Login
- Table of Contents
- Related Documents
-
| Title | Size | Download |
|---|---|---|
| 05-MPLS L2VPN Configuration | 190.95 KB |
Contents
Remote connection establishment
MPLS L2VPN configuration task list
Configuring a Layer 3 interface
Configuring a service instance on a Layer 2 Ethernet interface
Binding an AC to a cross-connect
Binding a Layer 3 interface to a cross-connect
Binding a service instance to a cross-connect
Displaying and maintaining MPLS L2VPN
MPLS L2VPN configuration example
Configuring an LDP PW (flexible mode)
MPLS L2VPN can provide both point-to-point connections and point-to-multipoint connections. This chapter describes only the MPLS L2VPN technologies that provide point-to-point connections.
The switch does not support MPLS L2VPN when the system is operating in standard mode. For more information about system operating modes, see Fundamentals Configuration Guide.
Overview
MPLS L2VPN offers Layer 2 VPN services over an MPLS or IP backbone. It can transparently transmit Layer 2 data for different data link layer protocols, including Ethernet, VLAN, ATM, FR, and PPP.
For the perspective of users, the MPLS or IP backbone is a Layer 2 switched network. For example, when two Ethernet networks are connected through MPLS L2VPN over an MPLS backbone, Ethernet users cannot sense the existence of the MPLS backbone, and they consider they are connected directly through an Ethernet.
Basic concepts of MPLS L2VPN
· Customer edge—A CE is a customer device directly connected to the service provider network.
· Provider edge—A PE is a service provider device connected to one or more CEs. It provides VPN access by mapping and forwarding packets between user networks and public network tunnels.
· Attachment circuit—An AC is a link between a CE and a PE, such as an FR DLCI, ATM VPI/PWI, Ethernet interface, VLAN, or PPP connection.
· Pseudowire—A PW a virtual bidirectional connection between two PEs. An MPLS PW comprises a pair of LSPs in opposite directions.
· Public tunnel—A public tunnel is a connection that carries one or more PWs across the MPLS or IP backbone. It can be an LSP tunnel, an MPLS TE tunnel, or a GRE tunnel.
· Cross-connect—A cross-connect concatenates two physical or virtual circuits such as ACs and PWs. It switches packets between the two physical or virtual circuits. Cross-connects include AC to AC cross-connect, AC to PW cross-connect, and PW to PW cross-connect.
MPLS L2VPN network models
MPLS L2VPN network models include the remote connection model and local connection model.
Remote connection model
As shown in Figure 1, this model connects two CEs through a PW on an MPLS or IP backbone.
Figure 1 Remote connection model
Local connection model
As shown in Figure 2, this model connects two CEs to the same PE so the CEs can communicate through the PE. The switch does not support the local connection model.
Figure 2 Local connection model
Remote connection establishment
To set up a remote MPLS L2VPN connection:
1. Set up a public tunnel to carry one or more PWs between PEs.
The public tunnel can be an LSP tunnel.
If a PW is established over an LSP tunnel, packets on the PW has two labels. The outer label is the public LSP label that MPLS uses to forward the packet to the peer PE. The inner label is the PW label that the peer PE uses to forward the packet to the destination CE.
2. Set up a PW to identify customer networks.
A PW can be established statically or dynamically through LDP.
To establish a static PW, configure the incoming and outgoing PW labels for the PW on the two PEs. Static PWs consume few resources but have complex configurations. The switch does not support static PWs.
To establish a dynamic PW, configure LDP on the two PEs. LDP defines a new FEC type named PW ID FEC for PEs to exchange PW labels. The new FEC type uses a PW ID and a PW type to identify a PW. The PW ID is the ID of the PW between PEs. The PW type specifies the encapsulation type for data transmitted over the PW, such as ATM, FR, Ethernet, or VLAN. PEs advertise the PW label and PW ID FEC in label mapping messages to create a PW. Dynamic PWs have simple configurations but consume more resources.
3. Set up an AC between a PE and a CE.
Set up an AC by configuring a link layer connection (such as a PPP connection) between a PE and a CE.
An AC can be one of the following types:
¡ Layer 3 physical interface—Transparently forwards received packets over the bound PW.
¡ Layer 3 subinterface—Forwards packets received from the corresponding link to the bound PW. In this mode, VLANs are unique on a per interface basis rather than globally.
¡ VLAN interface—Forwards packets received from the VLAN to the bound PW. In this mode, VLANs are globally unique.
¡ Service instance on a Layer 2 Ethernet interface—Forwards packets that are received on the Layer 2 Ethernet interface and satisfy the match criteria of the service instance to the bound PW. If the match criterion is VLAN ID, the VLAN is unique on a per interface basis rather than globally.
|
|
NOTE: When VLANs are globally unique, packets with the same VLAN ID are forwarded over the PW bound with that VLAN ID regardless of which interfaces they arrived at. If VLANs are unique on a per interface basis, packets with the same VLAN ID from different interfaces can be forwarded over different PWs. |
4. Bind the AC to the PW.
Bind the Layer 3 physical interface, Layer 3 subinterface, VLAN interface, or service instance to the PW, so the PE forwards packets between the AC and the PW.
Ethernet over MPLS
Ethernet over MPLS supports the following access modes:
· Port access mode
In this mode, a Layer 3 Ethernet interface is bound to a PW. Packets received from the Layer 3 Ethernet interface are forwarded through the bound PW. The default data encapsulation type for port access mode is Ethernet.
Figure 3 Packet encapsulation in port mode
· VLAN access mode
In this mode, a Layer 3 Ethernet subinterface or VLAN interface is bound to a PW. Packets received from the VLAN are forwarded through the bound PW. The peer PE can modify the VLAN tag as needed. The default data encapsulation type for VLAN access mode is VLAN.
· Flexible access mode
In this mode, a service instance on a Layer 2 Ethernet interface is bound to a PW. Packets that are received from the Layer 2 Ethernet interface and satisfy the match criteria of the service instance are forwarded to the bound PW. You can configure flexible match criteria for the service instance. For example, configure the service instance to match all packets, tagged packets, or untagged packets. The default data encapsulation type for flexible access mode is VLAN.
The flexible access mode can also implement the port and VLAN access modes through match criteria configuration.
MPLS L2VPN configuration task list
MPLS L2VPN configuration mainly includes the following tasks:
· Configure an IGP to achieve IP connectivity within the backbone.
· Configure basic MPLS or LDP to set up public tunnels across the backbone.
· Configure MPLS L2VPN, set up PWs, and bind ACs to PWs.
This chapter describes only MPLS L2VPN configuration on the PE.
To configure MPLS L2VPN on a PE, perform the following tasks:
|
Tasks at a glance |
Remarks |
|
(Required.) Enabling L2VPN |
N/A |
|
(Required.) Configuring an AC: · Configuring a Layer 3 interface · Configuring a service instance on a Layer 2 Ethernet interface |
Choose either task depending on the AC type. |
|
(Required.) Configuring a cross-connect |
N/A |
|
· (Optional.) Configuring a PW template · (Required.) Configuring an LDP PW |
N/A |
|
(Required.) Binding an AC to a cross-connect: |
Choose either task to bind an AC to a cross-connect. |
Enabling L2VPN
Perform this task to enable L2VPN so the PE can support MPLS L2VPN.
Before you perform this task, configure an LSR ID for the PE with the mpls lsr-id command, and enable MPLS with the mpls enable command on the backbone interface of the PE. For more information about these commands, see MPLS Command Reference.
To enable L2VPN:
|
Step |
Command |
Remarks |
|
1. Enter system view. |
system-view |
N/A |
|
2. Enable L2VPN. |
l2vpn enable |
By default, L2VPN is disabled. |
Configuring an AC
An AC can be either a Layer 3 interface, or a service instance on a Layer 2 Ethernet interface.
Configuring a Layer 3 interface
Configure the Layer 3 interface connected to the CE to create a Layer 2 link between the PE and CE.
The Layer 3 interface type determines the access mode of the AC. On a Layer 3 Ethernet interface or Layer 3 Ethernet subinterface, you can use the access-mode keyword of the ac interface command to specify the access mode as Ethernet or VLAN. By default, the default access mode on a Layer 3 Ethernet interface is Ethernet and that on a Layer 3 Ethernet subinterface is VLAN.
For more information about Layer 3 Ethernet interfaces, see Interface Configuration Guide.
Configuring a service instance on a Layer 2 Ethernet interface
When the PE connects to a CE through a Layer 2 Ethernet interface, you can configure a service instance on the Layer 2 Ethernet interface to match specific packets from the AC.
To configure a service instance:
|
Step |
Command |
Remarks |
|
1. Enter system view. |
system-view |
N/A |
|
2. Enter Layer 2 Ethernet interface view. |
interface interface-type interface-number |
N/A |
|
3. Create a service instance and enter service instance view. |
service-instance instance-id |
By default, no service instance is created. |
|
4. Configure match criteria for the service instance. |
· encapsulation s-vid vlan-id [ only-tagged ] · encapsulation { default | tagged | untagged } |
By default, no match criteria are configured for the service instance. |
Configuring a cross-connect
|
Step |
Command |
Remarks |
|
1. Enter system view. |
system-view |
N/A |
|
2. Create a cross-connect group and enter cross-connect group view. |
xconnect-group group-name |
By default, no cross-connect group is created. |
|
3. (Optional.) Configure a description for the cross-connect group. |
description text |
By default, no description is configured for the cross-connect group. |
|
4. Enable the cross-connect group. |
undo shutdown |
By default, the cross-connect group is enabled. |
|
5. Create a cross-connect and enter cross-connect view. |
connection connection-name |
By default, no cross-connect is created. |
|
6. Configure an MTU for the cross-connect. |
mtu mtu |
The default MTU is 1500 bytes. The two PEs at the ends of an LDP PW must have the same MTU on the cross-connect. Otherwise, the PW cannot go up. |
Configuring a PW
Configuring a PW template
In a PW template, you can configure PW attributes such as the PW type, and whether to enable control word. PWs with the same attributes can reference the same PW template.
To configure a PW template:
|
Step |
Command |
Remarks |
|
1. Enter system view. |
system-view |
N/A |
|
2. Create a PW template and enter PW template view. |
pw-class class-name |
By default, no PW template is created. |
|
3. (Optional.) Enable control word. |
control-word enable |
By default, control word is disabled. |
|
4. (Optional.) Specify the PW type. |
pw-type { ethernet | vlan } |
By default, the PW type is VLAN. |
Configuring an LDP PW
Before you configure an LDP PW, configure MPLS LDP on the PE. For information about MPLS LDP configuration, see "Configuring LDP."
To configure an LDP PW:
|
Step |
Command |
Remarks |
|
1. Enter system view. |
system-view |
N/A |
|
2. Enter cross-connect group view. |
xconnect-group group-name |
N/A |
|
3. Enter cross-connect view. |
connection connection-name |
N/A |
|
4. Configure an LDP PW and enter PW view. |
peer ip-address pw-id pw-id [ pw-class class-name | tunnel-policy tunnel-policy-name ] * |
By default, no LDP PW is configured. If the specified peer PE is not directly connected, the local PE automatically sends a targeted hello to create an LDP session to the peer PE and then exchanges the PW ID FEC and PW label mapping with the peer. |
Binding an AC to a cross-connect
If the AC is a Layer 3 Ethernet interface, bind the Layer 3 interface to the cross-connect.
If the AC is a service instance on a Layer 2 Ethernet interface, bind the service instance to the cross-connect.
Binding a Layer 3 interface to a cross-connect
After you bind a Layer 3 interface to a cross-connect, packets received from the Layer 3 interface are forwarded through the PW or another AC bound to the cross-connect.
To bind a Layer 3 interface to the cross-connect:
|
Step |
Command |
Remarks |
|
1. Enter system view. |
system-view |
N/A |
|
2. Enter cross-connect group view. |
xconnect-group group-name |
N/A |
|
3. Enter cross-connect view. |
connection connection-name |
N/A |
|
4. Bind the AC Layer 3 interface to the cross-connect. |
ac interface interface-type interface-number [ access-mode { ethernet | vlan } ] |
By default, no Layer 3 interface is bound to the cross-connect. |
Binding a service instance to a cross-connect
After you bind a service instance on a Layer 2 Ethernet interface to a cross-connect, packets that are received from the Layer 2 Ethernet interface and satisfy the match criteria of the service instance are forwarded to the PW or another AC bound to the cross-connect. A service instance can match all packets, tagged packets, or untagged packets.
To bind a service instance to a cross-connect:
|
Step |
Command |
Remarks |
|
1. Enter system view. |
system-view |
N/A |
|
2. Enter cross-connect group view. |
xconnect-group group-name |
N/A |
|
3. Enter cross-connect view. |
connection connection-name |
N/A |
|
4. Bind the service instance on the Layer 2 Ethernet interface to the cross-connect. |
ac interface interface-type interface-number service-instance instance-id [ access-mode { ethernet | vlan } ] |
By default, no service instance is bound to the cross-connect. |
Displaying and maintaining MPLS L2VPN
|
Task |
Command |
Remarks |
|
Display LDP PW label information. |
display l2vpn ldp [ peer ip-address [ pw-id pw-id ] | xconnect-group group-name ] [ verbose ] |
Available in any view. |
|
Display cross-connect forwarding information (in standalone mode). |
display l2vpn forwarding { ac | pw } [ xconnect-group group-name ] [ slot slot-number ] [ verbose ] |
Available in any view. |
|
Display cross-connect forwarding information (in IRF mode). |
display l2vpn forwarding { ac | pw } [ xconnect-group group-name ] [ chassis chassis-number slot slot-number ] [ verbose ] |
Available in any view. |
|
Display L2VPN information for the Layer 3 interface bound to a cross-connect. |
display l2vpn interface [ xconnect-group group-name | interface-type interface-number ] |
Available in any view. |
|
Display L2VPN PW information. |
display l2vpn pw [ xconnect-group group-name ] [ ldp | static ] [ verbose ] |
Available in any view. |
|
Display PW template information. |
display l2vpn pw-class [ class-name ] |
Available in any view. |
|
Display service instance information. |
display l2vpn service-instance [ interface interface-type interface-number [ service-instance instance-id ] ] [ verbose ] |
Available in any view. |
|
Display cross-connect group information. |
display l2vpn xconnect-group [ name group-name ] [ verbose ] |
Available in any view. |
MPLS L2VPN configuration example
By default, Ethernet interfaces, VLAN interfaces, and aggregate interfaces are in down state. To configure such an interface, first use the undo shutdown command to bring the interface up.
Configuring an LDP PW (flexible mode)
Network requirements
Create an LDP PW between PE 1 and PE 2 so CE 1 and CE 2 can communicate within VLAN 10 without consuming VLAN resources on PEs. Use flexible access mode to match specific packets from each AC.
Figure 4 Network diagram
|
Device |
Interface |
IP address |
Device |
Interface |
IP address |
|
CE 1 |
Vlan-int10 |
100.1.1.1/24 |
P |
Loop0 |
192.4.4.4/32 |
|
PE 1 |
Loop0 |
192.2.2.2/32 |
|
Vlan-int23 |
23.1.1.2/24 |
|
|
Vlan-int23 |
23.1.1.1/24 |
|
Vlan-int26 |
26.2.2.2/24 |
|
CE 2 |
Vlan-int10 |
100.1.1.2/24 |
PE 2 |
Loop0 |
192.3.3.3/32 |
|
|
|
|
|
Vlan-int26 |
26.2.2.1/24 |
Configuration procedure
Before you perform the following configurations, configure VLANs and add ports to VLANs on CEs.
1. Configure CE 1:
<CE1> system-view
[CE1] interface vlan-interface 10
[CE1-Vlan-interface10] ip address 100.1.1.1 24
[CE1-Vlan-interface10] quit
2. Configure PE 1:
<PE1> system-view
[PE1] interface loopback 0
[PE1-LoopBack0] ip address 192.2.2.2 32
[PE1-LoopBack0] quit
# Configure an LSR ID.
[PE1] mpls lsr-id 192.2.2.2
# Enable L2VPN.
[PE1] l2vpn enable
# Enable global LDP.
[PE1] mpls ldp
[PE1-ldp] quit
# Configure VLAN-interface 23 connected to the P device and enable LDP on the interface.
[PE1] interface vlan-interface 23
[PE1-Vlan-interface23] ip address 23.1.1.1 24
[PE1-Vlan-interface23] mpls enable
[PE1-Vlan-interface23] mpls ldp enable
[PE1-Vlan-interface23] quit
# Configure OSPF on PE 1 for LDP to create LSPs.
[PE1] ospf
[PE1-ospf-1] area 0
[PE1-ospf-1-area-0.0.0.0] network 23.1.1.1 0.0.0.255
[PE1-ospf-1-area-0.0.0.0] network 192.2.2.2 0.0.0.0
[PE1-ospf-1-area-0.0.0.0] quit
[PE1-ospf-1] quit
# Create a service instance on GigabitEthernet 3/0/1 connected to CE 1.
[PE1] interface GigabitEthernet 3/0/1
[PE1-GigabitEthernet3/0/1] service-instance 1000
[PE1-GigabitEthernet3/0/1-srv1000] encapsulation s-vid 10
[PE1-GigabitEthernet3/0/1-srv1000] quit
[PE1-GigabitEthernet3/0/1] quit
# Create a cross-connect group named vpn1, create a cross-connect named ldp in the group, bind service instance 1000 on GigabitEthernet 3/0/1 to the cross-connect, and create an LDP PW for the cross-connect to bind the AC to the PW.
[PE1] xconnect-group vpn1
[PE1-xcg-vpn1] connection ldp
[PE1-xcg-vpn1-ldp] ac interface gigabitethernet3/0/1 service-instance 1000
[PE1-xcg-vpn1-ldp] peer 192.3.3.3 pw-id 1000
[PE1-xcg-vpn1-ldp-192.3.3.3-1000] quit
[PE1-xcg-vpn1-ldp] quit
[PE1-xcg-vpn1] quit
3. Configure the P device:
<P> system-view
[P] interface loopback 0
[P-LoopBack0] ip address 192.4.4.4 32
[P-LoopBack0] quit
# Configure an LSR ID.
[P] mpls lsr-id 192.4.4.4
# Enable global LDP.
[P] mpls ldp
[P-ldp] quit
# Configure VLAN-interface 23 connected to PE 1 and enable LDP on the interface.
[P] interface vlan-interface 23
[P-Vlan-interface23] ip address 23.1.1.2 24
[P-Vlan-interface23] mpls enable
[P-Vlan-interface23] mpls ldp enable
[P-Vlan-interface23] quit
# Configure VLAN-interface 26 connected to PE 2 and enable LDP on the interface.
[P] interface vlan-interface 26
[P-Vlan-interface26] ip address 26.2.2.2 24
[P-Vlan-interface26] mpls enable
[P-Vlan-interface26] mpls ldp enable
[P-Vlan-interface26] quit
# Configure OSPF on the P device for LDP to create LSPs.
[P] ospf
[P-ospf-1] area 0
[P-ospf-1-area-0.0.0.0] network 23.1.1.2 0.0.0.255
[P-ospf-1-area-0.0.0.0] network 26.2.2.2 0.0.0.255
[P-ospf-1-area-0.0.0.0] network 192.4.4.4 0.0.0.0
[P-ospf-1-area-0.0.0.0] quit
[P-ospf-1] quit
4. Configure PE 2:
<PE2> system-view
[PE2] interface loopback 0
[PE2-LoopBack0] ip address 192.3.3.3 32
[PE2-LoopBack0] quit
# Configure an LSR ID.
[PE2] mpls lsr-id 192.3.3.3
# Enable L2VPN.
[PE2] l2vpn enable
# Enable global LDP.
[PE2] mpls ldp
[PE2-ldp] quit
# Configure VLAN-interface 26 connected to the P device and enable LDP on the interface.
[PE2] interface vlan-interface 26
[PE2-Vlan-interface26] ip address 26.2.2.1 24
[PE2-Vlan-interface26] mpls enable
[PE2-Vlan-interface26] mpls ldp enable
[PE2-Vlan-interface26] quit
# Configure OSPF on PE 2 for LDP to create LSPs.
[PE2] ospf
[PE2-ospf-1] area 0
[PE2-ospf-1-area-0.0.0.0] network 192.3.3.3 0.0.0.0
[PE2-ospf-1-area-0.0.0.0] network 26.2.2.0 0.0.0.255
[PE2-ospf-1-area-0.0.0.0] quit
[PE2-ospf-1] quit
# Create a service instance on GigabitEthernet 3/0/1 connected to CE 2.
[PE2] interface GigabitEthernet3/0/1
[PE2-GigabitEthernet3/0/1] service-instance 1000
[PE2-GigabitEthernet3/0/1-srv1000] encapsulation s-vid 10
[PE2-GigabitEthernet3/0/1-srv1000] quit
[PE2-GigabitEthernet3/0/1] quit
# Create a cross-connect group named vpn1, create a cross-connect named ldp in the group, bind service instance 1000 on GigabitEthernet 3/0/1 to the cross-connect, and create an LDP PW for the cross-connect to bind the AC to the PW.
[PE2] xconnect-group vpn1
[PE2-xcg-vpn1] connection ldp
[PE2-xcg-vpn1-ldp] ac interface gigabitethernet3/0/1 service-instance 1000
[PE2-xcg-vpn1-ldp] peer 192.2.2.2 pw-id 1000
[PE2-xcg-vpn1-ldp-192.2.2.2-1000] quit
[PE2-xcg-vpn1-ldp] quit
[PE2-xcg-vpn1] quit
5. Configure CE 2:
<CE2> system-view
[CE2] interface vlan-interface 10
[CE2-Vlan-interface10] ip address 100.1.1.2 24
[CE2-Vlan-interface10] quit
Verify the configuration
# Display L2VPN PW information on PE 1. The output shows that an LDP PW has been established.
[PE1] display l2vpn pw
Flags: M - main, B - backup, H - hub link, S - spoke link, N - no split horizon
Total number of PWs: 1, 1 up, 0 blocked, 0 down
Xconnect-group Name: vpn1
Peer PW ID In/Out Label Proto Flag Link ID State
192.3.3.3 1000 65663/65662 LDP M 1 Up
# Display L2VPN PW information on PE 2. The output shows that an LDP PW has been established.
[PE2] display l2vpn pw
Flags: M - main, B - backup, H - hub link, S - spoke link, N - no split horizon
Total number of PWs: 1, 1 up, 0 blocked, 0 down
Xconnect-group Name: vpn1
Peer PW ID In/Out Label Proto Flag Link ID State
192.2.2.2 1000 65661/65660 LDP M 1 Up
# CE 1 and CE 2 can ping each other.
[CE1] ping 100.1.1.2
56 bytes from 100.1.1.2: icmp_seq=0 ttl=255 time=8.000 ms
56 bytes from 100.1.1.2: icmp_seq=1 ttl=255 time=4.000 ms
56 bytes from 100.1.1.2: icmp_seq=2 ttl=255 time=19.000 ms
56 bytes from 100.1.1.2: icmp_seq=3 ttl=255 time=3.000 ms
56 bytes from 100.1.1.2: icmp_seq=4 ttl=255 time=6.000 ms
--- 100.1.1.2 ping statistics ---
5 packet(s) transmitted, 5 packet(s) received, 0.0% packet loss
round-trip min/avg/max/stddev = 3.000/8.000/19.000/5.762 ms
