Login
- Table of Contents
- Related Documents
-
| Title | Size | Download |
|---|---|---|
| 03-VPLS Configuration | 484.22 KB |
Contents
Configuring an LDP VPLS instance
Configuring a BGP VPLS instance
Resetting VPLS BGP connections
Configuring MAC address learning
Displaying and maintaining VPLS
Configuring H-VPLS with LSP access
Configuring PW redundancy for H-VPLS access
Implementing multi-AS VPN through multi-hop PW
VPLS overview
Virtual Private LAN Service (VPLS), also called Transparent LAN Service (TLS) or virtual private switched network service, can deliver a point-to-multipoint L2VPN service over public networks. With VPLS, geographically-dispersed sites can interconnect and communicate over MAN or WAN as if they were on the same LAN.
VPLS provides Layer 2 VPN services. However, it supports multipoint services, rather than the point-to-point services that traditional VPN supports. With VPLS, service providers can create on the PEs a series of virtual switches for customers, allowing customers to build their LANs across the Metropolitan Area Network (MAN) or Wide Area Network (WAN).
Operation of VPLS
Basic VPLS concepts
· CE—Customer edge device that is directly connected to the service provider network.
· PE—Provider edge device that connects one or more CEs to the service provider network. A PE maps and forwards packets between private networks and public network tunnels. A PE can be a UPE or NPE.
· UPE—User facing provider edge device that functions as the user access convergence device.
· NPE—Network provider edge device that functions as the network core PE. An NPE resides at the edge of a VPLS network core domain and provides transparent VPLS transport services between core networks.
· VSI—Virtual switch instance that maps actual access links to virtual links.
· PW—Pseudo wire that is the bidirectional virtual connection between VSIs. A PW consists of two unidirectional MPLS virtual circuits (VCs).
· AC—Attachment circuit that connects the CE to the PE. It can use physical interfaces or virtual interfaces. Usually, all user packets on an AC, including Layer 2 and Layer 3 protocol messages, must be forwarded to the peer site without being changed.
· QinQ—802.1Q in 802.1Q, a tunneling protocol based on 802.1Q. It offers a point-to-multipoint L2VPN service mechanism. With QinQ, the private network VLAN tags of packets are encapsulated into the public network VLAN tags, allowing packets to be transmitted with two layers of tags across the service provider network. This provides a simpler Layer 2 VPN tunneling service.
· Forwarder—A forwarder functions as the VPLS forwarding table. Once a PE receives a packet from an AC, the forwarder selects a PW for forwarding the packet.
· Tunnel—A tunnel, usually an MPLS tunnel, is a direct channel between a local PE and the peer PE for transparent data transmission in-between. It is used to carry PWs. A tunnel can carry multiple PWs.
· Encapsulation—Packets transmitted over a PW use the standard PW encapsulation formats and technologies: Ethernet and VLAN.
· PW signaling—The PW signaling protocol is the fundament of VPLS. It is used for creating and maintaining PWs and automatically discovering VSI peer PE. Currently, there are two PW signaling protocols: LDP and BGP.
Figure 1 shows a typical VPLS networking scenario.
Figure 1 Network diagram for VPLS
MAC address learning and flooding
VPLS provides reachability by MAC address learning. Each PE maintains a MAC address table.
1. Source MAC address learning
MAC address learning includes two parts:
¡ Remote MAC address learning associated with PWs
A PW consists of two unidirectional VC LSPs. A PW is up only when both of the VC LSPs are up. When the inbound VC LSP learns a new MAC address, the PW needs to map the MAC address to the outbound VC LSP.
¡ Local MAC address learning of interfaces directly connected to users
This refers to learning source MAC addresses from Layer 2 packets originated by CEs. This occurs on the corresponding VSI interfaces.
Figure 2 shows the procedure of MAC address learning and flooding on PEs.
Figure 2 MAC learning and flooding on PEs
2. MAC address reclaim
Dynamic address learning must support refreshing and relearning. The VPLS draft defines a dynamic address learning method that uses the address reclaim message, which carries MAC TLV. Upon receiving such a message, a router removes MAC addresses or relearns them according to the specified parameters in the TLV. If NULL is specified, the router removes all MAC addresses of the VSI except for those learned from the PW that received the address reclaim message.
The address reclaim message is very useful when the network topology changes and it is required to remove the learned MAC addresses quickly. There are two types of address reclaim messages: those with MAC address lists and those without MAC address lists.
After a backup link becomes active and a message with the instruction of relearning MAC entries arrives, a PE updates the corresponding MAC entries in the FIB table of the VPLS instance and sends the message to other PEs that are directly connected through LDP sessions. If the message contains a null MAC address TLV list, these PEs remove all MAC addresses from the specified VSI, except for those learned from the PW that sent the message.
3. MAC address aging
Remote MAC addresses learned by a PE that are related to VC labels but no more in use need to be aged out by an aging mechanism. The aging mechanism used here is the aging timer corresponding to the MAC address. When receiving a packet whose source MAC address has an aging timer started, the PE resets the aging timer.
VPLS loop avoidance
In general, Layer 2 networks use the Spanning Tree Protocol (STP) to avoid loops. This is not applicable for VPLS networks because the users cannot sense the service provider network. Therefore, enabling STP in the private networks means nothing to the service provider network. In VPLS, full mesh and split horizon forwarding are used to avoid use of STP at the private network side.
Two methods for VPLS loop avoidance are supported:
· PEs are logically fully meshed (so are PWs), that is, each PE must create for each VPLS forwarding instance a tree to all the other PEs of the instance.
· Each PE must support horizontal split to avoid loops, that is, a PE cannot forward packets via PWs of the same VSI, because all the PEs of a VSI are directly connected. In other words, packets from PWs on the public network side cannot be forwarded to other PWs; they can only be forwarded to the private network side.
Peer PE discovery and PW signaling protocol
For PEs in the same VSI, you can configure the peer PE addresses or use an automatic discovery mechanism. Currently, LDP and BGP are used to automatically discover VSI peer PEs.
For a PW to be created, a PW signaling protocol is needed to assign a multiplex distinguishing flag (that is, VC label) and advertise the assigned VC flag to the peer. In addition, the PW signaling protocol advertises VPLS system parameters such as PW ID, control word, and interface parameters. With the PW signaling protocol, PWs can be established between PEs to form a fully meshed network to provide VPLS services. LDP and BGP can be used as PW signaling protocols.
VPLS can be one of the following based on the PW signaling protocol used:
· LDP VPLS—Uses LDP as the signaling protocol. This mode is also called the Martini mode.
· BGP VPLS—Uses BGP extension as the signaling protocol. This mode is also called the Kompella mode.
|
|
NOTE: For more information about the Martini mode and Kompella mode, see the chapter “Configuring MPLS L2VPN.” |
VPLS packet encapsulation
Packet encapsulation on an AC
The packet encapsulation type of an AC depends on the user VSI access mode, which can be VLAN or Ethernet.
· VLAN access: The Ethernet header of a packet sent by a CE to a PE or sent by a PE to a CE includes a VLAN tag that is added in the header as a service delimiter for the service provider network to identify the user. The tag is called a P-Tag.
· Ethernet access: The Ethernet header of a packet upstream from the CE or downstream from the PE does not contain any service delimiter. If a header contains a VLAN tag, it is the internal VLAN tag of the user and means nothing to the PE. This kind of internal VLAN tag of the user is called a U-Tag.
You can specify the VSI access mode to be used.
Packet encapsulation on a PW
The packet encapsulation type of a PW, also called the PW transport mode, can be either Ethernet or VLAN.
· In Ethernet mode, P-TAG is not transferred on the PW. For a packet from a CE, if it contains the service delimiter, the PE removes the service delimiter and adds a PW label and a tunnel label into the packet before forwarding the packet. Otherwise, the PE directly adds a PW label and a tunnel label into the packet and then forwards the packet. For a packet to be sent downstream, whether the PE adds the service delimiter into the packet depends on your configuration. However, rewriting and removing of existing tags are not allowed.
· In VLAN mode, packets transmitted over the PW must carry a P-Tag. For a packet from a CE, if it contains the service delimiter, the PE keeps the P-Tag unchanged or changes the P-Tag to the VLAN tag expected by the peer PE or to a null tag (the tag value is 0), and then adds a PW label and a tunnel label into the packet before sending the packet out. If the packet contains no service delimiter, the PE adds the VLAN tag expected by the peer PE or a null tag, and then a PW label and a tunnel label into the packet before sending the packet out. For a packet to be sent downstream, the PE rewrites, removes, or retains the service delimiter depending on your configuration.
According to the protocol, the packet encapsulation type of a PW is VLAN by default.
H-VPLS implementation
Hierarchy of VPLS (H-VPLS) can extend the VPLS access range of a service provider and reduce costs.
Advantages of H-VPLS access
· H-VPLS has lower requirements on the multi-tenant unit switch (MTU-s). It has distinct hierarchies which fulfill definite tasks.
· H-VPLS reduces the logical complexity of the fully meshed network consisting of PEs and the configuration complexity.
H-VPLS with LSP access
Figure 3 H-VPLS with LSP access
As shown in Figure 3, UPE functions as the convergence device MTU-s and establishes only a virtual link U-PW with NPE 1. It does not establish virtual links with any other peers.
Data forwarding in H-VPLS with LSP access is as follows:
· Upon receiving a packet from a CE, UPE tags the packet with the MPLS label for the U-PW, namely the multiplex distinguishing flag, and then sends the packet to NPE 1.
· When receiving the packet, NPE 1 determines which VSI the packet belongs to by the label and, based on the destination MAC address of the packet, tags the packet with the multiplex distinguishing flag for the N-PW, and forwards the packet.
· Upon receiving the packet from the N-PW, NPE 1 tags the packet with the multiplex distinguishing flag for the U-PW and sends the packet to UPE, which forwards the packet to the CE.
For packets to be exchanged between CE 1 and CE 2, UPE can forward them directly without NPE 1 because it holds the bridging function by itself. For the first packet with an unknown destination MAC address or a broadcast packet, UPE broadcasts the packet to CE 2 through the bridging function and, at the same time, forwards it through U-PW to NPE 1, which replicates the packet and sends a copy to each peer CE.
H-VPLS with QinQ access
Figure 4 H-VPLS with QinQ access
As shown in Figure 4, MTU is a standard bridging device and QinQ is enabled on its interfaces connected to CEs.
Data forwarding in H-VPLS with QinQ access is as follows:
· Upon receiving a packet from a CE, MTU labels the packet with a VLAN tag as the multiplex distinguishing flag, and transparently sends the packet to PE 1 through the QinQ tunnel.
· When receiving the packet, PE 1 determines which VSI the packet belongs to by the VLAN tag and, based on the destination MAC address of the packet, tags the packet with the multiplex distinguishing flag (MPLS label) for the PW. Then, it forwards the packet.
· Upon receiving the packet from the PW, PE 1 determines to which VSI the packet belongs by the multiplex distinguishing flag (MPLS label) and, based on the destination MAC address of the packet, labels the packet with the VLAN tag. Then, it forwards the packet through the QinQ tunnel to MTU, which in turn forwards the packet to the CE.
For packets to be exchanged between CE 1 and CE 2, MTU can forward them directly without PE 1 because it holds the bridging function by itself. For the first data packet with an unknown destination MAC address or a broadcast packet, MTU broadcasts the packet to CE 2 through the bridging function and, at the same time, forwards it through the QinQ tunnel to PE 1, which replicates the packet and sends a copy to each peer CE.
PW redundancy
The network design with a single PW between a UPE and an NPE has a distinct drawback: once the PW experiences a failure, all VPNs connected to the aggregate device will lose connectivity. The H-VPLS with LSP access provides redundant links for PW backup. Normally, only the primary PW link is used. When the main link fails, the backup link takes over the VPN services.
Figure 5 Backup link for H-VPLS with LSP access
The H-VPLS with LSP access activates the backup link when:
· The tunnel over which the primary PW is established is deleted, causing the PW to go down.
· BFD detects a primary link failure.
· The LDP session between the peers of the primary PW goes down, and the PW is deleted as a result.
Hub-spoke VPLS implementation
In hub-spoke networking, one of the VPLS networking modes, there is one hub site and multiple spoke sites. The spoke sites (the spoke-CEs) are not permitted to communicate with each other directly; data transmission between them depends on the hub site (the hub-CE). The PE connecting the hub site is called the “hub-PE.” The PEs connecting the spoke sites are called “spoke-PEs.”
Advantages of hub-spoke networking
In hub-spoke networking, all traffic between spoke sites must go through the hub site, facilitating centralized management of traffic.
Hub-Spoke networking
Figure 6 Hub-spoke networking
Figure 6 shows a typical hub-spoke networking application. As the MAC address learning in a hub-spoke network is the same as that in a common network, the following describes only the data forwarding procedure:
1. Upon receiving a packet from Spoke-CE 1, Spoke-PE 1 inserts an MPLS label into the packet according to the VSI to which Spoke-CE 1 belongs and then forwards the packet to Hub-PE.
2. Receiving the packet from the PW, Hub-PE determines by the MPLS label the VSI that the packet is for and forwards the packet to Hub-CE directly.
3. Hub-CE has Layer 2 forwarding function. It processes the packet and then forwards the packet back to Hub-PE.
4. Receiving the packet from the AC, Hub-PE determines by the VLAN tag the VSI that the packet is for, inserts an MPLS label to which the PW corresponds based on the destination MAC address, and forwards the packet to Spoke-PE 2.
5. When Spoke-PE 2 receives the packet from the PW, it determines by the MPLS label the VSI that the packet is for, and then forwards the packet to Spoke-CE 2.
Multi-hop PW
A PW cannot be setup directly between two PEs when:
· The two PEs are in different Autonomous Systems (ASs), where they cannot establish a singling connection.
· The two PEs use different PW signaling protocols.
In such cases, you can establish multiple continuous PW segments that function as a single PW, called a “multi-hop PW,” a virtual connection between the two PEs.
Figure 7 Diagram for multi-hop PW
As shown in Figure 7, PE 1 and PE 2 are in different ASs. To set up a multi-hop PW between PE 1 and PE 2, you need to:
· Establish three PWs: PW 1 between PE 1 and ASBR 1, PW 2 between ASBR 1 and ASBR 2, and PW 3 between ASBR 2 between PE 2.
· Associate PW 1 and PW 2 on ASBR 1. Then, when receiving a packet from PW 1 (or PW 2), ASBR 1 removes the existing inner and outer labels of the packet and adds the inner and outer labels of PW 2 (or PW 1) to the packet.
· Associate PW 2 and PW 3 on ASBR 2. Then, upon receiving a packet from PW 2 (or PW 3), ASBR 2 removes the existing inner and outer labels of the packet and then adds the inner and outer labels of PW 3 (or PW 2) to the packet.
Thus, PW 1, PW 2, and PW 3 are put end to end and a multi-hop PW is formed across the ASs.
|
|
NOTE: Only LDP VPLS connections can form a multi-hop PW. |
VPLS configuration task list
Complete the following tasks to configure VPLS:
|
Task |
Remarks |
||
|
Required |
Configure either type of VPLS as needed |
||
|
Required |
|||
|
Required |
|||
|
Required |
|||
|
Required |
|||
|
Required |
|||
|
Optional |
|||
|
Optional |
|||
Configuring LDP VPLS
Configuration prerequisites
· Configure IGP on the MPLS backbone devices (PEs and P devices) to guarantee the IP connectivity of the MPLS backbone. For configuration details, see Layer 3—IP Routing Configuration Guide.
· Configure basic MPLS on the MPLS backbone devices (PEs and P devices) to establish LSP tunnels on the backbone network. For configuration information, see the chapter “Configuring basic MPLS.”
· Configure LDP remote peers on PEs to establish remote LDP sessions. For configuration information, see the chapter “Configuring basic MPLS.”
Enabling L2VPN and MPLS L2VPN
You need to enable L2VPN and MPLS L2VPN before you can perform VPLS related configurations.
To enable L2VPN and MPLS L2VPN:
|
Step |
Command |
|
1. Enter system view. |
system-view |
|
2. Enable L2VPN and enter L2VPN view. |
l2vpn |
|
3. Enable MPLS L2VPN. |
mpls l2vpn |
|
|
NOTE: For more information about the l2vpn command and the mpls l2vpn command, see MPLS Command Reference. |
Configuring an LDP VPLS instance
Configuration prerequisites
· Configuring IGP on the PEs and P devices to guarantee the IP connectivity of the MPLS backbone
· Configuring basic MPLS for the MPLS backbone on the PEs and P devices
· Configuring MPLS L2VPN
Configuration procedure
When creating an LDP VPLS instance, you need to perform the following configurations:
1. Specify a globally unique name for the VPLS instance and set the peer discovery mechanism to manual configuration.
2. In L2VPN implementation, the Martini mode uses extended LDP (remote LDP sessions) as the signaling for transferring PW information. Therefore, the LDP mode is also called the Martini mode. When configuring a VPLS instance in LDP mode, you must configure LDP as the signaling protocol to be used.
3. Specify the ID of the VPLS instance.
4. Use the peer command to create the VPLS peer PE for the instance, specifying:
· IP address of the peer PE.
· ID of the PW to the peer PE, which must be consistent with that specified on the peer PE.
· Type of the peer PE. If you specify a peer as a UPE, the peer is a user access convergence device in the H-VPLS model. If you specify the backup-peer keyword when creating the peer, the local PE is a UPE and you create a primary NPE and a secondary NPE on it. On a UPE, you can configure only one pair of primary and secondary NPEs. The specified remote NPE peers must be fully meshed, while it is not necessary for a UPE to connect with all the NPEs.
· PW class template to be referenced. A PW class template defines the PW transport mode and tunneling policy to be used.
|
|
NOTE: For information about Martini mode, see the chapter “Configuring MPLS L2VPN.” |
To configure an LDP VPLS instance:
|
Step |
Command |
Remarks |
|
1. Enter system view. |
system-view |
N/A |
|
2. Create a PW class template and enter its view. |
pw-class pw-class-name |
Optional. By default, no PW class template is created. |
|
3. Configure the PW transport mode. |
trans-mode { ethernet | vlan } |
Optional. VLAN by default. |
|
4. Specify a tunneling policy. |
pw-tunnel-policy policy-name |
Optional. By default, the tunneling policy specified through the tnl-policy command in VSI view is used. |
|
5. Return to system view. |
quit |
N/A |
|
6. Create an LDP VPLS instance and enter VSI view. |
vsi vsi-name static [ hub-spoke | p2p ] |
N/A |
|
7. Specify LDP as the PW signaling protocol and enter VSI LDP view. |
pwsignal ldp |
N/A |
|
8. Specify an ID for the VPLS instance. |
vsi-id vsi-id |
N/A |
|
9. Create a peer PE for the VPLS instance. |
peer ip-address [ { hub | spoke } | pw-class class-name | [ pw-id pw-id ] [ upe | backup-peer ip-address [ backup-pw-id pw-id ] ] ] * |
N/A |
|
10. Enable the PW switchback function and set the switchback delay time. |
dual-npe revertive [ wtr-time wtr-time ] |
Optional. Disabled by default. |
|
|
NOTE: · To configure a multi-hop PW, specify the p2p keyword when you create a VPLS instance to enable the PW to PW (P2P) capability, and specify the two peer PEs by using the peer command in the VPLS instance view to associate two PWs. · A P2P enabled VPLS instance cannot be bound with a Layer 3 interface or a service instance. · Up to two peer PEs can be specified for a P2P enabled VPLS instance, and one of them must be specified as a UPE. |
Configuring BGP VPLS
Configuration prerequisites
· Configure IGP on the MPLS backbone devices (PEs and P devices) to guarantee the IP connectivity of the MPLS backbone. For configuration details, see Layer 3—IP Routing Configuration Guide.
· Configure basic MPLS on the MPLS backbone devices (PEs and P devices) to establish LSP tunnels on the backbone network. For configuration information, see the chapter “Configuring basic MPLS.”
Configuring the BGP extension
Before configuring BGP VPLS, you need to configure BGP parameters on the PEs. For configuration details, see Layer 3—IP Routing Configuration Guide.
To configure BGP extension:
|
Step |
Command |
Remarks |
|
1. Enter system view. |
system-view |
N/A |
|
2. Enter BGP view. |
bgp as-number |
N/A |
|
3. Enter VPLS address family view. |
vpls-family |
N/A |
|
4. Activate a peer. |
peer peer-address enable |
No peer is activated by default. |
|
|
NOTE: For configurations in VPLS address family view, see the chapter “Configuring MPLS L3VPN.” |
Enabling L2VPN and MPLS L2VPN
Enable L2VPN and MPLS L2VPN before you configure VPLS related configurations.
To enable L2VPN and MPLS L2VPN:
|
Step |
Command |
|
1. Enter system view. |
system-view |
|
2. Configure the LSR ID. |
mpls lsr-id |
|
3. Enable MPLS capability and enter MPLS view. |
mpls |
|
4. Return to system view. |
quit |
|
5. Enable L2VPN and enter L2VPN view. |
l2vpn |
|
6. Enable MPLS L2VPN. |
mpls l2vpn |
|
|
NOTE: For more information about the l2vpn command the mpls l2vpn command, see MPLS Command Reference. |
Configuring a BGP VPLS instance
When creating a BGP VPLS instance, you must specify a globally unique name for the VPLS instance and set the peer discovery mechanism to automatic configuration.
The BGP mode is also called the Kompella mode, where extended BGP is used as the signaling protocol. When configuring a VPLS instance in BGP mode, you must configure BGP as the signaling protocol to be used.
To configure a BGP VPLS instance:
|
Step |
Command |
|
1. Enter system view. |
system-view |
|
2. Create a BGP VPLS instance and enter VSI view. |
vsi vsi-name auto |
|
3. Specify BGP as the PW signaling protocol and enter VSI BGP view. |
pwsignal bgp |
|
4. Configure an RD for the VPLS instance. |
route-distinguisher route-distinguisher |
|
5. Configure VPN targets for the VPLS instance. |
vpn-target vpn-target&<1-16> [ both | import-extcommunity | export-extcommunity ] |
|
6. Create a site for the VPLS instance. |
site site-id [ range site-range ] [ default-offset { 0 | 1 } ] |
Resetting VPLS BGP connections
When the BGP routing policy or protocol is changed, you must reset the BGP connections in a VPLS to make the new configurations take effect to all connections.
|
Task |
Command |
Remarks |
|
Reset VPLS BGP connections. |
reset bgp vpls { as-number | ip-address | all | external | internal } |
Available in user view |
Binding a VPLS instance
You can establish the association between packets and a VPLS instance in either of the following methods:
· Binding a Layer 3 interface (other than VLAN interface) with the VPLS instance. After you configure such a binding, all packets arriving at the Layer 3 interface will be forwarded through the VPLS instance.
· Binding a Layer 2 port and a VLAN ID with the VPLS instance. After you configure such a binding, packets arriving at the Layer 2 port and carrying the specified VLAN tag will be forwarded through the VPLS instance.
With the first binding method, if you bind VLAN interfaces, one VLAN interface can be bound to only one VPLS instance and all packets carrying the VLAN tag will be forwarded through the VPLS instance, regardless of which Layer 2 Ethernet ports the packets arrive at. This not only wastes the Layer 2 Ethernet interface and VLAN resources, but also cannot differentiate users and services connected to different Layer 2 Ethernet ports. The second binding method can solve these problems.
Binding a Layer 3 interface with a VPLS instance
|
|
NOTE: The router does not support binding a VLAN interface with a VPLS instance in this method. |
To bind a Layer 3 interface with a VPLS instance:
|
Step |
Command |
Remarks |
|
1. Enter system view. |
system-view |
N/A |
|
2. Enter interface view. |
interface interface-type interface-number |
N/A |
|
3. Bind the interface with a VPLS instance. |
l2 binding vsi vsi-name [ access-mode { ethernet | vlan } | { hub | spoke } ] * |
By default, an interface is not bound with any VPLS instance. |
|
|
CAUTION: · On the interface that is bound with a VPLS instance, for example, a routing interface or a routing sub-interface, do not enable the MPLS function. Otherwise, neither VPLS nor MPLS can work normally and to use either service, you need to remove both the VPLS service and the MPLS service and then reconfigure the service. · If you bind a Layer 3 interface with a VPLS instance, IP related functions on the sub-interfaces of the Layer 3 interface will fail. For example, the sub-interfaces cannot receive ARP or IGMP packets; they cannot forward unicast or multicast packets. After you remove the binding, the IP related functions on the sub-interfaces recover. |
Binding a Layer 2 port and a VLAN ID with the VPLS instance
To bind a Layer 2 port and a VLAN ID with the VPLS instance, you need to:
· Create a service instance on the Layer 2 Ethernet port.
· Specify a packet matching VLAN ID for the service instance.
· Bind the service instance with the VPLS instance.
After these configurations, packets that arrive at the Layer 2 Ethernet port and match the specified VLAN ID will be forwarded through the bound VPLS instance.
To bind a Layer 2 port and a VLAN ID with the VPLS instance:
|
Step |
Command |
Remarks |
|
1. Enter system view. |
system-view |
N/A |
|
2. Create the VLAN to be used by the service instance to match packets. |
vlan vlan-id |
N/A |
|
3. Add the Layer 2 port that connects the CE to the VLAN. |
port interface |
N/A |
|
4. Return to system view. |
quit |
N/A |
|
5. Enter the view of the port connecting the CE. |
interface interface-type interface-number |
N/A |
|
6. Create the service instance and enter its view. |
service-instance service-instance-id |
By default, no service instance is created. |
|
7. Specify a packet matching VLAN ID for the service instance. |
encapsulation s-vid vlan-id |
By default, no packet matching VLAN ID is specified for a service instance. |
|
8. Associate the service instance with a VPLS instance. |
xconnect vsi vsi-name [ access-mode { ethernet | vlan } | { hub | spoke } ] * |
By default, a service instance is not associated with any VPLS instance. |
|
|
NOTE: · You can configure up to 4094 service instances on a Layer 2 Ethernet port. · The xconnect vsi command is only available for service instances with the ID in the range of 1 to 4094. · For the access mode configuration of a service instance, see the chapter “Configuring MPLS L2VPN.” · Only when the VPLS instance is enabled with the hub-spoke capability, can you further specify the access mode as hub or spoke. The default is spoke. |
Configuring MAC address learning
To configure the MAC address learning function:
|
Step |
Command |
Remarks |
|
1. Enter system view. |
system-view |
N/A |
|
2. Enter VSI view. |
vsi vsi-name |
N/A |
|
3. Enable/disable MAC address learning for the VPLS instance. |
mac-learning { enable | disable } |
Optional. Enabled by default. |
|
4. Specify a MAC address learning mode for the VPLS instance. |
mac-learn-style { qualify | unqualify } |
Optional. unqualify by default. The router only supports the unqualify mode. |
|
5. Set the maximum number of MAC addresses that the device can learn for the VPLS instance. |
mac-table limit mac-limit-number |
Optional. 65535 by default. |
Configuring VPLS attributes
|
Step |
Command |
Remarks |
|
1. Enter system view. |
system-view |
N/A |
|
2. Enter VSI view. |
vsi vsi-name |
N/A |
|
3. Set the upper speed limit of the VPLS instance. |
bandwidth vpn-speed |
Optional. 102,400 kbps by default. |
|
4. Set the broadcast suppression percentage of the VPLS instance. |
broadcast-restrain ratio |
Optional. 5 by default. |
|
5. Specify the encapsulation type of the VPLS instance. |
encapsulation { ethernet | vlan | bgp-vpls } |
Optional. vlan by default, which corresponds to the VSI PW encapsulation type of tagged. |
|
6. Set the MTU of the VPLS instance. |
mtu mtu |
Optional. 1,500 bytes by default. |
|
7. Set the description of the VPLS instance. |
description text |
Optional. No description set by default. |
|
8. Shut down the VPLS service of the VPLS instance. |
shutdown |
Optional. Enabled by default. |
|
9. Specify a tunneling policy for the VPLS instance. |
tnl-policy tunnel-policy-name |
Optional. By default, no tunneling policy is specified for a VPLS instance and a VPLS instance uses the default tunneling policy. The default tunneling policy selects only one tunnel (no load balancing) in this order: LSP tunnel, CR-LSP tunnel. |
|
|
NOTE: The router supports limiting traffic speed and suppressing broadcast traffic for VPLS instances only when the system working mode is SPE. For more information about system working modes, see Fundamentals Configuration Guide. |
Displaying and maintaining VPLS
|
Task |
Command |
Remarks |
|
Display the VPLS information in the BGP routing table. |
display bgp vpls { all | group [ group-name ] | peer [ [ ip-address ] verbose ] | route-distinguisher route-distinguisher [ site-id site-id [ label-offset label-offset ] ] } [ | { begin | exclude | include } regular-expression ] |
Available in any view |
|
Display the MAC address table information of one or all VPLS instances. |
display mac-address vsi [ vsi-name ] [ blackhole | dynamic | static ] [ count ] [ | { begin | exclude | include } regular-expression ] |
Available in any view |
|
Display information about VPLS connections. |
display vpls connection [ bgp | ldp | vsi vsi-name ] [ block | down | up ] [ verbose ] [ | { begin | exclude | include } regular-expression ] |
Available in any view |
|
Display the AC information of one or all VPLS instances. |
display mpls l2vpn fib ac vpls [ vsi vsi-name | interface interface-type interface-number [ service-instance service-instanceid ] ] [ slot slot-number ] [ verbose ] [ | { begin | exclude | include } regular-expression ] |
Available in any view |
|
Display the PW information of one or all VPLS instances. |
display mpls l2vpn fib pw vpls [ vsi vsi-name [ link link-id ] ] [ slot slot-number ] [ verbose ] [ | { begin | exclude | include } regular-expression ] |
Available in any view |
|
Display information about one or all VPLS instances. |
display vsi [ vsi-name ] [ verbose ] [ | { begin | exclude | include } regular-expression ] |
Available in any view |
|
Display information about remote VPLS connections. |
display vsi remote { bgp | ldp } [ | { begin | exclude | include } regular-expression ] |
Available in any view |
|
Display information about one or all PW class templates. |
display pw-class [ pw-class-name ] [ | { begin | exclude | include } regular-expression ] |
Available in any view |
|
Display information about one or all fast switching groups. |
display l2vpn fast-switch-group [ group-index ] [ | { begin | exclude | include } regular-expression ] |
Available in any view |
|
Clear the MAC address table of one or all VPLS instances. |
reset mac-address vsi [ vsi-name ] |
Available in user view |
VPLS configuration examples
Configuring VPLS instances
Network requirements
CE 1 and CE 2 reside in different sites but both belong to VPN 1.
VPLS instance aaa uses LDP, that is, the Martini mode, while bbb uses BGP, that is, the Kompella mode. The AS number is 100.
Configuration procedure
1. Configure PE 1.
# Configure the IGP protocol, which is OSPF in this example. (Details not shown)
# Configure basic MPLS.
<Sysname> system-view
[Sysname] sysname PE1
[PE1] interface loopback 0
[PE1-LoopBack0] ip address 1.1.1.9 32
[PE1-LoopBack0] quit
[PE1] mpls lsr-id 1.1.1.9
[PE1] mpls
[PE1-mpls] quit
[PE1] mpls ldp
[PE1-mpls-ldp] quit
# Configure interface GigabitEthernet 3/1/1.
[PE1] interface GigabitEthernet 3/1/1
[PE1-GigabitEthernet3/1/1] ip address 10.10.10.10 24
# Configure basic MPLS on the interface.
[PE1-GigabitEthernet3/1/1] mpls
[PE1-GigabitEthernet3/1/1] mpls ldp
[PE1-GigabitEthernet3/1/1] quit
# Configure the remote LDP session.
[PE1] mpls ldp remote-peer 1
[PE1-mpls-remote-1] remote-ip 2.2.2.9
[PE1-mpls-remote-1] quit
# Configure BGP extension.
[PE1] bgp 100
[PE1-bgp] peer 2.2.2.9 as-number 100
[PE1-bgp] peer 2.2.2.9 connect-interface loopback 0
[PE1-bgp] vpls-family
[PE1-bgp-af-vpls] peer 2.2.2.9 enable
[PE1-bgp-af-vpls] quit
[PE1-bgp] quit
# Enable L2VPN and MPLS L2VPN.
[PE1] l2vpn
[PE1-l2vpn] mpls l2vpn
[PE1-l2vpn] quit
# Configure the VPLS instance aaa that uses LDP signaling.
[PE1] vsi aaa static
[PE1-vsi-aaa] pwsignal ldp
[PE1-vsi-aaa-ldp] vsi-id 500
[PE1-vsi-aaa-ldp] peer 2.2.2.9
[PE1-vsi-aaa-ldp] quit
[PE1-vsi-aaa] quit
# Configure the VPLS instance bbb that uses BGP signaling.
[PE1] vsi bbb auto
[PE1-vsi-bbb] pwsignal bgp
[PE1-vsi-bbb-bgp] route-distinguisher 100:1
[PE1-vsi-bbb-bgp] vpn-target 111:1
[PE1-vsi-bbb-bgp] site 1 range 10
[PE1-vsi-bbb-bgp] quit
[PE1-vsi-bbb] quit
# Configure interface GigabitEthernet 3/1/2 and bind VPLS instance aaa or bbb to the interface.
[PE1] interface GigabitEthernet3/1/2
// To bind VPLS instance aaa to interface GigabitEthernet 3/1/2:
[PE1-GigabitEthernet3/1/2] l2 binding vsi aaa
// To bind VPLS instance bbb to interface GigabitEthernet 3/1/2:
[PE1-GigabitEthernet3/1/2] l2 binding vsi bbb
[PE1-GigabitEthernet3/1/2] quit
2. Configure PE 2.
# Configure the IGP protocol, such as OSPF. (Details not shown)
# Configure basic MPLS.
<Sysname> system-view
[Sysname] sysname PE2
[PE2] interface loopback 0
[PE2-LoopBack0] ip address 2.2.2.9 32
[PE2-LoopBack0] quit
[PE2] mpls lsr-id 2.2.2.9
[PE2] mpls
[PE1-mpls] quit
[PE2] mpls ldp
[PE2-mpls-ldp] quit
# Configure interface GigabitEthernet 3/1/1.
[PE2] interface GigabitEthernet 3/1/1
[PE2-GigabitEthernet3/1/1] ip address 10.10.10.11 24
# Configure basic MPLS on the interface.
[PE2-GigabitEthernet3/1/1] mpls
[PE2-GigabitEthernet3/1/1] mpls ldp
[PE2-GigabitEthernet3/1/1] quit
# Configure the remote LDP session.
[PE2] mpls ldp remote-peer 2
[PE2-mpls-remote-2] remote-ip 1.1.1.9
[PE2-mpls-remote-2] quit
# Configure BGP extensions.
[PE2] bgp 100
[PE2-bgp] peer 1.1.1.9 as-number 100
[PE2-bgp] peer 1.1.1.9 connect-interface loopback 0
[PE2-bgp] vpls-family
[PE2-bgp-af-vpls] peer 1.1.1.9 enable
[PE2-bgp-af-vpls] quit
[PE2-bgp] quit
# Enable L2VPN and MPLS L2VPN.
[PE2] l2vpn
[PE2-l2vpn] mpls l2vpn
[PE2-l2vpn] quit
# Configure the VPLS instance aaa that uses LDP signaling.
[PE2] vsi aaa static
[PE2-vsi-aaa] pwsignal ldp
[PE2-vsi-aaa-ldp] vsi-id 500
[PE2-vsi-aaa-ldp] peer 1.1.1.9
[PE2-vsi-aaa-ldp] quit
[PE2-vsi-aaa] quit
# Configure the VPLS instance bbb that uses BGP signaling.
[PE2] vsi bbb auto
[PE2-vsi-bbb] pwsignal bgp
[PE2-vsi-bbb-bgp] route-distinguisher 100:1
[PE2-vsi-bbb-bgp] vpn-target 111:1
[PE2-vsi-bbb-bgp] site 2 range 10
[PE2-vsi-bbb-bgp] quit
[PE2-vsi-bbb] quit
# Configure interface GigabitEthernet 3/1/2 and bind VPLS instance aaa or bbb to the interface.
[PE2] interface GigabitEthernet 3/1/2
// To bind VPLS instance aaa to interface GigabitEthernet 3/1/2:
[PE2-GigabitEthernet3/1/2] l2 binding vsi aaa
// To bind VPLS instance bbb to interface GigabitEthernet 3/1/2:
[PE2-GigabitEthernet3/1/2] l2 binding vsi bbb
[PE2-GigabitEthernet3/1/2] quit
After completing previous configurations, issue the display vpls connection command on the PEs. You will see that a PW connection in up state has been established.
Configuring H-VPLS with LSP access
Network requirements
Create a U-PW between UPE and NPE 1 and an N-PW between NPE 1 and NPE 3. Create an LDP VPLS instance aaa.
Configuration procedure
1. Configure the IGP protocol (such as OSPF) on the MPLS backbone. (Details not shown)
2. Configure UPE.
# Configure basic MPLS.
<Sysname> system-view
[Sysname] sysname UPE
[UPE] interface loopback 0
[UPE-LoopBack0] ip address 1.1.1.9 32
[UPE-LoopBack0] quit
[UPE] mpls lsr-id 1.1.1.9
[UPE] mpls
[UPE-mpls] quit
[UPE] mpls ldp
[UPE-mpls-ldp] quit
# Configure basic MPLS on the interface connected to NPE 1.
[UPE] interface GigabitEthernet 3/1/1
[UPE-GigabitEthernet3/1/1] ip address 10.1.1.1 24
[UPE-GigabitEthernet3/1/1] mpls
[UPE-GigabitEthernet3/1/1] mpls ldp
[UPE-GigabitEthernet3/1/1] quit
# Configure the remote LDP session.
[UPE] mpls ldp remote-peer 1
[UPE-mpls-remote-1] remote-ip 2.2.2.9
[UPE-mpls-remote-1] quit
# Enable L2VPN and MPLS L2VPN.
[UPE] l2vpn
[UPE-l2vpn] mpls l2vpn
[UPE-l2vpn] quit
# Configure the VPLS instance aaa that uses LDP signaling.
[UPE] vsi aaa static
[UPE-vsi-aaa] pwsignal ldp
[UPE-vsi-aaa-ldp] vsi-id 500
[UPE-vsi-aaa-ldp] peer 2.2.2.9
[UPE-vsi-aaa-ldp] quit
[UPE-vsi-aaa] quit
# Configure interface GigabitEthernet 3/1/2 and bind VPLS instance aaa to the interface.
[UPE] interface GigabitEthernet 3/1/2
[UPE-GigabitEthernet3/1/2] l2 binding vsi aaa
[UPE-GigabitEthernet3/1/2] quit
3. Configure NPE 1.
# Configure basic MPLS.
<Sysname> system-view
[Sysname] sysname NPE1
[NPE1] interface loopback 0
[NPE1-LoopBack0] ip address 2.2.2.9 32
[NPE1-LoopBack0] quit
[NPE1] mpls lsr-id 2.2.2.9
[NPE1] mpls
[NPE1–mpls] quit
[NPE1] mpls ldp
[NPE1–mpls-ldp] quit
# Configure basic MPLS on the interface connected to UPE.
[NPE1] interface GigabitEthernet3/1/1
[NPE1-GigabitEthernet3/1/1] ip address 10.1.1.2 24
[NPE1-GigabitEthernet3/1/1] mpls
[NPE1-GigabitEthernet3/1/1] mpls ldp
[NPE1-GigabitEthernet3/1/1] quit
# Configure basic MPLS on the interface connected to NPE 3.
[NPE1] interface GigabitEthernet3/1/2
[NPE1-GigabitEthernet3/1/2] ip address 11.1.1.1 24
[NPE1-GigabitEthernet3/1/2] mpls
[NPE1-GigabitEthernet3/1/2] mpls ldp
[NPE1-GigabitEthernet3/1/2] quit
# Configure the remote LDP session with UPE.
[NPE1] mpls ldp remote-peer 2
[NPE1-mpls-remote-2] remote-ip 1.1.1.9
[NPE1-mpls-remote-2] quit
# Configure the remote LDP session with NPE 3.
[NPE1] mpls ldp remote-peer 3
[NPE1-mpls-remote-3] remote-ip 3.3.3.9
[NPE1-mpls-remote-3] quit
# Enable L2VPN and MPLS L2VPN.
[NPE1] l2vpn
[NPE1-l2vpn] mpls l2vpn
[NPE1-l2vpn] quit
# Configure the VPLS instance aaa that uses LDP signaling.
[NPE1] vsi aaa static
[NPE1-vsi-aaa] pwsignal ldp
[NPE1-vsi-aaa-ldp] vsi-id 500
[NPE1-vsi-aaa-ldp] peer 1.1.1.9 upe
[NPE1-vsi-aaa-ldp] peer 3.3.3.9
[NPE1-vsi-aaa-ldp] quit
[NPE1-vsi-aaa] quit
4. Configure NPE 3.
# Configure basic MPLS.
<Sysname> system-view
[Sysname] sysname NPE3
[NPE3] interface loopback 0
[NPE3-LoopBack0] ip address 3.3.3.9 32
[NPE3-LoopBack0] quit
[NPE3] mpls lsr-id 3.3.3.9
[NPE3] mpls
[NPE3–mpls] quit
[NPE3] mpls ldp
[NPE3–mpls-ldp] quit
# Configure basic MPLS on the interface connected to NPE 1.
[NPE3] interface GigabitEthernet3/1/1
[NPE3-GigabitEthernet3/1/1] ip address 11.1.1.2 24
[NPE3-GigabitEthernet3/1/1] mpls
[NPE3-GigabitEthernet3/1/1] mpls ldp
[NPE3-GigabitEthernet3/1/1] quit
# Configure the remote LDP session.
[NPE3] mpls ldp remote-peer 1
[NPE3-mpls-remote-1] remote-ip 2.2.2.9
[NPE3-mpls-remote-1] quit
# Enable L2VPN and MPLS L2VPN.
[NPE3] l2vpn
[NPE3-l2vpn] mpls l2vpn
[NPE3-l2vpn] quit
# Configure the VPLS instance aaa that uses LDP signaling.
[NPE3] vsi aaa static
[NPE3-vsi-aaa] pwsignal ldp
[NPE3-vsi-aaa-ldp] vsi-id 500
[NPE3-vsi-aaa-ldp] peer 2.2.2.9
[NPE3-vsi-aaa-ldp] quit
[NPE3-vsi-aaa] quit
# Configure interface GigabitEthernet 3/1/2 and bind VPLS instance aaa to the interface.
[NPE3] interface GigabitEthernet 3/1/2
[NPE3-GigabitEthernet3/1/2] l2 binding vsi aaa
[NPE3-GigabitEthernet3/1/2] quit
After completing previous configurations, issue the display vpls connection command on the PEs. You will see that a PW connection in up state has been established.
Configuring hub-spoke VPLS
Network requirements
Create a PW between Spoke-PE 1 and Hub-PE and another PW between Spoke-PE 2 and Hub-PE.
Create VPLS instance aaa and configure it to support hub-spoke networking.
Figure 10 Network diagram
Configuration procedure
1. Configure an IGP (such as OSPF) on the MPLS backbone. (Details not shown)
2. Configure Spoke-PE 1.
# Configure basic MPLS.
<Sysname> system-view
[Sysname] sysname Spoke-PE1
[Spoke-PE1] interface loopback 0
[Spoke-PE1-LoopBack0] ip address 1.1.1.9 32
[Spoke-PE1-LoopBack0] quit
[Spoke-PE1] mpls lsr-id 1.1.1.9
[Spoke-PE1] mpls
[Spoke-PE1–mpls] quit
[Spoke-PE1] mpls ldp
[Spoke-PE1-mpls-ldp] quit
# Configure basic MPLS on the interface connected to Hub-PE.
[Spoke-PE1] interface GigabitEthernet 3/1/1
[Spoke-PE1-GigabitEthernet3/1/1] ip address 10.1.1.1 24
[Spoke-PE1-GigabitEthernet3/1/1] mpls
[Spoke-PE1-GigabitEthernet3/1/1] mpls ldp
[Spoke-PE1-GigabitEthernet3/1/1] quit
# Configure the remote LDP session with Hub-PE.
[Spoke-PE1] mpls ldp remote-peer 1
[Spoke-PE1-mpls-remote-1] remote-ip 3.3.3.9
[Spoke-PE1-mpls-remote-1] quit
# Enable L2VPN and MPLS L2VPN.
[Spoke-PE1] l2vpn
[Spoke-PE1-l2vpn] mpls l2vpn
[Spoke-PE1-l2vpn] quit
# Configure LDP VPLS instance aaa that supports the hub-spoke model, and configure the peer as the hub.
[Spoke-PE1] vsi aaa static hub-spoke
[Spoke-PE1-vsi-aaa] pwsignal ldp
[Spoke-PE1-vsi-aaa-ldp] vsi-id 500
[Spoke-PE1-vsi-aaa-ldp] peer 3.3.3.9 hub
[Spoke-PE1-vsi-aaa-ldp] quit
[Spoke-PE1-vsi-aaa] quit
# Configure interface GigabitEthernet 3/1/2, bind VPLS instance aaa to the interface, and specify the attached CE as a spoke-CE.
[Spoke-PE1] interface GigabitEthernet 3/1/2
[Spoke-PE1-GigabitEthernet3/1/2] l2 binding vsi aaa spoke
[Spoke-PE1-GigabitEthernet3/1/2] quit
3. Configure Spoke-PE 2.
# Configure basic MPLS.
<Sysname> system-view
[Sysname] sysname Spoke-PE2
[Spoke-PE2] interface loopback 0
[Spoke-PE2-LoopBack0] ip address 2.2.2.9 32
[Spoke-PE2-LoopBack0] quit
[Spoke-PE2] mpls lsr-id 2.2.2.9
[Spoke-PE2] mpls
[Spoke-PE2–mpls] quit
[Spoke-PE2] mpls ldp
[Spoke-PE2–mpls-ldp] quit
# Configure basic MPLS on the interface connected to Hub-PE.
[Spoke-PE2] interface GigabitEthernet3/1/1
[Spoke-PE2-GigabitEthernet3/1/1] ip address 20.1.1.1 24
[Spoke-PE2-GigabitEthernet3/1/1] mpls
[Spoke-PE2-GigabitEthernet3/1/1] mpls ldp
[Spoke-PE2-GigabitEthernet3/1/1] quit
# Configure the remote LDP session with Hub-PE.
[Spoke-PE2] mpls ldp remote-peer 2
[Spoke-PE2-mpls-remote-2] remote-ip 3.3.3.9
[Spoke-PE2-mpls-remote-2] quit
# Enable L2VPN and MPLS L2VPN.
[Spoke-PE2] l2vpn
[Spoke-PE2-l2vpn] mpls l2vpn
[Spoke-PE2-l2vpn] quit
# Configure the LDP VPLS instance aaa that supports the hub-spoke model, and configure the peer as the hub.
[Spoke-PE2] vsi aaa static hub-spoke
[Spoke-PE2-vsi-aaa] pwsignal ldp
[Spoke-PE2-vsi-aaa-ldp] vsi-id 500
[Spoke-PE2-vsi-aaa-ldp] peer 3.3.3.9 hub
[Spoke-PE2-vsi-aaa-ldp] quit
[Spoke-PE2-vsi-aaa] quit
# Configure interface GigabitEthernet 3/1/2, bind VPLS instance aaa to the interface, and specify the attached CE as a spoke-CE.
[Spoke-PE2] interface GigabitEthernet 3/1/2
[Spoke-PE2-GigabitEthernet3/1/2] l2 binding vsi aaa spoke
[Spoke-PE2-GigabitEthernet3/1/2] quit
4. Configure Hub-PE.
# Configure basic MPLS.
<Sysname> system-view
[Sysname] sysname Hub-PE
[Hub-PE] interface loopback 0
[Hub-PE-LoopBack0] ip address 3.3.3.9 32
[Hub-PE-LoopBack0] quit
[Hub-PE] mpls lsr-id 3.3.3.9
[Hub-PE] mpls
[Hub-PE–mpls] quit
[Hub-PE] mpls ldp
[Hub-PE–mpls-ldp] quit
# Configure basic MPLS on the interface connected to Spoke-PE 1.
[Hub-PE] interface GigabitEthernet 3/1/1
[Hub-PE-GigabitEthernet3/1/1] ip address 10.1.1.2 24
[Hub-PE-GigabitEthernet3/1/1] mpls
[Hub-PE-GigabitEthernet3/1/1] mpls ldp
[Hub-PE-GigabitEthernet3/1/1] quit
# Configure basic MPLS on the interface connected to Spoke-PE 2.
[Hub-PE] interface GigabitEthernet 3/1/2
[Hub-PE-GigabitEthernet3/1/2] ip address 20.1.1.2 24
[Hub-PE-GigabitEthernet3/1/2] mpls
[Hub-PE-GigabitEthernet3/1/2] mpls ldp
[Hub-PE-GigabitEthernet3/1/2] quit
# Configure the remote LDP sessions.
[Hub-PE] mpls ldp remote-peer 1
[Hub-PE-mpls-remote-1] remote-ip 1.1.1.9
[Hub-PE-mpls-remote-1] quit
[Hub-PE] mpls ldp remote-peer 2
[Hub-PE-mpls-remote-2] remote-ip 2.2.2.9
[Hub-PE-mpls-remote-2] quit
# Enable L2VPN and MPLS L2VPN.
[Hub-PE] l2vpn
[Hub-PE-l2vpn] mpls l2vpn
[Hub-PE-l2vpn] quit
# Configure the LDP VPLS instance aaa that supports the hub-spoke model, and configure the peers as spokes.
[Hub-PE] vsi aaa static hub-spoke
[Hub-PE-vsi-aaa] pwsignal ldp
[Hub-PE-vsi-aaa-ldp] vsi-id 500
[Hub-PE-vsi-aaa-ldp] peer 1.1.1.9 spoke
[Hub-PE-vsi-aaa-ldp] peer 2.2.2.9 spoke
[Hub-PE-vsi-aaa-ldp] quit
[Hub-PE-vsi-aaa] quit
# Configure interface GigabitEthernet 3/1/3, bind VPLS instance aaa to the interface, and specifying the attached CE as the hub-CE.
[Hub-PE] interface GigabitEthernet 3/1/3
[Hub-PE-GigabitEthernet3/1/3] l2 binding vsi aaa hub
[Hub-PE-GigabitEthernet3/1/3] quit
After completing previous configurations, issue the display vpls connection command on the PEs. You will see that a PW connection in up state has been established.
Configuring PW redundancy for H-VPLS access
Network requirements
As shown in Figure 11, UPE establishes a PW connection (U-PW) with NPE 1 and NPE 2, with the NPE 2 link as the backup. NPE 1 and NPE 2 each establish a PW connection (N-PW) with NPE 3. CE 3 is connected to the network through NPE 3.
UPE is connected to NPE 1 through GigabitEthernet 3/1/2 and is connected to NPE 2 through GigabitEthernet 3/1/3. NPE 1 is connected to NPE 3 through GigabitEthernet 3/1/5, and NPE 2 is connected to NPE 3 through GigabitEthernet 3/1/6.
Configure a VPLS instance and configure it to support H-VPLS networking.
Configuration procedure
1. Configure the IGP protocol (such as OSPF) on the MPLS backbone. (Details not shown)
2. Configure UPE.
# Configure basic MPLS.
<Sysname> system-view
[Sysname] sysname UPE
[UPE] interface loopback 0
[UPE-LoopBack0] ip address 1.1.1.1 32
[UPE-LoopBack0] quit
[UPE] mpls lsr-id 1.1.1.1
[UPE] mpls
[UPE-mpls] quit
[UPE] mpls ldp
[UPE-mpls-ldp] quit
# Configure basic MPLS on the interface connected to NPE 1.
[UPE] interface GigabitEthernet 3/1/2
[UPE-GigabitEthernet3/1/2] ip address 12.1.1.1 255.255.255.0
[UPE-GigabitEthernet3/1/2]mpls
[UPE-GigabitEthernet3/1/2]mpls ldp
[UPE-GigabitEthernet3/1/2]quit
# Configure basic MPLS on the interface connected to NPE 2.
[UPE]interface GigabitEthernet 3/1/3
[UPE-GigabitEthernet3/1/3] ip address 13.1.1.1 255.255.255.0
[UPE-GigabitEthernet3/1/3]mpls
[UPE-GigabitEthernet3/1/3]mpls ldp
[UPE-GigabitEthernet3/1/3]quit
# Configure the remote LDP session with NPE 1.
[UPE] mpls ldp remote-peer 1
[UPE-mpls-remote-1] remote-ip 2.2.2.2
[UPE-mpls-remote-1] quit
# Configure the remote LDP session with NPE 2.
[UPE] mpls ldp remote-peer 2
[UPE-mpls-remote-1] remote-ip 3.3.3.3
[UPE-mpls-remote-1] quit
# Enable L2VPN and MPLS L2VPN.
[UPE] l2vpn
[UPE-l2vpn] mpls l2vpn
[UPE-l2vpn] quit
# Configure the VPLS instance aaa that uses LDP signaling.
[UPE] vsi aaa static
[UPE-vsi-aaa] pwsignal ldp
[UPE-vsi-aaa-ldp] vsi-id 500
[UPE-vsi-aaa-ldp] peer 2.2.2.2 backup-peer 3.3.3.3
[UPE-vsi-aaa-ldp] dual-npe revertive wtr-time 1
[UPE-vsi-aaa-ldp] quit
[UPE-vsi-aaa] quit
# On the interface connected to CE 1, that is GigabitEthernet 3/1/1, create a service instance and bind the VSI.
[UPE] interface GigabitEthernet 3/1/1
[UPE-GigabitEthernet3/1/1] service-instance 1000
[UPE-GigabitEthernet3/1/1-srv1000] encapsulation s-vid 10
[UPE-GigabitEthernet3/1/1-srv1000] xconnect vsi aaa
[UPE-GigabitEthernet3/1/1-srv1000] quit
# On the interface connected to CE 2, that is, GigabitEthernet 3/1/4 create a service instance and bind the VSI.
[UPE] interface GigabitEthernet 3/1/4
[UPE-GigabitEthernet3/1/4] service-instance 1000
[UPE-GigabitEthernet3/1/4-srv1000] encapsulation s-vid 11
[UPE-GigabitEthernet3/1/4-srv1000] xconnect vsi aaa
[UPE-GigabitEthernet3/1/4-srv1000] quit
3. Configure NPE 1.
# Configure basic MPLS.
<Sysname> system-view
[Sysname] sysname NPE1
[NPE1] interface loopback 0
[NPE1-LoopBack0] ip address 2.2.2.2 32
[NPE1-LoopBack0] quit
[NPE1] mpls lsr-id 2.2.2.2
[NPE1] mpls
[NPE1–mpls] quit
[NPE1] mpls ldp
[NPE1–mpls-ldp] quit
# Configure an IP address for the interface connected to UPE, and then enable MPLS and MPLS LDP.
[NPE1]interface GigabitEthernet 3/1/2
[NPE1-GigabitEthernet3/1/2] ip address 12.1.1.2 255.255.255.0
[NPE1-GigabitEthernet3/1/2]mpls
[NPE1-GigabitEthernet3/1/2]mpls ldp
[NPE1-GigabitEthernet3/1/2]quit
# Configure an IP address for the interface connected to NPE 3, and then enable MPLS and MPLS LDP.
[NPE1]interface GigabitEthernet 3/1/5
[NPE1-GigabitEthernet3/1/5] ip address 15.1.1.1 255.255.255.0
[NPE1-GigabitEthernet3/1/5]mpls
[NPE1-GigabitEthernet3/1/5]mpls ldp
[NPE1-GigabitEthernet3/1/5]quit
# Configure the remote LDP session with UPE.
[NPE1] mpls ldp remote-peer 2
[NPE1-mpls-remote-2] remote-ip 1.1.1.1
[NPE1-mpls-remote-2] quit
# Configure the remote LDP session with NPE 3.
[NPE1] mpls ldp remote-peer 3
[NPE1-mpls-remote-3] remote-ip 4.4.4.4
[NPE1-mpls-remote-3] quit
# Enable L2VPN and MPLS L2VPN.
[NPE1] l2vpn
[NPE1-l2vpn] mpls l2vpn
[NPE1-l2vpn] quit
# Configure the VPLS instance aaa that uses LDP signaling.
[NPE1] vsi aaa static
[NPE1-vsi-aaa] pwsignal ldp
[NPE1-vsi-aaa-ldp] vsi-id 500
[NPE1-vsi-aaa-ldp] peer 1.1.1.1 upe
[NPE1-vsi-aaa-ldp] peer 4.4.4.4
[NPE1-vsi-aaa-ldp] quit
[NPE1-vsi-aaa] quit
The configuration procedure on NPE 2 is similar to that on NPE 1. (Details not shown)
4. Configure NPE 3.
# Configure basic MPLS.
<Sysname> system-view
[Sysname] sysname NPE3
[NPE3] interface loopback 0
[NPE3-LoopBack0] ip address 4.4.4.4 32
[NPE3-LoopBack0] quit
[NPE3] mpls lsr-id 4.4.4.4
[NPE3] mpls
[NPE3–mpls] quit
[NPE3] mpls ldp
[NPE3–mpls-ldp] quit
# Configure an IP address for the interface connected to NPE 1, and then enable MPLS and MPLS LDP.
[NPE3]interface GigabitEthernet 3/1/5
[NPE3-GigabitEthernet3/1/5] ip address 15.1.1.2 255.255.255.0
[NPE3-GigabitEthernet3/1/5]mpls
[NPE3-GigabitEthernet3/1/5]mpls ldp
[NPE3-GigabitEthernet3/1/5]quit
# Configure an IP address for the interface connected to NPE 2, and then enable MPLS and MPLS LDP.
[NPE3]interface GigabitEthernet 3/1/6
[NPE3-GigabitEthernet3/1/6] ip address 16.1.1.2 255.255.255.0
[NPE3-GigabitEthernet3/1/6]mpls
[NPE3-GigabitEthernet3/1/61]mpls ldp
[NPE3-GigabitEthernet3/1/6]quit
# Configure the remote LDP session.
[NPE3] mpls ldp remote-peer 1
[NPE3-mpls-remote-1] remote-ip 2.2.2.2
[NPE3-mpls-remote-1] quit
[NPE3] mpls ldp remote-peer 2
[NPE3-mpls-remote-2] remote-ip 3.3.3.3
[NPE3-mpls-remote-2] quit
# Enable L2VPN and MPLS L2VPN.
[NPE3] l2vpn
[NPE3-l2vpn] mpls l2vpn
[NPE3-l2vpn] quit
# Configure the VPLS instance aaa that uses LDP signaling
[NPE3] vsi aaa static
[NPE3-vsi-aaa] pwsignal ldp
[NPE3-vsi-aaa-ldp] vsi-id 500
[NPE3-vsi-aaa-ldp] peer 2.2.2.2
[NPE3-vsi-aaa-ldp] peer 3.3.3.3
[NPE3-vsi-aaa-ldp] quit
[NPE3-vsi-aaa] quit
# Create service instance on interface GigabitEthernet 3/1/1 connected to CE 3, and bind the VPLS instance.
[NPE3] interface GigabitEthernet 3/1/1
[NPE3-GigabitEthernet3/1/1] service-instance 1000
[NPE3-GigabitEthernet3/1/1-srv1000] encapsulation s-vid 10
[NPE3-GigabitEthernet3/1/1-srv1000] xconnect vsi aaa
[NPE3-GigabitEthernet3/1/1-srv1000] quit
After completing the configurations, execute the display vpls connection command on the PEs. You will see that a PW connection in up state has been established.
Implementing multi-AS VPN through multi-hop PW
Network requirements
Each CE is connected to a PE through an Ethernet.
Create a VPLS instance that supports P2P on ASBR 1 and ASBR 2, so as to set up a multi-hop PW between PE 1 and PE 2.
Figure 12 Network diagram
Configuration procedure
1. Configurations on PE 1.
# Configure basic MPLS.
<Sysname> system-view
[Sysname] sysname PE1
[PE1] interface loopback 0
[PE1-LoopBack0] ip address 1.1.1.1 32
[PE1-LoopBack0] quit
[PE1] mpls lsr-id 1.1.1.1
[PE1] mpls
[PE1-mpls] quit
[PE1] mpls ldp
[PE1-mpls-ldp] quit
# Configure basic MPLS for the interface connecting ASBR 1.
[PE1] interface GigabitEthernet 3/1/2
[PE1-GigabitEthernet3/1/2] ip address 10.1.1.1 24
[PE1-GigabitEthernet3/1/2] mpls
[PE1-GigabitEthernet3/1/2] mpls ldp
[PE1-GigabitEthernet3/1/2] quit
# Enable L2VPN and MPLS L2VPN.
[PE1] l2vpn
[PE1-l2vpn] mpls l2vpn
[PE1-l2vpn] quit
# Create VPLS instance aaa that uses LDP signaling.
[PE1] vsi aaa static
[PE1-vsi-aaa] pwsignal ldp
[PE1-vsi-aaa-ldp] vsi-id 500
[PE1-vsi-aaa-ldp] peer 2.2.2.2
[PE1-vsi-aaa-ldp] quit
[PE1-vsi-aaa] quit
# Bind the VPLS instance aaa to GigabitEthernet 3/1/1, the interface connected to CE 1.
[PE1] interface GigabitEthernet 3/1/1
[PE1-GigabitEthernet3/1/1] l2 binding vsi aaa
[PE1-GigabitEthernet3/1/1] quit
2. Configurations on ASBR 1.
# Configure basic MPLS.
<Sysname> system-view
[Sysname] sysname ASBR1
[ASBR1] interface loopback 0
[ASBR1-LoopBack0] ip address 2.2.2.2 32
[ASBR1-LoopBack0] quit
[ASBR1] mpls lsr-id 2.2.2.2
[ASBR1] mpls
[ASBR1–mpls] quit
[ASBR1] mpls ldp
[ASBR1–mpls-ldp] quit
# Create a remote LDP peer.
[ASBR1] mpls ldp remote-peer 1
[ASBR1-mpls-ldp-remote-1] remote-ip 3.3.3.3
[ASBR1-mpls-ldp-remote-1] quit
# Configure OSPF.
[ASBR1] ospf
[ASBR1-ospf-1] area 0
[ASBR1-ospf-1-area-0.0.0.0] network 2.2.2.2 0.0.0.0
[ASBR1-ospf-1-area-0.0.0.0] network 10.1.1.0 0.0.0.255
[ASBR1-ospf-1-area-0.0.0.0] quit
[ASBR1-ospf-1] quit
# Configure basic MPLS for GigabitEthernet 3/1/1, the interface connected to PE 1.
[ASBR1] interface GigabitEthernet 3/1/1
[ASBR1-GigabitEthernet3/1/1] ip address 10.1.1.2 24
[ASBR1-GigabitEthernet3/1/1] mpls
[ASBR1-GigabitEthernet3/1/1] mpls ldp
[ASBR1-GigabitEthernet3/1/1] quit
# Configure basic MPLS for GigabitEthernet 3/1/2, the interface connected to ASBR 2.
[ASBR1] interface GigabitEthernet 3/1/2
[ASBR1-GigabitEthernet3/1/2] ip address 11.1.1.2 24
[ASBR1-GigabitEthernet3/1/2] mpls
[ASBR1-GigabitEthernet3/1/2] quit
# Enable L2VPN and MPLS L2VPN.
[ASBR1] l2vpn
[ASBR1-l2vpn] mpls l2vpn
[ASBR1-l2vpn] quit
# Configure a P2P-capable VPLS instance aaa that uses LDP signaling.
[ASBR1] vsi aaa static p2p
[ASBR1-vsi-aaa] pwsignal ldp
[ASBR1-vsi-aaa-ldp] vsi-id 500
[ASBR1-vsi-aaa-ldp] peer 1.1.1.1 upe
[ASBR1-vsi-aaa-ldp] peer 3.3.3.3
[ASBR1-vsi-aaa-ldp] quit
[ASBR1-vsi-aaa] quit
# Configure BGP to advertise labeled unicast routes.
[ASBR1] bgp 100
[ASBR1-bgp] import-route direct
[ASBR1-bgp] peer 11.1.1.3 as-number 200
[ASBR1-bgp] peer 11.1.1.3 route-policy map export
[ASBR1-bgp] peer 11.1.1.3 label-route-capability
[ASBR1-bgp] quit
[ASBR1] route-policy map permit node 10
[ASBR1-route-policy] apply mpls-label
[ASBR1-route-policy] quit
3. Configurations on ASBR 2.
# Configure basic MPLS.
<Sysname> system-view
[Sysname] sysname ASBR2
[ASBR2] interface loopback 0
[ASBR2-LoopBack0] ip address 3.3.3.3 32
[ASBR2-LoopBack0] quit
[ASBR2] mpls lsr-id 3.3.3.3
[ASBR2] mpls
[ASBR2–mpls] quit
[ASBR2] mpls ldp
[ASBR2–mpls-ldp] quit
# Create a remote LDP peer.
[ASBR2] mpls ldp remote-peer 2
[ASBR2-mpls-ldp-remote-2] remote-ip 2.2.2.2
[ASBR2-mpls-ldp-remote-2] quit
# Configure OSPF.
[ASBR2] ospf
[ASBR2-ospf-1] area 0
[ASBR2-ospf-1-area-0.0.0.0] network 3.3.3.3 0.0.0.0
[ASBR2-ospf-1-area-0.0.0.0] network 12.1.1.0 0.0.0.255
[ASBR2-ospf-1-area-0.0.0.0] quit
[ASBR2-ospf-1] quit
# Configure basic MPLS for GigabitEthernet 3/1/1, the interface connecting ASBR 1.
[ASBR2] interface GigabitEthernet 3/1/1
[ASBR2-GigabitEthernet3/1/1] ip address 11.1.1.3 24
[ASBR2-GigabitEthernet3/1/1] mpls
[ASBR2-GigabitEthernet3/1/1] quit
# Configure basic MPLS for GigabitEthernet 3/1/2, the interface connecting PE 2.
[ASBR2] interface GigabitEthernet 3/1/2
[ASBR2-GigabitEthernet3/1/2] ip address 12.1.1.3 24
[ASBR2-GigabitEthernet3/1/2] mpls
[ASBR2-GigabitEthernet3/1/2] mpls ldp
[ASBR2-GigabitEthernet3/1/2] quit
# Enable L2VPN and MPLS L2VPN.
[ASBR2] l2vpn
[ASBR2-l2vpn] mpls l2vpn
[ASBR2-l2vpn] quit
# Configure a P2P-capable VPLS instance aaa that uses LDP signaling.
[ASBR2] vsi aaa static p2p
[ASBR2-vsi-aaa] pwsignal ldp
[ASBR2-vsi-aaa-ldp] vsi-id 500
[ASBR2-vsi-aaa-ldp] peer 4.4.4.4 upe
[ASBR2-vsi-aaa-ldp] peer 2.2.2.2
[ASBR2-vsi-aaa-ldp] quit
[ASBR2-vsi-aaa] quit
# Configure BGP to advertise labeled unicast routes.
[ASBR2] bgp 200
[ASBR2-bgp] import-route direct
[ASBR2-bgp] peer 11.1.1.2 as-number 100
[ASBR2-bgp] peer 11.1.1.2 route-policy map export
[ASBR2-bgp] peer 11.1.1.2 label-route-capability
[ASBR2-bgp] quit
[ASBR2] route-policy map permit node 10
[ASBR2-route-policy] apply mpls-label
[ASBR2-route-policy] quit
4. Configurations on PE 2.
# Configure basic MPLS.
<Sysname> system-view
[Sysname] sysname PE2
[PE2] interface loopback 0
[PE2-LoopBack0] ip address 4.4.4.4 32
[PE2-LoopBack0] quit
[PE2] mpls lsr-id 4.4.4.4
[PE2] mpls
[PE2–mpls] quit
[PE2] mpls ldp
[PE2–mpls-ldp] quit
# Configure basic MPLS for GigabitEthernet 3/1/2, the interface connected to ASBR 2.
[PE2] interface GigabitEthernet 3/1/2
[PE2-GigabitEthernet3/1/2] ip address 12.1.1.4 24
[PE2-GigabitEthernet3/1/2] mpls
[PE2-GigabitEthernet3/1/2] mpls ldp
[PE2-GigabitEthernet3/1/2] quit
# Enable L2VPN and MPLS L2VPN.
[PE2] l2vpn
[PE2-l2vpn] mpls l2vpn
[PE2-l2vpn] quit
# Configure VPLS instance aaa that uses LDP signaling.
[PE2] vsi aaa static
[PE2-vsi-aaa] pwsignal ldp
[PE2-vsi-aaa-ldp] vsi-id 500
[PE2-vsi-aaa-ldp] peer 3.3.3.3
[PE2-vsi-aaa-ldp] quit
[PE2-vsi-aaa] quit
# Bind VPLS instance aaa to GigabitEthernet 3/1/1, the interface connected to CE 2.
[PE2] interface GigabitEthernet 3/1/1
[PE2-GigabitEthernet3/1/1] l2 binding vsi aaa
[PE2-GigabitEthernet3/1/1] quit
5. Verify the configuration.
Execute the display vpls connection command on each device. You will see that a PW in up state has been established between the devices.
Troubleshooting VPLS
Symptom
The VPLS link PW is not up.
Analysis
· The public network LSP tunnel is not established.
· The extended session is not working normally.
· A private VLAN virtual interface is not bound with the corresponding VPLS instance and is not up.
· When LDP is used as the PW signaling protocol, if the corresponding VPLS instances on the two peers have different MTU settings, the PW cannot come up.
Solution
· Check the routing tables of the PEs to see whether a route is available between the two PEs. Check whether each router can ping the loopback interface of the peer and whether the LDP session is normal.
· Check whether any extended session configuration command is missing at either side.
· Check whether the private network interfaces are up or whether the PW to the UPE is up.
· Check whether the PW ID and transport mode are the same on the two peers.
· Check whether the VPLS instances on the two peers are configured with the same MTU value.
