Contents

Introduction· 1

Prerequisites· 1

Restrictions and guidelines· 1

Example: Configuring full-mesh LDP VPLS·· 1

Network configuration· 1

Analysis· 2

Procedures· 2

Verifying the configuration· 8

Configuration files· 8

Example: Configuring full-mesh LDP VPLS using BGP auto-discovery· 12

Network configuration· 12

Analysis· 13

Procedures· 13

Verifying the configuration· 20

Configuration files· 21

Example: Configuring full-mesh BGP VPLS·· 25

Network configuration· 25

Analysis· 26

Procedures· 26

Verifying the configuration· 33

Configuration files· 34

Example: Configuring H-VPLS with LSP access· 38

Network configuration· 38

Analysis· 39

Procedures· 40

Verifying the configuration· 45

Configuration files· 45

Example: Configuring H-VPLS with QinQ access· 50

Network configuration· 50

Analysis· 51

Procedures· 51

Verifying the configuration· 53

Configuration files· 54

Related documentation· 56

 

Introduction

This document provides Virtual Private LAN Service (VPLS) configuration examples.

VPLS delivers point-to-multipoint L2VPN services over an MPLS or IP backbone. The provider backbone emulates a switch to connect all geographically dispersed sites for each customer network. The backbone is transparent to the customer sites, which can communicate with each other as if they were on the same LAN.

VPLS has two networking models: full mesh and H-VPLS. The full mesh model requires a full mesh of PWs among all PEs and applies to networks that have a small number of PEs. The H-VPLS model classifies PEs to User facing-Provider Edge (UPE) devices and Network Provider Edge (NPE) devices. NPEs are fully meshed and UPEs establish PWs only with the neighbor NPEs. H-VPLS applies to complicated networks that have a large number of PEs.

The following table shows the VPLS networking models and their application scenarios:

 

Networking model	Application scenario
Full-mesh VPLS using LDP signaling	A few sites exist and no new sites will be added.
Full-mesh VPLS using BGP auto-discovery and LDP signaling	A large number of sites exist and no new sites will be added.
Full-mesh VPLS using BGP signaling	A large number of sites exist and new sites will be added.
H-VPLS with LSP access	UPEs support MPLS. In this mode, MPLS LSP is used at the access layer.
H-VPLS with QinQ access	UPEs do not support MPLS. In this mode, Ethernet QinQ tunneling is used at the access layer.

 

Prerequisites

The configuration examples in this document were created and verified in a lab environment, and all the devices were started with the factory default configuration. When you are working on a live network, make sure you understand the potential impact of every command on your network.

This document assumes that you have basic knowledge of VPLS.

Restrictions and guidelines

After you bind a subinterface of a Layer 3 Ethernet interface to a VSI, the Layer 3 Ethernet interface does not support Layer 3 forwarding.

Example: Configuring full-mesh LDP VPLS

Network configuration

As shown in Figure 1, the MPLS network provides L2VPN services for a company. The company has a headquarters and two branches, and it will not add sites in the future.

Configure full-mesh VPLS using LDP signaling to allow communication among the three sites at Layer 2.

Figure 1 Network diagram

 

 

Analysis

To meet the network requirements, you must perform the following tasks:

·     To implement LDP VPLS over the MPLS backbone, you must perform the following tasks:

¡     Establish LDP LSPs on the MPLS backbone as public tunnels to deliver the private data over the MPLS network.

¡     Configure an LDP PW between any two PEs to forward data among the branches.

¡     Configure Layer 3 subinterfaces of the CE-facing interfaces on PEs to identify packets to be transported by VPLS.

·     To implement VLAN isolation among the sites, create VSIs user_a and user_b. Bind VSI user_a to the subinterface that matches packets of VLAN 100, and bind VSI user_b to the subinterface that matches packets of VLAN 200.

Procedures

1.     Configure an IGP on the MPLS backbone to ensure IP connectivity within the backbone:

# On PE 1, configure an IP address for Loopback 0.

<PE1> system-view

[PE1] interface loopback 0

[PE1-LoopBack0] ip address 1.1.1.9 32

[PE1-LoopBack0] quit

# Configure an IP address for Ten-GigabitEthernet 3/1/2.

[PE1] interface ten-gigabitethernet 3/1/2

[PE1-Ten-GigabitEthernet3/1/2] ip address 10.1.1.1 24

[PE1-Ten-GigabitEthernet3/1/2] quit

# On PE 1, configure OSPF.

[PE1] ospf

[PE1-ospf-1] area 0

[PE1-ospf-1-area-0.0.0.0] network 10.1.1.0 0.0.0.255

[PE1-ospf-1-area-0.0.0.0] network 1.1.1.9 0.0.0.0

[PE1-ospf-1-area-0.0.0.0] quit

[PE1-ospf-1] quit

# On PE 2, configure an IP address for Loopback 0.

<PE2> system-view

[PE2] interface loopback 0

[PE2-LoopBack0] ip address 3.3.3.9 32

[PE2-LoopBack0] quit

# Configure an IP address for Ten-GigabitEthernet 3/1/1.

[PE2] interface ten-gigabitethernet 3/1/1

[PE2-Ten-GigabitEthernet3/1/1] ip address 10.1.2.2 24

[PE2-Ten-GigabitEthernet3/1/1] quit

# On PE 2, configure OSPF.

[PE2] ospf

[PE2-ospf-1] area 0

[PE2-ospf-1-area-0.0.0.0] network 10.1.2.0 0.0.0.255

[PE2-ospf-1-area-0.0.0.0] network 3.3.3.9 0.0.0.0

[PE2-ospf-1-area-0.0.0.0] quit

[PE2-ospf-1] quit

# On PE 3, configure an IP address for Loopback 0.

<PE3> system-view

[PE3] interface loopback 0

[PE3-LoopBack0] ip address 4.4.4.9 32

[PE3-LoopBack0] quit

# Configure an IP address for Ten-GigabitEthernet 3/1/1.

[PE3] interface ten-gigabitethernet 3/1/1

[PE3-Ten-GigabitEthernet3/1/1] ip address 10.1.3.2 24

[PE3-Ten-GigabitEthernet3/1/1] quit

# On PE 3, configure OSPF.

[PE3] ospf

[PE3-ospf-1] area 0

[PE3-ospf-1-area-0.0.0.0] network 10.1.3.0 0.0.0.255

[PE3-ospf-1-area-0.0.0.0] network 4.4.4.9 0.0.0.0

[PE3-ospf-1-area-0.0.0.0] quit

[PE3-ospf-1] quit

# On P, configure an IP address for Loopback 0.

<P> system-view

[P] interface loopback 0

[P-LoopBack0] ip address 2.2.2.9 32

[P-LoopBack0] quit

# Configure an IP address for Ten-GigabitEthernet 3/1/2.

[P] interface ten-gigabitethernet 3/1/2

[P-Ten-GigabitEthernet3/1/2] ip address 10.1.1.2 24

[P-Ten-GigabitEthernet3/1/2] quit

# Configure an IP address for Ten-GigabitEthernet 3/1/3.

[P] interface ten-gigabitethernet 3/1/3

[P-Ten-GigabitEthernet3/1/3] ip address 10.1.2.1 24

[P-Ten-GigabitEthernet3/1/3] quit

# Configure an IP address for Ten-GigabitEthernet 3/1/4.

[P] interface ten-gigabitethernet 3/1/4

[P-Ten-GigabitEthernet3/1/4] ip address 10.1.3.1 24

[P-Ten-GigabitEthernet3/1/4] quit

# On P, configure OSPF.

[P] ospf

[P-ospf-1] area 0

[P-ospf-1-area-0.0.0.0] network 10.1.1.0 0.0.0.255

[P-ospf-1-area-0.0.0.0] network 10.1.2.0 0.0.0.255

[P-ospf-1-area-0.0.0.0] network 10.1.3.0 0.0.0.255

[P-ospf-1-area-0.0.0.0] network 2.2.2.9 0.0.0.0

[P-ospf-1-area-0.0.0.0] quit

[P-ospf-1] quit

2.     Configure basic MPLS and MPLS LDP on the MPLS backbone to establish LDP LSPs:

# On PE 1, configure an LSR ID.

[PE1] mpls lsr-id 1.1.1.9

# On PE 1, enable LDP globally.

[PE1] mpls ldp

[PE1-ldp] quit

# On PE 1, enable MPLS and LDP on Ten-GigabitEthernet 3/1/2.

[PE1] interface ten-gigabitethernet 3/1/2

[PE1-Ten-GigabitEthernet3/1/2] mpls enable

[PE1-Ten-GigabitEthernet3/1/2] mpls ldp enable

[PE1-Ten-GigabitEthernet3/1/2] quit

# On PE 2, configure an LSR ID.

[PE2] mpls lsr-id 3.3.3.9

# On PE 2, enable LDP globally.

[PE2] mpls ldp

[PE2-ldp] quit

# On PE 2, enable MPLS and LDP on Ten-GigabitEthernet 3/1/1.

[PE2] interface ten-gigabitethernet 3/1/1

[PE2-Ten-GigabitEthernet3/1/1] mpls enable

[PE2-Ten-GigabitEthernet3/1/1] mpls ldp enable

[PE2-Ten-GigabitEthernet3/1/1] quit

# On PE 3, configure an LSR ID.

[PE3] mpls lsr-id 4.4.4.9

# On PE 3, enable LDP globally.

[PE3] mpls ldp

[PE3-ldp] quit

# On PE 3, enable MPLS and LDP on Ten-GigabitEthernet 3/1/1.

[PE3] interface ten-gigabitethernet 3/1/1

[PE3-Ten-GigabitEthernet3/1/1] mpls enable

[PE3-Ten-GigabitEthernet3/1/1] mpls ldp enable

[PE3-Ten-GigabitEthernet3/1/1] quit

# On P, configure an LSR ID.

[P] mpls lsr-id 2.2.2.9

# On P, enable LDP globally.

[P] mpls ldp

[P-ldp] quit

# On P, enable MPLS and LDP on Ten-GigabitEthernet 3/1/2.

[P] interface ten-gigabitethernet 3/1/2

[P-Ten-GigabitEthernet3/1/2] mpls enable

[P-Ten-GigabitEthernet3/1/2] mpls ldp enable

[P-Ten-GigabitEthernet3/1/2] quit

# On P, enable MPLS and LDP on Ten-GigabitEthernet 3/1/3.

[P] interface ten-gigabitethernet 3/1/3

[P-Ten-GigabitEthernet3/1/3] mpls enable

[P-Ten-GigabitEthernet3/1/3] mpls ldp enable

[P-Ten-GigabitEthernet3/1/3] quit

# On P, enable MPLS and LDP on Ten-GigabitEthernet 3/1/4.

[P] interface ten-gigabitethernet 3/1/4

[P-Ten-GigabitEthernet3/1/4] mpls enable

[P-Ten-GigabitEthernet3/1/4] mpls ldp enable

[P-Ten-GigabitEthernet3/1/4] quit

3.     Configure VSIs and LDP PWs:

# On PE 1, enable MPLS L2VPN globally.

[PE1] l2vpn enable

# On PE 1, create VSI user_a and configure the VSI to use LDP as the PW signaling protocol.

[PE1] vsi user_a

[PE1-vsi-user_a] pwsignaling ldp

# On PE 1, specify PE 2 and PE 3 as the peer PEs, and set the PW ID to 500.

[PE1-vsi-user_a-ldp] peer 3.3.3.9 pw-id 500

[PE1-vsi-user_a-ldp-3.3.3.9-500] quit

[PE1-vsi-user_a-ldp] peer 4.4.4.9 pw-id 500

[PE1-vsi-user_a-ldp-4.4.4.9-500] quit

[PE1-vsi-user_a-ldp] quit

[PE1-vsi-user_a] quit

# On PE 1, create VSI user_b and configure the VSI to use LDP as the PW signaling protocol.

[PE1] vsi user_b

[PE1-vsi-user_b] pwsignaling ldp

# On PE 1, specify PE 2 and PE 3 as the peer PEs, and set the PW ID to 600.

[PE1-vsi-user_b-ldp] peer 3.3.3.9 pw-id 600

[PE1-vsi-user_b-ldp-3.3.3.9-600] quit

[PE1-vsi-user_b-ldp] peer 4.4.4.9 pw-id 600

[PE1-vsi-user_b-ldp-4.4.4.9-600] quit

[PE1-vsi-user_b-ldp] quit

[PE1-vsi-user_b] quit

# On PE 2, enable MPLS L2VPN globally.

[PE2] l2vpn enable

# On PE 2, create VSI user_a and configure the VSI to use LDP as the PW signaling protocol.

[PE2] vsi user_a

[PE2-vsi-user_a] pwsignaling ldp

# On PE 2, specify PE 1 and PE 3 as the peer PEs, and set the PW ID to 500.

[PE2-vsi-user_a-ldp] peer 1.1.1.9 pw-id 500

[PE2-vsi-user_a-ldp-1.1.1.9-500] quit

[PE2-vsi-user_a-ldp] peer 4.4.4.9 pw-id 500

[PE2-vsi-user_a-ldp-4.4.4.9-500] quit

[PE2-vsi-user_a-ldp] quit

[PE2-vsi-user_a] quit

# On PE 2, create VSI user_b and configure the VSI to use LDP as the PW signaling protocol.

[PE2] vsi user_b

[PE2-vsi-user_b] pwsignaling ldp

# On PE 2, specify PE 1 and PE 3 as the peer PEs, and set the PW ID to 600.

[PE2-vsi-user_b-ldp] peer 1.1.1.9 pw-id 600

[PE2-vsi-user_b-ldp-1.1.1.9-600] quit

[PE2-vsi-user_b-ldp] peer 4.4.4.9 pw-id 600

[PE2-vsi-user_b-ldp-4.4.4.9-600] quit

[PE2-vsi-user_b-ldp] quit

[PE2-vsi-user_b] quit

# On PE 3, enable MPLS L2VPN globally.

[PE3] l2vpn enable

# On PE 3, create VSI user_a and configure the VSI to use LDP as the PW signaling protocol.

[PE3] vsi user_a

[PE3-vsi-user_a] pwsignaling ldp

# On PE 3, specify PE 1 and PE 2 as the peer PEs, and set the PW ID to 500.

[PE3-vsi-user_a-ldp] peer 1.1.1.9 pw-id 500

[PE3-vsi-user_a-ldp-1.1.1.9-500] quit

[PE3-vsi-user_a-ldp] peer 3.3.3.9 pw-id 500

[PE3-vsi-user_a-ldp-3.3.3.9-500] quit

[PE3-vsi-user_a-ldp] quit

[PE3-vsi-user_a] quit

# On PE 3, create VSI user_b and configure the VSI to use LDP as the PW signaling protocol.

[PE3] vsi user_b

[PE3-vsi-user_b] pwsignaling ldp

# On PE 3, specify PE 1 and PE 2 as the peer PEs, and set the PW ID to 600.

[PE3-vsi-user_b-ldp] peer 1.1.1.9 pw-id 600

[PE3-vsi-user_b-ldp-1.1.1.9-600] quit

[PE3-vsi-user_b-ldp] peer 3.3.3.9 pw-id 600

[PE3-vsi-user_b-ldp-3.3.3.9-600] quit

[PE3-vsi-user_b-ldp] quit

[PE3-vsi-user_b] quit

4.     Configure Layer 3 subinterfaces for different VLANs and bind the subinterfaces to VSIs:

# On PE 1, create subinterface Ten-GigabitEthernet3/1/1.100, configure the subinterface to terminate packets whose outermost VLAN ID is 100, and bind the subinterface to VSI user_a.

[PE1] interface ten-gigabitethernet 3/1/1.100

[PE1-Ten-GigabitEthernet3/1/1.100] vlan-type dot1q vid 100

[PE1-Ten-GigabitEthernet3/1/1.100] xconnect vsi user_a

[PE1-Ten-GigabitEthernet3/1/1.100] quit

# On PE 1, create subinterface Ten-GigabitEthernet3/1/1.200, configure the subinterface to terminate packets whose outermost VLAN ID is 200, and bind the subinterface to VSI user_b.

[PE1] interface ten-gigabitethernet 3/1/1.200

[PE1-Ten-GigabitEthernet3/1/1.200] vlan-type dot1q vid 200

[PE1-Ten-GigabitEthernet3/1/1.200] xconnect vsi user_b

[PE1-Ten-GigabitEthernet3/1/1.200] quit

# On PE 2, create subinterface Ten-GigabitEthernet3/1/2.100, configure the subinterface to terminate packets whose outermost VLAN ID is 100, and bind the subinterface to VSI user_a.

[PE2] interface ten-gigabitethernet 3/1/2.100

[PE2-Ten-GigabitEthernet3/1/2.100] vlan-type dot1q vid 100

[PE2-Ten-GigabitEthernet3/1/2.100] xconnect vsi user_a

[PE2-Ten-GigabitEthernet3/1/2.100] quit

# On PE 2, create subinterface Ten-GigabitEthernet 3/1/2.200, configure the subinterface to terminate packets whose outermost VLAN ID is 200, and bind the subinterface to VSI user_b.

[PE2] interface ten-gigabitethernet 3/1/2.200

[PE2-Ten-GigabitEthernet3/1/1.200] vlan-type dot1q vid 200

[PE2-Ten-GigabitEthernet3/1/2.200] xconnect vsi user_b

[PE2-Ten-GigabitEthernet3/1/2.200] quit

# On PE 3, create subinterface Ten-GigabitEthernet3/1/2.100, configure the subinterface to terminate packets whose outermost VLAN ID is 100, and bind the subinterface to VSI user_a.

[PE3] interface ten-gigabitethernet 3/1/2.100

[PE3-Ten-GigabitEthernet3/1/2.100] vlan-type dot1q vid 100

[PE3-Ten-GigabitEthernet3/1/2.100] xconnect vsi user_a

[PE3-Ten-GigabitEthernet3/1/2.100] quit

# On PE 3, create subinterface Ten-GigabitEthernet3/1/2.200, configure the subinterface to terminate packets whose outermost VLAN ID is 200, and bind the subinterface to VSI user_b.

[PE3] interface ten-gigabitethernet 3/1/2.200

[PE3-Ten-GigabitEthernet3/1/2.200] vlan-type dot1q vid 200

[PE3-Ten-GigabitEthernet3/1/2.200] xconnect vsi user_b

[PE3-Ten-GigabitEthernet3/1/2.200] quit

5.     Allow CE access to PEs:

# On CE 1, configure the interface connected to the PE to permit tagged packets from the customer VLANs.

<CE1> system-view

[CE1] vlan 100

[CE1-vlan100] quit

[CE1] vlan 200

[CE1-vlan200] quit

[CE1] interface ten-gigabitethernet 3/1/1

[CE1-Ten-GigabitEthernet3/1/1] port link-type trunk

[CE1-Ten-GigabitEthernet3/1/1] port trunk permit vlan 100 200

# Configure other CEs in the same way that CE 1 is configured. (Details not shown.)

Verifying the configuration

# Verify that LDP LSPs have been established on each switch in the MPLS network. This example uses PE 1.

[PE1] display mpls ldp lsp

VPN instance: public instance

Status Flags: * - stale, L - liberal, B - backup, N/A – unavailable

FECs: 4           Ingress: 3           Transit: 3           Egress: 1

 

FEC                In/Out Label        Nexthop         OutInterface/LSINDEX

1.1.1.9/32         3/-

                   -/1151(L)

                   -/1151(L)

                   -/1151(L)

2.2.2.9/32         -/3             10.1.1.2        XGE3/1/2

                   1151/3          10.1.1.2        XGE3/1/2

                   -/1150(L)

                   -/1150(L)

3.3.3.9/32         -/1150          10.1.1.2        XGE3/1/2

                   1150/1150       10.1.1.2        XGE3/1/2

                   -/3(L)

                   -/1149(L)

4.4.4.9/32         -/1149          10.1.1.2        XGE3/1/2

                   1149/1149       10.1.1.2        XGE3/1/2

                   -/1149(L)

                   -/3(L)

# Verify that LDP PWs in up state have been established on each PE. This example uses PE 1.

[PE1] display l2vpn pw

Flags: M - main, B - backup, E - ecmp, BY - bypass, H - hub link, S - spoke link

       N - no split horizon, A – administration, ABY – ac-bypass

       PBY – pw-bypass

Total number of PWs: 4

4 up, 0 blocked, 0 down, 0 defect, 0 idle, 0 duplicate

VSI Name: user_a

Peer            PWID/RmtSite/SrvID In/Out Label   Proto  Flag Link ID  State

3.3.3.9         500                131198/13119   LDP    M    64       Up

4.4.4.9         500                131199/1150    LDP    M    65       Up

VSI Name: user_b

Peer            PWID/RmtSite/SrvID In/Out Label   Proto  Flag Link ID  State

3.3.3.9         600                131196/131196  LDP    M    64       Up

4.4.4.9         600                131197/1147    LDP    M    65       Up

# Verify that hosts in the same VLAN but different sites can ping each other. (Details not shown.)

Configuration files

·     PE 1:

#

ospf 1

 area 0.0.0.0

  network 1.1.1.9 0.0.0.0

  network 10.1.1.0 0.0.0.255

#

 mpls lsr-id 1.1.1.9

#

mpls ldp

#

 l2vpn enable

#

vsi user_a

 pwsignaling ldp

  peer 3.3.3.9 pw-id 500

  peer 4.4.4.9 pw-id 500

#

vsi user_b

 pwsignaling ldp

  peer 3.3.3.9 pw-id 600

  peer 4.4.4.9 pw-id 600

#

interface LoopBack0

 ip address 1.1.1.9 255.255.255.255

#

interface Ten-GigabitEthernet3/1/1

 port link-mode route

#

interface Ten-GigabitEthernet3/1/1.100

 vlan-type dot1q vid 100

 xconnect vsi user_a

#

interface Ten-GigabitEthernet3/1/1.200

 vlan-type dot1q vid 200

 xconnect vsi user_b

#

interface Ten-GigabitEthernet3/1/2

 ip address 10.1.1.1 255.255.255.0

 mpls enable

 mpls ldp enable

#

·     PE 2:

#

ospf 1

 area 0.0.0.0

  network 10.1.2.0 0.0.0.255

  network 3.3.3.9 0.0.0.0

#

 mpls lsr-id 3.3.3.9

#

mpls ldp

#

 l2vpn enable

#

vsi user_a

 pwsignaling ldp

  peer 1.1.1.9 pw-id 500

  peer 4.4.4.9 pw-id 500

#

vsi user_a

 pwsignaling ldp

  peer 1.1.1.9 pw-id 600

  peer 4.4.4.9 pw-id 600

#

interface LoopBack0

 ip address 3.3.3.9 255.255.255.255

#

interface Ten-GigabitEthernet3/1/1

 ip address 10.1.2.2 255.255.255.0

 mpls enable

 mpls ldp enable

#

interface Ten-GigabitEthernet3/1/2

 port link-mode route

#

interface Ten-GigabitEthernet3/1/2.100

 vlan-type dot1q vid 100

 xconnect vsi user_a

#

interface Ten-GigabitEthernet3/1/2.200

 vlan-type dot1q vid 200

 xconnect vsi user_b

#

·     PE 3:

#

ospf 1

 area 0.0.0.0

  network 10.1.3.0 0.0.0.255

  network 4.4.4.9 0.0.0.0

#

 mpls lsr-id 4.4.4.9

#

mpls ldp

#

 l2vpn enable

#

vsi user_a

 pwsignaling ldp

  peer 1.1.1.9 pw-id 500

  peer 3.3.3.9 pw-id 500

#

vsi user_b

 pwsignaling ldp

  peer 1.1.1.9 pw-id 600

  peer 3.3.3.9 pw-id 600

#

interface LoopBack0

 ip address 4.4.4.9 255.255.255.255

#

interface Ten-GigabitEthernet3/1/1

 ip address 10.1.3.2 255.255.255.0

 mpls enable

 mpls ldp enable

#

interface Ten-GigabitEthernet3/1/2

 port link-mode route

#

interface Ten-GigabitEthernet3/1/2.100

 vlan-type dot1q vid 100

 xconnect vsi user_a

#

interface Ten-GigabitEthernet3/1/2.200

 vlan-type dot1q vid 200

 xconnect vsi user_b

#

·     P:

#

ospf 1

 area 0.0.0.0

  network 10.1.1.0 0.0.0.255

  network 10.1.2.0 0.0.0.255

  network 10.1.3.0 0.0.0.255

  network 2.2.2.9 0.0.0.0

#

 mpls lsr-id 2.2.2.9

#

mpls ldp

#

interface LoopBack0

 ip address 2.2.2.9 255.255.255.255

#

interface Ten-GigabitEthernet3/1/2

 ip address 10.1.1.2 255.255.255.0

 mpls enable

 mpls ldp enable

#

interface Ten-GigabitEthernet3/1/3

 ip address 10.1.2.1 255.255.255.0

 mpls enable

 mpls ldp enable

#

interface Ten-GigabitEthernet3/1/3

 ip address 10.1.3.1 255.255.255.0

 mpls enable

 mpls ldp enable

#

·     CE 1 through CE 3:

#

vlan 100

#

vlan 200

#

interface Ten-GigabitEthernet3/1/1

 port link-mode bridge

 port link-type trunk

 port trunk permit vlan 100 200

#

Example: Configuring full-mesh LDP VPLS using BGP auto-discovery

Network configuration

As shown in Figure 2, the MPLS network provides L2VPN services for a company. The company has a headquarters and a large number of branches, and it will not add sites in the future.

Configure full-mesh VPLS using BGP auto-discovery and LDP signaling to allow communication among all the sites at Layer 2.

Figure 2 Network diagram

 

Analysis

To meet the network requirements, you must perform the following tasks:

·     To implement LDP VPLS using BGP auto-discovery over the MPLS backbone, you must perform the following tasks:

¡     Establish LDP LSPs on the MPLS backbone as public tunnels to deliver the private data over the MPLS network.

¡     Configure a BGP auto-discovery LDP PW between any two PEs to forward data among the branches.

¡     Configure Layer 3 subinterfaces of the CE-facing interfaces on PEs to identify packets to be transported by VPLS.

·     To implement VLAN isolation among the sites, create VSIs user_a and user_b. Bind VSI user_a to the subinterface that matches packets of VLAN 100, and bind VSI user_b to the subinterface that matches packets of VLAN 200.

Procedures

1.     Configure an IGP on the MPLS backbone to ensure IP connectivity within the backbone:

# On PE 1, configure an IP address for Loopback 0.

<PE1> system-view

[PE1] interface loopback 0

[PE1-LoopBack0] ip address 1.1.1.9 32

[PE1-LoopBack0] quit

# Configure an IP address for Ten-GigabitEthernet 3/1/2.

[PE1] interface ten-gigabitethernet 3/1/2

[PE1-Ten-GigabitEthernet3/1/2] ip address 10.1.1.1 24

[PE1-Ten-GigabitEthernet3/1/2] quit

# On PE 1, configure OSPF.

[PE1] ospf

[PE1-ospf-1] area 0

[PE1-ospf-1-area-0.0.0.0] network 10.1.1.0 0.0.0.255

[PE1-ospf-1-area-0.0.0.0] network 1.1.1.9 0.0.0.0

[PE1-ospf-1-area-0.0.0.0] quit

[PE1-ospf-1] quit

# On PE 2, configure an IP address for Loopback 0.

<PE2> system-view

[PE2] interface loopback 0

[PE2-LoopBack0] ip address 3.3.3.9 32

[PE2-LoopBack0] quit

# Configure an IP address for Ten-GigabitEthernet 3/1/1.

[PE2] interface ten-gigabitethernet 3/1/1

[PE2-Ten-GigabitEthernet3/1/1] ip address 10.1.2.2 24

[PE2-Ten-GigabitEthernet3/1/1] quit

# On PE 2, configure OSPF.

[PE2] ospf

[PE2-ospf-1] area 0

[PE2-ospf-1-area-0.0.0.0] network 10.1.2.0 0.0.0.255

[PE2-ospf-1-area-0.0.0.0] network 3.3.3.9 0.0.0.0

[PE2-ospf-1-area-0.0.0.0] quit

[PE2-ospf-1] quit

# On PE 3, configure an IP address for Loopback 0.

<PE3> system-view

[PE3] interface loopback 0

[PE3-LoopBack0] ip address 4.4.4.9 32

[PE3-LoopBack0] quit

# Configure an IP address for Ten-GigabitEthernet 3/1/1.

[PE3] interface ten-gigabitethernet 3/1/1

[PE3-Ten-GigabitEthernet3/1/1] ip address 10.1.3.2 24

[PE3-Ten-GigabitEthernet3/1/1] quit

# On PE 3, configure OSPF.

[PE3] ospf

[PE3-ospf-1] area 0

[PE3-ospf-1-area-0.0.0.0] network 10.1.3.0 0.0.0.255

[PE3-ospf-1-area-0.0.0.0] network 4.4.4.9 0.0.0.0

[PE3-ospf-1-area-0.0.0.0] quit

[PE3-ospf-1] quit

# On P, configure an IP address for Loopback 0.

<P> system-view

[P] interface loopback 0

[P-LoopBack0] ip address 2.2.2.9 32

[P-LoopBack0] quit

# Configure an IP address for Ten-GigabitEthernet 3/1/2.

[P] interface ten-gigabitethernet 3/1/2

[P-Ten-GigabitEthernet3/1/2] ip address 10.1.1.2 24

[P-Ten-GigabitEthernet3/1/2] quit

# Configure an IP address for Ten-GigabitEthernet 3/1/3.

[P] interface ten-gigabitethernet 3/1/3

[P-Ten-GigabitEthernet3/1/3] ip address 10.1.2.1 24

[P-Ten-GigabitEthernet3/1/3] quit

# Configure an IP address for Ten-GigabitEthernet 3/1/4.

[P] interface ten-gigabitethernet 3/1/4

[P-Ten-GigabitEthernet3/1/4] ip address 10.1.3.1 24

[P-Ten-GigabitEthernet3/1/4] quit

# On P, configure OSPF.

[P] ospf

[P-ospf-1] area 0

[P-ospf-1-area-0.0.0.0] network 10.1.1.0 0.0.0.255

[P-ospf-1-area-0.0.0.0] network 10.1.2.0 0.0.0.255

[P-ospf-1-area-0.0.0.0] network 10.1.3.0 0.0.0.255

[P-ospf-1-area-0.0.0.0] network 2.2.2.9 0.0.0.0

[P-ospf-1-area-0.0.0.0] quit

[P-ospf-1] quit

2.     Configure basic MPLS and MPLS LDP on the MPLS backbone to establish LDP LSPs:

# On PE 1, configure an LSR ID.

[PE1] mpls lsr-id 1.1.1.9

# On PE 1, enable LDP globally.

[PE1] mpls ldp

[PE1-ldp] quit

# On PE 1, enable MPLS and LDP on Ten-GigabitEthernet 3/1/2.

[PE1] interface ten-gigabitethernet 3/1/2

[PE1-Ten-GigabitEthernet3/1/2] mpls enable

[PE1-Ten-GigabitEthernet3/1/2] mpls ldp enable

[PE1-Ten-GigabitEthernet3/1/2] quit

# On PE 2, configure an LSR ID.

[PE2] mpls lsr-id 3.3.3.9

# On PE 2, enable LDP globally.

[PE2] mpls ldp

[PE2-ldp] quit

# On PE 2, enable MPLS and LDP on Ten-GigabitEthernet 3/1/1.

[PE2] interface ten-gigabitethernet 3/1/1

[PE2-Ten-GigabitEthernet3/1/1] mpls enable

[PE2-Ten-GigabitEthernet3/1/1] mpls ldp enable

[PE2-Ten-GigabitEthernet3/1/1] quit

# On PE 3, configure an LSR ID.

[PE3] mpls lsr-id 4.4.4.9

# On PE 3, enable LDP globally.

[PE3] mpls ldp

[PE3-ldp] quit

# On PE 3, enable MPLS and LDP on Ten-GigabitEthernet 3/1/1.

[PE3] interface ten-gigabitethernet 3/1/1

[PE3-Ten-GigabitEthernet3/1/1] mpls enable

[PE3-Ten-GigabitEthernet3/1/1] mpls ldp enable

[PE3-Ten-GigabitEthernet3/1/1] quit

# On P, configure an LSR ID.

[P] mpls lsr-id 2.2.2.9

# On P, enable LDP globally.

[P] mpls ldp

[P-ldp] quit

# On P, enable MPLS and LDP on Ten-GigabitEthernet 3/1/2.

[P] interface ten-gigabitethernet 3/1/2

[P-Ten-GigabitEthernet3/1/2] mpls enable

[P-Ten-GigabitEthernet3/1/2] mpls ldp enable

[P-Ten-GigabitEthernet3/1/2] quit

# On P, enable MPLS and LDP on Ten-GigabitEthernet 3/1/3.

[P] interface ten-gigabitethernet 3/1/3

[P-Ten-GigabitEthernet3/1/3] mpls enable

[P-Ten-GigabitEthernet3/1/3] mpls ldp enable

[P-Ten-GigabitEthernet3/1/3] quit

# On P, enable MPLS and LDP on Ten-GigabitEthernet 3/1/4.

[P] interface ten-gigabitethernet 3/1/4

[P-Ten-GigabitEthernet3/1/4] mpls enable

[P-Ten-GigabitEthernet3/1/4] mpls ldp enable

[P-Ten-GigabitEthernet3/1/4] quit

3.     Configure VSIs and BGP auto-discovery LDP PWs:

# On PE 1, establish IBGP connections to PE 2 and PE 3.

[PE1] bgp 100

[PE1-bgp-default] peer 3.3.3.9 as-number 100

[PE1-bgp-default] peer 3.3.3.9 connect-interface loopback 0

[PE1-bgp-default] peer 4.4.4.9 as-number 100

[PE1-bgp-default] peer 4.4.4.9 connect-interface loopback 0

# On PE 1, enable BGP to exchange L2VPN information with the peers.

[PE1-bgp-default] address-family l2vpn

[PE1-bgp-default-l2vpn] peer 3.3.3.9 enable

[PE1-bgp-default-l2vpn] peer 4.4.4.9 enable

[PE1-bgp-default-l2vpn] quit

[PE1-bgp-default] quit

# On PE 1, enable MPLS L2VPN globally.

[PE1] l2vpn enable

# On PE 1, create VSI user_a and enable the VSI to automatically discover neighbors through BGP.

[PE1] vsi user_a

[PE1-vsi-user_a] auto-discovery bgp

# On PE 1, configure an RD and route targets for the VSI.

[PE1-vsi-user_a-auto] route-distinguisher 100:1

[PE1-vsi-user_a-auto] vpn-target 111:1

# On PE 1, use LDP to establish a PW to a remote PE discovered by BGP.

[PE1-vsi-user_a-auto] signaling-protocol ldp

# On PE 1, configure the VPLS ID as 100:100 for the VSI.

[PE1-vsi-user_a-auto-ldp] vpls-id 100:100

[PE1-vsi-user_a-auto-ldp] quit

[PE1-vsi-user_a-auto] quit

[PE1-vsi-user_a] quit

# On PE 1, create VSI user_b and enable the VSI to automatically discover neighbors through BGP.

[PE1] vsi user_b

[PE1-vsi-user_b] auto-discovery bgp

# On PE 1, configure an RD and route targets for the VSI.

[PE1-vsi-user_b-auto] route-distinguisher 200:1

[PE1-vsi-user_b-auto] vpn-target 222:1

# On PE 1, use LDP to establish a PW to a remote PE discovered by BGP.

[PE1-vsi-user_b-auto] signaling-protocol ldp

# On PE 1, configure the VPLS ID as 200:200 for the VSI.

[PE1-vsi-user_b-auto-ldp] vpls-id 200:200

[PE1-vsi-user_b-auto-ldp] quit

[PE1-vsi-user_b-auto] quit

[PE1-vsi-user_b] quit

# On PE 2, establish IBGP connections to PE 1 and PE 3.

[PE2] bgp 100

[PE2-bgp-default] peer 1.1.1.9 as-number 100

[PE2-bgp-default] peer 1.1.1.9 connect-interface loopback 0

[PE2-bgp-default] peer 4.4.4.9 as-number 100

[PE2-bgp-default] peer 4.4.4.9 connect-interface loopback 0

# On PE 2, enable BGP to exchange L2VPN information with the peers.

[PE2-bgp] address-family l2vpn

[PE2-bgp-default-l2vpn] peer 1.1.1.9 enable

[PE2-bgp-default-l2vpn] peer 4.4.4.9 enable

[PE2-bgp-default-l2vpn] quit

[PE2-bgp-default] quit

# On PE 2, enable MPLS L2VPN globally.

[PE2] l2vpn enable

# On PE 2, create VSI user_a and enable the VSI to automatically discover neighbors through BGP.

[PE2] vsi user_a

[PE2-vsi-user_a] auto-discovery bgp

# On PE 2, configure an RD and route targets for the VSI.

[PE2-vsi-user_a-auto] route-distinguisher 100:1

[PE2-vsi-user_a-auto] vpn-target 111:1

# On PE 2, use LDP to establish a PW to a remote PE discovered by BGP.

[PE2-vsi-user_a-auto] signaling-protocol ldp

# On PE 2, configure the VPLS ID as 100:100 for the VSI.

[PE2-vsi-user_a-auto-ldp] vpls-id 100:100

[PE2-vsi-user_a-auto-ldp] quit

[PE2-vsi-user_a-auto] quit

[PE2-vsi-user_a] quit

# On PE 2, create VSI user_b and enable the VSI to automatically discover neighbors through BGP.

[PE2] vsi user_b

[PE2-vsi-user_b] auto-discovery bgp

# On PE 2, configure an RD and route targets for the VSI.

[PE2-vsi-user_b-auto] route-distinguisher 200:1

[PE2-vsi-user_b-auto] vpn-target 222:1

# On PE 2, use LDP to establish a PW to a remote PE discovered by BGP.

[PE2-vsi-user_b-auto] signaling-protocol ldp

# On PE 2, configure the VPLS ID as 200:200 for the VSI.

[PE2-vsi-user_b-auto-ldp] vpls-id 200:200

[PE2-vsi-user_b-auto-ldp] quit

[PE2-vsi-user_b-auto] quit

[PE2-vsi-user_b] quit

# On PE 3, establish IBGP connections to PE 1 and PE 2.

[PE3] bgp 100

[PE3-bgp-default] peer 1.1.1.9 as-number 100

[PE3-bgp-default] peer 1.1.1.9 connect-interface loopback 0

[PE3-bgp-default] peer 3.3.3.9 as-number 100

[PE3-bgp-default] peer 3.3.3.9 connect-interface loopback 0

# On PE 3, enable BGP to exchange L2VPN information with the peers.

[PE3-bgp] address-family l2vpn

[PE3-bgp-default-l2vpn] peer 1.1.1.9 enable

[PE3-bgp-default-l2vpn] peer 3.3.3.9 enable

[PE3-bgp-default-l2vpn] quit

[PE3-bgp-default] quit

# On PE 3, enable MPLS L2VPN globally.

[PE3] l2vpn enable

# On PE 3, create VSI user_a and enable the VSI to automatically discover neighbors through BGP.

[PE3] vsi user_a

[PE3-vsi-user_a] auto-discovery bgp

# On PE 3, configure an RD and route targets for the VSI.

[PE3-vsi-user_a-auto] route-distinguisher 100:1

[PE3-vsi-user_a-auto] vpn-target 111:1

# On PE 3, use LDP to establish a PW to a remote PE discovered by BGP.

[PE3-vsi-user_a-auto] signaling-protocol ldp

# On PE 3, configure the VPLS ID as 100:100 for the VSI.

[PE3-vsi-user_a-auto-ldp] vpls-id 100:100

[PE3-vsi-user_a-auto-ldp] quit

[PE3-vsi-user_a-auto] quit

[PE3-vsi-user_a] quit

# On PE 3, create VSI user_b and enable the VSI to automatically discover neighbors through BGP.

[PE3] vsi user_b

[PE3-vsi-user_b] auto-discovery bgp

# On PE 3, configure an RD and route targets for the VSI.

[PE3-vsi-user_b-auto] route-distinguisher 200:1

[PE3-vsi-user_b-auto] vpn-target 222:1

# On PE 3, use LDP to establish a PW to a remote PE discovered by BGP.

[PE3-vsi-user_b-auto] signaling-protocol ldp

# On PE 3, configure the VPLS ID as 200:200 for the VSI.

[PE3-vsi-user_b-auto-ldp] vpls-id 200:200

[PE3-vsi-user_b-auto-ldp] quit

[PE3-vsi-user_b-auto] quit

[PE3-vsi-user_b] quit

4.     Configure Layer 3 subinterfaces for different VLANs and bind the subinterfaces to VSIs:

# On PE 1, create subinterface Ten-GigabitEthernet3/1/1.100, configure the subinterface to terminate packets whose outermost VLAN ID is 100, and bind the subinterface to VSI user_a.

[PE1] interface ten-gigabitethernet 3/1/1.100

[PE1-Ten-GigabitEthernet3/1/1.100] vlan-type dot1q vid 100

[PE1-Ten-GigabitEthernet3/1/1.100] xconnect vsi user_a

[PE1-Ten-GigabitEthernet3/1/1.100] quit

# On PE 1, create subinterface Ten-GigabitEthernet3/1/1.200, configure the subinterface to terminate packets whose outermost VLAN ID is 200, and bind the subinterface to VSI user_b.

[PE1] interface ten-gigabitethernet 3/1/1.200

[PE1-Ten-GigabitEthernet3/1/1.200] vlan-type dot1q vid 200

[PE1-Ten-GigabitEthernet3/1/1.200] xconnect vsi user_b

[PE1-Ten-GigabitEthernet3/1/1.200] quit

# On PE 2, create subinterface Ten-GigabitEthernet3/1/2.100, configure the subinterface to terminate packets whose outermost VLAN ID is 100, and bind the subinterface to VSI user_a.

[PE2] interface ten-gigabitethernet 3/1/2.100

[PE2-Ten-GigabitEthernet3/1/2.100] vlan-type dot1q vid 100

[PE2-Ten-GigabitEthernet3/1/2.100] xconnect vsi user_a

[PE2-Ten-GigabitEthernet3/1/2.100] quit

# On PE 2, create subinterface Ten-GigabitEthernet3/1/2.200, configure the subinterface to terminate packets whose outermost VLAN ID is 200, and bind the subinterface to VSI user_b.

[PE2] interface ten-gigabitethernet 3/1/2.200

[PE2-Ten-GigabitEthernet3/1/1.200] vlan-type dot1q vid 200

[PE2-Ten-GigabitEthernet3/1/2.200] xconnect vsi user_b

[PE2-Ten-GigabitEthernet3/1/2.200] quit

# On PE 3, create subinterface Ten-GigabitEthernet3/1/2.100, configure the subinterface to terminate packets whose outermost VLAN ID is 100, and bind the subinterface to VSI user_a.

[PE3] interface ten-gigabitethernet 3/1/2.100

[PE3-Ten-GigabitEthernet3/1/2.100] vlan-type dot1q vid 100

[PE3-Ten-GigabitEthernet3/1/2.100] xconnect vsi user_a

[PE3-Ten-GigabitEthernet3/1/2.100] quit

# On PE 3, create subinterface Ten-GigabitEthernet3/1/2.200, configure the subinterface to terminate packets whose outermost VLAN ID is 200, and bind the subinterface to VSI user_b.

[PE3] interface ten-gigabitethernet 3/1/2.200

[PE3-Ten-GigabitEthernet3/1/2.200] vlan-type dot1q vid 200

[PE3-Ten-GigabitEthernet3/1/2.200] xconnect vsi user_b

[PE3-Ten-GigabitEthernet3/1/2.200] quit

# On PE 3, configure other CE-facing interfaces in the same way that Ten-GigabitEthernet3/1/2 is configured. (Details not shown.)

5.     Allow CE access to PEs:

# On CE 1, configure the interface connected to the PE to permit tagged packets from the customer VLANs.

<CE1> system-view

[CE1] vlan 100

[CE1-vlan100] quit

[CE1] vlan 200

[CE1-vlan200] quit

[CE1] interface ten-gigabitethernet 3/1/1

[CE1-Ten-GigabitEthernet3/1/1] port link-type trunk

[CE1-Ten-GigabitEthernet3/1/1] port trunk permit vlan 100 200

# Configure other CEs in the same way that CE 1 is configured. (Details not shown.)

Verifying the configuration

# Verify that LDP LSPs have been established on each switch in the MPLS network. This example uses PE 1.

[PE1] display mpls ldp lsp

VPN instance: public instance

Status Flags: * - stale, L - liberal, B - backup, N/A – unavailable

FECs: 4           Ingress: 3           Transit: 3           Egress: 1

 

FEC                In/Out Label        Nexthop         OutInterface/LSINDEX

1.1.1.9/32         3/-

                   -/1148(L)

                   -/1151(L)

                   -/1151(L)

2.2.2.9/32         -/3             10.1.1.2        XGE3/1/2

                   1151/3          10.1.1.2        XGE3/1/2

                   -/1150(L)

                   -/1150(L)

3.3.3.9/32         -/1146          10.1.1.2        XGE3/1/2

                   1149/1146       10.1.1.2        XGE3/1/2

                   -/1149(L)

                   -/3(L)

4.4.4.9/32         -/1147          10.1.1.2        XGE3/1/2

                   1150/1147       10.1.1.2        XGE3/1/2

                   -/3(L)

                   -/1149(L)

# Verify that LDP PWs in up state have been established on each PE. This example uses PE 1.

[PE1] display l2vpn pw

Flags: M - main, B - backup, E - ecmp, BY - bypass, H - hub link, S - spoke link

       N - no split horizon, A – administration, ABY – ac-bypass

       PBY – pw-bypass

Total number of PWs: 4

4 up, 0 blocked, 0 down, 0 defect, 0 idle, 0 duplicate

VSI Name: user_a

Peer            PWID/RmtSite/SrvID In/Out Label   Proto  Flag Link ID  State

3.3.3.9         -                  131195/131195  LDP    M    64       Up

4.4.4.9         -                  131194/1145    LDP    M    65       Up

VSI Name: user_b

Peer            PWID/RmtSite/SrvID In/Out Label   Proto  Flag Link ID  State

3.3.3.9         -                  131193/1143    LDP    M    64       Up

4.4.4.9         -                  131192/131192  LDP    M    65       Up

# Verify that hosts in the same VLAN but different sites can ping each other. (Details not shown.)

Configuration files

·     PE 1:

#

ospf 1

 area 0.0.0.0

  network 1.1.1.9 0.0.0.0

  network 10.1.1.0 0.0.0.255

#

 mpls lsr-id 1.1.1.9

#

mpls ldp

#

 l2vpn enable

#

vsi user_a

 auto-discovery bgp

  route-distinguisher 100:1

  vpn-target 111:1 export-extcommunity

  vpn-target 111:1 import-extcommunity

  signaling-protocol ldp

   vpls-id 100:100

#

vsi user_b

 auto-discovery bgp

  route-distinguisher 200:1

  vpn-target 222:1 export-extcommunity

  vpn-target 222:1 import-extcommunity

  signaling-protocol ldp

   vpls-id 200:200

#

interface LoopBack0

 ip address 1.1.1.9 255.255.255.255

#

interface Ten-GigabitEthernet3/1/1

 port link-mode route

#

interface Ten-GigabitEthernet3/1/1.100

 vlan-type dot1q vid 100

 xconnect vsi user_a

#

interface Ten-GigabitEthernet3/1/1.200

 vlan-type dot1q vid 200

 xconnect vsi user_b

#

interface Ten-GigabitEthernet3/1/2

 ip address 10.1.1.1 255.255.255.0

 mpls enable

 mpls ldp enable

#

bgp 100

 peer 3.3.3.9 as-number 100

 peer 3.3.3.9 connect-interface LoopBack0

 peer 4.4.4.9 as-number 100

 peer 4.4.4.9 connect-interface LoopBack0

 #

 address-family l2vpn

  peer 3.3.3.9 enable

  peer 4.4.4.9 enable

#

·     PE 2:

#

ospf 1

 area 0.0.0.0

  network 10.1.2.0 0.0.0.255

  network 3.3.3.9 0.0.0.0

#

 mpls lsr-id 3.3.3.9

#

mpls ldp

#

 l2vpn enable

#

vsi user_a

 auto-discovery bgp

  route-distinguisher 100:1

  vpn-target 111:1 export-extcommunity

  vpn-target 111:1 import-extcommunity

  signaling-protocol ldp

   vpls-id 100:100

#

vsi user_b

 auto-discovery bgp

  route-distinguisher 200:1

  vpn-target 222:1 export-extcommunity

  vpn-target 222:1 import-extcommunity

  signaling-protocol ldp

   vpls-id 200:200

#

interface LoopBack0

 ip address 3.3.3.9 255.255.255.255

#

interface Ten-GigabitEthernet3/1/1

 ip address 10.1.2.2 255.255.255.0

 mpls enable

 mpls ldp enable

#

interface Ten-GigabitEthernet3/1/2

 port link-mode route

#

interface Ten-GigabitEthernet3/1/2.100

 vlan-type dot1q vid 100

 xconnect vsi user_a

#

interface Ten-GigabitEthernet3/1/2.200

 vlan-type dot1q vid 200

 xconnect vsi user_b

#

bgp 100

 peer 1.1.1.9 as-number 100

 peer 1.1.1.9 connect-interface LoopBack0

 peer 4.4.4.9 as-number 100

 peer 4.4.4.9 connect-interface LoopBack0

 #

 address-family l2vpn

  peer 1.1.1.9 enable

  peer 4.4.4.9 enable

#

·     PE 3:

#

ospf 1

 area 0.0.0.0

  network 10.1.3.0 0.0.0.255

  network 4.4.4.9 0.0.0.0

#

 mpls lsr-id 4.4.4.9

#

mpls ldp

#

 l2vpn enable

#

vsi user_a

 auto-discovery bgp

  route-distinguisher 100:1

  vpn-target 111:1 export-extcommunity

  vpn-target 111:1 import-extcommunity

  signaling-protocol ldp

   vpls-id 100:100

#

vsi user_b

 auto-discovery bgp

  route-distinguisher 200:1

  vpn-target 222:1 export-extcommunity

  vpn-target 222:1 import-extcommunity

  signaling-protocol ldp

   vpls-id 200:200

#

interface LoopBack0

 ip address 4.4.4.9 255.255.255.255

#

interface Ten-GigabitEthernet3/1/1

 ip address 10.1.3.2 255.255.255.0

 mpls enable

 mpls ldp enable

#

interface Ten-GigabitEthernet3/1/2

 port link-mode route

#

interface Ten-GigabitEthernet3/1/2.100

 vlan-type dot1q vid 100

 xconnect vsi user_a

#

interface Ten-GigabitEthernet3/1/2.200

 vlan-type dot1q vid 200

 xconnect vsi user_b

#

bgp 100

 peer 1.1.1.9 as-number 100

 peer 1.1.1.9 connect-interface LoopBack0

 peer 3.3.3.9 as-number 100

 peer 3.3.3.9 connect-interface LoopBack0

 #

 address-family l2vpn

  peer 1.1.1.9 enable

  peer 3.3.3.9 enable

#

·     P:

#

ospf 1

 area 0.0.0.0

  network 10.1.1.0 0.0.0.255

  network 10.1.2.0 0.0.0.255

  network 10.1.3.0 0.0.0.255

  network 2.2.2.9 0.0.0.0

#

 mpls lsr-id 2.2.2.9

#

mpls ldp

#

interface LoopBack0

 ip address 2.2.2.9 255.255.255.255

#

interface Ten-GigabitEthernet3/1/2

 ip address 10.1.1.2 255.255.255.0

 mpls enable

 mpls ldp enable

#

interface Ten-GigabitEthernet3/1/3

 ip address 10.1.2.1 255.255.255.0

 mpls enable

 mpls ldp enable

#

interface Ten-GigabitEthernet3/1/3

 ip address 10.1.3.1 255.255.255.0

 mpls enable

 mpls ldp enable

#

·     CE 1 through CE n:

#

vlan 100

#

vlan 200

#

interface Ten-GigabitEthernet3/1/1

 port link-mode bridge

 port link-type trunk

 port trunk permit vlan 100 200

#

Example: Configuring full-mesh BGP VPLS

Network configuration

As shown in Figure 3, the MPLS network provides L2VPN services for a company. The company has 10 data centers and will add 15 data centers in the future.

Configure full-mesh VPLS using BGP signaling to allow communication among the data centers at Layer 2.

Figure 3 Network diagram

 

Analysis

To meet the network requirements, you must perform the following tasks:

·     To implement BGP VPLS over the MPLS backbone, you must perform the following tasks:

¡     Establish LDP LSPs on the MPLS backbone as public tunnels to deliver the private data over the MPLS network.

¡     Configure a BGP PW between any two PEs to forward data among the data centers.

¡     Configure subinterfaces and match criteria of the CE-facing interfaces on PEs to identify packets to be transported by VPLS.

·     For future expansion of the customer network, set the maximum number of sites in the VPN to 25.

·     To implement VLAN isolation among the sites, create VSIs user_a and user_b. Bind VSI user_a to the subinterface that matches packets of VLAN 100, and bind VSI user_b to the subinterface that matches packets of VLAN 200.

Procedures

1.     Configure an IGP on the MPLS backbone to ensure IP connectivity within the backbone:

# On PE 1, configure an IP address for Loopback 0.

<PE1> system-view

[PE1] interface loopback 0

[PE1-LoopBack0] ip address 1.1.1.9 32

[PE1-LoopBack0] quit

# Configure an IP address for Ten-GigabitEthernet 3/1/2.

[PE1] interface ten-gigabitethernet 3/1/2

[PE1-Ten-GigabitEthernet3/1/2] ip address 10.1.1.1 24

[PE1-Ten-GigabitEthernet3/1/2] quit

# On PE 1, configure OSPF.

[PE1] ospf

[PE1-ospf-1] area 0

[PE1-ospf-1-area-0.0.0.0] network 10.1.1.0 0.0.0.255

[PE1-ospf-1-area-0.0.0.0] network 1.1.1.9 0.0.0.0

[PE1-ospf-1-area-0.0.0.0] quit

[PE1-ospf-1] quit

# On PE 2, configure an IP address for Loopback 0.

<PE2> system-view

[PE2] interface loopback 0

[PE2-LoopBack0] ip address 3.3.3.9 32

[PE2-LoopBack0] quit

# Configure an IP address for Ten-GigabitEthernet 3/1/1.

[PE2] interface ten-gigabitethernet 3/1/1

[PE2-Ten-GigabitEthernet3/1/1] ip address 10.1.2.2 24

[PE2-Ten-GigabitEthernet3/1/1] quit

# On PE 2, configure OSPF.

[PE2] ospf

[PE2-ospf-1] area 0

[PE2-ospf-1-area-0.0.0.0] network 10.1.2.0 0.0.0.255

[PE2-ospf-1-area-0.0.0.0] network 3.3.3.9 0.0.0.0

[PE2-ospf-1-area-0.0.0.0] quit

[PE2-ospf-1] quit

# On PE 3, configure an IP address for Loopback 0.

<PE3> system-view

[PE3] interface loopback 0

[PE3-LoopBack0] ip address 4.4.4.9 32

[PE3-LoopBack0] quit

# Configure an IP address for Ten-GigabitEthernet 3/1/1.

[PE3] interface ten-gigabitethernet 3/1/1

[PE3-Ten-GigabitEthernet3/1/1] ip address 10.1.3.2 24

[PE3-Ten-GigabitEthernet3/1/1] quit

# On PE 3, configure OSPF.

[PE3] ospf

[PE3-ospf-1] area 0

[PE3-ospf-1-area-0.0.0.0] network 10.1.3.0 0.0.0.255

[PE3-ospf-1-area-0.0.0.0] network 4.4.4.9 0.0.0.0

[PE3-ospf-1-area-0.0.0.0] quit

[PE3-ospf-1] quit

# On P, configure an IP address for Loopback 0.

<P> system-view

[P] interface loopback 0

[P-LoopBack0] ip address 2.2.2.9 32

[P-LoopBack0] quit

# Configure an IP address for Ten-GigabitEthernet 3/1/2.

[P] interface ten-gigabitethernet 3/1/2

[P-Ten-GigabitEthernet3/1/2] ip address 10.1.1.2 24

[P-Ten-GigabitEthernet3/1/2] quit

# Configure an IP address for Ten-GigabitEthernet 3/1/3.

[P] interface ten-gigabitethernet 3/1/3

[P-Ten-GigabitEthernet3/1/3] ip address 10.1.2.1 24

[P-Ten-GigabitEthernet3/1/3] quit

# Configure an IP address for Ten-GigabitEthernet 3/1/4.

[P] interface ten-gigabitethernet 3/1/4

[P-Ten-GigabitEthernet3/1/4] ip address 10.1.3.1 24

[P-Ten-GigabitEthernet3/1/4] quit

# On P, configure OSPF.

[P] ospf

[P-ospf-1] area 0

[P-ospf-1-area-0.0.0.0] network 10.1.1.0 0.0.0.255

[P-ospf-1-area-0.0.0.0] network 10.1.2.0 0.0.0.255

[P-ospf-1-area-0.0.0.0] network 10.1.3.0 0.0.0.255

[P-ospf-1-area-0.0.0.0] network 2.2.2.9 0.0.0.0

[P-ospf-1-area-0.0.0.0] quit

[P-ospf-1] quit

2.     Configure basic MPLS and MPLS LDP on the MPLS backbone to establish LDP LSPs:

# On PE 1, configure an LSR ID.

[PE1] mpls lsr-id 1.1.1.9

# On PE 1, enable LDP globally.

[PE1] mpls ldp

[PE1-ldp] quit

# On PE 1, enable MPLS and LDP on Ten-GigabitEthernet 3/1/2.

[PE1] interface ten-gigabitethernet 3/1/2

[PE1-Ten-GigabitEthernet3/1/2] mpls enable

[PE1-Ten-GigabitEthernet3/1/2] mpls ldp enable

[PE1-Ten-GigabitEthernet3/1/2] quit

# On PE 2, configure an LSR ID.

[PE2] mpls lsr-id 3.3.3.9

# On PE 2, enable LDP globally.

[PE2] mpls ldp

[PE2-ldp] quit

# On PE 2, enable MPLS and LDP on Ten-GigabitEthernet 3/1/1.

[PE2] interface ten-gigabitethernet 3/1/1

[PE2-Ten-GigabitEthernet3/1/1] mpls enable

[PE2-Ten-GigabitEthernet3/1/1] mpls ldp enable

[PE2-Ten-GigabitEthernet3/1/1] quit

# On PE 3, configure an LSR ID.

[PE3] mpls lsr-id 4.4.4.9

# On PE 3, enable LDP globally.

[PE3] mpls ldp

[PE3-ldp] quit

# On PE 3, enable MPLS and LDP on Ten-GigabitEthernet 3/1/1.

[PE3] interface ten-gigabitethernet 3/1/1

[PE3-Ten-GigabitEthernet3/1/1] mpls enable

[PE3-Ten-GigabitEthernet3/1/1] mpls ldp enable

[PE3-Ten-GigabitEthernet3/1/1] quit

# On P, configure an LSR ID.

[P] mpls lsr-id 2.2.2.9

# On P, enable LDP globally.

[P] mpls ldp

[P-ldp] quit

# On P, enable MPLS and LDP on Ten-GigabitEthernet 3/1/2.

[P] interface ten-gigabitethernet 3/1/2

[P-Ten-GigabitEthernet3/1/2] mpls enable

[P-Ten-GigabitEthernet3/1/2] mpls ldp enable

[P-Ten-GigabitEthernet3/1/2] quit

# On P, enable MPLS and LDP on Ten-GigabitEthernet 3/1/3.

[P] interface ten-gigabitethernet 3/1/3

[P-Ten-GigabitEthernet3/1/3] mpls enable

[P-Ten-GigabitEthernet3/1/3] mpls ldp enable

[P-Ten-GigabitEthernet3/1/3] quit

# On P, enable MPLS and LDP on Ten-GigabitEthernet 3/1/4.

[P] interface ten-gigabitethernet 3/1/4

[P-Ten-GigabitEthernet3/1/4] mpls enable

[P-Ten-GigabitEthernet3/1/4] mpls ldp enable

[P-Ten-GigabitEthernet3/1/4] quit

3.     Configure VSIs and BGP PWs:

# On PE 1, establish IBGP connections to PE 2 and PE 3.

[PE1] bgp 100

[PE1-bgp] peer 3.3.3.9 as-number 100

[PE1-bgp] peer 3.3.3.9 connect-interface loopback 0

[PE1-bgp] peer 4.4.4.9 as-number 100

[PE1-bgp] peer 4.4.4.9 connect-interface loopback 0

# On PE 1, enable BGP to exchange L2VPN information with the peers.

[PE1-bgp] address-family l2vpn

[PE1-bgp-l2vpn] peer 3.3.3.9 enable

[PE1-bgp-l2vpn] peer 4.4.4.9 enable

[PE1-bgp-l2vpn] quit

[PE1-bgp] quit

# On PE 1, enable MPLS L2VPN globally.

[PE1] l2vpn enable

# On PE 1, create VSI user_a and enable the VSI to automatically discover neighbors through BGP.

[PE1] vsi user_a

[PE1-vsi-user_a] auto-discovery bgp

# On PE 1, configure an RD and route targets for the VSI.

[PE1-vsi-user_a-auto] route-distinguisher 100:1

[PE1-vsi-user_a-auto] vpn-target 111:1

# On PE 1, use BGP to establish a PW to a remote PE discovered by BGP.

[PE1-vsi-user_a-auto] signaling-protocol bgp

# On PE 1, set the site number in the VSI to 1 and the maximum number of sites in the VSI to 25.

[PE1-vsi-user_a-auto-bgp] site 1 range 25

[PE1-vsi-user_a-auto-bgp] quit

[PE1-vsi-user_a-auto] quit

[PE1-vsi-user_a] quit

# On PE 1, create VSI user_b and enable the VSI to automatically discover neighbors through BGP.

[PE1] vsi user_b

[PE1-vsi-user_b] auto-discovery bgp

# On PE 1, configure an RD and route targets for the VSI.

[PE1-vsi-user_b-auto] route-distinguisher 100:1

[PE1-vsi-user_b-auto] vpn-target 111:1

# On PE 1, use BGP to establish a PW to a remote PE discovered by BGP.

[PE1-vsi-user_b-auto] signaling-protocol bgp

# On PE 1, set the site number in the VSI to 1 and the maximum number of sites in the VSI to 25.

[PE1-vsi-user_b-auto-bgp] site 1 range 25

[PE1-vsi-user_b-auto-bgp] quit

[PE1-vsi-user_b-auto] quit

[PE1-vsi-user_b] quit

# On PE 2, establish IBGP connections to PE 1 and PE 3.

[PE2] bgp 100

[PE2-bgp] peer 1.1.1.9 as-number 100

[PE2-bgp] peer 1.1.1.9 connect-interface loopback 0

[PE2-bgp] peer 4.4.4.9 as-number 100

[PE2-bgp] peer 4.4.4.9 connect-interface loopback 0

# On PE 2, enable BGP to exchange L2VPN information with the peers.

[PE2-bgp] address-family l2vpn

[PE2-bgp-l2vpn] peer 1.1.1.9 enable

[PE2-bgp-l2vpn] peer 4.4.4.9 enable

[PE2-bgp-l2vpn] quit

[PE2-bgp] quit

# On PE 2, enable MPLS L2VPN globally.

[PE2] l2vpn enable

# On PE 2, create VSI user_a and enable the VSI to automatically discover neighbors through BGP.

[PE2] vsi user_a

[PE2-vsi-user_a] auto-discovery bgp

# On PE 2, configure an RD and route targets for the VSI.

[PE2-vsi-user_a-auto] route-distinguisher 100:1

[PE2-vsi-user_a-auto] vpn-target 111:1

# On PE 2, use BGP to establish a PW to a remote PE discovered by BGP.

[PE2-vsi-user_a-auto] signaling-protocol bgp

# On PE 2, set the site number in the VSI to 2 and the maximum number of sites in the VSI to 25.

[PE2-vsi-user_a-auto-bgp] site 2 range 25

[PE2-vsi-user_a-auto-bgp] quit

[PE2-vsi-user_a-auto] quit

[PE2-vsi-user_a] quit

# On PE 2, create VSI user_b and enable the VSI to automatically discover neighbors through BGP.

[PE2] vsi user_b

[PE2-vsi-user_b] auto-discovery bgp

# On PE 2, configure an RD and route targets for the VSI.

[PE2-vsi-user_b-auto] route-distinguisher 200:1

[PE2-vsi-user_b-auto] vpn-target 222:1

# On PE 2, use BGP to establish a PW to a remote PE discovered by BGP.

[PE2-vsi-user_b-auto] signaling-protocol bgp

# On PE 2, set the site number in the VSI to 2 and the maximum number of sites in the VSI to 25.

[PE2-vsi-user_b-auto-bgp] site 2 range 25

[PE2-vsi-user_b-auto-bgp] quit

[PE2-vsi-user_b-auto] quit

[PE2-vsi-user_b] quit

# On PE 3, establish IBGP connections to PE 1 and PE 2.

[PE3] bgp 100

[PE3-bgp] peer 1.1.1.9 as-number 100

[PE3-bgp] peer 1.1.1.9 connect-interface loopback 0

[PE3-bgp] peer 3.3.3.9 as-number 100

[PE3-bgp] peer 3.3.3.9 connect-interface loopback 0

# On PE 3, enable BGP to exchange L2VPN information with the peers.

[PE3-bgp] address-family l2vpn

[PE3-bgp-l2vpn] peer 1.1.1.9 enable

[PE3-bgp-l2vpn] peer 3.3.3.9 enable

[PE3-bgp-l2vpn] quit

[PE3-bgp] quit

# On PE 3, enable MPLS L2VPN globally.

[PE3] l2vpn enable

# On PE 3, create VSI user_a and enable the VSI to automatically discover neighbors through BGP.

[PE3] vsi user_a

[PE3-vsi-user_a] auto-discovery bgp

# On PE 3, configure an RD and route targets for the VSI.

[PE3-vsi-user_a-auto] route-distinguisher 100:1

[PE3-vsi-user_a-auto] vpn-target 111:1

# On PE 3, use BGP to establish a PW to a remote PE discovered by BGP.

[PE3-vsi-user_a-auto] signaling-protocol bgp

# On PE 3, set the site number in the VSI to 3 and the maximum number of sites in the VSI to 25.

[PE3-vsi-user_a-auto-bgp] site 3 range 25

[PE3-vsi-user_a-auto-bgp] quit

[PE3-vsi-user_a-auto] quit

[PE3-vsi-user_a] quit

# Enable MPLS L2VPN globally.

[PE3] l2vpn enable

# On PE 3, create VSI user_b and enable the VSI to automatically discover neighbors through BGP.

[PE3] vsi user_b

[PE3-vsi-user_b] auto-discovery bgp

# On PE 3, configure an RD and route targets for the VSI.

[PE3-vsi-user_b-auto] route-distinguisher 200:1

[PE3-vsi-user_b-auto] vpn-target 222:1

# On PE 3, use BGP to establish a PW to a remote PE discovered by BGP.

[PE3-vsi-user_b-auto] signaling-protocol bgp

# On PE 3, set the site number in the VSI to 3 and the maximum number of sites in the VSI to 25.

[PE3-vsi-user_b-auto-bgp] site 3 range 25

[PE3-vsi-user_b-auto-bgp] quit

[PE3-vsi-user_b-auto] quit

[PE3-vsi-user_b] quit

4.     Configure Layer 3 subinterfaces for different VLANs and bind the subinterfaces to VSIs:

# On PE 1, create subinterface Ten-GigabitEthernet3/1/1.100, configure the subinterface to terminate packets whose outermost VLAN ID is 100, and bind the subinterface to VSI user_a.

[PE1] interface ten-gigabitethernet 3/1/1.100

[PE1-Ten-GigabitEthernet3/1/1.100] vlan-type dot1q vid 100

[PE1-Ten-GigabitEthernet3/1/1.100] xconnect vsi user_a

[PE1-Ten-GigabitEthernet3/1/1.100] quit

# On PE 1, create subinterface Ten-GigabitEthernet3/1/1.200, configure the subinterface to terminate packets whose outermost VLAN ID is 200, and bind the subinterface to VSI user_b.

[PE1] interface ten-gigabitethernet 3/1/1.200

[PE1-Ten-GigabitEthernet3/1/1.200] vlan-type dot1q vid 200

[PE1-Ten-GigabitEthernet3/1/1.200] xconnect vsi user_b

[PE1-Ten-GigabitEthernet3/1/1.200] quit

# On PE 2, create subinterface Ten-GigabitEthernet3/1/2.100, configure the subinterface to terminate packets whose outermost VLAN ID is 100, and bind the subinterface to VSI user_a.

[PE2] interface ten-gigabitethernet 3/1/2.100

[PE2-Ten-GigabitEthernet3/1/2.100] vlan-type dot1q vid 100

[PE2-Ten-GigabitEthernet3/1/2.100] xconnect vsi user_a

[PE2-Ten-GigabitEthernet3/1/2.100] quit

# On PE 2, create subinterface Ten-GigabitEthernet3/1/2.200, configure the subinterface to terminate packets whose outermost VLAN ID is 200, and bind the subinterface to VSI user_b.

[PE2] interface ten-gigabitethernet 3/1/2.200

[PE2-Ten-GigabitEthernet3/1/1.200] vlan-type dot1q vid 200

[PE2-Ten-GigabitEthernet3/1/2.200] xconnect vsi user_b

[PE2-Ten-GigabitEthernet3/1/2.200] quit

# On PE 3, create subinterface Ten-GigabitEthernet3/1/2.100, configure the subinterface to terminate packets whose outermost VLAN ID is 100, and bind the subinterface to VSI user_a.

[PE3] interface ten-gigabitethernet 3/1/2.100

[PE3-Ten-GigabitEthernet3/1/2.100] vlan-type dot1q vid 100

[PE3-Ten-GigabitEthernet3/1/2.100] xconnect vsi user_a

[PE3-Ten-GigabitEthernet3/1/2.100] quit

# On PE 3, create subinterface Ten-GigabitEthernet3/1/2.200, configure the subinterface to terminate packets whose outermost VLAN ID is 200, and bind the subinterface to VSI user_b.

[PE3] interface ten-gigabitethernet 3/1/2.200

[PE3-Ten-GigabitEthernet3/1/2.200] vlan-type dot1q vid 200

[PE3-Ten-GigabitEthernet3/1/2.200] xconnect vsi user_b

[PE3-Ten-GigabitEthernet3/1/2.200] quit

# On PE 3, configure other CE-facing interfaces in the same way that Ten-GigabitEthernet3/1/2 is configured. (Details not shown.)

5.     Allow CE access to PEs:

# On CE 1, configure the interface connected to the PE to permit tagged packets from the customer VLANs.

<CE1> system-view

[CE1] vlan 100

[CE1-vlan100] quit

[CE1] vlan 200

[CE1-vlan200] quit

[CE1] interface ten-gigabitethernet 3/1/1

[CE1-Ten-GigabitEthernet3/1/1] port link-type trunk

[CE1-Ten-GigabitEthernet3/1/1] port trunk permit vlan 100 200

# Configure other CEs in the same way that CE 1 is configured. (Details not shown.)

Verifying the configuration

# Verify that LDP LSPs have been established on each switch in the MPLS network. This example uses PE 1.

[PE1] display mpls ldp lsp

VPN instance: public instance

Status Flags: * - stale, L - liberal, B - backup, N/A – unavailable

FECs: 4           Ingress: 3           Transit: 3           Egress: 1

 

FEC                In/Out Label        Nexthop         OutInterface/LSINDEX

1.1.1.9/32         3/-

                   -/1151(L)

2.2.2.9/32         -/3             10.1.1.2        XGE3/1/2

                   1151/3          10.1.1.2        XGE3/1/2

3.3.3.9/32         -/1150          10.1.1.2        XGE3/1/2

                   1150/1150       10.1.1.2        XGE3/1/2

4.4.4.9/32         -/1149          10.1.1.2        XGE3/1/2

                   1149/1149       10.1.1.2        XGE3/1/2

# Verify BGP PWs in up state have been established on each PE. This example uses PE 1.

[PE1] display l2vpn pw

Flags: M - main, B - backup, E - ecmp, BY - bypass, H - hub link, S - spoke link

       N - no split horizon, A – administration, ABY – ac-bypass

       PBY – pw-bypass

Total number of PWs: 4

4 up, 0 blocked, 0 down, 0 defect, 0 idle, 0 duplicate

VSI Name: user_a

Peer            PWID/RmtSite/SrvID In/Out Label   Proto  Flag Link ID  State

3.3.3.9         2                  131074/131073  BGP    M    257      Up

4.4.4.9         3                  131075/131073  BGP    M    258      Up

VSI Name: user_b

Peer            PWID/RmtSite/SrvID In/Out Label   Proto  Flag Link ID  State

3.3.3.9         2                  131071/131070  BGP    M    257      Up

4.4.4.9         3                  131072/131070  BGP    M    258      Up

# Verify that hosts in the same VLAN but different sites can ping each other. (Details not shown.)

Configuration files

·     PE 1:

#

ospf 1

 area 0.0.0.0

  network 1.1.1.9 0.0.0.0

  network 10.1.1.0 0.0.0.255

#

 mpls lsr-id 1.1.1.9

#

mpls ldp

#

 l2vpn enable

#

vsi user_a

 auto-discovery bgp

  route-distinguisher 100:1

  vpn-target 111:1 export-extcommunity

  vpn-target 111:1 import-extcommunity

  signaling-protocol bgp

   site 1 range 25 default-offset 0

#

vsi user_b

 auto-discovery bgp

  route-distinguisher 200:1

  vpn-target 222:1 export-extcommunity

  vpn-target 222:1 import-extcommunity

  signaling-protocol bgp

   site 1 range 25 default-offset 0

#

interface LoopBack0

 ip address 1.1.1.9 255.255.255.255

#

interface Ten-GigabitEthernet3/1/1

 port link-mode route

#

interface Ten-GigabitEthernet3/1/1.100

 vlan-type dot1q vid 100

 xconnect vsi user_a

#

interface Ten-GigabitEthernet3/1/1.200

 vlan-type dot1q vid 200

 xconnect vsi user_b

#

interface Ten-GigabitEthernet3/1/2

 ip address 10.1.1.1 255.255.255.0

 mpls enable

 mpls ldp enable

#

bgp 100

 peer 3.3.3.9 as-number 100

 peer 3.3.3.9 connect-interface LoopBack0

 peer 4.4.4.9 as-number 100

 peer 4.4.4.9 connect-interface LoopBack0

 #

 address-family l2vpn

  peer 3.3.3.9 enable

  peer 4.4.4.9 enable

#

·     PE 2:

#

ospf 1

 area 0.0.0.0

  network 10.1.2.0 0.0.0.255

  network 3.3.3.9 0.0.0.0

#

 mpls lsr-id 3.3.3.9

#

mpls ldp

#

 l2vpn enable

#

vsi user_a

 auto-discovery bgp

  route-distinguisher 100:1

  vpn-target 111:1 export-extcommunity

  vpn-target 111:1 import-extcommunity

  signaling-protocol bgp

   site 2 range 25 default-offset 0

#

vsi user_b

 auto-discovery bgp

  route-distinguisher 200:1

  vpn-target 222:1 export-extcommunity

  vpn-target 222:1 import-extcommunity

  signaling-protocol bgp

   site 2 range 25 default-offset 0

#

interface LoopBack0

 ip address 3.3.3.9 255.255.255.255

#

interface Ten-GigabitEthernet3/1/1

 ip address 10.1.2.2 255.255.255.0

 mpls enable

 mpls ldp enable

#

interface Ten-GigabitEthernet3/1/2

 port link-mode route

#

interface Ten-GigabitEthernet3/1/2.100

 vlan-type dot1q vid 100

 xconnect vsi user_a

#

interface Ten-GigabitEthernet3/1/2.200

 vlan-type dot1q vid 200

 xconnect vsi user_b

#

bgp 100

 peer 1.1.1.9 as-number 100

 peer 1.1.1.9 connect-interface LoopBack0

 peer 4.4.4.9 as-number 100

 peer 4.4.4.9 connect-interface LoopBack0

 #

 address-family l2vpn

  peer 1.1.1.9 enable

  peer 4.4.4.9 enable

#

·     PE 3:

#

ospf 1

 area 0.0.0.0

  network 10.1.3.0 0.0.0.255

  network 4.4.4.9 0.0.0.0

#

 mpls lsr-id 4.4.4.9

#

mpls ldp

#

 l2vpn enable

#

vsi user_a

 auto-discovery bgp

  route-distinguisher 100:1

  vpn-target 111:1 export-extcommunity

  vpn-target 111:1 import-extcommunity

  signaling-protocol bgp

   site 3 range 25 default-offset 0

#

vsi user_b

 auto-discovery bgp

  route-distinguisher 200:1

  vpn-target 222:1 export-extcommunity

  vpn-target 222:1 import-extcommunity

  signaling-protocol bgp

   site 3 range 25 default-offset 0

#

interface LoopBack0

 ip address 4.4.4.9 255.255.255.255

#

interface Ten-GigabitEthernet3/1/1

 ip address 10.1.3.2 255.255.255.0

 mpls enable

 mpls ldp enable

#

interface Ten-GigabitEthernet3/1/2

 port link-mode route

#

interface Ten-GigabitEthernet3/1/2.100

 vlan-type dot1q vid 100

 xconnect vsi user_a

#

interface Ten-GigabitEthernet3/1/2.200

 vlan-type dot1q vid 200

 xconnect vsi user_b

#

bgp 100

 peer 1.1.1.9 as-number 100

 peer 1.1.1.9 connect-interface LoopBack0

 peer 3.3.3.9 as-number 100

 peer 3.3.3.9 connect-interface LoopBack0

 #

 address-family l2vpn

  peer 1.1.1.9 enable

  peer 3.3.3.9 enable

#

·     P:

#

ospf 1

 area 0.0.0.0

  network 10.1.1.0 0.0.0.255

  network 10.1.2.0 0.0.0.255

  network 10.1.3.0 0.0.0.255

  network 2.2.2.9 0.0.0.0

#

 mpls lsr-id 2.2.2.9

#

mpls ldp

#

interface LoopBack0

 ip address 2.2.2.9 255.255.255.255

#

interface Ten-GigabitEthernet3/1/2

 ip address 10.1.1.2 255.255.255.0

 mpls enable

 mpls ldp enable

#

interface Ten-GigabitEthernet3/1/3

 ip address 10.1.2.1 255.255.255.0

 mpls enable

 mpls ldp enable

#

interface Ten-GigabitEthernet3/1/3

 ip address 10.1.3.1 255.255.255.0

 mpls enable

 mpls ldp enable

#

·     CE 1 through CE 10:

#

vlan 100

#

vlan 200

#

interface Ten-GigabitEthernet3/1/1

 port link-mode bridge

 port link-type trunk

 port trunk permit vlan 100 200

#

Example: Configuring H-VPLS with LSP access

Network configuration

As shown in Figure 4, a customer's branches are connected to the MPLS backbone through UPEs that support MPLS L2VPN.

Configure H-VPLS to allow communication among the branches at Layer 2.

·     Connect the UPEs to the NPEs through LSPs.

·     Configure UPE dual homing to achieve redundancy.

Figure 4 Network diagram

 

Table 1 Interface and IP address assignment

Device	Interface	IP address	Device	Interface	IP address
UPE 1	Loop0	11.1.1.1/32	UPE 2	Loop0	14.1.1.1/32
	XGE3/1/3	11.1.2.1/24		XGE3/1/3	20.1.2.1/24
	XGE3/1/4	11.1.3.1/24		XGE3/1/4	20.1.1.1/24
NPE 1	Loop0	1.1.1.1/32	NPE 3	Loop0	3.3.3.3/32
	XGE3/1/3	11.1.2.2/24		XGE3/1/3	20.1.2.2/24
NPE 2	Loop0	2.2.2.2/32	NPE 4	Loop0	4.4.4.4/32
	XGE3/1/4	11.1.3.2/24		XGE3/1/4	20.1.1.2/24

 

Analysis

To meet the network requirements, you must perform the following tasks:

·     To negotiate inner labels, perform the following tasks:

¡     Configure each UPE and all the NPEs connected to the UPE as LDP peers.

¡     Configure any two NPEs as LDP peers.

·     To achieve NPE redundancy, configure the NPEs that are connected to each UPE as primary and backup peers.

·     To identify packets to be transported by VPLS, configure Layer 3 subinterfaces of the CE-facing interfaces on UPEs.

·     To implement VLAN isolation among the sites, create VSIs user_a and user_b. Bind VSI user_a to the subinterface that matches packets of VLAN 100, and bind VSI user_b to the subinterface that matches packets of VLAN 200.

Procedures

Configuring basic settings

# Create interfaces on UPEs and NPEs and configure IP addresses for the interfaces as shown in Table 1. (Details not shown.)

# Configure an IGP on the MPLS backbone to ensure that the interfaces of NPEs and UPEs are reachable to each other. (Details not shown.)

# Configure basic MPLS and MPLS LDP on the MPLS backbone to establish LDP LSPs. (Details not shown.)

# Configure the ports of CEs connecting the UPEs as trunk ports that permit tagged packets from VLAN 100 and VLAN 200. (Details not shown.)

Configuring UPE 1

# Configure basic MPLS.

<UPE1> system-view

[UPE1] mpls lsr-id 11.1.1.1

[UPE1] mpls ldp

[UPE1-ldp] quit

# Configure basic MPLS on the interface connected to NPE 1.

[UPE1] interface ten-gigabitethernet 3/1/3

[UPE1-Ten-GigabitEthernet3/1/3] mpls enable

[UPE1-Ten-GigabitEthernet3/1/3] mpls ldp enable

[UPE1-Ten-GigabitEthernet3/1/3] quit

# Configure basic MPLS on the interface connected to NPE 2.

[UPE1] interface ten-gigabitethernet 3/1/4

[UPE1-Ten-GigabitEthernet3/1/4] mpls enable

[UPE1-Ten-GigabitEthernet3/1/4] mpls ldp enable

[UPE1-Ten-GigabitEthernet3/1/4] quit

# Enable MPLS L2VPN.

[UPE1] l2vpn enable

# Create VSI user_a and configure the VSI to use LDP as the PW signaling protocol.

[UPE1] vsi user_a

[UPE1-vsi-user_a] pwsignaling ldp

# Specify the switchover wait time as 120 seconds. When the primary PW recovers, the device waits for 120 seconds before it switches traffic from the backup PW to the primary PW.

[UPE1-vsi-user_a-ldp] revertive wtr 120

# Establish the primary PW (the PW to NPE 1) and the backup PW (the PW to NPE 2).

[UPE1-vsi-user_a-ldp] peer 1.1.1.1 pw-id 500

[UPE1-vsi-user_a-ldp-1.1.1.1-500] backup-peer 2.2.2.2 pw-id 500

[UPE1-vsi-user_a-ldp-1.1.1.1-500-backup] quit

[UPE1-vsi-user_a-ldp-1.1.1.1-500] quit

[UPE1-vsi-user_a-ldp] quit

[UPE1-vsi-user_a] quit

# Create VSI user_b and configure the VSI to use LDP as the PW signaling protocol.

[UPE1] vsi user_b

[UPE1-vsi-user_b] pwsignaling ldp

# Specify the switchover wait time as 120 seconds. When the primary PW recovers, the device waits for 120 seconds before it switches traffic from the backup PW to the primary PW.

[UPE1-vsi-user_b-ldp] revertive wtr 120

# Establish the primary PW (the PW to NPE 1) and the backup PW (the PW to NPE 2).

[UPE1-vsi-user_b-ldp] peer 1.1.1.1 pw-id 600

[UPE1-vsi-user_b-ldp-1.1.1.1-600] backup-peer 2.2.2.2 pw-id 600

[UPE1-vsi-user_b-ldp-1.1.1.1-600-backup] quit

[UPE1-vsi-user_b-ldp-1.1.1.1-600] quit

[UPE1-vsi-user_b-ldp] quit

[UPE1-vsi-user_b] quit

# Create subinterface Ten-GigabitEthernet3/1/1.100 on Ten-GigabitEthernet3/1/1 (the interface connected to Site A), configure the subinterface to terminate packets whose outermost VLAN ID is 100, and bind the subinterface to VSI user_a.

[UPE1] interface ten-gigabitethernet 3/1/1.100

[UPE1-Ten-GigabitEthernet3/1/1.100] vlan-type dot1q vid 100

[UPE1-Ten-GigabitEthernet3/1/1.100] xconnect vsi user_a

[UPE1-Ten-GigabitEthernet3/1/1.100] quit

# Create subinterface Ten-GigabitEthernet3/1/1.200, configure the subinterface to terminate packets whose outermost VLAN ID is 200, and bind the subinterface to VSI user_b.

[UPE1] interface ten-gigabitethernet 3/1/1.200

[UPE1-Ten-GigabitEthernet3/1/1.200] vlan-type dot1q vid 200

[UPE1-Ten-GigabitEthernet3/1/1.200] xconnect vsi user_b

[UPE1-Ten-GigabitEthernet3/1/1.200] quit

# Create subinterface Ten-GigabitEthernet3/1/2.100 on Ten-GigabitEthernet3/1/2 (the interface connected to Site B), configure the subinterface to terminate packets whose outermost VLAN ID is 100, and bind the subinterface to VSI user_a.

[UPE1] interface ten-gigabitethernet 3/1/2.100

[UPE1-Ten-GigabitEthernet3/1/2.100] vlan-type dot1q vid 100

[UPE1-Ten-GigabitEthernet3/1/2.100] xconnect vsi user_a

[UPE1-Ten-GigabitEthernet3/1/2.100] quit

# Create subinterface Ten-GigabitEthernet3/1/2.200, configure the subinterface to terminate packets whose outermost VLAN ID is 200, and bind the subinterface to VSI user_b.

[UPE1] interface ten-gigabitethernet 3/1/2.200

[UPE1-Ten-GigabitEthernet3/1/2.200] vlan-type dot1q vid 200

[UPE1-Ten-GigabitEthernet3/1/2.200] xconnect vsi user_b

[UPE1-Ten-GigabitEthernet3/1/2.200] quit

Configuring NPE 1

# Configure basic MPLS on the interface connected to UPE 1.

<NPE1> system-view

[NPE1] interface ten-gigabitethernet 3/1/3

[NPE1-Ten-GigabitEthernet 3/1/3] mpls enable

[NPE1-Ten-GigabitEthernet 3/1/3] mpls ldp enable

[NPE1-Ten-GigabitEthernet 3/1/3] quit

# Enable MPLS L2VPN.

[NPE1] l2vpn enable

# Create VSI user_a and configure the VSI to use LDP as the PW signaling protocol.

[NPE1] vsi user_a

[NPE1-vsi-user_a] pwsignaling ldp

# Establish a PW to UPE 1.

[NPE1-vsi-user_a-ldp] peer 11.1.1.1 pw-id 500 no-split-horizon

[NPE1-vsi-user_a-ldp-11.1.1.1-500] quit

# Establish a PW to NPE 2.

[NPE1-vsi-user_a-ldp] peer 2.2.2.2 pw-id 500

[NPE1-vsi-user_a-ldp-2.2.2.2-500] quit

# Establish a PW to NPE 3.

[NPE1-vsi-user_a-ldp] peer 3.3.3.3 pw-id 500

[NPE1-vsi-user_a-ldp-3.3.3.3-500] quit

# Establish a PW to NPE 4.

[NPE1-vsi-user_a-ldp] peer 4.4.4.4 pw-id 500

[NPE1-vsi-user_a-ldp-4.4.4.4-500] quit

[NPE1-vsi-user_a-ldp] quit

[NPE1-vsi-user_a] quit

# Create VSI user_b and configure the VSI to use LDP as the PW signaling protocol.

[NPE1] vsi user_b

[NPE1-vsi-user_b] pwsignaling ldp

# Establish a PW to UPE 1.

[NPE1-vsi-user_b-ldp] peer 11.1.1.1 pw-id 600 no-split-horizon

[NPE1-vsi-user_b-ldp-11.1.1.1-500] quit

# Establish a PW to NPE 2.

[NPE1-vsi-user_b-ldp] peer 2.2.2.2 pw-id 600

[NPE1-vsi-user_b-ldp-2.2.2.2-600] quit

# Establish a PW to NPE 3.

[NPE1-vsi-user_b-ldp] peer 3.3.3.3 pw-id 600

[NPE1-vsi-user_b-ldp-3.3.3.3-600] quit

# Establish a PW to NPE 4.

[NPE1-vsi-user_b-ldp] peer 4.4.4.4 pw-id 600

[NPE1-vsi-user_b-ldp-4.4.4.4-600] quit

[NPE1-vsi-user_b-ldp] quit

[NPE1-vsi-user_b] quit

Configuring NPE 2

# Configure NPE 2 in the same way that NPE 1 is configured. (Details not shown.)

Configuring UPE 2

# Configure basic MPLS.

<UPE2> system-view

[UPE2] mpls lsr-id 14.1.1.1

[UPE2] mpls ldp

[UPE2-ldp] quit

# Configure basic MPLS on the interface connected to NPE 3.

[UPE2] interface ten-gigabitethernet 3/1/3

[UPE2-Ten-GigabitEthernet3/1/3] mpls enable

[UPE2-Ten-GigabitEthernet3/1/3] mpls ldp enable

[UPE2-Ten-GigabitEthernet3/1/3] quit

# Configure basic MPLS on the interface connected to NPE 4.

[UPE2] interface ten-gigabitethernet 3/1/4

[UPE2-Ten-GigabitEthernet3/1/4] mpls enable

[UPE2-Ten-GigabitEthernet3/1/4] mpls ldp enable

[UPE2-Ten-GigabitEthernet3/1/4] quit

# Enable MPLS L2VPN.

[UPE2] l2vpn enable

# Create VSI user_a and configure the VSI to use LDP as the PW signaling protocol.

[UPE2] vsi user_a

[UPE2-vsi-user_a] pwsignaling ldp

# Specify the switchover wait time as 120 seconds. When the primary PW recovers, the device waits for 120 seconds before it switches traffic from the backup PW to the primary PW.

[UPE2-vsi-user_a-ldp] revertive wtr 120

# Establish the primary PW (the PW to NPE 3) and the backup PW (the PW to NPE 4).

[UPE2-vsi-user_a-ldp] peer 3.3.3.3 pw-id 500

[UPE2-vsi-user_a-ldp-3.3.3.3-500] backup-peer 4.4.4.4 pw-id 500

[UPE2-vsi-user_a-ldp-3.3.3.3-500-backup] quit

[UPE2-vsi-user_a-ldp-3.3.3.3-500] quit

[UPE2-vsi-user_a-ldp] quit

[UPE2-vsi-user_a] quit

# Create VSI user_b and configure the VSI to use LDP as the PW signaling protocol.

[UPE2] vsi user_b

[UPE2-vsi-user_b] pwsignaling ldp

# Specify the switchover wait time as 120 seconds. When the primary PW recovers, the device waits for 120 seconds before it switches traffic from the backup PW to the primary PW.

[UPE2-vsi-user_b-ldp] revertive wtr 120

# Establish the primary PW (the PW to NPE 3) and the backup PW (the PW to NPE 4).

[UPE2-vsi-user_b-ldp] peer 3.3.3.3 pw-id 600

[UPE2-vsi-user_b-ldp-3.3.3.3-600] backup-peer 4.4.4.4 pw-id 600

[UPE2-vsi-user_b-ldp-3.3.3.3-600-backup] quit

[UPE2-vsi-user_b-ldp-3.3.3.3-600] quit

[UPE2-vsi-user_b-ldp] quit

[UPE2-vsi-user_b] quit

# Create subinterface Ten-GigabitEthernet3/1/1.100 on Ten-GigabitEthernet3/1/1 (the interface connected to Site E), configure the subinterface to terminate packets whose outermost VLAN ID is 100, and bind the subinterface to VSI user_a.

[UPE2] interface ten-gigabitethernet 3/1/1.100

[UPE2-Ten-GigabitEthernet3/1/1.100] vlan-type dot1q vid 100

[UPE2-Ten-GigabitEthernet3/1/1.100] xconnect vsi user_a

[UPE2-Ten-GigabitEthernet3/1/1.100] quit

# Create subinterface Ten-GigabitEthernet3/1/1.200, configure the subinterface to terminate packets whose outermost VLAN ID is 200, and bind the subinterface to VSI user_b.

[UPE2] interface ten-gigabitethernet 3/1/1.200

[UPE2-Ten-GigabitEthernet3/1/1.200] vlan-type dot1q vid 200

[UPE2-Ten-GigabitEthernet3/1/1.200] xconnect vsi user_b

[UPE2-Ten-GigabitEthernet3/1/1.200] quit

Configuring NPE 3

# Configure basic MPLS on the interface connected to UPE 2.

[NPE3] interface ten-gigabitethernet 3/1/3

[NPE3-Ten-GigabitEthernet3/1/3] mpls enable

[NPE3-Ten-GigabitEthernet3/1/3] mpls ldp enable

[NPE3-Ten-GigabitEthernet3/1/3] quit

# Enable MPLS L2VPN.

[NPE3] l2vpn enable

# Create VSI user_a and configure the VSI to use LDP as the PW signaling protocol.

[NPE3] vsi user_a

[NPE3-vsi-user_a] pwsignaling ldp

# Establish a PW to UPE 2.

[NPE3-vsi-user_a-ldp] peer 14.1.1.1 pw-id 500 no-split-horizon

[NPE3-vsi-user_a-ldp-14.1.1.1-500] quit

# Establish a PW to NPE 1.

[NPE3-vsi-user_a-ldp] peer 1.1.1.1 pw-id 500

[NPE3-vsi-user_a-ldp-1.1.1.1-500] quit

# Establish a PW to NPE 2.

[NPE3-vsi-user_a-ldp] peer 2.2.2.2 pw-id 500

[NPE3-vsi-user_a-ldp-2.2.2.2-500] quit

# Establish a PW to NPE 4.

[NPE3-vsi-user_a-ldp] peer 4.4.4.4 pw-id 500

[NPE3-vsi-user_a-ldp-4.4.4.4-500] quit

[NPE3-vsi-user_a-ldp] quit

[NPE3-vsi-user_a] quit

# Create VSI user_b and configure the VSI to use LDP as the PW signaling protocol.

[NPE3] vsi user_b

[NPE3-vsi-user_b] pwsignaling ldp

# Establish a PW to UPE 2.

[NPE3-vsi-user_b-ldp] peer 14.1.1.1 pw-id 600 no-split-horizon

[NPE3-vsi-user_b-ldp-14.1.1.1-600] quit

# Establish a PW to NPE 1.

[NPE3-vsi-user_b-ldp] peer 1.1.1.1 pw-id 600

[NPE3-vsi-user_b-ldp-1.1.1.1-600] quit

# Establish a PW to NPE 2.

[NPE3-vsi-user_b-ldp] peer 2.2.2.2 pw-id 600

[NPE3-vsi-user_b-ldp-2.2.2.2-600] quit

# Establish a PW to NPE 4.

[NPE3-vsi-user_b-ldp] peer 4.4.4.4 pw-id 600

[NPE3-vsi-user_b-ldp-4.4.4.4-600] quit

[NPE3-vsi-user_b-ldp] quit

[NPE3-vsi-user_b] quit

Configuring NPE 4

# Configure NPE 4 in the same way that NPE 3 is configured. (Details not shown.)

Verifying the configuration

# Verify that LDP PWs in up state have been established on each UPE. This example uses UPE 1.

[UPE1] display l2vpn pw

Flags: M - main, B - backup, E - ecmp, BY - bypass, H - hub link, S - spoke link

       N - no split horizon, A – administration, ABY – ac-bypass

       PBY – pw-bypass

Total number of PWs: 4

2 up, 2 blocked, 0 down, 0 defect, 0 idle, 0 duplicate

VSI Name: user_a

Peer            PWID/RmtSite/SrvID In/Out Label   Proto  Flag Link ID  State

1.1.1.1         500                131199/131199  LDP    M    256      Up

2.2.2.2         500                131198/131199  LDP    B    257      Blocked

VSI Name: user_b

Peer            PWID/RmtSite/SrvID In/Out Label   Proto  Flag Link ID  State

1.1.1.1         500                131195/131195  LDP    M    256      Up

2.2.2.2         500                131194/131195  LDP    B    257      Blocked

# Verify that LDP PWs in up state have been established on each NPE. This example uses NPE 1.

[NPE1] display l2vpn pw

Flags: M - main, B - backup, E - ecmp, BY - bypass, H - hub link, S - spoke link

       N - no split horizon, A – administration, ABY – ac-bypass

       PBY – pw-bypass

Total number of PWs: 8

8 up, 0 blocked, 0 down, 0 defect, 0 idle, 0 duplicate

VSI Name: user_a

Peer            PWID/RmtSite/SrvID In/Out Label   Proto  Flag Link ID  State

2.2.2.2         500                131199/131199  LDP    M    256      Up

3.3.3.3         500                131198/131198  LDP    M    257      Up

4.4.4.4         500                131197/131197  LDP    M    258      Up

11.1.1.1        500                131196/131196  LDP    MN   259      Up

VSI Name: user_b

Peer            PWID/RmtSite/SrvID In/Out Label   Proto  Flag Link ID  State

2.2.2.2         600                131195/131195  LDP    M    256      Up

3.3.3.3         600                131194/131194  LDP    M    257      Up

4.4.4.4         600                131193/131193  LDP    M    258      Up

11.1.1.1        600                131192/131192  LDP    MN   259      Up

# Verify that hosts in the same VLAN but different sites can ping each other. (Details not shown.)

Configuration files

The following lists only the H-VPLS-related configuration files. CE configuration and PE routing configuration are not shown.

·     UPE 1:

#

 mpls lsr-id 11.1.1.1

#

mpls ldp

#

 l2vpn enable

#

vsi user_a

 pwsignaling ldp

  revertive wtr 120

  peer 1.1.1.1 pw-id 500

   backup-peer 2.2.2.2 pw-id 500

#

vsi user_b

 pwsignaling ldp

  revertive wtr 120

  peer 1.1.1.1 pw-id 600

   backup-peer 2.2.2.2 pw-id 600

#

interface LoopBack0

 ip address 11.1.1.1 255.255.255.255

#

interface Ten-GigabitEthernet3/1/1

 port link-mode route

#

interface Ten-GigabitEthernet3/1/1.100

 vlan-type dot1q vid 100

 xconnect vsi user_a

#

interface Ten-GigabitEthernet3/1/1.200

 vlan-type dot1q vid 200

 xconnect vsi user_b

#

interface Ten-GigabitEthernet3/1/2

 port link-mode route

#

interface Ten-GigabitEthernet3/1/2.100

 vlan-type dot1q vid 100

 xconnect vsi user_a

#

interface Ten-GigabitEthernet3/1/2.200

 vlan-type dot1q vid 200

 xconnect vsi user_b

#

interface Ten-GigabitEthernet3/1/3

 ip address 11.1.2.1 255.255.255.0

 mpls enable

 mpls ldp enable

#

interface Ten-GigabitEthernet3/1/4

 ip address 11.1.3.1 255.255.255.0

 mpls enable

 mpls ldp enable

#

·     NPE 1:

#

 mpls lsr-id 1.1.1.1

#

mpls ldp

#

 l2vpn enable

#

vsi user_a

 pwsignaling ldp

  peer 2.2.2.2 pw-id 500

  peer 3.3.3.3 pw-id 500

  peer 4.4.4.4 pw-id 500

  peer 11.1.1.1 pw-id 500 no-split-horizon

#

vsi user_b

 pwsignaling ldp

  peer 2.2.2.2 pw-id 600

  peer 3.3.3.3 pw-id 600

  peer 4.4.4.4 pw-id 600

  peer 11.1.1.1 pw-id 600 no-split-horizon

#

interface LoopBack0

 ip address 1.1.1.1 255.255.255.255

#

interface Ten-GigabitEthernet3/1/3

 ip address 11.1.2.2 255.255.255.0

 mpls enable

 mpls ldp enable

#

·     NPE 2:

#

 mpls lsr-id 2.2.2.2

#

mpls ldp

#

 l2vpn enable

#

vsi user_a

 pwsignaling ldp

  peer 1.1.1.1 pw-id 500

  peer 3.3.3.3 pw-id 500

  peer 4.4.4.4 pw-id 500

  peer 11.1.1.1 pw-id 500 no-split-horizon

#

vsi user_b

 pwsignaling ldp

  peer 1.1.1.1 pw-id 600

  peer 3.3.3.3 pw-id 600

  peer 4.4.4.4 pw-id 600

  peer 11.1.1.1 pw-id 600 no-split-horizon

#

interface LoopBack0

 ip address 2.2.2.2 255.255.255.255

#

interface Ten-GigabitEthernet3/1/4

 ip address 11.1.3.2 255.255.255.0

 mpls enable

 mpls ldp enable

#

·     UPE 2:

#

 mpls lsr-id 14.1.1.1

#

mpls ldp

#

 l2vpn enable

#

vsi user_a

 pwsignaling ldp

  revertive wtr 120

  peer 3.3.3.3 pw-id 500

   backup-peer 4.4.4.4 pw-id 500

#

vsi user_b

 pwsignaling ldp

  revertive wtr 120

  peer 3.3.3.3 pw-id 600

   backup-peer 4.4.4.4 pw-id 600

#

interface LoopBack0

 ip address 14.1.1.1 255.255.255.255

#

interface Ten-GigabitEthernet3/1/3

 ip address 20.1.2.1 255.255.255.0

 mpls enable

 mpls ldp enable

#

interface Ten-GigabitEthernet3/1/4

 ip address 20.1.1.1 255.255.255.0

 mpls enable

 mpls ldp enable

#

interface Ten-GigabitEthernet3/1/1

 port link-mode route

#

interface Ten-GigabitEthernet3/1/1.100

 vlan-type dot1q vid 100

 xconnect vsi user_a

#

interface Ten-GigabitEthernet3/1/1.200

 vlan-type dot1q vid 200

 xconnect vsi user_b

#

·     NPE 3:

#

 mpls lsr-id 3.3.3.3

#

mpls ldp

#

 l2vpn enable

#

vsi user_a

 pwsignaling ldp

  peer 1.1.1.1 pw-id 500

  peer 2.2.2.2 pw-id 500

  peer 4.4.4.4 pw-id 500

  peer 14.1.1.1 pw-id 500 no-split-horizon

#

vsi user_a

 pwsignaling ldp

  peer 1.1.1.1 pw-id 600

  peer 2.2.2.2 pw-id 600

  peer 4.4.4.4 pw-id 600

  peer 14.1.1.1 pw-id 600 no-split-horizon

#

interface LoopBack0

 ip address 3.3.3.3 255.255.255.255

#

interface Ten-GigabitEthernet3/1/3

 ip address 20.1.2.2 255.255.255.0

 mpls enable

 mpls ldp enable

#

·     NPE 4:

#

 mpls lsr-id 4.4.4.4

#

mpls ldp

#

 l2vpn enable

#

vsi user_a

 pwsignaling ldp

  peer 1.1.1.1 pw-id 600

  peer 2.2.2.2 pw-id 600

  peer 3.3.3.3 pw-id 600

  peer 14.1.1.1 pw-id 600 no-split-horizon

#

interface LoopBack0

 ip address 4.4.4.4 255.255.255.255

#

interface Ten-GigabitEthernet3/1/4

 ip address 20.1.1.2 255.255.255.0

 mpls enable

 mpls ldp enable

#

Example: Configuring H-VPLS with QinQ access

Network configuration

As shown in Figure 5, a customer's branches are connected to the MPLS backbone through UPEs that do not support MPLS L2VPN.

Configure H-VPLS to allow communication among the branches at Layer 2.

·     Connect the UPEs to the NPEs through QinQ tunnels.

·     Configure UPE dual homing to achieve redundancy.

Figure 5 Network diagram

 

Analysis

To meet the network requirements, you must perform the following tasks:

·     For NPEs to identify user traffic, enable QinQ and add an outer tag (the provider VLAN tag) to upstream packets on the downlink port of each UPE.

·     To forward packets from a UPE through the bound PW, configure Layer 3 subinterfaces to match the outer provider tag of packets on the downlink port of each NPE.

·     To negotiate inner labels, configure any two NPEs as LDP peers.

·     To retain the VLAN information for each site, you can configure both the AC access mode and the PW type as VLAN. By default, the AC access mode and the PW type are VLAN.

Procedures

Configuring basic settings

# Configure an IGP on the MPLS backbone to ensure that the interfaces of NPEs are reachable to each other. (Details not shown.)

# Configure basic MPLS and MPLS LDP on the MPLS backbone to establish LDP LSPs. (Details not shown.)

# Configure the ports of CEs connecting the UPEs as trunk ports that permit tagged packets from VLAN 100 and VLAN 200. (Details not shown.)

Configuring UPE 1

# Configure Ten-GigabitEthernet 3/1/1 to operate in bridge mode, enable QinQ on Ten-GigabitEthernet 3/1/1, and add an outer provider VLAN tag of 1000 to packets.

<UPE1> system-view

[UPE1] vlan 1000

[UPE1-vlan1000] quit

[UPE1] interface ten-gigabitethernet 3/1/1

[UPE1-Ten-GigabitEthernet3/1/1] port link-mode bridge

[UPE1-Ten-GigabitEthernet3/1/1] port access vlan 1000

[UPE1-Ten-GigabitEthernet3/1/1] qinq enable

[UPE1-Ten-GigabitEthernet3/1/1] quit

# Configure Ten-GigabitEthernet 3/1/2 to operate in bridge mode, enable QinQ on Ten-GigabitEthernet 3/1/2, and add an outer provider VLAN tag of 1000 to packets.

[UPE1] interface ten-gigabitethernet 3/1/2

[UPE1-Ten-GigabitEthernet3/1/2] port link-mode bridge

[UPE1-Ten-GigabitEthernet3/1/2] port access vlan 1000

[UPE1-Ten-GigabitEthernet3/1/2] qinq enable

[UPE1-Ten-GigabitEthernet3/1/2] quit

# Configure Ten-GigabitEthernet 3/1/3 to operate in bridge mode and configure the interface as a trunk port that allows forwarding packets tagged with VLAN 1000 to NPE 1.

[UPE1] interface ten-gigabitethernet 3/1/3

[UPE1-Ten-GigabitEthernet3/1/3] port link-mode bridge

[UPE1-Ten-GigabitEthernet3/1/3] port link-type trunk

[UPE1-Ten-GigabitEthernet3/1/3] port trunk permit vlan 1000

[UPE1-Ten-GigabitEthernet3/1/3] quit

# Configure Ten-GigabitEthernet 3/1/4 to operate in bridge mode and configure the interface as a trunk port that allows forwarding packets tagged with VLAN 1000 to NPE 2.

[UPE1] interface ten-gigabitethernet 3/1/4

[UPE1-Ten-GigabitEthernet3/1/4] port link-mode bridge

[UPE1-Ten-GigabitEthernet3/1/4] port link-type trunk

[UPE1-Ten-GigabitEthernet3/1/4] port trunk permit vlan 1000

[UPE1-Ten-GigabitEthernet3/1/4] quit

Configuring NPE 1

# Enable MPLS L2VPN.

[NPE1] l2vpn enable

# Create VSI user_a and configure the VSI to use LDP as the PW signaling protocol.

[NPE1] vsi user_a

[NPE1-vsi-user_a] pwsignaling ldp

# Establish a PW to NPE 2.

[NPE1-vsi-user_a-ldp] peer 2.2.2.2 pw-id 500

[NPE1-vsi-user_a-ldp-2.2.2.2-500] quit

# Establish a PW to NPE 3.

[NPE1-vsi-user_a-ldp] peer 3.3.3.3 pw-id 500

[NPE1-vsi-user_a-ldp-3.3.3.3-500] quit

# Establish a PW to NPE 4.

[NPE1-vsi-user_a-ldp] peer 4.4.4.4 pw-id 500

[NPE1-vsi-user_a-ldp-4.4.4.4-500] quit

[NPE1-vsi-user_a-ldp] quit

[NPE1-vsi-user_a] quit

# Create subinterface Ten-GigabitEthernet3/1/1.1000, and configure the subinterface to terminate packets whose outermost VLAN ID is 1000. Bind the subinterface with VSI user_a.

[NPE1] interface ten-gigabitethernet 3/1/1.1000

[NPE1-Ten-GigabitEthernet3/1/1.1000] vlan-type dot1q vid 1000

[NPE1-Ten-GigabitEthernet3/1/1.1000] xconnect vsi user_a

[NPE1-Ten-GigabitEthernet3/1/1.1000] quit

Configuring NPE 2

# Configure NPE 2 in the same way that NPE 1 is configured. (Details not shown.)

Configuring UPE 2

# Enable QinQ on Ten-GigabitEthernet3/1/1 and add an outer provider VLAN tag of 1000 to packets. The VLAN tag must be the same as that configured on UPE 1.

<UPE2> system-view

[UPE2] vlan 1000

[UPE2-vlan1000] quit

[UPE2] interface ten-gigabitethernet 3/1/1

[UPE2-Ten-GigabitEthernet3/1/1] port link-mode bridge

[UPE2-Ten-GigabitEthernet3/1/1] port access vlan 1000

[UPE2-Ten-GigabitEthernet3/1/1] qinq enable

[UPE2-Ten-GigabitEthernet3/1/1] quit

# Configure Ten-GigabitEthernet3/1/3 to operate in bridge mode and configure the interface as a trunk port that allows forwarding packets tagged with VLAN 1000 to NPE 3.

[UPE2] interface ten-gigabitethernet 3/1/3

[UPE2-Ten-GigabitEthernet3/1/1] port link-mode bridge

[UPE2-Ten-GigabitEthernet3/1/3] port link-type trunk

[UPE2-Ten-GigabitEthernet3/1/3] port trunk permit vlan 1000

[UPE2-Ten-GigabitEthernet3/1/3] quit

# Configure Ten-GigabitEthernet3/1/4 to operate in bridge mode and configure the interface as a trunk port that allows forwarding packets tagged with VLAN 1000 to NPE 4.

[UPE2] interface ten-gigabitethernet 3/1/4

[UPE2-Ten-GigabitEthernet3/1/1] port link-mode bridge

[UPE2-Ten-GigabitEthernet3/1/4] port link-type trunk

[UPE2-Ten-GigabitEthernet3/1/4] port trunk permit vlan 1000

[UPE2-Ten-GigabitEthernet3/1/4] quit

Configuring NPE 3

# Enable MPLS L2VPN.

[NPE3] l2vpn enable

# Create VSI user_a and configure the VSI to use LDP as the PW signaling protocol.

[NPE3] vsi user_a

[NPE3-vsi-user_a] pwsignaling ldp

# Establish a PW to NPE 1.

[NPE3-vsi-user_a-ldp] peer 1.1.1.1 pw-id 500

[NPE3-vsi-user_a-ldp-1.1.1.1-500] quit

# Establish a PW to NPE 2.

[NPE3-vsi-user_a-ldp] peer 2.2.2.2 pw-id 500

[NPE3-vsi-user_a-ldp-2.2.2.2-500] quit

# Establish a PW to NPE 4.

[NPE3-vsi-user_a-ldp] peer 4.4.4.4 pw-id 500

[NPE3-vsi-user_a-ldp-4.4.4.4-500] quit

[NPE3-vsi-user_a-ldp] quit

[NPE3-vsi-user_a] quit

# Create subinterface Ten-GigabitEthernet3/1/1.1000, and configure the subinterface to terminate packets whose outermost VLAN ID is 1000. Bind the subinterface with VSI user_a.

[NPE3] interface ten-gigabitethernet 3/1/1.1000

[NPE3-Ten-GigabitEthernet3/1/1.1000] vlan-type dot1q vid 1000

[NPE3-Ten-GigabitEthernet3/1/1.1000] xconnect vsi user_a

[NPE3-Ten-GigabitEthernet3/1/1.1000] quit

Configuring NPE 4

# Configure NPE 4 in the same way that NPE 3 is configured. (Details not shown.)

Verifying the configuration

# Verify that LDP PWs in up state have been established on each NPE. This example uses NPE 1.

[NPE1] display l2vpn pw

Flags: M - main, B - backup, E - ecmp, BY - bypass, H - hub link, S - spoke link

       N - no split horizon, A – administration, ABY – ac-bypass

       PBY – pw-bypass

Total number of PWs: 3

3 up, 0 blocked, 0 down, 0 defect, 0 idle, 0 duplicate

VSI Name: user_a

Peer            PWID/RmtSite/SrvID In/Out Label   Proto  Flag Link ID  State

2.2.2.2         500                131199/131199  LDP    M    256      Up

3.3.3.3         500                131198/131198  LDP    M    257      Up

4.4.4.4         500                131197/131197  LDP    M    258      Up

# Verify that hosts in the same VLAN but different sites can ping each other. (Details not shown.)

Configuration files

The following lists only the H-VPLS-related configuration files. CE configuration and PE routing configuration are not shown.

·     UPE 1:

#

vlan 1000

#

interface Ten-GigabitEthernet3/1/1

 port link-mode bridge

 port access vlan 1000

 qinq enable

#

interface Ten-GigabitEthernet3/1/2

 port link-mode bridge

 port access vlan 1000

 qinq enable

#

interface Ten-GigabitEthernet3/1/3

 port link-mode bridge

 port link-type trunk

 port trunk permit vlan 1 1000

#

interface Ten-GigabitEthernet3/1/4

 port link-mode bridge

 port link-type trunk

 port trunk permit vlan 1 1000

#

·     NPE 1:

#

 mpls lsr-id 1.1.1.1

#

mpls ldp

#

 l2vpn enable

#

vsi user_a

 pwsignaling ldp

  peer 2.2.2.2 pw-id 500

  peer 3.3.3.3 pw-id 500

  peer 4.4.4.4 pw-id 500

#

interface Ten-GigabitEthernet3/1/1

 port link-mode route

#

interface Ten-GigabitEthernet3/1/1.1000

 vlan-type dot1q vid 1000

 xconnect vsi user_a

#

·     NPE 2:

#

 mpls lsr-id 2.2.2.2

#

mpls ldp

#

 l2vpn enable

#

vsi user_a

 pwsignaling ldp

  peer 1.1.1.1 pw-id 500

  peer 3.3.3.3 pw-id 500

  peer 4.4.4.4 pw-id 500

#

interface Ten-GigabitEthernet3/1/1

 port link-mode route

#

interface Ten-GigabitEthernet3/1/1.1000

 vlan-type dot1q vid 1000

 xconnect vsi user_a

#

·     UPE 2:

#

vlan 1000

#

interface Ten-GigabitEthernet3/1/1

 port link-mode bridge

 port access vlan 1000

 qinq enable

#

interface Ten-GigabitEthernet3/1/3

 port link-mode bridge

 port link-type trunk

 port trunk permit vlan 1 1000

#

interface Ten-GigabitEthernet3/1/4

 port link-mode bridge

 port link-type trunk

 port trunk permit vlan 1 1000

#

·     NPE 3:

#

 mpls lsr-id 3.3.3.3

#

mpls ldp

#

 l2vpn enable

#

vsi user_a

 pwsignaling ldp

  peer 1.1.1.1 pw-id 500

  peer 2.2.2.2 pw-id 500

  peer 4.4.4.4 pw-id 500

#

interface Ten-GigabitEthernet3/1/1

 port link-mode route

#

interface Ten-GigabitEthernet3/1/1.1000

 vlan-type dot1q vid 1000

 xconnect vsi user_a

#

·     NPE 4:

#

 mpls lsr-id 4.4.4.4

#

mpls ldp

#

 l2vpn enable

#

vsi user_a

 pwsignaling ldp

  peer 1.1.1.1 pw-id 500

  peer 2.2.2.2 pw-id 500

  peer 3.3.3.3 pw-id 500

#

interface Ten-GigabitEthernet3/1/1

 port link-mode route

#

interface Ten-GigabitEthernet3/1/1.1000

 vlan-type dot1q vid 1000

 xconnect vsi user_a

#

Related documentation

·     H3C CR16000-F Routers MPLS Configuration Guide-R8385P09

·     H3C CR16000-F Routers MPLS Command Reference-R8385P09