Login
- Table of Contents
- Related Documents
-
| Title | Size | Download |
|---|---|---|
| 03-VPLS Configuration | 270.8 KB |
Table of Contents
1.3 Configuring the Routing Protocol
1.4 Configuring MPLS Basic Capability
1.5 Configuring Remote LDP Sessions
1.6 Configuring BGP Extensions
1.8 Configuring a VPLS Instance
1.8.1 Configuring an LDP VPLS Instance
1.8.2 Configuring a BGP VPLS Instance
1.9 Setting the Access Mode and Binding the VPLS Instance
1.10 Configuring VPLS Attributes
1.11 Displaying and Maintaining VPLS
1.12 VPLS Configuration Example
1.12.1 Configuration Example for VPLS Instances
1.12.2 Configuration Example for H-VPLS Using LSP
Chapter 1 VPLS Configuration
& Note:
l A routing switch running MPLS also provides router functionality. The routers mentioned in this document represent general routers or Layer 3 Ethernet switches running MPLS.
l To run VPLS on an S9500 series, you should redirect the VPLS traffic in the ISP network to the virtual service interface that corresponds to the L3+ card and bind VPLS instances to MPLS-VPLS virtual service interfaces. For configuration details, refer to the part describing MPLS mixed installation configuration.
l For the S9500 series, only the interface cards with C, CA, or CB name suffix and the VPLS service processing cards support MPLS. To enable MPLS VPN on an S9500 series switch, you should install an MPLS-capable interface card or a VPLS service processing card. You can distinguish the name suffix of a card by the silk screen on top right of the card’s front panel. For example, the silk screen of the LSB1P4G8CA0 card is P4G8CA, with suffix “CA”.
When configuring VPLS, go to these sections for information you are interested in:
l Displaying and Maintaining VPLS
1.1 VPLS Overview
Virtual private LAN service (VPLS), also called transparent LAN service (TLS) or virtual private switched network service, can deliver a point-to-multipoint L2VPN service over public networks. With VPLS, geographically-dispersed sites can interconnect and communicate over MAN or WAN as if they were on the same LAN.
VPLS is also called transparent LAN service (TLS) or virtual private switched network service.
VPLS provides Layer 2 VPN services. However, it supports multipoint services, rather than the point-to-point services that traditional VPN supports. With VPLS, service providers can create on the PEs a series of virtual switches for customers, allowing customers to build their LANs across the metropolitan area network (MAN) or wide area network (WAN).
1.1.1 Operation of VPLS
I. Basic VPLS concepts
l CE
Customer edge device that is directly connected with the service provider network.
l PE
Provider edge device that connects one or more CEs to the service provider network. A PE maps and forwards packets between private networks and public network tunnels. A PE can be a UPE or NPE.
l UPE
User facing provider edge device that functions as the user access convergence device.
l NPE
Network provider edge device that functions as the network core PE. An NPE resides at the edge of a VPLS network core domain and provides transparent VPLS transport services between core networks.
l VSI
Virtual switch instance that maps actual VPLS access links to virtual links.
l PW
Pseudo wire that is the bidirectional virtual connection between VSIs. A PW consists of two unidirectional MPLS virtual circuits (VCs).
l AC
Attachment circuit that connects the CE to the PE. It can use physical interfaces or virtual interfaces. Usually, all user packets on an AC, including Layer 2 and Layer 3 protocol messages, must be forwarded to the peer site without being changed.
l QinQ
802.1Q in 802.1Q, a tunneling protocol based on 802.1Q. It offers a point-to-multipoint L2VPN service mechanism. With QinQ, the private network VLAN tags of packets are encapsulated into the public network VLAN tags, allowing packets to be transmitted with two layers of tags across the service provider network. This provides a simpler Layer 2 VPN tunneling service.
l Forwarders
A forwarder functions as the VPLS forwarding table. Once a PE receives a packet from an AC, the forwarder selects a PW for forwarding the packet.
l Tunnel
A tunnel, usually an MPLS tunnel, is a direct channel between a local PE and the peer PE for transparent data transmission in-between. It is used to carry PWs. A tunnel can carry multiple PWs.
l Encapsulation
Packets transmitted over a PW use the standard PW encapsulation formats and technologies: raw and tagged.
l PW signaling
The PW signaling protocol is the fundament of VPLS. It is used for creating and maintaining PWs and automatically discovering VSI peer PE. Currently, there are two PW signaling protocols: LDP and BGP.
l QoS
Quality of service (QoS) is implemented by mapping the preference information in the packet header to the QoS preference information transferred on the public network.
Figure 1-1 shows a typical VPLS networking scenario.
Figure 1-1 Network diagram for VPLS
II. MAC address learning and flooding
VPLS provides reachability information by learning MAC addresses. Each PE maintains a MAC address table.
1) Source MAC address learning
MAC address learning includes two parts:
l Remote MAC address learning associated with PWs
A PW consists of two unidirectional VC LSPs. A PW is up only when both of the VC LSPs are up. When the inbound VC LSP learns a new MAC address, the PW needs to map the MAC address to the outbound VC LSP.
l Local MAC address learning of interfaces directly connected with users
This refers to learning source MAC addresses from Layer 2 packets originated by CEs. This occurs on the corresponding VSI interfaces.
Figure 1-2 shows the procedure of MAC address learning and flooding on PEs.
Figure 1-2 MAC learning and flooding on PEs
2) MAC address reclaim
Dynamic address learning must support refreshing and relearning. The VPLS draft defines a dynamic address learning method that uses the address reclaim message, which carries MAC TLV. Upon receiving such a message, a device removes MAC addresses or relearns them according to the specified parameters in the TLV. If NULL is specified, the device removes all MAC addresses of the VSI except for those learned from the PW that received the address reclaim message.
The address reclaim message is very useful when the network topology changes and it is required to remove the learned MAC addresses quickly. There are two types of address reclaim messages: those with MAC address lists and those without MAC address lists.
After a backup link becomes active and a message with relearning MAC entries arrives, a PE updates the corresponding MAC entries in the FIB table of the VPLS instance and sends the message to other PEs that are directly connected through LDP sessions. If the message contains a null MAC address TLV list, these PEs remove all MAC addresses from the specified VSI instance, except for those learned from the PW that sent the message.
3) MAC address aging
Remote MAC addresses learned by a PE that are related to VC labels but no more in use need to be aged out by an aging mechanism. The aging mechanism used here is the aging timer corresponding to the MAC address. When receiving a packet whose source MAC address has an aging timer started, the PE resets the aging timer.
III. VPLS loop avoidance
Generally, Layer 2 networks use spanning tree protocol (STP) to avoid loops. For users using the VPLS solution, they cannot sense the Internet service provider’s network (ISP network), and therefore they will not take the ISP network into account when configuring STP in their private networks. In a VPLS network, horizontal split is used to avoid loops.
Two methods for VPLS loop avoidance are supported:
l PEs are logically fully meshed (so are PWs), that is, each PE must create for each VPLS forwarding instance a tree to all the other PEs of the instance.
l Each PE must support horizontal split to avoid loops, that is, a PE cannot forward packets via PWs of the same VSI instance, because all the PEs of a VSI instance are directly connected. In other words, packets from PWs on the public network side cannot be forwarded to other PWs; they can only be forwarded to the private network side.
IV. Peer PE discovery and PW signaling protocol
l For PE devices in the same VSI, you can configure the remote PE addresses manually or using an automatic discovery mechanism. Currently, LDP and BGP can be used to automatically discover VSI peer PEs, and the extensions of the two protocols can be used as the PW signaling protocol to create PWs.
l The PW signaling protocol is designed to assign multiplex distinguishing flags (that is, VC labels) and advertise the assigned VC flags to the peer. In addition, the PW signaling protocol advertises VPLS system parameters such as PW ID, control word, and interface parameters. With the PW signaling protocol, fully meshed PWs can be established between PEs for VPLS services.
1.1.2 VPLS Packet Structure
I. Packet encapsulation on an AC
The packet encapsulation type of an AC depends on the user VSI access mode: VLAN, Ethernet.
l VLAN access: The Ethernet header of a packet transferred between CE and PE includes a VLAN tag, which is added in the header as a service delimiter for the service provider network to identify the user. The tag is also called P-TAG.
l Ethernet access: The Ethernet header of a packet transferred between CE and PE does not contain any service delimiter. If a header contains a VLAN tag, it is the internal VLAN tag of the user and means nothing to the PE. This kind of internal VLAN tag of the user is also called U-TAG.
You can specify the VSI access mode to be used.
II. Packet encapsulation on a PW
The packet encapsulation type of a PW can be either raw or tagged.
l In raw mode, P-TAG is not transferred on the PW. If a packet from a CE contains a service delimiter, the system removes the service delimiter and adds two levels of MPLS labels into the packet before sending the packet out. If no delimiter is contained, the system directly adds two levels of MPLS labels into the packet and then sends the packet out. For a packet sent from a PE downstream, whether the system adds the service delimiter into the packet depends on your configuration. However, rewriting and removing of any existing tags are not allowed.
l In tagged mode, any packet to the PW must carry P-TAG. For a packet from a CE, if it contains the service delimiter, the system directly adds two levels of MPLS labels into the packet and sends the packet out. Otherwise, the system adds a null tag together with two levels of MPLS labels into the packet and sends the packet out. For a packet sent from a PE downstream, the system rewrites, removes, or retains the service delimiter depending on your configuration.
According to the protocol, the packet encapsulation type of a PW is tagged by default.
1.1.3 H-VPLS Implementation
Hierarchy of VPLS (H-VPLS) can extend the VPLS access range of a service provider and reduce costs.
1) Advantages of H-VPLS access
l H-VPLS has lower requirements on the convergence device of multi-tenant unit switch (MTU-s). It has distinct hierarchies which fulfill definite tasks.
l H-VPLS reduces the logical complexity of fully meshed PEs and the configuration complexity.
2) Two H-VPLS access modes
l H-VPLS LSP access
As shown in Figure 1-3, UPE functions as the convergence device MTU-s and establishes a virtual link U-PW with NPE 1 and NPE 2 respectively, where the U-PW established with NPE 2 is blocked. It does not establish virtual links with any other peers.
Data forwarding is as follows:
l Upon receiving a packet from a CE, UPE tags the packet with the corresponding MPLS label, the multiplex distinguishing flag, and sends the packet to NPE 1.
l When receiving the packet, NPE 1 determines to which VSI the packet belongs by the label and, based on the destination MAC address of the packet, tags the packet with the multiplex distinguishing flag for N-PW, and forwards the packet.
l Upon receiving the packet from N-PW, NPE 1 tags the packet with the multiplex distinguishing flag for U-PW and sends the packet to UPE, which forwards the packet to the CE.
For packets to be exchanged between CE 1 and CE 2, UPE can forward them directly without NPE 1 because it holds the bridging function by itself. For the first packet with an unknown destination MAC address or a broadcast packet, UPE broadcasts the packet to CE 2 through the bridging function and, at the same time, forwards it through U-PW to NPE 1, which replicates the packet and sends a copy to each peer CE.
l H-VPLS QinQ access
As shown in Figure 1-4, MTU is a standard bridging device and QinQ is enabled on its interfaces connected with CEs.
Data forwarding is as follows:
l Upon receiving a packet from a CE, MTU labels the packet with VLAN tag as the multiplex distinguishing flag, and transparently sends the packet to PE 1 through the QinQ tunnel.
l When receiving the packet, PE 1 determines to which VSI the packet belongs by the VLAN tag and, based on the destination MAC address of the packet, tags the packet with the multiplex distinguishing flag (MPLS label) for PW. Then, it forwards the packet.
l Upon receiving the packet from PW, PE 1 determines to which VSI the packet belongs by the multiplex distinguishing flag (MPLS label) and, based on the destination MAC address of the packet, labels the packet with the VLAN tag. Then, it forwards the packet through the QinQ tunnel to MTU, which forwards the packet to the CE.
For packets to be exchanged between CE 1 and CE 2, MTU can forward them directly without PE 1 because it holds the bridging function by itself. For the first data packet with an unknown destination MAC address or a broadcast packet, MTU broadcasts the packet to CE 2 through the bridging function and, at the same time, forwards it through the QinQ tunnel to PE 1, which replicates the packet and sends a copy to each peer CE.
1.2 Configuration Task List
Follow these tasks to configure VPLS:
|
Task |
Remarks |
|
Required |
|
|
Required |
|
|
Required Choose either |
|
|
Required |
|
|
Required |
|
|
Required |
|
|
Optional |
1.3 Configuring the Routing Protocol
You need to configure some basic routing protocols to make the P and PE devices to be able to exchange routing information. Currently, the available routing protocols are static routing protocol, RIP, OSPF, EBGP, and so on.
1.4 Configuring MPLS Basic Capability
MPLS basic capability is required to create LSP tunnels on the public network. For configuration information, refer to MPLS Basics Configuration.
1.5 Configuring Remote LDP Sessions
You are required to configure LDP remote peers for remote LDP sessions establishment. For configuration information, refer to MPLS L2VPN Configuration in MPLS Volume.
1.6 Configuring BGP Extensions
In Kompella mode, VSI uses extended BGP as the signaling protocol to distribute VC labels. Therefore, you need to configure BGP parameters on the PEs. For configuration information, refer to BGP Configuration in IP Routing Volume.
I. Configuration prerequisites
Before configuring BGP extensions, complete these tasks:
l Configuring IGP on the PEs and P devices to guarantee the IP connectivity of the MPLS backbone
l Configuring MPLS basic capability for the MPLS backbone on the PEs and P devices
l Configuring BGP related parameters on the PEs
II. Configuration procedure
Follow these steps to configure BGP extensions:
|
To do… |
Use the command… |
Remarks |
|
Enter system view |
system-view |
— |
|
Enter BGP view |
bgp as-number |
— |
|
Enter VPLS address family view |
vpls-family |
Required |
|
Activate a peer |
peer peer-address enable |
Required No peer is activated by default. |
1.7 Configuring MPLS L2VPN
You must enable MPLS L2VPN before performing VPLS related configurations. For details about MPLS L2VPN configuration, refer to MPLS L2VPN Configuration.
Follow these steps to configure MPLS L2VPN:
|
To do… |
Use the command… |
Remarks |
|
Enter system view |
system-view |
— |
|
Configure the MPLS LSR ID |
mpls lsr-id |
Required |
|
Configure MPLS basic capability and enter MPLS view |
mpls |
Required |
|
Return to system view |
quit |
— |
|
Enable MPLS L2VPN |
mpls l2vpn |
Required |
1.8 Configuring a VPLS Instance
1.8.1 Configuring an LDP VPLS Instance
I. Configuration prerequisites
l Configuring IGP on the PEs and P devices to guarantee the IP connectivity of the MPLS backbone
l Configuring MPLS basic capability for the MPLS backbone on the PEs and P devices
l Configuring MPLS L2VPN
II. Configuration procedure
When creating an LDP VPLS instance, you must specify a globally unique name for the VPLS instance and set the peer discovery mechanism to manual configuration.
In L2VPN implementation, the Martini mode uses extended LDP (remote LDP sessions) as the signaling for transferring PW information. Therefore, the LDP mode is also called the Martini mode. When configuring a VPLS instance in LDP mode, you must configure LDP as the signaling protocol to be used.
You can use the peer command to create the VPLS peer PE for an instance. Note that you must specify the IP address and type of the peer PE.
l A peer of the UPE type is the user access convergence device in the H-VPLS model.
l A peer of the Dual-NPE type is the primary or secondary NPE device in the H-VPLS model. Up to two peers of this type can be configured.
You can also specify the peer VC ID, which must be identical to that configured on the peer.
The specified remote peer NPEs need to be fully meshed, while between UPEs and NPEs are not.
In addition, you can configure a policy to prefer certain tunnels to the peer.
& Note:
For information about Martini mode, refer to MPLS L2VPN Configuration in MPLS VPN Volume.
Follow these steps to configure an LDP VPLS instance:
|
To do… |
Use the command… |
Remarks |
|
Enter system view |
system-view |
— |
|
Create an LDP VPLS instance and enter VSI view |
vsi vsi-name static |
Required |
|
Specify LDP as the PW signaling protocol and enter VSI LDP view |
pwsignal ldp |
Required |
|
Specify an ID for the VPLS instance |
vsi-id vsi-id |
Required |
|
Create a peer PE for the VPLS instance |
peer ip-address [ negotiation-vc-id pw-id ] [ tnl-policy tunnel-policy-name ] [ upe | dual-npe ] [ trans-mode { raw | tagged } ] |
Required |
1.8.2 Configuring a BGP VPLS Instance
I. Configuration prerequisites
l Configuring IGP on the PEs and P devices to guarantee the IP connectivity of the MPLS backbone
l Configuring MPLS basic capability for the MPLS backbone on the PEs and P devices
l Configuring MPLS L2VPN
II. Configuration procedure
When creating a BGP VPLS instance, you must specify a globally unique name for the VPLS instance and set the peer discovery mechanism to automatic configuration.
In L2VPN implementation, the Kompella mode uses extended BGP as the signaling protocol for transferring VC information. Therefore, the BGP mode is also called the Kompella mode. When configuring a VPLS instance in BGP mode, you must configure BGP as the signaling protocol to be used.
Follow these steps to configure a BGP VPLS instance:
|
To do… |
Use the command… |
Remarks |
|
Enter system view |
system-view |
— |
|
Create a BGP VPLS instance and enter VSI view |
vsi vsi-name auto |
Required |
|
Specify BGP as the PW signaling protocol and enter VSI BGP view |
pwsignal bgp |
Required |
|
Configure an RD for the VPLS instance |
route-distinguisher route-distinguisher |
Required |
|
Configure VPN targets for the VPLS instance |
vpn-target vpn-target&<1-16> [ both | import-extcommunity | export-extcommunity ] |
Required |
|
Create a site for the VPLS instance |
site site-id [ range site-range ] [ default-offset { 0 | 1 } ] |
Required |
1.9 Setting the Access Mode and Binding the VPLS Instance
I. Configuration prerequisites
l Configuring the VPLS instance VSI
l Configuring basic VLAN interface parameters. For configuration information, refer to VLAN Configuration.
II. Configuration procedure
The configuration required on the VLAN interface depends on the user access mode:
l For Ethernet access, the QinQ feature must be enabled on the VLAN interface.
l For VLAN access or H-VPLS access in QinQ mode, the QinQ feature is not required but you must configure the interface as a trunk port. In this case, the VLAN tag of the packet (the currently configured VLAN ID) must be identical to that of a VLAN bound to the trunk port.
l For H-VPLS access in LSP mode of convergence UPE, you do not need to bind the VPLS instance to any VLAN on the NPE.
Follow these steps to set the access mode and bind the VPLS instance:
|
To do… |
Use the command… |
Remarks |
|
Enter system view |
system-view |
— |
|
Enter interface view |
interface interface-type interface-number |
— |
|
Set the access mode and bind the VPLS instance |
l2 binding vsi vsi-name [ access-mode { ethernet | vlan } ] |
Required ethernet by default |
Caution:
Do not bind a VPLS instance and enable MPLS at the same time on a VLAN interface or router sub-interface. If you do this, both configurations will be abnormal and you have to remove both of them before reconfiguration.
1.10 Configuring VPLS Attributes
Follow these steps to configure VPLS attributes:
|
To do… |
Use the command… |
Remarks |
|
Enter system view |
system-view |
— |
|
Enter VSI view |
vsi vsi-name |
— |
|
Set the speed limit of the VPLS instance |
bandwidth vpn-speed |
Optional 102400 kbps by default |
|
Set the broadcast suppression percentage of the VPLS instance |
broadcast-restrain ratio |
Optional 5 (that is, 5%) by default |
|
Set the encapsulation type of the VPLS instance |
encapsulation { ethernet | vlan } |
Optional vlan by default, which corresponds to the VSI PW encapsulation type of tagged. |
|
Set the MTU of the VPLS instance |
mtu mtu |
Optional 1,500 bytes by default |
|
Set the description of the VPLS instance |
description text |
Optional No description set by default |
|
Set the maximum number of MAC addresses in the VPLS instance |
mac-table limit mac-limit-num |
Optional 128 by default |
|
Shut down the VPLS service of the VPLS instance |
shutdown |
Optional The VPLS service of the instance starts up by default. |
|
Specify a tunneling policy for the VPLS instance |
tnl-policy tunnel-policy-name |
Optional By default, a VPLS instance uses the default tunneling policy. |
1.11 Displaying and Maintaining VPLS
I. Displaying and maintaining VPLS
|
To do… |
Use the command… |
Remarks |
|
Display VPLS information in the BGP routing table |
display bgp vpls { all | group [ group-name ] | peer [ [ ip-address ] verbose ] | route-distinguisher route-distinguisher [ site-id site-id [ label-offset label-offset ] ] } |
Available in any view |
|
Display the MAC address table information of one or all VPLS instances |
display mac-address vsi [ vsi-name ] [ dynamic ] [ count ] |
Available in any view |
|
Display information about VPLS connections |
display vpls connection [ bgp | ldp | vsi vsi-name ] [ block | down | up ] [ verbose ] |
Available in any view |
|
Display the FIB information of one or all VPLS instances |
display vpls fib [ vsi vsi-name [ link link-id ] [ verbose ] |
Available in any view |
|
Display information about one or all VPLS instances |
display vsi [ vsi-name ] [ verbose ] |
Available in any view |
|
Display information about remote VPLS connections |
display vsi remote { bgp | ldp } |
Available in any view |
|
Clear the MAC address table of one or all VPLS instances |
reset mac-address vsi [ vsi-name ] |
Available in user view |
II. Resetting VPLS
|
To do… |
Use the command… |
Remarks |
|
Reset a specified or all VPLS BGP connections |
reset bgp vpls { as-number | ip-address | all | external | internal } |
Available in user view |
1.12 VPLS Configuration Example
1.12.1 Configuration Example for VPLS Instances
I. Network requirements
l CE 1 and CE 2 reside in different sites but both belong to VPN 1.
l CE 1 and CE 2 respectively access the PE devices through ports Ethernet 4/1/2, which belong to VLAN 100 on the PE devices.
l The PEs are connected through Ethernet 4/1/1, which belongs to VLAN 10.
l VPLS instance aaa uses LDP, that is, the Martini mode, while bbb uses BGP, that is, the Kompella mode. The AS number is 100.
II. Network diagram
Figure 1-5 Network diagram for configuring VPLS instances
III. Configuration procedure
1) Configure PE 1
# Configure the IGP protocol, which is OSPF in this example. (The configuration details are omitted here.)
# Configure MPLS basic capability.
<Sysname> system-view
[Sysname] sysname PE1
[PE1] interface loopback 0
[PE1-LoopBack0] ip address 1.1.1.9 32
[PE1-LoopBack0]quit
[PE1] mpls lsr-id 1.1.1.9
[PE1] mpls
[PE1-mpls] quit
[PE1] mpls ldp
[PE1-mpls-ldp] quit
# Configure to redirect VPLS traffic to the virtual service port that corresponds to the L3+ card.
[PE1] interface MPLS-VPLS 0/0/2
[PE1-MPLS-VPLS0/0/2] l2vpn-vpls service binding service-id 1
[PE1-MPLS-VPLS0/0/2] quit
# Create VLAN 10 and VLAN-interface 10.
[PE1] vlan 10
[PE1-vlan10] port Ethernet 4/1/1
[PE1-vlan10] quit
[PE1] interface Vlan-interface 10
[PE1-Vlan-interface10] ip address 10.10.10.10 24
# Configure MPLS basic capability on the VLAN interface.
[PE1-Vlan-interface10] mpls
[PE1-Vlan-interface10] mpls ldp
[PE1-Vlan-interface10] quit
# Configure BGP extension.
[PE1] bgp 100
[PE1-bgp] peer 2.2.2.9 as-number 100
[PE1-bgp] peer 2.2.2.9 connection-interface loopback 0
[PE1-bgp] vpls-family
[PE1-bgp-af-vpls] peer 2.2.2.9 enable
[PE1-bgp-af-vpls] quit
[PE1-bgp] quit
# Configure MPLS L2VPN.
[PE1] mpls l2vpn
# Configure the basic attributes of VPLS instance aaa, which uses LDP.
[PE1] vsi aaa static
[PE1-vsi-aaa] pwsignal ldp
[PE1-vsi-aaa-ldp] vsi-id 500
[PE1-vsi-aaa-ldp] peer 2.2.2.9
[PE1-vsi-aaa-ldp] quit
[PE1-vsi-aaa] quit
# Configure the basic attributes of VPLS instance bbb, which uses BGP.
[PE1] vsi bbb auto
[PE1-vsi-bbb] pwsignal bgp
[PE1-vsi-bbb-bgp] route-distinguisher 100:1
[PE1-vsi-bbb-bgp] vpn-target 111:1
[PE1-vsi-bbb-bgp] site 1
[PE1-vsi-bbb-bgp] quit
[PE1-vsi-bbb] quit
# Bind VPLS instance aaa to the MPLS-VPLS virtual service interface.
[PE1] interface MPLS-VPLS 0/0/2
[PE1-MPLS-VPLS0/0/2] l2vpn-vpls service binding vsi aaa
[PE1-MPLS-VPLS0/0/2] quit
# Or, bind VPLS instance bbb to the MPLS-VPLS virtual service interface.
[PE1] interface MPLS-VPLS 0/0/2
[PE1-MPLS-VPLS0/0/2] l2vpn-vpls service binding vsi bbb
[PE1-MPLS-VPLS0/0/2] quit
# Create VLAN 100 and VLAN-interface 100. Bind VPLS instance aaa or bbb to the interface.
[PE1] vlan 100
[PE1-Vlan-100] port Ethernet 4/1/2
[PE1-Vlan-100] interface Vlan-interface 100
// Bind VPLS instance aaa to VLAN-interface 100.
[PE1-Vlan-interface100] l2 binding vsi aaa
// Bind VPLS instance bbb to VLAN-interface 100.
[PE1-Vlan-interface100] l2 binding vsi bbb
[PE1-Vlan-interface100] quit
2) Configure PE 2
# Configure the IGP protocol, which is OSPF in this example. (The configuration details are omitted here).
# Configure MPLS basic capability.
<Sysname> system-view
[Sysname] sysname PE2
[PE2] interface loopback 0
[PE2-LoopBack0] ip address 2.2.2.9 32
[PE2] mpls lsr-id 2.2.2.9
[PE2] mpls
[PE2-mpls] quit
[PE2] mpls ldp
[PE2-mpls-ldp] quit
# Configure to redirect VPLS traffic to the virtual service port that corresponds to the L3+ card.
[PE2] interface MPLS-VPLS 0/0/2
[PE2-MPLS-VPLS0/0/2] l2vpn-vpls service binding service-id 1
[PE2-MPLS-VPLS0/0/2] quit
# Create VLAN 10 and VLAN-interface 10.
[PE2] vlan 10
[PE2-vlan10] port Ethernet 4/1/1
[PE2-vlan10] quit
[PE2] interface Vlan-interface 10
[PE2-Vlan-interface10] ip address 10.10.10.11 24
# Configure MPLS basic capability on the VLAN interface.
[PE2-Vlan-interface10] mpls
[PE2-Vlan-interface10] mpls ldp
[PE2-Vlan-interface10] quit
# Configure BGP extensions.
[PE2] bgp 100
[PE2-bgp] peer 1.1.1.9 as-number 100
[PE2-bgp] peer 1.1.1.9 connection-interface loopback 0
[PE2-bgp] vpls-family
[PE2-bgp-af-vpls] peer 1.1.1.9 enable
[PE2-bgp-af-vpls] quit
[PE2-bgp] quit
# Configure MPLS L2VPN.
[PE2] mpls l2vpn
# Configure the basic attributes of VPLS instance aaa, which uses LDP.
[PE2] vsi aaa static
[PE2-vsi-aaa] pwsignal ldp
[PE2-vsi-aaa-ldp] vsi-id 500
[PE2-vsi-aaa-ldp] peer 1.1.1.9
[PE2-vsi-aaa-ldp] quit
[PE2-vsi-aaa] quit
# Configure the basic attributes of VPLS instance bbb, which uses BGP.
[PE2] vsi bbb auto
[PE2-vsi-bbb] pwsignal bgp
[PE2-vsi-bbb-bgp] route-distinguisher 100:1
[PE2-vsi-bbb-bgp] vpn-target 111:1
[PE2-vsi-bbb-bgp] site 2
[PE2-vsi-bbb-bgp] quit
[PE2-vsi-bbb] quit
# Bind VPLS instance aaa to the MPLS-VPLS virtual service interface.
[PE2] interface MPLS-VPLS 0/0/2
[PE2-MPLS-VPLS0/0/2] l2vpn-vpls service binding vsi aaa
[PE2-MPLS-VPLS0/0/2] quit
# Or, bind VPLS instance bbb to the MPLS-VPLS virtual service interface.
[PE2] interface MPLS-VPLS 0/0/2
[PE2-MPLS-VPLS0/0/2] l2vpn-vpls service binding vsi bbb
[PE2-MPLS-VPLS0/0/2] quit
# Create VLAN 100 and VLAN-interface 100. Bind VPLS instance aaa or bbb to the interface.
[PE2] vlan 100
[PE2-vlan-100] port Ethernet 4/1/2
[PE2-vlan-100] quit
[PE2] interface Vlan-interface 100
// Bind VPLS instance aaa to VLAN-interface 100.
[PE2-Vlan-interface100] l2 binding vsi aaa
// Bind VPLS instance bbb to VLAN-interface 100.
[PE2-Vlan-interface100] l2 binding vsi bbb
[PE2-Vlan-interface100] quit
After completing the above configurations, you can execute the display vpls connection command on the PEs. There should be a PW connection established which is in the up state.
1.12.2 Configuration Example for H-VPLS Using LSP
I. Network requirements
l A PW connection (U-PW) is set between UPE and NPE 1 and between UPE and NPE 2 respectively (for backup purpose). CE 1 and CE 2 access the network through UPE.
l A PW connection (N-PW) is set between NPE 1 and NPE and between NPE 2 and NPE respectively. CE 3 accesses the network through PE.
l CE 1 and CE 2 access UPE through ports Ethernet 4/1/4 and Ethernet 4/1/5 respectively, which belongs to VLAN 100. CE 3 accesses PE through port Ethernet 4/1/6, which belongs to VLAN 100.
l UPE and NPE 1 are connected through ports Ethernet 4/1/2, which belong to VLAN 10 on UPE and NPE 1 respectively.
l UPE and NPE 2 are connected through ports Ethernet 4/1/3, which belong to VLAN 30 on UPE and NPE 2 respectively.
l NPE 1 and PE are connected through ports Ethernet 4/1/1, which belong to VLAN 20 on NPE 1 and PE respectively.
l NPE 2 and PE are connected through ports Ethernet 4/1/4, which belong to VLAN 40 on NPE 2 and PE respectively.
l NPE 1 and NPE 2 are connected through ports Ethernet 4/1/5, which belong to VLAN 50 on NPE 1 and NPE 2 respectively.
l VPLS instance aaa uses LDP, that is, the Martini mode.
II. Network diagram
Figure 1-6 Network diagram for configuring H-VPLS using LSP
III. Configuration procedure
1) Configure the IGP protocol on the MPLS backbone, which is OSPF in this example. (The configuration details are omitted here.)
2) Configure UPE
# Configure MPLS basic capability.
<Sysname> system-view
[Sysname] sysname UPE
[UPE] mpls lsr-id 60.4.4.4
[UPE] mpls
[UPE-mpls] quit
[UPE] mpls ldp
[UPE-mpls-ldp] quit
# Configure to redirect VPLS traffic to the virtual service port that corresponds to the L3+ card.
[UPE] interface MPLS-VPLS 0/0/2
[UPE-MPLS-VPLS0/0/2] l2vpn-vpls service binding service-id 1
[UPE-MPLS-VPLS0/0/2] quit
# Configure the MPLS basic capability on the interface connected with NPE 1.
[UPE] vlan 10
[UPE-vlan10] port Ethernet 4/1/2
[UPE-vlan10] quit
[UPE] interface Vlan-interface 10
[UPE-Vlan-interface10] ip address 60.41.41.4 24
[UPE-Vlan-interface10] mpls
[UPE-Vlan-interface10] mpls ldp
[UPE-Vlan-interface10] quit
# Configure the MPLS basic capability on the interface connected with NPE 2.
[UPE] vlan 30
[UPE-vlan30] port Ethernet 4/1/3
[UPE-vlan30] quit
[UPE] interface Vlan-interface 30
[UPE-Vlan-interface30] ip address 60.42.42.4 24
[UPE-Vlan-interface30] mpls
[UPE-Vlan-interface30] mpls ldp
[UPE-Vlan-interface30] quit
# Configure MPLS L2VPN.
[UPE] mpls l2vpn
# Configure the basic attributes of VPLS instance aaa, which uses LDP, and configure the peer as the Dual-NPE type.
[UPE] vsi aaa static
[UPE-vsi-aaa] pwsignal ldp
[UPE-vsi-aaa-ldp] vsi-id 500
[UPE-vsi-aaa-ldp] peer 60.1.1.1 dual-npe
[UPE-vsi-aaa-ldp] peer 60.2.2.2 dual-npe
[UPE-vsi-aaa-ldp] quit
[UPE-vsi-aaa] quit
# Bind VPLS instance aaa to the MPLS-VPLS virtual service interface.
[UPE] interface MPLS-VPLS 0/0/2
[UPE-MPLS-VPLS0/0/2] l2vpn-vpls service binding vsi aaa
[UPE-MPLS-VPLS0/0/2] quit
# Create VLAN 100 and VLAN-interface 100. Bind VPLS instance aaa to the interface.
[UPE] vlan 100
[UPE-vlan100] port Ethernet 4/1/4
[UPE-vlan100] port Ethernet 4/1/5
[UPE-vlan100] quit
[UPE] interface Vlan-interface 100
[UPE-Vlan-interface100] l2 binding vsi aaa
[UPE-Vlan-interface100] quit
3) Configure NPE 1
# Configure MPLS basic capability.
<Sysname> system-view
[Sysname] sysname NPE1
[NPE1] mpls lsr-id 60.1.1.1
[NPE1] mpls
[NPE1–mpls] quit
[NPE1] mpls ldp
[NPE1–mpls-ldp] quit
# Configure to redirect VPLS traffic to the virtual service port that corresponds to the L3+ card.
[NPE1] interface MPLS-VPLS 0/0/2
[NPE1-MPLS-VPLS0/0/2] l2vpn-vpls service binding service-id 1
[NPE1-MPLS-VPLS0/0/2] quit
# Configure MPLS basic capability on the interface connected with UPE.
[NPE1] vlan 10
[NPE1-vlan10] port Ethernet 4/1/2
[NPE1-vlan10] quit
[NPE1] interface Vlan-interface 10
[NPE1-Vlan-interface10] ip address 60.41.41.1 24
[NPE1-Vlan-interface10] mpls
[NPE1-Vlan-interface10] mpls ldp
[NPE1-Vlan-interface10] quit
# Configure MPLS basic capability on the interface connected with NPE 2.
[NPE1] vlan 50
[NPE1-vlan50] port Ethernet 4/1/5
[NPE1-vlan50] quit
[NPE1] interface Vlan-interface 50
[NPE1-Vlan-interface50] ip address 60.15.15.1 24
[NPE1-Vlan-interface50] mpls
[NPE1-Vlan-interface50] mpls ldp
[NPE1-Vlan-interface50] quit
# Configure MPLS basic capability on the interface connected with PE.
[NPE1] vlan 20
[NPE1-vlan20] port Ethernet 4/1/1
[NPE1-vlan20] quit
[NPE1] interface Vlan-interface 20
[NPE1-Vlan-interface20] ip address 60.13.13.1 24
[NPE1-Vlan-interface20] mpls
[NPE1-Vlan-interface20] mpls ldp
[NPE1-Vlan-interface20] quit
# Configure MPLS L2VPN.
[NPE1] mpls l2vpn
# Configure the basic attributes of VPLS instance aaa, which uses LDP.
[NPE1] vsi aaa static
[NPE1-vsi-aaa] pwsignal ldp
[NPE1-vsi-aaa-ldp] vsi-id 500
[NPE1-vsi-aaa-ldp] peer 60.4.4.4 upe
[NPE1-vsi-aaa-ldp] peer 60.3.3.3
[NPE1-vsi-aaa-ldp] peer 60.2.2.2
[NPE1-vsi-aaa-ldp] quit
[NPE1-vsi-aaa] quit
# Bind VPLS instance aaa to MPLS-VPLS virtual service interface.
[NPE1] interface MPLS-VPLS 0/0/2
[NPE1-MPLS-VPLS0/0/2] l2vpn-vpls service binding vsi aaa
[NPE1-MPLS-VPLS0/0/2] quit
4) Configure NPE 2
# Configure MPLS basic capability.
<Sysname> system-view
[Sysname] sysname NPE2
[NPE2] mpls lsr-id 60.2.2.2
[NPE2] mpls
[NPE2–mpls] quit
[NPE2] mpls ldp
[NPE2–mpls-ldp] quit
# Configure to redirect VPLS traffic to the virtual service port that corresponds to the L3+ card.
[NPE2] interface MPLS-VPLS 0/0/2
[NPE2-MPLS-VPLS0/0/2] l2vpn-vpls service binding service-id 1
[NPE2-MPLS-VPLS0/0/2] quit
# Configure MPLS basic capability on the interface connected with UPE.
[NPE2] vlan 30
[NPE2-vlan30] port Ethernet 4/1/3
[NPE2-vlan30] quit
[NPE2] interface Vlan-interface 30
[NPE2-Vlan-interface30] ip address 60.42.42.1 24
[NPE2-Vlan-interface30] mpls
[NPE2-Vlan-interface30] mpls ldp
[NPE2-Vlan-interface30] quit
# Configure MPLS basic capability on the interface connected with NPE 1.
[NPE2] vlan 50
[NPE2-vlan50] port Ethernet 4/1/5
[NPE2-vlan50] quit
[NPE2] interface Vlan-interface 50
[NPE2-Vlan-interface50] ip address 60.15.15.3 24
[NPE2-Vlan-interface50] mpls
[NPE2-Vlan-interface50] mpls ldp
[NPE2-Vlan-interface50] quit
# Configure MPLS basic capability on the interface connected with PE.
[NPE2] vlan 40
[NPE2-vlan40] port Ethernet 4/1/4
[NPE2-vlan40] quit
[NPE2] interface Vlan-interface 40
[NPE2-Vlan-interface40] ip address 60.14.14.1 24
[NPE2-Vlan-interface40] mpls
[NPE2-Vlan-interface40] mpls ldp
[NPE2-Vlan-interface40] quit
# Configure MPLS L2VPN.
[NPE2] mpls l2vpn
# Configure the basic attributes of VPLS instance aaa, which uses LDP.
[NPE2] vsi aaa static
[NPE2-vsi-aaa] pwsignal ldp
[NPE2-vsi-aaa-ldp] vsi-id 500
[NPE2-vsi-aaa-ldp] peer 60.4.4.4 upe
[NPE2-vsi-aaa-ldp] peer 60.3.3.3
[NPE2-vsi-aaa-ldp] peer 60.1.1.1
[NPE2-vsi-aaa-ldp] quit
[NPE2-vsi-aaa] quit
# Bind VPLS instance aaa to the MPLS-VPLS virtual service interface.
[NPE2] interface MPLS-VPLS 0/0/2
[NPE2-MPLS-VPLS0/0/2] l2vpn-vpls service binding vsi aaa
[NPE2-MPLS-VPLS0/0/2] quit
5) Configure PE
# Configure MPLS basic capability.
<Sysname> system-view
[Sysname] sysname PE
[PE] mpls lsr-id 60.3.3.3
[PE] mpls
[PE–mpls] quit
[PE] mpls ldp
[PE–mpls-ldp] quit
# Configure to redirect VPLS traffic to the virtual service port that corresponds to the L3+ card.
[PE] interface MPLS-VPLS 0/0/2
[PE-MPLS-VPLS0/0/2] l2vpn-vpls service binding service-id 1
[PE-MPLS-VPLS0/0/2] quit
# Configure MPLS basic capability on the interface connected with NPE 1.
[PE] vlan 20
[PE-vlan20] port Ethernet 4/1/1
[PE-vlan20] quit
[PE] interface Vlan-interface 20
[PE-Vlan-interface20] ip address 60.13.13.3 24
[PE-Vlan-interface20] mpls
[PE-Vlan-interface20] mpls ldp
[PE-Vlan-interface20] quit
# Configure MPLS basic capability on the interface connected with NPE 2.
[PE] vlan 40
[PE-vlan40] port Ethernet 4/1/4
[PE-vlan40] quit
[PE] interface Vlan-interface 40
[PE-Vlan-interface40] ip address 60.14.14.3 24
[PE-Vlan-interface40] mpls
[PE-Vlan-interface40] mpls ldp
[PE-Vlan-interface40] quit
# Configure MPLS L2VPN.
[PE] mpls l2vpn
# Configure the basic attributes of VPLS instance aaa, which uses LDP.
[PE] vsi aaa static
[PE-vsi-aaa] pwsignal ldp
[PE-vsi-aaa-ldp] vsi-id 500
[PE-vsi-aaa-ldp] peer 60.1.1.1
[PE-vsi-aaa-ldp] peer 60.2.2.2
[PE-vsi-aaa-ldp] quit
[PE-vsi-aaa] quit
# Bind VPLS instance aaa to the MPLS-VPLS virtual service interface.
[PE] interface MPLS-VPLS 0/0/2
[PE-MPLS-VPLS0/0/2] l2vpn-vpls service binding vsi aaa
[PE-MPLS-VPLS0/0/2] quit
# Create VLAN 100 and VLAN-interface 100. Bind VPLS instance aaa to the interface.
[PE] vlan 100
[PE-vlan100] port Ethernet 4/1/6
[PE-vlan100] quit
[PE] interface Vlan-interface 100
[PE-Vlan-interface100] l2 binding vsi aaa
[PE-Vlan-interface100] quit
After completing the above configurations, you can execute the display vpls connection command on the UPE. There should be two PW connection established, with one in up state and the other in block state.
[UPE] display vpls connection vsi aaa
2 total connections,
connections: 1 up, 1 block, 0 down
VSI Name: aaa Signaling: ldp
VsiID VsiType PeerAddr InLabel OutLabel LinkID VCState
500 vlan 60.1.1.1 131078 131074 1 up
500 vlan 60.2.2.2 131082 131086 2 block
1.13 Troubleshooting VPLS
Symptom:
The VPLS link PW is not up.
Analysis:
l The public network LSP tunnel is not established.
l The extended session is not working normally.
l A private VLAN virtual interface is not bound with the corresponding VPLS instance and is not up.
l The MTU parameters of the VPLS instances in LDP mode on the two peers are not consistent.
l If the VLAN interface is not up, the PW is not either.
Solution:
l Check the routing tables of the PEs to see whether a route is available between the two PEs. Check whether each device can ping the loopback interface of the peer and whether the LDP session is normal.
l Check whether any extended session configuration command is missing at either side.
l Check whether the private network interfaces are up or whether the PW to the UPE is up.
l Check whether the two peers have the same MTU for VPLS instance, the same VC ID and the same transmission mode.
