2 import-route ospf 200 import-route direct # ospf 1 area 0.0.0.0 network 2.2.2.9 0.0.0.0 network 10.1.1.0 0.0.0.255 # ospf 100 vpn-instance VPN1 import-route bgp domain-id 0.0.0.10 area 0.0.0.0 network 100.1.1.0 0.0.0.255 # ospf 200 vpn-instance VPN2 import-route bgp domain-id 0.0.0.20 area 0.0.0.0 network 100.2.1.0 0.0.0.255 # return l

8 Access of L2VPN to L3VPN Configuration

Configuration file of the PE


# sysname PE # ip vpn-instance VPN1 route-distinguisher 100:1 vpn-target 111:1 export-extcommunity vpn-target 111:1 import-extcommunity # ip vpn-instance VPN2 route-distinguisher 200:1 vpn-target 222:1 export-extcommunity vpn-target 222:1 import-extcommunity # mpls lsr-id 3.3.3.9 mpls # mpls ldp # isis 1 network-entity 10.0000.0000.0002.00 # interface GigabitEthernet1/0/0 undo shutdown ip binding vpn-instance VPN1 ip address 100.3.1.2 255.255.255.0 # interface GigabitEthernet1/0/0 undo shutdown ip binding vpn-instance VPN2 ip address 100.4.1.2 255.255.255.0 # interface Pos1/0/0 undo shutdown link-protocol ppp ip address 20.1.1.2 255.255.255.0 isis enable 1 mpls mpls ldp

Issue 03 (2008-09-22)

Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd.

8-87

8 Access of L2VPN to L3VPN Configuration


# interface LoopBack1 ip address 3.3.3.9 255.255.255.255 isis enable 1 # bgp 100 peer 2.2.2.9 as-number 100 peer 2.2.2.9 connect-interface LoopBack1 # ipv4-family unicast undo synchronization peer 2.2.2.9 enable # ipv4-family vpnv4 policy vpn-target peer 2.2.2.9 enable # ipv4-family vpn-instance VPN1 import-route ospf 100 import-route direct # ipv4-family vpn-instance VPN2 import-route ospf 200 import-route direct # ospf 100 vpn-instance VPN1 import-route bgp domain-id 0.0.0.10 area 0.0.0.0 network 100.3.1.0 0.0.0.255 # ospf 200 vpn-instance VPN2 import-route bgp domain-id 0.0.0.20 area 0.0.0.0 network 100.4.1.0 0.0.0.255 # return l

Quidway NetEngine80E/40E Core Router Configuration Guide - VPN

Configuration file of the Switch


# sysname Switch # vlan batch 100 # interface GigabitEthernet1/0/0 undo shutdown port trunk allow-pass vlan 100 # interface GigabitEthernet1/0/1 undo shutdown port vlan-stacking outside-vlan 10 stack-vlan 100 # interface GigabitEthernet1/0/2 undo shutdown port vlan-stacking outside-vlan 20 stack-vlan 100 # return

Configuration file of the CE1


# sysname CE1 # interface GigabitEthernet1/0/0 undo shutdown # interface GigabitEthernet1/0/0.1 vlan-type dot1q 10 ip address 100.1.1.1 255.255.255.0 #

8-88

Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd.

Issue 03 (2008-09-22)

Quidway NetEngine80E/40E Core Router Configuration Guide - VPN


ospf 100 area 0.0.0.0 network 100.1.1.0 0.0.0.255 # return l

8 Access of L2VPN to L3VPN Configuration

Configuration file of the CE2


# sysname CE2 # interface GigabitEthernet1/0/0 undo shutdown # interface GigabitEthernet1/0/0.1 vlan-type dot1q 20 ip address 100.2.1.1 255.255.255.0 # ospf 200 area 0.0.0.0 network 100.2.1.0 0.0.0.255 # return

Configuration file of the CE3


# sysname CE3 # interface GigabitEthernet1/0/0 undo shutdown ip address 100.3.1.1 255.255.255.0 # ospf 100 area 0.0.0.0 network 100.3.1.0 0.0.0.255 # return

Configuration file of the CE4


# sysname CE4 # interface GigabitEthernet1/0/0 undo shutdown ip address 100.4.1.1 255.255.255.0 # ospf 200 area 0.0.0.0 network 100.4.1.0 0.0.0.255 # return

Issue 03 (2008-09-22)

Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd.

8-89

Quidway NetEngine80E/40E Core Router Configuration Guide - VPN

9 VPLS Convergence Configuration

VPLS Convergence Configuration

About This Chapter


This chapter describes the principle, application and configuration for VPLS convergence technologies. 9.1 Introduction This section describes the basic principles and concepts of VPLS convergence. 9.2 Configuring mVSIs This section describes how to configure VPLS convergence when the UPE accesses the NPE through the convergence device. 9.3 Configuring VPLS Convergence This section describes how to configure VPLS convergence when the UPE directly accesses the NPE. 9.4 Maintaining VPLS This section describes how to reset the statistics of the packets sent and received by the VRRP virtual router and how to debug VPLS. 9.5 Configuration Examples This section provides several configuration examples of VPLS convergence.

Issue 03 (2008-09-22)

Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd.

9-1

9 VPLS Convergence Configuration

Quidway NetEngine80E/40E Core Router Configuration Guide - VPN

9.1 Introduction
This section describes the basic principles and concepts of VPLS convergence. 9.1.1 Overview 9.1.2 VPLS Convergence Features Supported in theNE80E/40E

9.1.1 Overview
The Ethernet switching technology has long been applied in the Local Area Network (LAN). With increasingly expanded bandwidth, simplicity, and cost-efficiency, the Ethernet technology is widely used in the Metropolitan Area Network (MAN) and Wide Area Network (WAN). The demands of the customer and the carrier also drive the rapid development of the Metro-Ethernet (ME). The advantages of the ME are as follows:
l l l l l

Flexible bandwidth Low cost and simple technology Wide application Powerful support on multicast High scalability and security

The major solutions of the ME are L3 convergence, Virtual Private LAN Service (VPLS) convergence, and full Ethernet. This chapter mainly describes the related features and typical configurations of VPLS convergence. Generally, in the VPLS convergence solution, dual NPEs are deployed and VPLS convergence is adopted to improve reliability. Hierarchical VPLS (HVPLS) or VPLS connections are set up between different devices in the ME. The Management Virtual Router Redundancy Protocol (mVRRP) is run between core devices to determine whether a device is the master or the backup. The pseudo wires (PWs) and attachment circuit (AC) interfaces between VSIs determine the master and the backup by tracking the status of the mVRRP virtual router. When mVRRP performs the master/backup switchover, the PW and AC interfaces between VSIs also perform the master/backup switchover. Meanwhile, the VSI clears its own MAC address and learns the MAC address of the new master device again.

9.1.2 VPLS Convergence Features Supported in theNE80E/40E


mVRRP
Essentially, the mVRRP virtual router is the ordinary VRRP virtual router. The only difference between them is that the mVRRP virtual router can be bound to other service virtual routers (also regarded as the member virtual router) and can determine the status of the service virtual router according to the binding. An mVRRP virtual router can also join the VRRP management group as an ordinary member. After joining the mVRRP virtual router in a VRRP management group, you can also configure
9-2 Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd. Issue 03 (2008-09-22)

Quidway NetEngine80E/40E Core Router Configuration Guide - VPN

9 VPLS Convergence Configuration

mVRRP to track the status of the peer Bidirectional Forwarding Detection (BFD) session and the link BFD session; however, the status of the mVRRP virtual router (Backup or Master, except Initialize) then depends on the status of the VRRP management group.
NOTE

For more information about VRRP, refer to the chapter "VRRP Configuration" in the Quidway NetEngine80E/40E Router Configuration Guide - Reliability

Determining the Master and the Backup Through the mVRRP Virtual Router in Dual Homing
As shown inFigure 9-1, the underlayer provider edge (UPE) is dual-homed to the network provider edges (NPEs). VRRP is run between NPEs. The VRRP priority determines whether an NPE is the master or the backup. When the link related to the master NPE fails or the master NPE itself fails, the backup NPE can switch itself to be the master NPE. To satisfy the requirements of different services, multiple VRRP virtual routers can be run between NPEs. Each VRRP virtual router needs to maintain its own state machine; therefore, a large number of VRRP protocol packets exist between NPEs. To simplify the operation and reduce the bandwidth occupied by protocol packets, you can configure one VRRP virtual router to be an mVRRP virtual router and bind it and other service virtual routers. Then the status of the service virtual router is determined by the status of the bound mVRRP virtual router. Figure 9-1 Networking diagram of determining the master and the backup through the mVRRP virtual router in dual homing

NPE1

mVRRP UPE

NPE2
In different application scenarios, the bindings of mVRRP fall into the following types:
l

Binding of the service virtual router and the mVRRP virtual router After the service virtual router is bound with the mVRRP virtual router, the state machine of the service virtual router becomes dependent. That is, the service virtual router deletes the protocol timer, no longer sends or receives protocol packets, and implements its state machine by directly copying the status of the mVRRP virtual router. The service virtual router can be bound to only one mVRRP virtual router. The mVRRP virtual router is

Issue 03 (2008-09-22)

Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd.

9-3

9 VPLS Convergence Configuration

Quidway NetEngine80E/40E Core Router Configuration Guide - VPN

identifies by the virtual router ID (VRID) and the interface configured with the virtual router.
l

Binding of the service interface (also regarded as the member interface) and the mVRRP virtual router In Figure 9-1, if the UPE is dual-homed to the NPEs through two physical links, you can bind the service interface and the mVRRP virtual router to determine whether a service interface is the master or the backup.

When the status of the mVRRP virtual router bound with the service interface changes to Master, the mVRRP virtual router notifies the change to all the bound service interfaces. If L3 services are run on the interface, the status of the interface is set to Up and the network segment route is generated. The forwarding plane enables the bidirectional traffic forwarding according to the interface status. If L2 services are run on the interface, the status of the interface is directly set to Up, and the forwarding plane enables the bidirectional traffic forwarding.

When the status of the mVRRP virtual router bound with the service interface changes to Initialize or Backup, the mVRRP virtual router notifies the change to all the bound service interfaces. If L3 services are run on the interface, the status of the interface is set to Down and the network segment route is deleted. The forwarding plane disables the bidirectional traffic forwarding. If L2 services are run on the interface, the status of the interface is directly set to Down. The forwarding plane disables the bidirectional traffic forwarding.

Binding of the PW and the mVRRP virtual router In Figure 9-1, if Virtual Leased Line (VLL), Pseudo-Wire Emulation Edge to Edge (PWE3), or VPLS is run between the UPE and the NPEs, the UPE is dual-homed to the NPEs. You can bind the PW and the mVRRP virtual router to determine whether a PW is the master or the backup.

If the original status of the PW is Down, the PW status is still Down after the binding. After the binding, if the original status of the PW is Up, the PW status is still Up if the mVRRP virtual router is in the Master state; the PW status becomes Down if the mVRRP virtual router is in the Backup state.

The two NPEs can share the load, as shown in Figure 9-2.

9-4

Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd.

Issue 03 (2008-09-22)

Quidway NetEngine80E/40E Core Router Configuration Guide - VPN

9 VPLS Convergence Configuration

Figure 9-2 UPE dual-homed to the NPEs

I n t e rn e t

IP/MPLS core

IP network NPE2

NPE1

Metro ethernet network UPE3 UPE1 UPE4 UPE2

DSLAM2 DSLAM1

DSLAM3

Access network

Multiple mVRRP virtual routers are run between the NPEs. The services choose different NPEs as the master NPE through bindings with different mVRRP virtual routers. For example, the user of UPE1 uses NPE1 as the master NPE and uses NPE2 as the backup NPE; the customer of UPE2 uses NPE2 as the master NPE and uses NPE1 as the backup NPE.

mVPLS
The VSI of management VPLS (mVPLS) is called the mVSI. Compared with the service VSI (also regarded as the member VSI), the mVSI becomes Up on different conditions as follows:
l l

Service VSI: requires two or more Up AC interfaces, or an Up AC interface and an Up PW. mVSI: requires an Up PW.

The mVSI can be bound with the service VSI. When receiving a gratuitous ARP packet or a BFD Down packet, the mVSI notifies all the bound service VSIs to clear the MAC address entries and learn the MAC address again.
Issue 03 (2008-09-22) Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd. 9-5

9 VPLS Convergence Configuration

Quidway NetEngine80E/40E Core Router Configuration Guide - VPN

mVRRP over mVPLS


mVRRP over mVPLS indicates that mVRRP packets are exchanged by the mVSI and transmitted through the mPW. As shown in Figure 9-3, mVPLS is run between the UPE and the NPEs; the mVSI is configured on the UPE and the NPEs; mVRRP is run between NPEs. mVRRP packets are transmitted through the mPW between the UPE and the NPEs and forwarded by the mVSI. Other service packets are transmitted through the service PW (also regarded as the member PW) and exchanged by the service VSI between the UPE and the NPEs. Figure 9-3 Binding of the mVSI and the service VSI

VSI1 VSI2 NPE1 mVSI VSI1 VSI2 UPE VSI1 VSI2 NPE2 PW for mVSI PW for normal VSI
mVRRP packets and other service packets are transmitted through different PWs, so they are separated from each other. To enable the fast switchover of mVRRP virtual router between the NPEs, you need to configure peer BFD between NPEs. The peer BFD packets are also transmitted through the mPW and exchanged by the mVSI. The mVSI and the service VSI are bound on the UPE. When the VRRP virtual router on the NPE performs master/backup switchover, the following occurs: 1. 2. The mVSI on the UPE receives the gratuitous ARP packet sent from the NPE through the mPW between the UPE and the NPEs. The mVSI checks whether the received gratuitous ARP packet is the same as the previously received one. That is, the mVSI checks whether the two packets are received through the same PW and whether their IP addresses, incoming labels, incoming interfaces, and MAC addresses are the same.
l l

If they are the same, it indicates that the mVRRP virtual router between NPEs does not perform the master/backup switchover. If they are the different, it indicates that the mVRRP virtual router between NPEs has performed the master/backup switchover.

3. 4.

The UPE clears the MAC addresses of all the bound service VSIs according to the binding of the mVSI and the service VSI. When the service VSI receives the packet destined for the new NPE after the MAC address of the original master NPE is cleared, the service VSI broadcasts the packet because the
Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd. Issue 03 (2008-09-22)

9-6

Quidway NetEngine80E/40E Core Router Configuration Guide - VPN

9 VPLS Convergence Configuration

packet is encapsulated in the unknown frame. After learning the MAC address of the new master NPE, the service VSI sends the packet to the new master NPE. In addition, different from the service VSI, the mVSI is used to transmit and intercept the ARP and BFD packets; therefore, users are not allowed to shut down the mVSI.

Influencing the State Machine of the VRRP Virtual Router Through Link BFD and Peer BFD
As shown in Figure 9-4, VRRP is run between the NPEs. BFD running between the NPEs is called peer BFD; BFD running between the UPE and the NPEs is called link BFD. Peer BFD is used to detect the fault on the device and the link between NPEs; link BFD is used to detect the device and link between the UPE and the NPEs. Figure 9-4 Peer BFD and Link BFD

NPE1

Lin

kB

FD

Peer BFD UPE


Link BFD

NPE2
The statuses of the peer BFD session and the link BFD session directly affect the status of the VRRP virtual router; the status of the ordinary BFD for VRRP session indirectly affects the status of the VRRP virtual router by modifying the priority. The modification on the priority, however, does not necessarily change the status of the VRRP virtual router. mVRRP can implement the master/backup switchover more rapidly and locate the fault by tracking the peer BFD status and the link BFD status.

VE Interfaces
In the traditional networking environment shown in Figure 9-5, a PE-AGG and an NPE are generally deployed at the cross-connection point between the access network and the bearer network so that the Layer 2 Virtual Private Network (L2VPN) can access the public network or the L3VPN. The PE-AGG implements the termination and access of the PW of the L2VPN (VLL and VPLS); the NPE implements the termination and access of the L3 service. They act as customer edges (CEs) to each other.

Issue 03 (2008-09-22)

Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd.

9-7

9 VPLS Convergence Configuration

Quidway NetEngine80E/40E Core Router Configuration Guide - VPN

Figure 9-5 Networking diagram of the access of the traditional L2VPN to the L3VPN

Access network

Bearer network

UPE1
L2VPN L3VPN

PE2

PE-AGG CE1

NPE1 CE2

If an NPE can implement the functions of a PE-AGG and an NPE at the same time, the networking cost is saved and the network complexity is simplified, as shown in Figure 9-6. Figure 9-6 Networking diagram of the access of the L2VPN supported by the VE interface to the L3VPN

Access network

L2VE L3VE

Bearer network

PE2

L3VPN
VP L2 N

NPE1

UPE1

CE1

CE2

In the configuration of VPLS convergence, NPE1 implements the L2VPN termination and L3VPN access functions by using the VE interface; thus NPE1 can implement the functions of both the NPE and the PE-AGG in the traditional networking.

9.2 Configuring mVSIs


This section describes how to configure VPLS convergence when the UPE accesses the NPE through the convergence device. 9.2.1 Establishing the Configuration Task 9.2.2 Creating an mVSI 9.2.3 Binding a Service VSI to the mVSI 9.2.4 Checking the Configuration
9-8 Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd. Issue 03 (2008-09-22)

Quidway NetEngine80E/40E Core Router Configuration Guide - VPN

9 VPLS Convergence Configuration

9.2.1 Establishing the Configuration Task


Applicable Environment
As shown in Figure 9-7, the UPE is directly dual-homed to the NPEs. The mVRRP virtual router is run between NPEs. The mVRRP priority can be configured to determine whether an NPE is the master or the backup. You need to create mVSIs on the UPE and set up mPWs between the UPE and NPEs. In this manner, the mVRRP packets are transmitted and forwarded through the mVSIs. Between the UPE and the NPEs, you can create the service VSIs to forward services and establish the service PWs to transmit the user packets from the access network. You also need to bind an mVSI to service VSIs. When receiving a gratuitous ARP packet or a BFD Down packet, the mVSI notifies all bound service VSIs to clear the MAC address entries and learn the MAC addresses again. Figure 9-7 Networking diagram of configuring mVSIs
m VRRP VRRP m VRRP VRRP

NPE1

NPE2

VSI mVSI UPE Access network

PW for m VSI PW for VSI Packet of m VRRP Packet of VRRP

Pre-configuration Tasks
Before configuring basic functions of mVSIs, complete the following tasks:
l l l l l

Configuring the LSR IDs on the UPE and the NPEs and enabling MPLS Enabling MPLS L2VPN on the UPE and the NPEs Establishing MPLS LDP sessions between the UPE and the NPEs Correctly configuring the service VRRP virtual router on the NPEs Correctly configuring the service VSI on the UPE
Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd. 9-9

Issue 03 (2008-09-22)

9 VPLS Convergence Configuration

Quidway NetEngine80E/40E Core Router Configuration Guide - VPN

Data Preparation
To configure basic functions of mVSIs, you need the following data. No. 1 2 Data Names and IDs of the mVSI and the service VSI Interface bound with the VSI

9.2.2 Creating an mVSI


Context
Do as follows on the UPE.

Procedure
Step 1 Run:
system-view

The system view is displayed. Step 2 Run:


vsi vsi-name static

A VSI is created and the static member discovery mechanism is adopted. Step 3 Run:
pwsignal ldp

An LDP is configured as the PW signaling protocol and the VSI LDP view is displayed. Step 4 Run:
vsi-id vsi-id

The VSI ID is configured. Step 5 Run:


peer peer-address [ negotiation-vc-id vc-id ] [ tnl-policy policy-name ] upe

The VSI peer between the UPE and the NPE is configured. The MPLS LSR ID of the NPE is specified as the peer address. Step 6 Run:
quit

Return to the VSI view. Step 7 Run:


admin-vsi

The current VSI is set as the mVSI. ----End


9-10 Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd. Issue 03 (2008-09-22)

Quidway NetEngine80E/40E Core Router Configuration Guide - VPN

9 VPLS Convergence Configuration

9.2.3 Binding a Service VSI to the mVSI


Context
Do as follows on the UPE.

Procedure
Step 1 Run:
system-view

The system view is displayed. Step 2 Run:


vsi vsi-name

The view of the created service VSI is displayed. Step 3 Run:


track admin-vsi vsi-name

The service VSI is bound to the mVSI. The mVSI can be bound to the service VSI. When receiving a gratuitous ARP packet or a BFD Down packet, the mVSI notifies all bound service VSIs to clear the MAC address entries and learn the MAC addresses again.
NOTE

The control plane notifies the forwarding plane to clear the MAC address of the service VSI according to whether the number of service VSIs bound to the mVSI reaches the threshold. The threshold value is determined by the PAF file and the License file. If the number does not reach the threshold, the control plane delivers notification messages to the forwarding plane to clear the MAC address of the service VSI bound with the mVSI and records the log. If the number reaches the threshold, the control plane delivers notification messages to the forwarding plane to clear the MAC addresses of all the service VSIs and records the log.

Step 4 (Optional) Run:


isolate spoken

You can enable forwarding isolation between AC interfaces, between UPE PWs, and between ACs and UPE PWs on the VSI. By default, forwarding between AC interfaces, between UPE PWs, and between ACs and UPE PWs is not isolated.. ----End

9.2.4 Checking the Configuration


Run the following command to check the preceding configuration.
Issue 03 (2008-09-22) Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd. 9-11

9 VPLS Convergence Configuration

Quidway NetEngine80E/40E Core Router Configuration Guide - VPN

Action Check the binding of the mVSI and the service VSI.

Command display admin-vsi binding [ admin-vsi vsi-name ]

Run the display admin-vsi binding command. If the mVRRP virtual router and the service VSI are bound successfully, you can view the bindings of the mVRRP virtual router and all the service VSIs.
<Quidway> display admin-vsi binding Admin-vsi Service-vsi -------------------------------------------admin-vsi1 biz-vsi1 biz-vsi2

9.3 Configuring VPLS Convergence


This section describes how to configure VPLS convergence when the UPE directly accesses the NPE. 9.3.1 Establishing the Configuration Task 9.3.2 Configuring the VE Group 9.3.3 Configuring the mVRRP Virtual Router 9.3.4 Configuring the mVRRP Virtual Router over the mVSI 9.3.5 Configuring the mVRRP Binding 9.3.6 Configuring the mVSI Binding 9.3.7 Checking the Configuration

9.3.1 Establishing the Configuration Task


Applicable Environment
As shown in Figure 9-8, the UPE is directly dual-homed to the NPEs. The mVRRP virtual router is run between NPEs. The mVRRP priority can be configured to determine whether an NPE is the master or the backup. The mVRRP packets are transmitted and forwarded through the mPW and the mVSI between the UPE and the NPEs. Between the UPE and the NPEs, the service VSI can be created to forward and the service PW can be established to transmit the user packets from the access network. VPLS convergence is deployed on the UPE and the NPEs. After mVRRP and the mVSI are correctly configured, the user packets can correctly reach the master NPE. When the master NPE or the link between the UPE and the master NPE fails, the backup NPE can switch itself to be the master NPE and the user packets can be sent to the new master NPE.

9-12

Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd.

Issue 03 (2008-09-22)

Quidway NetEngine80E/40E Core Router Configuration Guide - VPN

9 VPLS Convergence Configuration

Figure 9-8 Networking diagram of configuring VPLS convergence (UPE directly accesses the NPE)

mVRRP VRRP

mVRRP VRRP

NPE1

NPE2

VSI mVSI

UPE Access network

PW for mVSI PW for VSI Packet of mVRRP Packet of VRRP

Pre-configuration Tasks
Before configuring basic functions of VPLS convergence (UPE directly accesses the NPEs), complete the following tasks:
l l l l l

Configuring the LSR IDs on the UPE and the NPEs and enabling MPLS Enabling MPLS L2VPN on the UPE and the NPEs Establishing MPLS LDP sessions between the UPE and the NPEs Correctly configuring the service VRRP virtual router on the NPEs Correctly configuring the service VSI on the UPE

Data Preparation
To configure basic functions of VPLS convergence (UPE directly accesses the NPEs), you need the following data. No. 1 2 3 4 Data Names and IDs of the mVSI and the service VSI VRID and virtual IP address of the virtual device IP address of the peer and the tunnel policy used by the PW Interface bound with the VSI

Issue 03 (2008-09-22)

Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd.

9-13

9 VPLS Convergence Configuration

Quidway NetEngine80E/40E Core Router Configuration Guide - VPN

9.3.2 Configuring the VE Group


Context
Do as follows on the NPE:

Procedure
l Create an L2VE interface. 1. Run:
system-view

The system view is displayed. 2. Run:


interface virtual-ethernet interface-number

The VE1 interface is created and the VE1 interface view is displayed. 3. Run:
ve-group ve-group-id l2-terminate

The VE1 interface is configured as an L2 VE interface and is bound with the corresponding VE group. l Create an L3VE interface. 1. Run:
system-view

The system view is displayed. 2. Run:


interface virtual-ethernet interface-number

The VE2 interface is created and the VE2 interface view displayed. 3. Run:
ve-group ve-group-id l3-access

The VE2 interface is configured as an L3 VE interface and is bound with the corresponding VE group.
NOTE

You must bind the L3VE interface and the L2VE interface to the same VE group.

----End

Postrequisite
The L2VE interface is used to configure the mPW between the NPEs and the UPE; the L3VE interface is used to configure the mVRRP virtual router between the NPEs.

9.3.3 Configuring the mVRRP Virtual Router


Context
Do as follows on the NPE:
9-14 Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd. Issue 03 (2008-09-22)

Quidway NetEngine80E/40E Core Router Configuration Guide - VPN

9 VPLS Convergence Configuration

Procedure
Step 1 Run:
system-view

The system view is displayed. Step 2 Run:


interface virtual-ethernet interface-number

The L3VE interface view is displayed. Step 3 Run:


vrrp vrid virtual-router-id virtual-ip virtual-address

A virtual router is created and configured with a virtual IP address. Step 4 Run:
vrrp vrid virtual-router-id priority priority-value

The priority of the router in the virtual router is configured. Step 5 Run:
admin-vrrp vrid virtual-router-id

The VRRP virtual router is configured as the mVRRP virtual router. ----End

Postrequisite
The mVRRP virtual router can also be configured in the L3VE sub-interface view; however, for the NE40E, currently, only VRRP in the mode of sub-interface for QinQ VLAN tag termination is supported. For the detailed configuration, refer to the chapter "QinQ Configuration" in the Quidway NetEngine80E/40E Router Configuration Guide - LAN Access and MAN Access.

9.3.4 Configuring the mVRRP Virtual Router over the mVSI


Context
To forward the mVRRP packets on the NPEs through the mVSI on the UPE, do as follows:

Procedure
l Configure HVPLS and the mVSI. Do as follows on the UPE: 1. Run:
system-view

The system view is displayed. 2. Run:


vsi vsi-name static

The VSI is created and the static member discovery mechanism is adopted. 3.
Issue 03 (2008-09-22)

Run:
Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd. 9-15

9 VPLS Convergence Configuration


pwsignal ldp

Quidway NetEngine80E/40E Core Router Configuration Guide - VPN

LDP is configured as the PW signaling protocol and the VSI LDP view is displayed. 4. Run:
vsi-id vsi-id

The VSI ID is configured. 5. Run:


peer peer-address [ negotiation-vc-id vc-id ] [ tnl-policy policy-name ] upe

The VSI peer between the UPE and the PE-AGG is configured. The MPLS LSR ID of the PE-AGG is specified as the peer address. 6. Run:
quit

Return to the VSI view. 7. Run:


admin-vsi

The current VSI is set as the mVSI. l Configure the mPW between the NPEs and the UPE. Do as follows on the NPE: 1. Run:
system-view

The system view is displayed. 2. Run:


interface virtual-ethernet interface-number

The L2VE interface view is displayed. 3. Run:


mpls l2vc dest-ip-addr vc-id [ tunnel-policy policy-name ]

The VLL connection between the NPEs and the UPE is established. The specified VID must be consistent with the ID of the mVSI configured in Step 1 so that the VLL can access the mVSI on the UPE. The VLL connection between the NPEs and the UPE is established. The specified VID must be consistent with the ID of the mVSI configured in Step 1 so that the VLL can access the mVSI on the UPE. ----End

9.3.5 Configuring the mVRRP Binding


Procedure
l Binding the Service VRRP Virtual Router and the mVRRP Virtual Router If the service VRRP virtual router is run between NPEs besides the mVRRP virtual router, do as follows on the NPE:
9-16 Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd. Issue 03 (2008-09-22)

Quidway NetEngine80E/40E Core Router Configuration Guide - VPN

9 VPLS Convergence Configuration

1.

Run:
system-view

The system view is displayed. 2. Run:


interface interface-type interface-number [ .subinterface-number ]

The view of the interface that runs service VRRP is displayed. 3. Run:
vrrp vrid virtual-router-id1 track admin-vrrp interface interface-type interface-number [.subinterface-number ] vrid virtual-router-id2

The service VRRP virtual router and the mVRRP virtual router are bound. After the binding, the service VRRP state machine becomes dependent. The service VRRP virtual router deletes the protocol timer, no longer sends or receives protocol packets, and implements its own state machine by directly copying the status of the mVRRP virtual router. The service VRRP virtual router can be bound to only one mVRRP virtual router. l Binding the Service Interface and the mVRRP Virtual Router If the user packets of the UPE are transmitted to the NPE through the physical link, do as follows on the NPE: 1. Run:
system-view

The system view is displayed. 2. Run:


interface interface-type interface-number [ .subinterface-number ]

The service interface view is displayed. 3. Run:


track admin-vrrp interface interface-type interface-number vrid virtualrouter-id

The service interface is bound with the mVRRP virtual router. After the binding, the status of the service interface becomes dependent. The status of the service interface depends on the status of the mVRRP virtual router. l Binding the mVRRP Virtual Router and the VLL PW If the user packets of the UPE are transmitted to the NPE through the VLL PW, do as follows on the NPE: 1. Run:
system-view

The system view is displayed. 2. Run:


interface interface-type interface-number .subinterface-number

The view of the AC interface of the VLL is displayed. 3. Run:


mpls l2vc dest-ip-addr vc-id [ [ control-word | no-control-word ] | [ raw | tagged ] | tunnel-policy policy-name ] *

Issue 03 (2008-09-22)

Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd.

9-17

9 VPLS Convergence Configuration

Quidway NetEngine80E/40E Core Router Configuration Guide - VPN

The VLL connection between the NPEs and the UPE is established. 4. Run:
mpls l2vc track admin-vrrp interface interface-type interface-number vrid virtual-router-id

Or
mpls switch-l2vc ip-address vc-id encapsulation { ethernet | ipinterworking | ip-layer2 | vlan } track admin-vrrp interface interfacetype interface-number vrid virtual-router-id

The mVRRP virtual router is bound with the VLL PW. After the binding, the status of the service PW depends on the status of the mVRRP virtual router. l Binding the mVRRP Virtual Router and the VPLS PW If the user packets of the UPE are transmitted to the service VSI on the NPE through the VPLS PW, do as follows on the NPE: 1. Run:
system-view

The system view is displayed. 2. Run:


vsi vsi-name static

The VSI is created and the static member discovery mechanism is adopted. 3. Run:
pwsignal ldp

LDP is configured as the PW signaling protocol and the VSI LDP view is displayed. 4. Run:
vsi-id vsi-id

The VSI ID is configured. 5. Run:


peer peer-address [ negotiation-vc-id vc-id ] [ tnl-policy policy-name ] upe

The service VSI peer between the NPE and the UPE is configured. The MPLS LSR ID of the UPE is specified as the peer address. 6. Run:
peer peer-address [ negotiation-vc-id vc-id ] track admin-vrrp interface interface-type interface-number vrid virtual-router-id

The mVRRP virtual router is bound with the VPLS PW. ----End

9.3.6 Configuring the mVSI Binding


Context
Do as follows on the UPE:
9-18 Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd. Issue 03 (2008-09-22)

Quidway NetEngine80E/40E Core Router Configuration Guide - VPN

9 VPLS Convergence Configuration

Procedure
Step 1 Run:
system-view

The system view is displayed. Step 2 Run:


vsi vsi-name

The view of the created service VSI is displayed. Step 3 Run:


track admin-vsi vsi-name

The service VSI is bound with the mVSI. The mVSI can be bound with the service VSI. When receiving the gratuitous ARP packet or BFD Down packet, the mVSI notifies all bound service VSIs to clear the MAC address entries and learn the MAC address again.
NOTE

If the number does not reach the threshold, the control plane delivers notification messages to the forwarding plane to clear the MAC address of the service VSI bound with the mVSI and records the log. If the number reaches the threshold, the control plane delivers notification messages to the forwarding plane to clear the MAC addresses of all the service VSIs and records the log.

Step 4 (Optional) Run:


isolate spoken

Forwarding isolation between the AC interfaces of the service VSI is enabled. By default, forwarding isolation between the AC interfaces of the service VSI is not enabled. ----End

9.3.7 Checking the Configuration


Run the following commands to check the preceding configuration. Action Check information about all the mVRRP bindings. Check the binding of the mVRRP virtual router and the service VRRP virtual router. Check the binding of the mVRRP virtual router and the service PW.
Issue 03 (2008-09-22)

Command display vrrp binding admin-vrrp [ interface interfacetype1 interface-number1 ] [vrid virtual-router-id ] display vrrp binding admin-vrrp [ interface interfacetype1 interface-number1 ] [vrid virtual-router-id ] member-vrrp [ interface interface-type2 interfacenumber2 ] [ vrid virtual-router-id ] display vrrp binding admin-vrrp [ interface interfacetype1 interface-number1 ] [ vrid virtual-router-id ] member-pw
9-19

Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd.

9 VPLS Convergence Configuration

Quidway NetEngine80E/40E Core Router Configuration Guide - VPN

Action Check the binding of the mVRRP virtual router and the service PW of the VLL. Check the binding of the mVRRP virtual router and the VPLS service PW. Check the binding of the mVRRP virtual router and the service PW in the PW switching. Check the binding of the mVRRP virtual router and the service interface. Check the binding of the mVSI and the service VSI.

Command display vrrp binding admin-vrrp [ interface interfacetype1 interface-number1 ] [ vrid virtual-router-id ] member-pw vc interface interface-type2 interfacenumber2 display vrrp binding admin-vrrp [ interface interfacetype1 interface-number1 ] [ vrid virtual-router-id ] member-pw vsi vsi-name peer ip-address [ negotiationvc-id vc-id1 ] display vrrp binding admin-vrrp [ interface interfacetype1 interface-number1 ] [ vrid virtual-router-id ] member-pw switch-vc peer ip-address vc-id2 display vrrp binding admin-vrrp [ interface interfacetype interface-number ] [ vrid virtual-router-id ] memberinterface [ interface interface-type interface-number ] display admin-vsi binding [ admin-vsi vsi-name ]

Run the display vrrp binding admin-vrrp member-vrrp command. If the mVRRP virtual router and the service VRRP virtual router are bound successfully, you can view the bindings of the mVRRP virtual router and all the service VRRP virtual routers.
<Quidway> display vrrp binding admin-vrrp member-vrrp Interface: GigabitEthernet1/0/0.1, admin-vrrp vrid: 1, Member-vrrp number: 2 Interface: GigabitEthernet1/0/0.3, vrid: 3, state: Interface: GigabitEthernet1/0/0.4, vrid: 4, state: Interface: GigabitEthernet1/0/0.2, admin-vrrp vrid: 2, Member-vrrp number: 1 Interface: GigabitEthernet1/0/0.5, vrid: 5, state: state: Master Master Master state: Master Master

Run the display vrrp binding admin-vrrp member-pw command. If the mVRRP virtual router and the service PW are bound successfully, you can view the bindings of the mVRRP virtual router and all the service PWs.
<Quidway> display vrrp binding admin-vrrp member-pw Interface: GigabitEthernet1/0/0.1, admin-vrrp vrid: 1, state: Master VSI PW number: 1 VSI name: v1, peer router ID: 4.4.4.4, vcid: 900, state: Up VC number: 1 Interface name: GigabitEthernet1/0/0.6, type: VLAN, state: Up Switch VC number: 1 peer router ID: 1.1.1.1, vcid: 500, type: VLAN, state: Up

Run the display vrrp binding admin-vrrp member-interface command. If the mVRRP virtual router and the service interface are bound successfully, you can view the bindings of the mVRRP virtual router and all the service interfaces.
<Quidway> display vrrp binding admin-vrrp member-interface Interface: GigabitEthernet1/0/0.1, admin-vrrp vrid: 1, state: Master Member-interface number: 1 Interface: GigabitEthernet1/0/0.8, state: Up

9-20

Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd.

Issue 03 (2008-09-22)

Quidway NetEngine80E/40E Core Router Configuration Guide - VPN

9 VPLS Convergence Configuration

Run the display admin-vsi binding command. If the mVRRP virtual router and the service VSI are bound successfully, you can view the bindings of the mVRRP virtual router and all the service VSIs.
<Quidway> display admin-vsi binding Admin-vsi Service-vsi -------------------------------------------admin-vsi1 biz-vsi1 biz-vsi2

9.4 Maintaining VPLS


This section describes how to reset the statistics of the packets sent and received by the VRRP virtual router and how to debug VPLS. 9.4.1 Clearing the Statistics of the Packets Sent and Received by the VRRP Virtual Router 9.4.2 Debugging VPLS

9.4.1 Clearing the Statistics of the Packets Sent and Received by the VRRP Virtual Router

CAUTION
The statistics of the packets sent and received by the VRRP virtual router cannot be restored after you clear it. So, confirm the action before you use the command. To view the statistics of the packets sent and received by the VRRP virtual device from a certain moment, you can run the following command in the user view to clear the statistics. Action Clear the statistics of the packets sent and received by the VRRP virtual router. Command reset vrrp [ interface interface-name ] [ vrid virtual-routerid ] statistics

9.4.2 Debugging VPLS

CAUTION
Debugging affects the performance of the system. So, after debugging, run the undo debugging all command to disable it immediately. When a fault occurs in VPLS forwarding through software, run the following debugging command in the user view to locate the fault.
Issue 03 (2008-09-22) Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd. 9-21

9 VPLS Convergence Configuration

Quidway NetEngine80E/40E Core Router Configuration Guide - VPN

For the procedure for displaying the debugging information, refer to Chapter 4 "Maintenance and Debugging" in the Quidway NetEngine80E/40E Router Configuration Guide - System Management. For the description of the debugging commands, refer to the Quidway NetEngine80E/40E Router Debugging Reference. Action Enable the debugging on VPLS forwarding through software. Command debugging mpls l2vpn vpls-forward { errormessage | mac-event | vpls-event }

9.5 Configuration Examples


This section provides several configuration examples of VPLS convergence. 9.5.1 Example for Configuring VPLS Convergence (UPE Directly Accesses the NPE Though the VE Interface) 9.5.2 Example for Configuring VPLS Convergence (UPE Directly Accesses the NPE Without Using the VE Interface)

9.5.1 Example for Configuring VPLS Convergence (UPE Directly Accesses the NPE Though the VE Interface)
Networking Requirements
Figure 9-9 shows a typical networking diagram of VPLS convergence (UPE uses the VE interface to access the NPE) in the ME.
l

The two NPEs are the core devices in the ME. They access the upstream IP/MPLS core network and the downstream UPE. The NPE uses the L2VE interface to terminate the PW between the NPE and UPE. An mVRRP virtual router is run between the NPEs for determining whether an NPE is the master or the backup. An mVSI is run on the UPE. mVRRP packets are exchanged between the NPEs through the mVSI on the UPE. The user packets reach the service VSI on the UPE, and are sent to both the PE-AGGs by this service VSI. The service VRRP virtual router, the service PW, and the service interface on the NPE are bound with the mVRRP virtual router on the NPE. Their status depends on the status of the mVRRP virtual router. In this case, only the service VRRP virtual router, the service PW, and the service interface on the master NPE process the user packets. The service VSI and the mVSI on the UPE are bound. When the master NPE fails, the MAC addresses of all the service VSIs that are bound with the mVSI on the UPE are cleared. The service VSIs learn the MAC address of the master NPE again without interrupting the user service. With this networking, VPLS can provide the bearer service with the switchover within milliseconds. When the device or link between the master NPE and the UPE fails, the backup NPE takes shorter than 200 ms to switch itself to be the master NPE.
Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd. Issue 03 (2008-09-22)

9-22

Quidway NetEngine80E/40E Core Router Configuration Guide - VPN

9 VPLS Convergence Configuration

Figure 9-9 Networking diagram of configuring VPLS convergence (UPE directly accesses the NPE though the VE interface)

mVRRP VRID1 Virtual IP:192.168.1.254 NPE1


GE1/0/1 10.1.1.2/24

NPE2
GE1/0/1 10.1.2.2/24

VSI

GE1/0/1 10.1.1.1/24

mVSI

GE1/0/2 10.1.2.1/24

GE1/0/0

UPE
GE1/0/2

Switch
GE1/0/1 VLAN101

PC1 192.168.2.3/24 Gateway:192.168.2.254 PW for mVRRP PW for normal VRRP


Device Nam UPE UPE UPE UPE NPE1 Interface Name Loopback1 GE1/0/0 GE1/0/1 GE1/0/2 Loopback1 IP Address 1.1.1.1/32 10.1.1.1/24 10.1.2.1/24 2.2.2.2/32 Device Nam NPE1 NPE1 NPE2 NPE2 NPE2 Interface Name GE1/0/0 GE1/0/1 Loopback1 GE1/0/0 GE1/0/1. IP Address 10.1.1.2/24 3.3.3.3/32 10.1.2.2/24

Configuration Roadmap
The configuration roadmap is as follows: 1. Configure the route, which involves the following:
l l

Configure the IP address for each interface on the UPE and NPEs. Configure IGP for the UPE and the NPEs. Configure basic MPLS functions of the UPE and the NPEs. Configure MPLS LDP for the UPE and the NPEs.
Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd. 9-23

2.

Configure MPLS, which involves the following:


l l

Issue 03 (2008-09-22)

9 VPLS Convergence Configuration


l

Quidway NetEngine80E/40E Core Router Configuration Guide - VPN

Configure MPLS TE for the UPE and the NPEs. Configure the mPW between the NPEs and the UPE. mPW: transmits the mVRRP protocol packets between NPEs, the peer BFD packets between NPEs, and the link BFD packets between the NPE and the UPE.

3.

Configure VPLS, which involves the following:


l

Configure the mVSI and the service VSI on the UPE.

mVSI: exchanges the mVRRP protocol packets between NPEs and the peer BFD packets between NPEs. Service VSI: exchanges the user packets between NPEs and between the NPE and the user network.

Bind the service VSI and the mVSI on the UPE. When the master/backup switchover occurs on the NPEs, the mVSI on the UPE receives a gratuitous ARP packet. The UPE clears the MAC addresses of all the bound service VSIs according to the binding of the mVSI and the service VSI.

Configure the AC isolation function of the service VSI on the UPE. Configure the mVRRP virtual router and the service VRRP virtual router between NPEs.

4.

Configure VRRP, which involves the following:


l

mVRRP virtual router: This virtual router determines whether an NPE is the master or the backup through priority. When the link of the master NPE or the NPE itself fails, the backup NPE can switch itself to be the master NPE according the VRRP mechanism. Service interface: The address of the service interface is used as the gateway address of the PC.

Bind the service interface and the mVRRP virtual router. If the VRRP virtual router and the mVRRP virtual router are bound on the NPE, the status of the service interface depends on the status of the mVRRP virtual router.

5.

Configure BFD to implement VRRP fast switchover, which involves the following:
l l

Configure peer BFD between NPEs and link BFD between the NPE and the UPE. Configure mVRRP to track the status of the peer BFD session and the link BFD session. The mVRRP virtual router locates the fault by tracking the status of the peer BFD session and the link BFD session to implement VRRP fast switchover.

Data Preparation
To complete the configuration, you need the following data:
l l l l

Interface number, interface IP address, and IS-IS process number LSR ID, tunnel number, tunnel ID, and name of the LDP remote peer VSI name, VC ID, and tunnel policy BFD session name, local/remote discriminator, and number and priority of the VRRP virtual router

Configuration Procedure
1.
9-24

Configure the route.


Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd. Issue 03 (2008-09-22)

Quidway NetEngine80E/40E Core Router Configuration Guide - VPN

9 VPLS Convergence Configuration

(1) Configure the IP address for the interface on the device. # Configure the UPE.
<Quidway> system-view [Quidway] sysname UPE [UPE] interface loopback1 [UPE-LoopBack1] ip address 1.1.1.1 32 [UPE-LoopBack1] quit [UPE] interface gigabitethernet1/0/1 [UPE-GigabitEthernet1/0/1] ip address 10.1.1.1 24 [UPE-GigabitEthernet1/0/1] quit [UPE] interface gigabitethernet1/0/2 [UPE-GigabitEthernet1/0/2] ip address 10.1.2.1 24 [UPE-GigabitEthernet1/0/2] quit

# Configure NPE1.
<Quidway> system-view [Quidway] sysname NPE1 [NPE1] interface loopback1 [NPE1-LoopBack1] ip address 2.2.2.2 32 [NPE1-LoopBack1] quit [NPE1] interface gigabitethernet1/0/1 [NPE1-GigabitEthernet1/0/1] ip address 10.1.1.2 24 [NPE1-GigabitEthernet1/0/1] quit

# Configure NPE2.
<Quidway> system-view [Quidway] sysname NPE2 [NPE2] interface loopback1 [NPE2-LoopBack1] ip address 3.3.3.3 32 [NPE2-LoopBack1] quit [NPE2] interface gigabitethernet1/0/1 [NPE2-GigabitEthernet1/0/1] ip address 10.1.2.2 24 [NPE2-GigabitEthernet1/0/1] quit

(2) Configure IGP functions for the UPE and the NPEs. In this example, Level-2 IS-IS is adopted as the IGP protocol. When IS-IS is configured, the 32-bit addresses of the loopback interfaces on the UPE and the NPEs need to be advertised. The addresses are used as the LSR IDs of the UPE and the NPEs. # Configure the UPE.
<UPE> system-view [UPE] isis 1 [UPE-isis-1] is-level level-2 [UPE-isis-1] network-entity 49.0040.0010.0100.1001.00 [UPE-isis-1] quit [UPE] interface loopback 1 [UPE-LoopBack1] isis enable 1 [UPE-LoopBack1] quit [UPE] interface gigabitethernet 1/0/1 [UPE-GigabitEthernet1/0/1] isis enable 1 [UPE-GigabitEthernet1/0/1] quit [UPE] interface gigabitethernet 1/0/2 [UPE-GigabitEthernet1/0/2] isis enable 1 [UPE-GigabitEthernet1/0/2] quit

# Configure NPE1.
<NPE1> system-view [NPE1] isis 1 [NPE1-isis-1] is-level level-2 [NPE1-isis-1] network-entity 49.0040.0020.0200.2002.00 [NPE1-isis-1] quit [NPE1] interface loopback 1 [NPE1-LoopBack1] isis enable 1 [NPE1-LoopBack1] quit [NPE1] interface gigabitethernet 1/0/1 [NPE1-GigabitEthernet1/0/1] isis enable 1 [NPE1-GigabitEthernet1/0/1] quit

Issue 03 (2008-09-22)

Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd.

9-25

9 VPLS Convergence Configuration

Quidway NetEngine80E/40E Core Router Configuration Guide - VPN

# Configure NPE2.
<NPE2> system-view [NPE2] isis 1 [NPE2-isis-1] is-level level-2 [NPE2-isis-1] network-entity 49.0040.0030.0300.3003.00 [NPE2-isis-1] quit [NPE2] interface loopback 1 [NPE2-LoopBack1] isis enable 1 [NPE2-LoopBack1] quit [NPE2] interface gigabitethernet 1/0/1 [NPE2-GigabitEthernet1/0/1] isis enable 1 [NPE2-GigabitEthernet1/0/1] quit

After the configuration, running the display ip routing-table command, you can view that UPE and NPEs learn the loopback1 route from each other. Take UPE as an example:
[UPE] display ip routing-table Route Flags: R - relied, D - download to fib ----------------------------------------------------------------------------Routing Tables: Public Destinations : 9 Routes : 9 Destination/Mask Proto Pre Cost Flags NextHop Interface 1.1.1.1/32 Direct 0 0 D 127.0.0.1 InLoopBack0 2.2.2.2/32 ISIS 15 10 D 10.1.1.2 GigabitEthernet1/0/1 3.3.3.3/32 ISIS 15 10 D 10.1.2.2 GigabitEthernet1/0/2 10.1.1.0/24 Direct 0 0 D 10.1.1.1 Ethernet1/0/1 10.1.1.1/32 Direct 0 0 D 127.0.0.1 InLoopBack0 10.1.2.0/24 Direct 0 0 D 10.1.2.1 GigabitEthernet1/0/2 10.1.2.1/32 Direct 0 0 D 127.0.0.1 InLoopBack0 127.0.0.0/8 Direct 0 0 D 127.0.0.1 InLoopBack0 127.0.0.1/32 Direct 0 0 D 127.0.0.1 InLoopBack0

IS-IS adjacency is established between the UPE and the NPEs. Run the display isis peer command, and you can view the peer status. Take UPE as an example:
[UPE] display isis peer System Id PRI 0020.0200.2002 GE1/0/1 64 0030.0300.3003 GE1/0/2 64 Total Peer(s): 2 Peer information for ISIS(1) ---------------------------Interface Circuit Id State HoldTime Type 0010.0100.1001.01 Up 0010.0100.1001.02 Up 26s 23s L2 L2

2.

Configure MPLS.
NOTE

In this example, the MPLS TE tunnel is used between the UPE and the NPEs. In addition, you can configure TE FRR between the UPE and the NPEs to protect the link through the TE protection group. The TE protection group includes the working and protection TE tunnels. To protect the link by specifying different paths for the two TE tunnels, you can set up the TE tunnel through the explicit path.

(1) Enable MPLS, MPLS TE, MPLS RSVP-TE, and MPLS CSPF. Enable MPLS, MPLS TE, and MPLS RSVP-TE in the system view and the interface view of each node along the tunnel, and enable MPLS CSPF in the system view of the ingress of the tunnel. Specify the address of loopback1 interface as the LSR ID. # Configure the UPE.
9-26 Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd. Issue 03 (2008-09-22)

Quidway NetEngine80E/40E Core Router Configuration Guide - VPN


[UPE] mpls lsr-id 1.1.1.1 [UPE] mpls [UPE-mpls] mpls te [UPE-mpls] mpls rsvp-te [UPE-mpls] mpls te cspf [UPE-mpls] quit [UPE] interface gigabitethernet [UPE-GigabitEthernet1/0/1] mpls [UPE-GigabitEthernet1/0/1] mpls [UPE-GigabitEthernet1/0/1] mpls [UPE-GigabitEthernet1/0/1] quit [UPE] interface gigabitethernet [UPE-GigabitEthernet1/0/2] mpls [UPE-GigabitEthernet1/0/2] mpls [UPE-GigabitEthernet1/0/2] mpls [UPE-GigabitEthernet1/0/2] quit

9 VPLS Convergence Configuration

1/0/1 te rsvp-te 1/0/2 te rsvp-te

# Configure NPE1.
[NPE1] mpls lsr-id 2.2.2.2 [NPE1] mpls [NPE1-mpls] mpls te [NPE1-mpls] mpls rsvp-te [NPE1-mpls] mpls te cspf [NPE1-mpls] quit [NPE1] interface gigabitethernet 1/0/1 [NPE1-GigabitEthernet1/0/1] mpls [NPE1-GigabitEthernet1/0/1] mpls te [NPE1-GigabitEthernet1/0/1] mpls rsvp-te [NPE1-GigabitEthernet1/0/1] quit

# Configure NPE2.
[NPE2] mpls lsr-id 3.3.3.3 [NPE2] mpls [NPE2-mpls] mpls te [NPE2-mpls] mpls rsvp-te [NPE2-mpls] mpls te cspf [NPE2-mpls] quit [NPE2] interface gigabitethernet 1/0/1 [NPE2-GigabitEthernet1/0/1] mpls [NPE2-GigabitEthernet1/0/1] mpls te [NPE2-GigabitEthernet1/0/1] mpls rsvp-te [NPE2-GigabitEthernet1/0/1] quit

(2) Configure IS-IS TE. # Configure the UPE.


[UPE] isis 1 [UPE-isis-1] cost-style wide [UPE-isis-1] traffic-eng level-2 [UPE-isis-1] quit

# Configure NPE1.
[NPE1] isis 1 [NPE1-isis-1] cost-style wide [NPE1-isis-1] traffic-eng level-2 [NPE1-isis-1] quit

# Configure NPE2.
[NPE2] isis 1 [NPE2-isis-1] cost-style wide [NPE2-isis-1] traffic-eng level-2 [NPE2-isis-1] quit

(3) Establish the MPLS LDP session. Establish the MPLS LDP session between the UPE and the NPEs. Specify the IP address of the LDP remote peer as the MPLS LSR ID of the remote device. # Configure the UPE.
[UPE] mpls ldp

Issue 03 (2008-09-22)

Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd.

9-27

9 VPLS Convergence Configuration

Quidway NetEngine80E/40E Core Router Configuration Guide - VPN

[UPE-ldp] quit [UPE] mpls ldp remote-peer 2.2.2.2 [UPE-mpls-ldp-remote-2.2.2.2] remote-ip 2.2.2.2 [UPE-mpls-ldp-remote-2.2.2.2] quit [UPE] mpls ldp remote-peer 3.3.3.3 [UPE-mpls-ldp-remote-3.3.3.3] remote-ip 3.3.3.3 [UPE-mpls-ldp-remote-3.3.3.3] quit

# Configure NPE1.
[NPE1] mpls ldp [NPE1-ldp] quit [NPE1] mpls ldp remote-peer 1.1.1.1 [NPE1-mpls-ldp-remote-1.1.1.1] remote-ip 1.1.1.1 [NPE1-mpls-ldp-remote-1.1.1.1] quit

# Configure NPE2.
[NPE2] mpls ldp [NPE2-ldp] quit [NPE2] mpls ldp remote-peer 1.1.1.1 [NPE2-mpls-ldp-remote-1.1.1.1] remote-ip 1.1.1.1 [NPE2-mpls-ldp-remote-1.1.1.1] quit

After the preceding configuration, the LDP session is established between the UPE and the NPEs. Running the display mpls ldp session command, you can view that Status displays Operational. Take UPE and NPE1 as an example:
[UPE] display mpls ld session LDP Session(s) in Public Network ----------------------------------------------------------------------------Peer-ID Status LAM SsnRole SsnAge KA-Sent/Rcv ----------------------------------------------------------------------------2.2.2.2:0 Operational DU Passive 000:00:00 4/4 3.3.3.3:0 Operational DU Passive 000:00:00 2/2 ----------------------------------------------------------------------------TOTAL: 2 session(s) Found. LAM : Label Advertisement Mode SsnAge Unit : DDD:HH:MM [NPE1] display mpls ldp session LDP Session(s) in Public Network ----------------------------------------------------------------------------Peer-ID Status LAM SsnRole SsnAge KA-Sent/Rcv ----------------------------------------------------------------------------1.1.1.1:0 Operational DU Active 000:00:01 6/6 ----------------------------------------------------------------------------TOTAL: 1 session(s) Found. LAM : Label Advertisement Mode SsnAge Unit : DDD:HH:MM

(4) Configure the tunnel interface. Create the tunnel interface on the UPE and the NPEs, and specify the tunnel protocol as MPLS TE and the signaling protocol as RSVP-TE. # Configure the UPE.
[UPE] interface tunnel 1/0/1 [UPE-Tunnel1/0/1] ip address unnumbered interface loopback1 [UPE-Tunnel1/0/1] tunnel-protocol mpls te [UPE-Tunnel1/0/1] destination 2.2.2.2

9-28

Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd.

Issue 03 (2008-09-22)

Quidway NetEngine80E/40E Core Router Configuration Guide - VPN

9 VPLS Convergence Configuration

[UPE-Tunnel1/0/1] description TO NPE1 [UPE-Tunnel1/0/1] mpls te tunnel-id 1 [UPE-Tunnel1/0/1] mpls te commit [UPE] interface tunnel 1/0/2 [UPE-Tunnel1/0/2] ip address unnumbered interface loopback1 [UPE-Tunnel1/0/2] tunnel-protocol mpls te [UPE-Tunnel1/0/2] destination 3.3.3.3 [UPE-Tunnel1/0/2] description TO NPE2 [UPE-Tunnel1/0/2] mpls te tunnel-id 2 [UPE-Tunnel1/0/2] mpls te commit

# Configure NPE1.
[NPE1] interface tunnel 1/0/1 [NPE1-Tunnel1/0/1] ip address unnumbered interface loopback1 [NPE1-Tunnel1/0/1] tunnel-protocol mpls te [NPE1-Tunnel1/0/1] destination 1.1.1.1 [NPE1-Tunnel1/0/1] description TO UPE [NPE1-Tunnel1/0/1] mpls te tunnel-id 1 [NPE1-Tunnel1/0/1] mpls te commit

# Configure NPE2.
[NPE2] interface tunnel 1/0/1 [NPE2-Tunnel1/0/1] ip address unnumbered interface loopback1 [NPE2-Tunnel1/0/1] tunnel-protocol mpls te [NPE2-Tunnel1/0/1] destination 1.1.1.1 [NPE2-Tunnel1/0/1] description TO UPE [NPE2-Tunnel1/0/1] mpls te tunnel-id 2 [NPE2-Tunnel1/0/1] mpls te commit

After the configuration, running the display ip interface brief command, you can view that the protocol status of the created tunnel interface is Up. Take NPE1 as an example:
[NPE1] display ip interface brief *down: administratively down !down: FIB overload down (l): loopback (s): spoofing The number of interface that is UP in Physical is 5 The number of interface that is DOWN in Physical is 0 The number of interface that is UP in Protocol is 4 The number of interface that is DOWN in Protocol is 1 Interface IP Address/Mask Physical Protocol GigabitEthernet1/0/0 unassigned up down GigabitEthernet1/0/1 10.1.1.2/24 up up LoopBack1 2.2.2.2/32 up up(s) NULL0 unassigned up up(s) Tunnel1/0/1 2.2.2.2/32 up up

(5) Configure the tunnel policy. # Configure the UPE.


[UPE] tunnel-policy policy1 [UPE-tunnel-policy-policy1] tunnel select-seq cr-lsp load-balance-number 1 [UPE-tunnel-policy-policy1] quit

# Configure NPE1.
[NPE1] tunnel-policy policy1 [NPE1-tunnel-policy-policy1] tunnel select-seq cr-lsp load-balance-number 1 [NPE1-tunnel-policy-policy1] quit

# Configure NPE2.
[NPE2] tunnel-policy policy1 [NPE2-tunnel-policy-policy1] tunnel select-seq cr-lsp load-balance-number 1 [NPE2-tunnel-policy-policy1] quit

3.
Issue 03 (2008-09-22)

Configure VPLS.
Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd. 9-29

9 VPLS Convergence Configuration

Quidway NetEngine80E/40E Core Router Configuration Guide - VPN

(1) Create the VE interface on the NPE. The VE interface of VE-Group1 is used to run the mVRRP virtual router and configure the mPW. Create an L2VE interface to terminate the mPW; create an L3VE interface to run the mVRRP virtual router. # Configure NPE1.
[NPE1] interface virtual-ethernet 1/0/1 [NPE1-Virtual-Ethernet1/0/1] ve-group 1 l2-terminate [NPE1-Virtual-Ethernet1/0/1] quit [NPE1] interface virtual-ethernet 1/0/11 [NPE1-Virtual-Ethernet1/0/11] ve-group 1 l3-access [NPE1-Virtual-Ethernet1/0/11] quit

# Configure NPE2.
[NPE2] interface virtual-ethernet 1/0/1 [NPE2-Virtual-Ethernet1/0/1] ve-group 1 l2-terminate [NPE2-Virtual-Ethernet1/0/1] quit [NPE2] interface virtual-ethernet 1/0/11 [NPE2-Virtual-Ethernet1/0/11] ve-group 1 l3-access [NPE2-Virtual-Ethernet1/0/11] quit

(2) Configure HVPLS on the UPE and the NPEs and establish the mPW between the UPE and the NPEs. The mVRRP protocol packets between NPEs, the peer BFD packets between NPEs, and the link BFD packets between the UPE and the NPEs are transmitted through the mPW between the UPE and the NPEs and exchanged by the mVSI on the UPE. # Configure the mVSI on the UPE.
NOTE

The License determines the maximum number of mVSIs that can be configured in the system. To purchase the License, contact Huawei technical personnel.

# Configure the UPE.


[UPE] mpls l2vpn [UPE-l2vpn] quit [UPE] vsi admin-vsi1 static [UPE-admin-vsi1] pwsignal ldp [UPE-admin-vsi1-ldp] vsi-id 10 [UPE-admin-vsi1-ldp] peer 2.2.2.3 upe [UPE-admin-vsi1-ldp] peer 3.3.3.3 upe [UPE-admin-vsi1-ldp] quit [UPE-admin-vsi1] admin-vsi [UPE-admin-vsi1] tnl-policy policy1 [UPE-admin-vsi1] quit

# Configure NPE1.
NOTE

The mVRRP protocol packets between NPEs, peer BFD packets between NPEs, and link BFD packets between the UPE and the NPEs are directly sent to UPE by the NPEs; therefore, it is recommended that the NPEs access the mVSI on the UPE through the VLL. The VC ID must be consistent with the ID of the VSI to be accessed.
[NPE1] mpls l2vpn [NPE1-l2vpn] quit [NPE1] interface virtual-ethernet 1/0/1 [NPE1-Virtual-Ethernet1/0/1] mpls l2vc 1.1.1.1 10 tunnel-policy policy1 [NPE1-Virtual-Ethernet1/0/1] quit

# Configure NPE2.
[NPE2] mpls l2vpn [NPE2-l2vpn] quit [NPE2] interface virtual-ethernet 1/0/1 [NPE2-Virtual-Ethernet1/0/1] mpls l2vc 1.1.1.1 10 tunnel-policy policy1 [NPE2-Virtual-Ethernet1/0/1] quit

9-30

Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd.

Issue 03 (2008-09-22)

Quidway NetEngine80E/40E Core Router Configuration Guide - VPN

9 VPLS Convergence Configuration

After the preceding configuration, running the display vsi command, you can view that VSI State displays up and the status of the PW to the peer is also up. PW Type displays MEHVPLS. Take UPE as an example:
[UPE] display vsi name admin-vsi1 verbose ***VSI Name : admin-vsi1 Administrator VSI : yes Isolate Spoken : disable VSI Index : 0 PW Signaling : ldp Member Discovery Style : static PW MAC Learn Style : unqualify Encapsulation Type : vlan MTU : 1500 Tunnel Policy Name : policy1 VSI State : up VSI ID : 10 *Peer Router ID : 2.2.2.2 VC Label : 23552 Peer Type : dynamic Session : up Tunnel ID : 0x41002000, *Peer Router ID : 3.3.3.3 VC Label : 23553 Peer Type : dynamic Session : up Tunnel ID : 0x41002001,

Running the display tunnel-info all command on the UPE, you can view that the type of the tunnel from UPE to the peer NPE is cr lsp. Take UPE as an example:
[UPE] display tunnel-info all * -> Allocated VC Token Tunnel ID Type Destination Token ---------------------------------------------------------------------0x41002000 cr lsp 2.2.2.2 0 0x41002001 cr lsp 3.3.3.3 1 0x1002002 lsp -2 0x1002004 lsp(*) -4 0x1002005 lsp -5 0x1002007 lsp(*) -7

Running the display mpls l2vc command on the NPEs, you can view that VCs are established from the NPE to each mVSI on the UPE. The status of the VCs is Up. Take NPE1 as an example:
[NPE1] display mpls l2vc total LDP VC : 1 1 up 0 down *client interface : Virtual-Ethernet1/0/1 session state : up AC status : up VC state : up VC ID : 10 VC type : Ethernet destination : 1.1.1.1 local VC label : 21504 remote VC label control word : disable forwarding entry : non-existent local group ID : 0 manual fault : not set active state : active link state : down local VC MTU : 1500 remote VC MTU tunnel policy name : policy1 traffic behavior name: -PW template name : -primary or secondary : primary

: 0

: 0

Issue 03 (2008-09-22)

Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd.

9-31

9 VPLS Convergence Configuration


create time up time last change time

Quidway NetEngine80E/40E Core Router Configuration Guide - VPN


: 0 days, 0 hours, 2 minutes, 18 seconds : 0 days, 0 hours, 0 minutes, 0 seconds : 0 days, 0 hours, 2 minutes, 18 seconds

(3) Configure VPLS on the UPE. The VSI on the UPE performs local exchange and then sends the packets of the user network to NPE1 and NPE2 simultaneously.
NOTE

In this example, the packets of the user network are sent to NPE1 and NPE2 through GE 1/0/1 and GE 1/0/2 on the physical link after they are locally exchanged by the VSI on the UPE. In addition, the packets of the user network can be configured to be sent to NPE1 and NPE2 respectively through the PW.

# Configure the UPE.


[UPE] vsi biz-vsi1 static [UPE-biz-vsi1] pwsignal ldp [UPE-biz-vsi1-ldp] vsi-id 101 [UPE-biz-vsi1-ldp] peer 2.2.2.2 [UPE-biz-vsi1-ldp] peer 3.3.3.3 [UPE-biz-vsi1-ldp] quit [UPE-biz-vsi1] quit [UPE] interface gigabitethenet 1/0/0.1 [UPE-GigabitEthernet1/0/0.1] vlan-type dot1q 101 [UPE-GigabitEthernet1/0/0.1] l2 binding vsi biz-vsi1 [UPE-GigabitEthernet1/0/0.1] quit

# Configure the NPE1.


[NPE1] vsi biz-vsi1 static [NPE1-biz-vsi1] pwsignal ldp [NPE1-biz-vsi1-ldp] vsi-id 101 [NPE1-biz-vsi1-ldp] peer 1.1.1.1 tnl-policy policy1 upe [NPE1-biz-vsi1-ldp] quit [NPE1-biz-vsi1] quit

# Configure the NPE2.


[NPE2] vsi biz-vsi1 static [NPE2-biz-vsi1] pwsignal ldp [NPE2-biz-vsi1-ldp] vsi-id 101 [NPE2-biz-vsi1-ldp] peer 1.1.1.1 tnl-policy policy1 upe [NPE2-biz-vsi1-ldp] quit [NPE2-biz-vsi1] quit

After the preceding configuration, running the display vsi command, you can view that VSI State displays up. Take UPE as an example:
[UPE] display vsi Total VSI number is 2, 2 is up, 0 is down, 2 is LDP mode, 0 is BGP mode Vsi Mem PW Mac Encap Mtu Vsi Name Disc Type Learn Type Value State ------------------------------------------------------------------------admin-vsi1 static ldp unqualify vlan 1500 up biz-vsi1 static ldp unqualify vlan 1500 up

(4) Isolate the ACs of the service VSI on the UPE to forbid the CEs from accessing each other, and bind the service VSI and the mVSI. # Configure the UPE.
[UPE] vsi biz-vsi1 [UPE-biz-vsi1] isolate spoken [UPE-biz-vsi1] track admin-vsi admin-vsi1 [UPE-biz-vsi1] quit

After the preceding configuration, running the display vsi verbose command on the NPE, you can view that Isolate Spoken displays enable. Take UPE as an example:
9-32 Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd. Issue 03 (2008-09-22)

Quidway NetEngine80E/40E Core Router Configuration Guide - VPN


[UPE] display vsi verbose ***VSI Name Administrator VSI Isolate Spoken VSI Index PW Signaling Member Discovery Style PW MAC Learn Style Encapsulation Type MTU Tunnel Policy Name VSI State VSI ID *Peer Router ID VC Label Peer Type Session Tunnel ID *Peer Router ID VC Label Peer Type Session Tunnel ID ***VSI Name Administrator VSI Isolate Spoken VSI Index PW Signaling Member Discovery Style PW MAC Learn Style Encapsulation Type MTU Tunnel Policy Name VSI State VSI ID *Peer Router ID VC Label Peer Type Session Tunnel ID *Peer Router ID VC Label Peer Type Session Tunnel ID Interface Name State Interface Name State Interface Name State **PW Information: *Peer Ip Address PW State Local VC Label Remote VC Label PW Type Tunnel ID *Peer Ip Address PW State Local VC Label Remote VC Label PW Type Tunnel ID

9 VPLS Convergence Configuration

: : : : : : : : : : : : : : : : : : : : : : : : : : : : : : : : : : : : : : : : : : : : : : : : : : : : : : : : : : : : : :

admin-vsi1 yes enable 0 ldp static unqualify vlan 1500 policy1 up 10 2.2.2.2 23552 dynamic up 0x41002000, 3.3.3.3 23553 dynamic up 0x41002001, biz-vsi1 no enable 1 ldp static unqualify vlan 1500 policy1 up 101 2.2.2.2 23554 dynamic up 0x41002000, 3.3.3.3 23555 dynamic up 0x41002001, GigabitEthernet1/0/0.1 up GigabitEthernet1/0/3.1 up GigabitEthernet1/0/4.1 up 3.3.3.3 up 23555 21505 label 0x41002001, 2.2.2.2 up 23554 21505 label 0x41002000,

Running the display admin-vsi binding command on the UPE, you can view the binding of the service VSI and the mVSI. Take UPE as an example:
[UPE] display admin-vsi binding

Issue 03 (2008-09-22)

Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd.

9-33

9 VPLS Convergence Configuration

Quidway NetEngine80E/40E Core Router Configuration Guide - VPN

Admin-vsi Service-vsi -------------------------------------------admin-vsi1 biz-vsi1

4.

Configure VRRP. (1) Configure the mVRRP virtual router between NPEs. Master NPE and backup NPE are distinguished. NPE1 is the master; NPE2 is the backup.
NOTE

The mVRRP virtual router between NPEs can also adopt the load balancing mode. For detailed configuration, refer to the VRRP Configuration

# Configure NPE1.
[NPE1] interface virtual-ethernet 1/0/11 [NPE1-Virtual-Ethernet1/0/11] ip address 192.168.1.1 24 [NPE1-Virtual-Ethernet1/0/11] vrrp vrid 1 virtual-ip 192.168.1.254 [NPE1-Virtual-Ethernet1/0/11] vrrp vrid 1 priority 120 [NPE1-Virtual-Ethernet1/0/11] admin-vrrp vrid 1 [NPE1-Virtual-Ethernet1/0/11] quit

# Configure NPE2.
[NPE2] interface virtual-ethernet 1/0/11 [NPE2-Virtual-Ethernet1/0/11] ip address 192.168.1.2 24 [NPE2-Virtual-Ethernet1/0/11] vrrp vrid 1 virtual-ip 192.168.1.254 [NPE2-Virtual-Ethernet1/0/11] admin-vrrp vrid 1 [NPE2-Virtual-Ethernet1/0/11] quit
NOTE

In the VRP5.50, the VRIDs on different interfaces can overlap. The overlapping scope and the maximum number of times of overlapping are determined by the License. To purchase the License, contact Huawei technical personnel.

After the preceding configuration, running the display vrrp command on the NPEs, you can view that the status of VRRP virtual router 1 on VE 1/0/11 of NPE1 is Master and the status of VRRP virtual router 1 on VE 1/0/11 of NPE2 is Backup. Both the VRRP virtual routers are the mVRRP virtual routers. Take NPE1 as an example:
[NPE1] display vrrp Virtual-Ethernet1/0/11 | Virtual Router 1 State : Master Virtual IP : 192.168.1.254 PriorityRun : 120 PriorityConfig : 120 MasterPriority : 120 Preempt : YES Delay Time : 0 Timer : 1 Auth Type : NONE Virtual Mac : 0000-5e00-0101 Check TTL : YES Config type : admin-vrrp [NPE2] display vrrp Virtual-Ethernet1/0/11 | Virtual Router 1 State : Backup Virtual IP : 192.168.1.254 PriorityRun : 100 PriorityConfig : 100 MasterPriority : 120 Preempt : YES Delay Time : 0 Timer : 1 Auth Type : NONE Virtual Mac : 0000-5e00-0101 Check TTL : YES Config type : admin-vrrp

9-34

Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd.

Issue 03 (2008-09-22)

Quidway NetEngine80E/40E Core Router Configuration Guide - VPN

9 VPLS Convergence Configuration

(2) Configure the service interfaces on the NPEs.


NOTE

In this example, the service interfaces GE 1/0/1.1 on NPE1 and NPE2 are configured with the same IP address, which is used as the gateway address of the user of the UPE. Normally, after the service interface is bound with the mVRRP virtual router, the service interface of only the master NPE advertises the network segment route of the interface; while the service interface of the backup NPE is in the Down state. In addition, the service VRRP virtual router can also be configured between NPEs, and the virtual IP address of the service VRRP virtual router is used as the gateway address of the UPE user. # Configure NPE1.

[NPE1] interface gigabitethernet1/0/0.1 [NPE1-GigabitEthernet1/0/0.1] vlan-type dot1q 101 [NPE1-GigabitEthernet1/0/0.1] ip address 192.168.2.254 24 [NPE1-GigabitEthernet1/0/0.1] quit

# Configure NPE2.
[NPE2] interface gigabitethernet1/0/0.1 [NPE2-GigabitEthernet1/0/0.1] vlan-type dot1q 101 [NPE2-GigabitEthernet1/0/0.1] ip address 192.168.2.254 24 [NPE2-GigabitEthernet1/0/0.1] quit

(3) Bind the service interface and the mVRRP virtual router. # Configure NPE1.
[NPE1] interface gigabitethernet1/0/0.1 [NPE1-GigabitEthernet1/0/0.1] track admin-vrrp interface virtual-ethernet 1/0/11 vrid 1 [NPE1-GigabitEthernet1/0/0.1] quit

# Configure NPE2.
[NPE2] interface gigabitethernet1/0/0.1 [NPE2-GigabitEthernet1/0/0.1] track admin-vrrp interface virtual-ethernet 1/0/11 vrid 1 [NPE2-GigabitEthernet1/0/0.1] quit

After the preceding configuration, running the display vrrp binding admin-vrrp member-interface command on the NPEs, you can view the binding of the service interface and the mVRRP virtual router. Take NPE1 as an example:
[PE-AGG1] display vrrp binding admin-vrrp member-interface Interface: Virtual-Ethernet1/0/11, admin-vrrp vrid: 1, state: Master Member-interface number: 1 Interface: GigabitEthernet1/0/0.1, state: Up

Running the display vrrp binding admin-vrrp command on the NPEs, you can view all the bindings of the mVRRP virtual router and the service VRRP virtual router, the service interface, and the service PW. Take NPE1 as an example:
[NPE1] display vrrp binding admin-vrrp Interface: Virtual-Ethernet1/0/11, admin-vrrp vrid: 1, state: Master Member-interface number: 1 Interface: GigabitEthernet1/0/0.1, state: Up

Running the display interface command on the NPEs, you can view the status of the service VRRP virtual router bound with the mVRRP virtual router. If the status of the bound mVRRP virtual router is Backup or Initialize, the status of the interface running the service VRRP virtual router is Flow Down. Take NPE2 as an example:
[NPE2] dispaly interface gigabitethernet1/0/0.1 GigabitEthernet1/0/0.1 current state : FLOW DOWN

Issue 03 (2008-09-22)

Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd.

9-35

9 VPLS Convergence Configuration

Quidway NetEngine80E/40E Core Router Configuration Guide - VPN

Line protocol current state : DOWN Description : HUAWEI, Quidway Series, GigabitEthernet1/0/0.1 Interface, Route Port The Maximum Transmit Unit is 1500 bytes Internet Address is 192.168.2.254/24 IP Sending Frames' Format is PKTFMT_ETHNT_2, Hardware address is 00e0b649-870c Encapsulation dot1q Virtual LAN, The number of Vlan is 1, Vlan ID 101 Last 300 seconds input rate 0 bytes/sec, 0 packets/sec Last 300 seconds output rate 0 bytes/sec, 0 packets/sec Input: 15 packets,960 bytes, 0 unicast,15 broadcast,0 multicasts 0 errors,0 drops,0 unknowprotocol Output:12 packets,768 bytes, 12 unicast,0 broadcast,0 multicasts 0 errors,0 drops

5.

Configure BFD. (1) Configure peer BFD between NPEs. # Configure NPE1.
[NPE1] bfd [NPE1-bfd] quit [NPE1] bfd peer1 bind peer-ip 192.168.1.2 interface virtual-ethernet 1/0/11 [NPE1-bfd-session-peer1] discriminator local 1 [NPE1-bfd-session-peer1] discriminator remote 1 [NPE1-bfd-session-peer1] commit [NPE1-bfd-session-peer1] quit

# Configure NPE2.
[NPE2] bfd [NPE2-bfd] quit [NPE2] bfd peer1 bind peer-ip 192.168.1.1 interface virtual-ethernet 1/0/11 [NPE2-bfd-session-peer1] discriminator local 1 [NPE2-bfd-session-peer1] discriminator remote 1 [NPE2-bfd-session-peer1] commit [NPE2-bfd-session-peer1] quit

After the preceding configuration, running the display bfd session all command on the NPEs, you can view that BFD status is Up. Take NPE1 as an example:
[NPE1] display bfd session all Total Static Session Number : 2, Dynamic Session Number: 0, Entire Dynamic Sessi on Number: 0 ------------------------------------------------------------------------------Local Remote PeerIpAddr InterfaceName State Type ------------------------------------------------------------------------------1 1 192.168.1.2 Virtual-Ethernet1/0/11 Up S_IP ------------------------------------------------------------------------------Total UP/DOWN Session Number : 1/0

(2) Configure link BFD between the NPEs and the UPE. Between the NPEs and the UPE, the BFD session is used to detect the MPLS TE tunnel between PE1 and PE2. # Configure the UPE.
[UPE] bfd [UPE-bfd] quit [UPE] bfd link1 bind mpls-te interface tunnel 1/0/1 [UPE-bfd-lsp-session-link1] discriminator local 3 [UPE-bfd-lsp-session-link1] discriminator remote 3 [UPE-bfd-lsp-session-link1] commit

9-36

Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd.

Issue 03 (2008-09-22)

Quidway NetEngine80E/40E Core Router Configuration Guide - VPN

9 VPLS Convergence Configuration

[UPE] bfd link2 bind mpls-te interface tunnel 1/0/2 [UPE-bfd-lsp-session-link2] discriminator local 4 [UPE-bfd-lsp-session-link2] discriminator remote 4 [UPE-bfd-lsp-session-link2] commit

# Configure the UPE.


[NPE1] bfd link1 bind peer-ip 1.1.1.1 [NPE1-bfd-session-link1] discriminator local 3 [NPE1-bfd-session-link1] discriminator remote 3 [NPE1-bfd-session-link1] commit

# Configure NPE2.
[NPE2] bfd link1 bind peer-ip 1.1.1.1 [NPE2-bfd-session-link1] discriminator local 4 [NPE2-bfd-session-link1] discriminator remote 4 [NPE2-bfd-session-link1] commit

After the preceding configuration, running the display bfd session all command on the UPE and the NPEs, you can view that the BFD status is Up. Take UPE and NPE1 as an example:
[UPE] display bfd session all Total Static Session Number : 2, Dynamic Session Number: 0, Entire Dynamic Sessi on Number: 0 ------------------------------------------------------------------------------Local Remote PeerIpAddr InterfaceName State Type ------------------------------------------------------------------------------3 3 2.2.2.2 Tunnel1/0/1 Up S_TE_TNL 4 4 3.3.3.3 Tunnel1/0/2 Up S_TE_TNL ------------------------------------------------------------------------------[NPE1] display bfd session all Total Static Session Number : 4, Dynamic Session Number: 0, Entire Dynamic Sessi on Number: 0 ------------------------------------------------------------------------------Local Remote PeerIpAddr InterfaceName State Type ------------------------------------------------------------------------------1 1 192.168.1.2 Virtual-Ethernet1/0/11 Up S_IP 3 3 1.1.1.1 Up S_IP -------------------------------------------------------------------------------

(3) Bind the mVRRP virtual router and the peer BFD session and the link BFD session. # Configure NPE1.
[NPE1] interface virtual-ethernet 1/0/11 [NPE1-Virtual-Ethernet1/0/11] vrrp vrid 1 track bfd-session 1 peer [NPE1-Virtual-Ethernet1/0/11] vrrp vrid 1 track bfd-session 3 link [NPE1-Virtual-Ethernet1/0/11] quit

# Configure NPE2.
[NPE2] interface virtual-ethernet 1/0/11 [NPE2-Virtual-Ethernet1/0/11] vrrp vrid 1 track bfd-session 1 peer [NPE2-Virtual-Ethernet1/0/11] vrrp vrid 1 track bfd-session 4 link [NPE2-Virtual-Ethernet1/0/11] quit

After the preceding configuration, running the display vrrp command on the NPEs, you can view that the mVRRP virtual router is bound with the peer BFD session and the link BFD session, which are in the Up state.
Issue 03 (2008-09-22) Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd. 9-37

9 VPLS Convergence Configuration

Quidway NetEngine80E/40E Core Router Configuration Guide - VPN

Take NPE1 as an example:


[NPE1] display vrrp Virtual-Ethernet1/0/11 | Virtual Router 1 state : Master Virtual IP : 192.168.1.254 PriorityRun : 120 PriorityConfig : 120 MasterPriority : 120 preempt : yes delay time : 0 Timer : 1 Auth Type : NONE Check TTL : YES Config type : admin-vrrp Track BFD : 3 type: link bfd-session state : up Track BFD : 1 type: peer bfd-session state : up

6.

Verify the configuration. (1) After the IP address and gateway address are configured correctly on the PC, the ping to the gateway address (virtual IP address of the service VRRP virtual router) succeeds. (2) When the master device or primary link between the UPE and the NPE fails, the backup device and the secondary link can rapidly switch itself to be the master device and the primary link. Run the shutdown command on GE 1/0/1 of UPE to simulate the fault on the link between the UPE and NPE1. Before the shutdown command is run, the statuses of the VRRP virtual router and the service interface on the NPEs are as follows:
l l l l

The status of the mVRRP virtual router 1 on VE 1/0/11 of NPE1 is Master. The status of the service interface GE 1/0/0.1 on NPE1 is Up. The status of the mVRRP virtual router 1 on VE 1/0/11 of NPE2 is Backup. The status of the service interface GE 1/0/0.1 on NPE2 is Flow Down.

[NPE1] display vrrp Virtual-Ethernet1/0/11 | Virtual Router 1 State : Master Virtual IP : 192.168.1.254 PriorityRun : 120 PriorityConfig : 120 MasterPriority : 120 Preempt : YES Delay Time : 0 Timer : 1 Auth Type : NONE Virtual Mac : 0000-5e00-0101 Check TTL : YES Config type : admin-vrrp Track BFD : 1 type: peer bfd-session state : up Track BFD : 4 type: link bfd-session state : up [NPE2] display vrrp Virtual-Ethernet1/0/11 | Virtual Router 1 State : Backup Virtual IP : 192.168.1.254 PriorityRun : 100 PriorityConfig : 100 MasterPriority : 100 Preempt : YES Delay Time : 0 Timer : 1 Auth Type : NONE Virtual Mac : 0000-5e00-0101 Check TTL : YES

9-38

Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd.

Issue 03 (2008-09-22)

Quidway NetEngine80E/40E Core Router Configuration Guide - VPN


Config type Track BFD : bfd-session Track BFD : bfd-session : admin-vrrp 1 type: peer state : up 6 type: link state : up

9 VPLS Convergence Configuration

After the shutdown command is run, the statuses of the VRRP virtual router and the service interface on NPE1 are as follows:
l l l l l

The status of the mVRRP virtual router 1 on VE 1/0/11 of NPE1 is Backup. The status of the service interface GE 1/0/0.1 on NPE1 is Flow Down. The status of the mVRRP virtual router 1 on VE 1/0/11 of NPE2 is Backup. The status of the service interface GE 1/0/0.1 on NPE2 is Up. The status of the mVRRP virtual router 1 on VE 1/0/11 of NPE2 is Master.

[NPE1] display vrrp Virtual-Ethernet1/0/11 | Virtual Router 1 State : Initialize Virtual IP : 192.168.1.254 PriorityRun : 120 PriorityConfig : 120 MasterPriority : 0 Preempt : YES Delay Time : 0 Timer : 1 Auth Type : NONE Virtual Mac : 0000-5e00-0101 Check TTL : YES Config type : admin-vrrp Track BFD : 1 type: peer bfd-session state : down Track BFD : 4 type: link bfd-session state : down [NPE2] display vrrp Virtual-Ethernet1/0/11 | Virtual Router 1 State : Master Virtual IP : 192.168.1.254 PriorityRun : 100 PriorityConfig : 100 MasterPriority : 100 Preempt : YES Delay Time : 0 Timer : 1 Auth Type : NONE Virtual Mac : 0000-5e00-0101 Check TTL : YES Config type : admin-vrrp Track BFD : 1 type: peer bfd-session state : up Track BFD : 4 type: link bfd-session state : up

For the UPE user, NPE2 becomes the master device. The MAC addresses of all the service VSIs bound with the admin-vsi1 on the UPE are cleared, and the service VSIs learn the correct MAC address of NPE2 without interrupting the user service.

Configuration Files
l

Configuration file of the UPE


# sysname UPE # bfd # mpls lsr-id 1.1.1.1 mpls

Issue 03 (2008-09-22)

Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd.

9-39

9 VPLS Convergence Configuration


mpls te mpls rsvp-te mpls te cspf # mpls l2vpn # vsi biz-vsi1 static pwsignal ldp vsi-id 101 peer 1.1.1.1 tnl-policy policy1 upe # vsi admin-vsi1 static pwsignal ldp vsi-id 10 peer 2.2.2.2 upe peer 3.3.3.3 upe tnl-policy policy1 admin-vsi # vsi biz-vsi1 static pwsignal ldp vsi-id 101 peer 2.2.2.2 peer 3.3.3.3 tnl-policy policy1 isolate spoken track admin-vsi admin-vsi1 # mpls ldp # mpls ldp remote-peer 2.2.2.2 remote-ip 2.2.2.2 # mpls ldp remote-peer 3.3.3.3 remote-ip 3.3.3.3 # isis 1 is-level level-2 cost-style wide network-entity 49.0040.0010.0100.1001.00 import-route ospf 1 traffic-eng level-2 # interface GigabitEthernet1/0/0.1 undo shutdown vlan-type dot1q 2 l2 binding vsi biz-vsi1 # interface GigabitEthernet1/0/1 undo shutdown ip address 10.1.1.1 255.255.255.0 isis enable 1 mpls mpls te mpls rsvp-te # interface GigabitEthernet1/0/2 undo shutdown ip address 10.1.2.1 255.255.255.0 isis enable 1 mpls mpls te mpls rsvp-te # interface GigabitEthernet1/0/3.1 undo shutdown vlan-type dot1q 2 l2 binding vsi biz-vsi1 #

Quidway NetEngine80E/40E Core Router Configuration Guide - VPN

9-40

Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd.

Issue 03 (2008-09-22)

Quidway NetEngine80E/40E Core Router Configuration Guide - VPN

9 VPLS Convergence Configuration

interface GigabitEthernet1/0/4.1 undo shutdown vlan-type dot1q 2 l2 binding vsi biz-vsi1 # interface LoopBack1 ip address 1.1.1.1 255.255.255.255 isis enable 1 # interface Tunnel1/0/1 description To NPE1 ip address unnumbered interface LoopBack1 tunnel-protocol mpls te destination 2.2.2.2 mpls te tunnel-id 1 mpls te commit # interface Tunnel1/0/2 description To NPE2 ip address unnumbered interface LoopBack1 tunnel-protocol mpls te destination 3.3.3.3 mpls te tunnel-id 2 mpls te commit # tunnel-policy policy1 tunnel select-seq cr-lsp load-balance-number 1 # bfd link1 bind mpls-te interface tunnel 1/0/1 discriminator local 3 discriminator remote 3 commit # bfd link2 bind mpls-te interface tunnel 1/0/2 discriminator local 4 discriminator remote 4 commit # return l

Configuration file of NPE1


# sysname NPE1 # mpls lsr-id 2.2.2.2 mpls mpls te mpls rsvp-te mpls te cspf # mpls l2vpn # vsi biz-vsi1 static pwsignal ldp vsi-id 101 peer 1.1.1.1 tnl-policy policy1 upe # mpls ldp # mpls ldp remote-peer 1.1.1.1 remote-ip 1.1.1.1 # isis 1 is-level level-2 cost-style wide network-entity 49.0040.0020.0200.2002.00 traffic-eng level-2 # interface Virtual-Ethernet1/0/1 undo shutdown

Issue 03 (2008-09-22)

Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd.

9-41

9 VPLS Convergence Configuration

Quidway NetEngine80E/40E Core Router Configuration Guide - VPN

ve-group 1 layer2-terminal mpls l2vc 1.1.1.1 10 tunnel-policy policy1 # interface Virtual-Ethernet1/0/11 undo shutdown ve-group 1 layer3-access ip address 192.168.1.1 255.255.255.0 vrrp vrid 1 virtual-ip 192.168.1.254 vrrp vrid 1 priority 120 vrrp vrid 1 track bfd-session 1 peer vrrp vrid 1 track bfd-session 3 link admin-vrrp vrid 1 # interface GigabitEthernet1/0/1.1 undo shutdown vlan-type dot1q 10 ip address 192.168.2.254 255.255.255.0 track admin-vrrp interface virtual-ethernet1/0/11 vrid 1 # interface GigabitEthernet1/0/1 undo shutdown ip address 10.1.1.2 255.255.255.0 isis enable 1 mpls mpls te mpls rsvp-te # interface LoopBack1 ip address 2.2.2.2 255.255.255.255 isis enable 1 # interface Tunnel1/0/1 description To UPE ip address unnumbered interface LoopBack1 tunnel-protocol mpls te destination 1.1.1.1 mpls te tunnel-id 1 mpls te commit # tunnel-policy policy1 tunnel select-seq cr-lsp load-balance-number 1 # bfd link1 bind peer-ip 1.1.1.1 discriminator local 3 discriminator remote 3 commit # bfd peer1 bind peer-ip 192.168.1.2 interface Virtual-Ethernet1/0/11 discriminator local 1 discriminator remote 1 commit # return l

Configuration file of NPE2


# sysname NPE2 # mpls lsr-id 3.3.3.3 mpls mpls te mpls rsvp-te mpls te cspf # mpls l2vpn # vsi biz-vsi1 static pwsignal ldp vsi-id 101 peer 1.1.1.1 tnl-policy policy1 upe

9-42

Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd.

Issue 03 (2008-09-22)

Quidway NetEngine80E/40E Core Router Configuration Guide - VPN

9 VPLS Convergence Configuration

# mpls ldp # mpls ldp remote-peer 1.1.1.1 remote-ip 1.1.1.1 # isis 1 is-level level-2 cost-style wide network-entity 49.0040.0030.0300.3003.00 traffic-eng level-2 # interface Virtual-Ethernet1/0/1 undo shutdown ve-group 1 layer2-terminal mpls l2vc 1.1.1.1 10 tunnel-policy policy1 # # interface Virtual-Ethernet1/0/11 undo shutdown ve-group 1 layer3-access ip address 192.168.1.2 255.255.255.0 vrrp vrid 1 virtual-ip 192.168.1.254 vrrp vrid 1 track bfd-session 1 peer vrrp vrid 1 track bfd-session 4 link admin-vrrp vrid 1 # interface GigabitEthernet1/0/1.1 undo shutdown vlan-type dot1q 101 ip address 192.168.2.254 255.255.255.0 track admin-vrrp interface virtual-ethernet1/0/11 vrid 1 # interface GigabitEthernet1/0/1 undo shutdown ip address 10.1.2.2 255.255.255.0 isis enable 1 mpls mpls te mpls rsvp-te # interface LoopBack1 ip address 3.3.3.3 255.255.255.255 # interface Tunnel1/0/1 description To UPE ip address unnumbered interface LoopBack1 tunnel-protocol mpls te destination 1.1.1.1 mpls te tunnel-id 2 mpls te commit # tunnel-policy policy1 tunnel select-seq cr-lsp load-balance-number 1 # bfd link1 bind peer-ip 1.1.1.1 discriminator local 4 discriminator remote 4 commit # bfd peer1 bind peer-ip 192.168.1.1 interface Virtual-Ethernet1/0/11 discriminator local 1 discriminator remote 1 commit # return

Issue 03 (2008-09-22)

Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd.

9-43

9 VPLS Convergence Configuration

Quidway NetEngine80E/40E Core Router Configuration Guide - VPN

9.5.2 Example for Configuring VPLS Convergence (UPE Directly Accesses the NPE Without Using the VE Interface)
Networking Requirements
Figure 9-10 shows a typical networking diagram of VPLS convergence (UPE accesses the NPE without using the VE interface) in the ME.
l

The two NPEs are the core devices in the ME. They access the upstream IP/MPLS core network and the downstream UPE. The NPEs do not support the L2VE interface. An mVRRP virtual router is run between the NPEs for determining whether an NPE is the master or the backup. An mVSI is run on the UPE. mVRRP packets between NPE1 and NPE2 are exchanged by the mVSI on the UPE. The user packets reach the service VSI on the UPE, and are sent to both the NPEs through this service VSI. The service PW is bound with the mVRRP virtual router on NPE1 and NPE2. The status of the service PW depends on the status of the mVRRP virtual router. Normally, only the service PW on the master NPE processes the user packets. The service VSI and the mVSI on the UPE are bound. When the master/backup switchover occurs on the NPEs, the MAC addresses of all the service VSIs that are bound with the mVSI on the UPE are cleared. The service VSIs learn the MAC address of the new master NPE again without interrupting the user service. With this networking, VPLS can provide the bearer service with the switchover within milliseconds. When the device or link between the master NPE and the UPE fails, the backup NPE takes shorter than 200 ms to switch itself to be the master NPE.

9-44

Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd.

Issue 03 (2008-09-22)

Quidway NetEngine80E/40E Core Router Configuration Guide - VPN

9 VPLS Convergence Configuration

Figure 9-10 Networking diagram of configuring VPLS convergence (UPE accesses the NPE without using the VE interface)

GE1/0/1

MPLS/IP core

GE1/0/1
VSI

NPE3
GE1/0/0 GE1/0/0

VSI

NPE4
GE1/0/0

NPE1

VSI

mVRRP VRID1 VSI Virtual IP: 192.168.1.254

GE1/0/0

NPE2

GE1/0/1 10.1.1.2/24

GE1/0/1 10.1.2.2/24

VSI

GE1/0/2 mVSI GE1/0/1 10.1.2.1/24 10.1.1.1/24 GE1/0/0 UPE G3E1/0/0

Switch
GE1/0/1 VLAN101

PC1 192.168.2.3/24 Gateway:192.168.2.254 PW for mVRRP PW for normal VRRP


Device Name UPE UPE UPE UPE NPE1 NPE1 NPE1 Interface Name Loopback1 GE1/0/0 GE1/0/1 GE1/0/2 Loopback1 GE1/0/0 GE1/0/1 IP Address 1.1.1.1/32 10.1.1.1/24 10.1.2.1/24 2.2.2.2/32 10.1.1.2/24 Device Name NPE2 NPE2 NPE2 NPE3 NPE3 NPE4 NPE4 Interface Name Loopback1 GE1/0/0 GE1/0/1. Loopback1 GE1/0/0 Loopback1 GE1/0/0 IP Address 3.3.3.3/32 10.1.2.2/24 4.4.4.4/32 5.5.5.5/32 -

Issue 03 (2008-09-22)

Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd.

9-45

9 VPLS Convergence Configuration

Quidway NetEngine80E/40E Core Router Configuration Guide - VPN

Configuration Roadmap
The configuration roadmap is as follows: 1. Configure the route, which involves the following:
l l

Configure the IP address for each interface on the UPE and NPEs. Configure IGP for UPE and the NPEs. Configure basic MPLS functions of the UPE and the NPEs. Configure MPLS LDP for the UPE and the NPEs. Configure MPLS TE for the UPE and the NPEs. Configure the mPW and the service PW between the UPE and the NPEs.

2.

Configure MPLS, which involves the following:


l l l

3.

Configure VPLS, which involves the following:


l

mPW: transmits the mVRRP protocol packets between NPEs, the peer BFD packets between NPEs, and the link BFD packets between the NPEs and the UPE. Service PW: transmits the user packets. mVSI: exchanges the mVRRP protocol packets between NPEs and the peer BFD packets between NPEs. Service VSI: exchanges the user packets between NPEs and between the NPE and the user network.

Configure the mVSI and the service VSI on the UPE.

Bind the service VSI and the mVSI on the UPE. When the master/backup switchover occurs on the NPEs, the mVSI on the UPE receives a gratuitous ARP packet. The UPE clears the MAC addresses of all the bound service VSIs according to the binding of the mVSI and the service VSI.

Configure the AC isolation function of the service VSI on the UPE. Configure the mVRRP virtual router between NPEs. mVRRP virtual device: This virtual router determines whether an NPE is the master or the backup through priority. When the link of the master NPE or the NPE itself fails, the backup NPE can switch itself to be the master NPE according the VRRP mechanism.

4.

Configure VRRP, which involves the following:


l

Bind the service VRRP virtual router and the mVRRP virtual router. If the VRRP virtual router and the mVRRP virtual router are bound on the NPE, the status of the service interface depends on the status of the mVRRP virtual device.

5.

Configure BFD to implement VRRP fast switchover, which involves the following:
l l

Configure peer BFD between NPEs and link BFD between the NPEs and the UPE. Configure mVRRP to track the status of the peer BFD session and the link BFD session. mVRRP locates the fault by tracking the status of the peer BFD session and the link BFD session to implement VRRP fast switchover.

Data Preparation
To complete the configuration, you need the following data:
l

Interface number, interface IP address, and IS-IS process number


Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd. Issue 03 (2008-09-22)

9-46

Quidway NetEngine80E/40E Core Router Configuration Guide - VPN


l l l

9 VPLS Convergence Configuration

LSR ID, tunnel number, tunnel ID, and name of the LDP remote peer VSI name, VC ID, and tunnel policy BFD session name, local/remote discriminator, and number and priority of the VRRP virtual router

Configuration Procedure
1. Configure the route. The procedure is similar to "Configure the route"in "Example for Configuring VPLS Convergence (UPE Directly Accesses the NPE Though the VE Interface)." The configuration details are not mentioned here. 2. Configure MPLS. The procedure is similar to "Configure MPLS" in "Example for Configuring VPLS Convergence (UPE Directly Accesses the NPE Though the VE Interface)." The configuration details are not mentioned here. 3. Configure VPLS. (1) Create the mVSI on the UPE. The mVSI performs only local exchange. The mVRRP protocol packets between NPEs, the peer BFD packets between NPEs, and the link BFD packets between the NPEs and the UPE are exchanged by the mVSI on the UPE.
NOTE

The License determines the maximum number of mVSIs that can be configured in the system. To purchase the License, contact Huawei technical personnel.

# Configure the UPE.


[UPE] mpls l2vpn [UPE-l2vpn] quit [UPE] vsi admin-vsi1 static [UPE-admin-vsi1] pwsignal ldp [UPE-admin-vsi1-ldp] vsi-id 10 [UPE-admin-vsi1-ldp] quit [UPE-admin-vsi1] admin-vsi [UPE-admin-vsi1] quit [UPE] interface gigabitethernet 1/0/1.1 [UPE-GigabitEthernet1/0/1.1] vlan-type dot1q 10 [UPE-GigabitEthernet1/0/1.1] l2 binding vsi admin-vsi1 [UPE-GigabitEthernet1/0/1.1] quit [UPE] interface gigabitethernet 1/0/2.1 [UPE-GigabitEthernet1/0/2.1] vlan-type dot1q 10 [UPE-GigabitEthernet1/0/2.1] l2 binding vsi admin-vsi1 [UPE-GigabitEthernet1/0/2.1] quit

After the preceding configuration, running the display vsi command, you can view that VSI State displays up. Take UPE as an example:
[UPE] display vsi name admin-vsi1 verbose ***VSI Name : admin-vsi1 Administrator VSI : yes Isolate Spoken : disable VSI Index : 0 PW Signaling : ldp Member Discovery Style : static PW MAC Learn Style : unqualify Encapsulation Type : vlan MTU : 1500 VSI State : up VSI ID : 10

Issue 03 (2008-09-22)

Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd.

9-47

9 VPLS Convergence Configuration


Interface Name State Interface Name State : : : :

Quidway NetEngine80E/40E Core Router Configuration Guide - VPN


GigabitEthernet1/0/1.1 up GigabitEthernet1/0/2.1 up

(2) Configure HVPLS and bind the service interface and the service VSI on the UPE and NPEs.
NOTE

Configure HVPLS between the NPEs and the UPE; configure VPLS between NPEs. The detailed configuration is not mentioned here. For details, see "Configuration Files" in this section.

# Configure the UPE.


[UPE] vsi biz-vsi1 static [UPE-biz-vsi1] pwsignal ldp [UPE-biz-vsi1-ldp] vsi-id 101 [UPE-biz-vsi1-ldp] peer 2.2.2.2 [UPE-biz-vsi1-ldp] peer 3.3.3.3 [UPE-biz-vsi1-ldp] quit [UPE-biz-vsi1] tnl-policy policy1 [UPE-biz-vsi1] quit [UPE] interface gigabitethenet 1/0/0.1 [UPE-GigabitEthernet1/0/0.1] vlan-type dot1q 101 [UPE-GigabitEthernet1/0/0.1] l2 binding vsi biz-vsi1 [UPE-GigabitEthernet1/0/0.1] quit

# Configure NPE1.
[NPE1] vsi biz-vsi1 static [NPE1-biz-vsi1] pwsignal ldp [NPE1-biz-vsi1-ldp] vsi-id 101 [NPE1-biz-vsi1-ldp] peer 1.1.1.1 tnl-policy policy1 upe [NPE1-biz-vsi1-ldp] peer 4.4.4.4 [NPE1-biz-vsi1-ldp] peer 5.5.5.5 [NPE1-biz-vsi1-ldp] quit [NPE1-biz-vsi1] quit

# Configure NPE2.
[NPE2] vsi biz-vsi1 static [NPE2-biz-vsi1] pwsignal ldp [NPE2-biz-vsi1-ldp] vsi-id 101 [NPE2-biz-vsi1-ldp] peer 1.1.1.1 tnl-policy policy1 upe [NPE2-biz-vsi1-ldp] peer 4.4.4.4 [NPE2-biz-vsi1-ldp] peer 5.5.5.5 [NPE2-biz-vsi1-ldp] quit [NPE2-biz-vsi1] quit

After the preceding configuration, running the display vsi command, you can view that VSI State displays up. Take UPE as an example:
[UPE] display vsi Total VSI number is 2, 2 is up, 0 is down, 2 is LDP mode, 0 is BGP mode Vsi Mem PW Mac Encap Mtu Vsi Name Disc Type Learn Type Value State ------------------------------------------------------------------------admin-vsi1 static ldp unqualify vlan 1500 up biz-vsi1 static ldp unqualify vlan 1500 up

(3) Isolate the ACs of the service VSI on the UPE to forbid the CEs from accessing each other, and bind the service VSI and the mVSI. # Configure the UPE.
[UPE] vsi biz-vsi1 [UPE-biz-vsi1] isolate spoken [UPE-biz-vsi1] track admin-vsi admin-vsi1 [UPE-biz-vsi1] quit

9-48

Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd.

Issue 03 (2008-09-22)

Quidway NetEngine80E/40E Core Router Configuration Guide - VPN

9 VPLS Convergence Configuration

After the preceding configuration, running the display vsi verbose command on the UPE, you can view that Isolate Spoken displays enable. Take UPE as an example:
[UPE] display vsi name biz-vsi1 verbose ***VSI Name : biz-vsi1 Administrator VSI : no Isolate Spoken : enable VSI Index : 1 PW Signaling : ldp Member Discovery Style : static PW MAC Learn Style : unqualify Encapsulation Type : vlan MTU : 1500 Tunnel Policy Name : policy1 VSI State : up VSI ID : 101 *Peer Router ID : 2.2.2.2 VC Label : 23552 Peer Type : dynamic Session : up Tunnel ID : 0x41002000, *Peer Router ID : 3.3.3.3 VC Label : 23553 Peer Type : dynamic Session : up Tunnel ID : 0x41002001, Interface Name : GigabitEthernet1/0/0.1 State : up **PW Information: *Peer Ip Address : 2.2.2.2 PW State : up Local VC Label : 23552 Remote VC Label : 23552 PW Type : label Tunnel ID : 0x41002000, *Peer Ip Address : 3.3.3.3 PW State : up Local VC Label : 23553 Remote VC Label : 23552 PW Type : label Tunnel ID : 0x41002001,

Running the display admin-vsi binding command on the UPE, you can view the binding of the service VSI and the mVSI. Take UPE as an example:
[UPE] display admin-vsi binding Admin-vsi Service-vsi -------------------------------------------admin-vsi1 biz-vsi1

4.

Configure VRRP. (1) Configure the mVRRP virtual router between NPEs. Master NPE and backup NPE are distinguished. NPE1 is the master; NPE2 is the backup.
NOTE

The mVRRP virtual router between NPEs can also adopt the load balancing mode. For detailed configuration, refer to the chapter "VRRP Configuration" in the Quidway NetEngine80E/ 40E Router Configuration Guide - Reliability.

# Configure NPE1.
[NPE1] interface gigabitethernet1/0/1.1 [NPE1-GigabitEthernet1/0/1.1] vlan-type dot1q 10 [NPE1-GigabitEthernet1/0/1.1] ip address 192.168.1.1 24

Issue 03 (2008-09-22)

Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd.

9-49

9 VPLS Convergence Configuration


[NPE1-GigabitEthernet1/0/1.1] [NPE1-GigabitEthernet1/0/1.1] [NPE1-GigabitEthernet1/0/1.1] [NPE1-GigabitEthernet1/0/1.1]

Quidway NetEngine80E/40E Core Router Configuration Guide - VPN


vrrp vrid 1 virtual-ip 192.168.1.254 vrrp vrid 1 priority 120 admin-vrrp vrid 1 quit

# Configure NPE2.
<NPE2> system-view [NPE2] interface gigabitethernet1/0/1.1 [NPE2-GigabitEthernet1/0/1.1] vlan-type dot1q 10 [NPE2-GigabitEthernet1/0/1.1] ip address 192.168.1.2 24 [NPE2-GigabitEthernet1/0/1.1] vrrp vrid 1 virtual-ip 192.168.1.254 [NPE2-GigabitEthernet1/0/1.1] admin-vrrp vrid 1 [NPE2-GigabitEthernet1/0/1.1] quit
NOTE

l l

The NPE is used as the CE of the UPE to access the mVSI of the PE-AGG. In the NE80E/40E, the VRIDs on different interfaces can overlap. The overlapping scope and the maximum number of times of overlapping are determined by the License. To purchase the License, contact Huawei technical personnel.

After the preceding configuration, running the display vrrp command on the NPEs, you can view that the status of VRRP virtual router 1 on GE 1/0/1.1 of NPE1 is Master and the status of VRRP virtual router 1 on GE 1/0/1.1 of NPE2 is Backup, and both the VRRP virtual routers are mVRRP virtual devices.
[NPE1] display vrrp GigabitEthernet1/0/1.1 | Virtual Router 1 State : Master Virtual IP : 192.168.1.254 PriorityRun : 120 PriorityConfig : 120 MasterPriority : 120 Preempt : YES Delay Time : 0 Timer : 1 Auth Type : NONE Virtual Mac : 0000-5e00-0101 Check TTL : YES Config type : admin-vrrp [NPE2] display vrrp GigabitEthernet1/0/1.1 | Virtual Router 1 State : Backup Virtual IP : 192.168.1.254 PriorityRun : 100 PriorityConfig : 100 MasterPriority : 120 Preempt : YES Delay Time : 0 Timer : 1 Auth Type : NONE Virtual Mac : 0000-5e00-0101 Check TTL : YES Config type : admin-vrrp

(2) Bind the service VRRP virtual router and the mVRRP virtual router. # Configure NPE1.
[NPE1] vsi biz-vsi1 [NPE1-biz-vsi1] pwsignal ldp [NPE1-biz-vsi1] peer 1.1.1.1 track admin-vrrp interface gigabitethernet1/0/1.1 vrid 1 [NPE1-biz-vsi1] quit

# Configure NPE2.
[NPE2] vsi biz-vsi1 [NPE2-biz-vsi1] pwsignal ldp [NPE2-biz-vsi1] peer 1.1.1.1 track admin-vrrp interface gigabitethernet1/0/1.1 vrid 1 [NPE2-biz-vsi1] quit

9-50

Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd.

Issue 03 (2008-09-22)

Quidway NetEngine80E/40E Core Router Configuration Guide - VPN

9 VPLS Convergence Configuration

After the preceding configuration, running the display vsi verbose command, you can view the following:
l l

If the status of the mVRRP virtual router bound to the service VRRP virtual router is Master, the PW status of the service VSI is Up. If the status of the mVRRP virtual router bound to the service VRRP virtual router is Backup, the PW status of the service VSI is Backup.

[NPE1] display vsi name biz-vsi1 verbose ***VSI Name : biz-vsi1 Administrator VSI : no Isolate Spoken : disable VSI Index : 0 PW Signaling : ldp Member Discovery Style : static PW MAC Learn Style : unqualify Encapsulation Type : vlan MTU : 1500 VSI State : up VSI ID : 101 *Peer Router ID : 1.1.1.1 VC Label : 23552 Peer Type : dynamic Session : up Tunnel ID : 0x41002000, Tunnel Policy Name : policy1 *Peer Router ID : 4.4.4.4 VC Label : 23553 Peer Type : dynamic Session : up Tunnel ID : 0x1002002, *Peer Router ID : 5.5.5.5 VC Label : 23554 Peer Type : dynamic Session : up Tunnel ID : **PW Information: *Peer Ip Address : 1.1.1.1 PW State : up Local VC Label : 23552 Remote VC Label : 23552 PW Type : MEHVPLS Tunnel ID : 0x41002000, *Peer Ip Address : 4.4.4.4 PW State : up Local VC Label : 23553 Remote VC Label : 23552 PW Type : label Tunnel ID : 0x1002002, [NPE2] display vsi name biz-vsi1 verbose ***VSI Name : biz-vsi1 Administrator VSI : no Isolate Spoken : disable VSI Index : 0 PW Signaling : ldp Member Discovery Style : static PW MAC Learn Style : unqualify Encapsulation Type : vlan MTU : 1500 VSI State : up VSI ID : 101 *Peer Router ID : 1.1.1.1 VC Label : 23552 Peer Type : dynamic Session : up Tunnel ID : 0x41002000, Tunnel Policy Name : policy1 *Peer Router ID : 4.4.4.4 VC Label : 23553

Issue 03 (2008-09-22)

Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd.

9-51

9 VPLS Convergence Configuration


Peer Type Session Tunnel ID *Peer Router ID VC Label Peer Type Session Tunnel ID **PW Information: *Peer Ip Address PW State Local VC Label Remote VC Label PW Type Tunnel ID *Peer Ip Address PW State Local VC Label Remote VC Label PW Type Tunnel ID : : : : : : : : : : : : : : : : : : : : dynamic up

Quidway NetEngine80E/40E Core Router Configuration Guide - VPN

5.5.5.5 23554 dynamic up 0x1002002, 1.1.1.1 backup 23552 23553 MEHVPLS 0x41002000, 5.5.5.5 up 23554 23553 label 0x1002002,

Running the display vrrp binding admin-vrrp member-pw command on the NPEs, you can view the binding of the mVRRP virtual router and the service PW. Take NPE1 as an example:
[NPE1] display vrrp binding admin-vrrp member-pw Interface: GigabitEthernet1/0/1.1, admin-vrrp vrid: 1, state: Master VSI PW number: 1 VSI name: biz-vsi1, peer router ID: 1.1.1.1, vcid: 101, state: Up

Running the display vrrp binding admin-vrrp command on the NPEs, you can view all the bindings of the mVRRP virtual router and the service VRRP virtual device, the service interface, and the service PW. Take NPE1 as an example:
[NPE1] display vrrp binding admin-vrrp Interface: GigabitEthernet1/0/1.1, admin-vrrp vrid: 1, state: Master VSI PW number: 1 VSI name: biz-vsi1, peer router ID: 1.1.1.1, vcid: 101, state: Up

5.

Configure BFD. (1) Configure peer BFD between NPEs. # Configure NPE1.
[NPE1] bfd [NPE1-bfd] quit [NPE1] bfd peer1 bind peer-ip 192.168.1.2 interface gigabitethernet1/0/1.1 [NPE1-bfd-session-peer1] discriminator local 1 [NPE1-bfd-session-peer1] discriminator remote 1 [NPE1-bfd-session-peer1] commit [NPE1-bfd-session-peer1] quit

# Configure NPE2.
[NPE2] bfd [NPE2-bfd] quit [NPE2] bfd peer1 bind peer-ip 192.168.1.1 interface gigabitethernet1/0/1.1 [NPE2-bfd-session-peer1] discriminator local 1 [NPE2-bfd-session-peer1] discriminator remote 1 [NPE2-bfd-session-peer1] commit [NPE2-bfd-session-peer1] quit

After the preceding configuration, running the display bfd session all command on the NPEs, you can view that the BFD status is Up. Take NPE1 as an example:
[NPE1] display bfd session all -------------------------------------------------------------------------------

9-52

Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd.

Issue 03 (2008-09-22)

Quidway NetEngine80E/40E Core Router Configuration Guide - VPN

9 VPLS Convergence Configuration

Local Remote PeerIpAddr InterfaceName State Type ------------------------------------------------------------------------------1 1 192.168.1.2 GigabitEthernet1/0/1.1 Up S_IP ------------------------------------------------------------------------------Total UP/DOWN Session Number : 1/0

(2) Configure link BFD between the NPEs and the UPE. Between the NPEs and the UPE, the BFD session is used to detect the MPLS TE tunnel between PE1 and PE2. # Configure the UPE.
[UPE] bfd [UPE-bfd] quit [UPE] bfd link1 bind mpls-te interface tunnel 1/0/1 [UPE-bfd-lsp-session-link1] discriminator local 3 [UPE-bfd-lsp-session-link1] discriminator remote 3 [UPE-bfd-lsp-session-link1] commit [UPE] bfd link2 bind mpls-te interface tunnel 1/0/2 [UPE-bfd-lsp-session-link2] discriminator local 4 [UPE-bfd-lsp-session-link2] discriminator remote 4 [UPE-bfd-lsp-session-link2] commit

# Configure NPE1.
<NPE1> system-view [NPE1] bfd link1 bind peer-ip 1.1.1.1 [NPE1-bfd-session-link1] discriminator local 3 [NPE1-bfd-session-link1] discriminator remote 3 [NPE1-bfd-session-link1] commit

# Configure NPE2.
[NPE2] bfd link1 bind peer-ip 1.1.1.1 [NPE2-bfd-session-link1] discriminator local 4 [NPE2-bfd-session-link1] discriminator remote 4 [NPE2-bfd-session-link1] commit

After the preceding configuration, running the display bfd session all command on the UPE and the NPEs, you can view that the BFD status is Up. Take UPE and NPE1 as an example:
[UPE] display bfd session all Total Static Session Number : 2, Dynamic Session Number: 0, Entire Dynamic Sessi on Number: 0 ------------------------------------------------------------------------------Local Remote PeerIpAddr InterfaceName State Type ------------------------------------------------------------------------------3 3 2.2.2.2 Tunnel1/0/1 Up S_TE_TNL 4 4 3.3.3.3 Tunnel1/0/2 Up S_TE_TNL ------------------------------------------------------------------------------[NPE1] display bfd session all Total Static Session Number : 4, Dynamic Session Number: 0, Entire Dynamic Sessi on Number: 0 ------------------------------------------------------------------------------Local Remote PeerIpAddr InterfaceName State Type ------------------------------------------------------------------------------1 1 192.168.1.2 GigabitEthernet1/0/1.1 Up S_IP 3 3 1.1.1.1 Up S_IP

Issue 03 (2008-09-22)

Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd.

9-53

9 VPLS Convergence Configuration

Quidway NetEngine80E/40E Core Router Configuration Guide - VPN

-------------------------------------------------------------------------------

(3) Bind the mVRRP virtual router and the peer BFD session and the link BFD session. # Configure NPE1.
[NPE1] interface gigabitethernet1/0/1.1 [NPE1-GigabitEthernet1/0/0.1] vrrp vrid 1 track bfd-session 1 peer [NPE1-GigabitEthernet1/0/0.1] vrrp vrid 1 track bfd-session 3 link [NPE1-GigabitEthernet1/0/0.1] quit

# Configure NPE2.
[NPE2] interface gigabitethernet1/0/1.1 [NPE2-GigabitEthernet1/0/0.1] vrrp vrid 1 track bfd-session 1 peer [NPE2-GigabitEthernet1/0/0.1] vrrp vrid 1 track bfd-session 4 link [NPE2-GigabitEthernet1/0/0.1] quit

After the preceding configuration, running the display vrrp command on the NPEs, you can view that the mVRRP virtual router is bound with the peer BFD session and the link BFD session, which are in the Up state. Take NPE1 as an example:
[NPE1] display vrrp GigabitEthernet1/0/1.1 | Virtual Router 1 State : Master Virtual IP : 192.168.1.254 PriorityRun : 120 PriorityConfig : 120 MasterPriority : 120 Preempt : YES Delay Time : 0 Timer : 1 Auth Type : NONE Virtual Mac : 0000-5e00-0101 Check TTL : YES Config type : admin-vrrp Track BFD : 1 type: peer bfd-session state : up Track BFD : 3 type: link bfd-session state : up

6.

Verify the configuration. (1) After the IP address and gateway address are configured correctly on the PC, the ping to the gateway address (virtual IP address of the service VRRP virtual router) succeeds. (2) When the master device or primary link between the UPE and the NPE fails, the backup device and the secondary link can rapidly switch itself to be the master device and the primary link. Run the shutdown command on GE 1/0/1 of UPE to simulate the fault on the link between the UPE and NPE1. Before the shutdown command is run, the status of the VRRP virtual router on the NPEs is as follows:
l l l l

The status of mVRRP virtual router 1 on GE 1/0/1.1 of NPE1 is Master. The status of the service PW on NPE1 is Up. The status of mVRRP virtual router 1 on GE 1/0/1.1 of NPE2 is Backup. The status of the service PW on NPE2 is Backup.

[NPE1] display vrrp GigabitEthernet1/0/1.1 | Virtual Router 1 State : Master Virtual IP : 192.168.1.254 PriorityRun : 120 PriorityConfig : 120 MasterPriority : 120

9-54

Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd.

Issue 03 (2008-09-22)

Quidway NetEngine80E/40E Core Router Configuration Guide - VPN


Preempt : YES Delay Time : 0 Timer : 1 Auth Type : NONE Virtual Mac : 0000-5e00-0101 Check TTL : YES Config type : admin-vrrp Track BFD : 1 type: peer bfd-session state : up Track BFD : 3 type: link bfd-session state : up [PE-AGG1] display vsi name biz-vsi1 verbose ***VSI Name : biz-vsi1 Administrator VSI : no Isolate Spoken : disable VSI Index : 0 PW Signaling : ldp Member Discovery Style : static PW MAC Learn Style : unqualify Encapsulation Type : vlan MTU : 1500 VSI State : up VSI ID : 101 *Peer Router ID : 1.1.1.1 VC Label : 23552 Peer Type : dynamic Session : up Tunnel ID : 0x41002000, Tunnel Policy Name : policy1 *Peer Router ID : 4.4.4.4 VC Label : 23553 Peer Type : dynamic Session : up Tunnel ID : 0x1002002, *Peer Router ID : 5.5.5.5 VC Label : 23554 Peer Type : dynamic Session : up Tunnel ID : **PW Information: *Peer Ip Address : 1.1.1.1 PW State : up Local VC Label : 23552 Remote VC Label : 23552 PW Type : MEHVPLS Tunnel ID : 0x41002000, *Peer Ip Address : 4.4.4.4 PW State : up Local VC Label : 23553 Remote VC Label : 23552 PW Type : label Tunnel ID : 0x1002002, [NPE2] display vrrp GigabitEthernet1/0/1.1 | Virtual Router 1 State : Backup Virtual IP : 192.168.1.254 PriorityRun : 100 PriorityConfig : 100 MasterPriority : 120 Preempt : YES Delay Time : 0 Timer : 1 Auth Type : NONE Virtual Mac : 0000-5e00-0101 Check TTL : YES Config type : admin-vrrp Track BFD : 1 type: peer bfd-session state : up Track BFD : 4 type: link bfd-session state : up

9 VPLS Convergence Configuration

Issue 03 (2008-09-22)

Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd.

9-55

9 VPLS Convergence Configuration

Quidway NetEngine80E/40E Core Router Configuration Guide - VPN

After the shutdown command is run, the status of the VRRP virtual router on the NPE1 is as follows:
l l l l

The status of mVRRP virtual router 1 on GE 1/0/1.1 of NPE1 is Initialize. The service PW on NPE2 is deleted. The status of mVRRP virtual router 1 on GE 1/0/1.1 of NPE2 is Master. The status of the service PW on NPE2 is Up.

[NPE1] display vrrp GigabitEthernet1/0/1.1 | Virtual Router 1 State : Initialize Virtual IP : 192.168.1.254 PriorityRun : 120 PriorityConfig : 120 MasterPriority : 0 Preempt : YES Delay Time : 0 Timer : 1 Auth Type : NONE Virtual Mac : 0000-5e00-0101 Check TTL : YES Config type : admin-vrrp Track BFD : 1 type: peer bfd-session state : down Track BFD : 3 type: link bfd-session state : down [PE-AGG1] display vsi name biz-vsi1 verbose ***VSI Name : biz-vsi1 Administrator VSI : no Isolate Spoken : disable VSI Index : 0 PW Signaling : ldp Member Discovery Style : static PW MAC Learn Style : unqualify Encapsulation Type : vlan MTU : 1500 VSI State : down VSI ID : 101 *Peer Router ID : 1.1.1.1 VC Label : 23552 Peer Type : dynamic Session : down Tunnel ID : 0x41002000, Tunnel Policy Name : policy1 *Peer Router ID : 4.4.4.4 VC Label : 23553 Peer Type : dynamic Session : up Tunnel ID : 0x1002002, *Peer Router ID : 5.5.5.5 VC Label : 23554 Peer Type : dynamic Session : up Tunnel ID : [NPE2] display vrrp GigabitEthernet1/0/1.1 | Virtual Router 1 State : Master Virtual IP : 192.168.1.254 PriorityRun : 100 PriorityConfig : 100 MasterPriority : 100 Preempt : YES Delay Time : 0 Timer : 1 Auth Type : NONE Virtual Mac : 0000-5e00-0101 Check TTL : YES Config type : admin-vrrp Track BFD : 1 type: peer bfd-session state : down

9-56

Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd.

Issue 03 (2008-09-22)

Quidway NetEngine80E/40E Core Router Configuration Guide - VPN


Track BFD : 4 type: link bfd-session state : up <PE-AGG2> display vsi name biz-vsi1 verbose ***VSI Name : biz-vsi1 Administrator VSI : no Isolate Spoken : disable VSI Index : 0 PW Signaling : ldp Member Discovery Style : static PW MAC Learn Style : unqualify Encapsulation Type : vlan MTU : 1500 VSI State : up VSI ID : 101 *Peer Router ID : 1.1.1.1 VC Label : 23552 Peer Type : dynamic Session : up Tunnel ID : 0x41002000, Tunnel Policy Name : policy1 *Peer Router ID : 4.4.4.4 VC Label : 23553 Peer Type : dynamic Session : down Tunnel ID : *Peer Router ID : 5.5.5.5 VC Label : 23554 Peer Type : dynamic Session : up Tunnel ID : 0x1002002, **PW Information: *Peer Ip Address : 1.1.1.1 PW State : up Local VC Label : 23552 Remote VC Label : 23553 PW Type : MEHVPLS Tunnel ID : 0x41002000, *Peer Ip Address : 5.5.5.5 PW State : up Local VC Label : 23554 Remote VC Label : 23553 PW Type : label Tunnel ID : 0x1002002,

9 VPLS Convergence Configuration

For the UPE user, NPE2 becomes the master device. The MAC addresses of all the service VSIs bound with the admin-vsi1 on the UPE are cleared and the service VSIs learn the correct MAC address of NPE2 without interrupting the user service.

Configuration Files
l

Configuration file of the UPE


# sysname UPE # bfd # mpls lsr-id 1.1.1.1 mpls mpls te mpls rsvp-te # mpls l2vpn # vsi admin-vsi1 static pwsignal ldp vsi-id 10 admin-vsi

Issue 03 (2008-09-22)

Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd.

9-57

9 VPLS Convergence Configuration


# vsi biz-vsi1 static pwsignal ldp vsi-id 101 peer 2.2.2.2 peer 3.3.3.3 tnl-policy policy1 isolate spoken track admin-vsi admin-vsi1 # mpls ldp # mpls ldp remote-peer 2.2.2.2 remote-ip 2.2.2.2 # mpls ldp remote-peer 3.3.3.3 remote-ip 3.3.3.3 # isis 1 is-level level-2 cost-style wide network-entity 49.0010.0010.0100.1001.00 traffic-eng level-2 # interface GigabitEthernet1/0/0.1 undo shutdown vlan-type dot1q 101 l2 binding vsi biz-vsi1 # interface GigabitEthernet1/0/1 undo shutdown ip address 10.1.1.1 255.255.255.0 isis enable 1 mpls mpls te mpls rsvp-te # interface GigabitEthernet1/0/1.1 undo shutdown vlan-type dot1q 10 l2 binding vsi admin-vsi1 # interface GigabitEthernet1/0/2 undo shutdown ip address 10.1.2.1 255.255.255.0 isis enable 1 mpls mpls te mpls rsvp-te # interface GigabitEthernet1/0/2.1 undo shutdown vlan-type dot1q 10 l2 binding vsi admin-vsi1 # interface LoopBack1 ip address 1.1.1.1 255.255.255.255 isis enable 1 # interface Tunnel1/0/1 description TO NPE1 ip address unnumbered interface LoopBack1 tunnel-protocol mpls te destination 2.2.2.2 mpls te tunnel-id 1 mpls te commit # interface Tunnel1/0/2 description TO NPE2

Quidway NetEngine80E/40E Core Router Configuration Guide - VPN

9-58

Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd.

Issue 03 (2008-09-22)

Quidway NetEngine80E/40E Core Router Configuration Guide - VPN

9 VPLS Convergence Configuration

ip address unnumbered interface LoopBack1 tunnel-protocol mpls te destination 3.3.3.3 mpls te tunnel-id 2 mpls te commit # tunnel-policy policy1 tunnel select-seq cr-lsp load-balance-number 1 # bfd link1 bind mpls-te interface tunnel 1/0/1 discriminator local 3 discriminator remote 3 commit # bfd link2 bind mpls-te interface tunnel 1/0/2 discriminator local 4 discriminator remote 4 commit # return l

Configuration file of NPE1


# sysname NPE1 # bfd # mpls lsr-id 2.2.2.2 mpls mpls te mpls rsvp-te # mpls l2vpn # vsi biz-vsi1 static pwsignal ldp vsi-id 101 peer 1.1.1.1 tnl-policy policy1 upe peer 4.4.4.4 peer 5.5.5.5 peer 1.1.1.1 track admin-vrrp interface GigabitEthernet1/0/1.1 vrid 1 # mpls ldp # mpls ldp remote-peer 1.1.1.1 remote-ip 1.1.1.1 # mpls ldp remote-peer 5.5.5.5 remote-ip 5.5.5.5 # isis 1 is-level level-2 cost-style wide network-entity 49.0040.0020.0200.2002.00 traffic-eng level-2 # interface GigabitEthernet1/0/0 undo shutdown ip address 20.1.1.1 255.255.255.0 isis enable 1 mpls mpls ldp # interface GigabitEthernet1/0/1 undo shutdown ip address 10.1.1.2 255.255.255.0 isis enable 1 mpls mpls te mpls rsvp-te

Issue 03 (2008-09-22)

Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd.

9-59

9 VPLS Convergence Configuration

Quidway NetEngine80E/40E Core Router Configuration Guide - VPN

# interface GigabitEthernet1/0/1.1 undo shutdown vlan-type dot1q 10 ip address 192.168.1.1 255.255.255.0 vrrp vrid 1 virtual-ip 192.168.1.254 vrrp vrid 1 priority 120 vrrp vrid 1 track bfd-session 1 peer vrrp vrid 1 track bfd-session 3 link admin-vrrp vrid 1 # interface LoopBack1 ip address 2.2.2.2 255.255.255.255 isis enable 1 # interface Tunnel1/0/1 description TO UPE ip address unnumbered interface LoopBack1 tunnel-protocol mpls te destination 1.1.1.1 mpls te tunnel-id 1 mpls te commit # bfd link1 bind peer-ip 1.1.1.1 discriminator local 3 discriminator remote 3 commit # bfd peer1 bind peer-ip 192.168.1.2 interface GigabitEthernet1/0/1.1 discriminator local 1 discriminator remote 1 commit # tunnel-policy policy1 tunnel select-seq cr-lsp load-balance-number 1 # return l

Configuration file of NPE2


# sysname NPE2 # bfd # mpls lsr-id 3.3.3.3 mpls mpls te mpls rsvp-te # mpls l2vpn # vsi biz-vsi1 static pwsignal ldp vsi-id 101 peer 1.1.1.1 tnl-policy policy1 upe peer 4.4.4.4 peer 5.5.5.5 peer 1.1.1.1 track admin-vrrp interface GigabitEthernet1/0/1.1 vrid 1 # mpls ldp # mpls ldp remote-peer 1.1.1.1 remote-ip 1.1.1.1 # mpls ldp remote-peer 4.4.4.4 remote-ip 4.4.4.4 # isis 1 is-level level-2 cost-style wide

9-60

Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd.

Issue 03 (2008-09-22)

Quidway NetEngine80E/40E Core Router Configuration Guide - VPN

9 VPLS Convergence Configuration

network-entity 49.0040.0030.0300.3003.00 traffic-eng level-2 # interface GigabitEthernet1/0/0 undo shutdown ip address 20.1.2.1 255.255.255.0 isis enable 1 mpls mpls ldp # interface GigabitEthernet1/0/1 undo shutdown ip address 10.1.2.2 255.255.255.0 isis enable 1 mpls mpls te mpls rsvp-te # interface GigabitEthernet1/0/1.1 undo shutdown vlan-type dot1q 10 ip address 192.168.1.2 255.255.255.0 vrrp vrid 1 virtual-ip 192.168.1.254 vrrp vrid 1 track bfd-session 1 peer vrrp vrid 1 track bfd-session 4 link admin-vrrp vrid 1 # interface LoopBack1 ip address 3.3.3.3 255.255.255.255 isis enable 1 # interface Tunnel1/0/1 description TO UPE ip address unnumbered interface LoopBack1 tunnel-protocol mpls te destination 1.1.1.1 mpls te tunnel-id 2 mpls te commit # bfd link1 bind peer-ip 1.1.1.1 discriminator local 4 discriminator remote 4 commit # bfd peer1 bind peer-ip 192.168.1.1 interface GigabitEthernet1/0/1.1 discriminator local 1 discriminator remote 1 commit # tunnel-policy policy1 tunnel select-seq cr-lsp load-balance-number 1 # return l

Configuration file of NPE3


# sysname NPE3 # mpls lsr-id 4.4.4.4 mpls # mpls l2vpn # vsi biz-vsi1 static pwsignal ldp vsi-id 101 peer 2.2.2.2 peer 3.3.3.3 # mpls ldp

Issue 03 (2008-09-22)

Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd.

9-61

9 VPLS Convergence Configuration


# mpls ldp remote-peer 3.3.3.3 remote-ip 3.3.3.3 # isis 1 is-level level-2 cost-style wide network-entity 10.0049.0040.0400.4004.00 traffic-eng level-2 # interface GigabitEthernet1/0/0 undo shutdown ip address 20.1.1.2 255.255.255.0 isis enable 1 mpls mpls ldp # interface GigabitEthernet1/0/1.1 undo shutdown vlan-type dot1q 101 l2 binding vsi biz-vsi1 # interface LoopBack1 ip address 4.4.4.4 255.255.255.255 isis enable 1 # return l

Quidway NetEngine80E/40E Core Router Configuration Guide - VPN

Configuration file of NPE4


# sysname NPE4 # mpls lsr-id 5.5.5.5 mpls # mpls l2vpn # vsi biz-vsi1 static pwsignal ldp vsi-id 101 peer 2.2.2.2 peer 3.3.3.3 # mpls ldp # mpls ldp remote-peer 2.2.2.2 remote-ip 2.2.2.2 # isis 1 is-level level-2 cost-style wide network-entity 10.0049.0050.0500.5005.00 traffic-eng level-2 # interface GigabitEthernet1/0/0 undo shutdown ip address 20.1.2.2 255.255.255.0 isis enable 1 mpls mpls ldp # interface GigabitEthernet1/0/1.1 undo shutdown vlan-type dot1q 101 l2 binding vsi biz-vsi1 # interface LoopBack1 ip address 5.5.5.5 255.255.255.255 isis enable 1 #

9-62

Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd.

Issue 03 (2008-09-22)

Quidway NetEngine80E/40E Core Router Configuration Guide - VPN


return

9 VPLS Convergence Configuration

Issue 03 (2008-09-22)

Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd.

9-63

Quidway NetEngine80E/40E Core Router Configuration Guide - VPN

10 ATM IWF Configuration

10
About This Chapter

ATM IWF Configuration

This chapter describes the basic concept of ATM IWF, and configuration steps, along with examples 10.1 Introduction This section describes the concepts and applicable environment of ATM IWF. 10.2 Configuring the CCC Local Connection ATM IWF This section describes how to configure the CCC local connection ATM IWF. That is, configure a CCC local connection between an ATM interface and an Ethernet sub-interface on the same device. 10.3 Configuring the Remote ATM IWF This section describes how to configure PW ATM IWF. That is, configure transparent transmission of Layer 2 Ethernet data packets over an ATM link between two PEs, by using LSPs of an L2VPN. 10.4 Configuration Examples This section provides several configuration examples of ATM IWF.

Issue 03 (2008-09-22)

Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd.

10-1

10 ATM IWF Configuration

Quidway NetEngine80E/40E Core Router Configuration Guide - VPN

10.1 Introduction
This section describes the concepts and applicable environment of ATM IWF. 10.1.1 ATM IWF Overview 10.1.2 ATM IWF Supported by the NE80E/40E

10.1.1 ATM IWF Overview


ATM has a long history. Over the past two decades, ATM network has been fully developed. Due to its robust QoS capability, the existent ATM network has carried many importance services, such as IP, FR, Voice, conference call, ISDN/DSL and etc. However, with the fast development of IP technologies, particularly the seamless combination of IP technology and Ethernet technology, the future of ATM technology has been shadowed. The limitations of ATM have been exposed, as follows:
l l

Due to the cell tax of ATM, its transmission efficiency is rather low. Due to the SAR of ATM, the capacity of core network has been confined greatly; OC-48 SAR has limited functions. The existing ATM networks have the common interfaces of 622M and 155M, and it is hard to see interfaces of 2.5G or above. ATM cannot keep up with the increase of IP services, and it is poor in terms of multicast. Therefore, it is hard to deploy new services, particularly the popular Triple Play/IPTV services. Building ATM network is very costly, and the maintenance of devices is also complex.

IP and Ethernet technologies have been widely used in the world due to their good compatibility and scalability, and it is inevitable for ATM network to evolve into IP network and Ethernet work. However, such a change should be smooth and gradual to protect customers interests and make full use of existent network and devices. Also, Ethernet has to carry the traditional ATM services and make both ATM network and Ethernet intercommunicate, migrating the services and protecting the investment. The ATM Inter-Working Function (ATM IWF) provides the interoperability function between the ATM link based on the RFC1483 bridge encapsulation mode and the Ethernet link. The ATM packets based on the RFC1483 bridge encapsulations mode can be transmitted transparently to the Ethernet link through MPLS L2VPN. VPI is mapped to the outer VLAN ID and VCI to inner VLAN ID to keep the ATM access information (VPI and VCI of the packets). Usually, the ATM packets with the VPI/VCI information to the Ethernet link through double VLAN that is appended to the packet frame header at the data link layer, that is, the QinQ mode.
NOTE

RFC1483 defines a technical standard for transmitting the multi-protocol data packet on an ATM network. With the 1483 bridge encapsulation, that is for the data packet of the bridge protocols, the Ethernet frame can be transmitted on the ATM link.

10.1.2 ATM IWF Supported by the NE80E/40E


ATM IWF is deployed on the MPLS L2VPN. In practical scenarios, ATM IWF supports the following modes.
10-2 Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd. Issue 03 (2008-09-22)

Quidway NetEngine80E/40E Core Router Configuration Guide - VPN


l

10 ATM IWF Configuration

Local connection

The NE80E/40E supports the Virtual Leased Line (VLL) in Circuit Cross Connect (CCC) local connection mode. This implements CCC between the ATM sub-interfaces and Ethernet subinterfaces on the same device. As shown in Figure 10-1, in the CCC local connection, the router cross transmits the flow that is based on 1483 encapsulation out of the ATM flow accessed from devices like DSLAM to the Ethernet link. VPI is mapped to be the outer VLAN tag, and VCI is mapped to be the inner VLAN tag. Then, the packets are forwarded from the Ethernet interface to the access device such as BRAS. The BRAS distinguishes different DSLAM users based on the labels on the twolayer of VLAN of a packet. Figure 10-1 ATM IWF diagram in the CCC local connection
CCC ATM GE

DSLAM

RouterA

BRAS

Remote connection

Through the MPLS L2VPN, layer 2 transparent transmissions of data packets of the ATM link and the Ethernet link can be carried out between peer PEs. As shown in Figure 10-2, the ATM flow based on 1483B encapsulation can be transparently transmitted to the remote Ethernet link through PW (such as configuring VLL or PWE3). In the process, VPI is mapped to be the outer VLAN tag and VCI is mapped to be the inner VLAN tag. The ATM packets are then transparently transmitted to the remote BRAS. The BRAS distinguishes different DSLAM users based on the labels on the two-layer VLAN of a packet. Figure 10-2 Diagram of ATM IWF in PW
RouterA PW RouterB

ATM

GE

ATM

ATM Switch

BRAS

10.2 Configuring the CCC Local Connection ATM IWF


This section describes how to configure the CCC local connection ATM IWF. That is, configure a CCC local connection between an ATM interface and an Ethernet sub-interface on the same device.
Issue 03 (2008-09-22) Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd. 10-3

10 ATM IWF Configuration

Quidway NetEngine80E/40E Core Router Configuration Guide - VPN

10.2.1 Establishing the Configuration Task 10.2.2 Enabling IWF on an ATM Board 10.2.3 Configuring an ATM Sub-Interface and Configuring IWF Mapping 10.2.4 Configuring an Ethernet Sub-Interface 10.2.5 Configuring CCC Local Connection 10.2.6 Checking the Configuration

10.2.1 Establishing the Configuration Task


Applicable Environment
When carrying out interconnection and interoperation between the ATM link and the Ethernet link on the same device, you need to configure the CCC local connection ATM IWF.

Pre-configuration Tasks
Before configuring the CCC local connection ATM IWF, complete the following tasks:
l

Connecting the interfaces, configuring physical parameters for the interfaces to ensure that the physical status of the interfaces is Up Enabling MPLS L2VPN

Data Preparation
To configure the CCC local connection ATM IWF, you need the following data. No. 1 2 3 Data The router ATM sub interface number and values of VPI/VCI The Ethernet sub interface number and label value of VLAN Label value of the inner and outer VLAN tags after the VPI/VCI mapping

10.2.2 Enabling IWF on an ATM Board


Context
Do as follows on the routers that should be enabled with IWF.

Procedure
Step 1 Run:
system-view

10-4

Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd.

Issue 03 (2008-09-22)

Quidway NetEngine80E/40E Core Router Configuration Guide - VPN

10 ATM IWF Configuration

The system view is displayed. Step 2 Run:


atm iwf slot-id enable

The ATM board is configured to enable IWF. By default, the ATM board does not enable the IWF function. Once the ATM board is configured to enable IWF, the function remains effective until it is disabled by using the undo atm iwf slotid enable command. Then, the default state of the ATM board is restored. Step 3 Run:
quit

Return to the user view. Step 4 Run:


reset slot slot-id

The ATM board is rebooted. ----End

10.2.3 Configuring an ATM Sub-Interface and Configuring IWF Mapping


Context
Do as follows on the router.

Procedure
Step 1 Run:
system-view

The system view is displayed. Step 2 Run:


interface atm interface-number.subnumber p2p

A P2P ATM sub interface is created and the sub interface view is displayed. Step 3 Run:
pvp vpi

The PVP view is displayed. Step 4 Run:


vp-vlan-map pe-vid vid

The mapping from VPI to the outer VLAN tag is set. Step 5 Run:
vc-vlan-map vci begin-vci to end-vci ce-vid begin-vlan

The system view is displayed. The mapping from VCI to the inner VLAN tag is set.
Issue 03 (2008-09-22) Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd. 10-5

10 ATM IWF Configuration

Quidway NetEngine80E/40E Core Router Configuration Guide - VPN

Before configuring the relationship between ATM sub interface and IWF mapping, you need to ensure that the ATM interface parameters between the router and the ATM switch or the peer device are normal. These parameters include adding interference to the line signal, value of various cost bytes and the clock mode of the interface.
NOTE

The range form begin-vci to end-vci cannot include 3 or 4. The VCI of 3 and 4 is reserved for OAM and cannot be configured.

----End

10.2.4 Configuring an Ethernet Sub-Interface


Context
Do as follows on the router.

Procedure
Step 1 Run:
system-view

The system view is displayed. Step 2 Run:


interface { ethernet | gigabitethernet } interface-number.subnumber

An Ethernet sub interface is created and the sub interface view is displayed. Step 3 Run:
vlan-type dot1q vid

The encapsulation type of sub interface and related VLAN are set. To configure the CCC local connection IWF, the VLAN ID related to the Ethernet sub interface must be the same as the VLAN ID of the VPI mapping of the corresponding ATM sub interface. That is, the vid configured in Step 3 must be the same as the vid configured in Step 4 of the previous configuration procedures. ----End

10.2.5 Configuring CCC Local Connection


Context
Do as follows on the router.

Procedure
Step 1 Run:
system-view

The system view is displayed.


10-6 Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd. Issue 03 (2008-09-22)

Quidway NetEngine80E/40E Core Router Configuration Guide - VPN

10 ATM IWF Configuration

Step 2 Run:
ccc ccc-name interface atm interface-number.subnumber out-interface { ethernet | gigabitethernet } interface-number.subnumber

The CCC local connection is created. ----End

10.2.6 Checking the Configuration


Run the following commands to check the previous configuration. Action Check the IWF of all ATM boards on the router. Check the mapping relationship between vpi/vci of IWF PVC configured in the ATM interface and pe-vid or ce-vid. Check the CCC connection information. Command display atm iwf display pvc-vlan-map interface atm interfacenumber.subinterface-number [ vpi-value ]

display ccc

After the configuration, run the display atm iwf command. You can view that IWF is enabled on the ATM board of the router.
<Quidway> display atm iwf atm iwf has been enabled for slot 1

After the configuration, run the display pvc-vlan-map interface atm interfacenumber.subinterface-number [ vpi-value ] command. You can view that the mapping between vpi/vci and pe-vid /ce-vid on the ATM interface is set up.
<Quidway> display pvc-vlan-map interface atm 3/0/0.1 PVC 1/5-VLAN 1/5 VCD:5 InFlowID:32769 OutFlowID:131073 PVC 1/6-VLAN 1/6 VCD:6 InFlowID:32770 OutFlowID:131074 PVC 1/100-VLAN 1/100 VCD:10 InFlowID:32868 OutFlowID:131082

10.3 Configuring the Remote ATM IWF


This section describes how to configure PW ATM IWF. That is, configure transparent transmission of Layer 2 Ethernet data packets over an ATM link between two PEs, by using LSPs of an L2VPN. 10.3.1 Establishing the Configuration Task 10.3.2 Enabling IWF on an ATM Board 10.3.3 Configuring an ATM Sub-Interface and Configuring IWF Mapping 10.3.4 Creating the Remote MPLS L2VPN Connection 10.3.5 Checking the Configuration
Issue 03 (2008-09-22) Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd. 10-7

10 ATM IWF Configuration

Quidway NetEngine80E/40E Core Router Configuration Guide - VPN

10.3.1 Establishing the Configuration Task


Applicable Environment
To transmit thelayer 2 data packets transparently between the ATM link and the Ethernet link is carried out between peer PEs, you need to configure the remote ATM IWF.

Pre-configuration Tasks
Before configuring the remote ATM IWF, complete the following tasks:
l

Connecting the interfaces, configuring physical parameters for the interfaces to ensure that the physical status of the interfaces is Up Configuring MPLS basic functions on the MPLS backbone network Configuring MPLS LDP on the MPLS backbone network Establishing remote LDP sessions between PEs Enabling MPLS L2VPN

l l l l

Data Preparation
To configure the remote ATM IWF, you need the following data. No. 1 2 Data The router ATM sub interface number and values of VPI/VCI Label value of the inner and outer VLAN tags after the VPI/VCI mapping

10.3.2 Enabling IWF on an ATM Board


Context
Do as follows on the routers that should be enabled with IWF.

Procedure
Step 1 Run:
system-view

The system view is displayed. Step 2 Run:


atm iwf slot-id enable

The ATM board is configured to enable IWF. By default, the ATM board does not enable the IWF function. Once the ATM board is configured to enable IWF, the function remains effective until it is disabled by using the undo atm iwf slotid enable command. Then, the default state of the ATM board is restored.
10-8 Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd. Issue 03 (2008-09-22)

Quidway NetEngine80E/40E Core Router Configuration Guide - VPN

10 ATM IWF Configuration

Step 3 Run:
quit

Return to the user view. Step 4 Run:


reset slot slot-id

The ATM board is rebooted. ----End

10.3.3 Configuring an ATM Sub-Interface and Configuring IWF Mapping


Context
Do as follows on the router.

Procedure
Step 1 Run:
system-view

The system view is displayed. Step 2 Run:


interface atm interface-number.subnumber p2p

A P2P ATM sub interface is created and the sub interface view is displayed. Step 3 Run:
pvp vpi

The PVP view is displayed. Step 4 Run:


vp-vlan-map pe-vid vid

The mapping from VPI to the outer VLAN tag is set. Step 5 Run:
vc-vlan-map vci begin-vci to end-vci ce-vid begin-vlan

The system view is displayed. The mapping from VCI to the inner VLAN tag is set. Before configuring the relationship between ATM sub interface and IWF mapping, you need to ensure that the ATM interface parameters between the router and the ATM switch or the peer device are normal. These parameters include adding interference to the line signal, value of various cost bytes and the clock mode of the interface.
NOTE

The range form begin-vci to end-vci cannot include 3 or 4. The VCI of 3 and 4 is reserved for OAM and cannot be configured.

----End
Issue 03 (2008-09-22) Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd. 10-9

10 ATM IWF Configuration

Quidway NetEngine80E/40E Core Router Configuration Guide - VPN

10.3.4 Creating the Remote MPLS L2VPN Connection


Context
Configure the VLL or PWE3 between PEs. For details on the configurations of VLL and PWE3, refer to the chapters "VLL Configuration" and "PWE3 Configuration".

10.3.5 Checking the Configuration


Run the following commands to check the previous configuration. Action Check the IWF of all ATM boards on the router. Check the IWF PVC and the mapping relationship between pevid and ce-vid configured on the ATM interface. Check the Martini VC. Command display atm iwf display pvc-vlan-map interface atm slot/card/ port.subinterface-number [ vpi-value ]

display mpls l2vc [ vc-id | interface interface-type interface-number | remote-info [ vc-id ] | state { up | down } ]

After the configuration, run the display atm iwf command. You can view that IWF is enabled on the ATM board of the router.
<Quidway> display atm iwf atm iwf has been enabled for slot 1

After the configuration, run the display pvc-vlan-map interface atm interfacenumber.subinterface-number [ vpi-value ] command. You can view that the mapping between vpi/vci and pe-vid /ce-vid on the ATM interface is set up.
<Quidway> display pvc-vlan-map interface atm 3/0/0.1 PVC 1/5-VLAN 1/5 VCD:5 InFlowID:32769 OutFlowID:131073 PVC 1/6-VLAN 1/6 VCD:6 InFlowID:32770 OutFlowID:131074 PVC 1/100-VLAN 1/100 VCD:10 InFlowID:32868 OutFlowID:131082

10.4 Configuration Examples


This section provides several configuration examples of ATM IWF. 10.4.1 Example for Configuring the CCC Local Connection ATM IWF 10.4.2 Example for Configuring Remote ATM IWF

10.4.1 Example for Configuring the CCC Local Connection ATM IWF
10-10 Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd. Issue 03 (2008-09-22)

Quidway NetEngine80E/40E Core Router Configuration Guide - VPN

10 ATM IWF Configuration

Networking Requirements
As shown in Figure 10-3, the ATM interface of DSLAM is connected to the Ethernet interface of the local BRAS through the PE device. You can carry out transparent transmission of packets between DSLAM and BRAS through the CCC local connection. Figure 10-3 Networking diagram of the CCC local connection ATM IWF
Loopback1 1.1.1.9/32 ATM3/0/0.1 GE4/0/0.1

DSLAM

RouterA

BRAS

Configuration Roadmap
The configuration roadmap is as follows: 1. 2. 3. 4. Enable ATM IWF on the ATM board on Router A. Configure basic MPLS functions on Router A and enable MPLS L2VPN. Configure the mappings between the VPI of the ATM interface and the outer VLAN tag, and the VCI of the ATM interface and the inner VLAN tag. On Router A, create a local connection to DSLAM and BRAS. CCC local connections are bi-directional and thus only one connection is required.

Data Preparation
To complete the configuration, you need the following data:
l l

Values of VPI and VCI of the ATM interface Inner and outer VLAN tags of packets on the Ethernet interface

Configuration Procedure
1. Configure DSLAM and BRAS. Configure a PVC on DSLAM and set the encapsulation type of packets to 1483B. Suppose multiple PVCs are configured and their VPIs are all 1, whereas their VCIs range from 5 to 100. For configurations of DSLAM and BRAS, refer to the configuration guide of related devices. 2. Enable IWF on the ATM board.
<Quidway> [Quidway] [RouterA] [RouterA] <RouterA> system-view sysname RouterA atm iwf 3 enable quit reset slot 3

After the configuration, run the display atm iwf command to check that IWF is enabled.
[RouterA] display atm iwf atm iwf has been enabled for slot 3.

3.
Issue 03 (2008-09-22)

Configure basic MPLS functions on PE.


Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd. 10-11

10 ATM IWF Configuration

Quidway NetEngine80E/40E Core Router Configuration Guide - VPN

# Configure Router A.
<RouterA> system-view [RouterA] mpls lsr-id 1.1.1.9 [RouterA] mpls [RouterA-mpls] quit

4.

Enable MPLS L2VPN on PE and configuration the CCC ATM IWF. # Configure an ATM P2P sub-interface and map VPI to the outer VLAN tag and VCI to the inner VLAN tag.
[RouterA] interface atm 3/0/0.1 p2p [RouterA-Atm3/0/0.1] pvp 1 [RouterA-Atm3/0/0.1-1/0] vp-vlan-map pe-vid 1 [RouterA-Atm3/0/0.1-1/0] vc-vlan-map vci 5 to 100 ce-vid 1 [RouterA-Atm3/0/0.1-1/0] quit [RouterA-Atm3/0/0.1] quit

# Create an Etherent sub-interface and configure the VLAN ID to be the outer VLAN tag mapped by VPI mentioned earlier.
[RouterA] interface gigabitethernet 4/0/0.1 [RouterA-gigabitethernet4/0/0.1] shutdown [RouterA-gigabitethernet4/0/0.1] vlan-type dot1q 1 [RouterA-gigabitethernet4/0/0.1] undo shutdown [RouterA-gigabitethernet4/0/0.1] quit

# Enable MPLS L2VPN on Router A and set the CCC local connection.
[RouterA] mpls l2vpn [RouterA-l2vpn] quit [RouterA] ccc ccc1 interface atm 3/0/0.1 out-interface gigabitethernet 4/0/0.1

5.

Verify the configuration. Run the display ccc command on Router A to check the establishment of the CCC connection.
[RouterA] display ccc total ccc vc : 1 local ccc vc : 1, 1 up remote ccc vc : 0, 0 up name: ccc1, type: local, state: up, intf1: Atm3/0/0.1 (up), intf2: GigabitEthernet4/0/1.1 (up)

You can also run the display pvc-vlan-map interface atm interface-number.subinterfacenumber vpi-value command to check the mapping relationship between vpi/vci of IWF PVC configured in the ATM interface and pe-vid or ce-vid.
[RouterA] display pvc-vlan-map interface atm 3/0/0.1 PVC 1/5-VLAN 1/5 VCD:5 InFlowID:32769 OutFlowID:131073 PVC 1/6-VLAN 1/6 VCD:6 InFlowID:32770 OutFlowID:131074 PVC 1/100-VLAN 1/100 VCD:10 InFlowID:32868 OutFlowID:131082

Configuration Files
Configuration file of Router A
# sysname RouterA # mpls lsr-id 1.1.1.9 mpls mpls l2vpn # interface atm3/0/0.1 p2p pvp 1 vp-vlan-map pe-vid 1 vc-vlan-map vci 5 to 100 ce-vid 1 #

10-12

Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd.

Issue 03 (2008-09-22)

Quidway NetEngine80E/40E Core Router Configuration Guide - VPN

10 ATM IWF Configuration

interface gigabitethernet4/0/0.1 vlan-type dot1q 1 # ccc ccc1 interface atm 3/0/0.1 out-interface GigabyteEthernet 4/0/0.1 # interface LoopBack1 ip address 1.1.1.9 255.255.255.255 # return

10.4.2 Example for Configuring Remote ATM IWF


Networking Requirements
As shown in Figure 10-4, the ATM interface of DSLAM is accessed to the MPLS network through PE1, and is also connected to the Ethernet interface of the remote BRAS through the remote PE device, PE2. PWE3 is used to set up a PW between PEs across the MPLS network. Figure 10-4 Networking diagram of PW ATM IWF
Loopback1 1.1.1.9/32 Loopback1 2.2.2.9/32 POS 2/0/0 10.1.1.2/24 POS 2/0/0 10.1.1.1/24 POS 1/0/0 10.2.2.2/24 POS 2/0/0 10.2.2.1/24 Loopback1 3.3.3.9/32

PE 1
ATM1/0/0.1

PE 2
GE1/0/0.1 VLAN1

DSLAM

BRAS

Configuration Roadmap
The configuration roadmap is as follows: 1. 2. 3. 4. 5. Run an IGP to ensure connectivity of routes on the backbone network. Configure basic MPLS functions on the backbone network and set up LSP tunnels. Set up MPLS LDP remote peer relationship between PEs at both ends of the PW. Enable ATM IWF on the ATM board on PE1. On PE1, configure the mappings between the VPI of the ATM interface and the outer VLAN tag, and the VCI of the ATM interface and the inner VLAN tag. Create MPLS L2VC connections on PEs.

Data Preparation
To complete the configuration, you need the following data:
l l

L2VC IDs at both ends of the PW, which must be the same MPLS LSR IDs of PEs and P
Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd. 10-13

Issue 03 (2008-09-22)

10 ATM IWF Configuration


l l l

Quidway NetEngine80E/40E Core Router Configuration Guide - VPN

IP address of the remote PE peer Values of VPI and VCI of the ATM interface Inner and outer VLAN tags of packets on the Ethernet interface

Configuration Procedure
1. Configure DSLAM and BRAS. Configure PVC on DSLAM and the encapsulation method of packets is 1483B. Suppose multiple PVCs are configured and their VPIs are all 1, while the VCI ranges from 5 to 100. Configure VLAN sub-interfaces on the BRAS. For configurations of DSLAM and BRAS, refer to the configuration guide of related devices. 2. Configure an IGP on the MPLS backbone network and OSPF is used in this case. As shown in Figure 10-4, configure the interface addresses of PE and P. Run the undo shutdown command to change each physical interface to Up. When you configure OSPF, note that you need to release the 32 byte Loopback interface address of PE1, P and PE2. The specific configurations are omitted. 3. Configure basic MPLS functions and LDPs on the MPLS backbone network. # Configure PE1.
[PE1] mpls lsr-id 1.1.1.9 [PE1] mpls [PE1-mpls] quit [PE1] mpls ldp [PE1-mpls-ldp] quit [PE1] interface pos 2/0/0 [PE1-Pos2/0/0] mpls [PE1-Pos2/0/0] mpls ldp [PE1-Pos2/0/0] quit

# Configure P.
[P] mpls lsr-id 2.2.2.9 [P] mpls [P-mpls] quit [P]mpls ldp [P-mpls-ldp] quit [P] interface pos 1/0/0 [P-Pos1/0/0] mpls [P-Pos1/0/0] mpls ldp [P-Pos1/0/0] quit [P] interface pos 2/0/0 [P-Pos2/0/0] mpls [P-Pos2/0/0] mpls ldp [P-Pos2/0/0] quit

# Configure PE2.
[PE2] mpls lsr-id 3.3.3.9 [PE2] mpls [PE2-mpls] quit [PE2] mpls ldp [PE2-mpls-ldp] quit [PE2] interface pos 2/0/0 [PE2-Pos2/0/0] mpls [PE2-Pos2/0/0] mpls ldp [PE2-Pos2/0/0] quit

4.

Establish a remote LDP session between PEs. # Configure PE1.


[PE1] mpls ldp remote-peer 1

10-14

Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd.

Issue 03 (2008-09-22)

Quidway NetEngine80E/40E Core Router Configuration Guide - VPN


[PE1-mpls-ldp-remote-1] remote-ip 3.3.3.9 [PE1-mpls-ldp-remote-1] quit

10 ATM IWF Configuration

# Configure PE2.
[PE2] mpls ldp remote-peer 1 [PE2-mpls-ldp-remote-1] remote-ip 1.1.1.9 [PE2-mpls-ldp-remote-1] quit

5.

Enable the IFW function on the ATM board.


[PE1] atm iwf 1 enable [PE1] quit <PE1> reset slot 1

6.

Enable MPLS L2VPN on PE and configure the PW ATM IWF. # Configure PE1.
[PE1] mpls l2vpn [PE1-l2vpn] quit [PE1] pw-template pwt [PE1-pw-template-pwt] peer-address 3.3.3.9 [PE1-pw-template-pwt] quit [PE1] interface atm 1/0/0.1 p2p [PE1-Atm1/0/0.1] pvp 1 [PE1-Atm1/0/0.1-1/0] vp-vlan-map pe-vid 1 [PE1-Atm1/0/0.1-1/0] vc-vlan-map vci 5 to 100 ce-vid 1 [PE1-Atm1/0/0.1-1/0] quit [PE1-Atm1/0/0.1] mpls l2vc pw-template pwt 101 [PE1-Atm1/0/0.1] quit

# Configure PE2.
[PE2] mpls l2vpn [PE2-l2vpn] quit [PE2] pw-template pwt [PE2-pw-template-pwt] peer-address 1.1.1.9 [PE2-pw-template-pwt] quit [PE2] interface gigabitethernet 1/0/0.1 [PE2-gigabitethernet1/0/0.1] vlan-type dot1q 1 [PE2-gigabitethernet1/0/0.1] mpls l2vc pw-template pwt 101 [PE2-gigabitethernet1/0/0.1] quit

7.

Verify the configuration. After the configuration, run the display mpls l2vc command on PEs. You can view that the PW is in the Up state and the encapsulation type of the VC is VLAN. Take the display on PE1 as an example.
[PE1] display mpls l2vc Total ldp vc : 1 1 up 0 down *Client Interface : Atm1/0/0.1 Session State : up AC Status : up VC State : up VC ID : 101 VC Type : vlan Destination : 3.3.3.9 Local VC Label : 17408 Remote VC Label : 17409 Control Word : Disable Local VC MTU : 1500 Romete VC MTU : 1500 Tunnel Policy Name : -Traffic Behavior Name: -PW Template Name : pwt Create time : 0 days, 0 hours, 0 minutes, 23 seconds UP time : 0 days, 0 hours, 0 minutes, 23 seconds Last change time : 0 days, 0 hours, 0 minutes, 23 seconds

Run the display pvc-vlan-map interface atm interface-number.subinterface-number command. You can view that the mapping between vpi/vci and pe-vid /ce-vid on the ATM interface is set up. Take the display on PE1 as an example.
Issue 03 (2008-09-22) Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd. 10-15

10 ATM IWF Configuration

Quidway NetEngine80E/40E Core Router Configuration Guide - VPN

[PE1] display pvc-vlan-map interface atm 1/0/0.1 PVC 1/5-VLAN 1/5 VCD:5 InFlowID:32769 OutFlowID:131073 PVC 1/6-VLAN 1/6 VCD:6 InFlowID:32770 OutFlowID:131074 PVC 1/100-VLAN 1/100 VCD:10 InFlowID:32868 OutFlowID:131082

Configuration Files
l

Configuration file of PE1


# sysname PE1 # mpls lsr-id 1.1.1.9 mpls mpls l2vpn # pw-template pwt peer-address 3.3.3.9 # mpls ldp # mpls ldp remote-peer 1 remote-ip 3.3.3.9 # interface atm1/0/0.1 p2p pvp 1 vp-vlan-map pe-vid 1 vc-vlan-map vci 5 to 100 ce-vid 1 mpls l2vc pw-template pwt 101 # interface Pos2/0/0 undo shutdown link-protocol ppp ip address 10.1.1.1 255.255.255.0 mpls mpls ldp # interface LoopBack1 ip address 1.1.1.9 255.255.255.255 # ospf 1 area 0.0.0.0 network 1.1.1.9 0.0.0.0 network 10.1.1.0 0.0.0.255 # return

Configuration file of P
# sysname P # mpls lsr-id 2.2.2.9 mpls # mpls ldp # interface Pos1/0/0 undo shutdown link-protocol ppp ip address 10.2.2.2 255.255.255.0 mpls mpls ldp # interface Pos2/0/0 undo shutdown link-protocol ppp ip address 10.1.1.2 255.255.255.0 mpls mpls ldp

10-16

Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd.

Issue 03 (2008-09-22)

Quidway NetEngine80E/40E Core Router Configuration Guide - VPN


# interface LoopBack1 ip address 2.2.2.9 255.255.255.255 # ospf 1 area 0.0.0.0 network 2.2.2.9 0.0.0.0 network 10.1.1.0 0.0.0.255 network 10.2.2.0 0.0.0.255 # return l

10 ATM IWF Configuration

Configuration file of PE2


# sysname PE2 # mpls lsr-id 3.3.3.9 mpls mpls l2vpn # pw-template pwt peer-address 1.1.1.9 # mpls ldp # mpls ldp remote-peer 1 remote-ip 1.1.1.9 # interface GigabitEthernet1/0/0 undo shutdown # interface GigabitEthernet1/0/0.1 vlan-type dot1q 1 mpls l2vc pw-template pwt 101 # interface Pos2/0/0 undo shutdown link-protocol ppp ip address 10.2.2.1 255.255.255.0 mpls mpls ldp # interface LoopBack1 ip address 3.3.3.9 255.255.255.255 # ospf 1 area 0.0.0.0 network 3.3.3.9 0.0.0.0 network 10.2.2.0 0.0.0.255 # return

Issue 03 (2008-09-22)

Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd.

10-17

Quidway NetEngine80E/40E Core Router Configuration Guide - VPN

A Glossary

A
This appendix collates frequently used glossaries in this document. A AC Address Space Attribute Value Pair An address realm that is managed by a VPN.

Glossary

A physical or logical link used to transmit frames between the CE and the PE in L2VPN.An AC interface can be a physical interface or a virtual interface. All the user packets on the AC including the protocol packets of Layer 2 and Layer 3 are completely transmitted to the peer site.

The attribute value pairs (AVP) that are used by the L2TP protocol to transmit and negotiate the L2TP parameters. A control message contains multiple AVPs.

C Carrier's Carrier A network structure in which a user of a BGP/MPLS VPN service who is also a service provider at the same time. In this situation, the BGP/MPLS VPN service provider is a Level 1 carrier. The user of the BGP/MPLS VPN service who is also a service provider at the same time is called a Level 2 carrier. An implementation of MPLS L2VPN that uses the static configuration of labels. CCC transmits user data by using Layer 1 label. CCC exclusively uses an LSP. A connection that defines a pair of LNS and LAC and controls the establishment, maintenance and dismantlement of tunnels and sessions. The procedures for establishing a control connection involve the exchange of information about identity protection, L2TP version, frame type, and parameters of the physical links. A message used in the establishment and maintenance of tunnels and sessions, and in the transmission control. Control messages are transmitted in reliable mode.

CCC

Control Connection

Control Message

Issue 03 (2008-09-22)

Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd.

A-1

A Glossary

Quidway NetEngine80E/40E Core Router Configuration Guide - VPN

CPE-based VPN Customer Edge

Customer Premises Equipment-based VPN. A VPN that is controlled by users. Customer edge equipment that is directly connected with the service provider. In a VPN based on MPLS, a CE device can be a router, switch, or even a host. A 4-byte encapsulated packet header. It is used to transmit packets in a MPLS packet switching network. The control word carries the sequence number, fills the packets to prevent too short packets, and carries Layer 2 header control information.

CW

D Data Message Dynamic PW E Extranet VPN A VPN that expands an enterprise network to the service provider, partner, and client. Through an extranet VPN, different enterprises can construct VPN through public networks. A message that encapsulates PPP frames and is transmitted in tunnels. Data messages are transmitted in unreliable mode. A PW that is set up through a signaling protocol.

G GRE An encapsulation mode in which packets of some network protocols such as IP and IPX are encapsulated and thus can be transmitted in networks supporting other protocols such as IP.

I Intranet VPN A VPN that connects sites within an enterprise through the public network.

K Kompella VPN An implementation of L2VPN that is realized in end-to-end mode in a MPLS network. In Kompella VPN, BGP is used as the signaling protocol to transmit Layer 2 information and VC labels.

L L2TP A Layer 2 tunneling protocol that is drafted by IETF and involves the participation of companies such as Microsoft. The L2TP combines the advantages of both PPTP and L2F. A device that is attached to a switching network and is capable of L2TP processing. It possesses PPP terminal system and generally provides the access service to users. A server that processes the L2TP protocol.

L2TP Access Concentrator L2TP Network Server

A-2

Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd.

Issue 03 (2008-09-22)

Quidway NetEngine80E/40E Core Router Configuration Guide - VPN

A Glossary

M Martini VPN An implementation of MPLS L2VPN that is realized by setting up point-to-point link. In Martini VPN, LDP is used as the signaling protocol to transmit Layer 2 information and VC labels. A protocol that transmits VPN structure information and VPN IPv4 routes between the PE devices. A VPN that provides Layer 2 VPN services based on the MPLS network to enable the carriers to provide VPNs of different media, including ATM, FR, VLAN, Ethernet, and PPP on unified MPLS network. A situation in which multiple PWs exist between the U-PEs.

MP-BGP MPLS L2VPN

Multi-hop PW N Network Access Server

A server that provides the access to Internet for PSTN/ISDN dialup users. A Network Access Server (NAS) can work as an LAC, or as an LNS, or as an LAC and LNS at the same time. A VPN in which users entrust maintenance of the VPN to ISPs and realize VPN features and functions on the network edge devices.

Network-based VPN

P P A backbone device that is located in the service provider network. A P device is not directly connected with the CE devices. The P devices only need the basic MPLS forwarding capability and do not maintain information about a VPN. A Provider Edge (PE) device is a device that is located in the backbone network in the MPLS VPN structure. A PE device is responsible for VPN user management, establishment of LSPs between the PE devices and exchanges of routing information between sites of the same VPN.A PE device performs the mapping and forwarding of the packets from the private network to the public-network tunnels and that in the reverse order. PE can be further divided into UPE, SPE and NPE. A tunnel protocol that encapsulates PPP on the tunnels of an IP network. The protocol is supported by Microsoft, Ascend, and 3COM. A bidirectional virtual connection between two VSIs. A VSI consists of a pair of unidirectional MPLS VCs. A technology that bears Layer 2 services. PWE3 emulates services such as ATM, FR, Ethernet, low-speed TDM circuit, and SONET/ SDH. A signaling protocol used to set up and maintain Pseudo Wires (PWs).PW signaling can automatically discover the peer PE devices of VSIs. Currently, the primary PW signaling protocols are LDP and BGP.

PE

PPTP

PW PWE3

PW Signaling

Issue 03 (2008-09-22)

Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd.

A-3

A Glossary

Quidway NetEngine80E/40E Core Router Configuration Guide - VPN

PW Template

A Pseudo Wire (PW) template is an aggregation of public attributes of the PWs. A PW template is shared by different PWs.

Q QinQ A mechanism that uses the tunnel protocol based on 802.1Q encapsulation and provides multi-point L2VPN services. In Q-inQ, the private-network VLAN tag is encapsulated in the publicnetwork VLAN tag. The packets carrying double tags are transmitted through the backbone network of the service provider. Thus, the users are provided with a Layer 2 VPN tunnel service.

R Route Distinguisher An 8-byte field in a VPN IPv4 address. A route distinguisher (RD) together with a 4-byte IPv4 address prefix construct a VPN IPv4 address to differentiate the IPv4 prefixes using the same address space.

S Session Connection Single hop PW Site A connection that is a PPP session multiplexed on the tunnel connections. A situation in which only one PW exists between the U-PEs. The label switching on the PW label level is not needed. A group of IP systems. Sites have IP connectivity between each other and this connectivity need not be realized by the service provider network. The SPE devices are core devices that are located within a VPLS full-meshed network. The UPE devices that are connected with the SPE devices are similar to the CE devices. The PWs set up between the UPE devices and the SPE devices serve as the ACs of the SPE devices. The SPE devices must learn the MAC addresses of all the sites on UPE side and those of the UPE interfaces that are connected with the SPE.SPE is sometimes called NPE. A device that is responsible for PW switching and PW label forwarding within a backbone network. A PW whose parameters are specified through command lines instead of parameter negotiation. Data is transmitted between the PE devices through tunnels. An implementation of static MPLS L2VPN that does not use the signaling protocol to transmit L2VPN information. In SVC, VC label information needs manual configuration.

SPE

S-PE Static PW

SVC

A-4

Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd.

Issue 03 (2008-09-22)

Quidway NetEngine80E/40E Core Router Configuration Guide - VPN

A Glossary

Tunnel

A channel through which a packet switching network transmits service traffic between the PEs. In VPN, a tunnel is an information transmission channel between two entities. The tunnel provides security for transparent transmission of VPN information. A tunnel can bear multiple PWs. In most cases, a tunnel is a MPLS tunnel. A management mode in which the tunnel status is reported to the tunnel application program and the tunnel policies are checked according to the destination IP address. A policy used to choose a tunnel according to the destination IP address. A technology that is used to implement the L2TP tunnel relay. A device supporting the tunnel switch works on the one hand as an LNS to set up the tunnel connection with the LAC, and on the other hand works as an LAC to set up the tunnel connection with the LNS.

Tunnel Management

Tunnel Policy Tunnel Switch

U UPE A PE device that is directly connected with the CE devices. UPE supports routing and MPLS encapsulation. If a UPE is connected with multiple CEs and possesses the basic bridge function, frame forwarding is performed only on the UPE. This decreases the burden of the SPE. A U-PE is an edge device of a backbone network and is directly connected with user edge devices in a VPN.

U-PE

V VC VCCV A unidirectional logical connection between two nodes. A tool that is used to manually test the connectivity of the virtual circuit. Similar to ICMP ping and LSP ping, it is realized through the extended LSP ping. A line that emulates the leased line by using IP network and thus provides unsymmetrical and low-cost Digital Data Network (DDN) service. A network that implements VPN by using the dial-up function of the public network such as ISDN and PSTN, and the access network to provide the access service for enterprise, small-scale ISP, and mobile business man. A service that is used to connect more than one Ethernet LAN segment through the PSN and make them operate in an environment similar to a LAN. A recently-developed technology that implements the private network over a public network. It is a network that only logically exists.

VLL

VPDN

VPLS

VPN

Issue 03 (2008-09-22)

Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd.

A-5

A Glossary

Quidway NetEngine80E/40E Core Router Configuration Guide - VPN

VPN instance

An entity that is set up and maintained by the PE devices for directly-connected sites. Each site has its VPN instance on a PE device. A VPN instance is also called VPN Routing and Forwarding (VRF) table. A PE device has multiple forwarding tables, including a public-network routing table and a or multiple VRFs. A BGP extended community attribute that is also called Route Target. In BGP/MPLS IP VPN, VPN-Target is used to control VPN routing information. VPN-Target attribute defines a VPN IPv4 route can be received by which site and a PE device can receive routes from which site. A network that realizes the communication between the headquarters, branches, and the remote offices through the virtual routers. A technology that bears Layer 2 services. VPWS emulates services such as ATM, FR, Ethernet, low-speed TDM circuit, and SONET/ SDH in a PSN. See VPN instance. An instance through which the physical access links of VPLS can be mapped to the virtual links. Each VSI provides independent VPLS service. VSI has Ethernet bridge function and can terminate PW.

VPN-Target

VPRN

VPWS

VRF VSI

A-6

Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd.

Issue 03 (2008-09-22)

Quidway NetEngine80E/40E Core Router Configuration Guide - VPN

B Acronyms and Abbreviations

B
A AC ARP AS ASBR ATM AVP B BGP C CCC CE CHAP CRC CW D DHCP DLCI DR DU

Acronyms and Abbreviations

This appendix collates frequently used acronyms and abbreviations in this document.

Attachment Circuit Address Resolution Protocol Autonomous System Autonomous System Boundary Router Asynchronous Transfer Mode Attribute Value Pair

Border Gateway Protocol

Circuit Cross Connect Customer Edge Challenge Handshake Authentication Protocol Cyclic Redundancy Check Control Word

Dynamic Host Configuration Protocol Data Link Connection Identifier Designated Router Downstream Unsolicited

Issue 03 (2008-09-22)

Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd.

B-1

B Acronyms and Abbreviations

Quidway NetEngine80E/40E Core Router Configuration Guide - VPN

F FEC FR G GRE H HDLC HoPE HoVPN HVPLS I IETF IGP IKE IPSec IPX ISDN IS-IS ISP L L2F L2TP LAC LAN LCP LDP LFIB LNS LSA LSP LSR
B-2

Forwarding Equivalence Class Frame Relay

Generic Routing Encapsulation

High-level Data Link Control Hierarchy of PE Hierarchy of VPN Hierarchical Virtual Private LAN Service

Internet Engineering Task Force Interior Gateway Protocol Internet Key Exchange Internet Protocol Security extensions Internet Packet Exchange Integrated Services Digital Network Intermedia System-Intermedia System Internet Service Provider

Layer 2 Forwarding Layer 2 Tunneling Protocol L2TP Access Concentrator Local Area Network Link Control Protocol Label Distribution Protocol Label Forward Information Base L2TP Network Server Link State Advertisement Label Switched Path Label Switching Router
Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd. Issue 03 (2008-09-22)

Quidway NetEngine80E/40E Core Router Configuration Guide - VPN

B Acronyms and Abbreviations

M MAC MH-PW MIB MPLS MTU N NAS NAT NBIP-VPN NCP NHLFE O OAM OSPF P P2MP P2P PAP PDU PE PHP PING POP PPTP PPVPN PSTN PVC PW PWE3 Point-to-Multipoint Point-to-Point Password Authentication Protocol Protocol Data Unit Provider Edge Penultimate Hop Popping Packet internet groper Point Of Presence Point-to Point Tunneling Protocol Provider Provisioned VPN Public Switched Telephone Network Permanent Virtual Channel Pseudo-Wire Pseudo-Wire Emulation Edge-to-Edge Operation Administration and Maintenance Open Shortest Path First Net Control Protocol; Network Control Point; Network Control Protocol Next Hop Label Forwarding Entry Network Access Server Net Address Translation Media Access Control Multi-Hop Pseudo-Wire Management Information Base Multiprotocol Label Switching Maximum Transmission Unit

Issue 03 (2008-09-22)

Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd.

B-3

B Acronyms and Abbreviations

Quidway NetEngine80E/40E Core Router Configuration Guide - VPN

PW template Q QoS QinQ R RADIUS RD RIP RR RRVPN PSN RSVP RSVP-TE RTP S SH-PW SOO SP SPE S-PE SVC T TE TDM U UPE U-PE V VC VCCV

Pseudo-Wire template

Quality of Service 802.1q-in-802.1q

Remote Authentication Dial In User Service Router Distinguisher Routing Information Protocol Route-Reflector Resource Reserved VPN Packet Switched Network Resource Reservation Protocol RSVP-Traffic Engineering Real Time Protocol

Single-Hop Pseudo Wire Site-of-Origin Service Provider Superstratum PE; Service provider-end PE Switching-point PE Static Virtual Circuit

Traffic Engineering Time Division Multiplexed

Underlayer PE; User-end PE Ultimate PE

Virtual Circuit Virtual Circuit Connectivity Verification

B-4

Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd.

Issue 03 (2008-09-22)

Quidway NetEngine80E/40E Core Router Configuration Guide - VPN

B Acronyms and Abbreviations

VCI VLAN VLL VPDN VPI VPLS VPN VPRN VPWS VRF

Virtual Channel Identifier Virtual Local Area Network Virtual Leased Line Virtual Private Data Network Virtual Path Identifier Virtual Private LAN Service Virtual Private Network Virtual Private Routing Network Virtual Private Wire Service VPN Routing and Forwarding table

Issue 03 (2008-09-22)

Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd.

B-5

Quidway NetEngine80E/40E Core Router Configuration Guide - VPN

Index

Index
Symbols/Numerics
, 1-7, 1-8, 1-10, 1-12, 1-15, 1-16, 1-19, 1-20, 1-23, 1-24, 1-26, 2-2, 2-5, 2-9, 2-10, 2-14, 2-15, 2-16, 3-3, 3-6, 3-9, 3-10, 3-20, 3-21, 3-26, 3-27, 3-28, 3-29, 3-34, 3-35, 3-40, 3-41, 3-50, 3-51, 3-52, 3-53, 3-56, 3-57, 3-59, 3-65, 3-67, 3-67, 3-69, 3-69, 3-71, 3-72, 3-78, 3-79, 3-83, 3-84, 3-87, 3-89, 3-91, 3-96, 4-1, 4-2, 4-4, 4-7, 4-8, 4-16, 4-16, 4-22, 4-23, 4-24, 4-25, 4-30, 4-31, 4-35, 4-36, 4-45, 4-46, 4-50, 9-2, 9-12, 9-19, 9-21, 9-22 (Optional) Adjusting BFD Parameters, 6-36 (Optional) Applying a Tunnel Policy to the VPN Instance, 3-8 (Optional) Configuring BGP L2VPN Features, 5-24 (Optional) Configuring the Revertive Switchover, 6-42 (Optional) Configuring the Revertive Switchover Policy, 5-50 (Optional) Deleting ATM Cell Transport, 6-62 BGP/MPLS IPv6 VPN Features Supported by the NE80E/40E, 4-3 Binding a Service VSI to the mVSI, 9-11 Binding a VSI to an AC Interface, 7-64 Binding a VSI to the L2VE Interface, 8-12 Binding an Interface with a VPN Instance, 3-11 Binding an Interface with the VPN Instance, 3-24 Binding an IPv6 VPN Instance with an Interface, 4-9, 4-20 Binding the L2VE to VLL or VPLS, 8-19 Binding the Tunnel with VPN to Which CE belongs on PE, 2-13

C
Canceling the Loop Detection on the Multi-Instance CE, 3-59 Checking L3VPN Traffic, 3-92 Checking the Network Connectivity and Reachability, 3-93, 4-52 Checking the Traffic on a VPLS PW, 7-69 Clearing L3VPN Traffic, 3-92 Clearing MAC Address Entries, 7-70 Clearing the Statistics of the Packets Sent and Received by the VRRP Virtual Router, 9-21 Clearing the Traffic Statistics, 7-69 Configuing ATM Cell Transport, 6-56 Configuration Examples, 5-57 Configuring a Backup PW, 6-28 Configuring a Dynamic VLL to Access the VPLS, 7-35 Configuring a GRE Tunnel, 2-5 Configuring a GRE Tunnel Between CE and PE, 2-10 Configuring a Routing Policy, 3-68, 3-70 Configuring a Routing Policy Differentiating Convergence Priorities, 3-89 Configuring a Routing Policy to Control Label Distribution, 3-38, 4-33 Configuring a Routing Protocol Between PE and CE, 3-12, 4-10 Configuring a Routing Protocol or Static Routes Between PE and CE, 3-26 Configuring a Static VLL to Access the VPLS, 7-36 Configuring a Tunnel Interface, 1-6, 2-7
i-1

A
AC, 7-4 Access of L2VPN to L3VPN Implemented on the CX600, 8-3 Advertising Default Routes of a VPN Instance, 3-52 Advertising Routes of End Address of the Sham Link, 3-54 Applying a Tunnel Policy to L3VPN, 1-10 Applying the Policy-based Route, 3-62 Applying the Routing Policy, 3-90 Applying the Tunnel Policy to L2VPN, 1-13 Applying the Tunnel Policy to L3VPN, 1-18 Applying the Tunnel Policy to the Martini L2VPN, 1-23 Associating the L2VE Interface with a VLL, 8-7 Associating the L3VE Sub-interface Terminated by QinQ with an L3VPN Instance, 8-18 ATM IWF Overview, 10-2 ATM IWF Supported by the NE80E/40E, 10-2

B
BGP/MPLS IP VPN Features Supported by the NE80E/ 40E, 3-4

Issue 03 (2008-09-22)

Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd.

Index

Quidway NetEngine80E/40E Core Router Configuration Guide - VPN

Configuring a Tunnel Policy , 1-9, 1-12 Configuring a VLL to Access the VPLS, 7-34 Configuring a VPN, 5-21 Configuring a VPN Instance, 3-11 Configuring All Client CEs to Establish IBGP Connections with the RR, 3-84 Configuring an ATM Sub-Interface and Configuring IWF Mapping, 10-5, 10-9 Configuring an Ethernet Sub-Interface, 10-6 Configuring an IPv6 VPN Instance, 4-9 Configuring an L2VPN to Access Multiple L4VPNs Through Sub-interfaces for QinQ VLAN Tag Termination, 8-14 Configuring ATM Cell Transport, 6-58 Configuring Attributes of a PW Template, 6-16 Configuring Attributes of the PW Template, 6-36 Configuring Backup PWs, 6-29 Configuring Basic BGP/MPLS IP VPN, 3-10 Configuring Basic BGP/MPLS IPv6 VPN, 4-7 Configuring BFD for PW, 5-47, 6-33, 6-41 Configuring BGP GR for MP-BGP, 3-78 Configuring BGP/MPLS L2VPN, 5-20 Configuring Carrier's Carrier, 3-41, 4-36 Configuring CCC Local Connection, 10-6 Configuring CCC VLL, 5-9 Configuring Convergence Priorities for VPN Routes, 3-88 Configuring Delay Processing on VPLS, 7-67 Configuring Dual-homed Kompella VPLS, 7-61 Configuring Dynamic BFD for PW, 6-35 Configuring Dynamic PWs, 6-21 Configuring External Route Exchanges Between Level 2 Carrier PEs, 3-48, 4-44 Configuring GRE Security Options, 2-8 Configuring Heterogeneous Transport in PWE3, 6-47 Configuring HoVPN, 3-50 Configuring Hub&Spoke, 3-20, 4-16 Configuring HVPLS for the SPE, 7-45 Configuring Inter-AS IPv6 VPN Option A, 4-24 Configuring Inter-AS IPv6 VPN-Option A, 4-23 Configuring Inter-AS IPv6 VPN-Option B, 4-25 Configuring Inter-AS IPv6 VPN-Option C, 4-30 Configuring Inter-AS Kompella VPLS, 7-49 Configuring Inter-AS Kompella VPLS Option A, 7-50 Configuring Inter-AS Kompella VPLS Option C, 7-51 Configuring Inter-AS Martini VLL, 5-34 Configuring Inter-AS Martini VPLS, 7-55 Configuring Inter-AS Martini VPLS Option A, 7-56 Configuring Inter-AS Martini VPLS Option C, 7-57 Configuring Inter-AS Option A, 5-35 Configuring Inter-AS Option C, 5-35 Configuring Inter-AS PWE3, 6-51 Configuring Inter-AS PWE3-Option A, 6-52 Configuring Inter-AS PWE3-Option C, 6-52 Configuring Inter-AS VPN Option A, 3-27, 3-28 Configuring Inter-AS VPN Option B, 3-29 Configuring Inter-AS VPN Option C, 3-35 Configuring IP FRR of a Private Network, 3-67
i-2

Configuring IPv6 VPN Instances, 4-3 Configuring Kompella L2VPN IP-Interworking, 5-30 Configuring Kompella VLL, 5-19 Configuring Kompella VPLS, 7-10 Configuring L2VPN Primary Tunnel Binding, 1-20 Configuring L3VPN Primary Tunnel Binding, 1-16 Configuring LDP HVPLS, 7-28 Configuring Level 2 Carrier CE to Access Level 1 Carrier PE (Inter-AS), 3-44, 4-40 Configuring Level 2 Carrier CE to Access Level 1 Carrier PE (Intra-AS), 3-42, 4-37 Configuring Level 2 Carrier's Customer to Access Level 2 Carrier PE, 3-48, 4-44 Configuring Local CCC Connection IP-Interworking, 5-28 Configuring Loop Detection, 7-32 Configuring Loop Detection of ACs in a VPLS Network, 7-31 Configuring MAC Address Learning, 7-66 Configuring Martini L2VPN IP-Interworking, 5-29 Configuring Martini VLL, 5-15 Configuring Martini VPLS, 7-21 Configuring MP-EBGP Between ASBR PEs, 4-27 Configuring MP-EBGP Between ASBRs, 3-31 Configuring MP-IBGP Between Hub-PE and SpokePE, 3-25, 4-21 Configuring MP-IBGP Between PE and ASBR PE, 4-26 Configuring MP-IBGP Between PE-ASBRs, 3-30 Configuring MP-IBGP Between PEs, 3-12, 4-9 Configuring MPLS Label Allocation Based on the IPv6 VPN Instance, 4-6 Configuring MPLS Label Allocation Based on the VPN Instance, 3-9 Configuring MPLS OAM, 7-44 Configuring Multi-VPN-Instance CE, 3-56 Configuring mVSIs, 9-8 Configuring OAM Mapping, 5-49, 6-41 Configuring OSPF Sham Link, 3-53 Configuring PBR to VPN, 3-60 Configuring PW FRR, 6-39 Configuring PW Switching, 6-24, 6-25 Configuring PWE3, 6-62 Configuring PWE3 to Support IP-Interworking, 6-47 Configuring PWs, 6-37 Configuring Remote CCC Connection IPInterworking, 5-28 Configuring Route Attributes of a VPN Instance, 3-7 Configuring Route Attributes of the VPN Instance, 3-23 Configuring Route Reflection for BGP IPv4 VPN routes, 3-82 Configuring Route Reflection for BGP IPv6 VPN Routes, 4-46, 4-49 Configuring Route Reflection for the Routes of the BGP VPN Instance, 3-86 Configuring Route Reflection to Optimize the VPN Access Layer, 3-83
Issue 03 (2008-09-22)

Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd.

Quidway NetEngine80E/40E Core Router Configuration Guide - VPN

Index

Configuring Route Reflection to Optimize the VPN Backbone Layer, 3-79 Configuring Route Related Attributes of an IPv6 VPN Instance, 4-5, 4-18 Configuring Routes for the Tunnel, 2-8 Configuring Routing Between PE and CE, 4-22, 4-30, 4-35 Configuring SPE, 7-29 Configuring Static BFD for PW, 6-32 Configuring Static PWs, 6-18 Configuring the Access of VLL to the Public Network or L3VPN, 8-4 Configuring the Access of VPLS to the Public Network or L3VPN, 8-9 Configuring the Access to the Public Network or an L3VPN, 8-12 Configuring the Access to the Public Network or L3VPN, 8-7 Configuring the ATM Interface Connecting a CE to a PE, 6-57 Configuring the CCC Local Connection ATM IWF, 10-4 Configuring the Client PEs to Establish MP IBGP Connections with the RR, 3-80, 4-47 Configuring the GR of the Routing Protocol Between PEs and CEs, 3-76 Configuring the GRE Tunnel Interface on CE, 2-11 Configuring the GRE Tunnel Interface on PE, 2-12 Configuring the IGP GR on the Backbone Network, 3-73 Configuring the Inter-AS Kompella VLL, 5-39 Configuring the Inter-AS Kompella VLL Option A, 5-40 Configuring the Inter-AS Kompella VLL Option C, 5-41 Configuring the Keepalive Function, 2-15 Configuring the Loopback Address of the Sham Link, 3-54 Configuring the Loopback Interface Bound to GRE, 2-6 Configuring the MPLS GR on the Backbone Network, 3-74 Configuring the mVRRP Binding, 9-16 Configuring the mVRRP Virtual Router, 9-14 Configuring the mVRRP Virtual Router over the mVSI, 9-15 Configuring the mVSI Binding, 9-18 Configuring the OSPF Multi-Instance on the MultiInstance CE, 3-58 Configuring the OSPF Multi-Instance on the PE, 3-57 Configuring the PE to Access the CE Through Ethernet or VLAN, 5-30 Configuring the Remote ATM IWF, 10-7 Configuring the Route for Returned IP Packets, 3-63 Configuring the Routing Protocol Between CE and PE, 3-34, 3-40 Configuring the RR to Establish MP IBGP Connections with All Client CEs, 3-85
Issue 03 (2008-09-22)

Configuring the RR to Establish MP IBGP Connections with All Client PEs, 4-48 Configuring the RR to Establish MP IBGP Connections with the Client PEs, 3-80 Configuring the Static Route on the CE, 3-65 Configuring the Static Route on the PE and Import the Static Route to VPN, 3-66 Configuring the Static Route to VPN on the Device of the Public Network, 3-66 Configuring the SVC VLL, 5-12 Configuring the Tunnel Binding in the Tunnel Policy, 1-18, 1-22 Configuring the Tunnel Policy, 7-43 Configuring the VE Group, 9-14 Configuring Tunnel Interfaces, 1-4 Configuring Tunnel Policies in select-sequence mode for L2VPN, 1-11 Configuring Tunnel Policies in select-sequence Mode for L3VPN, 1-8 Configuring UPE, 7-30 Configuring VLL FRR, 5-46 Configuring VLL IP Interworking, 5-27 Configuring VPLS Convergence, 9-12 Configuring VPN FRR, 3-69 Configuring VPN GR, 3-72 Configuring VPN Instances, 3-6 Connecting VPN and the Internet, 3-65 Controlling the Receiving and Sending of VPN Routes, 3-32, 4-28 Creating a CE Connection, 5-22 Creating a Local CCC Connection, 5-10 Creating a Martini VLL Connection, 5-17 Creating a Remote CCC Connection, 5-11 Creating a Sham Link, 3-55 Creating a VPN Group, 3-61 Creating a VPN Instance, 3-7, 3-22 Creating an IPv6 VPN Instance, 4-4 Creating an L2VE Interface, 8-6, 8-11, 8-16 Creating an L3VE Interface, 8-6, 8-11, 8-16 Creating an mVSI, 9-10 Creating an SVC VLL Connection, 5-14 Creating Dynamic PW, 6-22 Creating IPv6 VPN Instances, 4-17 Creating PW Template, 6-17 Creating Static PW Connection, 6-20 Creating the L3VE Sub-interface Terminated by QinQ, 8-17 Creating the Remote MPLS L2VPN Connection, 10-10 Creating Tunnel Interfaces, 1-5

D
Debugging a PW, 6-67 Debugging a PWE3, 6-69 Debugging a Tunnel, 1-25 Debugging BGP/MPLS IPv6 VPN, 4-54 Debugging the BGP/MPLS IP VPN Information, 3-95
i-3

Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd.

Index

Quidway NetEngine80E/40E Core Router Configuration Guide - VPN

Debugging VLL, 5-56 Debugging VPLS, 7-69, 9-21 Displaying BGP/MPLS IP VPN Information, 3-92 Displaying BGP/MPLS IPv6 VPN Information, 4-51

E
Enabling Global BFD, 6-33 Enabling Glocal BFD, 6-36 Enabling IP FRR in a Private Network, 3-68 Enabling IWF on an ATM Board, 10-4, 10-8 Enabling Loop Detection Globally, 7-32 Enabling MPLS L2VPN, 5-14, 5-16, 5-20, 6-19, 6-22 Enabling or Disabling VSI, 7-70 Enabling the Exchange of Labeled IPv4 Routes, 4-32 Enabling the Keep-alive Function, 2-16 Enabling the Labeled IPv4 Route Exchange, 3-36 Enabling the MPLS L2VPN, 5-10 Enabling the VPN Binding for a Tunnel, 1-17, 1-21 Enabling VPN FRR, 3-70 Establishing the MP-EBGP Peer Between PEs, 3-39, 4-34 Example for Configuring 1-to-1 VPC ATM Cell Transport, 6-313 Example for Configuring 1-to1 VCC ATM Cell Transport, 6-296 Example for Configuring a Dual-Homed CE, 3-209 Example for Configuring a Dynamic BFD That Checks MH-PW, 6-140 Example for Configuring a Dynamic BFD That Checks SH-PW, 6-132 Example for Configuring a Dynamic Routing Protocol for GRE, 2-22 Example for Configuring a Local CCC Connection, 5-58 Example for Configuring a Local Kompella VLL Connection, 5-77 Example for Configuring a Martini VLL to Access an L3VPN, 8-20 Example for Configuring a Remote CCC Connection, 5-60 Example for Configuring a Remote Kompella VLL Connection, 5-79 Example for Configuring a Static BFD That Checks PWs, 6-116 Example for Configuring a Tunnel Policy for L3VPN, 1-26 Example for Configuring an L2VPN to Access Multiple L3VPNs Through Sub-interfaces for QinQ VLAN Tag Termination, 8-78 Example for Configuring ATM AAL5 SDU Transport, 6-330 Example for Configuring BGP/MPLS IP VPN, 3-96 Example for Configuring BGP/MPLS IP VPN with a GRE Tunnel, 3-106 Example for Configuring BGP/MPLS IPv6 VPN, 4-55 Example for Configuring Carrier's Carrier in a Same AS, 4-111
i-4

Example for Configuring Carrier's Carrier in the Same AS, 3-148 Example for Configuring CE Users to Access a MPLS VPN Through a GRE Tunnel Traversing the Public Network, 2-25 Example for Configuring CE Users to Access an MPLS VPN Through a GRE Tunnel Traversing Another VPN, 2-35 Example for Configuring Dynamic PWs Switching, 6-89 Example for Configuring Dynamic SH-PW (Using the GRE Tunnel), 6-76 Example for Configuring Dynamic SH-PW (Using the LSP Tunnel), 6-71 Example for Configuring Ethernet Loop Detection in a VPLS Network, 7-104 Example for Configuring HoVPN, 3-170 Example for Configuring Hub and Spoke (BGP4+ Between the PE and the CE), 4-66 Example for Configuring Hub and Spoke (Default Route Between the Hub-PE and the Hub-CE), 4-76 Example for Configuring Hub&Spoke, 3-120 Example for Configuring Inter-AS PWE3-Option A, 6-273 Example for Configuring Inter-AS PWE3-OptionC, 6-279 Example for Configuring Inter-AS VPN Option A, 3-128, 4-87 Example for Configuring Inter-AS VPN Option B, 3-136, 4-96 Example for Configuring Inter-AS VPN Option C, 3-142, 4-103 Example for Configuring Interface-based Remote ATM Cell Transport, 6-288 Example for Configuring Kompella VLL with Two Reflectors, 5-178 Example for Configuring Kompella VPLS, 7-71 Example for Configuring LDP HVPLS, 7-91, 7-96 Example for Configuring Load Balancing Among EBGP and IBGP Routes When CEs Are Dual-Homed, 3-227 Example for Configuring Martini VLL, 5-71 Example for Configuring Martini VLL by Using MPLS TE Tunnels, 1-36 Example for Configuring Martini VLL FRR (Asymmetrically Connected CEs), 5-160 Example for Configuring Martini VLL FRR (Symmetrically Dual-homed CEs), 5-145 Example for Configuring Martini VPLS, 7-77 Example for Configuring Mixed PWs Switching, 6-101 Example for Configuring Multi-VPN-Instance CE, 3-186 Example for Configuring N-to-1 VCC ATM Cell Transport, 6-301 Example for Configuring N-to-1 VCC ATM Cell Transport with VPI/VCI Mapping, 6-307

Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd.

Issue 03 (2008-09-22)

Quidway NetEngine80E/40E Core Router Configuration Guide - VPN

Index

Example for Configuring N-to-1 VPC ATM Cell Transport, 6-318 Example for Configuring N-to-1 VPC ATM Cell Transport with VPI Mapping, 6-324 Example for Configuring OSPF Sham Link, 3-176 Example for Configuring PBR to VPN, 3-195 Example for Configuring PW FRR - CEs Are Symmetrically Connected to PEs Through Ethernet Links, Dynamic BFD Is Used to Detect PWs, EFM Is Used to Detect ACs, 6-189 Example for Configuring PW FRR - CEs Are Unsymmetrically Connected to PEs Through Ethernet Links, Dynamic BFD Is Used to Detect PWs, CFM Is Used to Detect ACs, 6-225 Example for Configuring PW FRR - CEs Are Unsymmetrically Connected to PEs Through Ethernet Links, Dynamic BFD Is Used to Detect PWs, EFM Is Used to Detect ACs, 6-205 Example for Configuring PW FRR - CEs Are Unsymmetrically Connected to PEs Through Ethernet Links, Static BFD Is Used to Detect PWs, CFM Is Used to Detect ACs, 6-246 Example for Configuring PW FRR CEs Are Asymmetrically Connected to PEs Through POS Links, 6-167 Example for Configuring PW FRR CEs Are Symmetrically Connected to PEs Through POS Links, 6-152 Example for Configuring Remote ATM IWF, 10-13 Example for Configuring Route Reflector in an IPv6 VPN, 4-133 Example for Configuring Static PWs Switching, 6-82 Example for Configuring Static Routes for GRE, 2-18 Example for Configuring SVC VLL, 5-66 Example for Configuring the Access of Martini VLL to the Public Network, 8-29 Example for Configuring the Access of Martini VPLS to L3VPN, 8-35 Example for Configuring the BGP AS Number Substitution, 3-114 Example for Configuring the Carrier's Carrier (InterAS), 3-159, 4-122 Example for Configuring the CCC Local Connection ATM IWF, 10-10 Example for Configuring the Dual-homing Access of Dynamic Master/Backup VPLS to an L3VPN, 8-47 Example for Configuring the Inter-AS Kompella VLL Option A, 5-127 Example for Configuring the Inter-AS Kompella VLL Option C, 5-136 Example for Configuring the Inter-AS Martini VLL Option A, 5-112 Example for Configuring the Inter-AS Martini VLL Option C, 5-119 Example for Configuring the IP FRR of the Private Network, 3-234 Example for Configuring the Keepalive Function for GRE, 2-45
Issue 03 (2008-09-22)

Example for Configuring the Martini L2VPN Primary Tunnel Binding, 1-45 Example for Configuring the PWE3 Convergence, 6-108 Example for Configuring the PWE3 Internetworking, 6-267 Example for Configuring the VPN with Double Reflectors, 3-255 Example for Configuring VLL Internetworking (Interconnecting Ethernet with HDLC in Martini Mode), 5-91 Example for Configuring VLL Internetworking (Interconnecting Ethernet with PPP by Using the Remote CCC Connection), 5-85 Example for Configuring VLL Internetworking (Interconnecting VLAN with ATM by Using the Local Kompella Connection), 5-97 Example for Configuring VLL Internetworking (Interconnecting VLAN with PPP by Using the Remote Kompella Connection), 5-101 Example for Configuring VPLS Convergence (UPE Directly Accesses the NPE Though the VE Interface), 9-22 Example for Configuring VPLS Convergence (UPE Directly Accesses the NPE Without Using the VE Interface), 9-44 Example for Configuring VPN FRR, 3-238 Example for Configuring VPN GR, 3-246 Example for Configuring VPN-Route Convergence Priorities, 3-263 Example for Connecting VPN and Internet, 3-204 Examples for Configuring ACs of L2VPN IPinterworking, 5-109

G
GRE, 2-2 GRE Configuration, 2-1 GRE Features Supported by the NE80E/40E, 2-2

H
HVPLS PE type, 7-7

I
Introduction to BGP/MPLS IPv6 VPN, 4-2 Introduction to VLL, 5-2 Introduction to VPN Tunnels, 1-2

L
L2VPN to L3VPN, 8-2

M
MAC address learning
i-5

Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd.

Index

Quidway NetEngine80E/40E Core Router Configuration Guide - VPN

introduction, 7-5 mode, 7-5 Maintaining VPLS, 7-68 Maintaining a PW, 6-66 Maintaining VLL, 5-55 Monitoring the Running Status of a Tunnel, 1-24 Monitoring the Running Status of L2VPN, 5-56

O
Overview, 9-2 Overview of BGP/MPLS IP VPN, 3-3

implementation control plane, 7-5 data plane, 7-5 introduction, 7-3 VPLS Configuration, 7-1 VPLS Convergence Configuration, 9-1 VPLS Convergence Features Supported in theNE80E/ 40E, 9-2 VPLS Features Supported by the NE80E/40E, 7-4 VPN Tunnel Features Supported by theNE80E/40E, 1-3 VPN Tunnel Management Configuration, 1-1 VSI, 7-4

P
PW, 7-4 PWE3, 6-3 PWE3 Features Supported by the NE80E/40E, 6-4

R
Resetting BGP Connections, 3-94, 4-53 Resetting BGP L2VPN TCP Connections, 5-55 Resetting BGP Statistics of IPv6 VPN Instance, 4-53 Resetting BGP Statistics of VPN instance, 3-94

S
Setting a Traffic Behavior for the Unicast Policy-based Route, 3-62 Setting Attributes for the PW Template, 6-17 Setting the L3VE Interface to User Termination Mode, 8-17 Specifying UPE, 3-51 Storing Information About the IPv6 VPN Instance on the ASBR PEs, 4-29 Storing Information About the VPN Instance on the ASBR PE, 3-33

T
Taking Statistics of L3VPN Traffic, 3-91 Tiggering Dynamic BFD for PW, 6-37

V
VC concept, 7-4 Verifying the Connectivity of a PW, 6-67 VLL Configuration, 5-1 VLL Features Supported by the NE80E/40E, 5-4 VPLS, 7-3 access mode 1483B, 7-6 VLAN, 7-6 basic concept, 7-3 encapsulation mode, 7-6
i-6 Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd. Issue 03 (2008-09-22)

You might also like