Login
- Table of Contents
-
- 08-MPLS Configuration Guide
- 00-Preface
- 01-Basic MPLS configuration
- 02-Static LSP configuration
- 03-LDP configuration
- 04-MPLS TE configuration
- 05-Static CRLSP configuration
- 06-RSVP configuration
- 07-Tunnel policy configuration
- 08-MPLS L3VPN configuration
- 09-MPLS L2VPN configuration
- 10-VPLS configuration
- 11-MPLS OAM configuration
- 12-MCE configuration
- Related Documents
-
| Title | Size | Download |
|---|---|---|
| 07-Tunnel policy configuration | 246.10 KB |
Tunnel policy application scenario
Restrictions and guidelines: Tunnel policy configuration
Display and maintenance commands for tunnel policies
Tunnel policy configuration examples
Example: Configuring exclusive tunnels
Example: Configuring preferred tunnels and tunnel selection order
Tunnel selector implementation
Tunnel selector tasks at a glance
Configuring an IPv4 prefix list
Configuring an IPv6 prefix list
Applying a tunnel policy to a tunnel selector
Display and maintenance commands for tunnel selector
Tunnel selector configuration examples (on switches)
Example: Configuring tunnel selectors for MPLS L3VPN inter-AS option B
Example: Configuring tunnel selectors for IPv6 MPLS L3VPN inter-AS option B
Configuring tunnel policies
About tunnel policies
Tunnel policies enable a PE to forward traffic for each MPLS VPN over a preferred tunnel or load share the traffic over multiple tunnels. Using tunnel policies can facilitate network planning and management and reduce processing overhead on PEs.
For more information about MPLS VPN, see "Configuring MPLS L2VPN," "Configuring VPLS," and "Configuring MPLS L3VPN."
Tunnel policy implementation
You can configure a tunnel policy by using the preferred tunnel method or the load sharing method.
Preferred tunnel
You can specify a tunnel as a preferred tunnel in a tunnel policy. If the destination address of the tunnel interface identifies a peer PE, the policy will forward traffic destined for that peer PE over the preferred tunnel.
If multiple preferred tunnels that have the same destination address are specified in a tunnel policy, the policy uses the following procedure to select a preferred tunnel:
1. The policy selects the first configured preferred tunnel.
2. If the first configured tunnel is not available, the policy selects the second tunnel, and so forth.
Since the policy uses only one tunnel, no load sharing will be performed on these tunnels. This method explicitly specifies a tunnel for an MPLS VPN, facilitating traffic planning. As a best practice, use this method.
Load sharing
You can configure tunnel load sharing by specifying the tunnel selection order and the number of tunnels for load sharing in a tunnel policy.
This method distributes traffic of a single VPN to multiple tunnels. The transmission delays on different tunnels can vary greatly. Therefore, the destination device or the upper layer application might take a great time to sequence the packets. As a best practice, do not use this method.
Tunnel selection rule
If you use both the preferred tunnel and load sharing methods to specify tunnels for a tunnel policy, the tunnel policy selects tunnels in the following steps:
· If the destination address of a preferred tunnel identifies a peer PE, the tunnel policy uses the preferred tunnel to forward traffic destined for the peer PE.
· If no preferred tunnel is available for a peer PE, the tunnel policy uses the load sharing method to forward the traffic to the peer PE.
Supported tunnel types
Tunnel policies support the following tunnel types:
· MPLS TE tunnels. For more information, see "Configuring MPLS TE."
· MPLS LSPs. Only the load sharing method supports using MPLS LSPs.
Tunnel policy application scenario
As shown in Figure 1, PE 1 and PE 2 have multiple tunnels in between and they are connected to multiple MPLS VPNs. You can control the paths for VPN traffic by using one of the following methods:
· Preferred tunnel—Configure multiple tunnel policies, and specify a preferred tunnel for each policy. Apply these policies to different MPLS VPNs to forward the traffic of each VPN over a specific tunnel.
· Load sharing—Configure one tunnel policy, and specify the tunnel selection order and the number of tunnels for load sharing. Apply the tunnel policy to MPLS VPNs to forward the traffic of every VPN over multiple tunnels.
Figure 1 Tunnel policy application scenario
Restrictions and guidelines: Tunnel policy configuration
To configure a VPN to exclusively use a tunnel, perform the following operations:
1. Use the preferred-path command to specify the tunnel as the preferred tunnel in a tunnel policy.
2. Apply the policy only to that VPN.
Tunnel policy and VXLAN are mutually exclusive. Do not configure both features. For information about VXLAN, see VXLAN Configuration Guide.
Configuring a tunnel policy
1. Enter system view.
system-view
2. Create a tunnel policy, and enter tunnel policy view.
tunnel-policy tunnel-policy-name
3. Configure the tunnel policy.
Choose one option as needed:
¡ Configure a preferred tunnel.
preferred-path tunnel number
By default, no preferred tunnels are configured.
¡ Configure tunnel load sharing.
select-seq [ strict ] { cr-lsp | lsp | sr-lsp } * load-balance-number number
By default, the policy selects only one tunnel in LSP, CRLSP, and SRLSP order.
Display and maintenance commands for tunnel policies
Execute display commands in any view.
|
Task |
Command |
|
Display tunnel information. |
display mpls tunnel { all | statistics | [ vpn-instance vpn-instance-name ] destination { ipv4-address | ipv6-address } } |
|
Display tunnel policy information. |
display tunnel-policy [ tunnel-policy-name ] |
Tunnel policy configuration examples
Example: Configuring exclusive tunnels
Network configuration
PE 1 has multiple tunnels to reach PE 2: two MPLS TE tunnels on interface Tunnel 1 and Tunnel 2, and one LDP LSP tunnel.
Two MPLS VPNs, vpna and vpnb, exist on PE 1. The VPN vpna exclusively uses the MPLS TE tunnel 1, and the VPN vpnb exclusively uses the MPLS TE tunnel 2.
Procedure
1. Configure tunnel policies on PE 1:
# Create tunnel policy preferredte1, and configure tunnel 1 as the preferred tunnel.
<PE1> system-view
[PE1] tunnel-policy preferredte1
[PE1-tunnel-policy-preferredte1] preferred-path tunnel 1
[PE1-tunnel-policy-preferredte1] quit
# Create tunnel policy preferredte2, and configure tunnel 2 as the preferred tunnel.
[PE1] tunnel-policy preferredte2
[PE1-tunnel-policy-preferredte2] preferred-path tunnel 2
[PE1-tunnel-policy-preferredte2] quit
2. Configure MPLS VPN instances and apply tunnel policies to the VPN instances:
# Create MPLS VPN instance vpna, and apply tunnel policy preferredte1 to it.
[PE1] ip vpn-instance vpna
[PE1-vpn-instance-vpna] route-distinguisher 100:1
[PE1-vpn-instance-vpna] vpn-target 100:1
[PE1-vpn-instance-vpna] tnl-policy preferredte1
[PE1-vpn-instance-vpna] quit
# Create MPLS VPN instance vpnb, and apply tunnel policy preferredte2 to it.
[PE1] ip vpn-instance vpnb
[PE1-vpn-instance-vpnb] route-distinguisher 100:2
[PE1-vpn-instance-vpnb] vpn-target 100:2
[PE1-vpn-instance-vpnb] tnl-policy preferredte2
Example: Configuring preferred tunnels and tunnel selection order
Network configuration
PE 1 has multiple tunnels to reach PE 2: two MPLS TE tunnels on interfaces Tunnel 1 and Tunnel 2, and one LDP LSP tunnel.
PE 1 has multiple MPLS VPN instances: vpna, vpnb, vpnc, vpnd, and vpne. Table 1 shows the tunnel policy that PE 1 uses for each VPN instance.
Table 1 Tunnel policies used for VPN instances
|
VPN instance |
Tunnel policy |
|
vpna, vpnb |
Use MPLS TE tunnel Tunnel 1 as the preferred tunnel. |
|
vpnc, vpnd |
Use MPLS TE tunnel Tunnel 2 as the preferred tunnel. |
|
vpne |
Uses one tunnel selected in LDP LSP-MPLS TE order. |
Procedure
1. Configure tunnel policies on PE 1:
# Create tunnel policy preferredte1, and configure tunnel 1 as the preferred tunnel.
<PE1> system-view
[PE1] tunnel-policy preferredte1
[PE1-tunnel-policy-preferredte1] preferred-path tunnel 1
[PE1-tunnel-policy-preferredte1] quit
# Create tunnel policy preferredte2, and configure tunnel 2 as the preferred tunnel.
[PE1] tunnel-policy preferredte2
[PE1-tunnel-policy-preferredte2] preferred-path tunnel 2
[PE1-tunnel-policy-preferredte2] quit
# Create tunnel policy select-lsp.
[PE1] tunnel-policy select-lsp
# Configure the policy to select only one tunnel in LDP LSP-MPLS TE order.
[PE1-tunnel-policy-select-lsp] select-seq lsp cr-lsp load-balance-number 1
[PE1-tunnel-policy-select-lsp] quit
2. Configure MPLS VPN instances and apply tunnel policies to the VPN instances:
# Create MPLS VPN instances vpna and vpnb, and apply tunnel policy preferredte1 to them.
[PE1] ip vpn-instance vpna
[PE1-vpn-instance-vpna] route-distinguisher 100:1
[PE1-vpn-instance-vpna] vpn-target 100:1
[PE1-vpn-instance-vpna] tnl-policy preferredte1
[PE1-vpn-instance-vpna] quit
[PE1] ip vpn-instance vpnb
[PE1-vpn-instance-vpnb] route-distinguisher 100:2
[PE1-vpn-instance-vpnb] vpn-target 100:2
[PE1-vpn-instance-vpnb] tnl-policy preferredte1
[PE1-vpn-instance-vpnb] quit
# Create MPLS VPN instances vpnc and vpnd, and apply tunnel policy preferredte2 to them.
[PE1] ip vpn-instance vpnc
[PE1-vpn-instance-vpnc] route-distinguisher 100:3
[PE1-vpn-instance-vpnc] vpn-target 100:3
[PE1-vpn-instance-vpnc] tnl-policy preferredte2
[PE1-vpn-instance-vpnc] quit
[PE1] ip vpn-instance vpnd
[PE1-vpn-instance-vpnd] route-distinguisher 100:4
[PE1-vpn-instance-vpnd] vpn-target 100:4
[PE1-vpn-instance-vpnd] tnl-policy preferredte2
[PE1-vpn-instance-vpnd] quit
# Create MPLS VPN instance vpne, and apply tunnel policy select-lsp to it.
[PE1] ip vpn-instance vpne
[PE1-vpn-instance-vpne] route-distinguisher 100:5
[PE1-vpn-instance-vpne] vpn-target 100:5
[PE1-vpn-instance-vpne] tnl-policy select-lsp
Configuring tunnel selectors
About tunnel selectors
On an MPLS L3VPN network, a tunnel policy is applied to a VPN instance. All routes of the VPN instance recurse to specific types of tunnels according to the tunnel policy. If no tunnel policy is applied to a VPN instance, the VPNv4, VPNv6, or BGP labeled routes recurse to LSP tunnels by default.
Tunnel policies cannot be used in the following scenarios:
· In an inter-AS Option B network, an ASBR receives VPNv4 or VPNv6 routes from all PEs. To guarantee bandwidth, you might want these routes to recurse to MPLS TE tunnels. However, if you do not want to create VPN instances on the ASBR, you cannot apply a tunnel policy to select MPLS TE tunnels.
· In an inter-AS Option C network, the local PE receives BGP labeled routes. To guarantee bandwidth for tunnels, you want the labeled routes to recurse to MPLS TE tunnels. However, the system cannot achieve this purpose simply by using a tunnel policy.
To resolve these issues, you can configure tunnel selectors. A tunnel selector specifies a tunnel policy and defines route filters, which can filter BGP VPNv4 routes, BGP VPNv6 route, or labeled BGP IPv4 or IPv6 unicast routes. The specified tunnel policy is applied to the matching routes to select the expected types of tunnels.
Tunnel selector implementation
To apply a tunnel selector, perform the following tasks:
1. Create the tunnel selector.
2. Configure filters to match the routes to which the tunnel selector will be applied.
3. Specify a tunnel policy for the tunnel selector.
The tunnel selector applies the specified tunnel policy to the matching routes.
Filters
Tunnel selectors use filters to filter routes.
In route filtering for tunnel selectors, commonly used filters include the following:
Access control list
An access control list (ACL) specifies IP addresses and subnet addresses. It is used to match the destination address or next hop address of routes.
For more information about ACLs, see ACL and QoS Configuration Guide.
IP prefix list
An IP prefix list is used to match the destination address of routes.
An IP prefix list contains multiple items, each of which specifies a range of IP prefixes. The relation between the items is logical OR. The items are matched in ascending order by item index numbers. If an item is passed, the IPv4 prefix list is passed. No more items will be matched.
For more information about IP prefix list information, see routing policy configuration in Layer 3—IP Routing Configuration Guide.
Community list
A community list is used to match the COMMUNITY attribute of BGP routes. A community list can define multiple items. The relation between the items is logical OR. If an item is passed, the community list is passed. No more items will be matched.
For more information about community list information, see BGP configuration in Layer 3—IP Routing Configuration Guide.
RD list
An RD list is used to match the RD attribute of BGP routes.
An RD list contains multiple items, each of which specifies a range of RDs. The relation between the items is logical OR. The items are matched in ascending order by item index numbers. If an item is passed, the RD list is passed. No more items will be matched. Within an item, the relation between the RDs is logical OR. If a route matches an RD, the RD item is passed.
Tunnel selector tasks at a glance
To configure tunnel selector, perform the following tasks:
2. (Optional.) Configuring filters
¡ Configuring an IPv4 prefix list
¡ Configuring an IPv6 prefix list
¡ Configuring a community list
¡ Configuring if-match clauses
3. Applying a tunnel policy to a tunnel selector
Creating a tunnel selector
About this task
A tunnel selector can contain multiple nodes. A node is identified by the node number. In a tunnel selector, the nodes are matched in ascending order by node numbers.
A tunnel selector node supports either of the following modes:
· Deny mode—In deny mode, if a route matches all the if-match clauses of a node, the route is denied and does not match the next node. If a route does not match the if-match clauses of a node, the route continues to match the next node.
· Permit mode—In permit mode, if a route matches all the if-match clauses of a node, the route matches the node and the action defined by the apply clause is taken on the route. If a route does not match all the if-match clauses of a node, the route continues to match the next node.
Procedure
1. Enter system view.
system-view
2. Create a tunnel selector and enter tunnel selector view.
tunnel-selector tunnel-selector-name { deny | permit } node node-number
Configuring filters
Filter tasks at a glance
1. Configuring match criteria:
¡ Configuring an IPv4 prefix list
¡ Configuring an IPv6 prefix list
¡ Configuring a community list
2. Configuring if-match clauses
Configuring an IPv4 prefix list
Restrictions and guidelines
If all items of an IPv4 prefix list use the deny match mode, all routes are denied by the IPv4 prefix list. To deny some routes and permit all other routes, define a permit-mode item by using permit 0.0.0.0 0 less-equal 32 behind all the deny-mode items.
Procedure
1. Enter system view.
system-view
2. Configure an IPv4 prefix list.
ip prefix-list prefix-list-name [ index index-number ] { deny | permit } ip-address mask-length [ greater-equal min-mask-length ] [ less-equal max-mask-length ]
For more information about this command, see routing policy commands in Layer 3—IP Routing Configuration Guide.
Configuring an IPv6 prefix list
Restrictions and guidelines
If all items of an IPv6 prefix list use the deny match mode, all IPv6 routes are denied by the prefix list. To deny some routes and permit all other IPv6 routes, define a permit-mode item by using permit :: 0 less-equal 128 behind all the deny-mode items.
Procedure
1. Enter system view.
system-view
2. Configure an IPv6 prefix list.
ipv6 prefix-list prefix-list-name [ index index-number ] { deny | permit } ipv6-address { inverse inverse-prefix-length | prefix-length [ greater-equal min-prefix-length ] [ less-equal max-prefix-length ] }
For more information about this command, see routing policy commands in Layer 3—IP Routing Configuration Guide.
Configuring a community list
1. Enter system view.
system-view
2. Configure a community list.
¡ Configure a basic community list.
ip community-list { basic-comm-list-num | basic basic-comm-list-name } { deny | permit } [ community-number&<1-32> | aa:nn&<1-32> ] [ internet | no-advertise | no-export | no-export-subconfed ] *
¡ Configure an advanced community list.
ip community-list { adv-comm-list-num | advanced adv-comm-list-name } { deny | permit } regular-expression
For more information about this command, see routing policy commands in Layer 3—IP Routing Configuration Guide.
Configuring an RD list
1. Enter system view.
system-view
2. Configure an RD list.
ip rd-list rd-list-number [ index index-number ] { deny | permit } route-distinguisher&<1-10>
Configuring if-match clauses
About this task
The if-match clauses configured for a tunnel selector node define route match criteria for the node.
The if-match clauses fall into different types, depending on the types of the filters specified for them.
Restrictions and guidelines
If no if-match clause is configured for a tunnel selector node, the node filters routes as follows:
· If the match mode of the node is permit, the node permits all routes.
· If the match mode of the node is deny, the node denies all routes.
If multiple if-match clauses of the same type are configured for a tunnel selector node, these clauses will be combined into a single command line. If the combined if-match clause exceeds the maximum length allowed by the command line, the exceeding if-match clauses will be displayed in next lines. The relation between the if-match clauses of the same type are logical OR. If a route matches one if-match clause, the route matches the combined if-match clause. For example, you have configured multiple if-match community clauses. These clauses form the logical OR relation. If a route matches one community list, the route matches the combined if-match community clause.
If the ACL specified for an if-match clause does not exist, routes are considered matching with the if-match clause. If the specified ACL exists but the ACL does not have rules or the rules are inactive, routes are considered not matching with the if-match clause.
If the IP prefix list, community list, or RD list specified for an if-match clause does not exist, routes are considered matching with the if-match clause.
Procedure
1. Enter system view.
system-view
2. Enter tunnel selector view.
tunnel-selector tunnel-selector-name { deny | permit } node node
3. Configure an ACL or an IP prefix list match criterion for routes.
IPv4:
if-match ip { address | next-hop } { acl ipv4-acl-number | prefix-list prefix-list-name }
IPv6:
if-match ipv6 { address | next-hop } { acl ipv6-acl-number | prefix-list prefix-list-name }
By default, no ACL or IP prefix list match criterion is configured for routes.
4. Configure a BGP route match criterion:
¡ Configure a community list match criterion for BGP routes.
if-match community { { basic-community-list-number | name comm-list-name } [ whole-match ] | adv-community-list-number }&<1-32>
¡ Configure an RD list match criterion for BGP routes.
if-match rd-list rd-list-number
By default, no BGP route match criterion is configured.
Applying a tunnel policy to a tunnel selector
Restrictions and guidelines
If the specified tunnel policy applies only after it is created by using the tunnel-policy command.
For information about tunnel policy, see "Configuring tunnel policies."
Procedure
1. Enter system view.
system-view
2. Enter tunnel selector view.
tunnel-selector tunnel-selector-name { deny | permit } node node-number
3. Apply a tunnel policy to the tunnel selector.
apply tunnel-policy tunnel-policy-name
By default, no tunnel policy is applied to a tunnel selector.
Applying a tunnel selector
About this task
You need to apply a tunnel policy by applying a tunnel selector in the following situations:
· In an inter-AS Option B network, an ASBR is not configured with VPN instances but it needs to apply a tunnel policy to the BGP VPNv4 or BGP VPNv6 routes received from the PEs.
· In an HoVPN, an SPE needs to apply a tunnel policy to the BGP VPNv4 or VPNv6 routes received from UPEs.
· In an inter-AS Option C network, the local PE needs to apply a tunnel policy to the BGP labeled routes advertised to the remote PEs.
Restrictions and guidelines
In an inter-AS Option C network, to perform tunnel load balancing for BGP labeled routes, execute the apply tunnel-selector tunnel-selector-name all command on the ASBR.
Deleting the tunnel selector applied to the BGP VPNv4/v6 routes or BGP labeled routes might cause VPN service interruption because the routes cannot recurse to tunnels.
Procedure
1. Enter system view.
system-view
2. Enter BGP instance view.
bgp as-number [ instance instance-name ]
3. Enter BGP address family view. Choose one option as needed:
¡ Enter BGP IPv4 unicast address family view.
address-family ipv4 [ unicast ]
¡ Execute the following commands in sequence to enter BGP-VPN IPv4 unicast address family view:
ip vpn-instance vpn-instance-name
address-family ipv4 [ unicast ]
¡ Enter BGP VPNv4 address family view.
address-family vpnv4
¡ Enter BGP IPv6 unicast address family view.
address-family ipv6 [ unicast ]
¡ Execute the following commands in sequence to enter BGP-VPN IPv6 unicast address family view:
ip vpn-instance vpn-instance-name
address-family ipv6 [ unicast ]
¡ Enter BGP VPNv6 address family view.
address-family vpnv6
¡ Enter BGP EVPN address family view.
address-family l2vpn evpn
4. Apply a tunnel selector.
apply tunnel-selector tunnel-selector-name [ all ]
By default, no tunnel selector is applied to BGP EVPN, BGP VPNv4, BGP VPNv6, or labeled BGP IPv4 or IPv6 unicast routes.
Display and maintenance commands for tunnel selector
Execute display commands in any view and reset commands in user view.
|
Task |
Command |
|
Display BGP community list information. |
display ip community-list [ basic-community-list-number | adv-community-list-number | name comm-list-name ] |
|
Display IPv4 prefix list statistics. |
display ip prefix-list [ name prefix-list-name ] |
|
Display IPv6 prefix list statistics. |
display ipv6 prefix-list [ name prefix-list-name ] |
|
Display RD list information. |
display ip rd-list [ rd-list-number ] |
|
Display tunnel selector information. |
display tunnel-selector [ tunnel-selector-name ] |
|
Clear IPv4 prefix list statistics. |
reset ip prefix-list [ prefix-list-name ] |
|
Clear IPv6 prefix list statistics. |
reset ipv6 prefix-list [ prefix-list-name ] |
See routing policy commands in Layer 3—IP Routing Command Reference for more information about the following commands:
· display ip community-list.
· display ip prefix-list.
· display ipv6 prefix-list.
· reset ip prefix-list.
· reset ipv6 prefix-list.
Tunnel selector configuration examples (on switches)
Example: Configuring tunnel selectors for MPLS L3VPN inter-AS option B
Network configuration
As shown in Figure 2, site 1 and site 2 belong to the same VPN. CE 1 in site 1 accesses the MPLS network from PE 1 in AS 100. CE 2 in site 2 accesses the MPLS network from PE 2 in AS 600. IS-IS is running within the ASs.
PE 1 and ASBR-PE 1 exchange VPNv4 routes through MP-IBGP. PE 2 and ASBR-PE 2 exchange VPNv4 routes through MP-IBGP. ASBR-PE 1 and ASBR-PE 2 exchange VPNv4 routes through MP-EBGP.
A tunnel policy is applied on the PEs and a tunnel selector is applied on the ASBRs so the devices can select an MPLS TE tunnel to forward traffic between the sites.
The ASBRs do not perform route target filtering of received VPNv4 routes.
Table 2 Interface and IP address assignment
|
Interface |
IP address |
Device |
Interface |
IP address |
|
|
PE 1 |
Loop0 |
2.2.2.9/32 |
PE 2 |
Loop0 |
5.5.5.9/32 |
|
|
Vlan-int12 |
30.0.0.1/8 |
|
Vlan-int12 |
20.0.0.1/8 |
|
|
Vlan-int11 |
1.1.1.2/8 |
|
Vlan-int11 |
9.1.1.2/8 |
|
ASBR-PE 1 |
Loop0 |
3.3.3.9/32 |
ASBR-PE 2 |
Loop0 |
4.4.4.9/32 |
|
|
Vlan-int11 |
1.1.1.1/8 |
|
Vlan-int11 |
9.1.1.1/8 |
|
|
Vlan-int12 |
11.0.0.2/8 |
|
Vlan-int12 |
11.0.0.1/8 |
Procedure
1. Configure PE 1:
# Configure IS-IS on PE 1.
<PE1> system-view
[PE1] isis 1
[PE1-isis-1] network-entity 10.111.111.111.111.00
[PE1-isis-1] quit
# Configure LSR ID, and enable MPLS and LDP.
[PE1] mpls lsr-id 2.2.2.9
[PE1] mpls ldp
[PE1-ldp] quit
# Configure VLAN-interface 11, and enable IS-IS, MPLS, and LDP on the interface.
[PE1] interface vlan-interface 11
[PE1-Vlan-interface11] ip address 1.1.1.2 255.0.0.0
[PE1-Vlan-interface11] isis enable 1
[PE1-Vlan-interface11] mpls enable
[PE1-Vlan-interface11] mpls ldp enable
[PE1-Vlan-interface11] quit
# Configure interface Loopback 0, and enable IS-IS on it.
[PE1] interface loopback 0
[PE1-LoopBack0] ip address 2.2.2.9 32
[PE1-LoopBack0] isis enable 1
[PE1-LoopBack0] quit
# Create VPN instance vpn1, and configure the RD and route target attributes.
[PE1] ip vpn-instance vpn1
[PE1-vpn-instance-vpn1] route-distinguisher 11:11
[PE1-vpn-instance-vpn1] vpn-target 1:1 2:2 3:3 import-extcommunity
[PE1-vpn-instance-vpn1] vpn-target 3:3 export-extcommunity
[PE1-vpn-instance-vpn1] quit
# Bind the interface connected to CE 1 to the created VPN instance.
[PE1] interface vlan-interface 12
[PE1-Vlan-interface12] ip binding vpn-instance vpn1
[PE1-Vlan-interface12] ip address 30.0.0.1 8
[PE1-Vlan-interface12] quit
# Enable BGP on PE 1.
[PE1] bgp 100
# Configure IBGP peer 3.3.3.9 as a VPNv4 peer.
[PE1-bgp-default] peer 3.3.3.9 as-number 100
[PE1-bgp-default] peer 3.3.3.9 connect-interface loopback 0
[PE1-bgp-default] address-family vpnv4
[PE1-bgp-default-vpnv4] peer 3.3.3.9 enable
[PE1-bgp-default-vpnv4] quit
# Redistribute direct routes to the routing table of VPN instance vpn1.
[PE1-bgp-default] ip vpn-instance vpn1
[PE1-bgp-default-vpn1] address-family ipv4 unicast
[PE1-bgp-default-ipv4-vpn1] import-route direct
[PE1-bgp-default-ipv4-vpn1] quit
[PE1-bgp-default-vpn1] quit
[PE1-bgp-default] quit
# Enable MPLS TE, RSVP-TE, and IS-IS TE. Configure MPLS TE attributes. Use RSVP-TE to establish MPLS TE tunnel 1. Set the tunnel destination address as the LSR ID of ASBR-PE 1 (3.3.3.9). Assign 2000 kbps bandwidth to the tunnel.
[PE1] mpls te
[PE1-te] quit
[PE1] rsvp
[PE1-rsvp] quit
[PE1] interface vlan-interface 11
[PE1-Vlan-interface11] mpls enable
[PE1-Vlan-interface11] mpls te enable
[PE1-Vlan-interface11] mpls te max-link-bandwidth 10000
[PE1-Vlan-interface11] rsvp enable
[PE1-Vlan-interface11] quit
[PE1] isis 1
[PE1-isis-1] cost-style wide
[PE1-isis-1] mpls te enable level-2
[PE1-isis-1] quit
[PE1] interface tunnel 1 mode mpls-te
[PE1-Tunnel1] ip address unnumbered interface LoopBack0
[PE1-Tunnel1] destination 3.3.3.9
[PE1-Tunnel1] mpls te signaling rsvp-te
[PE1-Tunnel1] mpls te bandwidth 2000
[PE1-Tunnel1] quit
# Create a tunnel policy named tpolicy1, and apply the tunnel policy to VPN instance vpn1.
[PE1] tunnel-policy tpolicy1
[PE1-tunnel-policy-tpolicy1] preferred-path tunnel 1
[PE1-tunnel-policy-tpolicy1] quit
[PE1] ip vpn-instance vpn1
[PE1-vpn-instance-vpn1] tnl-policy tpolicy1
[PE1-vpn-instance-vpn1] quit
2. Configure ASBR-PE 1:
# Configure IS-IS on ASBR-PE 1.
<ASBR-PE1> system-view
[ASBR-PE1] isis 1
[ASBR-PE1-isis-1] network-entity 10.222.222.222.222.00
[ASBR-PE1-isis-1] quit
# Configure LSR ID, and enable MPLS and LDP.
[ASBR-PE1] mpls lsr-id 3.3.3.9
[ASBR-PE1] mpls ldp
[ASBR-PE1-ldp] quit
# Configure VLAN-interface 11, and enable IS-IS, MPLS, and LDP on the interface.
[ASBR-PE1] interface vlan-interface11
[ASBR-PE1-Vlan-interface11] ip address 1.1.1.1 255.0.0.0
[ASBR-PE1-Vlan-interface11] isis enable 1
[ASBR-PE1-Vlan-interface11] mpls enable
[ASBR-PE1-Vlan-interface11] mpls ldp enable
[ASBR-PE1-Vlan-interface11] quit
# Configure VLAN-interface 12, and enable MPLS.
[ASBR-PE1] interface vlan-interface 12
[ASBR-PE1-Vlan-interface12] ip address 11.0.0.2 255.0.0.0
[ASBR-PE1-Vlan-interface12] mpls enable
[ASBR-PE1-Vlan-interface12] quit
# Configure interface Loopback 0, and enable IS-IS on it.
[ASBR-PE1] interface loopback 0
[ASBR-PE1-LoopBack0] ip address 3.3.3.9 32
[ASBR-PE1-LoopBack0] isis enable 1
[ASBR-PE1-LoopBack0] quit
# Configure BGP on ASBR-PE 1.
[ASBR-PE1] bgp 100
[ASBR-PE1-bgp-default] peer 2.2.2.9 as-number 100
[ASBR-PE1-bgp-default] peer 2.2.2.9 connect-interface loopback 0
[ASBR-PE1-bgp-default] peer 11.0.0.1 as-number 600
[ASBR-PE1-bgp-default] peer 11.0.0.1 connect-interface vlan-interface 12
# Disable route target based filtering of received VPNv4 routes.
[ASBR-PE1-bgp-default] address-family vpnv4
[ASBR-PE1-bgp-default-vpnv4] undo policy vpn-target
# Configure both IBGP peer 2.2.2.9 and EBGP peer 11.0.0.1 as VPNv4 peers.
[ASBR-PE1-bgp-default-vpnv4] peer 11.0.0.1 enable
[ASBR-PE1-bgp-default-vpnv4] peer 2.2.2.9 enable
[ASBR-PE1-bgp-default-vpnv4] quit
[ASBR-PE1-bgp-default] quit
# Enable MPLS TE, RSVP-TE, and IS-IS TE. Configure MPLS TE attributes. Use RSVP-TE to establish MPLS TE tunnel 1. Set the tunnel destination address as the LSR ID of PE 1 (2.2.2.9). Assign 2000 kbps bandwidth to the tunnel.
[ASBR-PE1] mpls te
[ASBR-PE1-te] quit
[ASBR-PE1] rsvp
[ASBR-PE1-rsvp] quit
[ASBR-PE1] interface vlan-interface 11
[ASBR-PE1-Vlan-interface11] mpls enable
[ASBR-PE1-Vlan-interface11] mpls te enable
[ASBR-PE1-Vlan-interface11] mpls te max-link-bandwidth 10000
[ASBR-PE1-Vlan-interface11] rsvp enable
[ASBR-PE1-Vlan-interface11] quit
[ASBR-PE1] isis 1
[ASBR-PE1-isis-1] cost-style wide
[ASBR-PE1-isis-1] mpls te enable level-2
[ASBR-PE1-isis-1] quit
[ASBR-PE1] interface tunnel 1 mode mpls-te
[ASBR-PE1-Tunnel1] ip address unnumbered interface LoopBack0
[ASBR-PE1-Tunnel1] destination 2.2.2.9
[ASBR-PE1-Tunnel1] mpls te signaling rsvp-te
[ASBR-PE1-Tunnel1] mpls te bandwidth 2000
[ASBR-PE1-Tunnel1] quit
# Configure tunnel policy tpolicy1 and tunnel selector ts1, specify the tunnel policy for the tunnel selector, and then apply the tunnel selector in BGP VPNv4 view.
[ASBR-PE1] tunnel-policy tpolicy1
[ASBR-PE1-tunnel-policy-tpolicy1] preferred-path tunnel 1
[ASBR-PE1-tunnel-policy-tpolicy1] quit
[ASBR-PE1] tunnel-selector ts1 permit node 1
[ASBR-PE1-tunnel-selector-ts1-1] apply tunnel-policy tpolicy1
[ASBR-PE1-tunnel-selector-ts1-1] quit
[ASBR-PE1] bgp 100
[ASBR-PE1-bgp-default] address-family vpnv4
[ASBR-PE1-bgp-default-vpnv4] apply tunnel-selector ts1
3. Configure ASBR-PE 2:
# Configure IS-IS on ASBR-PE 2.
<ASBR-PE2> system-view
[ASBR-PE2] isis 1
[ASBR-PE2-isis-1] network-entity 10.222.222.222.222.00
[ASBR-PE2-isis-1] quit
# Configure LSR ID, and enable MPLS and LDP.
[ASBR-PE2] mpls lsr-id 4.4.4.9
[ASBR-PE2] mpls ldp
[ASBR-PE2-ldp] quit
# Configure VLAN-interface 11, and enable IS-IS, MPLS, and LDP on the interface.
[ASBR-PE2] interface vlan-interface 11
[ASBR-PE2-Vlan-interface11] ip address 9.1.1.1 255.0.0.0
[ASBR-PE2-Vlan-interface11] isis enable 1
[ASBR-PE2-Vlan-interface11] mpls enable
[ASBR-PE2-Vlan-interface11] mpls ldp enable
[ASBR-PE2-Vlan-interface11] quit
# Configure VLAN-interface 12, and enable MPLS.
[ASBR-PE2] interface vlan-interface 12
[ASBR-PE2-Vlan-interface12] ip address 11.0.0.1 255.0.0.0
[ASBR-PE2-Vlan-interface12] mpls enable
[ASBR-PE2-Vlan-interface12] quit
# Configure interface Loopback 0, and enable IS-IS on it.
[ASBR-PE2] interface loopback 0
[ASBR-PE2-LoopBack0] ip address 4.4.4.9 32
[ASBR-PE2-LoopBack0] isis enable 1
[ASBR-PE2-LoopBack0] quit
# Configure BGP on ASBR-PE 2.
[ASBR-PE2] bgp 600
[ASBR-PE2-bgp-default] peer 11.0.0.2 as-number 100
[ASBR-PE2-bgp-default] peer 11.0.0.2 connect-interface vlan-interface 12
[ASBR-PE2-bgp-default] peer 5.5.5.9 as-number 600
[ASBR-PE2-bgp-default] peer 5.5.5.9 connect-interface loopback 0
# Disable route target based filtering of received VPNv4 routes.
[ASBR-PE2-bgp-default] address-family vpnv4
[ASBR-PE2-bgp-default-vpnv4] undo policy vpn-target
# Configure both IBGP peer 5.5.5.9 and EBGP peer 11.0.0.2 as VPNv4 peers.
[ASBR-PE2-bgp-default-vpnv4] peer 11.0.0.2 enable
[ASBR-PE2-bgp-default-vpnv4] peer 5.5.5.9 enable
[ASBR-PE2-bgp-default-vpnv4] quit
[ASBR-PE2-bgp-default] quit
# Enable MPLS TE, RSVP-TE, and IS-IS TE. Configure MPLS TE attributes. Use RSVP-TE to establish MPLS TE tunnel 1. Set the tunnel destination address as the LSR ID of PE 2 (5.5.5.9). Assign 2000 kbps bandwidth to the tunnel.
[ASBR-PE2] mpls te
[ASBR-PE2-te] quit
[ASBR-PE2] rsvp
[ASBR-PE2-rsvp] quit
[ASBR-PE2] interface vlan-interface 11
[ASBR-PE2-Vlan-interface11] mpls enable
[ASBR-PE2-Vlan-interface11] mpls te enable
[ASBR-PE2-Vlan-interface11] mpls te max-link-bandwidth 10000
[ASBR-PE2-Vlan-interface11] rsvp enable
[ASBR-PE2-Vlan-interface11] quit
[ASBR-PE2] isis 1
[ASBR-PE2-isis-1] cost-style wide
[ASBR-PE2-isis-1] mpls te enable level-2
[ASBR-PE2-isis-1] quit
[ASBR-PE2] interface tunnel 1 mode mpls-te
[ASBR-PE2-Tunnel1] ip address unnumbered interface LoopBack0
[ASBR-PE2-Tunnel1] destination 5.5.5.9
[ASBR-PE2-Tunnel1] mpls te signaling rsvp-te
[ASBR-PE2-Tunnel1] mpls te bandwidth 2000
[ASBR-PE2-Tunnel1] quit
# Configure tunnel policy tpolicy1 and tunnel selector ts1, specify the tunnel policy for the tunnel selector, and then apply the tunnel selector in BGP VPNv4 view.
[ASBR-PE2] tunnel-policy tpolicy1
[ASBR-PE2-tunnel-policy-tpolicy1] preferred-path tunnel 1
[ASBR-PE2-tunnel-policy-tpolicy1] quit
[ASBR-PE2] tunnel-selector ts1 permit node 1
[ASBR-PE2-tunnel-selector-ts1-1] apply tunnel-policy tpolicy1
[ASBR-PE2-tunnel-selector-ts1-1] quit
[ASBR-PE2] bgp 600
[ASBR-PE2-bgp-default] address-family vpnv4
[ASBR-PE2-bgp-default-vpnv4] apply tunnel-selector ts1
4. Configure PE 2:
# Configure IS-IS on PE 2.
<PE2> system-view
[PE2] isis 1
[PE2-isis-1] network-entity 10.111.111.111.111.00
[PE2-isis-1] quit
# Configure LSR ID, and enable MPLS and LDP.
[PE2] mpls lsr-id 5.5.5.9
[PE2] mpls ldp
[PE2-ldp] quit
# Configure VLAN-interface 11, and enable IS-IS, MPLS, and LDP on the interface.
[PE2] interface vlan-interface 11
[PE2-Vlan-interface11] ip address 9.1.1.2 255.0.0.0
[PE2-Vlan-interface11] isis enable 1
[PE2-Vlan-interface11] mpls enable
[PE2-Vlan-interface11] mpls ldp enable
[PE2-Vlan-interface11] quit
# Configure interface Loopback 0, and enable IS-IS on it.
[PE2] interface loopback 0
[PE2-LoopBack0] ip address 5.5.5.9 32
[PE2-LoopBack0] isis enable 1
[PE2-LoopBack0] quit
# Create VPN instance vpn1, and configure the RD and route target attributes.
[PE2] ip vpn-instance vpn1
[PE2-vpn-instance-vpn1] route-distinguisher 12:12
[PE2-vpn-instance-vpn1] vpn-target 1:1 2:2 3:3 import-extcommunity
[PE2-vpn-instance-vpn1] vpn-target 3:3 export-extcommunity
[PE2-vpn-instance-vpn1] quit
# Bind the interface connected to CE 2 to the created VPN instance.
[PE2] interface vlan-interface 12
[PE2-Vlan-interface12] ip binding vpn-instance vpn1
[PE2-Vlan-interface12] ip address 20.0.0.1 8
[PE2-Vlan-interface12] quit
# Enable BGP on PE 2.
[PE2] bgp 600
# Configure IBGP peer 4.4.4.9 as a VPNv4 peer.
[PE2-bgp-default] peer 4.4.4.9 as-number 600
[PE2-bgp-default] peer 4.4.4.9 connect-interface loopback 0
[PE2-bgp-default] address-family vpnv4
[PE2-bgp-default-vpnv4] peer 4.4.4.9 enable
[PE2-bgp-default-vpnv4] quit
# Redistribute direct routes to the routing table of VPN instance vpn1.
[PE2-bgp-default] ip vpn-instance vpn1
[PE2-bgp-default-vpn1] address-family ipv4 unicast
[PE2-bgp-default-ipv4-vpn1] import-route direct
[PE2-bgp-default-ipv4-vpn1] quit
[PE2-bgp-default-vpn1] quit
[PE2-bgp-default] quit
# Enable MPLS TE, RSVP-TE, and IS-IS TE. Configure MPLS TE attributes. Use RSVP-TE to establish MPLS TE tunnel 1. Set the tunnel destination address as the LSR ID of ASBR-PE 2 (4.4.4.9). Assign 2000 kbps bandwidth to the tunnel.
[PE2] mpls te
[PE2-te] quit
[PE2] rsvp
[PE2-rsvp] quit
[PE2] interface vlan-interface 11
[PE2-Vlan-interface11] mpls enable
[PE2-Vlan-interface11] mpls te enable
[PE2-Vlan-interface11] mpls te max-link-bandwidth 10000
[PE2-Vlan-interface11] rsvp enable
[PE2-Vlan-interface11] quit
[PE2] isis 1
[PE2-isis-1] cost-style wide
[PE2-isis-1] mpls te enable level-2
[PE2-isis-1] quit
[PE2] interface tunnel 1 mode mpls-te
[PE2-Tunnel1] ip address unnumbered interface LoopBack0
[PE2-Tunnel1] destination 4.4.4.9
[PE2-Tunnel1] mpls te signaling rsvp-te
[PE2-Tunnel1] mpls te bandwidth 2000
[PE2-Tunnel1] quit
# Create a tunnel policy named tpolicy1, and apply the tunnel policy to VPN instance vpn1.
[PE2] tunnel-policy tpolicy1
[PE2-tunnel-policy-tpolicy1] preferred-path tunnel 1
[PE2-tunnel-policy-tpolicy1] quit
[PE2] ip vpn-instance vpn1
[PE2-vpn-instance-vpn1] tnl-policy tpolicy1
[PE2-vpn-instance-vpn1] quit
Verifying the configuration
# Verify that the CE-facing interfaces (VLAN-interface 12) on PE 1 and PE 2 can ping each other.
# Verify that tunnel policy tpolicy1 has been successfully applied between PE 1 and ASBR-PE 1 and between PE 2 and ASBR-PE 2. The devices select MPLS TE tunnel 1 as instructed by the tunnel policy.
Example: Configuring tunnel selectors for IPv6 MPLS L3VPN inter-AS option B
Network configuration
As shown in Figure 3, site 1 and site 2 belong to the same VPN. CE 1 in site 1 accesses the MPLS network from PE 1 in AS 100. CE 2 in site 2 accesses the MPLS network from PE 2 in AS 600. IS-IS is running within the ASs.
PE 1 and ASBR-PE 1 exchange VPNv6 routes through MP-IBGP. PE 2 and ASBR-PE 2 exchange VPNv6 routes through MP-IBGP. ASBR-PE 1 and ASBR-PE 2 exchange VPNv6 routes through MP-EBGP.
A tunnel policy is applied on the PEs and a tunnel selector is applied on the ASBRs so the devices can select an MPLS TE tunnel to forward traffic between the sites.
The ASBRs do not perform route target filtering of received VPNv6 routes.
Table 3 Interface and IP address assignment
|
Device |
Interface |
IP address |
Device |
Interface |
IP address |
|
PE 1 |
Loop0 |
2.2.2.9/32 |
PE 2 |
Loop0 |
5.5.5.9/32 |
|
|
Vlan-int12 |
30::1/64 |
|
Vlan-int12 |
20::1/64 |
|
|
Vlan-int11 |
1.1.1.2/8 |
|
Vlan-int11 |
9.1.1.2/8 |
|
ASBR-PE 1 |
Loop0 |
3.3.3.9/32 |
ASBR-PE 2 |
Loop0 |
4.4.4.9/32 |
|
|
Vlan-int11 |
1.1.1.1/8 |
|
Vlan-int11 |
9.1.1.1/8 |
|
|
Vlan-int12 |
11.0.0.2/8 |
|
Vlan-int12 |
11.0.0.1/8 |
Procedure
1. Configure PE 1:
# Configure IS-IS on PE 1.
<PE1> system-view
[PE1] isis 1
[PE1-isis-1] network-entity 10.111.111.111.111.00
[PE1-isis-1] quit
# Configure LSR ID, and enable MPLS and LDP.
[PE1] mpls lsr-id 2.2.2.9
[PE1] mpls ldp
[PE1-ldp] quit
# Configure VLAN-interface 11, and enable IS-IS, MPLS, and LDP on the interface.
[PE1] interface vlan-interface 11
[PE1-Vlan-interface11] ip address 1.1.1.2 255.0.0.0
[PE1-Vlan-interface11] isis enable 1
[PE1-Vlan-interface11] mpls enable
[PE1-Vlan-interface11] mpls ldp enable
[PE1-Vlan-interface11] quit
# Configure interface Loopback 0, and enable IS-IS on it.
[PE1] interface loopback 0
[PE1-LoopBack0] ip address 2.2.2.9 32
[PE1-LoopBack0] isis enable 1
[PE1-LoopBack0] quit
# Create VPN instance vpn1, and configure the RD and route target attributes.
[PE1] ip vpn-instance vpn1
[PE1-vpn-instance-vpn1] route-distinguisher 11:11
[PE1-vpn-instance-vpn1] vpn-target 1:1 2:2 3:3 import-extcommunity
[PE1-vpn-instance-vpn1] vpn-target 3:3 export-extcommunity
[PE1-vpn-instance-vpn1] quit
# Bind the interface connected to CE 1 to the created VPN instance.
[PE1] interface vlan-interface 12
[PE1-Vlan-interface12] ip binding vpn-instance vpn1
[PE1-Vlan-interface12] ip address 30::1 64
[PE1-Vlan-interface12] quit
# Enable BGP on PE 1.
[PE1] bgp 100
# Configure IBGP peer 3.3.3.9 as a VPNv6 peer.
[PE1-bgp-default] peer 3.3.3.9 as-number 100
[PE1-bgp-default] peer 3.3.3.9 connect-interface loopback 0
[PE1-bgp-default] address-family vpnv6
[PE1-bgp-default-vpnv6] peer 3.3.3.9 enable
[PE1-bgp-default-vpnv6] quit
# Redistribute direct routes to the routing table of VPN instance vpn1.
[PE1-bgp-default] ip vpn-instance vpn1
[PE1-bgp-default-vpn1] address-family ipv6 unicast
[PE1-bgp-default-ipv6-vpn1] import-route direct
[PE1-bgp-default-ipv6-vpn1] quit
[PE1-bgp-default-vpn1] quit
[PE1-bgp-default] quit
# Enable MPLS TE, RSVP-TE, and IS-IS TE. Configure MPLS TE attributes. Use RSVP-TE to establish MPLS TE tunnel 1. Set the tunnel destination address as the LSR ID of ASBR-PE 1 (3.3.3.9). Assign 2000 kbps bandwidth to the tunnel.
[PE1] mpls te
[PE1-te] quit
[PE1] rsvp
[PE1-rsvp] quit
[PE1] interface vlan-interface 11
[PE1-Vlan-interface11] mpls enable
[PE1-Vlan-interface11] mpls te enable
[PE1-Vlan-interface11] mpls te max-link-bandwidth 10000
[PE1-Vlan-interface11] rsvp enable
[PE1-Vlan-interface11] quit
[PE1] isis 1
[PE1-isis-1] cost-style wide
[PE1-isis-1] mpls te enable level-2
[PE1-isis-1] quit
[PE1] interface tunnel 1 mode mpls-te
[PE1-Tunnel1] ip address unnumbered interface LoopBack0
[PE1-Tunnel1] destination 3.3.3.9
[PE1-Tunnel1] mpls te signaling rsvp-te
[PE1-Tunnel1] mpls te bandwidth 2000
[PE1-Tunnel1] quit
# Create a tunnel policy named tpolicy1, and apply the tunnel policy to VPN instance vpn1.
[PE1] tunnel-policy tpolicy1
[PE1-tunnel-policy-tpolicy1] preferred-path tunnel 1
[PE1-tunnel-policy-tpolicy1] quit
[PE1] ip vpn-instance vpn1
[PE1-vpn-instance-vpn1] tnl-policy tpolicy1
[PE1-vpn-instance-vpn1] quit
2. Configure ASBR-PE 1:
# Configure IS-IS on ASBR-PE 1.
<ASBR-PE1> system-view
[ASBR-PE1] isis 1
[ASBR-PE1-isis-1] network-entity 10.222.222.222.222.00
[ASBR-PE1-isis-1] quit
# Configure LSR ID, and enable MPLS and LDP.
[ASBR-PE1] mpls lsr-id 3.3.3.9
[ASBR-PE1] mpls ldp
[ASBR-PE1-ldp] quit
# Configure VLAN-interface 11, and enable IS-IS, MPLS, and LDP on the interface.
[ASBR-PE1] interface vlan-interface11
[ASBR-PE1-Vlan-interface11] ip address 1.1.1.1 255.0.0.0
[ASBR-PE1-Vlan-interface11] isis enable 1
[ASBR-PE1-Vlan-interface11] mpls enable
[ASBR-PE1-Vlan-interface11] mpls ldp enable
[ASBR-PE1-Vlan-interface11] quit
# Configure VLAN-interface 12, and enable MPLS.
[ASBR-PE1] interface vlan-interface 12
[ASBR-PE1-Vlan-interface12] ip address 11.0.0.2 255.0.0.0
[ASBR-PE1-Vlan-interface12] mpls enable
[ASBR-PE1-Vlan-interface12] quit
# Configure interface Loopback 0, and enable IS-IS on it.
[ASBR-PE1] interface loopback 0
[ASBR-PE1-LoopBack0] ip address 3.3.3.9 32
[ASBR-PE1-LoopBack0] isis enable 1
[ASBR-PE1-LoopBack0] quit
# Configure BGP on ASBR-PE 1.
[ASBR-PE1] bgp 100
[ASBR-PE1-bgp-default] peer 2.2.2.9 as-number 100
[ASBR-PE1-bgp-default] peer 2.2.2.9 connect-interface loopback 0
[ASBR-PE1-bgp-default] peer 11.0.0.1 as-number 600
[ASBR-PE1-bgp-default] peer 11.0.0.1 connect-interface vlan-interface 12
# Disable route target based filtering of received VPNv6 routes.
[ASBR-PE1-bgp-default] address-family vpnv6
[ASBR-PE1-bgp-default-vpnv6] undo policy vpn-target
# Configure IBGP peer 2.2.2.9 and EBGP peer 11.0.0.1 as VPNv6 peers.
[ASBR-PE1-bgp-default-vpnv6] peer 11.0.0.1 enable
[ASBR-PE1-bgp-default-vpnv6] peer 2.2.2.9 enable
[ASBR-PE1-bgp-default-vpnv6] quit
[ASBR-PE1-bgp-default] quit
# Enable MPLS TE, RSVP-TE, and IS-IS TE. Configure MPLS TE attributes. Use RSVP-TE to establish MPLS TE tunnel 1. Set the tunnel destination address as the LSR ID of PE 1 (2.2.2.9). Assign 2000 kbps bandwidth to the tunnel.
[ASBR-PE1] mpls te
[ASBR-PE1-te] quit
[ASBR-PE1] rsvp
[ASBR-PE1-rsvp] quit
[ASBR-PE1] interface vlan-interface 11
[ASBR-PE1-Vlan-interface11] mpls enable
[ASBR-PE1-Vlan-interface11] mpls te enable
[ASBR-PE1-Vlan-interface11] mpls te max-link-bandwidth 10000
[ASBR-PE1-Vlan-interface11] rsvp enable
[ASBR-PE1-Vlan-interface11] quit
[ASBR-PE1] isis 1
[ASBR-PE1-isis-1] cost-style wide
[ASBR-PE1-isis-1] mpls te enable level-2
[ASBR-PE1-isis-1] quit
[ASBR-PE1] interface tunnel 1 mode mpls-te
[ASBR-PE1-Tunnel1] ip address unnumbered interface LoopBack0
[ASBR-PE1-Tunnel1] destination 2.2.2.9
[ASBR-PE1-Tunnel1] mpls te signaling rsvp-te
[ASBR-PE1-Tunnel1] mpls te bandwidth 2000
[ASBR-PE1-Tunnel1] quit
# Configure tunnel policy tpolicy1 and tunnel selector ts1, specify the tunnel policy for the tunnel selector, and then apply the tunnel selector in BGP VPNv6 view.
[ASBR-PE1] tunnel-policy tpolicy1
[ASBR-PE1-tunnel-policy-tpolicy1] preferred-path tunnel 1
[ASBR-PE1-tunnel-policy-tpolicy1] quit
[ASBR-PE1] tunnel-selector ts1 permit node 1
[ASBR-PE1-tunnel-selector-ts1-1] apply tunnel-policy tpolicy1
[ASBR-PE1-tunnel-selector-ts1-1] quit
[ASBR-PE1] bgp 100
[ASBR-PE1-bgp-default] address-family vpnv6
[ASBR-PE1-bgp-default-vpnv6] apply tunnel-selector ts1
3. Configure ASBR-PE 2:
# Configure IS-IS on ASBR-PE 2.
<ASBR-PE2> system-view
[ASBR-PE2] isis 1
[ASBR-PE2-isis-1] network-entity 10.222.222.222.222.00
[ASBR-PE2-isis-1] quit
# Configure LSR ID, and enable MPLS and LDP.
[ASBR-PE2] mpls lsr-id 4.4.4.9
[ASBR-PE2] mpls ldp
[ASBR-PE2-ldp] quit
# Configure VLAN-interface 11, and enable IS-IS, MPLS, and LDP on the interface.
[ASBR-PE2] interface vlan-interface 11
[ASBR-PE2-Vlan-interface11] ip address 9.1.1.1 255.0.0.0
[ASBR-PE2-Vlan-interface11] isis enable 1
[ASBR-PE2-Vlan-interface11] mpls enable
[ASBR-PE2-Vlan-interface11] mpls ldp enable
[ASBR-PE2-Vlan-interface11] quit
# Configure VLAN-interface 12, and enable MPLS.
[ASBR-PE2] interface vlan-interface 12
[ASBR-PE2-Vlan-interface12] ip address 11.0.0.1 255.0.0.0
[ASBR-PE2-Vlan-interface12] mpls enable
[ASBR-PE2-Vlan-interface12] quit
# Configure interface Loopback 0, and enable IS-IS on it.
[ASBR-PE2] interface loopback 0
[ASBR-PE2-LoopBack0] ip address 4.4.4.9 32
[ASBR-PE2-LoopBack0] isis enable 1
[ASBR-PE2-LoopBack0] quit
# Configure BGP on ASBR-PE 2.
[ASBR-PE2] bgp 600
[ASBR-PE2-bgp-default] peer 11.0.0.2 as-number 100
[ASBR-PE2-bgp-default] peer 11.0.0.2 connect-interface vlan-interface 12
[ASBR-PE2-bgp-default] peer 5.5.5.9 as-number 600
[ASBR-PE2-bgp-default] peer 5.5.5.9 connect-interface loopback 0
# Disable route target based filtering of received VPNv6 routes.
[ASBR-PE2-bgp-default] address-family vpnv6
[ASBR-PE2-bgp-default-vpnv6] undo policy vpn-target
# Configure IBGP peer 5.5.5.9 and EBGP peer 11.0.0.2 as VPNv6 peers.
[ASBR-PE2-bgp-default-vpnv6] peer 11.0.0.2 enable
[ASBR-PE2-bgp-default-vpnv6] peer 5.5.5.9 enable
[ASBR-PE2-bgp-default-vpnv6] quit
[ASBR-PE2-bgp-default] quit
# Enable MPLS TE, RSVP-TE, and IS-IS TE. Configure MPLS TE attributes. Use RSVP-TE to establish MPLS TE tunnel 1. Set the tunnel destination address as the LSR ID of PE 2 (5.5.5.9). Assign 2000 kbps bandwidth to the tunnel.
[ASBR-PE2] mpls te
[ASBR-PE2-te] quit
[ASBR-PE2] rsvp
[ASBR-PE2-rsvp] quit
[ASBR-PE2] interface vlan-interface 11
[ASBR-PE2-Vlan-interface11] mpls enable
[ASBR-PE2-Vlan-interface11] mpls te enable
[ASBR-PE2-Vlan-interface11] mpls te max-link-bandwidth 10000
[ASBR-PE2-Vlan-interface11] rsvp enable
[ASBR-PE2-Vlan-interface11] quit
[ASBR-PE2] isis 1
[ASBR-PE2-isis-1] cost-style wide
[ASBR-PE2-isis-1] mpls te enable level-2
[ASBR-PE2-isis-1] quit
[ASBR-PE2] interface tunnel 1 mode mpls-te
[ASBR-PE2-Tunnel1] ip address unnumbered interface LoopBack0
[ASBR-PE2-Tunnel1] destination 5.5.5.9
[ASBR-PE2-Tunnel1] mpls te signaling rsvp-te
[ASBR-PE2-Tunnel1] mpls te bandwidth 2000
[ASBR-PE2-Tunnel1] quit
# Configure tunnel policy tpolicy1 and tunnel selector ts1, specify the tunnel policy for the tunnel selector, and then apply the tunnel selector in BGP VPNv6 view.
[ASBR-PE2] tunnel-policy tpolicy1
[ASBR-PE2-tunnel-policy-tpolicy1] preferred-path tunnel 1
[ASBR-PE2-tunnel-policy-tpolicy1] quit
[ASBR-PE2] tunnel-selector ts1 permit node 1
[ASBR-PE2-tunnel-selector-ts1-1] apply tunnel-policy tpolicy1
[ASBR-PE2-tunnel-selector-ts1-1] quit
[ASBR-PE2] bgp 600
[ASBR-PE2-bgp-default] address-family vpnv6
[ASBR-PE2-bgp-default-vpnv6] apply tunnel-selector ts1
4. Configure PE 2:
# Configure IS-IS on PE 2.
<PE2> system-view
[PE2] isis 1
[PE2-isis-1] network-entity 10.111.111.111.111.00
[PE2-isis-1] quit
# Configure LSR ID, and enable MPLS and LDP.
[PE2] mpls lsr-id 5.5.5.9
[PE2] mpls ldp
[PE2-ldp] quit
# Configure VLAN-interface 11, and enable IS-IS, MPLS, and LDP on the interface.
[PE2] interface vlan-interface 11
[PE2-Vlan-interface11] ip address 9.1.1.2 255.0.0.0
[PE2-Vlan-interface11] isis enable 1
[PE2-Vlan-interface11] mpls enable
[PE2-Vlan-interface11] mpls ldp enable
[PE2-Vlan-interface11] quit
# Configure interface Loopback 0, and enable IS-IS on it.
[PE2] interface loopback 0
[PE2-LoopBack0] ip address 5.5.5.9 32
[PE2-LoopBack0] isis enable 1
[PE2-LoopBack0] quit
# Create VPN instance vpn1, and configure the RD and route target attributes.
[PE2] ip vpn-instance vpn1
[PE2-vpn-instance-vpn1] route-distinguisher 12:12
[PE2-vpn-instance-vpn1] vpn-target 1:1 2:2 3:3 import-extcommunity
[PE2-vpn-instance-vpn1] vpn-target 3:3 export-extcommunity
[PE2-vpn-instance-vpn1] quit
# Bind the interface connected to CE 1 to the created VPN instance.
[PE2] interface vlan-interface 12
[PE2-Vlan-interface12] ip binding vpn-instance vpn1
[PE2-Vlan-interface12] ip address 20::1 64
[PE2-Vlan-interface12] quit
# Enable BGP on PE 2.
[PE2] bgp 600
# Configure IBGP peer 4.4.4.9 as a VPNv6 peer.
[PE2-bgp-default] peer 4.4.4.9 as-number 600
[PE2-bgp-default] peer 4.4.4.9 connect-interface loopback 0
[PE2-bgp-default] address-family vpnv6
[PE2-bgp-default-vpnv6] peer 4.4.4.9 enable
[PE2-bgp-default-vpnv6] quit
# Redistribute direct routes to the routing table of VPN instance vpn1.
[PE2-bgp-default] ip vpn-instance vpn1
[PE2-bgp-default-vpn1] address-family ipv6 unicast
[PE2-bgp-default-ipv6-vpn1] import-route direct
[PE2-bgp-default-ipv6-vpn1] quit
[PE2-bgp-default-vpn1] quit
[PE2-bgp-default] quit
# Enable MPLS TE, RSVP-TE, and IS-IS TE. Configure MPLS TE attributes. Use RSVP-TE to establish MPLS TE tunnel 1. Set the tunnel destination address as the LSR ID of ASBR-PE 2 (4.4.4.9). Assign 2000 kbps bandwidth to the tunnel.
[PE2] mpls te
[PE2-te] quit
[PE2] rsvp
[PE2-rsvp] quit
[PE2] interface vlan-interface 11
[PE2-Vlan-interface11] mpls enable
[PE2-Vlan-interface11] mpls te enable
[PE2-Vlan-interface11] mpls te max-link-bandwidth 10000
[PE2-Vlan-interface11] rsvp enable
[PE2-Vlan-interface11] quit
[PE2] isis 1
[PE2-isis-1] cost-style wide
[PE2-isis-1] mpls te enable level-2
[PE2-isis-1] quit
[PE2] interface tunnel 1 mode mpls-te
[PE2-Tunnel1] ip address unnumbered interface LoopBack0
[PE2-Tunnel1] destination 4.4.4.9
[PE2-Tunnel1] mpls te signaling rsvp-te
[PE2-Tunnel1] mpls te bandwidth 2000
[PE2-Tunnel1] quit
# Create a tunnel policy named tpolicy1, and apply the tunnel policy to VPN instance vpn1.
[PE2] tunnel-policy tpolicy1
[PE2-tunnel-policy-tpolicy1] preferred-path tunnel 1
[PE2-tunnel-policy-tpolicy1] quit
[PE2] ip vpn-instance vpn1
[PE2-vpn-instance-vpn1] tnl-policy tpolicy1
[PE2-vpn-instance-vpn1] quit
Verifying the configuration
# Verify that the CE-facing interfaces (VLAN-interface 12) on PE 1 and PE 2 can ping each other.
# Verify that tunnel policy tpolicy1 has been successfully applied between PE 1 and ASBR-PE 1 and between PE 2 and ASBR-PE 2. The devices select MPLS TE tunnel 1 as instructed by the tunnel policy.
